1 /*
2 * Copyright (c) 2002-2025, City of Paris
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright notice
10 * and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright notice
13 * and the following disclaimer in the documentation and/or other materials
14 * provided with the distribution.
15 *
16 * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17 * contributors may be used to endorse or promote products derived from
18 * this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30 * POSSIBILITY OF SUCH DAMAGE.
31 *
32 * License 1.0
33 */
34 package fr.paris.lutece.portal.business.user;
35
36 import fr.paris.lutece.api.user.User;
37 import fr.paris.lutece.api.user.UserRole;
38 import fr.paris.lutece.portal.business.rbac.RBACRole;
39 import fr.paris.lutece.portal.business.right.Right;
40 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
41 import fr.paris.lutece.portal.business.user.authentication.AdminAuthentication;
42 import fr.paris.lutece.portal.business.user.parameter.EmailPatternRegularExpressionRemovalListener;
43 import fr.paris.lutece.portal.service.regularexpression.RegularExpressionRemovalListenerService;
44 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupResource;
45 import fr.paris.lutece.portal.web.l10n.LocaleService;
46
47 import org.apache.commons.lang3.StringUtils;
48
49 import java.io.Serializable;
50
51 import java.sql.Timestamp;
52 import java.util.ArrayList;
53 import java.util.HashMap;
54 import java.util.List;
55 import java.util.Locale;
56 import java.util.Map;
57
58 import javax.validation.constraints.NotNull;
59
60 /**
61 * This Interface defines all methods required for an admin user implementation
62 */
63 public class AdminUser implements Serializable, AdminWorkgroupResource, User
64 {
65 public static final String RESOURCE_TYPE = "ADMIN_USER";
66 /** USER REALM TYPE **/
67 public static final String USER_REALM = "BACK_OFFICE_USER";
68 public static final int ACTIVE_CODE = 0;
69 public static final int NOT_ACTIVE_CODE = 1;
70 public static final int EXPIRED_CODE = 5;
71 public static final int ANONYMIZED_CODE = 10;
72 private static final Timestamp DEFAULT_DATE_LAST_LOGIN = Timestamp.valueOf( "1980-01-01 00:00:00" );
73 private static final long serialVersionUID = 7533831976351347197L;
74 private static EmailPatternRegularExpressionRemovalListener _listenerRegularExpression;
75 private int _nUserId;
76 private String _strAccessCode;
77 private String _strLastName;
78 private String _strFirstName;
79 private String _strEmail;
80 private int _nStatus;
81 private int _nUserLevel;
82 private boolean _bIsPasswordReset;
83 private boolean _bAccessibilityMode;
84 private Timestamp _passwordMaxValidDate;
85 private Timestamp _accountMaxValidDate;
86 private Timestamp _dateLastLogin;
87 private String _strWorkgroupKey;
88 private HashMap<String, Object> _userInfo = new HashMap<>( );
89 /** User's workgroups */
90 private List<String> _workgroups = new ArrayList<String>( );
91
92 /**
93 * User's rights. We use a HashMap instead of a Map so that the field is forced to be serializable.
94 */
95 private HashMap<String, Right> _rights = new HashMap<>( );
96
97 /**
98 * User's roles. We use a HashMap instead of a Map so that the field is forced to be serializable.
99 */
100 private HashMap<String, UserRole> _roles = new HashMap<>( );
101
102 /** Authentication Service */
103 private String _strAuthenticationService;
104
105 /** Authentication Service */
106 private String _strAuthenticationType;
107
108 /** the user's locale */
109 private Locale _locale;
110
111 /**
112 * Constructor
113 */
114 public AdminUser( )
115 {
116 }
117
118 /**
119 * Constructor
120 *
121 * @param stAccessCode
122 * The User Name
123 * @param authenticationService
124 * The PortalAuthentication object
125 */
126 public AdminUser( String stAccessCode, AdminAuthentication authenticationService )
127 {
128 _strAccessCode = stAccessCode;
129 _strAuthenticationService = authenticationService.getAuthServiceName( );
130 }
131
132 /**
133 * Init
134 */
135 public static synchronized void init( )
136 {
137 if ( _listenerRegularExpression == null )
138 {
139 _listenerRegularExpression = new EmailPatternRegularExpressionRemovalListener( );
140 RegularExpressionRemovalListenerService.getService( ).registerListener( _listenerRegularExpression );
141 }
142 }
143
144 /**
145 * Get the user's Locale
146 *
147 * @return The user's locale
148 */
149 @NotNull
150 public Locale getLocale( )
151 {
152 return ( _locale == null ) ? LocaleService.getDefault( ) : _locale;
153 }
154
155 /**
156 * Set the user Locale
157 *
158 * @param locale
159 * The locale
160 */
161 public void setLocale( Locale locale )
162 {
163 _locale = locale;
164 }
165
166 /**
167 * Return the user's id
168 *
169 * @return The user id
170 */
171 public int getUserId( )
172 {
173 return _nUserId;
174 }
175
176 /**
177 * Sets the user's id
178 *
179 * @param nUserId
180 * The User id
181 */
182 public void setUserId( int nUserId )
183 {
184 _nUserId = nUserId;
185 }
186
187 /**
188 * @return Returns the status. Only ACTIVE_CODE, NOT_ACTIVE_CODE or ANONYMIZED_CODE are returned. If the status in an other status, then its equivalent is
189 * returned
190 */
191 public int getStatus( )
192 {
193 switch( _nStatus )
194 {
195 case ACTIVE_CODE:
196 case ANONYMIZED_CODE:
197 case NOT_ACTIVE_CODE:
198 return _nStatus;
199
200 case EXPIRED_CODE:
201 return ANONYMIZED_CODE;
202
203 default:
204 return ACTIVE_CODE;
205 }
206 }
207
208 /**
209 * @return Returns the real status of the user.
