View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.rbac;
35  
36  import java.util.ArrayList;
37  import java.util.Collection;
38  import java.util.Collections;
39  import java.util.HashMap;
40  import java.util.List;
41  import java.util.Map;
42  import java.util.stream.Collectors;
43  
44  import javax.servlet.http.HttpServletRequest;
45  
46  import org.apache.commons.collections.CollectionUtils;
47  import org.apache.commons.lang3.StringUtils;
48  
49  import fr.paris.lutece.portal.business.rbac.RBAC;
50  import fr.paris.lutece.portal.business.rbac.RBACHome;
51  import fr.paris.lutece.portal.business.rbac.RBACRole;
52  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
53  import fr.paris.lutece.portal.business.right.Level;
54  import fr.paris.lutece.portal.business.right.LevelHome;
55  import fr.paris.lutece.portal.business.role.Role;
56  import fr.paris.lutece.portal.business.role.RoleHome;
57  import fr.paris.lutece.portal.business.user.AdminUser;
58  import fr.paris.lutece.portal.business.user.AdminUserHome;
59  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
60  import fr.paris.lutece.portal.service.admin.AdminUserService;
61  import fr.paris.lutece.portal.service.i18n.I18nService;
62  import fr.paris.lutece.portal.service.message.AdminMessage;
63  import fr.paris.lutece.portal.service.message.AdminMessageService;
64  import fr.paris.lutece.portal.service.rbac.RBACRemovalListenerService;
65  import fr.paris.lutece.portal.service.rbac.ResourceType;
66  import fr.paris.lutece.portal.service.rbac.ResourceTypeManager;
67  import fr.paris.lutece.portal.service.security.SecurityTokenService;
68  import fr.paris.lutece.portal.service.template.AppTemplateService;
69  import fr.paris.lutece.portal.service.util.AppPathService;
70  import fr.paris.lutece.portal.service.util.AppPropertiesService;
71  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
72  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
73  import fr.paris.lutece.portal.web.constants.Messages;
74  import fr.paris.lutece.portal.web.constants.Parameters;
75  import fr.paris.lutece.portal.web.role.RoleJspBean;
76  import fr.paris.lutece.portal.web.util.LocalizedPaginator;
77  import fr.paris.lutece.util.ReferenceItem;
78  import fr.paris.lutece.util.ReferenceList;
79  import fr.paris.lutece.util.html.AbstractPaginator;
80  import fr.paris.lutece.util.html.HtmlTemplate;
81  import fr.paris.lutece.util.html.ItemNavigator;
82  import fr.paris.lutece.util.sort.AttributeComparator;
83  import fr.paris.lutece.util.string.StringUtil;
84  import fr.paris.lutece.util.url.UrlItem;
85  
86  /**
87   * This class provides methods for role management.
88   */
89  public class RoleManagementJspBean extends AdminFeaturesPageJspBean
90  {
91      // ////////////////////////////////////////////////////////////////////////////////
92      // Contants
93      /**
94       * Right to manage RBAC
95       */
96      public static final String RIGHT_MANAGE_ROLES = "CORE_RBAC_MANAGEMENT";
97  
98      /**
99       * Serial version UID
100      */
101     private static final long serialVersionUID = 5909246296083478844L;
102 
103     // parameters
104     private static final String PARAMETER_METHOD_SELECTION_ALL = "all";
105     private static final String PARAMETER_METHOD_SELECTION_CHOOSE = "choose";
106     private static final String PARAMETER_SELECTION_METHOD_CHOOSE = "choose";
107     private static final String PARAMETER_ROLE_KEY = "role_key";
108     private static final String PARAMETER_ROLE_DESCRIPTION = "role_description";
109     private static final String PARAMETER_ROLE_KEY_PREVIOUS = "role_key_previous";
110     private static final String PARAMETER_RESOURCE_TYPE = "resource_type";
111     private static final String PARAMETER_SELECT_RESOURCES_METHOD = "select_resources";
112     private static final String PARAMETER_RESOURCE_ID = "resource_id";
113     private static final String PARAMETER_PERMISSION_KEY = "permission_key";
114     private static final String PARAMETER_SELECT_PERMISSIONS_METHOD = "select_permissions";
115     private static final String PARAMETER_RBAC_ID = "rbac_id";
116     private static final String PARAMETER_AVAILABLE_USER_LIST = "available_users_list";
117     private static final String PARAMETER_ID_USER = "id_user";
118     private static final String PARAMETER_ANCHOR = "anchor";
119     private static final String PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT = "can_be_assigned_to_user_front";
120 
121     // markers
122     private static final String MARK_PERMISSIONS_LIST = "permissions_list";
123     private static final String MARK_RESOURCE_ID_LIST = "resource_id_list";
124     private static final String MARK_RESOURCE_TYPE_LIST = "resource_type_list";
125     private static final String MARK_CONTROLED_RESOURCE_LIST = "controled_resource_list";
126     private static final String MARK_ROLE = "role";
127     private static final String MARK_ROLE_LIST = "role_list";
128     private static final String MARK_PAGINATOR = "paginator";
129     private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
