1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import fr.paris.lutece.portal.service.security.AccessLogService;
37 import java.io.IOException;
38 import java.io.PrintWriter;
39 import java.sql.Timestamp;
40 import java.util.ArrayList;
41 import java.util.Collection;
42 import java.util.Collections;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.fileupload.FileItem;
52 import org.apache.commons.lang3.StringUtils;
53
54 import fr.paris.lutece.portal.business.rbac.RBACRole;
55 import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56 import fr.paris.lutece.portal.business.rbac.RBAC;
57 import fr.paris.lutece.portal.business.right.Level;
58 import fr.paris.lutece.portal.business.right.LevelHome;
59 import fr.paris.lutece.portal.business.right.Right;
60 import fr.paris.lutece.portal.business.right.RightHome;
61 import fr.paris.lutece.portal.business.user.AdminUser;
62 import fr.paris.lutece.portal.business.user.AdminUserHome;
63 import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65 import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69 import fr.paris.lutece.portal.business.xsl.XslExport;
70 import fr.paris.lutece.portal.business.xsl.XslExportHome;
71 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73 import fr.paris.lutece.portal.service.admin.AdminUserService;
74 import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75 import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76 import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77 import fr.paris.lutece.portal.service.i18n.I18nService;
78 import fr.paris.lutece.portal.service.message.AdminMessage;
79 import fr.paris.lutece.portal.service.message.AdminMessageService;
80 import fr.paris.lutece.portal.service.plugin.PluginService;
81 import fr.paris.lutece.portal.service.rbac.RBACService;
82 import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83 import fr.paris.lutece.portal.service.security.SecurityTokenService;
84 import fr.paris.lutece.portal.service.security.UserNotSignedException;
85 import fr.paris.lutece.portal.service.spring.SpringContextService;
86 import fr.paris.lutece.portal.service.template.AppTemplateService;
87 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88 import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89 import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90 import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91 import fr.paris.lutece.portal.service.util.AppException;
92 import fr.paris.lutece.portal.service.util.AppLogService;
93 import fr.paris.lutece.portal.service.util.AppPathService;
94 import fr.paris.lutece.portal.service.util.AppPropertiesService;
95 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96 import fr.paris.lutece.portal.service.xsl.XslExportService;
97 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98 import fr.paris.lutece.portal.web.constants.Messages;
99 import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117
118
119
120
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123 private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124 private static final long serialVersionUID = -6323157489236186522L;
125
126
127
128 private static final String CONSTANTE_UN = "1";
129 private static final String CONSTANT_USER_MSG = "User ";
130 private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131 private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132 private static final String CONSTANT_BO = "BO";
133
134
135 private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136
137
138 private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139 private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140 private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141 private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142 private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143 private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144 private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145 private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146 private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147 private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148 private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149 private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150 private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151 private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152 private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153 private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154 private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155 private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156
157
158 private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159 private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160 private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161 private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162 private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163 private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164 private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165 private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166 private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167 private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168 private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169 private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171 private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172 private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173 private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174 private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175 private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176 private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177 private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180 private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181 private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183 private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184 private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185 private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186 private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187 private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188 private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189 private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190 private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191 private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192 private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193 private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194 private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195 private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196 private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197 private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198 private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199
200
201 private static final String PARAMETER_ACCESS_CODE = "access_code";
202 private static final String PARAMETER_LAST_NAME = "last_name";
203 private static final String PARAMETER_FIRST_NAME = "first_name";
204 private static final String PARAMETER_EMAIL = "email";
205 private static final String PARAMETER_NOTIFY_USER = "notify_user";
206 private static final String PARAMETER_STATUS = "status";
207 private static final String PARAMETER_USER_ID = "id_user";
208 private static final String PARAMETER_ROLE = "roles";
209 private static final String PARAMETER_RIGHT = "right";
210 private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211 private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212 private static final String PARAMETER_LANGUAGE = "language";
213 private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214 private static final String PARAMETER_USER_LEVEL = "user_level";
215 private static final String PARAMETER_WORKGROUP = "workgroup";
216 private static final String PARAMETER_SELECT = "select";
217 private static final String PARAMETER_SELECT_ALL = "all";
218 private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219 private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220 private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221 private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222 private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224 private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225 private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226 private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227 private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228 private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229 private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230 private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231 private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232 private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234 private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235 private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236 private static final String PARAMETER_ATTRIBUTE = "attribute_";
237 private static final String PARAMETER_EMAIL_TYPE = "email_type";
238 private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239 private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242 private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243 private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246 private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247 private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248 private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249 private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250 private static final String PARAMETER_CANCEL = "cancel";
251 private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254 private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255 private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256 private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257 private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258 private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259 private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260 private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261 private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262 private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263 private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264 private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265 private static final String PARAMETER_RESET = "reset";