210 */
211 public int getRealStatus( )
212 {
213 return _nStatus;
214 }
215
216 /**
217 * @param nStatus
218 * The _nStatus to set.
219 */
220 public void setStatus( int nStatus )
221 {
222 _nStatus = nStatus;
223 }
224
225 /**
226 * Tells whether the current user is active or not
227 *
228 * @return true if active, false otherwise
229 */
230 public boolean isStatusActive( )
231 {
232 return ( _nStatus == ACTIVE_CODE );
233 }
234
235 /**
236 * Tells whether the current user is anonymized
237 *
238 * @return true if anonymized, false otherwise
239 */
240 public boolean isStatusAnonymized( )
241 {
242 return ( _nStatus == ANONYMIZED_CODE );
243 }
244
245 /**
246 * Returns the last name of this user.
247 *
248 * @return the user last name
249 */
250 @Override
251 public String getLastName( )
252 {
253 return _strLastName;
254 }
255
256 /**
257 * Sets the last name of the user to the specified string.
258 *
259 * @param strLastName
260 * the new last name
261 */
262 public void setLastName( String strLastName )
263 {
264 _strLastName = ( strLastName == null ) ? StringUtils.EMPTY : strLastName;
265 }
266
267 /**
268 * Returns the first name of this user.
269 *
270 * @return the user first name
271 */
272 @Override
273 public String getFirstName( )
274 {
275 return _strFirstName;
276 }
277
278 /**
279 * Sets the first name of the user to the specified string.
280 *
281 * @param strFirstName
282 * the new first name
283 */
284 public void setFirstName( String strFirstName )
285 {
286 _strFirstName = ( strFirstName == null ) ? StringUtils.EMPTY : strFirstName;
287 }
288
289 /**
290 * Returns the email of this user.
291 *
292 * @return the user email
293 */
294 @Override
295 public String getEmail( )
296 {
297 return _strEmail;
298 }
299
300 /**
301 * Sets the email of the user to the specified string.
302 *
303 * @param strEmail
304 * the new email
305 */
306 public void setEmail( String strEmail )
307 {
308 _strEmail = ( strEmail == null ) ? StringUtils.EMPTY : strEmail;
309 }
310
311 /**
312 * @return Returns the _strAccessCode.
313 */
314 @Override
315 public String getAccessCode( )
316 {
317 return _strAccessCode;
318 }
319
320 /**
321 * @param strAccessCode
322 * The _strAccessCode to set.
323 */
324 public void setAccessCode( String strAccessCode )
325 {
326 _strAccessCode = strAccessCode;
327 }
328
329 /**
330 * Get the maximum valid date of the password of the user
331 *
332 * @return The maximum valid date of the password of the user
333 */
334 public Timestamp getPasswordMaxValidDate( )
335 {
336 return _passwordMaxValidDate;
337 }
338
339 /**
340 * Set the maximum valid date of the password of the user
341 *
342 * @param passwordMaxValidDate
343 * The new maximum valid date of the password of the user, or null if it doesn't have any.
344 */
345 public void setPasswordMaxValidDate( Timestamp passwordMaxValidDate )
346 {
347 _passwordMaxValidDate = passwordMaxValidDate;
348 }
349
350 /**
351 * Get the expiration date of the user account.
352 *
353 * @return The expiration date of the user account, or null if it doesn't have any.