130     private static final String MARK_ROLE_KEY = "role_key";
131     private static final String MARK_RESOURCE_TYPE = "resource_type";
132     private static final String MARK_RESOURCE_LABEL = "resource_label";
133     private static final String MARK_SELECT_RESOURCES_METHOD = "select_resources";
134     private static final String MARK_RESOURCE_LIST_AVAILABLE = "resource_list_available";
135     private static final String MARK_ASSIGNED_USERS_LIST = "assigned_users_list";
136     private static final String MARK_AVAILABLE_USERS_LIST = "available_users_list";
137     private static final String MARK_ASSIGNED_USERS_NUMBER = "assigned_users_number";
138     private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
139     private static final String MARK_USER_LEVELS_LIST = "user_levels";
140     private static final String MARK_EXIST_FRONT_ROLE_MAP = "exist_front_role_map";
141     private static final String MARK_EXIST_FRONT_ROLE = "exist_front_role";
142     private static final String MARK_HAS_RIGHT_MANAGE_FRONT_ROLE = "has_right_manage_front_role";
143 
144     // properties
145     private static final String PROPERTY_CONFIRM_DELETE_ROLE = "portal.rbac.message.confirmDeleteRole";
146     private static final String PROPERTY_CONFIRM_DELETE_CONTROL = "portal.rbac.message.confirmDeleteControl";
147     private static final String PROPERTY_ROLE_ALREADY_EXISTS = "portal.rbac.message.roleAlreadyExists";
148     private static final String PROPERTY_ROLE_ATTRIBUTED = "portal.rbac.message.roleAttributed";
149     private static final String PROPERTY_ROLE_CREATION_PAGETITLE = "portal.rbac.pageTitle.createRole";
150     private static final String PROPERTY_ROLE_DESCRIPTION_PAGETITLE = "portal.rbac.pageTitle.viewRoleDescription";
151     private static final String PROPERTY_CHOOSE_RESOURCES_PAGETITLE = "portal.rbac.pageTitle.chooseResources";
152     private static final String PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE = "portal.rbac.pageTitle.selectResourceIds";
153     private static final String PROPERTY_SELECT_PERMISSIONS_PAGETITLE = "portal.rbac.pageTitle.selectPermissions";
154     private static final String PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD = "portal.rbac.message.resourceIdSelectionMethod";
155     private static final String PROPERTY_MESSAGE_ID_LIST_EMPTY = "portal.rbac.message.resourceIdListEmpty";
156     private static final String PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD = "portal.rbac.message.permissionSelectionMethod";
157     private static final String PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY = "portal.rbac.message.permissionListEmpty";
158     private static final String MESSAGE_ROLE_SPECIAL_CHARACTER = "portal.rbac.message.specialCharacters";
159     private static final String PROPERTY_ROLES_PER_PAGE = "paginator.roles.itemsPerPage";
160     private static final String PROPERTY_ASSIGN_USERS_PAGETITLE = "portal.rbac.assign_users.pageTitle";
161     private static final String PROPERTY_MANAGE_ROLES_PAGETITLE = "portal.rbac.manage_roles.pageTitle";
162     private static final String MESSAGE_CANNOT_REMOVE_ROLE = "portal.rbac.message.cannotRemoveRole";
163 
164     // templates
165     private static final String TEMPLATE_MANAGE_ROLES = "admin/rbac/manage_roles.html";
166     private static final String TEMPLATE_CREATE_ROLE = "admin/rbac/create_role.html";
167     private static final String TEMPLATE_VIEW_ROLE_DESCRIPTION = "admin/rbac/view_role_description.html";
168     private static final String TEMPLATE_ADD_CONTROL_TO_ROLE = "admin/rbac/add_control_to_role.html";
169     private static final String TEMPLATE_SELECT_PERMISSIONS = "admin/rbac/select_permissions.html";
170     private static final String TEMPLATE_SELECT_RESOURCE_IDS = "admin/rbac/select_resource_ids.html";
171     private static final String TEMPLATE_ASSIGN_USERS = "admin/rbac/assign_users_role.html";
172 
173     // jsp
174     private static final String JSP_URL_ROLES_MANAGEMENT = "ManageRoles.jsp";
175     private static final String JSP_URL_SELECT_PERMISSIONS = "SelectPermissions.jsp";
176     private static final String JSP_URL_ROLE_DESCRIPTION = "ViewRoleDescription.jsp";
177     private static final String JSP_URL_SELECT_SPECIFIC_IDS = "SelectSpecificIds.jsp";
178     private static final String JSP_URL_REMOVE_ROLE = "jsp/admin/rbac/DoRemoveRole.jsp";
179     private static final String JSP_URL_REMOVE_CONTROL_FROM_ROLE = "jsp/admin/rbac/DoRemoveControlFromRole.jsp";
180     private static final String JSP_ASSIGN_USERS_TO_ROLE = "AssignUsersRole.jsp";
181     private static final String JSP_URL_ASSIGN_USERS_TO_ROLE = "jsp/admin/rbac/AssignUsersRole.jsp";
182     private static final String JSP_PATH = "jsp/admin/rbac/";
183     private int _nItemsPerPage;
184     private int _nDefaultItemsPerPage;
185     private String _strCurrentPageIndex;
186     private ItemNavigator _itemNavigator;
187 
188     /**
189      * Get the roles management page. This page provides the list of all existing roles.