266
267
268 private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269 private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270 private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271 private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272 private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
273 private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
274 private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
275 private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
276 private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
277 private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
278 private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
279 private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
280 private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
281 private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
282 private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
283
284
285 private static final String MARK_USER_LIST = "user_list";
286 private static final String MARK_IMPORT_USER_LIST = "import_user_list";
287 private static final String MARK_ACCESS_CODE = "access_code";
288 private static final String MARK_LAST_NAME = "last_name";
289 private static final String MARK_FIRST_NAME = "first_name";
290 private static final String MARK_EMAIL = "email";
291 private static final String MARK_IMPORT_USER = "import_user";
292 private static final String MARK_USER = "user";
293 private static final String MARK_LEVEL = "level";
294 private static final String MARK_USER_RIGHT_LIST = "user_right_list";
295 private static final String MARK_ALL_ROLE_LIST = "all_role_list";
296 private static final String MARK_USER_ROLE_LIST = "user_role_list";
297 private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
298 private static final String MARK_PAGINATOR = "paginator";
299 private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
300 private static final String MARK_LANGUAGES_LIST = "languages_list";
301 private static final String MARK_CURRENT_LANGUAGE = "current_language";
302 private static final String MARK_USER_CREATION_URL = "url_user_creation";
303 private static final String MARK_CAN_DELEGATE = "can_delegate";
304 private static final String MARK_CAN_MODIFY = "can_modify";
305 private static final String MARK_USER_LEVELS_LIST = "user_levels";
306 private static final String MARK_CURRENT_USER = "current_user";
307 private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
308 private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
309 private static final String MARK_SELECT_ALL = "select_all";
310 private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
311 private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
312 private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
313 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
314 private static final String MARK_LOCALE = "locale";
315 private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
316 private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
317 private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
318 private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
319 private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
320 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
321 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
322 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
323 private static final String MARK_EMAIL_SENDER = "email_sender";
324 private static final String MARK_EMAIL_SUBJECT = "email_subject";
325 private static final String MARK_EMAIL_BODY = "email_body";
326 private static final String MARK_EMAIL_LABEL = "emailLabel";
327 private static final String MARK_WEBAPP_URL = "webapp_url";
328 private static final String MARK_LIST_MESSAGES = "csv_messages";
329 private static final String MARK_CSV_SEPARATOR = "csv_separator";
330 private static final String MARK_CSV_ESCAPE = "csv_escape";
331 private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
332 private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
333 private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
334 private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
335 private static final String MARK_ADMIN_AVATAR = "adminAvatar";
336 private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
337 private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
338 private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
339
340 private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
341 private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
342 private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
343 private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
344 private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
345 private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
346 private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
347 private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
348 private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
349 private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
350 private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
351 private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
352 private static final String CONSTANT_POINT = ".";
353 private static final String CONSTANT_QUOTE = "\"";
354 private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
355 private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
356 private static final String CONSTANT_XML_USERS = "users";
357 private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
358 private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
359 private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
360 private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
361 private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
362 private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
363 private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
364 private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
365 private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
366 private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
367 private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
368 private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
369 private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
370
371 private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
372
373 private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
374 private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
375 private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
376 private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
377 private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
378
379 private transient ImportAdminUserService _importAdminUserService;
380 private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
381
382 private int _nItemsPerPage;
383 private String _strCurrentPageIndex;
384 private ItemNavigator _itemNavigator;
385
386
387
388
389
390
391
392
393 public String getManageAdminUsers( HttpServletRequest request )
394 {
395 setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
396
397
398 reinitItemNavigator( );
399
400 String strCreateUrl;
401 AdminUser currentUser = getUser( );
402
403 Map<String, Object> model = new HashMap<>( );
404
405
406 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
407 {
408 strCreateUrl = JSP_URL_CREATE_USER;
409 }
410 else
411 {
412 strCreateUrl = JSP_URL_IMPORT_USER;
413 }
414
415 String strURL = getHomeUrl( request );
416 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
417
418 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
419 listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
420
421 List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
422 List<AdminUser> listDisplayUsers = new ArrayList<>( );
423
424 for ( AdminUser user : availableUsers )
425 {
426 if ( isUserAuthorizedToModifyUser( currentUser, user ) )
427 {
428 listDisplayUsers.add( user );
429 }
430 }
431
432
433 String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
434 String strAscSort = null;
435
436 if ( strSortedAttributeName != null )
437 {
438 strAscSort = request.getParameter( Parameters.SORTED_ASC );
439
440 boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
441
442 Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
443 }
444
445 _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
446 int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
447 _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
448
449 if ( strSortedAttributeName != null )
450 {
451 url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
452 }
453
454 if ( strAscSort != null )
455 {
456 url.addParameter( Parameters.SORTED_ASC, strAscSort );
457 }
458
459
460 LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
461 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
462
463
464 Collection<Level> filteredLevels = new ArrayList<>( );
465
466 for ( Level level : LevelHome.getLevelsList( ) )
467 {
468 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
469 {
470 filteredLevels.add( level );
471 }
472 }
473
474 boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
475 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
476 boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
477 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
478
479 model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
480 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
481 model.put( MARK_PAGINATOR, paginator );
482 model.put( MARK_USER_LIST, paginator.getPageItems( ) );
483 model.put( MARK_USER_CREATION_URL, strCreateUrl );
484 model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
485 model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
486 model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
487 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
