RoleManagementJspBean.java
/*
* Copyright (c) 2002-2022, City of Paris
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright notice
* and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice
* and the following disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* License 1.0
*/
package fr.paris.lutece.portal.web.rbac;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import fr.paris.lutece.portal.business.rbac.RBAC;
import fr.paris.lutece.portal.business.rbac.RBACHome;
import fr.paris.lutece.portal.business.rbac.RBACRole;
import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
import fr.paris.lutece.portal.business.right.Level;
import fr.paris.lutece.portal.business.right.LevelHome;
import fr.paris.lutece.portal.business.role.Role;
import fr.paris.lutece.portal.business.role.RoleHome;
import fr.paris.lutece.portal.business.user.AdminUser;
import fr.paris.lutece.portal.business.user.AdminUserHome;
import fr.paris.lutece.portal.service.admin.AccessDeniedException;
import fr.paris.lutece.portal.service.admin.AdminUserService;
import fr.paris.lutece.portal.service.i18n.I18nService;
import fr.paris.lutece.portal.service.message.AdminMessage;
import fr.paris.lutece.portal.service.message.AdminMessageService;
import fr.paris.lutece.portal.service.rbac.RBACRemovalListenerService;
import fr.paris.lutece.portal.service.rbac.ResourceType;
import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
import fr.paris.lutece.portal.service.security.SecurityTokenService;
import fr.paris.lutece.portal.service.template.AppTemplateService;
import fr.paris.lutece.portal.service.util.AppPathService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
import fr.paris.lutece.portal.web.constants.Messages;
import fr.paris.lutece.portal.web.constants.Parameters;
import fr.paris.lutece.portal.web.role.RoleJspBean;
import fr.paris.lutece.portal.web.util.LocalizedPaginator;
import fr.paris.lutece.util.ReferenceItem;
import fr.paris.lutece.util.ReferenceList;
import fr.paris.lutece.util.html.AbstractPaginator;
import fr.paris.lutece.util.html.HtmlTemplate;
import fr.paris.lutece.util.html.ItemNavigator;
import fr.paris.lutece.util.sort.AttributeComparator;
import fr.paris.lutece.util.string.StringUtil;
import fr.paris.lutece.util.url.UrlItem;
/**
* This class provides methods for role management.
*/
public class RoleManagementJspBean extends AdminFeaturesPageJspBean
{
// ////////////////////////////////////////////////////////////////////////////////
// Contants
/**
* Right to manage RBAC
*/
public static final String RIGHT_MANAGE_ROLES = "CORE_RBAC_MANAGEMENT";
/**
* Serial version UID
*/
private static final long serialVersionUID = 5909246296083478844L;
// parameters
private static final String PARAMETER_METHOD_SELECTION_ALL = "all";
private static final String PARAMETER_METHOD_SELECTION_CHOOSE = "choose";
private static final String PARAMETER_SELECTION_METHOD_CHOOSE = "choose";
private static final String PARAMETER_ROLE_KEY = "role_key";
private static final String PARAMETER_ROLE_DESCRIPTION = "role_description";
private static final String PARAMETER_ROLE_KEY_PREVIOUS = "role_key_previous";
private static final String PARAMETER_RESOURCE_TYPE = "resource_type";
private static final String PARAMETER_SELECT_RESOURCES_METHOD = "select_resources";
private static final String PARAMETER_RESOURCE_ID = "resource_id";
private static final String PARAMETER_PERMISSION_KEY = "permission_key";
private static final String PARAMETER_SELECT_PERMISSIONS_METHOD = "select_permissions";
private static final String PARAMETER_RBAC_ID = "rbac_id";
private static final String PARAMETER_AVAILABLE_USER_LIST = "available_users_list";
private static final String PARAMETER_ID_USER = "id_user";
private static final String PARAMETER_ANCHOR = "anchor";
private static final String PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT = "can_be_assigned_to_user_front";
// markers
private static final String MARK_PERMISSIONS_LIST = "permissions_list";
private static final String MARK_RESOURCE_ID_LIST = "resource_id_list";
private static final String MARK_RESOURCE_TYPE_LIST = "resource_type_list";
private static final String MARK_CONTROLED_RESOURCE_LIST = "controled_resource_list";
private static final String MARK_ROLE = "role";
private static final String MARK_ROLE_LIST = "role_list";