190      * 
191      * @param request
192      *            the http request
193      * @return the html code for the role management page
194      */
195     public String getManageRoles( HttpServletRequest request )
196     {
197         setPageTitleProperty( PROPERTY_MANAGE_ROLES_PAGETITLE );
198 
199         // Reinit session
200         reinitItemNavigator( );
201 
202         List<RBACRole> listRole = (List<RBACRole>) RBACRoleHome.findAll( );
203 
204         // SORT
205         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
206         String strAscSort = null;
207 
208         if ( strSortedAttributeName != null )
209         {
210             strAscSort = request.getParameter( Parameters.SORTED_ASC );
211 
212             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
213 
214             Collections.sort( listRole, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
215         }
216 
217         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
218         _nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
219         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
220 
221         String strURL = getHomeUrl( request );
222         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
223 
224         if ( strSortedAttributeName != null )
225         {
226             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
227         }
228 
229         if ( strAscSort != null )
230         {
231             url.addParameter( Parameters.SORTED_ASC, strAscSort );
232         }
233 
234         // PAGINATOR
235         LocalizedPaginator<RBACRole> paginator = new LocalizedPaginator<>( listRole, _nItemsPerPage, url.getUrl( ), AbstractPaginator.PARAMETER_PAGE_INDEX,
236                 _strCurrentPageIndex, getLocale( ) );
237 
238         Map<String, Boolean> mapExistRole = paginator.getPageItems( ).stream( )
239                 .collect( Collectors.toMap( RBACRole::getKey, x -> RoleHome.findExistRole( x.getKey( ) ) ) );
240 
241         Map<String, Object> model = new HashMap<>( );
242         model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
243         model.put( MARK_PAGINATOR, paginator );
244         model.put( MARK_ROLE_LIST, paginator.getPageItems( ) );
245         model.put( MARK_EXIST_FRONT_ROLE_MAP, mapExistRole );
246         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_ROLES, getLocale( ), model );
247 
248         return getAdminPage( template.getHtml( ) );
249     }
250 
251     /**
252      * Get the role creation page. This page provides a form to enter basic information about the new role.
253      * 
254      * @param request
255      *            the http request
256      * @return the html code for the role creation page
257      */
258     public String getCreateRole( HttpServletRequest request )
259     {
260         setPageTitleProperty( PROPERTY_ROLE_CREATION_PAGETITLE );
261 
262         Map<String, Object> model = new HashMap<>( 1 );
263         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_CREATE_ROLE ) );
264         model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
265 
266         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_ROLE, getLocale( ), model );
267 
268         return getAdminPage( template.getHtml( ) );
269     }
270 
271     /**
272      * Perform the role creation. The role key entered should not already exist. The role key is mandatory.
273      * 
274      * @param request
275      *            the http request
276      * @return the url to forward to
277      * @throws AccessDeniedException
278      *             if the security token is invalid
279      */
280     public String doCreateRole( HttpServletRequest request ) throws AccessDeniedException
281     {
282         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
283         String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
284         String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
285 
286         if ( StringUtils.isBlank( strRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
287         {
288             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
289         }
290         if ( RBACRoleHome.checkExistRole( strRoleKey ) )
291         {
292             return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
293         }
294         if ( !StringUtil.checkCodeKey( strRoleKey ) )
295         {
296             return AdminMessageService.getMessageUrl( request, MESSAGE_ROLE_SPECIAL_CHARACTER, AdminMessage.TYPE_STOP );
297         }
298         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_CREATE_ROLE ) )
299         {
300             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
301         }
302 
303         RBACRole/business/rbac/RBACRole.html#RBACRole">RBACRole role = new RBACRole( );
304         role.setKey( strRoleKey.trim( ) );
305         role.setDescription( strRoleDescription );
306         RBACRoleHome.create( role );
307 
308         if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
309                 && !RoleHome.findExistRole( role.getKey( ) ) )
310         {
311             Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
312             roleFront.setRole( strRoleKey );
313             roleFront.setRoleDescription( strRoleDescription );
314             roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
315 
316             RoleHome.create( roleFront );
317         }
318 
319         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
320     }
321 
322     /**
323      * Performs the modification of the role's key and description. The role key entered should not already exist. The role key is mandatory. It should update
324      * the key for all the entries in the role-resource association list.
325      * 
326      * @param request
327      *            the http request
328      * @return the url to forward to
329      * @throws AccessDeniedException
330      *             if the security token is invalid
331      */
332     public String doModifyRole( HttpServletRequest request ) throws AccessDeniedException
333     {
334         String strOldRoleKey = request.getParameter( PARAMETER_ROLE_KEY_PREVIOUS );
335         String strNewRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
336         String strRoleDescription = request.getParameter( PARAMETER_ROLE_DESCRIPTION );
337         String strCanBeAssignedToUserFront = request.getParameter( PARAMETER_CAN_BE_ASSIGNED_TO_USER_FRONT );
338 
339         // check that new role key is valid
340         if ( StringUtils.isBlank( strNewRoleKey ) || StringUtils.isBlank( strRoleDescription ) )
341         {
342             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
343         }
344 
345         if ( strOldRoleKey.equals( strNewRoleKey ) ) // if the key doesn't change, update the description
346         {
347             if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
348             {
349                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
350             }
351             // update the role
352             RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
