View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.rbac;
35  
36  import java.util.ArrayList;
37  import java.util.Collection;
38  import java.util.Collections;
39  import java.util.HashMap;
40  import java.util.List;
41  import java.util.Map;
42  import java.util.stream.Collectors;
43  
44  import javax.servlet.http.HttpServletRequest;
45  
46  import org.apache.commons.collections.CollectionUtils;
47  import org.apache.commons.lang3.StringUtils;
48  
49  import fr.paris.lutece.portal.business.rbac.RBAC;
50  import fr.paris.lutece.portal.business.rbac.RBACHome;
51  import fr.paris.lutece.portal.business.rbac.RBACRole;
52  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
53  import fr.paris.lutece.portal.business.right.Level;
54  import fr.paris.lutece.portal.business.right.LevelHome;
55  import fr.paris.lutece.portal.business.role.Role;
56  import fr.paris.lutece.portal.business.role.RoleHome;
57  import fr.paris.lutece.portal.business.user.AdminUser;
58  import fr.paris.lutece.portal.business.user.AdminUserHome;
59  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
60  import fr.paris.lutece.portal.service.admin.AdminUserService;
61  import fr.paris.lutece.portal.service.i18n.I18nService;
62  import fr.paris.lutece.portal.service.message.AdminMessage;
63  import fr.paris.lutece.portal.service.message.AdminMessageService;
64  import fr.paris.lutece.portal.service.rbac.RBACRemovalListenerService;
65  import fr.paris.lutece.portal.service.rbac.ResourceType;
66  import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
67  import fr.paris.lutece.portal.service.security.SecurityTokenService;
68  import fr.paris.lutece.portal.service.template.AppTemplateService;
69  import fr.paris.lutece.portal.service.util.AppPathService;
70  import fr.paris.lutece.portal.service.util.AppPropertiesService;
71  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
72  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
73  import fr.paris.lutece.portal.web.constants.Messages;
74  import fr.paris.lutece.portal.web.constants.Parameters;
75  import fr.paris.lutece.portal.web.role.RoleJspBean;
76  import fr.paris.lutece.portal.web.util.LocalizedPaginator;
77  import fr.paris.lutece.util.ReferenceItem;
78  import fr.paris.lutece.util.ReferenceList;
79  import fr.paris.lutece.util.html.AbstractPaginator;
80  import fr.paris.lutece.util.html.HtmlTemplate;
81  import fr.paris.lutece.util.html.ItemNavigator;
82  import fr.paris.lutece.util.sort.AttributeComparator;
83  import fr.paris.lutece.util.string.StringUtil;
84  import fr.paris.lutece.util.url.UrlItem;
85  
86  /**
87   * This class provides methods for role management.
88   */
89  public class RoleManagementJspBean extends AdminFeaturesPageJspBean
90  {
91      // ////////////////////////////////////////////////////////////////////////////////
92      // Contants
93      /**
94       * Right to manage RBAC
95       */
96      public static final String RIGHT_MANAGE_ROLES = "CORE_RBAC_MANAGEMENT";
97  
98      /**
99       * Serial version UID
100      */
101     private static final long serialVersionUID = 5909246296083478844L;
102 
103     // parameters
104     private static final String PARAMETER_METHOD_SELECTION_ALL = "all";
105     private static final String PARAMETER_METHOD_SELECTION_CHOOSE = "choose";
106     private static final String PARAMETER_SELECTION_METHOD_CHOOSE = "choose";
107     private static final String PARAMETER_ROLE_KEY = "role_key";
108     private static final String PARAMETER_ROLE_DESCRIPTION = "role_description";
109     private static final String PARAMETER_ROLE_KEY_PREVIOUS = "role_key_previous";
110     private static final String PARAMETER_RESOURCE_TYPE = "resource_type";
111     private static final String PARAMETER_SELECT_RESOURCES_METHOD = "select_resources";
112     private static final String PARAMETER_RESOURCE_ID = "resource_id";
113     private static final String PARAMETER_PERMISSION_KEY = "permission_key";
114     private static final String PARAMETER_SELECT_PERMISSIONS_METHOD = "select_permissions";
115     private static final String PARAMETER_RBAC_ID = "rbac_id";
116     private static final String PARAMETER_AVAILABLE_USER_LIST = "available_users_list";
117     private static final String PARAMETER_ID_USER = "id_user";
118     private static final String PARAMETER_ANCHOR = "anchor";
119     private static final String PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT = "can_be_assigned_to_user_front";
120 
121     // markers
122     private static final String MARK_PERMISSIONS_LIST = "permissions_list";
123     private static final String MARK_RESOURCE_ID_LIST = "resource_id_list";
124     private static final String MARK_RESOURCE_TYPE_LIST = "resource_type_list";
125     private static final String MARK_CONTROLED_RESOURCE_LIST = "controled_resource_list";
126     private static final String MARK_ROLE = "role";
127     private static final String MARK_ROLE_LIST = "role_list";
128     private static final String MARK_PAGINATOR = "paginator";
