1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.web;
35
36 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseHome;
37 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUser;
38 import fr.paris.lutece.plugins.mylutece.modules.openiddatabase.authentication.business.OpenIdDatabaseUserHome;
39 import fr.paris.lutece.plugins.mylutece.service.RoleResourceIdService;
40 import fr.paris.lutece.portal.business.role.Role;
41 import fr.paris.lutece.portal.business.role.RoleHome;
42 import fr.paris.lutece.portal.business.user.AdminUser;
43 import fr.paris.lutece.portal.service.message.AdminMessage;
44 import fr.paris.lutece.portal.service.message.AdminMessageService;
45 import fr.paris.lutece.portal.service.plugin.Plugin;
46 import fr.paris.lutece.portal.service.plugin.PluginService;
47 import fr.paris.lutece.portal.service.rbac.RBACService;
48 import fr.paris.lutece.portal.service.template.AppTemplateService;
49 import fr.paris.lutece.portal.web.admin.PluginAdminPageJspBean;
50 import fr.paris.lutece.portal.web.constants.Messages;
51 import fr.paris.lutece.util.html.HtmlTemplate;
52 import fr.paris.lutece.util.string.StringUtil;
53 import fr.paris.lutece.util.url.UrlItem;
54
55 import java.util.ArrayList;
56 import java.util.Collection;
57 import java.util.HashMap;
58
59 import javax.servlet.http.HttpServletRequest;
60
61
62
63
64
65 public class OpenIdDatabaseJspBean extends PluginAdminPageJspBean
66 {
67
68 public static final String RIGHT_MANAGE_DATABASE_USERS = "OPENID_DATABASE_MANAGEMENT_USERS";
69
70
71 private static final String MANAGE_USERS = "ManageUsers.jsp";
72 private static final String REGEX_DATABASE_USER_ID = "^[\\d]+$";
73
74
75 private static final String JSP_DO_REMOVE_USER = "jsp/admin/plugins/mylutece/modules/openiddatabase/DoRemoveUser.jsp";
76
77
78 private static final String PROPERTY_PAGE_TITLE_MANAGE_USERS = "module.mylutece.openiddatabase.manage_users.pageTitle";
79 private static final String PROPERTY_PAGE_TITLE_CREATE_USER = "module.mylutece.openiddatabase.create_user.pageTitle";
80 private static final String PROPERTY_PAGE_TITLE_MODIFY_USER = "module.mylutece.openiddatabase.modify_user.pageTitle";
81 private static final String PROPERTY_PAGE_TITLE_MANAGE_ROLES_USER = "module.mylutece.openiddatabase.manage_roles_user.pageTitle";
82 private static final String PROPERTY_PAGE_TITLE_MANAGE_GROUPS_USER = "module.mylutece.openiddatabase.manage_groups_user.pageTitle";
83 private static final String PROPERTY_DATABASE_TYPE = "database";
84
85
86 private static final String MESSAGE_CONFIRM_REMOVE_USER = "module.mylutece.openiddatabase.message.confirmRemoveUser";
87 private static final String MESSAGE_USER_EXIST = "module.mylutece.openiddatabase.message.user_exist";
88 private static final String MESSAGE_EMAIL_INVALID = "module.mylutece.database.message.email_invalid";
89 private static final String MESSAGE_ERROR_MODIFY_USER = "module.mylutece.openiddatabase.message.modify.user";
90 private static final String MESSAGE_ERROR_REMOVE_USER = "module.mylutece.openiddatabase.message.remove.user";
91 private static final String MESSAGE_ERROR_MANAGE_ROLES = "module.mylutece.openiddatabase.message.manage.roles";
92 private static final String MESSAGE_ERROR_MANAGE_GROUPS = "module.mylutece.openiddatabase.message.manage.groups";
93
94
95 private static final String PARAMETER_PLUGIN_NAME = "plugin_name";
96 private static final String PARAMETER_MYLUTECE_DATABASE_USER_ID = "mylutece_database_user_id";
97 private static final String PARAMETER_MYLUTECE_DATABASE_ROLE_ID = "mylutece_database_role_id";
98 private static final String PARAMETER_MYLUTECE_DATABASE_GROUP_KEY = "mylutece_database_group_key";