353             role.setKey( strNewRoleKey );
354             role.setDescription( strRoleDescription );
355             if ( getUser( ) != null && getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
356                     && !RoleHome.findExistRole( role.getKey( ) ) )
357             {
358                 Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
359                 roleFront.setRole( role.getKey( ) );
360                 roleFront.setRoleDescription( strRoleDescription );
361                 roleFront.setWorkgroup( AdminWorkgroupService.ALL_GROUPS );
362 
363                 RoleHome.create( roleFront );
364             }
365 
366             RBACRoleHome.update( strOldRoleKey, role );
367         }
368         else
369         // if the key changes, first check that the new key doesn't exist
370         {
371             if ( RBACRoleHome.checkExistRole( strNewRoleKey ) )
372             {
373                 return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ALREADY_EXISTS, AdminMessage.TYPE_STOP );
374             }
375             if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) )
376             {
377                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
378             }
379 
380             // update the role
381             RBACRole role = RBACRoleHome.findByPrimaryKey( strOldRoleKey );
382             role.setKey( strNewRoleKey );
383             role.setDescription( strRoleDescription );
384             RBACRoleHome.update( strOldRoleKey, role );
385             AdminUserHome.updateUsersRole( strOldRoleKey, role );
386 
387             // update the role key in the role-resource associations
388             RBACHome.updateRoleKey( strOldRoleKey, strNewRoleKey );
389 
390             if ( getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) && strCanBeAssignedToUserFront != null
391                     && !RoleHome.findExistRole( strNewRoleKey ) )
392             {
393                 Rolebusiness/role/Role.html#Role">Role roleFront = new Role( );
394                 roleFront.setRole( strNewRoleKey );
395                 roleFront.setRoleDescription( strRoleDescription );
396                 RoleHome.create( roleFront );
397             }
398 
399         }
400 
401         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strNewRoleKey;
402     }
403 
404     /**
405      * Get the confirmation page before deletion of a role
406      * 
407      * @param request
408      *            the HTTP request
409      * @return the url of the confirmation page
410      */
411     public String doConfirmRemoveRole( HttpServletRequest request )
412     {
413         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
414 
415         String strDeleteUrl = JSP_URL_REMOVE_ROLE;
416         Map<String, Object> parameters = new HashMap<>( 2 );
417         parameters.put( PARAMETER_ROLE_KEY, strRoleKey );
418         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_ROLE ) );
419         return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_ROLE, strDeleteUrl, AdminMessage.TYPE_CONFIRMATION, parameters );
420     }
421 
422     /**
423      * Perform the role deletion. Also delete the resources linked to this role
424      * 
425      * @param request
426      *            the http request
427      * @return the url of the role management page
428      * @throws AccessDeniedException
429      *             if the security token is invalid
430      */
431     public String doRemoveRole( HttpServletRequest request ) throws AccessDeniedException
432     {
433         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
434         List<String> listErrors = new ArrayList<>( );
435 
436         // check that no user has this role
437         if ( AdminUserHome.checkRoleAttributed( strRoleKey ) )
438         {
439             return AdminMessageService.getMessageUrl( request, PROPERTY_ROLE_ATTRIBUTED, AdminMessage.TYPE_STOP );
440         }
441         if ( !RBACRemovalListenerService.getService( ).checkForRemoval( strRoleKey, listErrors, getLocale( ) ) )
442         {
443             String strCause = AdminMessageService.getFormattedList( listErrors, getLocale( ) );
444             Object [ ] args = {
445                     strCause
446             };
447 
448             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_ROLE, args, AdminMessage.TYPE_STOP );
449         }
450         else
451         {
452             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_ROLE ) )
453             {
454                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
455             }
456             // remove role
457             RBACRoleHome.remove( strRoleKey );
458 
459             // remove resources entries for that role
460             RBACHome.removeForRoleKey( strRoleKey );
461 
462             return JSP_URL_ROLES_MANAGEMENT;
463         }
464     }
465 
466     /**
467      * Get the page describing a role and the resource associated
468      * 
469      * @param request
470      *            the HTTP request
471      * @return the HTML code for the description page
472      */
473     public String getViewRoleDescription( HttpServletRequest request )
474     {
475         setPageTitleProperty( PROPERTY_ROLE_DESCRIPTION_PAGETITLE );
476 
477         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
478 
479         Collection<RBAC> listResources = RBACHome.findResourcesByCode( strRoleKey );
480         I18nService.localizeCollection( listResources, getLocale( ) );
481 
482         Collection<ResourceType> listResourceTypes = ResourceTypeManager.getResourceTypeList( );
483         I18nService.localizeCollection( listResourceTypes, getLocale( ) );
484 
485         RBACRole adminRole = RBACRoleHome.findByPrimaryKey( strRoleKey );
486 
487         if ( adminRole == null )
488         {
489             return getManageRoles( request );
490         }
491 
492         Map<String, Object> model = new HashMap<>( );
493 
494         model.put( MARK_EXIST_FRONT_ROLE, RoleHome.findExistRole( adminRole.getKey( ) ) );
495         model.put( MARK_HAS_RIGHT_MANAGE_FRONT_ROLE, getUser( ).checkRight( RoleJspBean.RIGHT_ROLES_MANAGEMENT ) );
496         model.put( MARK_ROLE, adminRole );
497         model.put( MARK_CONTROLED_RESOURCE_LIST, listResources );
498         model.put( MARK_RESOURCE_TYPE_LIST, listResourceTypes );
499         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_VIEW_ROLE_DESCRIPTION ) );
500 
501         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_VIEW_ROLE_DESCRIPTION, getLocale( ), model );
502 
503         return getAdminPage( template.getHtml( ) );
504     }
505 
506     /**
507      * Get the confirmation page before deletion of a control
508      * 
509      * @param request
510      *            the http request
511      * @return the url of the confirmation page
512      */
513     public String doConfirmRemoveControlFromRole( HttpServletRequest request )
514     {
515         String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
516         int nId = Integer.parseInt( strIdControl );