129     private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
130     private static final String MARK_ROLE_KEY = "role_key";
131     private static final String MARK_RESOURCE_TYPE = "resource_type";
132     private static final String MARK_RESOURCE_LABEL = "resource_label";
133     private static final String MARK_SELECT_RESOURCES_METHOD = "select_resources";
134     private static final String MARK_RESOURCE_LIST_AVAILABLE = "resource_list_available";
135     private static final String MARK_ASSIGNED_USERS_LIST = "assigned_users_list";
136     private static final String MARK_AVAILABLE_USERS_LIST = "available_users_list";
137     private static final String MARK_ASSIGNED_USERS_NUMBER = "assigned_users_number";
138     private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
139     private static final String MARK_USER_LEVELS_LIST = "user_levels";
140     private static final String MARK_EXIST_FRONT_ROLE_MAP = "exist_front_role_map";
141     private static final String MARK_EXIST_FRONT_ROLE = "exist_front_role";
142     private static final String MARK_HAS_RIGHT_MANAGE_FRONT_ROLE = "has_right_manage_front_role";
143 
144     // properties
145     private static final String PROPERTY_CONFIRM_DELETE_ROLE = "portal.rbac.message.confirmDeleteRole";
146     private static final String PROPERTY_CONFIRM_DELETE_CONTROL = "portal.rbac.message.confirmDeleteControl";
147     private static final String PROPERTY_ROLE_ALREADY_EXISTS = "portal.rbac.message.roleAlreadyExists";
148     private static final String PROPERTY_ROLE_ATTRIBUTED = "portal.rbac.message.roleAttributed";
149     private static final String PROPERTY_ROLE_CREATION_PAGETITLE = "portal.rbac.pageTitle.createRole";
150     private static final String PROPERTY_ROLE_DESCRIPTION_PAGETITLE = "portal.rbac.pageTitle.viewRoleDescription";
151     private static final String PROPERTY_CHOOSE_RESOURCES_PAGETITLE = "portal.rbac.pageTitle.chooseResources";
152     private static final String PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE = "portal.rbac.pageTitle.selectResourceIds";
153     private static final String PROPERTY_SELECT_PERMISSIONS_PAGETITLE = "portal.rbac.pageTitle.selectPermissions";
154     private static final String PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD = "portal.rbac.message.resourceIdSelectionMethod";
155     private static final String PROPERTY_MESSAGE_ID_LIST_EMPTY = "portal.rbac.message.resourceIdListEmpty";
156     private static final String PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD = "portal.rbac.message.permissionSelectionMethod";
157     private static final String PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY = "portal.rbac.message.permissionListEmpty";
158     private static final String MESSAGE_ROLE_SPECIAL_CHARACTER = "portal.rbac.message.specialCharacters";
159     private static final String PROPERTY_ROLES_PER_PAGE = "paginator.roles.itemsPerPage";
160     private static final String PROPERTY_ASSIGN_USERS_PAGETITLE = "portal.rbac.assign_users.pageTitle";
161     private static final String PROPERTY_MANAGE_ROLES_PAGETITLE = "portal.rbac.manage_roles.pageTitle";
162     private static final String MESSAGE_CANNOT_REMOVE_ROLE = "portal.rbac.message.cannotRemoveRole";
163 
164     // templates
165     private static final String TEMPLATE_MANAGE_ROLES = "admin/rbac/manage_roles.html";
166     private static final String TEMPLATE_CREATE_ROLE = "admin/rbac/create_role.html";
167     private static final String TEMPLATE_VIEW_ROLE_DESCRIPTION = "admin/rbac/view_role_description.html";
168     private static final String TEMPLATE_ADD_CONTROL_TO_ROLE = "admin/rbac/add_control_to_role.html";
169     private static final String TEMPLATE_SELECT_PERMISSIONS = "admin/rbac/select_permissions.html";
170     private static final String TEMPLATE_SELECT_RESOURCE_IDS = "admin/rbac/select_resource_ids.html";
171     private static final String TEMPLATE_ASSIGN_USERS = "admin/rbac/assign_users_role.html";
172 
173     // jsp
174     private static final String JSP_URL_ROLES_MANAGEMENT = "ManageRoles.jsp";
175     private static final String JSP_URL_SELECT_PERMISSIONS = "SelectPermissions.jsp";
176     private static final String JSP_URL_ROLE_DESCRIPTION = "ViewRoleDescription.jsp";
177     private static final String JSP_URL_SELECT_SPECIFIC_IDS = "SelectSpecificIds.jsp";
178     private static final String JSP_URL_REMOVE_ROLE = "jsp/admin/rbac/DoRemoveRole.jsp";
179     private static final String JSP_URL_REMOVE_CONTROL_FROM_ROLE = "jsp/admin/rbac/DoRemoveControlFromRole.jsp";
180     private static final String JSP_ASSIGN_USERS_TO_ROLE = "AssignUsersRole.jsp";
181     private static final String JSP_URL_ASSIGN_USERS_TO_ROLE = "jsp/admin/rbac/AssignUsersRole.jsp";
182     private int _nItemsPerPage;
183     private int _nDefaultItemsPerPage;
184     private String _strCurrentPageIndex;
185     private ItemNavigator _itemNavigator;
186 
187     /**
188      * Get the roles management page. This page provides the list of all existing roles.