488
489 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
490
491 return getAdminPage( template.getHtml( ) );
492 }
493
494
495
496
497
498
499
500
501
502 public String getFindImportAdminUser( HttpServletRequest request )
503 {
504 setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
505
506 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
507 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
508 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
509 String strEmail = request.getParameter( PARAMETER_EMAIL );
510
511 Map<String, Object> model = new HashMap<>( );
512 Collection<?> allImportUsers = null;
513
514 if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
515 {
516 allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
517 }
518
519 model.put( MARK_IMPORT_USER_LIST, allImportUsers );
520 model.put( MARK_ACCESS_CODE, strAccessCode );
521 model.put( MARK_LAST_NAME, strLastName );
522 model.put( MARK_FIRST_NAME, strFirstName );
523 model.put( MARK_EMAIL, strEmail );
524
525 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
526
527 return getAdminPage( template.getHtml( ) );
528 }
529
530
531
532
533
534
535
536
537 public String doSelectImportUser( HttpServletRequest request )
538 {
539 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
540
541 if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
542 {
543 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
544 }
545
546
547 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
548 {
549 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
550 }
551
552 return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
553 }
554
555
556
557
558
559
560
561
562 public String getCreateAdminUser( HttpServletRequest request )
563 {
564 setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
565
566 HtmlTemplate template;
567 AdminUser currentUser = getUser( );
568 Collection<Level> filteredLevels = new ArrayList<>( );
569
570 for ( Level level : LevelHome.getLevelsList( ) )
571 {
572 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
573 {
574 filteredLevels.add( level );
575 }
576 }
577
578
579 String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
580 Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
581 int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
582 String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
583 int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
584
585
586 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
587
588
589 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
590 {
591 Map<String, Object> model = new HashMap<>( );
592
593 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
594 model.put( MARK_CURRENT_USER, currentUser );
595 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
596 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
597 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
598 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
599 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
600 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
601 model.put( MARK_LOCALE, getLocale( ) );
602 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
603 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
604 model.put( MARK_RANDOM_PASSWORD_SIZE,
605 AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
606 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
607 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
608
609 template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
610 }
611 else
612
613
614 {
615
616
617 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
618 AdminUser user = null;
619
620 if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
621 {
622 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
623 }
624
625 Map<String, Object> model = new HashMap<>( );
626
627 if ( user != null )
628 {
629 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
630 model.put( MARK_CURRENT_USER, currentUser );
631 model.put( MARK_IMPORT_USER, user );
632 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
633 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
634 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
635 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
636 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
637 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
638 model.put( MARK_LOCALE, getLocale( ) );
639 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
640 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
641 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
642 }
643
644 template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
645 }
646
647 return getAdminPage( template.getHtml( ) );
648 }
649
650
651
652
653
654
655
656
657
658
659 public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
660 {
661 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
662 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
663 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
664 String strEmail = request.getParameter( PARAMETER_EMAIL );
665 String strStatus = request.getParameter( PARAMETER_STATUS );
666 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
667 String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
668 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
669 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
670
671 String message = checkParameters( request, JSP_URL_CREATE_USER );
672
673 if ( message != null )
674 {
675 return message;
676 }
677
678
679 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
680 {
681 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
682 }
683
684
685 if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
686 {
687 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
688 }
689
690
691 int nNewUserLevel = Integer.parseInt( strUserLevel );
692
693
694 if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
695 {
696 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
697 }
698
699
700 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
701 {
702 LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
703 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
704 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
705
706 if ( StringUtils.isEmpty( strFirstPassword ) )
707 {
708 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
709 }
710
711 if ( !strFirstPassword.equals( strSecondPassword ) )
712 {
713 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
714 }
715
716 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
717
718 if ( StringUtils.isNotEmpty( strUrl ) )
719 {
720 return strUrl;
721 }
722
723 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
724
725 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
726 user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
727
728 user.setAccessCode( strAccessCode );
729 user.setLastName( strLastName );
730 user.setFirstName( strFirstName );
731 user.setEmail( strEmail );
732 user.setStatus( Integer.parseInt( strStatus ) );
733 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
734
735 user.setUserLevel( nNewUserLevel );
736 user.setPasswordReset( Boolean.TRUE );
737 user.setAccessibilityMode( strAccessibilityMode != null );
738 user.setWorkgroupKey( strWorkgroupKey );
739
740 AdminUserHome.create( user );
741 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
742
743 if ( CONSTANTE_UN.equals( strNotifyUser ) )
744 {
745
746 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
747 TEMPLATE_NOTIFY_USER );
748 }
749
750 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
751 CONSTANT_BO );
752 }
753 else
754 {
755 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
756 user.setAccessCode( strAccessCode );
757 user.setLastName( strLastName );
758 user.setFirstName( strFirstName );
759 user.setEmail( strEmail );
760 user.setStatus( Integer.parseInt( strStatus ) );
761 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
762
763 user.setUserLevel( nNewUserLevel );
764 user.setAccessibilityMode( strAccessibilityMode != null );
765 user.setWorkgroupKey( strWorkgroupKey );
766
767 AdminUserHome.create( user );
768 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
769
770 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
771 CONSTANT_BO );
772 }
773
774 return JSP_MANAGE_USER;
775 }
776
777 private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
778 {
779 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
780 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
781 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
782 String strEmail = request.getParameter( PARAMETER_EMAIL );
783
784 if ( StringUtils.isEmpty( strAccessCode ) )
785 {
786 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
787 }
788
789 if ( StringUtils.isEmpty( strLastName ) )
790 {
791 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
792 }
793
794 if ( StringUtils.isEmpty( strFirstName ) )
795 {
796 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
797 }
798
799 if ( StringUtils.isBlank( strEmail ) )
800 {
801 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
802 }
803
804 if ( !AdminUserService.checkEmail( strEmail ) )
805 {
806 return AdminUserService.getEmailErrorMessageUrl( request );
807 }
808
809 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
810
811 if ( strError != null )
812 {
813 return strError;
814 }
815
816 if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
817 {
818 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
819 }
820
821 return null;
822 }
823
824
825
826
827
828
829
830
831
832
833 public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
834 {
835 setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
836
837 String strUserId = request.getParameter( PARAMETER_USER_ID );
838
839 int nUserId = Integer.parseInt( strUserId );
840
841 Map<String, Object> model = new HashMap<>( );
842 HtmlTemplate template;
843
844 AdminUser user;
845 String strTemplateUrl;
846
847
848
849 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
850 {
851 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
852 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
853 }
854 else
855 {
856 user = AdminUserHome.findByPrimaryKey( nUserId );
857 strTemplateUrl = TEMPLATE_MODIFY_USER;
858 }
859
860 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
861 {
862 return getManageAdminUsers( request );
