1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import fr.paris.lutece.portal.service.security.AccessLogService;
37 import java.io.IOException;
38 import java.io.PrintWriter;
39 import java.sql.Timestamp;
40 import java.util.ArrayList;
41 import java.util.Collection;
42 import java.util.Collections;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.fileupload.FileItem;
52 import org.apache.commons.lang3.StringUtils;
53
54 import fr.paris.lutece.portal.business.rbac.RBACRole;
55 import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56 import fr.paris.lutece.portal.business.rbac.RBAC;
57 import fr.paris.lutece.portal.business.right.Level;
58 import fr.paris.lutece.portal.business.right.LevelHome;
59 import fr.paris.lutece.portal.business.right.Right;
60 import fr.paris.lutece.portal.business.right.RightHome;
61 import fr.paris.lutece.portal.business.user.AdminUser;
62 import fr.paris.lutece.portal.business.user.AdminUserHome;
63 import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65 import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69 import fr.paris.lutece.portal.business.xsl.XslExport;
70 import fr.paris.lutece.portal.business.xsl.XslExportHome;
71 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73 import fr.paris.lutece.portal.service.admin.AdminUserService;
74 import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75 import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76 import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77 import fr.paris.lutece.portal.service.i18n.I18nService;
78 import fr.paris.lutece.portal.service.message.AdminMessage;
79 import fr.paris.lutece.portal.service.message.AdminMessageService;
80 import fr.paris.lutece.portal.service.plugin.PluginService;
81 import fr.paris.lutece.portal.service.rbac.RBACService;
82 import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83 import fr.paris.lutece.portal.service.security.SecurityTokenService;
84 import fr.paris.lutece.portal.service.security.UserNotSignedException;
85 import fr.paris.lutece.portal.service.spring.SpringContextService;
86 import fr.paris.lutece.portal.service.template.AppTemplateService;
87 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88 import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89 import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90 import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91 import fr.paris.lutece.portal.service.util.AppException;
92 import fr.paris.lutece.portal.service.util.AppLogService;
93 import fr.paris.lutece.portal.service.util.AppPathService;
94 import fr.paris.lutece.portal.service.util.AppPropertiesService;
95 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96 import fr.paris.lutece.portal.service.xsl.XslExportService;
97 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98 import fr.paris.lutece.portal.web.constants.Messages;
99 import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117
118
119
120
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123 private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124 private static final long serialVersionUID = -6323157489236186522L;
125
126
127
128 private static final String CONSTANTE_UN = "1";
129 private static final String CONSTANT_USER_MSG = "User ";
130 private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131 private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132 private static final String CONSTANT_BO = "BO";
133
134
135 private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136
137
138 private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139 private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140 private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141 private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142 private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143 private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144 private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145 private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146 private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147 private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148 private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149 private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150 private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151 private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152 private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153 private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154 private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155 private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156
157
158 private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159 private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160 private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161 private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162 private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163 private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164 private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165 private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166 private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167 private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168 private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169 private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171 private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172 private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173 private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174 private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175 private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176 private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177 private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180 private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181 private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183 private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184 private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185 private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186 private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187 private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188 private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189 private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190 private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191 private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192 private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193 private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194 private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195 private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196 private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197 private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198 private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199
200
201 private static final String PARAMETER_ACCESS_CODE = "access_code";
202 private static final String PARAMETER_LAST_NAME = "last_name";
203 private static final String PARAMETER_FIRST_NAME = "first_name";
204 private static final String PARAMETER_EMAIL = "email";
205 private static final String PARAMETER_NOTIFY_USER = "notify_user";
206 private static final String PARAMETER_STATUS = "status";
207 private static final String PARAMETER_USER_ID = "id_user";
208 private static final String PARAMETER_ROLE = "roles";
209 private static final String PARAMETER_RIGHT = "right";
210 private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211 private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212 private static final String PARAMETER_LANGUAGE = "language";
213 private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214 private static final String PARAMETER_USER_LEVEL = "user_level";
215 private static final String PARAMETER_WORKGROUP = "workgroup";
216 private static final String PARAMETER_SELECT = "select";
217 private static final String PARAMETER_SELECT_ALL = "all";
218 private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219 private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220 private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221 private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222 private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224 private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225 private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226 private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227 private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228 private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229 private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230 private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231 private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232 private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234 private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235 private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236 private static final String PARAMETER_ATTRIBUTE = "attribute_";
237 private static final String PARAMETER_EMAIL_TYPE = "email_type";
238 private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239 private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242 private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243 private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246 private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247 private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248 private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249 private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250 private static final String PARAMETER_CANCEL = "cancel";
251 private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254 private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255 private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256 private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257 private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258 private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259 private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260 private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261 private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262 private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263 private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264 private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265 private static final String PARAMETER_RESET = "reset";