189      * 
190      * @param request
191      *            the http request
192      * @return the html code for the role management page
193      */
194     public String getManageRoles( HttpServletRequest request )
195     {
196         setPageTitleProperty( PROPERTY_MANAGE_ROLES_PAGETITLE );
197 
198         // Reinit session
199         reinitItemNavigator( );
200 
201         List<RBACRole> listRole = (List<RBACRole>) RBACRoleHome.findAll( );
202 
203         // SORT
204         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
205         String strAscSort = null;
206 
207         if ( strSortedAttributeName != null )
208         {
209             strAscSort = request.getParameter( Parameters.SORTED_ASC );
210 
211             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
212 
213             Collections.sort( listRole, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
214         }
215 
216         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
217         _nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
218         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
219 
220         String strURL = getHomeUrl( request );
221         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
222 
223         if ( strSortedAttributeName != null )
224         {
225             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
226         }
227 
228         if ( strAscSort != null )
229         {
230             url.addParameter( Parameters.SORTED_ASC, strAscSort );
231         }
232 
233         // PAGINATOR
234         LocalizedPaginator<RBACRole> paginator = new LocalizedPaginator<>( listRole, _nItemsPerPage, url.getUrl( ), AbstractPaginator.PARAMETER_PAGE_INDEX,
235                 _strCurrentPageIndex, getLocale( ) );
236 
237         Map<String, Boolean> mapExistRole = paginator.getPageItems( ).stream( )
238                 .collect( Collectors.toMap( RBACRole::getKey, x -> RoleHome.findExistRole( x.getKey( ) ) ) );
239 
240         Map<String, Object> model = new HashMap<>( );
241         model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
242         model.put( MARK_PAGINATOR, paginator );
243         model.put( MARK_ROLE_LIST, paginator.getPageItems( ) );
244         model.put( MARK_EXIST_FRONT_ROLE_MAP, mapExistRole );
245         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_ROLES, getLocale( ), model );
246 
247         return getAdminPage( template.getHtml( ) );
248     }
249 
250     /**
251      * Get the role creation page. This page provides a form to enter basic information about the new role.
252      * 
253      * @param request
254      *            the http request
255      * @return the html code for the role creation page
256      */
257     public String getCreateRole( HttpServletRequest request )
258     {
259         setPageTitleProperty( PROPERTY_ROLE_CREATION_PAGETITLE );
260 
261         Map<String, Object> model = new HashMap<>( 1 );
262         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_CREATE_ROLE ) );
263         model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
264 
265         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_ROLE, getLocale( ), model );
266 
267         return getAdminPage( template.getHtml( ) );
268     }
269 
270     /**
271      * Perform the role creation. The role key entered should not already exist. The role key is mandatory.
272      * 
273      * @param request
274      *            the http request
275      * @return the url to forward to
276      * @throws AccessDeniedException
277      *             if the security token is invalid
278      */
279     public String doCreateRole( HttpServletRequest request ) throws AccessDeniedException
280     {
281         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
282         String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
283         String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
284 
285         if ( StringUtils.isBlank( strRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
286         {
287             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
288         }
289         if ( RBACRoleHome.checkExistRole( strRoleKey ) )
290         {
291             return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
292         }
293         if ( !StringUtil.checkCodeKey( strRoleKey ) )
294         {
295             return AdminMessageService.getMessageUrl( request, MESSAGE_ROLE_SPECIAL_CHARACTER, AdminMessage.TYPE_STOP );
296         }
297         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_CREATE_ROLE ) )
298         {
299             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
300         }
301 
302         RBACRole/business/rbac/RBACRole.html#RBACRole">RBACRole role = new RBACRole( );
303         role.setKey( strRoleKey.trim( ) );
304         role.setDescription( strRoleDescription );
305         RBACRoleHome.create( role );
306 
307         if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
308                 && !RoleHome.findExistRole( role.getKey( ) ) )
309         {
310             Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
311             roleFront.setRole( strRoleKey );
312             roleFront.setRoleDescription( strRoleDescription );
313             roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
314 
315             RoleHome.create( roleFront );
316         }
317 
318         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
319     }
320 
321     /**
322      * Performs the modification of the role's key and description. The role key entered should not already exist. The role key is mandatory. It should update
323      * the key for all the entries in the role-resource association list.