863 }
864
865 AdminUser currentUser = AdminUserService.getAdminUser( request );
866
867 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
868 {
869 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
870 }
871
872 Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
873 ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
874
875 if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
876 {
877 for (Level levelItem : LevelHome.getLevelsList( )) {
878 filteredLevels.add(levelItem.getReferenceItem());
879 };
880 filteredLevels.removeIf(levelItem -> levelItem.getCode().equals("0"));
881 }
882
883
884 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
885
886 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
887 Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
888
889 model.put( MARK_USER, user );
890 model.put( MARK_LEVEL, level );
891 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
892 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
893 model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
894 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
895 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
896 model.put( MARK_LOCALE, getLocale( ) );
897 model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
898 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
899 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
900
901 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
902
903 return getAdminPage( template.getHtml( ) );
904 }
905
906
907
908
909
910
911
912
913
914
915 public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
916 {
917 String strUserId = request.getParameter( PARAMETER_USER_ID );
918 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
919 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
920 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
921 String strEmail = request.getParameter( PARAMETER_EMAIL );
922 String strStatus = request.getParameter( PARAMETER_STATUS );
923 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
924 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
925 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
926 int nUserId = Integer.parseInt( strUserId );
927
928 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
929 AdminUser currentUser = AdminUserService.getAdminUser( request );
930
931 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
932 {
933 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
934 }
935
936
937
938 if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
939 {
940 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
941 }
942
943 String message = checkParameters( request, JSP_URL_MODIFY_USER );
944
945 if ( message != null )
946 {
947 return message;
948 }
949
950 int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
951
952
953 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
954 {
955 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
956 }
957
958 checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
959
960
961 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
962 {
963 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
964 }
965
966
967 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
968 {
969 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
970
971 user.setUserId( nUserId );
972 user.setAccessCode( strAccessCode );
973 user.setLastName( strLastName );
974 user.setFirstName( strFirstName );
975 user.setEmail( strEmail );
976 user.setWorkgroupKey( strWorkgroupKey );
977 user.setUserLevel( Integer.parseInt( strUserLevel ) );
978
979 int nStatus = Integer.parseInt( strStatus );
980
981 if ( nStatus != user.getStatus( ) )
982 {
983 user.setStatus( nStatus );
984 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
985 TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
986 }
987
988 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
989 user.setAccessibilityMode( strAccessibilityMode != null );
990
991 AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
992
993 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
994
995 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
996 CONSTANT_BO );
997 }
998 else
999 {
1000 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1001 user.setUserId( nUserId );
1002 user.setAccessCode( strAccessCode );
1003 user.setLastName( strLastName );
1004 user.setFirstName( strFirstName );
1005 user.setEmail( strEmail );
1006 user.setStatus( Integer.parseInt( strStatus ) );
1007 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1008 user.setAccessibilityMode( strAccessibilityMode != null );
1009 user.setWorkgroupKey( strWorkgroupKey );
1010 user.setUserLevel( Integer.parseInt( strUserLevel ) );
1011
1012 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1013
1014 if ( strError != null )
1015 {
1016 return strError;
1017 }
1018
1019 AdminUserHome.update( user );
1020
1021 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1022
1023 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1024 CONSTANT_BO );
1025 }
1026
1027 return JSP_MANAGE_USER;
1028 }
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039 public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1040 {
1041 setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1042
1043 String strUserId = request.getParameter( PARAMETER_USER_ID );
1044
1045 int nUserId = Integer.parseInt( strUserId );
1046
1047 Map<String, Object> model = new HashMap<>( );
1048 HtmlTemplate template;
1049
1050 AdminUser user = null;
1051 String strTemplateUrl = "";
1052
1053
1054
1055 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1056 {
1057 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1058 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1059 }
1060 else
1061 {
1062 throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1063 }
1064
1065 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1066 {
1067 throw new AppException( "User to modify password for not found" );
1068 }
1069
1070 AdminUser currentUser = AdminUserService.getAdminUser( request );
1071
1072 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1073 {
1074 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1075 }
1076
1077
1078 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1079
1080 model.put( MARK_USER, user );
1081 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1082 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1083 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1084
1085 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1086
1087 return getAdminPage( template.getHtml( ) );
1088 }
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099 public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1100 {
1101 if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1102 {
1103 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1104 }
1105 String strUserId = request.getParameter( PARAMETER_USER_ID );
1106
1107 int nUserId = Integer.parseInt( strUserId );
1108
1109 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1110
1111 if ( userToModify == null )
1112 {
1113 throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1114 }
1115
1116 AdminUser currentUser = AdminUserService.getAdminUser( request );
1117
1118 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1119 {
1120 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1121 }
1122
1123
1124 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1125 {
1126 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1127
1128 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1129 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1130
1131 if ( StringUtils.isEmpty( strFirstPassword ) )
1132 {
1133 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1134 I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1135 }, AdminMessage.TYPE_STOP );
1136 }
1137
1138 if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1139 {
1140
1141 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1142 }
1143
1144 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1145
1146 if ( StringUtils.isNotEmpty( strUrl ) )
1147 {
1148 return strUrl;
1149 }
1150
1151 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1152 user.setPasswordReset( Boolean.FALSE );
1153 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1154
1155 AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1156
1157 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1158 user.getAccessCode( ), CONSTANT_BO );
1159 }
1160
1161 return JSP_MANAGE_USER;
1162 }
1163
1164
1165
1166
1167
1168
1169
1170
1171 public String getImportUsersFromFile( HttpServletRequest request )
1172 {
1173 _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1174 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1175 getUser( ) ) )
1176 {
1177 return getManageAdminUsers( request );
1178 }
1179
1180 setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1181
1182 Map<String, Object> model = new HashMap<>( );
1183
1184 model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1185
1186 String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1187 String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1188 String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1189 model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1190 model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1191 model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1192 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1193
1194 String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1195 HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1196
1197 return getAdminPage( template.getHtml( ) );
1198 }
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209 public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1210 {
1211 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1212
1213 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1214 getUser( ) ) )
1215 {
1216 result.setHtmlContent( getManageAdminUsers( request ) );
1217
1218 return result;
1219 }
1220
1221 if ( request instanceof MultipartHttpServletRequest )
1222 {
1223 MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1224 FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1225 String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1226
1227 if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1228 {
1229 Object [ ] tabRequiredFields = {