private static final String MARK_PAGINATOR = "paginator";
private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
private static final String MARK_ROLE_KEY = "role_key";
private static final String MARK_RESOURCE_TYPE = "resource_type";
private static final String MARK_RESOURCE_LABEL = "resource_label";
private static final String MARK_SELECT_RESOURCES_METHOD = "select_resources";
private static final String MARK_RESOURCE_LIST_AVAILABLE = "resource_list_available";
private static final String MARK_ASSIGNED_USERS_LIST = "assigned_users_list";
private static final String MARK_AVAILABLE_USERS_LIST = "available_users_list";
private static final String MARK_ASSIGNED_USERS_NUMBER = "assigned_users_number";
private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
private static final String MARK_USER_LEVELS_LIST = "user_levels";
private static final String MARK_EXIST_FRONT_ROLE_MAP = "exist_front_role_map";
private static final String MARK_EXIST_FRONT_ROLE = "exist_front_role";
private static final String MARK_HAS_RIGHT_MANAGE_FRONT_ROLE = "has_right_manage_front_role";
// properties
private static final String PROPERTY_CONFIRM_DELETE_ROLE = "portal.rbac.message.confirmDeleteRole";
private static final String PROPERTY_CONFIRM_DELETE_CONTROL = "portal.rbac.message.confirmDeleteControl";
private static final String PROPERTY_ROLE_ALREADY_EXISTS = "portal.rbac.message.roleAlreadyExists";
private static final String PROPERTY_ROLE_ATTRIBUTED = "portal.rbac.message.roleAttributed";
private static final String PROPERTY_ROLE_CREATION_PAGETITLE = "portal.rbac.pageTitle.createRole";
private static final String PROPERTY_ROLE_DESCRIPTION_PAGETITLE = "portal.rbac.pageTitle.viewRoleDescription";
private static final String PROPERTY_CHOOSE_RESOURCES_PAGETITLE = "portal.rbac.pageTitle.chooseResources";
private static final String PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE = "portal.rbac.pageTitle.selectResourceIds";
private static final String PROPERTY_SELECT_PERMISSIONS_PAGETITLE = "portal.rbac.pageTitle.selectPermissions";
private static final String PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD = "portal.rbac.message.resourceIdSelectionMethod";
private static final String PROPERTY_MESSAGE_ID_LIST_EMPTY = "portal.rbac.message.resourceIdListEmpty";
private static final String PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD = "portal.rbac.message.permissionSelectionMethod";
private static final String PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY = "portal.rbac.message.permissionListEmpty";
private static final String MESSAGE_ROLE_SPECIAL_CHARACTER = "portal.rbac.message.specialCharacters";
private static final String PROPERTY_ROLES_PER_PAGE = "paginator.roles.itemsPerPage";
private static final String PROPERTY_ASSIGN_USERS_PAGETITLE = "portal.rbac.assign_users.pageTitle";
private static final String PROPERTY_MANAGE_ROLES_PAGETITLE = "portal.rbac.manage_roles.pageTitle";
private static final String MESSAGE_CANNOT_REMOVE_ROLE = "portal.rbac.message.cannotRemoveRole";
// templates
private static final String TEMPLATE_MANAGE_ROLES = "admin/rbac/manage_roles.html";
private static final String TEMPLATE_CREATE_ROLE = "admin/rbac/create_role.html";
private static final String TEMPLATE_VIEW_ROLE_DESCRIPTION = "admin/rbac/view_role_description.html";
private static final String TEMPLATE_ADD_CONTROL_TO_ROLE = "admin/rbac/add_control_to_role.html";
private static final String TEMPLATE_SELECT_PERMISSIONS = "admin/rbac/select_permissions.html";
private static final String TEMPLATE_SELECT_RESOURCE_IDS = "admin/rbac/select_resource_ids.html";
private static final String TEMPLATE_ASSIGN_USERS = "admin/rbac/assign_users_role.html";
// jsp
private static final String JSP_URL_ROLES_MANAGEMENT = "ManageRoles.jsp";
private static final String JSP_URL_SELECT_PERMISSIONS = "SelectPermissions.jsp";
private static final String JSP_URL_ROLE_DESCRIPTION = "ViewRoleDescription.jsp";
private static final String JSP_URL_SELECT_SPECIFIC_IDS = "SelectSpecificIds.jsp";
private static final String JSP_URL_REMOVE_ROLE = "jsp/admin/rbac/DoRemoveRole.jsp";
private static final String JSP_URL_REMOVE_CONTROL_FROM_ROLE = "jsp/admin/rbac/DoRemoveControlFromRole.jsp";
private static final String JSP_ASSIGN_USERS_TO_ROLE = "AssignUsersRole.jsp";