324      * 
325      * @param request
326      *            the http request
327      * @return the url to forward to
328      * @throws AccessDeniedException
329      *             if the security token is invalid
330      */
331     public String doModifyRole( HttpServletRequest request ) throws AccessDeniedException
332     {
333         String strOldRoleKey = request.getParameter( PARAMETER_ROLE_KEY_PREVIOUS );
334         String strNewRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
335         String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
336         String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
337 
338         // check that new role key is valid
339         if ( StringUtils.isBlank( strNewRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
340         {
341             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
342         }
343 
344         if ( strOldRoleKey.equals( strNewRoleKey ) ) // if the key doesn't change, update the description
345         {
346             if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
347             {
348                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
349             }
350             // update the role
351             RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
352             role.setKey( strNewRoleKey );
353             role.setDescription( strRoleDescription );
354             if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
355                     && !RoleHome.findExistRole( role.getKey( ) ) )
356             {
357                 Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
358                 roleFront.setRole( role.getKey( ) );
359                 roleFront.setRoleDescription( strRoleDescription );
360                 roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
361 
362                 RoleHome.create( roleFront );
363             }
364 
365             RBACRoleHome.update( strOldRoleKey, role );
366         }
367         else
368         // if the key changes, first check that the new key doesn't exist
369         {
370             if ( RBACRoleHome.checkExistRole( strNewRoleKey ) )
371             {
372                 return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
373             }
374             if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
375             {
376                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
377             }
378 
379             // update the role
380             RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
381             role.setKey( strNewRoleKey );
382             role.setDescription( strRoleDescription );
383             RBACRoleHome.update( strOldRoleKey, role );
384             AdminUserHome.updateUsersRole( strOldRoleKey, role );
385 
386             // update the role key in the role-resource associations
387             RBACHome.updateRoleKey( strOldRoleKey, strNewRoleKey );
388 
389             if ( getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
390                     && !RoleHome.findExistRole( strNewRoleKey ) )
391             {
392                 Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
393                 roleFront.setRole( strNewRoleKey );
394                 roleFront.setRoleDescription( strRoleDescription );
395                 RoleHome.create( roleFront );
396             }
397 
398         }
399 
400         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strNewRoleKey;
401     }
402 
403     /**
404      * Get the confirmation page before deletion of a role
405      * 
406      * @param request
407      *            the HTTP request
408      * @return the url of the confirmation page
409      */
410     public String doConfirmRemoveRole( HttpServletRequest request )
411     {
412         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
413 
414         String strDeleteUrl = JSP_URL_REMOVE_ROLE;
415         Map<String, Object> parameters = new HashMap<>( 2 );
416         parameters.put( PARAMETER_ROLE_KEY, strRoleKey );
417         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_ROLE ) );
418         return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_ROLE, strDeleteUrl, AdminMessage.TYPE_CONFIRMATION, parameters );
419     }
420 
421     /**
422      * Perform the role deletion. Also delete the resources linked to this role
423      * 
424      * @param request
425      *            the http request
426      * @return the url of the role management page
427      * @throws AccessDeniedException
428      *             if the security token is invalid
429      */
430     public String doRemoveRole( HttpServletRequest request ) throws AccessDeniedException
431     {
432         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
433         List<String> listErrors = new ArrayList<>( );
434 
435         // check that no user has this role
436         if ( AdminUserHome.checkRoleAttributed( strRoleKey ) )
437         {
438             return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ATTRIBUTED, AdminMessage.TYPE_STOP );
439         }
440         if ( !RBACRemovalListenerService.getService( ).checkForRemoval( strRoleKey, listErrors, getLocale( ) ) )
441         {
442             String strCause = AdminMessageService.getFormattedList( listErrors, getLocale( ) );
443             Object [ ] args = {
444                     strCause
445             };
446 
447             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_ROLE, args, AdminMessage.TYPE_STOP );
448         }
449         else
450         {
451             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_ROLE ) )
452             {
453                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
454             }
455             // remove role
456             RBACRoleHome.remove( strRoleKey );
457 
458             // remove resources entries for that role
459             RBACHome.removeForRoleKey( strRoleKey );
460 
461             return JSP_URL_ROLES_MANAGEMENT;
462         }
463     }
464 
465     /**
466      * Get the page describing a role and the resource associated
467      * 
468      * @param request
469      *            the HTTP request
470      * @return the HTML code for the description page
471      */
472     public String getViewRoleDescription( HttpServletRequest request )
473     {
474         setPageTitleProperty( PROPERTY_ROLE_DESCRIPTION_PAGETITLE );
475 
476         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
477 
478         Collection<RBAC> listResources = RBACHome.findResourcesByCode( strRoleKey );
479         I18nService.localizeCollection( listResources, getLocale( ) );
480 
481         Collection<ResourceType> listResourceTypes = ResourceTypeManager.getResourceTypeList( );
482         I18nService.localizeCollection( listResourceTypes, getLocale( ) );
483 
484         RBACRole adminRole = RBACRoleHome.findByPrimaryKey( strRoleKey );
485 
486         if ( adminRole == null )
487         {
488             return getManageRoles( request );
489         }
490 
491         Map<String, Object> model = new HashMap<>( );
492 
493         model.put( MARK_EXIST_FRONT_ROLE, RoleHome.findExistRole( adminRole.getKey( ) ) );
494         model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
495         model.put( MARK_ROLE, adminRole );
496         model.put( MARK_CONTROLED_RESOURCE_LIST, listResources );
497         model.put( MARK_RESOURCE_TYPE_LIST, listResourceTypes );