99 private static final String PARAMETER_LOGIN = "login";
100 private static final String PARAMETER_PASSWORD = "password";
101 private static final String PARAMETER_LAST_NAME = "last_name";
102 private static final String PARAMETER_FIRST_NAME = "first_name";
103 private static final String PARAMETER_EMAIL = "email";
104
105
106 private static final String MARK_USERS_LIST = "user_list";
107 private static final String MARK_USER = "user";
108 private static final String MARK_PLUGIN_NAME = "plugin_name";
109 private static final String MARK_ROLES_LIST = "role_list";
110 private static final String MARK_ROLES_LIST_FOR_USER = "user_role_list";
111 private static final String MARK_GROUPS_LIST = "group_list";
112 private static final String MARK_GROUPS_LIST_FOR_USER = "user_group_list";
113 private static final Object MARK_EXTERNAL_APPLICATION_EXIST = "external_application_exist";
114
115
116 private static final String TEMPLATE_CREATE_USER = "admin/plugins/mylutece/modules/openiddatabase/create_user.html";
117 private static final String TEMPLATE_MODIFY_USER = "admin/plugins/mylutece/modules/openiddatabase/modify_user.html";
118 private static final String TEMPLATE_MANAGE_USERS = "admin/plugins/mylutece/modules/openiddatabase/manage_users.html";
119 private static final String TEMPLATE_MANAGE_ROLES_USER = "admin/plugins/mylutece/modules/openiddatabase/manage_roles_user.html";
120 private static final String TEMPLATE_MANAGE_GROUPS_USER = "admin/plugins/mylutece/modules/openiddatabase/manage_groups_user.html";
121 private static Plugin _plugin;
122
123
124
125
126
127
128
129 public String getCreateUser( HttpServletRequest request )
130 {
131 setPageTitleProperty( PROPERTY_PAGE_TITLE_CREATE_USER );
132
133 HashMap<String, Object> model = new HashMap<String, Object>( );
134
135 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
136
137 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
138
139 return getAdminPage( template.getHtml( ) );
140 }
141
142
143
144
145
146
147
148 public String doCreateUser( HttpServletRequest request )
149 {
150 if ( _plugin == null )
151 {
152 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
153 _plugin = PluginService.getPlugin( strPluginName );
154 }
155
156 String strLogin = request.getParameter( PARAMETER_LOGIN );
157 String strPassword = request.getParameter( PARAMETER_PASSWORD );
158 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
159 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
160 String strEmail = request.getParameter( PARAMETER_EMAIL );
161
162 if ( ( strLogin.length( ) == 0 ) || ( strPassword.length( ) == 0 ) || ( strLastName.length( ) == 0 ) ||
163 ( strFirstName.length( ) == 0 ) || ( strEmail.length( ) == 0 ) )
164 {
165 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
166 }
167
168 if ( !StringUtil.checkEmail( strEmail ) )
169 {
170 return AdminMessageService.getMessageUrl( request, MESSAGE_EMAIL_INVALID, AdminMessage.TYPE_STOP );
171 }
172
173 OpenIdDatabaseUser databaseUser = new OpenIdDatabaseUser( );
174 databaseUser.setEmail( strEmail );
175 databaseUser.setFirstName( strFirstName );
176 databaseUser.setLastName( strLastName );
177 databaseUser.setLogin( strLogin );
178 databaseUser.setAuthentificationType( PROPERTY_DATABASE_TYPE );
179
180 if ( OpenIdDatabaseUserHome.findDatabaseUsersListForLogin( strLogin, _plugin ).size( ) != 0 )
181 {
182 return AdminMessageService.getMessageUrl( request, MESSAGE_USER_EXIST, AdminMessage.TYPE_STOP );
183 }
184
185 OpenIdDatabaseUserHome.create( databaseUser, strPassword, _plugin );
186
187 return MANAGE_USERS + "?" + PARAMETER_PLUGIN_NAME + "=" + _plugin.getName( );
188 }
189
190
191
192
193
194
195