private static final String JSP_URL_ASSIGN_USERS_TO_ROLE = "jsp/admin/rbac/AssignUsersRole.jsp";
private int _nItemsPerPage;
private int _nDefaultItemsPerPage;
private String _strCurrentPageIndex;
private ItemNavigator _itemNavigator;
/**
* Get the roles management page. This page provides the list of all existing roles.
*
* @param request
* the http request
* @return the html code for the role management page
*/
public String getManageRoles( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_MANAGE_ROLES_PAGETITLE );
// Reinit session
reinitItemNavigator( );
List<RBACRole> listRole = (List<RBACRole>) RBACRoleHome.findAll( );
// SORT
String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
String strAscSort = null;
if ( strSortedAttributeName != null )
{
strAscSort = request.getParameter( Parameters.SORTED_ASC );
boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
Collections.sort( listRole, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
}
_strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
_nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
_nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
String strURL = getHomeUrl( request );
UrlItem url = new UrlItem( strURL );
if ( strSortedAttributeName != null )
{
url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
}
if ( strAscSort != null )
{
url.addParameter( Parameters.SORTED_ASC, strAscSort );
}
// PAGINATOR
LocalizedPaginator<RBACRole> paginator = new LocalizedPaginator<>( listRole, _nItemsPerPage, url.getUrl( ), AbstractPaginator.PARAMETER_PAGE_INDEX,
_strCurrentPageIndex, getLocale( ) );
Map<String, Boolean> mapExistRole = paginator.getPageItems( ).stream( )
.collect( Collectors.toMap( RBACRole::getKey, x -> RoleHome.findExistRole( x.getKey( ) ) ) );
Map<String, Object> model = new HashMap<>( );
model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
model.put( MARK_PAGINATOR, paginator );
model.put( MARK_ROLE_LIST, paginator.getPageItems( ) );
model.put( MARK_EXIST_FRONT_ROLE_MAP, mapExistRole );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_ROLES, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Get the role creation page. This page provides a form to enter basic information about the new role.
*
* @param request
* the http request
* @return the html code for the role creation page
*/
public String getCreateRole( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_ROLE_CREATION_PAGETITLE );
Map<String, Object> model = new HashMap<>( 1 );
model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_CREATE_ROLE ) );
model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_ROLE, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Perform the role creation. The role key entered should not already exist. The role key is mandatory.
*
* @param request
* the http request
* @return the url to forward to
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doCreateRole( HttpServletRequest request ) throws AccessDeniedException
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
if ( StringUtils.isBlank( strRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
{
return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
}
if ( RBACRoleHome.checkExistRole( strRoleKey ) )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
}
if ( !StringUtil.checkCodeKey( strRoleKey ) )
{
return AdminMessageService.getMessageUrl( request, MESSAGE_ROLE_SPECIAL_CHARACTER, AdminMessage.TYPE_STOP );
}
if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_CREATE_ROLE ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
RBACRole role = new RBACRole( );
role.setKey( strRoleKey.trim( ) );
role.setDescription( strRoleDescription );
RBACRoleHome.create( role );
if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
&& !RoleHome.findExistRole( role.getKey( ) ) )
{
Role roleFront = new Role( );
roleFront.setRole( strRoleKey );
roleFront.setRoleDescription( strRoleDescription );
roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
RoleHome.create( roleFront );
}
return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
}
/**
* Performs the modification of the role's key and description. The role key entered should not already exist. The role key is mandatory. It should update
* the key for all the entries in the role-resource association list.