266
267
268 private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269 private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270 private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271 private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272 private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
273 private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
274 private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
275 private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
276 private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
277 private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
278 private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
279 private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
280 private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
281 private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
282 private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
283
284
285 private static final String MARK_USER_LIST = "user_list";
286 private static final String MARK_IMPORT_USER_LIST = "import_user_list";
287 private static final String MARK_ACCESS_CODE = "access_code";
288 private static final String MARK_LAST_NAME = "last_name";
289 private static final String MARK_FIRST_NAME = "first_name";
290 private static final String MARK_EMAIL = "email";
291 private static final String MARK_IMPORT_USER = "import_user";
292 private static final String MARK_USER = "user";
293 private static final String MARK_LEVEL = "level";
294 private static final String MARK_USER_RIGHT_LIST = "user_right_list";
295 private static final String MARK_ALL_ROLE_LIST = "all_role_list";
296 private static final String MARK_USER_ROLE_LIST = "user_role_list";
297 private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
298 private static final String MARK_PAGINATOR = "paginator";
299 private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
300 private static final String MARK_LANGUAGES_LIST = "languages_list";
301 private static final String MARK_CURRENT_LANGUAGE = "current_language";
302 private static final String MARK_USER_CREATION_URL = "url_user_creation";
303 private static final String MARK_CAN_DELEGATE = "can_delegate";
304 private static final String MARK_CAN_MODIFY = "can_modify";
305 private static final String MARK_USER_LEVELS_LIST = "user_levels";
306 private static final String MARK_CURRENT_USER = "current_user";
307 private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
308 private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
309 private static final String MARK_SELECT_ALL = "select_all";
310 private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
311 private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
312 private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
313 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
314 private static final String MARK_LOCALE = "locale";
315 private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
316 private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
317 private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
318 private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
319 private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
320 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
321 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
322 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
323 private static final String MARK_EMAIL_SENDER = "email_sender";
324 private static final String MARK_EMAIL_SUBJECT = "email_subject";
325 private static final String MARK_EMAIL_BODY = "email_body";
326 private static final String MARK_EMAIL_LABEL = "emailLabel";
327 private static final String MARK_WEBAPP_URL = "webapp_url";
328 private static final String MARK_LIST_MESSAGES = "csv_messages";
329 private static final String MARK_CSV_SEPARATOR = "csv_separator";
330 private static final String MARK_CSV_ESCAPE = "csv_escape";
331 private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
332 private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
333 private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
334 private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
335 private static final String MARK_ADMIN_AVATAR = "adminAvatar";
336 private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
337 private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
338 private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
339
340 private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
341 private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
342 private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
343 private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
344 private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
345 private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
346 private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
347 private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
348 private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
349 private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
350 private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
351 private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
352 private static final String CONSTANT_POINT = ".";
353 private static final String CONSTANT_QUOTE = "\"";
354 private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
355 private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
356 private static final String CONSTANT_XML_USERS = "users";
357 private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
358 private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
359 private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
360 private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
361 private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
362 private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
363 private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
364 private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
365 private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
366 private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
367 private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
368 private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
369 private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
370
371 private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
372
373 private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
374 private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
375 private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
376 private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
377 private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
378
379 private transient ImportAdminUserService _importAdminUserService;
380 private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
381
382 private int _nItemsPerPage;
383 private String _strCurrentPageIndex;
384 private ItemNavigator _itemNavigator;
385
386
387
388
389
390
391
392
393 public String getManageAdminUsers( HttpServletRequest request )
394 {
395 setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
396
397
398 reinitItemNavigator( );
399
400 String strCreateUrl;
401 AdminUser currentUser = getUser( );
402
403 Map<String, Object> model = new HashMap<>( );
404
405
406 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
407 {
408 strCreateUrl = JSP_URL_CREATE_USER;
409 }
410 else
411 {
412 strCreateUrl = JSP_URL_IMPORT_USER;
413 }
414
415 String strURL = getHomeUrl( request );
416 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
417
418 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
419 listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
420
421 List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
422 List<AdminUser> listDisplayUsers = new ArrayList<>( );
423
424 for ( AdminUser user : availableUsers )
425 {
426 if ( isUserAuthorizedToModifyUser( currentUser, user ) )
427 {
428 listDisplayUsers.add( user );
429 }
430 }
431
432
433 String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
434 String strAscSort = null;
435
436 if ( strSortedAttributeName != null )
437 {
438 strAscSort = request.getParameter( Parameters.SORTED_ASC );
439
440 boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
441
442 Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
443 }
444
445 _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
446 int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
447 _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
448
449 if ( strSortedAttributeName != null )
450 {
451 url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
452 }
453
454 if ( strAscSort != null )
455 {
456 url.addParameter( Parameters.SORTED_ASC, strAscSort );
457 }
458
459
460 LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
461 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
462
463
464 Collection<Level> filteredLevels = new ArrayList<>( );
465
466 for ( Level level : LevelHome.getLevelsList( ) )
467 {
468 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
469 {
470 filteredLevels.add( level );
471 }
472 }
473
474 boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
475 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
476 boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
477 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
478
479 model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
480 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
481 model.put( MARK_PAGINATOR, paginator );
482 model.put( MARK_USER_LIST, paginator.getPageItems( ) );
483 model.put( MARK_USER_CREATION_URL, strCreateUrl );
484 model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
485 model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
486 model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