498         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) );
499 
500         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_VIEW_ROLE_DESCRIPTION, getLocale( ), model );
501 
502         return getAdminPage( template.getHtml( ) );
503     }
504 
505     /**
506      * Get the confirmation page before deletion of a control
507      * 
508      * @param request
509      *            the http request
510      * @return the url of the confirmation page
511      */
512     public String doConfirmRemoveControlFromRole( HttpServletRequest request )
513     {
514         String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
515         int nId = Integer.parseInt( strIdControl );
516 
517         RBAC rbac = RBACHome.findByPrimaryKey( nId );
518         String strDeleteUrl = JSP_URL_REMOVE_CONTROL_FROM_ROLE;
519         Map<String, Object> parameters = new HashMap<>( 2 );
520         parameters.put( PARAMETER_RBAC_ID, strIdControl );
521         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) );
522         return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_CONTROL,
523                 new Object[ ] { rbac.getRoleKey( ), rbac.getPermissionKey( ), rbac.getResourceIdLabel( ),
524                         rbac.getResourceTypeLabel( ) },
525                 null, strDeleteUrl, "", AdminMessage.TYPE_CONFIRMATION, parameters );
526     }
527 
528     /**
529      * Perform the role deletion. Also delete the resources linked to this role
530      * 
531      * @param request
532      *            the http request
533      * @return the url of the role management page
534      * @throws AccessDeniedException
535      *             if the security token is invalid
536      */
537     public String doRemoveControlFromRole( HttpServletRequest request ) throws AccessDeniedException
538     {
539         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) )
540         {
541             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
542         }
543         String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
544         int nId = Integer.parseInt( strIdControl );
545 
546         RBAC rbac = RBACHome.findByPrimaryKey( nId );
547 
548         // remove control
549         RBACHome.remove( nId );
550 
551         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + rbac.getRoleKey( );
552     }
553 
554     /**
555      * Get the first page of the control addition to a role. This page provides choice for resource selection. 2 methods are provided :
556      * <ul>
557      * <li>wildcard selection : all resources of this type are selected.</li>
558      * <li>specific selection : a page with the list of resource ids available is provided next for user choice.</li>
559      * </ul>
560      * 
561      * @param request
562      *            the HTTP request
563      * @return the HTML content for the resource selection method choice
564      */
565     public String getAddControlToRole( HttpServletRequest request )
566     {
567         setPageTitleProperty( PROPERTY_CHOOSE_RESOURCES_PAGETITLE );
568 
569         Map<String, Object> model = new HashMap<>( );
570 
571         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
572         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
573 
574         ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
575 
576         boolean bResourceListAvailable = true;
577         ReferenceList listResources = resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) );
578 
579         if ( CollectionUtils.isEmpty( listResources ) )
580         {
581             bResourceListAvailable = false;
582         }
583 
584         model.put( MARK_ROLE_KEY, strRoleKey );
585         model.put( MARK_RESOURCE_TYPE, strResourceType );
586         model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
587         model.put( MARK_RESOURCE_LIST_AVAILABLE, bResourceListAvailable );
588 
589         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ADD_CONTROL_TO_ROLE, getLocale( ), model );
590 
591         return getAdminPage( template.getHtml( ) );
592     }
593 
594     /**
595      * Perform the checks on the resource selection method and perform the suitable redirection.
596      * <ul>
597      * <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page.</li>
598      * <li>If selection method is specific (id selection - parameter "choose"), the user is redirected to the resource id selection page.</li>
599      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
600      * </ul>
601      * 
602      * @param request
603      *            the http request
604      * @return the url of the page to be redirected to
605      */
606     public String doSelectResources( HttpServletRequest request )
607     {
608         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
609         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
610         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
611 
612         if ( ( strSelectionMethod == null ) || ( strSelectionMethod.trim( ).equals( "" ) ) )
613         {
614             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
615         }
616         else
617             if ( strSelectionMethod.equals( PARAMETER_SELECTION_METHOD_CHOOSE ) )
618             {
619                 return JSP_URL_SELECT_SPECIFIC_IDS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "&"
620                         + PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
621             }
622             else
623                 if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
624                 {
625                     return JSP_URL_SELECT_PERMISSIONS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey
626                             + "&" + PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
627                 }
628                 else
629                 {
630                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
631                 }
632     }
633 
634     /**
635      * Get the list of ids corresponding to the current resource type. This allows to provide the selection of resource ids that should be controlled for the
636      * current role.
637      * 
638      * @param request
639      *            the http request
640      * @return the html code for the list of ids to select
641      */
642     public String getSelectSpecificIds( HttpServletRequest request )
643     {
644         setPageTitleProperty( PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE );
645 
646         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
647         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
648         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
649 
650         ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
651 
652         Map<String, Object> model = new HashMap<>( );
653 
654         model.put( MARK_RESOURCE_ID_LIST, resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) ) );
655         model.put( MARK_ROLE_KEY, strRoleKey );
656         model.put( MARK_RESOURCE_TYPE, strResourceType );
657         model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
658         model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
659 
660         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_RESOURCE_IDS, getLocale( ), model );
661 
662         return getAdminPage( template.getHtml( ) );
663     }
664 
665     /**
666      * Perform the check on the resource id list selected on the specific id selection page perform the suitable redirection.