*
* @param request
* the http request
* @return the url to forward to
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doModifyRole( HttpServletRequest request ) throws AccessDeniedException
{
String strOldRoleKey = request.getParameter( PARAMETER_ROLE_KEY_PREVIOUS );
String strNewRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
// check that new role key is valid
if ( StringUtils.isBlank( strNewRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
{
return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
}
if ( strOldRoleKey.equals( strNewRoleKey ) ) // if the key doesn't change, update the description
{
if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
// update the role
RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
role.setKey( strNewRoleKey );
role.setDescription( strRoleDescription );
if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
&& !RoleHome.findExistRole( role.getKey( ) ) )
{
Role roleFront = new Role( );
roleFront.setRole( role.getKey( ) );
roleFront.setRoleDescription( strRoleDescription );
roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
RoleHome.create( roleFront );
}
RBACRoleHome.update( strOldRoleKey, role );
}
else
// if the key changes, first check that the new key doesn't exist
{
if ( RBACRoleHome.checkExistRole( strNewRoleKey ) )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
}
if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
// update the role
RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
role.setKey( strNewRoleKey );
role.setDescription( strRoleDescription );
RBACRoleHome.update( strOldRoleKey, role );
AdminUserHome.updateUsersRole( strOldRoleKey, role );
// update the role key in the role-resource associations
RBACHome.updateRoleKey( strOldRoleKey, strNewRoleKey );
if ( getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
&& !RoleHome.findExistRole( strNewRoleKey ) )
{
Role roleFront = new Role( );
roleFront.setRole( strNewRoleKey );
roleFront.setRoleDescription( strRoleDescription );
RoleHome.create( roleFront );
}
}
return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strNewRoleKey;
}
/**
* Get the confirmation page before deletion of a role
*
* @param request
* the HTTP request
* @return the url of the confirmation page
*/
public String doConfirmRemoveRole( HttpServletRequest request )
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strDeleteUrl = JSP_URL_REMOVE_ROLE;
Map<String, Object> parameters = new HashMap<>( 2 );
parameters.put( PARAMETER_ROLE_KEY, strRoleKey );
parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_ROLE ) );
return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_ROLE, strDeleteUrl, AdminMessage.TYPE_CONFIRMATION, parameters );
}
/**
* Perform the role deletion. Also delete the resources linked to this role
*
* @param request
* the http request
* @return the url of the role management page
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doRemoveRole( HttpServletRequest request ) throws AccessDeniedException
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
List<String> listErrors = new ArrayList<>( );
// check that no user has this role
if ( AdminUserHome.checkRoleAttributed( strRoleKey ) )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ATTRIBUTED, AdminMessage.TYPE_STOP );
}
if ( !RBACRemovalListenerService.getService( ).checkForRemoval( strRoleKey, listErrors, getLocale( ) ) )
{
String strCause = AdminMessageService.getFormattedList( listErrors, getLocale( ) );
Object [ ] args = {
strCause
};
return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_ROLE, args, AdminMessage.TYPE_STOP );
}
else
{
if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_ROLE ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
// remove role
RBACRoleHome.remove( strRoleKey );
// remove resources entries for that role
RBACHome.removeForRoleKey( strRoleKey );
return JSP_URL_ROLES_MANAGEMENT;
}
}
/**
* Get the page describing a role and the resource associated
*
* @param request
* the HTTP request
* @return the HTML code for the description page
*/
public String getViewRoleDescription( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_ROLE_DESCRIPTION_PAGETITLE );
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
Collection<RBAC> listResources = RBACHome.findResourcesByCode( strRoleKey );
I18nService.localizeCollection( listResources, getLocale( ) );
Collection<ResourceType> listResourceTypes = ResourceTypeManager.getResourceTypeList( );
I18nService.localizeCollection( listResourceTypes, getLocale( ) );
RBACRole adminRole = RBACRoleHome.findByPrimaryKey( strRoleKey );