354 */
355 public Timestamp getAccountMaxValidDate( )
356 {
357 return _accountMaxValidDate;
358 }
359
360 /**
361 * Set the expiration date of the user account.
362 *
363 * @param accountMaxValidDate
364 * The new expiration date of the user account.
365 */
366 public void setAccountMaxValidDate( Timestamp accountMaxValidDate )
367 {
368 _accountMaxValidDate = accountMaxValidDate;
369 }
370
371 /**
372 * Returns user's roles
373 *
374 * @deprecated use getRBACRoles( )
375 * @return Returns user's roles
376 */
377 @Deprecated
378 public Map<String, UserRole> getRoles( )
379 {
380 return _roles;
381 }
382
383 /**
384 * {@inheritDoc }
385 */
386 @Override
387 public Map<String, UserRole> getUserRoles( )
388 {
389 return _roles;
390 }
391
392 /**
393 * add user's roles
394 *
395 * @param roles
396 * The User roles
397 */
398 public void addRoles( Map<String, RBACRole> roles )
399 {
400 _roles.putAll( roles );
401 }
402
403 /**
404 * Defines user's roles
405 *
406 * @param roles
407 * The User roles
408 */
409 public void setRoles( Map<String, RBACRole> roles )
410 {
411 _roles.clear( );
412 _roles.putAll( roles );
413 }
414
415 /**
416 * Returns user's rights
417 *
418 * @return Returns user's rights
419 */
420 public Map<String, Right> getRights( )
421 {
422 return _rights;
423 }
424
425 /**
426 * Verify user rights on a given functionality
427 *
428 * @param strRightCode
429 * right code which corresponding to the functionality
430 * @return true if user have this authorisation and false otherwise
431 */
432 public boolean checkRight( String strRightCode )
433 {
434 return _rights.containsKey( strRightCode );
435 }
436
437 /**
438 * Defines user's rights
439 *
440 * @param rights
441 * The User rights
442 */
443 public void setRights( Map<String, Right> rights )
444 {
445 _rights.clear( );
446 _rights.putAll( rights );
447 }
448
449 /**
450 * Update user right
451 *
452 * @param rightToUpdate
453 * to update in _rights for user
454 */
455 public void updateRight( Right rightToUpdate )
456 {
457 for ( Right right : _rights.values( ) )
458 {
459 if ( right.getId( ).equals( rightToUpdate.getId( ) ) )
460 {
461 _rights.put( right.getId( ), rightToUpdate );
462 }
463 }
464 }
465
466 // //////////////////////////////////////////////////////////////////////////
467 // Authentication infos
468
469 /**
470 * Defines the authentification service that had authentified the user
471 *
472 * @param strAuthenticationService
473 * The authentification service
474 */
475 public void setAuthenticationService( String strAuthenticationService )
476 {
477 _strAuthenticationService = strAuthenticationService;
478 }
479
480 /**
481 * Returns the authentification service that had authentified the user
482 *
483 * @return the authentification service that had authentified the user
484 */
485 public String getAuthenticationService( )
486 {
487 return _strAuthenticationService;
488 }
489
490 /**
491 * Defines the authentification type that had authentified the user
492 *
493 * @param strAuthenticationType
494 * The authentification type
495 */
496 public void setAuthenticationType( String strAuthenticationType )
497 {
498 _strAuthenticationType = strAuthenticationType;
499 }
500
501 /**
502 * Returns the authentification type that had authentified the user
503 *
504 * @return the authentification type that had authentified the user
505 */
506 public String getAuthenticationType( )
507 {
508 return _strAuthenticationType;
509 }
510
511 /**
512 * Defines the user level
513 *
514 * @param nUserLevel
515 * the user level
516 */
517 public void setUserLevel( int nUserLevel )
518 {
519 _nUserLevel = nUserLevel;
520 }
521
522 /**
523 * Returns the user level
524 *
525 * @return the user level
526 */
527 public int getUserLevel( )
528 {
529 return _nUserLevel;
530 }
531
532 /**
533 * Check if current user has rights over user
534 *
535 * @param user
536 * the user to check
537 * @return true if current user has higher level than user
538 */
539 public boolean isParent( AdminUser user )
540 {
541 return _nUserLevel < user.getUserLevel( );
542 }
543
544 /**
545 * Check if current user has rights depending on level
546 *
547 * @param level
548 * a level id
549 * @return true if current user has higher level than level
550 */
551 public boolean hasRights( int level )