667      * <ul>
668      * <li>If selection method is specific (id selection - parameter "choose"),
669      * <ul>
670      * <li>if at least one id as been selected, the user is redirected to the permission selection page.</li>
671      * <li>if no id as been selected, the user is redirected to an error page.</li>
672      * </ul>
673      * <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page (This check could be
674      * avoided as is should not happen).</li>
675      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
676      * </ul>
677      * 
678      * @param request
679      *            the http request
680      * @return the url of the page to be redirected to
681      */
682     public String doSelectResourcesFromIdsList( HttpServletRequest request )
683     {
684         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
685         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
686         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
687         String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
688 
689         String strUrl;
690 
691         // check that the selection method is "all" or "choose"
692         // if method is "choose", check that we have at least one id checked
693         if ( strSelectionMethod == null )
694         {
695             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
696         }
697         else
698             if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
699             {
700                 if ( ( strArrayResourceIds == null ) || ( strArrayResourceIds.length == 0 ) )
701                 {
702                     strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ID_LIST_EMPTY, AdminMessage.TYPE_STOP );
703                 }
704                 else
705                 {
706                     StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
707                     sbUrl.append( "?" );
708                     sbUrl.append( PARAMETER_RESOURCE_TYPE );
709                     sbUrl.append( "=" );
710                     sbUrl.append( strResourceType );
711                     sbUrl.append( "&" );
712                     sbUrl.append( PARAMETER_ROLE_KEY );
713                     sbUrl.append( "=" );
714                     sbUrl.append( strRoleKey );
715                     sbUrl.append( "&" );
716                     sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
717                     sbUrl.append( "=" );
718                     sbUrl.append( strSelectionMethod );
719 
720                     for ( int i = 0; i < strArrayResourceIds.length; i++ )
721                     {
722                         sbUrl.append( "&" );
723                         sbUrl.append( PARAMETER_RESOURCE_ID );
724                         sbUrl.append( "=" );
725                         sbUrl.append( strArrayResourceIds [i] );
726                     }
727 
728                     strUrl = sbUrl.toString( );
729                 }
730             }
731             else
732                 if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
733                 {
734                     StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
735                     sbUrl.append( "?" );
736                     sbUrl.append( PARAMETER_RESOURCE_TYPE );
737                     sbUrl.append( "=" );
738                     sbUrl.append( strResourceType );
739                     sbUrl.append( "&" );
740                     sbUrl.append( PARAMETER_ROLE_KEY );
741                     sbUrl.append( "=" );
742                     sbUrl.append( strRoleKey );
743                     sbUrl.append( "&" );
744                     sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
745                     sbUrl.append( "=" );
746                     sbUrl.append( strSelectionMethod );
747                     strUrl = sbUrl.toString( );
748                 }
749                 else
750                 {
751                     strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
752                 }
753 
754         return strUrl;
755     }
756 
757     /**
758      * Get the permission selection page. 2 methods are provided :
759      * <ul>
760      * <li>wildcard selection : all permissions for this type are selected.</li>
761      * <li>specific selection : the choice is to be made by the user in the list of available permissions.</li>
762      * </ul>
763      * 
764      * @param request
765      *            the http request
766      * @return the html code for the permission selection page.
767      */
768     public String getSelectPermissions( HttpServletRequest request )
769     {
770         setPageTitleProperty( PROPERTY_SELECT_PERMISSIONS_PAGETITLE );
771 
772         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
773         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
774         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
775 
776         String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
777 
778         // load the permission list for permission selection
779         ReferenceList listPermissions = ResourceTypeManager.getPermissionsList( strResourceType, getLocale( ) );
780 
781         Map<String, Object> model = new HashMap<>( );
782 
783         // forward the resource id list
784         model.put( MARK_RESOURCE_ID_LIST, strArrayResourceIds );
785 
786         // load the permission list
787         model.put( MARK_PERMISSIONS_LIST, listPermissions );
788 
789         // forward the role key, the resource type and the resource id selection method
790         model.put( MARK_ROLE_KEY, strRoleKey );
791         model.put( MARK_RESOURCE_TYPE, strResourceType );
792         model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
793         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_SELECT_PERMISSIONS ) );
794 
795         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_PERMISSIONS, getLocale( ), model );
796 
797         return getAdminPage( template.getHtml( ) );
798     }
799 
800     /**
801      * Perform the checks on the permission selection and redirects to the description of the role if ok.