487 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
488
489 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
490
491 return getAdminPage( template.getHtml( ) );
492 }
493
494
495
496
497
498
499
500
501
502 public String getFindImportAdminUser( HttpServletRequest request )
503 {
504 setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
505
506 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
507 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
508 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
509 String strEmail = request.getParameter( PARAMETER_EMAIL );
510
511 Map<String, Object> model = new HashMap<>( );
512 Collection<?> allImportUsers = null;
513
514 if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
515 {
516 allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
517 }
518
519 model.put( MARK_IMPORT_USER_LIST, allImportUsers );
520 model.put( MARK_ACCESS_CODE, strAccessCode );
521 model.put( MARK_LAST_NAME, strLastName );
522 model.put( MARK_FIRST_NAME, strFirstName );
523 model.put( MARK_EMAIL, strEmail );
524
525 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
526
527 return getAdminPage( template.getHtml( ) );
528 }
529
530
531
532
533
534
535
536
537 public String doSelectImportUser( HttpServletRequest request )
538 {
539 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
540
541 if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
542 {
543 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
544 }
545
546
547 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
548 {
549 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
550 }
551
552 return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
553 }
554
555
556
557
558
559
560
561
562 public String getCreateAdminUser( HttpServletRequest request )
563 {
564 setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
565
566 HtmlTemplate template;
567 AdminUser currentUser = getUser( );
568 Collection<Level> filteredLevels = new ArrayList<>( );
569
570 for ( Level level : LevelHome.getLevelsList( ) )
571 {
572 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
573 {
574 filteredLevels.add( level );
575 }
576 }
577
578
579 String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
580 Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
581 int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
582 String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
583 int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
584
585
586 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
587
588
589 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
590 {
591 Map<String, Object> model = new HashMap<>( );
592
593 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
594 model.put( MARK_CURRENT_USER, currentUser );
595 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
596 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
597 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
598 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
599 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
600 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
601 model.put( MARK_LOCALE, getLocale( ) );
602 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
603 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
604 model.put( MARK_RANDOM_PASSWORD_SIZE,
605 AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
606 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
607 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
608
609 template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
610 }
611 else
612
613
614 {
615
616
617 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
618 AdminUser user = null;
619
620 if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
621 {
622 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
623 }
624
625 Map<String, Object> model = new HashMap<>( );
626
627 if ( user != null )
628 {
629 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
630 model.put( MARK_CURRENT_USER, currentUser );
631 model.put( MARK_IMPORT_USER, user );
632 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
633 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
634 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
635 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
636 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
637 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
638 model.put( MARK_LOCALE, getLocale( ) );
639 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
640 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
641 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
642 }
643
644 template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
645 }
646
647 return getAdminPage( template.getHtml( ) );
648 }
649
650
651
652
653
654
655
656
657
658
659 public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
660 {
661 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
662 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
663 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
664 String strEmail = request.getParameter( PARAMETER_EMAIL );
665 String strStatus = request.getParameter( PARAMETER_STATUS );
666 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
667 String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
668 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
669 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
670
671 String message = checkParameters( request, JSP_URL_CREATE_USER );
672
673 if ( message != null )
674 {
675 return message;
676 }
677
678
679 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
680 {
681 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
682 }
683
684
685 if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
686 {
687 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
688 }
689
690
691 int nNewUserLevel = Integer.parseInt( strUserLevel );
692
693
694 if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
695 {
696 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
697 }
698
699
700 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
701 {
702 LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
703 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
704 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
705
706 if ( StringUtils.isEmpty( strFirstPassword ) )
707 {
708 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
709 }
710
711 if ( !strFirstPassword.equals( strSecondPassword ) )
712 {
713 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
714 }
715
716 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
717
718 if ( StringUtils.isNotEmpty( strUrl ) )
719 {
720 return strUrl;
721 }
722
723 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
724
725 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
726 user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
727
728 user.setAccessCode( strAccessCode );
729 user.setLastName( strLastName );
730 user.setFirstName( strFirstName );
731 user.setEmail( strEmail );
732 user.setStatus( Integer.parseInt( strStatus ) );
733 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
734
735 user.setUserLevel( nNewUserLevel );
736 user.setPasswordReset( Boolean.TRUE );
737 user.setAccessibilityMode( strAccessibilityMode != null );
738 user.setWorkgroupKey( strWorkgroupKey );
739
740 AdminUserHome.create( user );
741 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
742
743 if ( CONSTANTE_UN.equals( strNotifyUser ) )
744 {
745
746 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
747 TEMPLATE_NOTIFY_USER );
748 }
749
750 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
751 CONSTANT_BO );
752 }
753 else
754 {
755 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
756 user.setAccessCode( strAccessCode );
757 user.setLastName( strLastName );
758 user.setFirstName( strFirstName );
759 user.setEmail( strEmail );
760 user.setStatus( Integer.parseInt( strStatus ) );
761 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
762
763 user.setUserLevel( nNewUserLevel );
764 user.setAccessibilityMode( strAccessibilityMode != null );
765 user.setWorkgroupKey( strWorkgroupKey );
766
767 AdminUserHome.create( user );
768 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
769
770 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
771 CONSTANT_BO );
772 }
773
774 return JSP_MANAGE_USER;
775 }
776
777 private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
778 {
779 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
780 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
781 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
782 String strEmail = request.getParameter( PARAMETER_EMAIL );
783
784 if ( StringUtils.isEmpty( strAccessCode ) )
785 {
786 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
787 }
788
789 if ( StringUtils.isEmpty( strLastName ) )
790 {
791 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
792 }
793
794 if ( StringUtils.isEmpty( strFirstName ) )
795 {
796 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
797 }
798
799 if ( StringUtils.isBlank( strEmail ) )
800 {
801 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
802 }
803
804 if ( !AdminUserService.checkEmail( strEmail ) )
805 {
806 return AdminUserService.getEmailErrorMessageUrl( request );
807 }
808
809 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
810
811 if ( strError != null )
812 {
813 return strError;
814 }
815
816 if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
817 {
818 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
819 }
820
821 return null;
822 }
823
824
825
826
827
828
829
830
831
832
833 public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
834 {
835 setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
836
837 String strUserId = request.getParameter( PARAMETER_USER_ID );
838
839 int nUserId = Integer.parseInt( strUserId );
840
841 Map<String, Object> model = new HashMap<>( );
842 HtmlTemplate template;
843
844 AdminUser user;
845 String strTemplateUrl;
846
847
848
849 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
850 {
851 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
852 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
853 }
854 else
855 {
856 user = AdminUserHome.findByPrimaryKey( nUserId );
857 strTemplateUrl = TEMPLATE_MODIFY_USER;
858 }
859
860 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