552 {
553 return _nUserLevel < level;
554 }
555
556 /**
557 * Check if this user has admin rights
558 *
559 * @return true if user has admin rights
560 */
561 public boolean isAdmin( )
562 {
563 return _nUserLevel == 0;
564 }
565
566 /**
567 * Check if this user has a given role
568 *
569 * @param strRole
570 * The role key
571 * @return true if user has the role
572 */
573 public boolean isInRole( String strRole )
574 {
575 // Reload roles because roles are only load by the bind and should not be accessible
576 // through users list for security reasons
577 Map<String, RBACRole> roles = AdminUserHome.getRolesListForUser( getUserId( ) );
578
579 return roles.containsKey( strRole );
580 }
581
582 /**
583 * Check if the password has been reinitialized
584 *
585 * @return true if it has been reinitialized, false otherwise
586 */
587 public boolean isPasswordReset( )
588 {
589 return _bIsPasswordReset;
590 }
591
592 /**
593 * Set pwd reseted
594 *
595 * @param bIsPasswordReset
596 * true if it has been reinitialized, false otherwise
597 */
598 public void setPasswordReset( boolean bIsPasswordReset )
599 {
600 _bIsPasswordReset = bIsPasswordReset;
601 }
602
603 /**
604 * Set the accessibility mode
605 *
606 * @param bAccessibilityMode
607 * true if the mode is accessible, false otherwise
608 */
609 public void setAccessibilityMode( boolean bAccessibilityMode )
610 {
611 _bAccessibilityMode = bAccessibilityMode;
612 }
613
614 /**
615 * Return the accessibility mode
616 *
617 * @return true if the mode is accessible, false otherwise
618 */
619 public boolean getAccessibilityMode( )
620 {
621 return _bAccessibilityMode;
622 }
623
624 /**
625 * Get the last login date of the user
626 *
627 * @return The last login date of the user
628 */
629 public Timestamp getDateLastLogin( )
630 {
631 return _dateLastLogin;
632 }
633
634 /**
635 * Set the last login date of the user
636 *
637 * @param dateLastLogin
638 * The last login date of the user
639 */
640 public void setDateLastLogin( Timestamp dateLastLogin )
641 {
642 _dateLastLogin = dateLastLogin;
643 }
644
645 /**
646 * @return the _strWorkgroupKey
647 */
648 public String getWorkgroupKey( )
649 {
650 return _strWorkgroupKey;
651 }
652
653 /**
654 * @param strWorkgroupKey
655 * the _strWorkgroupKey to set
656 */
657 public void setWorkgroupKey( String strWorkgroupKey )
658 {
659 this._strWorkgroupKey = strWorkgroupKey;
660 }
661
662 @Override
663 public String getWorkgroup( )
664 {
665 return getWorkgroupKey( );
666 }
667
668 /**
669 * Sets a user info for the given key.
670 *
671 * User infos are intended to be lightweight attributes that do not expose a UI, by opposition the {@link IAttribute} system. The user infos are not
672 * persisted. Subclasses can choose another strategy.
673 *
674 * @param strKey
675 * the key
676 * @param info
677 * the info
678 * @param <X>
679 * the value's type stored in the user map info
680 * @return the previous value associated with <tt>strKey</tt>, or <tt>null</tt> if there was no mapping for <tt>strKey</tt>. (A <tt>null</tt> return can
681 * also indicate that <tt>null</tt> was previously associated with <tt>strKey</tt>)
682 * @since 6.2.0
683 */
684 public <X extends Object> X setUserInfo( String strKey, X info )
685 {
686 return (X) _userInfo.put( strKey, info );
687 }
688
689 /**
690 * Gets the user info for a given key
691 *
692 * @param strKey
693 * the key
694 * @param <X>
695 * the value's type stored in the user map info
696 * @return the info
697 * @since 6.2.0
698 * @see #setUserInfo(String, Object)
699 */
700 public <X extends Object> X getUserInfo( String strKey )
701 {
702 return (X) _userInfo.get( strKey );
703 }
704
705 public static Timestamp getDefaultDateLastLogin( )
706 {
707 return new Timestamp( DEFAULT_DATE_LAST_LOGIN.getTime( ) );
708 }
709
710 /**
711 * {@inheritDoc}
712 */
713 @Override
714 public List<String> getUserWorkgroups( )
715 {
716 return _workgroups;
717 }
718
719 /**
720 * Defines user's workgroups
721 *
722 * @param worgroups
723 * The User workgroups
724 */
725 public void setUserWorkgroups( List<String> workgroups )
726 {
727 this._workgroups = workgroups;
728 }
729
730 /**
731 * {@inheritDoc}
732 */
733 @Override
734 public String getRealm( )
735 {
736 return USER_REALM;
737 }
738
739 }