802      * <ul>
803      * <li>If selection method is global (wilcard selection - parameter "all"), the corresponding entry is stored as a control for all resources previously
804      * selected. The user is redirected to the role description page.</li>
805      * <li>If selection method is specific (id selection - parameter "choose"),
806      * <ul>
807      * <li>if no permission is found, the user is redirected to an error page.</li>
808      * <li>if at least one permission is found, the corresponding entry is stored as a control for all resources previously selected. The user is redirected to
809      * the role description page.</li>
810      * </ul>
811      * </li>
812      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
813      * </ul>
814      * 
815      * @param request
816      *            the http request
817      * @return the url of the page to be redirected to
818      * @throws AccessDeniedException
819      *             if the security token is invalid
820      */
821     public String doSelectPermissions( HttpServletRequest request ) throws AccessDeniedException
822     {
823         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
824         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
825         String strResourcesSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
826         String strPermissionsSelectionMethod = request.getParameter( PARAMETER_SELECT_PERMISSIONS_METHOD );
827 
828         String [ ] strArrayResourceIds;
829         String [ ] strArrayPermissionKeys;
830 
831         // get the list of resource ids selected (forward from previous screen, so no need for extensive checks)
832         if ( ( strResourcesSelectionMethod != null ) && strResourcesSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
833         {
834             strArrayResourceIds = new String [ 1];
835             strArrayResourceIds [0] = RBAC.WILDCARD_RESOURCES_ID;
836         }
837         else
838         {
839             strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
840         }
841 
842         // check that the permission selection method is "all" or "choose"
843         // if method is "choose", check that we have at least one id checked
844         if ( strPermissionsSelectionMethod == null )
845         {
846             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
847         }
848         else
849             if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
850             {
851                 strArrayPermissionKeys = request.getParameterValues( PARAMETER_PERMISSION_KEY );
852 
853                 if ( ( strArrayPermissionKeys == null ) || ( strArrayPermissionKeys.length == 0 ) )
854                 {
855                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY, AdminMessage.TYPE_STOP );
856                 }
857             }
858             else
859                 if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
860                 {
861                     strArrayPermissionKeys = new String [ 1];
862                     strArrayPermissionKeys [0] = RBAC.WILDCARD_PERMISSIONS_KEY;
863                 }
864                 else
865                 {
866                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
867                 }
868 
869         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_SELECT_PERMISSIONS ) )
870         {
871             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
872         }
873 
874         // store the selected elements in database
875         for ( int i = 0; i < strArrayResourceIds.length; i++ )
876         {
877             for ( int j = 0; j < strArrayPermissionKeys.length; j++ )
878             {
879                 RBACrtal/business/rbac/RBAC.html#RBAC">RBAC rbac = new RBAC( );
880                 rbac.setRoleKey( strRoleKey );
881                 rbac.setResourceTypeKey( strResourceType );
882                 rbac.setResourceId( strArrayResourceIds [i] );
883                 rbac.setPermissionKey( strArrayPermissionKeys [j] );
884                 RBACHome.create( rbac );
885             }
886         }
887 
888         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
889     }
890 
891     /**
892      * Returns the users assignation form
893      *
894      * @param request
895      *            The Http request
896      * @return the html code for display the modes list
897      */
898     public String getAssignUsers( HttpServletRequest request )
899     {
900         Map<String, Object> model = new HashMap<>( );
901         setPageTitleProperty( PROPERTY_ASSIGN_USERS_PAGETITLE );
902 
903         String strBaseUrl = AppPathService.getBaseUrl( request ) + JSP_URL_ASSIGN_USERS_TO_ROLE;
904         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strBaseUrl );
905 
906         // ROLE
907         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
908         RBACRole role = RBACRoleHome.findByPrimaryKey( strRoleKey );
909 
910         // ASSIGNED USERS
911         List<AdminUser> listAssignedUsers = AdminUserHome.findByRole( strRoleKey ).stream( ).filter( this::isUserHigherThanConnectedUser )
912                 .collect( Collectors.toList( ) );
913 
914         List<AdminUser> listFilteredUsers = AdminUserService.getFilteredUsersInterface( listAssignedUsers, request, model, url );
915 
916         // AVAILABLE USERS
917         ReferenceListeferenceList">ReferenceList listAvailableUsers = new ReferenceList( );
918 
919         for ( AdminUser user : AdminUserHome.findUserList( ) )
920         {
921             final ReferenceItemtem.html#ReferenceItem">ReferenceItem itemUser = new ReferenceItem( );
922             itemUser.setCode( Integer.toString( user.getUserId( ) ) );
923             itemUser.setName( user.getLastName( ) + " " + user.getFirstName( ) + " (" + user.getAccessCode( ) + ")" );
924 
925             boolean bAssigned = listAssignedUsers.stream( )
926                     .anyMatch( assignedUser -> Integer.toString( assignedUser.getUserId( ) ).equals( itemUser.getCode( ) ) );
927 
928             // Add users with higher level then connected user or add all users if connected user is administrator
929             if ( !bAssigned && isUserHigherThanConnectedUser( user ) )
930             {
931                 listAvailableUsers.add( itemUser );
932             }
933         }
934 
935         // SORT