if ( adminRole == null )
{
return getManageRoles( request );
}
Map<String, Object> model = new HashMap<>( );
model.put( MARK_EXIST_FRONT_ROLE, RoleHome.findExistRole( adminRole.getKey( ) ) );
model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
model.put( MARK_ROLE, adminRole );
model.put( MARK_CONTROLED_RESOURCE_LIST, listResources );
model.put( MARK_RESOURCE_TYPE_LIST, listResourceTypes );
model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_VIEW_ROLE_DESCRIPTION, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Get the confirmation page before deletion of a control
*
* @param request
* the http request
* @return the url of the confirmation page
*/
public String doConfirmRemoveControlFromRole( HttpServletRequest request )
{
String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
int nId = Integer.parseInt( strIdControl );
RBAC rbac = RBACHome.findByPrimaryKey( nId );
String strDeleteUrl = JSP_URL_REMOVE_CONTROL_FROM_ROLE;
Map<String, Object> parameters = new HashMap<>( 2 );
parameters.put( PARAMETER_RBAC_ID, strIdControl );
parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) );
return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_CONTROL,
new Object[ ] { rbac.getRoleKey( ), rbac.getPermissionKey( ), rbac.getResourceIdLabel( ),
rbac.getResourceTypeLabel( ) },
null, strDeleteUrl, "", AdminMessage.TYPE_CONFIRMATION, parameters );
}
/**
* Perform the role deletion. Also delete the resources linked to this role
*
* @param request
* the http request
* @return the url of the role management page
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doRemoveControlFromRole( HttpServletRequest request ) throws AccessDeniedException
{
if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
int nId = Integer.parseInt( strIdControl );
RBAC rbac = RBACHome.findByPrimaryKey( nId );
// remove control
RBACHome.remove( nId );
return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + rbac.getRoleKey( );
}
/**
* Get the first page of the control addition to a role. This page provides choice for resource selection. 2 methods are provided :
* <ul>
* <li>wildcard selection : all resources of this type are selected.</li>
* <li>specific selection : a page with the list of resource ids available is provided next for user choice.</li>
* </ul>
*
* @param request
* the HTTP request
* @return the HTML content for the resource selection method choice
*/
public String getAddControlToRole( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_CHOOSE_RESOURCES_PAGETITLE );
Map<String, Object> model = new HashMap<>( );
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
boolean bResourceListAvailable = true;
ReferenceList listResources = resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) );
if ( CollectionUtils.isEmpty( listResources ) )
{
bResourceListAvailable = false;
}
model.put( MARK_ROLE_KEY, strRoleKey );
model.put( MARK_RESOURCE_TYPE, strResourceType );
model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
model.put( MARK_RESOURCE_LIST_AVAILABLE, bResourceListAvailable );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ADD_CONTROL_TO_ROLE, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Perform the checks on the resource selection method and perform the suitable redirection.
* <ul>
* <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page.</li>
* <li>If selection method is specific (id selection - parameter "choose"), the user is redirected to the resource id selection page.</li>
* <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
* </ul>
*
* @param request
* the http request
* @return the url of the page to be redirected to
*/
public String doSelectResources( HttpServletRequest request )
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
if ( ( strSelectionMethod == null ) || ( strSelectionMethod.trim( ).equals( "" ) ) )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
else
if ( strSelectionMethod.equals( PARAMETER_SELECTION_METHOD_CHOOSE ) )
{
return JSP_URL_SELECT_SPECIFIC_IDS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "&"
+ PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
}
else
if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
{
return JSP_URL_SELECT_PERMISSIONS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey
+ "&" + PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
}
else
{
return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
}
/**
* Get the list of ids corresponding to the current resource type. This allows to provide the selection of resource ids that should be controlled for the
* current role.