1230 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1231 };
1232 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1233
1234 return result;
1235 }
1236
1237 if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1238 && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1239 || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1240 {
1241 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1242
1243 return result;
1244 }
1245 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1246 {
1247 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1248 }
1249
1250 String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1251 boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1252 String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1253 boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1254
1255 _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1256
1257 List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1258 AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1259
1260 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1261 CONSTANT_BO );
1262
1263 request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1264
1265 String strHtmlResult = getImportUsersFromFile( request );
1266 result.setHtmlContent( strHtmlResult );
1267 }
1268 else
1269 {
1270 Object [ ] tabRequiredFields = {
1271 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1272 };
1273 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1274 }
1275
1276 return result;
1277 }
1278
1279
1280
1281
1282
1283
1284
1285
1286 public String getExportUsers( HttpServletRequest request )
1287 {
1288 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1289 getUser( ) ) )
1290 {
1291 return getManageAdminUsers( request );
1292 }
1293
1294 setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1295
1296 Map<String, Object> model = new HashMap<>( );
1297
1298 ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1299
1300 model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1301
1302 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1303
1304 return getAdminPage( template.getHtml( ) );
1305 }
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318 public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1319 {
1320 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1321
1322 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1323 getUser( ) ) )
1324 {
1325 result.setHtmlContent( getManageAdminUsers( request ) );
1326
1327 return result;
1328 }
1329
1330 String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1331 String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1332 String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1333 String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1334 String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1335 boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1336 boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1337 boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1338 boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1339
1340 if ( StringUtils.isBlank( strXslExportId ) )
1341 {
1342 Object [ ] tabRequiredFields = {
1343 I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1344 };
1345 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1346
1347 return result;
1348 }
1349
1350 int nIdXslExport = Integer.parseInt( strXslExportId );
1351
1352 XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1353
1354 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1355
1356 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1357 List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1358
1359 for ( IAttribute attribute : listAttributes )
1360 {
1361 if ( attribute instanceof ISimpleValuesAttributes )
1362 {
1363 listAttributesFiltered.add( attribute );
1364 }
1365 }
1366
1367 StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1368 XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1369
1370 for ( AdminUser user : listUsers )
1371 {
1372 if ( !user.isStatusAnonymized( ) )
1373 {
1374 sbXml.append(
1375 AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1376 }
1377 }
1378
1379 XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1380
1381 String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1382 String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1383
1384 if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1385 {
1386 response.setContentType( CONSTANT_MIME_TYPE_CSV );
1387 }
1388 else
1389 if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1390 {
1391 response.setContentType( CONSTANT_MIME_TYPE_XML );
1392 }
1393 else
1394 {
1395 response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1396 }
1397
1398 String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1399 response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1400
1401 PrintWriter out = response.getWriter( );
1402 out.write( strExportedUsers );
1403 out.flush( );
1404 out.close( );
1405
1406 return null;
1407 }
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418 public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1419 {
1420 String strUserId = request.getParameter( PARAMETER_USER_ID );
1421 int nUserId = Integer.parseInt( strUserId );
1422 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1423
1424 if ( user == null )
1425 {
1426 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1427 }
1428
1429 AdminUser currentUser = AdminUserService.getAdminUser( request );
1430
1431 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1432 {
1433 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1434 }
1435
1436 String strUrlRemove = JSP_URL_REMOVE_USER;
1437 Map<String, Object> parameters = new HashMap<>( );
1438 parameters.put( PARAMETER_USER_ID, strUserId );
1439 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1440
1441 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1442 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1443 }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters );
1444 }
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455 public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1456 {
1457 String strUserId = request.getParameter( PARAMETER_USER_ID );
1458 int nUserId = Integer.parseInt( strUserId );
1459 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1460
1461 if ( user == null )
1462 {
1463 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1464 }
1465 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1466 {
1467 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1468 }
1469
1470 AdminUser currentUser = AdminUserService.getAdminUser( request );
1471
1472 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1473 {
1474 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1475 }
1476
1477 String strRemovedUserAccessCode = user.getAccessCode( );
1478
1479 AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1480 AdminUserHome.removeAllRightsForUser( nUserId );
1481 AdminUserHome.removeAllRolesForUser( nUserId );
1482 AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1483 AdminUserHome.remove( nUserId );
1484
1485 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1486 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1487
1488 return JSP_MANAGE_USER;
1489 }
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500 public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1501 {
1502 setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1503
1504 String strUserId = request.getParameter( PARAMETER_USER_ID );
1505 int nUserId = Integer.parseInt( strUserId );
1506
1507 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1508
1509 AdminUser currentUser = AdminUserService.getAdminUser( request );
1510
1511 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1512 {
1513 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1514 }
1515
1516 Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1517
1518
1519 setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1520
1521 HashMap<String, Object> model = new HashMap<>( );
1522 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1523 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1524 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1525 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1526 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1527
1528 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1529
1530 return getAdminPage( template.getHtml( ) );
1531 }
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542 public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1543 {
1544 setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1545
1546 String strUserId = request.getParameter( PARAMETER_USER_ID );
1547 int nUserId = Integer.parseInt( strUserId );
1548
1549 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1550 AdminUser currentUser = AdminUserService.getAdminUser( request );
1551
1552 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1553 {
1554 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1555 }
1556
1557 ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1558
1559
1560 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1561
1562 Map<String, Object> model = new HashMap<>( );
1563 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1564 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1565 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1566 model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1567 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1568
1569 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1570
1571 return getAdminPage( template.getHtml( ) );
1572 }
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583 public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1584 {
1585 boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1586
1587 setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1588
1589 String strUserId = request.getParameter( PARAMETER_USER_ID );
1590 int nUserId = Integer.parseInt( strUserId );
1591
1592 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1593 AdminUser currentUser = getUser( );
1594
1595 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1596 {
1597 return getManageAdminUsers( request );
1598 }
1599
1600 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1601 {
1602 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1603 }
1604
