View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.role;
35  
36  import fr.paris.lutece.portal.business.rbac.RBACRole;
37  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
38  import fr.paris.lutece.portal.business.role.Role;
39  import fr.paris.lutece.portal.business.role.RoleHome;
40  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
41  import fr.paris.lutece.portal.service.message.AdminMessage;
42  import fr.paris.lutece.portal.service.message.AdminMessageService;
43  import fr.paris.lutece.portal.service.role.RoleRemovalListenerService;
44  import fr.paris.lutece.portal.service.security.SecurityTokenService;
45  import fr.paris.lutece.portal.service.template.AppTemplateService;
46  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
47  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
48  import fr.paris.lutece.portal.web.constants.Messages;
49  import fr.paris.lutece.util.html.HtmlTemplate;
50  import fr.paris.lutece.util.string.StringUtil;
51  
52  import java.util.ArrayList;
53  import java.util.Collection;
54  import java.util.HashMap;
55  import java.util.Map;
56  import java.util.stream.Collectors;
57  
58  import javax.servlet.http.HttpServletRequest;
59  
60  import org.apache.commons.lang3.StringUtils;
61  import org.apache.james.mime4j.io.LineReaderInputStreamAdaptor;
62  
63  /**
64   * JspBean for Role management
65   */
66  public class RoleJspBean extends AdminFeaturesPageJspBean
67  {
68      // //////////////////////////////////////////////////////////////////////////////
69      // Constant
70  
71      // Right
72      /**
73       * Right to manage roles
74       */
75      public static final String RIGHT_ROLES_MANAGEMENT = "CORE_ROLES_MANAGEMENT";
76  
77      /**
78       * Serial version UID
79       */
80      private static final long serialVersionUID = -764350969432795013L;
81  
82      // Markers
83      private static final String MARK_ROLES_LIST = "roles_list";
84      private static final String MARK_EXIST_RBAC_MAP = "exist_rbac_map";
85  
86      private static final String MARK_ROLE = "role";
87      private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
88      private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
89  
90      // Parameters
91      private static final String PARAMETER_PAGE_ROLE = "role";
92      private static final String PARAMETER_PAGE_ROLE_DESCRIPTION = "role_description";
93      private static final String PARAMETER_PAGE_WORKGROUP = "workgroup_key";
94  
95      // Templates
96      private static final String TEMPLATE_MANAGE_ROLES = "admin/role/manage_roles.html";
97      private static final String TEMPLATE_PAGE_ROLE_MODIFY = "admin/role/modify_page_role.html";
98      private static final String TEMPLATE_CREATE_PAGE_ROLE = "admin/role/create_page_role.html";
99  
100     // Jsp
101     private static final String PATH_JSP = "jsp/admin/role/";
102     private static final String JSP_REMOVE_ROLE = "DoRemovePageRole.jsp";
103 
104     // Properties
105     private static final String PROPERTY_PAGE_TITLE_CREATE_ROLE = "portal.role.create_role.pageTitle";
106     private static final String PROPERTY_PAGE_TITLE_MODIFY_ROLE = "portal.role.modify_role.pageTitle";
107 
108     // Message
109     private static final String MESSAGE_ROLE_EXIST = "portal.role.message.roleexist";
110     private static final String MESSAGE_ROLE_FORMAT = "portal.role.message.roleformat";
111     private static final String MESSAGE_CONFIRM_REMOVE = "portal.role.message.confirmRemoveRole";
112     private static final String MESSAGE_CANNOT_REMOVE_ROLE = "portal.role.message.cannotRemoveRole";
113 
114     /**
115      * Creates a new RoleJspBean object.
116      */
117     public RoleJspBean( )
118     {
119         // Ctor
120     }
121 
122     /**
123      * Returns Page Role management form
124      * 
125      * @param request
126      *            The Http request
127      * @return Html form
128      */
129     public String getManagePageRole( HttpServletRequest request )
130     {
131         setPageTitleProperty( null );
132 
133         Map<String, Object> model = new HashMap<>( );
134         Collection<Role> listRoles = RoleHome.findAll( );
135         listRoles = AdminWorkgroupService.getAuthorizedCollection( listRoles, getUser( ) );
136         Map<String, Boolean> mapExistRbac = listRoles.stream( ).collect( Collectors.toMap( Role::getRole, x -> RBACRoleHome.checkExistRole( x.getRole( ) ) ) );
137 
138         model.put( MARK_ROLES_LIST, listRoles );
139         model.put( MARK_EXIST_RBAC_MAP, mapExistRbac );
140 
141         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_ROLES, getLocale( ), model );
142 
143         return getAdminPage( template.getHtml( ) );
144     }
145 
146     /**
147      * Insert a new PageRole
148      * 
149      * @param request
150      *            The HTTP request
151      * @return String The html code page
152      */
153     public String getCreatePageRole( HttpServletRequest request )
154     {
155         setPageTitleProperty( PROPERTY_PAGE_TITLE_CREATE_ROLE );
156 
157         Map<String, Object> model = new HashMap<>( );
158 
159         model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
160         model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
161         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_CREATE_PAGE_ROLE ) );
162 
163         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_PAGE_ROLE, getLocale( ), model );
164 
165         return getAdminPage( template.getHtml( ) );
166     }
167 
168     /**
169      * Create PageRole
170      * 
171      * @param request
172      *            The HTTP request
173      * @return String The url page
174      * @throws AccessDeniedException
175      *             if the security token is invalid
176      */
177     public String doCreatePageRole( HttpServletRequest request ) throws AccessDeniedException
178     {
179         String strPageRole = request.getParameter( PARAMETER_PAGE_ROLE );
180         String strPageRoleDescription = request.getParameter( PARAMETER_PAGE_ROLE_DESCRIPTION );
181         String strPageWorkgroup = request.getParameter( PARAMETER_PAGE_WORKGROUP );
182 
183         // Mandatory field
184 
185         if ( StringUtil.isAnyEmpty( strPageRole, strPageRoleDescription ) || ( strPageWorkgroup == null ) )