*
* @param request
* the http request
* @return the html code for the list of ids to select
*/
public String getSelectSpecificIds( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE );
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
Map<String, Object> model = new HashMap<>( );
model.put( MARK_RESOURCE_ID_LIST, resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) ) );
model.put( MARK_ROLE_KEY, strRoleKey );
model.put( MARK_RESOURCE_TYPE, strResourceType );
model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_RESOURCE_IDS, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Perform the check on the resource id list selected on the specific id selection page perform the suitable redirection.
* <ul>
* <li>If selection method is specific (id selection - parameter "choose"),
* <ul>
* <li>if at least one id as been selected, the user is redirected to the permission selection page.</li>
* <li>if no id as been selected, the user is redirected to an error page.</li>
* </ul>
* <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page (This check could be
* avoided as is should not happen).</li>
* <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
* </ul>
*
* @param request
* the http request
* @return the url of the page to be redirected to
*/
public String doSelectResourcesFromIdsList( HttpServletRequest request )
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
String strUrl;
// check that the selection method is "all" or "choose"
// if method is "choose", check that we have at least one id checked
if ( strSelectionMethod == null )
{
strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
else
if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
{
if ( ( strArrayResourceIds == null ) || ( strArrayResourceIds.length == 0 ) )
{
strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ID_LIST_EMPTY, AdminMessage.TYPE_STOP );
}
else
{
StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
sbUrl.append( "?" );
sbUrl.append( PARAMETER_RESOURCE_TYPE );
sbUrl.append( "=" );
sbUrl.append( strResourceType );
sbUrl.append( "&" );
sbUrl.append( PARAMETER_ROLE_KEY );
sbUrl.append( "=" );
sbUrl.append( strRoleKey );
sbUrl.append( "&" );
sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
sbUrl.append( "=" );
sbUrl.append( strSelectionMethod );
for ( int i = 0; i < strArrayResourceIds.length; i++ )
{
sbUrl.append( "&" );
sbUrl.append( PARAMETER_RESOURCE_ID );
sbUrl.append( "=" );
sbUrl.append( strArrayResourceIds [i] );
}
strUrl = sbUrl.toString( );
}
}
else
if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
{
StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
sbUrl.append( "?" );
sbUrl.append( PARAMETER_RESOURCE_TYPE );
sbUrl.append( "=" );
sbUrl.append( strResourceType );
sbUrl.append( "&" );
sbUrl.append( PARAMETER_ROLE_KEY );
sbUrl.append( "=" );
sbUrl.append( strRoleKey );
sbUrl.append( "&" );
sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
sbUrl.append( "=" );
sbUrl.append( strSelectionMethod );
strUrl = sbUrl.toString( );
}
else
{
strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
return strUrl;
}
/**
* Get the permission selection page. 2 methods are provided :
* <ul>
* <li>wildcard selection : all permissions for this type are selected.</li>
* <li>specific selection : the choice is to be made by the user in the list of available permissions.</li>
* </ul>
*
* @param request
* the http request
* @return the html code for the permission selection page.
*/
public String getSelectPermissions( HttpServletRequest request )
{
setPageTitleProperty( PROPERTY_SELECT_PERMISSIONS_PAGETITLE );
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
// load the permission list for permission selection
ReferenceList listPermissions = ResourceTypeManager.getPermissionsList( strResourceType, getLocale( ) );
Map<String, Object> model = new HashMap<>( );
// forward the resource id list
model.put( MARK_RESOURCE_ID_LIST, strArrayResourceIds );
// load the permission list
model.put( MARK_PERMISSIONS_LIST, listPermissions );
// forward the role key, the resource type and the resource id selection method
model.put( MARK_ROLE_KEY, strRoleKey );
model.put( MARK_RESOURCE_TYPE, strResourceType );
model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_SELECT_PERMISSIONS ) );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_PERMISSIONS, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Perform the checks on the permission selection and redirects to the description of the role if ok.