1605 ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1606 ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1607
1608 ArrayList<String> checkedValues = new ArrayList<>( );
1609
1610 for ( ReferenceItem item : userWorkspaces )
1611 {
1612 checkedValues.add( item.getCode( ) );
1613 }
1614
1615 assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1616
1617
1618 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1619
1620 Map<String, Object> model = new HashMap<>( );
1621 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1622 model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1623 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1624 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1625 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1626 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1627
1628 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1629
1630 return getAdminPage( template.getHtml( ) );
1631 }
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642 public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1643 {
1644 boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1645
1646 String strSelectAll = request.getParameter( PARAMETER_SELECT );
1647 boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1648
1649 setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1650
1651 String strUserId = request.getParameter( PARAMETER_USER_ID );
1652 int nUserId = Integer.parseInt( strUserId );
1653
1654 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1655 AdminUser currentUser = getUser( );
1656
1657 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1658 {
1659 return getManageAdminUsers( request );
1660 }
1661
1662 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1663 {
1664 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1665 }
1666
1667 Collection<Right> rightList;
1668 Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1669
1670 if ( bDelegateRights )
1671 {
1672 Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1673 rightList = new ArrayList<>( );
1674
1675 for ( Right right : rights.values( ) )
1676 {
1677
1678
1679 if ( right.getLevel( ) >= user.getUserLevel( ) )
1680 {
1681 rightList.add( right );
1682 }
1683 }
1684 }
1685 else
1686 {
1687 rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1688 }
1689
1690
1691 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1692
1693 Map<String, Object> model = new HashMap<>( );
1694 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1695 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1696 model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1697 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1698 model.put( MARK_SELECT_ALL, bSelectAll );
1699 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1700 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1701 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1702
1703 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1704
1705 return getAdminPage( template.getHtml( ) );
1706 }
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717 public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1718 {
1719 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1720 {
1721 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1722 }
1723 String strUserId = request.getParameter( PARAMETER_USER_ID );
1724 int nUserId = Integer.parseInt( strUserId );
1725
1726 String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1727
1728 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1729 AdminUser currentUser = AdminUserService.getAdminUser( request );
1730
1731 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1732 {
1733 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1734 }
1735
1736 AdminUserHome.removeAllOwnRightsForUser( user );
1737
1738 if ( arrayRights != null )
1739 {
1740 for ( String strRight : arrayRights )
1741 {
1742 AdminUserHome.createRightForUser( nUserId, strRight );
1743 }
1744 }
1745
1746 HashMap<String, String [ ]> mapData = new HashMap<>( );
1747 mapData.put( user.getAccessCode( ), arrayRights );
1748 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1749
1750 if ( user.getUserId( ) == currentUser.getUserId( ) )
1751 {
1752 try
1753 {
1754 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1755 }
1756 catch( AccessDeniedException | UserNotSignedException e )
1757 {
1758 AppLogService.error( e.getMessage( ), e );
1759 }
1760 }
1761
1762 return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1763 }
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774 public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1775 {
1776 setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1777
1778 String strUserId = request.getParameter( PARAMETER_USER_ID );
1779 int nUserId = Integer.parseInt( strUserId );
1780 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1781 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1782
1783 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1784 {
1785 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1786 }
1787
1788 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1789
1790
1791 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1792
1793 Map<String, Object> model = new HashMap<>( );
1794 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1795 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1796 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1797 model.put( MARK_USER_ROLE_LIST, roleList );
1798 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1799
1800 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1801
1802 return getAdminPage( template.getHtml( ) );
1803 }
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814 public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1815 {
1816 boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1817 setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1818
1819 String strUserId = request.getParameter( PARAMETER_USER_ID );
1820 int nUserId = Integer.parseInt( strUserId );
1821
1822 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1823 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1824
1825 if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1826 {
1827 return getManageAdminUsers( request );
1828 }
1829
1830 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1831 {
1832 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1833 }
1834
1835 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1836 Collection<RBACRole> assignableRoleList;
1837
1838 if ( bDelegateRoles )
1839 {
1840
1841 assignableRoleList = new ArrayList<>( );
1842
1843 AdminUser currentUser = getUser( );
1844
1845 for ( RBACRole role : RBACRoleHome.findAll( ) )
1846 {
1847 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1848 {
1849 assignableRoleList.add( role );
1850 }
1851 }
1852 }
1853 else
1854 {
1855
1856 assignableRoleList = RBACRoleHome.findAll( );
1857 }
1858
1859
1860 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1861
1862 Map<String, Object> model = new HashMap<>( );
1863 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1864 model.put( MARK_USER_ROLE_LIST, roleList );
1865 model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1866 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1867 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1868 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1869
1870 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1871
1872 return getAdminPage( template.getHtml( ) );
1873 }
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884 public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1885 {
1886 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1887 {
1888 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1889 }
1890 String strUserId = request.getParameter( PARAMETER_USER_ID );
1891 int nUserId = Integer.parseInt( strUserId );
1892 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1893 AdminUser currentUser = AdminUserService.getAdminUser( request );
1894
1895 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1896 {
1897 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1898 }
1899
1900 String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1901
1902 AdminUserHome.removeAllRolesForUser( nUserId );
1903
1904 if ( arrayRoles != null )
1905 {
1906 for ( String strRole : arrayRoles )
1907 {
1908 AdminUserHome.createRoleForUser( nUserId, strRole );
1909 }
1910 }
1911
1912 HashMap<String, String [ ]> mapData = new HashMap<>( );
1913 mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1914 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1915
1916 return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1917 }
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928 public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1929 {
1930 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1931 {
1932 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1933 }
1934 String strUserId = request.getParameter( PARAMETER_USER_ID );
1935 int nUserId = Integer.parseInt( strUserId );
1936 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1937 AdminUser currentUser = getUser( );
1938
1939 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1940 {
1941 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1942 }
1943
1944 String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1945 ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1946
1947 for ( ReferenceItem item : assignableWorkgroups )
1948 {
1949 AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1950 }
1951
1952 if ( arrayWorkspaces != null )
1953 {
1954 for ( String strWorkgroupKey : arrayWorkspaces )
1955 {
1956 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1957 }
1958 }
1959
1960 HashMap<String, String [ ]> mapData = new HashMap<>( );
1961 mapData.put( user.getAccessCode( ), arrayWorkspaces );
1962 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1963
1964 return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1965 }
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976 private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1977 {
1978 ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1979
1980 if ( workgroups.isEmpty( ) )
1981 {
1982 return true;
1983 }
1984
1985 for ( ReferenceItem item : workgroups )
1986 {
1987 if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1988 {
1989 return true;
1990 }
1991 }