936         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
937         String strAscSort = null;
938 
939         if ( strSortedAttributeName != null )
940         {
941             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
942             strAscSort = request.getParameter( Parameters.SORTED_ASC );
943 
944             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
945 
946             Collections.sort( listFilteredUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
947         }
948 
949         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
950         _nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
951         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
952 
953         if ( strAscSort != null )
954         {
955             url.addParameter( Parameters.SORTED_ASC, strAscSort );
956         }
957 
958         // ITEM NAVIGATION
959         setItemNavigator( role.getKey( ), url.getUrl( ) );
960 
961         // PAGINATOR
962         url.addParameter( PARAMETER_ROLE_KEY, role.getKey( ) );
963 
964         LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listFilteredUsers, _nItemsPerPage, url.getUrl( ),
965                 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
966 
967         // USER LEVEL
968         Collection<Level> filteredLevels = new ArrayList<>( );
969 
970         for ( Level level : LevelHome.getLevelsList( ) )
971         {
972             if ( getUser( ).isAdmin( ) || getUser( ).hasRights( level.getId( ) ) )
973             {
974                 filteredLevels.add( level );
975             }
976         }
977 
978         model.put( MARK_ROLE, role );
979         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
980         model.put( MARK_AVAILABLE_USERS_LIST, listAvailableUsers );
981         model.put( MARK_ASSIGNED_USERS_LIST, paginator.getPageItems( ) );
982         model.put( MARK_ASSIGNED_USERS_NUMBER, listAssignedUsers.size( ) );
983         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
984         model.put( MARK_PAGINATOR, paginator );
985         model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
986         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_ASSIGN_USERS_TO_ROLE ) );
987 
988         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ASSIGN_USERS, getLocale( ), model );
989 
990         return getAdminPage( template.getHtml( ) );
991     }
992 
993     /**
994      * Process the data capture form for assign users to a role
995      *
996      * @param request
997      *            The HTTP Request
998      * @return The Jsp URL of the process result
999      * @throws AccessDeniedException
1000      *             if the security token is invalid
1001      */
1002     public String doAssignUsers( HttpServletRequest request ) throws AccessDeniedException
1003     {
1004         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
1005         {
1006             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1007         }
1008         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
1009 
1010         // retrieve the selected portlets ids
1011         String [ ] arrayUsersIds = request.getParameterValues( PARAMETER_AVAILABLE_USER_LIST );
1012 
1013         if ( ( arrayUsersIds != null ) )
1014         {
1015             for ( int i = 0; i < arrayUsersIds.length; i++ )
1016             {
1017                 int nUserId = Integer.parseInt( arrayUsersIds [i] );
1018                 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1019 
1020                 if ( !AdminUserHome.hasRole( user, strRoleKey ) )
1021                 {
1022                     AdminUserHome.createRoleForUser( user.getUserId( ), strRoleKey );
1023                 }
1024             }
1025         }
1026 
1027         return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
1028     }
1029 
1030     /**
1031      * unassigns user from role
1032      * 
1033      * @param request
1034      *            The HttpRequest
1035      * @return the HTML code of list assignations
1036      * @throws AccessDeniedException
1037      *             if the security token is invalid
1038      */
1039     public String doUnAssignUser( HttpServletRequest request ) throws AccessDeniedException
1040     {
1041         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
1042         {
1043             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1044         }
1045         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
1046         int nIdUser = Integer.parseInt( request.getParameter( PARAMETER_ID_USER ) );
1047         String strAnchor = request.getParameter( PARAMETER_ANCHOR );
1048 
1049         AdminUser adminUser = AdminUserHome.findByPrimaryKey( nIdUser );
1050 
1051         if ( adminUser != null )
1052         {
1053             AdminUserHome.removeRoleForUser( nIdUser, strRoleKey );
1054         }
1055 
1056         return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "#" + strAnchor;
1057     }
1058 
1059     /**
1060      * Get the item navigator
1061      * 
1062      * @param strRoleKey
1063      *            the role key
1064      * @param strUrl
1065      *            the url
1066      */
1067     private void setItemNavigator( String strRoleKey, String strUrl )
1068     {
1069         if ( _itemNavigator == null )
1070         {
1071             List<String> listIdsRight = new ArrayList<>( );
1072             int nCurrentItemId = 0;
1073             int nIndex = 0;
1074 
1075             for ( RBACRole role : RBACRoleHome.findAll( ) )
1076             {
1077                 if ( ( role != null ) && StringUtils.isNotBlank( role.getKey( ) ) )
1078                 {
1079                     listIdsRight.add( role.getKey( ) );
1080 
1081                     if ( role.getKey( ).equals( strRoleKey ) )
1082                     {
1083                         nCurrentItemId = nIndex;
1084                     }
1085 
1086                     nIndex++;
1087                 }
1088             }
1089 
1090             _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_ROLE_KEY );
1091         }
1092         else
1093         {
1094             _itemNavigator.setCurrentItemId( strRoleKey );
1095         }
1096     }
1097 
1098     /**
1099      * Reinit the item navigator
1100      */
1101     private void reinitItemNavigator( )
1102     {
1103         _itemNavigator = null;
1104     }
1105 }