186         {
187             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
188         }
189 
190         // Check if code is valid
191         if ( !StringUtil.checkCodeKey( strPageRole ) )
192         {
193             return AdminMessageService.getMessageUrl( request, MESSAGE_ROLE_FORMAT, AdminMessage.TYPE_STOP );
194         }
195 
196         // Check if role exist
197         if ( RoleHome.findExistRole( strPageRole ) )
198         {
199             return AdminMessageService.getMessageUrl( request, MESSAGE_ROLE_EXIST, AdminMessage.TYPE_STOP );
200         }
201 
202         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_CREATE_PAGE_ROLE ) )
203         {
204             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
205         }
206         Rolertal/business/role/Role.html#Role">Role role = new Role( );
207         role.setRole( strPageRole );
208         role.setRoleDescription( strPageRoleDescription );
209         role.setWorkgroup( strPageWorkgroup );
210         RoleHome.create( role );
211 
212         return getHomeUrl( request );
213     }
214 
215     /**
216      *
217      * @param request
218      *            The HTTP request
219      * @return String The html code page
220      */
221     public String getModifyPageRole( HttpServletRequest request )
222     {
223         setPageTitleProperty( PROPERTY_PAGE_TITLE_MODIFY_ROLE );
224 
225         Map<String, Object> model = new HashMap<>( );
226 
227         String strPageRole = request.getParameter( PARAMETER_PAGE_ROLE );
228 
229         Role role = RoleHome.findByPrimaryKey( strPageRole );
230 
231         if ( role == null )
232         {
233             return getManagePageRole( request );
234         }
235 
236         model.put( MARK_ROLE, role );
237         model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
238         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TEMPLATE_PAGE_ROLE_MODIFY ) );
239 
240         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_PAGE_ROLE_MODIFY, getLocale( ), model );
241 
242         return getAdminPage( template.getHtml( ) );
243     }
244 
245     /**
246      * Modify PageRole
247      * 
248      * @param request
249      *            The HTTP request
250      * @return String The url page
251      * @throws AccessDeniedException
252      *             if the security token is invalid
253      */
254     public String doModifyPageRole( HttpServletRequest request ) throws AccessDeniedException
255     {
256         String strPageRole = request.getParameter( PARAMETER_PAGE_ROLE );
257         String strPageRoleDescription = request.getParameter( PARAMETER_PAGE_ROLE_DESCRIPTION );
258         String strPageWorkgroup = request.getParameter( PARAMETER_PAGE_WORKGROUP );
259 
260         // Mandatory field
261         if ( ( strPageRoleDescription == null ) || strPageRoleDescription.equals( "" ) || ( strPageWorkgroup == null ) )
262         {
263             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
264         }
265 
266         if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_PAGE_ROLE_MODIFY ) )
267         {
268             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
269         }
270 
271         Rolertal/business/role/Role.html#Role">Role role = new Role( );
272         role.setRole( strPageRole );
273         role.setRoleDescription( strPageRoleDescription );
274         role.setWorkgroup( strPageWorkgroup );
275         RoleHome.update( role );
276 
277         return getHomeUrl( request );
278     }
279 
280     /**
281      * confirm Delete PageRole
282      * 
283      * @param request
284      *            The HTTP request
285      * @return String The html code page
286      */
287     public String getRemovePageRole( HttpServletRequest request )
288     {
289         String strPageRole = request.getParameter( PARAMETER_PAGE_ROLE );
290         if ( StringUtils.isBlank( strPageRole ) )
291         {
292             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
293                     PARAMETER_PAGE_ROLE
294             }, AdminMessage.TYPE_STOP );
295         }
296         Role role = RoleHome.findByPrimaryKey( strPageRole );
297         if ( role == null || !strPageRole.equals( role.getRole( ) ) )
298         {
299             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
300                     strPageRole
301             }, AdminMessage.TYPE_STOP );
302         }
303         String strURL = PATH_JSP + JSP_REMOVE_ROLE;
304         Map<String, Object> parameters = new HashMap<>( );
305         parameters.put( PARAMETER_PAGE_ROLE, request.getParameter( PARAMETER_PAGE_ROLE ) );
306         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_REMOVE_ROLE ) );
307 
308         return AdminMessageService.getMessageUrl( request, MESSAGE_CONFIRM_REMOVE, new Object [ ] {
309                 strPageRole
310         }, null, strURL, null, AdminMessage.TYPE_CONFIRMATION, parameters );
311     }
312 
313     /**
314      * Delete PageRole
315      * 
316      * @param request
317      *            The HTTP request
318      * @return String The url page
319      * @throws AccessDeniedException
320      *             if the security token is invalid
321      */
322     public String doRemovePageRole( HttpServletRequest request ) throws AccessDeniedException
323     {
324         String strPageRole = request.getParameter( PARAMETER_PAGE_ROLE );
325         ArrayList<String> listErrors = new ArrayList<>( );
326 
327         if ( !RoleRemovalListenerService.getService( ).checkForRemoval( strPageRole, listErrors, getLocale( ) ) )
328         {
329             String strCause = AdminMessageService.getFormattedList( listErrors, getLocale( ) );
330             Object [ ] args = {
331                     strPageRole, strCause
332             };
333 
334             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_ROLE, args, AdminMessage.TYPE_STOP );
335         }
336         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_REMOVE_ROLE ) )
337         {
338             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
339         }
340         RoleHome.remove( strPageRole );
341 
342         return getHomeUrl( request );
343     }
344 }