1992
1993 return false;
1994 }
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005 public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2006 {
2007 if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2008 {
2009 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2010 }
2011 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2012 getUser( ) ) )
2013 {
2014 throw new AccessDeniedException(
2015 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2016 }
2017
2018 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2019 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2020 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2021 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2022
2023 Map logParametersMap = new HashMap( );
2024 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2025 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2026 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2027 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2028 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2029 CONSTANT_BO );
2030
2031 return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2032 }
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043 public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2044 {
2045 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2046 {
2047 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2048 }
2049 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2050 getUser( ) ) )
2051 {
2052 throw new AccessDeniedException(
2053 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2054 }
2055
2056 Map logParametersMap = new HashMap( );
2057
2058 String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2059 strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2060
2061 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2062 logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2063
2064
2065 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2066 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2067
2068 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2069 logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2070 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2071 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2072 logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2073
2074 boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2075
2076 if ( bUseAdvancedSecurityParameter )
2077 {
2078
2079 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2080 request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2081 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2082 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2083 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2084 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2085 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2086 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2087 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2088
2089
2090 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2091 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2092
2093
2094 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2095 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2096
2097
2098 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2099 request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2100 logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2101
2102
2103 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2104 request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2105 logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2106
2107
2108 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2109 request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2110 logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2111 }
2112
2113
2114 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2115 logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2116
2117
2118 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2119 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2120 logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2121
2122
2123 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2124 logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2125
2126
2127 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2128 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2129 logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2130
2131
2132 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2133 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2134
2135
2136 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2137 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2138
2139
2140 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2141 logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2142
2143 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2144 CONSTANT_BO );
2145
2146 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2147 }
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158 public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2159 {
2160 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2161 getUser( ) ) )
2162 {
2163 throw new AccessDeniedException(
2164 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2165 }
2166 if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2167 {
2168 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2169 {
2170 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2171 }
2172 return doResetEmailPattern( request );
2173 }
2174 String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2175 String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2176
2177 if ( StringUtils.isNotBlank( strEmailPattern ) )
2178 {
2179 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2180 {
2181 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2182 }
2183 AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2184 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2185 }
2186 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2187 }
2188
2189
2190
2191
2192
2193
2194 private String doResetEmailPattern( HttpServletRequest request )
2195 {
2196 AdminUserService.doResetEmailPattern( );
2197
2198 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2199 }
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210 public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2211 {
2212 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2213 {
2214 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2215 }
2216 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2217 getUser( ) ) )
2218 {
2219 throw new AccessDeniedException(
2220 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2221 }
2222
2223 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2224
2225 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2226 {
2227 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2228 AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2229 }
2230
2231 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2232 }
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243 public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2244 {
2245 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2246 {
2247 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2248 }
2249 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2250 getUser( ) ) )
2251 {
2252 throw new AccessDeniedException(
2253 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2254 }
2255
2256 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2257
2258 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2259 {
2260 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2261 AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2262 }
2263
2264 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2265 }
2266
2267
2268
2269
2270
2271
2272
2273
2274 public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2275 {
2276 Map<String, Object> parameters = new HashMap<>( 1 );
2277 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2278
2279 if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2280 {
2281 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2282 AdminMessage.TYPE_CONFIRMATION, parameters );
2283 }
2284
2285 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2286 parameters );
2287 }
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298 public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2299 {
2300 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2301 {
2302 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2303 }
2304 AdminUserService.useAdvancedSecurityParameters( );
2305
2306 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2307 CONSTANT_BO );
2308
2309 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2310 }
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321 public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2322 {
2323 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2324 {
2325 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2326 }
2327 AdminUserService.removeAdvancedSecurityParameters( );
2328
2329 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2330 CONSTANT_BO );
2331
2332 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2333 }
2334
2335
2336
2337
2338
2339
2340
2341
2342 public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2343 {
2344 Map<String, Object> model = new HashMap<>( );
2345
2346 List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2347 List<IAttribute> listAttributesText = new ArrayList<>( );
2348
2349 for ( IAttribute attribut : listAllAttributes )
2350 {
2351 if ( attribut.isAnonymizable( ) )
2352 {
2353 listAttributesText.add( attribut );
2354 }
2355 }
2356
2357 model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2358
2359 model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2360 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2361
2362 setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2363
2364 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2365
2366 return getAdminPage( template.getHtml( ) );
2367 }
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378 public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2379 {
2380 if ( request.getParameter( PARAMETER_CANCEL ) != null )
2381 {
2382 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2383 }
2384 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2385 {