196 public String getModifyUser( HttpServletRequest request )
197 {
198 setPageTitleProperty( PROPERTY_PAGE_TITLE_MODIFY_USER );
199
200 OpenIdDatabaseUser databaseUser = getDatabaseUserFromRequest( request );
201
202 if ( databaseUser == null )
203 {
204 return getCreateUser( request );
205 }
206
207 HashMap model = new HashMap( );
208
209 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
210 model.put( MARK_USER, databaseUser );
211
212 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER, getLocale( ), model );
213
214 return getAdminPage( template.getHtml( ) );
215 }
216
217
218
219
220
221
222
223 public String doModifyUser( HttpServletRequest request )
224 {
225 if ( _plugin == null )
226 {
227 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
228 _plugin = PluginService.getPlugin( strPluginName );
229 }
230
231 String strLogin = request.getParameter( PARAMETER_LOGIN );
232 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
233 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
234 String strEmail = request.getParameter( PARAMETER_EMAIL );
235
236 if ( ( strLogin.length( ) == 0 ) || ( strLastName.length( ) == 0 ) || ( strFirstName.length( ) == 0 ) ||
237 ( strEmail.length( ) == 0 ) )
238 {
239 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
240 }
241
242 OpenIdDatabaseUser databaseUser = getDatabaseUserFromRequest( request );
243
244 if ( databaseUser == null )
245 {
246 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_MODIFY_USER, AdminMessage.TYPE_ERROR );
247 }
248
249 if ( !databaseUser.getLogin( ).equalsIgnoreCase( strLogin ) &&
250 ( OpenIdDatabaseUserHome.findDatabaseUsersListForLogin( strLogin, _plugin ).size( ) != 0 ) )
251 {
252 return AdminMessageService.getMessageUrl( request, MESSAGE_USER_EXIST, AdminMessage.TYPE_STOP );
253 }
254
255 if ( !StringUtil.checkEmail( strEmail ) )
256 {
257 return AdminMessageService.getMessageUrl( request, MESSAGE_EMAIL_INVALID, AdminMessage.TYPE_STOP );
258 }
259
260 databaseUser.setEmail( strEmail );
261 databaseUser.setFirstName( strFirstName );
262 databaseUser.setLastName( strLastName );
263 databaseUser.setLogin( strLogin );
264
265 OpenIdDatabaseUserHome.update( databaseUser, _plugin );
266
267 return MANAGE_USERS + "?" + PARAMETER_PLUGIN_NAME + "=" + _plugin.getName( );
268 }
269
270
271
272
273
274
275
276 public String getRemoveUser( HttpServletRequest request )
277 {
278 if ( _plugin == null )
279 {
280 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
281 _plugin = PluginService.getPlugin( strPluginName );
282 }
283
284 UrlItem url = new UrlItem( JSP_DO_REMOVE_USER );
285 url.addParameter( PARAMETER_PLUGIN_NAME, _plugin.getName( ) );
286 url.addParameter( PARAMETER_MYLUTECE_DATABASE_USER_ID,
287 request.getParameter( PARAMETER_MYLUTECE_DATABASE_USER_ID ) );
288
289 return AdminMessageService.getMessageUrl( request, MESSAGE_CONFIRM_REMOVE_USER, url.getUrl( ),
290 AdminMessage.TYPE_CONFIRMATION );
291 }
292
293
294
295
296
297
298
299 public String doRemoveUser( HttpServletRequest request )
300 {
301 if ( _plugin == null )
302 {
303 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
304 _plugin = PluginService.getPlugin( strPluginName );
305 }
306
307 OpenIdDatabaseUser user = getDatabaseUserFromRequest( request );
308
309 if ( user == null )
310 {
311 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_REMOVE_USER, AdminMessage.TYPE_ERROR );
312 }
313
314 OpenIdDatabaseUserHome.remove( user, _plugin );
315
316 OpenIdDatabaseHome.removeRolesForUser( user.getUserId( ), _plugin );
317
318 return MANAGE_USERS + "?" + PARAMETER_PLUGIN_NAME + "=" + _plugin.getName( );
319 }
320
321
322
323
324
325
326
327 public String getManageUsers( HttpServletRequest request )