517 
518         RBAC rbac = RBACHome.findByPrimaryKey( nId );
519         String strDeleteUrl = JSP_URL_REMOVE_CONTROL_FROM_ROLE;
520         Map<String, Object> parameters = new HashMap<>( 2 );
521         parameters.put( PARAMETER_RBAC_ID, strIdControl );
522         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) );
523         return AdminMessageService.getMessageUrl( request, PROPERTY_CONFIRM_DELETE_CONTROL,
524                 new Object[ ] { rbac.getRoleKey( ), rbac.getPermissionKey( ), rbac.getResourceIdLabel( ),
525                         rbac.getResourceTypeLabel( ) },
526                 null, strDeleteUrl, "", AdminMessage.TYPE_CONFIRMATION, parameters );
527     }
528 
529     /**
530      * Perform the role deletion. Also delete the resources linked to this role
531      * 
532      * @param request
533      *            the http request
534      * @return the url of the role management page
535      * @throws AccessDeniedException
536      *             if the security token is invalid
537      */
538     public String doRemoveControlFromRole( HttpServletRequest request ) throws AccessDeniedException
539     {
540         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_CONTROL_FROM_ROLE ) )
541         {
542             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
543         }
544         String strIdControl = request.getParameter( PARAMETER_RBAC_ID );
545         int nId = Integer.parseInt( strIdControl );
546 
547         RBAC rbac = RBACHome.findByPrimaryKey( nId );
548 
549         // remove control
550         RBACHome.remove( nId );
551 
552         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + rbac.getRoleKey( );
553     }
554 
555     /**
556      * Get the first page of the control addition to a role. This page provides choice for resource selection. 2 methods are provided :
557      * <ul>
558      * <li>wildcard selection : all resources of this type are selected.</li>
559      * <li>specific selection : a page with the list of resource ids available is provided next for user choice.</li>
560      * </ul>
561      * 
562      * @param request
563      *            the HTTP request
564      * @return the HTML content for the resource selection method choice
565      */
566     public String getAddControlToRole( HttpServletRequest request )
567     {
568         setPageTitleProperty( PROPERTY_CHOOSE_RESOURCES_PAGETITLE );
569 
570         Map<String, Object> model = new HashMap<>( );
571 
572         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
573         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
574 
575         ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
576 
577         boolean bResourceListAvailable = true;
578         ReferenceList listResources = resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) );
579 
580         if ( CollectionUtils.isEmpty( listResources ) )
581         {
582             bResourceListAvailable = false;
583         }
584 
585         model.put( MARK_ROLE_KEY, strRoleKey );
586         model.put( MARK_RESOURCE_TYPE, strResourceType );
587         model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
588         model.put( MARK_RESOURCE_LIST_AVAILABLE, bResourceListAvailable );
589 
590         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ADD_CONTROL_TO_ROLE, getLocale( ), model );
591 
592         return getAdminPage( template.getHtml( ) );
593     }
594 
595     /**
596      * Perform the checks on the resource selection method and perform the suitable redirection.
597      * <ul>
598      * <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page.</li>
599      * <li>If selection method is specific (id selection - parameter "choose"), the user is redirected to the resource id selection page.</li>
600      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
601      * </ul>
602      * 
603      * @param request
604      *            the http request
605      * @return the url of the page to be redirected to
606      */
607     public String doSelectResources( HttpServletRequest request )
608     {
609         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
610         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
611         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
612 
613         if ( ( strSelectionMethod == null ) || ( strSelectionMethod.trim( ).equals( "" ) ) )
614         {
615             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, JSP_PATH+JSP_URL_ROLES_MANAGEMENT, AdminMessage.TYPE_STOP );
616         }
617         else
618             if ( strSelectionMethod.equals( PARAMETER_SELECTION_METHOD_CHOOSE ) )
619             {
620                 return JSP_URL_SELECT_SPECIFIC_IDS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "&"
621                         + PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
622             }
623             else
624                 if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
625                 {
626                     return JSP_URL_SELECT_PERMISSIONS + "?" + PARAMETER_RESOURCE_TYPE + "=" + strResourceType + "&" + PARAMETER_ROLE_KEY + "=" + strRoleKey
627                             + "&" + PARAMETER_SELECT_RESOURCES_METHOD + "=" + strSelectionMethod;
628                 }
629                 else
630                 {
631                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, JSP_PATH+JSP_URL_ROLES_MANAGEMENT, AdminMessage.TYPE_STOP );
632                 }
633     }
634 
635     /**
636      * Get the list of ids corresponding to the current resource type. This allows to provide the selection of resource ids that should be controlled for the
637      * current role.
638      * 
639      * @param request
640      *            the http request
641      * @return the html code for the list of ids to select
642      */
643     public String getSelectSpecificIds( HttpServletRequest request )
644     {
645         setPageTitleProperty( PROPERTY_SELECT_RESOURCES_IDS_PAGETITLE );
646 
647         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
648         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
649         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
650 
651         ResourceType resourceType = ResourceTypeManager.getResourceType( strResourceType );
652 
653         Map<String, Object> model = new HashMap<>( );
654 
655         model.put( MARK_RESOURCE_ID_LIST, resourceType.getResourceIdService( ).getResourceIdList( getLocale( ) ) );
656         model.put( MARK_ROLE_KEY, strRoleKey );
657         model.put( MARK_RESOURCE_TYPE, strResourceType );
658         model.put( MARK_RESOURCE_LABEL, resourceType.getResourceTypeLabel( ) );
659         model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
660 
661         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_RESOURCE_IDS, getLocale( ), model );
662 
663         return getAdminPage( template.getHtml( ) );
664     }
665 
666     /**
667      * Perform the check on the resource id list selected on the specific id selection page perform the suitable redirection.