861 {
862 return getManageAdminUsers( request );
863 }
864
865 AdminUser currentUser = AdminUserService.getAdminUser( request );
866
867 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
868 {
869 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
870 }
871
872 Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
873 ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
874
875 if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
876 {
877 for ( Level levelItem : LevelHome.getLevelsList( ) )
878 {
879 filteredLevels.add( levelItem.getReferenceItem( ) );
880 }
881 ;
882 filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
883 }
884
885
886 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
887
888 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
889 Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
890
891 model.put( MARK_USER, user );
892 model.put( MARK_LEVEL, level );
893 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
894 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
895 model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
896 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
897 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
898 model.put( MARK_LOCALE, getLocale( ) );
899 model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
900 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
901 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
902
903 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
904
905 return getAdminPage( template.getHtml( ) );
906 }
907
908
909
910
911
912
913
914
915
916
917 public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
918 {
919 String strUserId = request.getParameter( PARAMETER_USER_ID );
920 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
921 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
922 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
923 String strEmail = request.getParameter( PARAMETER_EMAIL );
924 String strStatus = request.getParameter( PARAMETER_STATUS );
925 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
926 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
927 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
928 int nUserId = Integer.parseInt( strUserId );
929
930 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
931 AdminUser currentUser = AdminUserService.getAdminUser( request );
932
933 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
934 {
935 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
936 }
937
938
939
940 if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
941 {
942 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
943 }
944
945 String message = checkParameters( request, JSP_URL_MODIFY_USER );
946
947 if ( message != null )
948 {
949 return message;
950 }
951
952 int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
953
954
955 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
956 {
957 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
958 }
959
960 checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
961
962
963 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
964 {
965 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
966 }
967
968
969 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
970 {
971 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
972
973 user.setUserId( nUserId );
974 user.setAccessCode( strAccessCode );
975 user.setLastName( strLastName );
976 user.setFirstName( strFirstName );
977 user.setEmail( strEmail );
978 user.setWorkgroupKey( strWorkgroupKey );
979 user.setUserLevel( Integer.parseInt( strUserLevel ) );
980
981 int nStatus = Integer.parseInt( strStatus );
982
983 if ( nStatus != user.getStatus( ) )
984 {
985 user.setStatus( nStatus );
986 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
987 TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
988 }
989
990 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
991 user.setAccessibilityMode( strAccessibilityMode != null );
992
993 AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
994
995 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
996
997 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
998 CONSTANT_BO );
999 }
1000 else
1001 {
1002 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1003 user.setUserId( nUserId );
1004 user.setAccessCode( strAccessCode );
1005 user.setLastName( strLastName );
1006 user.setFirstName( strFirstName );
1007 user.setEmail( strEmail );
1008 user.setStatus( Integer.parseInt( strStatus ) );
1009 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1010 user.setAccessibilityMode( strAccessibilityMode != null );
1011 user.setWorkgroupKey( strWorkgroupKey );
1012 user.setUserLevel( Integer.parseInt( strUserLevel ) );
1013
1014 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1015
1016 if ( strError != null )
1017 {
1018 return strError;
1019 }
1020
1021 AdminUserHome.update( user );
1022
1023 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1024
1025 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1026 CONSTANT_BO );
1027 }
1028
1029 return JSP_MANAGE_USER;
1030 }
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041 public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1042 {
1043 setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1044
1045 String strUserId = request.getParameter( PARAMETER_USER_ID );
1046
1047 int nUserId = Integer.parseInt( strUserId );
1048
1049 Map<String, Object> model = new HashMap<>( );
1050 HtmlTemplate template;
1051
1052 AdminUser user = null;
1053 String strTemplateUrl = "";
1054
1055
1056
1057 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1058 {
1059 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1060 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1061 }
1062 else
1063 {
1064 throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1065 }
1066
1067 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1068 {
1069 throw new AppException( "User to modify password for not found" );
1070 }
1071
1072 AdminUser currentUser = AdminUserService.getAdminUser( request );
1073
1074 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1075 {
1076 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1077 }
1078
1079
1080 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1081
1082 model.put( MARK_USER, user );
1083 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1084 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1085 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1086
1087 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1088
1089 return getAdminPage( template.getHtml( ) );
1090 }
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101 public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1102 {
1103 if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1104 {
1105 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1106 }
1107 String strUserId = request.getParameter( PARAMETER_USER_ID );
1108
1109 int nUserId = Integer.parseInt( strUserId );
1110
1111 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1112
1113 if ( userToModify == null )
1114 {
1115 throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1116 }
1117
1118 AdminUser currentUser = AdminUserService.getAdminUser( request );
1119
1120 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1121 {
1122 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1123 }
1124
1125
1126 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1127 {
1128 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1129
1130 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1131 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1132
1133 if ( StringUtils.isEmpty( strFirstPassword ) )
1134 {
1135 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1136 I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1137 }, AdminMessage.TYPE_STOP );
1138 }
1139
1140 if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1141 {
1142
1143 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1144 }
1145
1146 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1147
1148 if ( StringUtils.isNotEmpty( strUrl ) )
1149 {
1150 return strUrl;
1151 }
1152
1153 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1154 user.setPasswordReset( Boolean.FALSE );
1155 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1156
1157 AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1158
1159 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1160 user.getAccessCode( ), CONSTANT_BO );
1161 }
1162
1163 return JSP_MANAGE_USER;
1164 }
1165
1166
1167
1168
1169
1170
1171
1172
1173 public String getImportUsersFromFile( HttpServletRequest request )
1174 {
1175 _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1176 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1177 getUser( ) ) )
1178 {
1179 return getManageAdminUsers( request );
1180 }
1181
1182 setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1183
1184 Map<String, Object> model = new HashMap<>( );
1185
1186 model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1187
1188 String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1189 String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1190 String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1191 model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1192 model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1193 model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1194 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1195
1196 String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1197 HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1198
1199 return getAdminPage( template.getHtml( ) );
1200 }
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211 public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1212 {
1213 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1214
1215 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1216 getUser( ) ) )
1217 {
1218 result.setHtmlContent( getManageAdminUsers( request ) );
1219
1220 return result;
1221 }
1222
1223 if ( request instanceof MultipartHttpServletRequest )
1224 {
1225 MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1226 FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1227 String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1228
1229 if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1230 {
