=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2014-04-02 10:51:13 +0000
@@ -508,4 +508,31 @@
             organisationUnits.addAll( user.getOrganisationUnits() );
         }
     }
+
+    @Override
+    public String toString()
+    {
+        return "User{" +
+            "surname='" + surname + '\'' +
+            ", firstName='" + firstName + '\'' +
+            ", email='" + email + '\'' +
+            ", phoneNumber='" + phoneNumber + '\'' +
+            ", jobTitle='" + jobTitle + '\'' +
+            ", introduction='" + introduction + '\'' +
+            ", gender='" + gender + '\'' +
+            ", birthday=" + birthday +
+            ", nationality='" + nationality + '\'' +
+            ", employer='" + employer + '\'' +
+            ", education='" + education + '\'' +
+            ", interests='" + interests + '\'' +
+            ", languages='" + languages + '\'' +
+            ", lastCheckedInterpretations=" + lastCheckedInterpretations +
+            ", userCredentials=" + userCredentials +
+            ", groups=" + groups +
+            ", organisationUnits=" + organisationUnits +
+            ", dataViewOrganisationUnits=" + dataViewOrganisationUnits +
+            ", attributeValues=" + attributeValues +
+            ", apps=" + apps +
+            '}';
+    }
 }

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java	2014-03-26 12:33:30 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java	2014-04-02 10:51:13 +0000
@@ -32,19 +32,28 @@
 import org.hisp.dhis.api.controller.AbstractCrudController;
 import org.hisp.dhis.api.controller.WebMetaData;
 import org.hisp.dhis.api.controller.WebOptions;
+import org.hisp.dhis.api.utils.ContextUtils;
 import org.hisp.dhis.common.Pager;
+import org.hisp.dhis.dxf2.metadata.ImportTypeSummary;
+import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
+import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
+import org.hisp.dhis.security.PasswordManager;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseStatus;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -53,7 +62,7 @@
  * @author Morten Olav Hansen <mortenoh@gmail.com>
  */
 @Controller
-@RequestMapping( value = UserController.RESOURCE_PATH )
+@RequestMapping(value = UserController.RESOURCE_PATH)
 public class UserController
     extends AbstractCrudController<User>
 {
@@ -62,16 +71,19 @@
     @Autowired
     private UserService userService;
 
+    @Autowired
+    private PasswordManager passwordManager;
+
     @Override
-    @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_USER_VIEW')")
     public String getObjectList( @RequestParam Map<String, String> parameters, Model model, HttpServletResponse response, HttpServletRequest request )
     {
         return super.getObjectList( parameters, model, response, request );
     }
 
     @Override
-    @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
-    public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters, Model model,
+    @PreAuthorize("hasRole('ALL') or hasRole('F_USER_VIEW')")
+    public String getObject( @PathVariable("uid") String uid, @RequestParam Map<String, String> parameters, Model model,
         HttpServletRequest request, HttpServletResponse response ) throws Exception
     {
         return super.getObject( uid, parameters, model, request, response );
@@ -108,4 +120,108 @@
     {
         return userService.getUser( uid );
     }
+
+    //--------------------------------------------------------------------------
+    // POST
+    //--------------------------------------------------------------------------
+
+    @Override
+    @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
+    public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
+    {
+        if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
+        }
+
+        User user = renderService.fromXml( request.getInputStream(), getEntityClass() );
+
+        String encodePassword = passwordManager.encodePassword( user.getUsername(),
+            user.getUserCredentials().getPassword() );
+        user.getUserCredentials().setPassword( encodePassword );
+
+        ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), user );
+        renderService.toJson( response.getOutputStream(), summary );
+    }
+
+    @Override
+    @RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
+    public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
+    {
+        if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new CreateAccessDeniedException( "You don't have the proper permissions to create this object." );
+        }
+
+        User user = renderService.fromJson( request.getInputStream(), getEntityClass() );
+
+        String encodePassword = passwordManager.encodePassword( user.getUsername(),
+            user.getUserCredentials().getPassword() );
+        user.getUserCredentials().setPassword( encodePassword );
+
+        ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), user );
+        renderService.toJson( response.getOutputStream(), summary );
+    }
+
+    //--------------------------------------------------------------------------
+    // PUT
+    //--------------------------------------------------------------------------
+
+    @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } )
+    @ResponseStatus( value = HttpStatus.NO_CONTENT )
+    public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+        input ) throws Exception
+    {
+        User object = getEntity( uid );
+
+        if ( object == null )
+        {
+            ContextUtils.conflictResponse( response, getEntityName() + " does not exist: " + uid );
+            return;
+        }
+
+        if ( !aclService.canUpdate( currentUserService.getCurrentUser(), object ) )
+        {
+            throw new UpdateAccessDeniedException( "You don't have the proper permissions to update this object." );
+        }
+
+        User parsed = renderService.fromXml( request.getInputStream(), getEntityClass() );
+        parsed.setUid( uid );
+
+        String encodePassword = passwordManager.encodePassword( parsed.getUsername(),
+            parsed.getUserCredentials().getPassword() );
+        parsed.getUserCredentials().setPassword( encodePassword );
+
+        ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), parsed );
+        renderService.toJson( response.getOutputStream(), summary );
+    }
+
+    @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json" )
+    @ResponseStatus( value = HttpStatus.NO_CONTENT )
+    public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+        input ) throws Exception
+    {
+        User object = getEntity( uid );
+
+        if ( object == null )
+        {
+            ContextUtils.conflictResponse( response, getEntityName() + " does not exist: " + uid );
+            return;
+        }
+
+        if ( !aclService.canUpdate( currentUserService.getCurrentUser(), object ) )
+        {
+            throw new UpdateAccessDeniedException( "You don't have the proper permissions to update this object." );
+        }
+
+        User parsed = renderService.fromJson( request.getInputStream(), getEntityClass() );
+        parsed.setUid( uid );
+
+        String encodePassword = passwordManager.encodePassword( parsed.getUsername(),
+            parsed.getUserCredentials().getPassword() );
+        parsed.getUserCredentials().setPassword( encodePassword );
+
+        ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), parsed );
+        renderService.toJson( response.getOutputStream(), summary );
+    }
 }