668      * <ul>
669      * <li>If selection method is specific (id selection - parameter "choose"),
670      * <ul>
671      * <li>if at least one id as been selected, the user is redirected to the permission selection page.</li>
672      * <li>if no id as been selected, the user is redirected to an error page.</li>
673      * </ul>
674      * <li>If selection method is global (wilcard selection - parameter "all"), the user is redirected to the permission selection page (This check could be
675      * avoided as is should not happen).</li>
676      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
677      * </ul>
678      * 
679      * @param request
680      *            the http request
681      * @return the url of the page to be redirected to
682      */
683     public String doSelectResourcesFromIdsList( HttpServletRequest request )
684     {
685         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
686         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
687         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
688         String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
689 
690         String strUrl;
691 
692         // check that the selection method is "all" or "choose"
693         // if method is "choose", check that we have at least one id checked
694         if ( strSelectionMethod == null )
695         {
696             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
697         }
698         else
699             if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
700             {
701                 if ( ( strArrayResourceIds == null ) || ( strArrayResourceIds.length == 0 ) )
702                 {
703                     strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ID_LIST_EMPTY, AdminMessage.TYPE_STOP );
704                 }
705                 else
706                 {
707                     StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
708                     sbUrl.append( "?" );
709                     sbUrl.append( PARAMETER_RESOURCE_TYPE );
710                     sbUrl.append( "=" );
711                     sbUrl.append( strResourceType );
712                     sbUrl.append( "&" );
713                     sbUrl.append( PARAMETER_ROLE_KEY );
714                     sbUrl.append( "=" );
715                     sbUrl.append( strRoleKey );
716                     sbUrl.append( "&" );
717                     sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
718                     sbUrl.append( "=" );
719                     sbUrl.append( strSelectionMethod );
720 
721                     for ( int i = 0; i < strArrayResourceIds.length; i++ )
722                     {
723                         sbUrl.append( "&" );
724                         sbUrl.append( PARAMETER_RESOURCE_ID );
725                         sbUrl.append( "=" );
726                         sbUrl.append( strArrayResourceIds [i] );
727                     }
728 
729                     strUrl = sbUrl.toString( );
730                 }
731             }
732             else
733                 if ( strSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
734                 {
735                     StringBuilder sbUrl = new StringBuilder( JSP_URL_SELECT_PERMISSIONS );
736                     sbUrl.append( "?" );
737                     sbUrl.append( PARAMETER_RESOURCE_TYPE );
738                     sbUrl.append( "=" );
739                     sbUrl.append( strResourceType );
740                     sbUrl.append( "&" );
741                     sbUrl.append( PARAMETER_ROLE_KEY );
742                     sbUrl.append( "=" );
743                     sbUrl.append( strRoleKey );
744                     sbUrl.append( "&" );
745                     sbUrl.append( PARAMETER_SELECT_RESOURCES_METHOD );
746                     sbUrl.append( "=" );
747                     sbUrl.append( strSelectionMethod );
748                     strUrl = sbUrl.toString( );
749                 }
750                 else
751                 {
752                     strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ID_SELECTION_METHOD, AdminMessage.TYPE_STOP );
753                 }
754 
755         return strUrl;
756     }
757 
758     /**
759      * Get the permission selection page. 2 methods are provided :
760      * <ul>
761      * <li>wildcard selection : all permissions for this type are selected.</li>
762      * <li>specific selection : the choice is to be made by the user in the list of available permissions.</li>
763      * </ul>
764      * 
765      * @param request
766      *            the http request
767      * @return the html code for the permission selection page.
768      */
769     public String getSelectPermissions( HttpServletRequest request )
770     {
771         setPageTitleProperty( PROPERTY_SELECT_PERMISSIONS_PAGETITLE );
772 
773         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
774         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
775         String strSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
776 
777         String [ ] strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
778 
779         // load the permission list for permission selection
780         ReferenceList listPermissions = ResourceTypeManager.getPermissionsList( strResourceType, getLocale( ) );
781 
782         Map<String, Object> model = new HashMap<>( );
783 
784         // forward the resource id list
785         model.put( MARK_RESOURCE_ID_LIST, strArrayResourceIds );
786 
787         // load the permission list
788         model.put( MARK_PERMISSIONS_LIST, listPermissions );
789 
790         // forward the role key, the resource type and the resource id selection method
791         model.put( MARK_ROLE_KEY, strRoleKey );
792         model.put( MARK_RESOURCE_TYPE, strResourceType );
793         model.put( MARK_SELECT_RESOURCES_METHOD, strSelectionMethod );
794         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_SELECT_PERMISSIONS ) );
795 
796         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_SELECT_PERMISSIONS, getLocale( ), model );
797 
798         return getAdminPage( template.getHtml( ) );
799     }
800 
801     /**
802      * Perform the checks on the permission selection and redirects to the description of the role if ok.