1231 Object [ ] tabRequiredFields = {
1232 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1233 };
1234 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1235
1236 return result;
1237 }
1238
1239 if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1240 && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1241 || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1242 {
1243 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1244
1245 return result;
1246 }
1247 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1248 {
1249 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1250 }
1251
1252 String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1253 boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1254 String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1255 boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1256
1257 _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1258
1259 List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1260 AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1261
1262 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1263 CONSTANT_BO );
1264
1265 request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1266
1267 String strHtmlResult = getImportUsersFromFile( request );
1268 result.setHtmlContent( strHtmlResult );
1269 }
1270 else
1271 {
1272 Object [ ] tabRequiredFields = {
1273 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1274 };
1275 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1276 }
1277
1278 return result;
1279 }
1280
1281
1282
1283
1284
1285
1286
1287
1288 public String getExportUsers( HttpServletRequest request )
1289 {
1290 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1291 getUser( ) ) )
1292 {
1293 return getManageAdminUsers( request );
1294 }
1295
1296 setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1297
1298 Map<String, Object> model = new HashMap<>( );
1299
1300 ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1301
1302 model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1303
1304 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1305
1306 return getAdminPage( template.getHtml( ) );
1307 }
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320 public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1321 {
1322 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1323
1324 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1325 getUser( ) ) )
1326 {
1327 result.setHtmlContent( getManageAdminUsers( request ) );
1328
1329 return result;
1330 }
1331
1332 String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1333 String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1334 String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1335 String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1336 String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1337 boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1338 boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1339 boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1340 boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1341
1342 if ( StringUtils.isBlank( strXslExportId ) )
1343 {
1344 Object [ ] tabRequiredFields = {
1345 I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1346 };
1347 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1348
1349 return result;
1350 }
1351
1352 int nIdXslExport = Integer.parseInt( strXslExportId );
1353
1354 XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1355
1356 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1357
1358 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1359 List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1360
1361 for ( IAttribute attribute : listAttributes )
1362 {
1363 if ( attribute instanceof ISimpleValuesAttributes )
1364 {
1365 listAttributesFiltered.add( attribute );
1366 }
1367 }
1368
1369 StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1370 XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1371
1372 for ( AdminUser user : listUsers )
1373 {
1374 if ( !user.isStatusAnonymized( ) )
1375 {
1376 sbXml.append(
1377 AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1378 }
1379 }
1380
1381 XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1382
1383 String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1384 String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1385
1386 if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1387 {
1388 response.setContentType( CONSTANT_MIME_TYPE_CSV );
1389 }
1390 else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1391 {
1392 response.setContentType( CONSTANT_MIME_TYPE_XML );
1393 }
1394 else
1395 {
1396 response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1397 }
1398
1399 String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1400 response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1401
1402 PrintWriter out = response.getWriter( );
1403 out.write( strExportedUsers );
1404 out.flush( );
1405 out.close( );
1406
1407 return null;
1408 }
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419 public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1420 {
1421 String strUserId = request.getParameter( PARAMETER_USER_ID );
1422 int nUserId = Integer.parseInt( strUserId );
1423 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1424
1425 if ( user == null )
1426 {
1427 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1428 }
1429
1430 AdminUser currentUser = AdminUserService.getAdminUser( request );
1431
1432 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1433 {
1434 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1435 }
1436
1437 String strUrlRemove = JSP_URL_REMOVE_USER;
1438 Map<String, Object> parameters = new HashMap<>( );
1439 parameters.put( PARAMETER_USER_ID, strUserId );
1440 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1441
1442 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1443 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1444 }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters );
1445 }
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456 public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1457 {
1458 String strUserId = request.getParameter( PARAMETER_USER_ID );
1459 int nUserId = Integer.parseInt( strUserId );
1460 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1461
1462 if ( user == null )
1463 {
1464 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1465 }
1466 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1467 {
1468 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1469 }
1470
1471 AdminUser currentUser = AdminUserService.getAdminUser( request );
1472
1473 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1474 {
1475 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1476 }
1477
1478 String strRemovedUserAccessCode = user.getAccessCode( );
1479
1480 AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1481 AdminUserHome.removeAllRightsForUser( nUserId );
1482 AdminUserHome.removeAllRolesForUser( nUserId );
1483 AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1484 AdminUserHome.remove( nUserId );
1485
1486 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1487 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1488
1489 return JSP_MANAGE_USER;
1490 }
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501 public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1502 {
1503 setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1504
1505 String strUserId = request.getParameter( PARAMETER_USER_ID );
1506 int nUserId = Integer.parseInt( strUserId );
1507
1508 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1509
1510 AdminUser currentUser = AdminUserService.getAdminUser( request );
1511
1512 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1513 {
1514 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1515 }
1516
1517 Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1518
1519
1520 setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1521
1522 HashMap<String, Object> model = new HashMap<>( );
1523 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1524 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1525 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1526 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1527 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1528
1529 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1530
1531 return getAdminPage( template.getHtml( ) );
1532 }
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543 public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1544 {
1545 setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1546
1547 String strUserId = request.getParameter( PARAMETER_USER_ID );
1548 int nUserId = Integer.parseInt( strUserId );
1549
1550 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1551 AdminUser currentUser = AdminUserService.getAdminUser( request );
1552
1553 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1554 {
1555 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1556 }
1557
1558 ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1559
1560
1561 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1562
1563 Map<String, Object> model = new HashMap<>( );
1564 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1565 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1566 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1567 model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1568 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1569
1570 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1571
1572 return getAdminPage( template.getHtml( ) );
1573 }
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584 public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1585 {
1586 boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1587
1588 setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1589
1590 String strUserId = request.getParameter( PARAMETER_USER_ID );
1591 int nUserId = Integer.parseInt( strUserId );
1592
1593 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1594 AdminUser currentUser = getUser( );
1595
1596 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1597 {
1598 return getManageAdminUsers( request );
1599 }
1600
1601 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1602 {
