do not purge user object to block username

core/src/main/java/de/bstly/we/businesslogic/UserManager.java

@@ -97,7 +97,9 @@ public class UserManager implements UserDataProvider {
 	 * @return the password hash
 	 */
 	public String getPasswordHash(Long id) {
-		Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!");
+		Assert.isTrue(userRepository.existsById(id), "User with id '"
+				+ id
+				+ "' not exists!");
 		return userRepository.findById(id).get().getPasswordHash();
 	}
 
@@ -109,7 +111,9 @@ public class UserManager implements UserDataProvider {
 	 * @return the user
 	 */
 	public User setPassword(Long id, String password) {
-		Assert.isTrue(userRepository.existsById(id), "User with id '" + id + "' not exists!");
+		Assert.isTrue(userRepository.existsById(id), "User with id '"
+				+ id
+				+ "' not exists!");
 		User user = userRepository.findById(id).get();
 		user.setPasswordHash(passwordEncoder.encode(password));
 		return userRepository.save(user);
@@ -125,7 +129,9 @@ public class UserManager implements UserDataProvider {
 	 */
 	public User create(String username, String password, UserStatus status) {
 		Assert.isTrue(!userRepository.exists(qUser.username.equalsIgnoreCase(username)),
-				"Username '" + username + "' already exists!");
+				"Username '"
+						+ username
+						+ "' already exists!");
 		User user = new User();
 		user.setUsername(username);
 		if (StringUtils.hasText(password)) {
@@ -160,8 +166,9 @@ public class UserManager implements UserDataProvider {
 	 * @return the user
 	 */
 	public User update(User user) {
-		Assert.isTrue(userRepository.existsById(user.getId()),
-				"User with id '" + user.getId() + "' not exists!");
+		Assert.isTrue(userRepository.existsById(user.getId()), "User with id '"
+				+ user.getId()
+				+ "' not exists!");
 
 		User merge = get(user.getId());
 		merge.setUsername(user.getUsername());
@@ -182,8 +189,9 @@ public class UserManager implements UserDataProvider {
 	 * @param user the user
 	 */
 	public void delete(User user) {
-		Assert.isTrue(userRepository.existsById(user.getId()),
-				"User with id '" + user.getId() + "' not exists!");
+		Assert.isTrue(userRepository.existsById(user.getId()), "User with id '"
+				+ user.getId()
+				+ "' not exists!");
 
 		File publicKey = new File(getPublicKeyPath(user.getUsername()));
 		if (publicKey.exists()) {
@@ -202,7 +210,9 @@ public class UserManager implements UserDataProvider {
 	 * @return the bstly email
 	 */
 	public String getBstlyEmail(String username) {
-		return username + "@" + userEmailDomain;
+		return username
+				+ "@"
+				+ userEmailDomain;
 	}
 
 	/**
@@ -228,7 +238,8 @@ public class UserManager implements UserDataProvider {
 				FileWriter myWriter = new FileWriter(publicKeyPath);
 				myWriter.write(publicKey);
 				myWriter.close();
-				String command = "gpg --import " + publicKeyPath;
+				String command = "gpg --import "
+						+ publicKeyPath;
 				Runtime.getRuntime().exec(command);
 			} catch (IOException e) {
 				e.printStackTrace();
@@ -243,7 +254,10 @@ public class UserManager implements UserDataProvider {
 	 * @return the public key path
 	 */
 	public String getPublicKeyPath(String username) {
-		return userDataDirectory + username + File.separator + "public.key";
+		return userDataDirectory
+				+ username
+				+ File.separator
+				+ "public.key";
 	}
 
 	/**
@@ -254,8 +268,11 @@ public class UserManager implements UserDataProvider {
 	 */
 	public void passwordReset(User user, ServletOutputStream outputStream) {
 		String resetToken = RandomStringUtils.random(64, true, true);
-		String command = "echo \"" + resetToken + "\" | gpg -ear "
-				+ getBstlyEmail(user.getUsername()) + " --always-trust";
+		String command = "echo \""
+				+ resetToken
+				+ "\" | gpg -ear "
+				+ getBstlyEmail(user.getUsername())
+				+ " --always-trust";
 
 		user.setResetToken(resetToken);
 
@@ -328,7 +345,22 @@ public class UserManager implements UserDataProvider {
 	 */
 	@Override
 	public void purgeUserData(Long userId) {
-		userRepository.deleteById(userId);
+		User user = get(userId);
+		if (user != null) {
+			user.setDisabled(true);
+			user.setLocked(true);
+			user = update(user);
+			logger.warn("User '"
+					+ user.getUsername()
+					+ "' ["
+					+ user.getId()
+					+ "] should be purged!");
+
+		} else {
+			logger.error("No user found for ["
+					+ userId
+					+ "]!");
+		}
 	}
 
 }

core/src/main/java/de/bstly/we/controller/PermissionManagementController.java

@@ -17,6 +17,8 @@ import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.google.common.collect.Lists;
+
 import de.bstly.we.businesslogic.PermissionManager;
 import de.bstly.we.businesslogic.UserManager;
 import de.bstly.we.controller.support.EntityResponseStatusException;
@@ -100,6 +102,26 @@ public class PermissionManagementController extends BaseController {
 		return permissionManager.update(permission);
 	}
 
+	/**
+	 * Update permission.
+	 *
+	 * @param permission the permission
+	 * @return the permission
+	 */
+	@PreAuthorize("hasRole('ROLE_ADMIN')")
+	@PatchMapping("list")
+	public List<Permission> updatePermissions(@RequestBody List<Permission> permissions) {
+		List<Permission> result = Lists.newArrayList();
+		for (Permission permission : permissions) {
+			if (permission.getId() == null) {
+				throw new EntityResponseStatusException(HttpStatus.CONFLICT);
+			}
+
+			result.add(permissionManager.update(permission));
+		}
+		return result;
+	}
+
 	/**
 	 * Clone.
 	 *

pom.xml

@@ -13,7 +13,7 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>11</java.version>
 		<log4j2.version>2.17.1</log4j2.version>
-		<revision>1.5.0-SNAPSHOT</revision>
+		<revision>1.6.0-SNAPSHOT</revision>
 	</properties>
 
 	<parent>