803      * <ul>
804      * <li>If selection method is global (wilcard selection - parameter "all"), the corresponding entry is stored as a control for all resources previously
805      * selected. The user is redirected to the role description page.</li>
806      * <li>If selection method is specific (id selection - parameter "choose"),
807      * <ul>
808      * <li>if no permission is found, the user is redirected to an error page.</li>
809      * <li>if at least one permission is found, the corresponding entry is stored as a control for all resources previously selected. The user is redirected to
810      * the role description page.</li>
811      * </ul>
812      * </li>
813      * <li>If no selection method is found, or if it's neither parameter "all" nor "choose", the user is redirected to a error page.</li>
814      * </ul>
815      * 
816      * @param request
817      *            the http request
818      * @return the url of the page to be redirected to
819      * @throws AccessDeniedException
820      *             if the security token is invalid
821      */
822     public String doSelectPermissions( HttpServletRequest request ) throws AccessDeniedException
823     {
824         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
825         String strResourceType = request.getParameter( PARAMETER_RESOURCE_TYPE );
826         String strResourcesSelectionMethod = request.getParameter( PARAMETER_SELECT_RESOURCES_METHOD );
827         String strPermissionsSelectionMethod = request.getParameter( PARAMETER_SELECT_PERMISSIONS_METHOD );
828 
829         String [ ] strArrayResourceIds;
830         String [ ] strArrayPermissionKeys;
831 
832         // get the list of resource ids selected (forward from previous screen, so no need for extensive checks)
833         if ( ( strResourcesSelectionMethod != null ) && strResourcesSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
834         {
835             strArrayResourceIds = new String [ 1];
836             strArrayResourceIds [0] = RBAC.WILDCARD_RESOURCES_ID;
837         }
838         else
839         {
840             strArrayResourceIds = request.getParameterValues( PARAMETER_RESOURCE_ID );
841         }
842 
843         // check that the permission selection method is "all" or "choose"
844         // if method is "choose", check that we have at least one id checked
845         if ( strPermissionsSelectionMethod == null )
846         {
847             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
848         }
849         else
850             if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_CHOOSE ) )
851             {
852                 strArrayPermissionKeys = request.getParameterValues( PARAMETER_PERMISSION_KEY );
853 
854                 if ( ( strArrayPermissionKeys == null ) || ( strArrayPermissionKeys.length == 0 ) )
855                 {
856                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_PERMISSION_LIST_EMPTY, AdminMessage.TYPE_STOP );
857                 }
858             }
859             else
860                 if ( strPermissionsSelectionMethod.equals( PARAMETER_METHOD_SELECTION_ALL ) )
861                 {
862                     strArrayPermissionKeys = new String [ 1];
863                     strArrayPermissionKeys [0] = RBAC.WILDCARD_PERMISSIONS_KEY;
864                 }
865                 else
866                 {
867                     return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_PERMISSION_SELECTION_METHOD, AdminMessage.TYPE_STOP );
868                 }
869 
870         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_SELECT_PERMISSIONS ) )
871         {
872             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
873         }
874 
875         // store the selected elements in database
876         for ( int i = 0; i < strArrayResourceIds.length; i++ )
877         {
878             for ( int j = 0; j < strArrayPermissionKeys.length; j++ )
879             {
880                 RBACrtal/business/rbac/RBAC.html#RBAC">RBAC rbac = new RBAC( );
881                 rbac.setRoleKey( strRoleKey );
882                 rbac.setResourceTypeKey( strResourceType );
883                 rbac.setResourceId( strArrayResourceIds [i] );
884                 rbac.setPermissionKey( strArrayPermissionKeys [j] );
885                 RBACHome.create( rbac );
886             }
887         }
888 
889         return JSP_URL_ROLE_DESCRIPTION + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
890     }
891 
892     /**
893      * Returns the users assignation form
894      *
895      * @param request
896      *            The Http request
897      * @return the html code for display the modes list
898      */
899     public String getAssignUsers( HttpServletRequest request )
900     {
901         Map<String, Object> model = new HashMap<>( );
902         setPageTitleProperty( PROPERTY_ASSIGN_USERS_PAGETITLE );
903 
904         String strBaseUrl = AppPathService.getBaseUrl( request ) + JSP_URL_ASSIGN_USERS_TO_ROLE;
905         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strBaseUrl );
906 
907         // ROLE
908         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
909         RBACRole role = RBACRoleHome.findByPrimaryKey( strRoleKey );
910 
911         // ASSIGNED USERS
912         List<AdminUser> listAssignedUsers = AdminUserHome.findByRole( strRoleKey ).stream( ).filter( this::isUserHigherThanConnectedUser )
913                 .collect( Collectors.toList( ) );
914 
915         List<AdminUser> listFilteredUsers = AdminUserService.getFilteredUsersInterface( listAssignedUsers, request, model, url );
916 
917         // AVAILABLE USERS
918         ReferenceListeferenceList">ReferenceList listAvailableUsers = new ReferenceList( );
919 
920         for ( AdminUser user : AdminUserHome.findUserList( ) )
921         {
922             final ReferenceItemtem.html#ReferenceItem">ReferenceItem itemUser = new ReferenceItem( );
923             itemUser.setCode( Integer.toString( user.getUserId( ) ) );
924             itemUser.setName( user.getLastName( ) + " " + user.getFirstName( ) + " (" + user.getAccessCode( ) + ")" );
925 
926             boolean bAssigned = listAssignedUsers.stream( )
927                     .anyMatch( assignedUser -> Integer.toString( assignedUser.getUserId( ) ).equals( itemUser.getCode( ) ) );
928 
929             // Add users with higher level then connected user or add all users if connected user is administrator
930             if ( !bAssigned && isUserHigherThanConnectedUser( user ) )
931             {
932                 listAvailableUsers.add( itemUser );
