#67 Add avatar and preferences in user entity

TheHive-Project · Dec 30, 2016 · 1d1a9e1 · 1d1a9e1
1 parent d553c24
commit 1d1a9e1
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 5 deletions.
diff --git a/thehive-backend/app/controllers/User.scala b/thehive-backend/app/controllers/User.scala
@@ -17,6 +17,9 @@ import org.elastic4play.services.AuthSrv
 import org.elastic4play.services.JsonFormat.{ authContextWrites, queryReads }
 
 import services.UserSrv
+import play.api.libs.json.Json
+import scala.util.Try
+import play.api.libs.json.JsObject
 
 @Singleton
 class UserCtrl @Inject() (
@@ -27,7 +30,7 @@ class UserCtrl @Inject() (
     fieldsBodyParser: FieldsBodyParser,
     implicit val ec: ExecutionContext) extends Controller with Status {
 
-  lazy val log = Logger(getClass)
+  lazy val logger = Logger(getClass)
 
   @Timed
   def create = authenticated(Role.admin).async(fieldsBodyParser) { implicit request ⇒
@@ -48,7 +51,7 @@ class UserCtrl @Inject() (
   def update(id: String) = authenticated(Role.read).async(fieldsBodyParser) { implicit request ⇒
     if (id == request.authContext.userId || request.authContext.roles.contains(Role.admin)) {
       if (request.body.contains("password"))
-        log.warn("Change password attribute using update operation is deprecated. Please use dedicated API (setPassword and changePassword)")
+        logger.warn("Change password attribute using update operation is deprecated. Please use dedicated API (setPassword and changePassword)")
       userSrv.update(id, request.body.unset("password")).map { user ⇒
         renderer.toOutput(OK, user)
       }
@@ -89,9 +92,18 @@ class UserCtrl @Inject() (
 
   @Timed
   def currentUser = Action.async { implicit request ⇒
-    authenticated
-      .getContext(request)
-      .map { authContext ⇒ renderer.toOutput(OK, authContext) }
+    for {
+      authContext ← authenticated.getContext(request)
+      user ← userSrv.get(authContext.userId)
+      preferences = Try(Json.parse(user.preferences()))
+        .recover {
+          case error ⇒
+            logger.warn(s"User ${authContext.userId} has invalid preference format: ${user.preferences()}")
+            JsObject(Nil)
+        }
+        .get
+      json = user.toJson + ("preferences" → preferences)
+    } yield renderer.toOutput(OK, json)
   }
 
   @Timed

diff --git a/thehive-backend/app/models/Migration.scala b/thehive-backend/app/models/Migration.scala
@@ -60,6 +60,8 @@ class Migration @Inject() (
 
         addAttribute("case_task", "order" → JsNumber(0)), // add task order
 
+        addAttribute("user", "preferences" → JsString("{}")), // add user preferences, default empty (Json object)
+
         mapAttribute(Seq("case", "case_task", "case_task_log", "case_artifact", "audit", "case_artifact_job"), "startDate")(convertDate),
         mapAttribute(Seq("case", "case_task", "case_artifact_job"), "endDate")(convertDate),
         mapAttribute("misp", "date")(convertDate),

diff --git a/thehive-backend/app/models/User.scala b/thehive-backend/app/models/User.scala
@@ -29,6 +29,8 @@ trait UserAttributes { _: AttributeDef ⇒
   val roles = multiAttribute("roles", F.enumFmt(Role), "Comma separated role list (READ, WRITE and ADMIN)")
   val status = attribute("status", F.enumFmt(UserStatus), "Status of the user", UserStatus.Ok)
   val password = optionalAttribute("password", F.stringFmt, "Password", O.sensitive, O.unaudited)
+  val avatar = optionalAttribute("avatar", F.stringFmt, "Base64 representation of user avatar image", O.unaudited)
+  val preferences = attribute("preferences", F.stringFmt, "User preferences", "{}", O.sensitive, O.unaudited)
 }
 
 class UserModel extends ModelDef[UserModel, User]("user") with UserAttributes with AuditedModel {