* <ul>
* <li>If selection method is global (wilcard selection - parameter "all"), the corresponding entry is stored as a control for all resources previously
* selected. The user is redirected to the role description page.</li>
* <li>If selection method is specific (id selection - parameter "choose"),
* <ul>
* <li>if no permission is found, the user is redirected to an error page.</li>
* <li>if at least one permission is found, the corresponding entry is stored as a control for all resources previously selected. The user is redirected to
* the role description page.</li>
* </ul>
* </li>
* <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
* </ul>
*
* @param request
* the http request
* @return the url of the page to be redirected to
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doSelectPermissions( HttpServletRequest request ) throws AccessDeniedException
{
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
String strResourcesSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
String strPermissionsSelectionMethod = request.getParameter( PARAMETER_SELECT_PERMISSIONS_METHOD );
String [ ] strArrayResourceIds;
String [ ] strArrayPermissionKeys;
// get the list of resource ids selected (forward from previous screen, so no need for extensive checks)
if ( ( strResourcesSelectionMethod != null ) && strResourcesSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
{
strArrayResourceIds = new String [ 1];
strArrayResourceIds [0] = RBAC.WILDCARD_RESOURCES_ID;
}
else
{
strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
}
// check that the permission selection method is "all" or "choose"
// if method is "choose", check that we have at least one id checked
if ( strPermissionsSelectionMethod == null )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
else
if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
{
strArrayPermissionKeys = request.getParameterValues( PARAMETER_PERMISSION_KEY );
if ( ( strArrayPermissionKeys == null ) || ( strArrayPermissionKeys.length == 0 ) )
{
return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY, AdminMessage.TYPE_STOP );
}
}
else
if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
{
strArrayPermissionKeys = new String [ 1];
strArrayPermissionKeys [0] = RBAC.WILDCARD_PERMISSIONS_KEY;
}
else
{
return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
}
if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_SELECT_PERMISSIONS ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
// store the selected elements in database
for ( int i = 0; i < strArrayResourceIds.length; i++ )
{
for ( int j = 0; j < strArrayPermissionKeys.length; j++ )
{
RBAC rbac = new RBAC( );
rbac.setRoleKey( strRoleKey );
rbac.setResourceTypeKey( strResourceType );
rbac.setResourceId( strArrayResourceIds [i] );
rbac.setPermissionKey( strArrayPermissionKeys [j] );
RBACHome.create( rbac );
}
}
return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
}
/**
* Returns the users assignation form
*
* @param request
* The Http request
* @return the html code for display the modes list
*/
public String getAssignUsers( HttpServletRequest request )
{
Map<String, Object> model = new HashMap<>( );
setPageTitleProperty( PROPERTY_ASSIGN_USERS_PAGETITLE );
String strBaseUrl = AppPathService.getBaseUrl( request ) + JSP_URL_ASSIGN_USERS_TO_ROLE;
UrlItem url = new UrlItem( strBaseUrl );
// ROLE
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
RBACRole role = RBACRoleHome.findByPrimaryKey( strRoleKey );
// ASSIGNED USERS
List<AdminUser> listAssignedUsers = AdminUserHome.findByRole( strRoleKey ).stream( ).filter( this::isUserHigherThanConnectedUser )
.collect( Collectors.toList( ) );
List<AdminUser> listFilteredUsers = AdminUserService.getFilteredUsersInterface( listAssignedUsers, request, model, url );
// AVAILABLE USERS
ReferenceList listAvailableUsers = new ReferenceList( );
for ( AdminUser user : AdminUserHome.findUserList( ) )
{
final ReferenceItem itemUser = new ReferenceItem( );
itemUser.setCode( Integer.toString( user.getUserId( ) ) );
itemUser.setName( user.getLastName( ) + " " + user.getFirstName( ) + " (" + user.getAccessCode( ) + ")" );
boolean bAssigned = listAssignedUsers.stream( )
.anyMatch( assignedUser -> Integer.toString( assignedUser.getUserId( ) ).equals( itemUser.getCode( ) ) );