933             }
934         }
935 
936         // SORT
937         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
938         String strAscSort = null;
939 
940         if ( strSortedAttributeName != null )
941         {
942             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
943             strAscSort = request.getParameter( Parameters.SORTED_ASC );
944 
945             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
946 
947             Collections.sort( listFilteredUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
948         }
949 
950         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
951         _nDefaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_ROLES_PER_PAGE, 50 );
952         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, _nDefaultItemsPerPage );
953 
954         if ( strAscSort != null )
955         {
956             url.addParameter( Parameters.SORTED_ASC, strAscSort );
957         }
958 
959         // ITEM NAVIGATION
960         setItemNavigator( role.getKey( ), url.getUrl( ) );
961 
962         // PAGINATOR
963         url.addParameter( PARAMETER_ROLE_KEY, role.getKey( ) );
964 
965         LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listFilteredUsers, _nItemsPerPage, url.getUrl( ),
966                 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
967 
968         // USER LEVEL
969         Collection<Level> filteredLevels = new ArrayList<>( );
970 
971         for ( Level level : LevelHome.getLevelsList( ) )
972         {
973             if ( getUser( ).isAdmin( ) || getUser( ).hasRights( level.getId( ) ) )
974             {
975                 filteredLevels.add( level );
976             }
977         }
978 
979         model.put( MARK_ROLE, role );
980         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
981         model.put( MARK_AVAILABLE_USERS_LIST, listAvailableUsers );
982         model.put( MARK_ASSIGNED_USERS_LIST, paginator.getPageItems( ) );
983         model.put( MARK_ASSIGNED_USERS_NUMBER, listAssignedUsers.size( ) );
984         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
985         model.put( MARK_PAGINATOR, paginator );
986         model.put( MARK_NB_ITEMS_PER_PAGE, Integer.toString( _nItemsPerPage ) );
987         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_ASSIGN_USERS_TO_ROLE ) );
988 
989         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ASSIGN_USERS, getLocale( ), model );
990 
991         return getAdminPage( template.getHtml( ) );
992     }
993 
994     /**
995      * Process the data capture form for assign users to a role
996      *
997      * @param request
998      *            The HTTP Request
999      * @return The Jsp URL of the process result
1000      * @throws AccessDeniedException
1001      *             if the security token is invalid
1002      */
1003     public String doAssignUsers( HttpServletRequest request ) throws AccessDeniedException
1004     {
1005         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
1006         {
1007             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1008         }
1009         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
1010 
1011         // retrieve the selected portlets ids
1012         String [ ] arrayUsersIds = request.getParameterValues( PARAMETER_AVAILABLE_USER_LIST );
1013 
1014         if ( ( arrayUsersIds != null ) )
1015         {
1016             for ( int i = 0; i < arrayUsersIds.length; i++ )
1017             {
1018                 int nUserId = Integer.parseInt( arrayUsersIds [i] );
1019                 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1020 
1021                 if ( !AdminUserHome.hasRole( user, strRoleKey ) )
1022                 {
1023                     AdminUserHome.createRoleForUser( user.getUserId( ), strRoleKey );
1024                 }
1025             }
1026         }
1027 
1028         return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey;
1029     }
1030 
1031     /**
1032      * unassigns user from role
1033      * 
1034      * @param request
1035      *            The HttpRequest
1036      * @return the HTML code of list assignations
1037      * @throws AccessDeniedException
1038      *             if the security token is invalid
1039      */
1040     public String doUnAssignUser( HttpServletRequest request ) throws AccessDeniedException
1041     {
1042         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_ASSIGN_USERS_TO_ROLE ) )
1043         {
1044             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1045         }
1046         String strRoleKey = request.getParameter( PARAMETER_ROLE_KEY );
1047         int nIdUser = Integer.parseInt( request.getParameter( PARAMETER_ID_USER ) );
1048         String strAnchor = request.getParameter( PARAMETER_ANCHOR );
1049 
1050         AdminUser adminUser = AdminUserHome.findByPrimaryKey( nIdUser );
1051 
1052         if ( adminUser != null )
1053         {
1054             AdminUserHome.removeRoleForUser( nIdUser, strRoleKey );
1055         }
1056 
1057         return JSP_ASSIGN_USERS_TO_ROLE + "?" + PARAMETER_ROLE_KEY + "=" + strRoleKey + "#" + strAnchor;
1058     }
1059 
1060     /**
1061      * Get the item navigator
1062      * 
1063      * @param strRoleKey
1064      *            the role key
1065      * @param strUrl
1066      *            the url
1067      */
1068     private void setItemNavigator( String strRoleKey, String strUrl )
1069     {
1070         if ( _itemNavigator == null )
1071         {
1072             List<String> listIdsRight = new ArrayList<>( );
1073             int nCurrentItemId = 0;
1074             int nIndex = 0;
1075 
1076             for ( RBACRole role : RBACRoleHome.findAll( ) )
1077             {
1078                 if ( ( role != null ) && StringUtils.isNotBlank( role.getKey( ) ) )
1079                 {
1080                     listIdsRight.add( role.getKey( ) );
1081 
1082                     if ( role.getKey( ).equals( strRoleKey ) )
1083                     {
1084                         nCurrentItemId = nIndex;
1085                     }
1086 
1087                     nIndex++;
1088                 }
1089             }
1090 
1091             _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_ROLE_KEY );
1092         }
1093         else
1094         {
1095             _itemNavigator.setCurrentItemId( strRoleKey );
1096         }
1097     }
1098 
1099     /**
1100      * Reinit the item navigator
1101      */
1102     private void reinitItemNavigator( )
1103     {
1104         _itemNavigator = null;
1105     }
1106 }