1603 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1604 }
1605
1606 ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1607 ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1608
1609 ArrayList<String> checkedValues = new ArrayList<>( );
1610
1611 for ( ReferenceItem item : userWorkspaces )
1612 {
1613 checkedValues.add( item.getCode( ) );
1614 }
1615
1616 assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1617
1618
1619 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1620
1621 Map<String, Object> model = new HashMap<>( );
1622 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1623 model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1624 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1625 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1626 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1627 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1628
1629 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1630
1631 return getAdminPage( template.getHtml( ) );
1632 }
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643 public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1644 {
1645 boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1646
1647 String strSelectAll = request.getParameter( PARAMETER_SELECT );
1648 boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1649
1650 setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1651
1652 String strUserId = request.getParameter( PARAMETER_USER_ID );
1653 int nUserId = Integer.parseInt( strUserId );
1654
1655 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1656 AdminUser currentUser = getUser( );
1657
1658 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1659 {
1660 return getManageAdminUsers( request );
1661 }
1662
1663 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1664 {
1665 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1666 }
1667
1668 Collection<Right> rightList;
1669 Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1670
1671 if ( bDelegateRights )
1672 {
1673 Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1674 rightList = new ArrayList<>( );
1675
1676 for ( Right right : rights.values( ) )
1677 {
1678
1679
1680 if ( right.getLevel( ) >= user.getUserLevel( ) )
1681 {
1682 rightList.add( right );
1683 }
1684 }
1685 }
1686 else
1687 {
1688 rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1689 }
1690
1691
1692 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1693
1694 Map<String, Object> model = new HashMap<>( );
1695 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1696 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1697 model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1698 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1699 model.put( MARK_SELECT_ALL, bSelectAll );
1700 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1701 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1702 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1703
1704 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1705
1706 return getAdminPage( template.getHtml( ) );
1707 }
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718 public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1719 {
1720 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1721 {
1722 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1723 }
1724 String strUserId = request.getParameter( PARAMETER_USER_ID );
1725 int nUserId = Integer.parseInt( strUserId );
1726
1727 String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1728
1729 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1730 AdminUser currentUser = AdminUserService.getAdminUser( request );
1731
1732 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1733 {
1734 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1735 }
1736
1737 AdminUserHome.removeAllOwnRightsForUser( user );
1738
1739 if ( arrayRights != null )
1740 {
1741 for ( String strRight : arrayRights )
1742 {
1743 AdminUserHome.createRightForUser( nUserId, strRight );
1744 }
1745 }
1746
1747 HashMap<String, String [ ]> mapData = new HashMap<>( );
1748 mapData.put( user.getAccessCode( ), arrayRights );
1749 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1750
1751 if ( user.getUserId( ) == currentUser.getUserId( ) )
1752 {
1753 try
1754 {
1755 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1756 }
1757 catch( AccessDeniedException | UserNotSignedException e )
1758 {
1759 AppLogService.error( e.getMessage( ), e );
1760 }
1761 }
1762
1763 return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1764 }
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775 public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1776 {
1777 setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1778
1779 String strUserId = request.getParameter( PARAMETER_USER_ID );
1780 int nUserId = Integer.parseInt( strUserId );
1781 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1782 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1783
1784 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1785 {
1786 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1787 }
1788
1789 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1790
1791
1792 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1793
1794 Map<String, Object> model = new HashMap<>( );
1795 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1796 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1797 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1798 model.put( MARK_USER_ROLE_LIST, roleList );
1799 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1800
1801 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1802
1803 return getAdminPage( template.getHtml( ) );
1804 }
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815 public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1816 {
1817 boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1818 setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1819
1820 String strUserId = request.getParameter( PARAMETER_USER_ID );
1821 int nUserId = Integer.parseInt( strUserId );
1822
1823 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1824 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1825
1826 if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1827 {
1828 return getManageAdminUsers( request );
1829 }
1830
1831 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1832 {
1833 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1834 }
1835
1836 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1837 Collection<RBACRole> assignableRoleList;
1838
1839 if ( bDelegateRoles )
1840 {
1841
1842 assignableRoleList = new ArrayList<>( );
1843
1844 AdminUser currentUser = getUser( );
1845
1846 for ( RBACRole role : RBACRoleHome.findAll( ) )
1847 {
1848 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1849 {
1850 assignableRoleList.add( role );
1851 }
1852 }
1853 }
1854 else
1855 {
1856
1857 assignableRoleList = RBACRoleHome.findAll( );
1858 }
1859
1860
1861 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1862
1863 Map<String, Object> model = new HashMap<>( );
1864 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1865 model.put( MARK_USER_ROLE_LIST, roleList );
1866 model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1867 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1868 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1869 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1870
1871 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1872
1873 return getAdminPage( template.getHtml( ) );
1874 }
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885 public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1886 {
1887 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1888 {
1889 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1890 }
1891 String strUserId = request.getParameter( PARAMETER_USER_ID );
1892 int nUserId = Integer.parseInt( strUserId );
1893 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1894 AdminUser currentUser = AdminUserService.getAdminUser( request );
1895
1896 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1897 {
1898 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1899 }
1900
1901 String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1902
1903 AdminUserHome.removeAllRolesForUser( nUserId );
1904
1905 if ( arrayRoles != null )
1906 {
1907 for ( String strRole : arrayRoles )
1908 {
1909 AdminUserHome.createRoleForUser( nUserId, strRole );
1910 }
1911 }
1912
1913 HashMap<String, String [ ]> mapData = new HashMap<>( );
1914 mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1915 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1916
1917 return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1918 }
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929 public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1930 {
1931 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1932 {
1933 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1934 }
1935 String strUserId = request.getParameter( PARAMETER_USER_ID );
1936 int nUserId = Integer.parseInt( strUserId );
1937 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1938 AdminUser currentUser = getUser( );
1939
1940 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1941 {
1942 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1943 }
1944
1945 String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1946 ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1947
1948 for ( ReferenceItem item : assignableWorkgroups )
1949 {
1950 AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1951 }
1952
1953 if ( arrayWorkspaces != null )
1954 {
1955 for ( String strWorkgroupKey : arrayWorkspaces )
1956 {
1957 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1958 }
1959 }
1960
1961 HashMap<String, String [ ]> mapData = new HashMap<>( );
1962 mapData.put( user.getAccessCode( ), arrayWorkspaces );
1963 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1964
1965 return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1966 }
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977 private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1978 {
1979 ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1980
1981 if ( workgroups.isEmpty( ) )
1982 {
1983 return true;
1984 }
1985
1986 for ( ReferenceItem item : workgroups )
1987 {
