diff --git a/src/main/java/org/nrg/xapi/rest/users/UsersApi.java b/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
index 499f9298ed34d58d7093c9cb6df593cf7915b446..abcc0abddfda64b782196478e97e0723d1a12081 100644
--- a/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
+++ b/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
@@ -145,7 +145,7 @@ public class UsersApi extends AbstractXapiRestController {
@RequestMapping(value = "active/{username}", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
@ResponseBody
public ResponseEntity<List<String>> getUserActiveSessions(@ApiParam(value = "ID of the user to fetch", required = true) @PathVariable("username") final String username) {
- final HttpStatus status = isPermitted();
+ final HttpStatus status = isPermitted(username);
if (status != null) {
return new ResponseEntity<>(status);
}
@@ -162,6 +162,7 @@ public class UsersApi extends AbstractXapiRestController {
}
return new ResponseEntity<>(sessionIds, HttpStatus.OK);
}
+
return new ResponseEntity<>(HttpStatus.NOT_FOUND);
}
@@ -173,9 +174,11 @@ public class UsersApi extends AbstractXapiRestController {
@ApiResponse(code = 500, message = "An unexpected error occurred.")})
@RequestMapping(value = "{username}", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.GET)
public ResponseEntity<User> getUser(@ApiParam(value = "Username of the user to fetch.", required = true) @PathVariable("username") final String username) {
- HttpStatus status = isPermitted(username);
- if (status != null) {
- return new ResponseEntity<>(status);
+ if (_preferences.getRestrictUserListAccessToAdmins()) {
+ final HttpStatus status = isPermitted(username);
+ if (status != null) {
+ return new ResponseEntity<>(status);
+ }
}
final UserI user;
try {
@@ -309,7 +312,7 @@ public class UsersApi extends AbstractXapiRestController {
@ApiResponse(code = 403, message = "Not authorized to create or update this user."),
@ApiResponse(code = 404, message = "User not found."),
@ApiResponse(code = 500, message = "An unexpected error occurred.")})
- @RequestMapping(value = {"{username}", "active/{username}"}, produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE)
+ @RequestMapping(value = "active/{username}", produces = MediaType.APPLICATION_JSON_VALUE, method = RequestMethod.DELETE)
public ResponseEntity<List<String>> invalidateUser(final HttpSession current, @ApiParam(value = "The username of the user to invalidate.", required = true) @PathVariable("username") final String username) throws NotFoundException {
HttpStatus status = isPermitted(username);
if (status != null) {
diff --git a/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java b/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
index eac158f40de1c6f094f52ccc887bc18cf19f32d4..c2b54b8a7ee2a03290e563681c009993d94cb2b6 100644
--- a/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
+++ b/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
@@ -10,7 +10,6 @@
*/
package org.nrg.xnat.restlet.resources;
-import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.collect.Maps;
import com.noelios.restlet.http.HttpConstants;
import org.apache.commons.beanutils.BeanUtils;
@@ -1564,11 +1563,13 @@ public abstract class SecureResource extends Resource {
throw new RuntimeException(exception);
}
+ final List<FilteredResourceHandlerI> handlerClasses = new ArrayList<>();
for (Class<?> clazz : classes) {
if (FilteredResourceHandlerI.class.isAssignableFrom(clazz)) {
- handlers.get(_package).add((FilteredResourceHandlerI) clazz.newInstance());
+ handlerClasses.add((FilteredResourceHandlerI) clazz.newInstance());
}
}
+ handlers.get(_package).addAll(handlerClasses);
}
}