// Add users with higher level then connected user or add all users if connected user is administrator
if ( !bAssigned && isUserHigherThanConnectedUser( user ) )
{
listAvailableUsers.add( itemUser );
}
}
// SORT
String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
String strAscSort = null;
if ( strSortedAttributeName != null )
{
url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
strAscSort = request.getParameter( Parameters.SORTED_ASC );
boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
Collections.sort( listFilteredUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
}
_strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
_nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
_nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
if ( strAscSort != null )
{
url.addParameter( Parameters.SORTED_ASC, strAscSort );
}
// ITEM NAVIGATION
setItemNavigator( role.getKey( ), url.getUrl( ) );
// PAGINATOR
url.addParameter( PARAMETER_ROLE_KEY, role.getKey( ) );
LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listFilteredUsers, _nItemsPerPage, url.getUrl( ),
AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
// USER LEVEL
Collection<Level> filteredLevels = new ArrayList<>( );
for ( Level level : LevelHome.getLevelsList( ) )
{
if ( getUser( ).isAdmin( ) || getUser( ).hasRights( level.getId( ) ) )
{
filteredLevels.add( level );
}
}
model.put( MARK_ROLE, role );
model.put( MARK_USER_LEVELS_LIST, filteredLevels );
model.put( MARK_AVAILABLE_USERS_LIST, listAvailableUsers );
model.put( MARK_ASSIGNED_USERS_LIST, paginator.getPageItems( ) );
model.put( MARK_ASSIGNED_USERS_NUMBER, listAssignedUsers.size( ) );
model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
model.put( MARK_PAGINATOR, paginator );
model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_ASSIGN_USERS_TO_ROLE ) );
HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ASSIGN_USERS, getLocale( ), model );
return getAdminPage( template.getHtml( ) );
}
/**
* Process the data capture form for assign users to a role
*
* @param request
* The HTTP Request
* @return The Jsp URL of the process result
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doAssignUsers( HttpServletRequest request ) throws AccessDeniedException
{
if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
// retrieve the selected portlets ids
String [ ] arrayUsersIds = request.getParameterValues( PARAMETER_AVAILABLE_USER_LIST );
if ( ( arrayUsersIds != null ) )
{
for ( int i = 0; i < arrayUsersIds.length; i++ )
{
int nUserId = Integer.parseInt( arrayUsersIds [i] );
AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
if ( !AdminUserHome.hasRole( user, strRoleKey ) )
{
AdminUserHome.createRoleForUser( user.getUserId( ), strRoleKey );
}
}
}
return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
}
/**
* unassigns user from role
*
* @param request
* The HttpRequest
* @return the HTML code of list assignations
* @throws AccessDeniedException
* if the security token is invalid
*/
public String doUnAssignUser( HttpServletRequest request ) throws AccessDeniedException
{
if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
{
throw new AccessDeniedException( ERROR_INVALID_TOKEN );
}
String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
int nIdUser = Integer.parseInt( request.getParameter( PARAMETER_ID_USER ) );
String strAnchor = request.getParameter( PARAMETER_ANCHOR );
AdminUser adminUser = AdminUserHome.findByPrimaryKey( nIdUser );
if ( adminUser != null )
{
AdminUserHome.removeRoleForUser( nIdUser, strRoleKey );
}
return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "#" + strAnchor;
}
/**
* Get the item navigator
*
* @param strRoleKey
* the role key
* @param strUrl
* the url
*/
private void setItemNavigator( String strRoleKey, String strUrl )
{
if ( _itemNavigator == null )
{
List<String> listIdsRight = new ArrayList<>( );
int nCurrentItemId = 0;
int nIndex = 0;
for ( RBACRole role : RBACRoleHome.findAll( ) )
{
if ( ( role != null ) && StringUtils.isNotBlank( role.getKey( ) ) )
{
listIdsRight.add( role.getKey( ) );
if ( role.getKey( ).equals( strRoleKey ) )
{
nCurrentItemId = nIndex;
}
nIndex++;
}
}
_itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_ROLE_KEY );
}
else
{
_itemNavigator.setCurrentItemId( strRoleKey );
}
}
/**
* Reinit the item navigator
*/
private void reinitItemNavigator( )
{
_itemNavigator = null;
}
}