1988 if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1989 {
1990 return true;
1991 }
1992 }
1993
1994 return false;
1995 }
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006 public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2007 {
2008 if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2009 {
2010 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2011 }
2012 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2013 getUser( ) ) )
2014 {
2015 throw new AccessDeniedException(
2016 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2017 }
2018
2019 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2020 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2021 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2022 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2023
2024 Map logParametersMap = new HashMap( );
2025 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2026 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2027 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2028 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2029 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2030 CONSTANT_BO );
2031
2032 return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2033 }
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044 public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2045 {
2046 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2047 {
2048 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2049 }
2050 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2051 getUser( ) ) )
2052 {
2053 throw new AccessDeniedException(
2054 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2055 }
2056
2057 Map logParametersMap = new HashMap( );
2058
2059 String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2060 strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2061
2062 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2063 logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2064
2065
2066 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2067 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2068
2069 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2070 logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2071 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2072 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2073 logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2074
2075 boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2076
2077 if ( bUseAdvancedSecurityParameter )
2078 {
2079
2080 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2081 request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2082 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2083 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2084 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2085 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2086 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2087 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2088 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2089
2090
2091 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2092 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2093
2094
2095 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2096 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2097
2098
2099 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2100 request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2101 logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2102
2103
2104 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2105 request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2106 logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2107
2108
2109 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2110 request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2111 logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2112 }
2113
2114
2115 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2116 logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2117
2118
2119 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2120 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2121 logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2122
2123
2124 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2125 logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2126
2127
2128 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2129 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2130 logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2131
2132
2133 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2134 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2135
2136
2137 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2138 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2139
2140
2141 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2142 logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2143
2144 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2145 CONSTANT_BO );
2146
2147 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2148 }
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159 public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2160 {
2161 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2162 getUser( ) ) )
2163 {
2164 throw new AccessDeniedException(
2165 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2166 }
2167 if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2168 {
2169 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2170 {
2171 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2172 }
2173 return doResetEmailPattern( request );
2174 }
2175 String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2176 String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2177
2178 if ( StringUtils.isNotBlank( strEmailPattern ) )
2179 {
2180 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2181 {
2182 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2183 }
2184 AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2185 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2186 }
2187 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2188 }
2189
2190
2191
2192
2193
2194
2195 private String doResetEmailPattern( HttpServletRequest request )
2196 {
2197 AdminUserService.doResetEmailPattern( );
2198
2199 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2200 }
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211 public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2212 {
2213 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2214 {
2215 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2216 }
2217 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2218 getUser( ) ) )
2219 {
2220 throw new AccessDeniedException(
2221 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2222 }
2223
2224 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2225
2226 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2227 {
2228 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2229 AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2230 }
2231
2232 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2233 }
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244 public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2245 {
2246 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2247 {
2248 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2249 }
2250 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2251 getUser( ) ) )
2252 {
2253 throw new AccessDeniedException(
2254 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2255 }
2256
2257 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2258
2259 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2260 {
2261 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2262 AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2263 }
2264
2265 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2266 }
2267
2268
2269
2270
2271
2272
2273
2274
2275 public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2276 {
2277 Map<String, Object> parameters = new HashMap<>( 1 );
2278 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2279
2280 if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2281 {
2282 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2283 AdminMessage.TYPE_CONFIRMATION, parameters );
2284 }
2285
2286 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2287 parameters );
2288 }
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299 public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2300 {
2301 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2302 {
2303 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2304 }
2305 AdminUserService.useAdvancedSecurityParameters( );
2306
2307 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2308 CONSTANT_BO );
2309
2310 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2311 }
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322 public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2323 {
2324 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2325 {
2326 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2327 }
2328 AdminUserService.removeAdvancedSecurityParameters( );
2329
2330 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2331 CONSTANT_BO );
2332
2333 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2334 }
2335
2336
2337
2338
2339
2340
2341
2342
2343 public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2344 {
2345 Map<String, Object> model = new HashMap<>( );
2346
2347 List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2348 List<IAttribute> listAttributesText = new ArrayList<>( );
2349
2350 for ( IAttribute attribut : listAllAttributes )
2351 {
2352 if ( attribut.isAnonymizable( ) )
2353 {
2354 listAttributesText.add( attribut );
2355 }
2356 }
2357
2358 model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2359
2360 model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2361 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2362
2363 setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2364
2365 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2366
2367 return getAdminPage( template.getHtml( ) );
2368 }
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379 public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2380 {
2381 if ( request.getParameter( PARAMETER_CANCEL ) != null )
2382 {