328 {
329 if ( _plugin == null )
330 {
331 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
332 _plugin = PluginService.getPlugin( strPluginName );
333 }
334
335 setPageTitleProperty( PROPERTY_PAGE_TITLE_MANAGE_USERS );
336
337 Boolean applicationsExist = Boolean.FALSE;
338
339 Collection userList = OpenIdDatabaseUserHome.findDatabaseUsersList( _plugin );
340 HashMap model = new HashMap( );
341 model.put( MARK_USERS_LIST, userList );
342 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
343 model.put( MARK_EXTERNAL_APPLICATION_EXIST, applicationsExist );
344
345 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
346
347 return getAdminPage( template.getHtml( ) );
348 }
349
350
351
352
353
354
355
356 public String getManageRolesUser( HttpServletRequest request )
357 {
358 AdminUser adminUser = getUser( );
359
360 if ( _plugin == null )
361 {
362 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
363 _plugin = PluginService.getPlugin( strPluginName );
364 }
365
366 setPageTitleProperty( PROPERTY_PAGE_TITLE_MANAGE_ROLES_USER );
367
368 OpenIdDatabaseUser user = getDatabaseUserFromRequest( request );
369
370 if ( user == null )
371 {
372 return getManageUsers( request );
373 }
374
375 Collection<Role> allRoleList = RoleHome.findAll( );
376 allRoleList = (ArrayList<Role>) RBACService.getAuthorizedCollection( allRoleList,
377 RoleResourceIdService.PERMISSION_ASSIGN_ROLE, adminUser );
378
379 ArrayList<String> userRoleKeyList = OpenIdDatabaseHome.findUserRolesFromLogin( user.getLogin( ), _plugin );
380 Collection<Role> userRoleList = new ArrayList<Role>( );
381
382 for ( String strRoleKey : userRoleKeyList )
383 {
384 for ( Role role : allRoleList )
385 {
386 if ( role.getRole( ).equals( strRoleKey ) )
387 {
388 userRoleList.add( RoleHome.findByPrimaryKey( strRoleKey ) );
389 }
390 }
391 }
392
393 HashMap model = new HashMap( );
394 model.put( MARK_ROLES_LIST, allRoleList );
395 model.put( MARK_ROLES_LIST_FOR_USER, userRoleList );
396 model.put( MARK_USER, user );
397 model.put( MARK_PLUGIN_NAME, _plugin.getName( ) );
398
399 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_ROLES_USER, getLocale( ), model );
400
401 return getAdminPage( template.getHtml( ) );
402 }
403
404
405
406
407
408
409
410 public String doAssignRoleUser( HttpServletRequest request )
411 {
412 if ( _plugin == null )
413 {
414 String strPluginName = request.getParameter( PARAMETER_PLUGIN_NAME );
415 _plugin = PluginService.getPlugin( strPluginName );
416 }
417
418
419 OpenIdDatabaseUser user = getDatabaseUserFromRequest( request );
420
421 if ( user == null )
422 {
423 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_MANAGE_ROLES, AdminMessage.TYPE_ERROR );
424 }
425
426 String[] roleArray = request.getParameterValues( PARAMETER_MYLUTECE_DATABASE_ROLE_ID );
427
428 OpenIdDatabaseHome.removeRolesForUser( user.getUserId( ), _plugin );
429
430 if ( roleArray != null )
431 {
432 for ( int i = 0; i < roleArray.length; i++ )
433 {
434 OpenIdDatabaseHome.addRoleForUser( user.getUserId( ), roleArray[i], _plugin );
435 }
436 }
437
438 return MANAGE_USERS + "?" + PARAMETER_PLUGIN_NAME + "=" + _plugin.getName( );
439 }
440
441
442
443
444
445
446 private OpenIdDatabaseUser getDatabaseUserFromRequest( HttpServletRequest request )
447 {
448 String strUserId = request.getParameter( PARAMETER_MYLUTECE_DATABASE_USER_ID );
449
450 if ( ( strUserId == null ) || !strUserId.matches( REGEX_DATABASE_USER_ID ) )
451 {
452 return null;
453 }
454
455 int nUserId = Integer.parseInt( strUserId );
456
457 OpenIdDatabaseUser user = OpenIdDatabaseUserHome.findByPrimaryKey( nUserId, _plugin );
458
459 return user;
460 }
461 }