2386 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2387 }
2388
2389 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2390 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2391 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2392 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2393
2394 AttributeService attributeService = AttributeService.getInstance( );
2395
2396 List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2397 List<IAttribute> listAttributesText = new ArrayList<>( );
2398
2399 for ( IAttribute attribut : listAllAttributes )
2400 {
2401 if ( attribut.isAnonymizable( ) )
2402 {
2403 listAttributesText.add( attribut );
2404 }
2405 }
2406
2407 for ( IAttribute attribute : listAttributesText )
2408 {
2409 Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2410 attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2411 }
2412
2413 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2414 }
2415
2416
2417
2418
2419
2420
2421
2422
2423 public String getAnonymizeAdminUser( HttpServletRequest request )
2424 {
2425 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2426
2427 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2428 {
2429 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2430 }
2431
2432 int nUserId = Integer.parseInt( strAdminUserId );
2433 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2434
2435 if ( user == null )
2436 {
2437 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2438 }
2439
2440 String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2441 Map<String, Object> parameters = new HashMap<>( );
2442 parameters.put( PARAMETER_USER_ID, strAdminUserId );
2443 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2444
2445 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2446 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2447 }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters );
2448 }
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459 public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2460 {
2461 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2462
2463 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2464 {
2465 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2466 }
2467
2468 int nUserId = Integer.parseInt( strAdminUserId );
2469 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2470
2471 if ( user == null )
2472 {
2473 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2474 }
2475 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2476 {
2477 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2478 }
2479
2480 AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2481
2482 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2483 CONSTANT_BO );
2484
2485 return JSP_MANAGE_USER;
2486 }
2487
2488
2489
2490
2491
2492
2493
2494
2495 public String reactivateAccount( HttpServletRequest request )
2496 {
2497 AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2498 String strUrl;
2499 int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2500 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2501
2502 if ( user.getAccountMaxValidDate( ) != null )
2503 {
2504
2505 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2506 {
2507 AdminUserService.updateUserExpirationDate( user );
2508 }
2509
2510 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2511 AdminMessage.TYPE_INFO );
2512 }
2513 else
2514 {
2515 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2516 AdminMessage.TYPE_ERROR );
2517 }
2518
2519 return strUrl;
2520 }
2521
2522
2523
2524
2525
2526
2527
2528
2529 public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2530 {
2531 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2532
2533 Map<String, Object> model = new HashMap<>( );
2534 String strSenderKey = StringUtils.EMPTY;
2535 String strSubjectKey = StringUtils.EMPTY;
2536 String strBodyKey = StringUtils.EMPTY;
2537 String strTitle = StringUtils.EMPTY;
2538
2539 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2540 {
2541 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2542 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2543 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2544 strTitle = PROPERTY_FIRST_EMAIL;
2545 }
2546 else
2547 if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2548 {
2549 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2550 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2551 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2552 strTitle = PROPERTY_OTHER_EMAIL;
2553 }
2554 else
2555 if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2556 {
2557 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2558 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2559 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2560 strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2561 }
2562 else
2563 if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2564 {
2565 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2566 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2567 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2568 strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2569 }
2570 else
2571 if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2572 {
2573 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2574 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2575 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2576 strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2577 }
2578
2579 String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2580 String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2581
2582 defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2583
2584 String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2585
2586
2587 setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2588
2589 model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2590 model.put( MARK_EMAIL_SENDER, strSender );
2591 model.put( MARK_EMAIL_SUBJECT, strSubject );
2592 model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey ) );
2593 model.put( MARK_EMAIL_LABEL, strTitle );
2594 model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2595 model.put( MARK_LOCALE, getLocale( ) );
2596 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2597 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2598
2599 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2600
2601 return getAdminPage( template.getHtml( ) );
2602 }
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613 public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2614 {
2615 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2616 {
2617 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2618 }
2619 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2620
2621 String strSenderKey = StringUtils.EMPTY;
2622 String strSubjectKey = StringUtils.EMPTY;
2623 String strBodyKey = StringUtils.EMPTY;
2624
2625 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2626 {
2627 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2628 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2629 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2630 }
2631 else
2632 if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2633 {
2634 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2635 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2636 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2637 }
2638 else
2639 if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2640 {
2641 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2642 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2643 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2644 }
2645 else
2646 if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2647 {
2648 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2649 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2650 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2651 }
2652 else
2653 if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2654 {
2655 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2656 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2657 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2658 }
2659
2660 AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2661 AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2662 DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2663
2664 return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2665 }
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675 private void setItemNavigator( int nIdAdminUser, String strUrl )
2676 {
2677 if ( _itemNavigator == null )
2678 {
2679 List<String> listIdsRight = new ArrayList<>( );
2680 int nCurrentItemId = 0;
2681 int nIndex = 0;
2682
2683 AdminUser currentUser = getUser( );
2684
2685 for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2686 {
2687 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2688 {
2689 listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2690
2691 if ( adminUser.getUserId( ) == nIdAdminUser )
2692 {
2693 nCurrentItemId = nIndex;
2694 }
2695
2696 nIndex++;
2697 }
2698 }
2699
2700 _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2701 }
2702 else
2703 {
2704 _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2705 _itemNavigator.setBaseUrl( strUrl );
2706 }
2707 }
2708
2709
2710
2711
2712 private void reinitItemNavigator( )
2713 {
2714 _itemNavigator = null;
2715 }
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726 private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2727 {
2728 if ( currentUser == null || userToModify == null )
2729 {
2730 return false;
2731 }
2732 return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2733 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2734 }
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745 private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2746 {
2747 if ( currentUser == null || userToModify == null )
2748 {
2749 return false;
2750 }
2751 return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2752 }
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763 private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2764 {
2765 if ( strSelectedUserLevel != null )
2766 {
2767 int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2768 return nSelectedUserLevel != user.getUserLevel( );
2769 }
2770 return false;
2771 }
2772 }