#65: Vocabulary modification for admin only

docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java

@@ -74,7 +74,6 @@ public class UserResource extends BaseResource {
         @FormParam("password") String password,
         @FormParam("email") String email,
         @FormParam("storage_quota") String storageQuotaStr) {
-
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -132,7 +131,6 @@ public class UserResource extends BaseResource {
     public Response update(
         @FormParam("password") String password,
         @FormParam("email") String email) {
-        
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -176,7 +174,6 @@ public class UserResource extends BaseResource {
         @FormParam("password") String password,
         @FormParam("email") String email,
         @FormParam("storage_quota") String storageQuotaStr) {
-        
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
@@ -225,7 +222,6 @@ public class UserResource extends BaseResource {
     @Path("check_username")
     public Response checkUsername(
         @QueryParam("username") String username) {
-        
         UserDao userDao = new UserDao();
         User user = userDao.getActiveByUsername(username);
         
@@ -255,7 +251,6 @@ public class UserResource extends BaseResource {
         @FormParam("username") String username,
         @FormParam("password") String password,
         @FormParam("remember") boolean longLasted) {
-        
         // Validate the input data
         username = StringUtils.strip(username);
         password = StringUtils.strip(password);

docs-web/src/main/java/com/sismics/docs/rest/resource/VocabularyResource.java

@@ -17,6 +17,7 @@ import javax.ws.rs.core.Response.Status;
 
 import com.sismics.docs.core.dao.jpa.VocabularyDao;
 import com.sismics.docs.core.model.jpa.Vocabulary;
+import com.sismics.docs.rest.constant.BaseFunction;
 import com.sismics.rest.exception.ForbiddenClientException;
 import com.sismics.rest.util.ValidationUtil;
 
@@ -66,6 +67,7 @@ public class VocabularyResource extends BaseResource {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
+        checkBaseFunction(BaseFunction.ADMIN);
         
         // Validate input data
         name = ValidationUtil.validateLength(name, "name", 1, 50, false);
@@ -107,6 +109,7 @@ public class VocabularyResource extends BaseResource {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
+        checkBaseFunction(BaseFunction.ADMIN);
         
         // Validate input data
         name = ValidationUtil.validateLength(name, "name", 1, 50, true);
@@ -157,6 +160,7 @@ public class VocabularyResource extends BaseResource {
         if (!authenticate()) {
             throw new ForbiddenClientException();
         }
+        checkBaseFunction(BaseFunction.ADMIN);
         
         // Get the vocabulary
         VocabularyDao vocabularyDao = new VocabularyDao();

docs-web/src/test/java/com/sismics/docs/rest/TestVocabularyResource.java

@@ -28,6 +28,9 @@ public class TestVocabularyResource extends BaseJerseyTest {
         clientUtil.createUser("vocabulary1");
         String vocabulary1Token = clientUtil.login("vocabulary1");
         
+        // Login admin
+        String adminAuthenticationToken = clientUtil.login("admin", "admin", false);
+        
         // Get coverage vocabularies entries
         JsonObject json = target().path("/vocabulary/coverage").request()
                 .cookie(TokenBasedSecurityFilter.COOKIE_NAME, vocabulary1Token)
@@ -42,9 +45,9 @@ public class TestVocabularyResource extends BaseJerseyTest {
         Assert.assertEquals("Zimbabwe", entry.getString("value"));
         Assert.assertEquals(248, entry.getJsonNumber("order").intValue());
         
-        // Create a vocabulary entry with vocabulary1
+        // Create a vocabulary entry with admin
         json = target().path("/vocabulary").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, vocabulary1Token)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
                 .put(Entity.form(new Form()
                         .param("name", "test-voc-1")
                         .param("value", "First value")
@@ -55,9 +58,9 @@ public class TestVocabularyResource extends BaseJerseyTest {
         Assert.assertEquals("First value", json.getString("value"));
         Assert.assertEquals(0, json.getJsonNumber("order").intValue());
         
-        // Create a vocabulary entry with vocabulary1
+        // Create a vocabulary entry with admin
         Response response = target().path("/vocabulary").request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, vocabulary1Token)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
                 .put(Entity.form(new Form()
                         .param("name", "NOT_VALID")
                         .param("value", "First value")
@@ -74,9 +77,9 @@ public class TestVocabularyResource extends BaseJerseyTest {
         Assert.assertEquals("First value", entry.getString("value"));
         Assert.assertEquals(0, entry.getJsonNumber("order").intValue());
         
-        // Update a vocabulary entry with vocabulary1
+        // Update a vocabulary entry with admin
         json = target().path("/vocabulary/" + vocabulary1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, vocabulary1Token)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
                 .post(Entity.form(new Form()
                         .param("name", "test-voc-1-updated")
                         .param("value", "First value updated")
@@ -96,9 +99,9 @@ public class TestVocabularyResource extends BaseJerseyTest {
         Assert.assertEquals("First value updated", entry.getString("value"));
         Assert.assertEquals(1, entry.getJsonNumber("order").intValue());
         
-        // Delete a vocabulary entry with vocabulary1
+        // Delete a vocabulary entry with admin
         json = target().path("/vocabulary/" + vocabulary1Id).request()
-                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, vocabulary1Token)
+                .cookie(TokenBasedSecurityFilter.COOKIE_NAME, adminAuthenticationToken)
                 .delete(JsonObject.class);
         
         // Get test-voc-1-updated vocabularies entries