2383 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2384 }
2385 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2386 {
2387 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2388 }
2389
2390 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2391 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2392 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2393 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2394
2395 AttributeService attributeService = AttributeService.getInstance( );
2396
2397 List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2398 List<IAttribute> listAttributesText = new ArrayList<>( );
2399
2400 for ( IAttribute attribut : listAllAttributes )
2401 {
2402 if ( attribut.isAnonymizable( ) )
2403 {
2404 listAttributesText.add( attribut );
2405 }
2406 }
2407
2408 for ( IAttribute attribute : listAttributesText )
2409 {
2410 Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2411 attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2412 }
2413
2414 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2415 }
2416
2417
2418
2419
2420
2421
2422
2423
2424 public String getAnonymizeAdminUser( HttpServletRequest request )
2425 {
2426 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2427
2428 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2429 {
2430 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2431 }
2432
2433 int nUserId = Integer.parseInt( strAdminUserId );
2434 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2435
2436 if ( user == null )
2437 {
2438 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2439 }
2440
2441 String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2442 Map<String, Object> parameters = new HashMap<>( );
2443 parameters.put( PARAMETER_USER_ID, strAdminUserId );
2444 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2445
2446 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2447 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2448 }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters );
2449 }
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460 public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2461 {
2462 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2463
2464 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2465 {
2466 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2467 }
2468
2469 int nUserId = Integer.parseInt( strAdminUserId );
2470 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2471
2472 if ( user == null )
2473 {
2474 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2475 }
2476 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2477 {
2478 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2479 }
2480
2481 AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2482
2483 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2484 CONSTANT_BO );
2485
2486 return JSP_MANAGE_USER;
2487 }
2488
2489
2490
2491
2492
2493
2494
2495
2496 public String reactivateAccount( HttpServletRequest request )
2497 {
2498 AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2499 String strUrl;
2500 int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2501 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2502
2503 if ( user.getAccountMaxValidDate( ) != null )
2504 {
2505
2506 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2507 {
2508 AdminUserService.updateUserExpirationDate( user );
2509 }
2510
2511 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2512 AdminMessage.TYPE_INFO );
2513 }
2514 else
2515 {
2516 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2517 AdminMessage.TYPE_ERROR );
2518 }
2519
2520 return strUrl;
2521 }
2522
2523
2524
2525
2526
2527
2528
2529
2530 public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2531 {
2532 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2533
2534 Map<String, Object> model = new HashMap<>( );
2535 String strSenderKey = StringUtils.EMPTY;
2536 String strSubjectKey = StringUtils.EMPTY;
2537 String strBodyKey = StringUtils.EMPTY;
2538 String strTitle = StringUtils.EMPTY;
2539
2540 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2541 {
2542 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2543 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2544 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2545 strTitle = PROPERTY_FIRST_EMAIL;
2546 }
2547 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2548 {
2549 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2550 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2551 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2552 strTitle = PROPERTY_OTHER_EMAIL;
2553 }
2554 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2555 {
2556 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2557 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2558 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2559 strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2560 }
2561 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2562 {
2563 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2564 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2565 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2566 strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2567 }
2568 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2569 {
2570 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2571 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2572 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2573 strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2574 }
2575
2576 String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2577 String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2578
2579 defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2580
2581 String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2582
2583
2584 setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2585
2586 model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2587 model.put( MARK_EMAIL_SENDER, strSender );
2588 model.put( MARK_EMAIL_SUBJECT, strSubject );
2589 model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2590 model.put( MARK_EMAIL_LABEL, strTitle );
2591 model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2592 model.put( MARK_LOCALE, getLocale( ) );
2593 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2594 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2595
2596 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2597
2598 return getAdminPage( template.getHtml( ) );
2599 }
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610 public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2611 {
2612 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2613 {
2614 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2615 }
2616 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2617
2618 String strSenderKey = StringUtils.EMPTY;
2619 String strSubjectKey = StringUtils.EMPTY;
2620 String strBodyKey = StringUtils.EMPTY;
2621
2622 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2623 {
2624 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2625 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2626 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2627 }
2628 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2629 {
2630 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2631 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2632 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2633 }
2634 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2635 {
2636 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2637 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2638 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2639 }
2640 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2641 {
2642 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2643 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2644 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2645 }
2646 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2647 {
2648 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2649 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2650 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2651 }
2652
2653 AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2654 AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2655 DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2656
2657 return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2658 }
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668 private void setItemNavigator( int nIdAdminUser, String strUrl )
2669 {
2670 if ( _itemNavigator == null )
2671 {
2672 List<String> listIdsRight = new ArrayList<>( );
2673 int nCurrentItemId = 0;
2674 int nIndex = 0;
2675
2676 AdminUser currentUser = getUser( );
2677
2678 for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2679 {
2680 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2681 {
2682 listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2683
2684 if ( adminUser.getUserId( ) == nIdAdminUser )
2685 {
2686 nCurrentItemId = nIndex;
2687 }
2688
2689 nIndex++;
2690 }
2691 }
2692
2693 _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2694 }
2695 else
2696 {
2697 _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2698 _itemNavigator.setBaseUrl( strUrl );
2699 }
2700 }
2701
2702
2703
2704
2705 private void reinitItemNavigator( )
2706 {
2707 _itemNavigator = null;
2708 }
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719 private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2720 {
2721 if ( currentUser == null || userToModify == null )
2722 {
2723 return false;
2724 }
2725 return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2726 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2727 }
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738 private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2739 {
2740 if ( currentUser == null || userToModify == null )
2741 {
2742 return false;
2743 }
2744 return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2745 }
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756 private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2757 {
2758 if ( strSelectedUserLevel != null )
2759 {
2760 int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2761 return nSelectedUserLevel != user.getUserLevel( );
2762 }
2763 return false;
2764 }
2765 }