1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import fr.paris.lutece.portal.service.security.AccessLogService;
37 import java.io.IOException;
38 import java.io.PrintWriter;
39 import java.sql.Timestamp;
40 import java.util.ArrayList;
41 import java.util.Collection;
42 import java.util.Collections;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.fileupload.FileItem;
52 import org.apache.commons.lang3.StringUtils;
53
54 import fr.paris.lutece.portal.business.rbac.RBACRole;
55 import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56 import fr.paris.lutece.portal.business.rbac.RBAC;
57 import fr.paris.lutece.portal.business.right.Level;
58 import fr.paris.lutece.portal.business.right.LevelHome;
59 import fr.paris.lutece.portal.business.right.Right;
60 import fr.paris.lutece.portal.business.right.RightHome;
61 import fr.paris.lutece.portal.business.user.AdminUser;
62 import fr.paris.lutece.portal.business.user.AdminUserHome;
63 import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65 import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69 import fr.paris.lutece.portal.business.xsl.XslExport;
70 import fr.paris.lutece.portal.business.xsl.XslExportHome;
71 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73 import fr.paris.lutece.portal.service.admin.AdminUserService;
74 import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75 import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76 import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77 import fr.paris.lutece.portal.service.i18n.I18nService;
78 import fr.paris.lutece.portal.service.message.AdminMessage;
79 import fr.paris.lutece.portal.service.message.AdminMessageService;
80 import fr.paris.lutece.portal.service.plugin.PluginService;
81 import fr.paris.lutece.portal.service.rbac.RBACService;
82 import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83 import fr.paris.lutece.portal.service.security.SecurityTokenService;
84 import fr.paris.lutece.portal.service.security.UserNotSignedException;
85 import fr.paris.lutece.portal.service.spring.SpringContextService;
86 import fr.paris.lutece.portal.service.template.AppTemplateService;
87 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88 import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89 import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90 import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91 import fr.paris.lutece.portal.service.util.AppException;
92 import fr.paris.lutece.portal.service.util.AppLogService;
93 import fr.paris.lutece.portal.service.util.AppPathService;
94 import fr.paris.lutece.portal.service.util.AppPropertiesService;
95 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96 import fr.paris.lutece.portal.service.xsl.XslExportService;
97 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98 import fr.paris.lutece.portal.web.constants.Messages;
99 import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117
118
119
120
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123 private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124 private static final long serialVersionUID = -6323157489236186522L;
125
126
127
128 private static final String CONSTANTE_UN = "1";
129 private static final String CONSTANT_USER_MSG = "User ";
130 private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131 private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132 private static final String CONSTANT_BO = "BO";
133
134
135 private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136
137
138 private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139 private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140 private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141 private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142 private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143 private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144 private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145 private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146 private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147 private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148 private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149 private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150 private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151 private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152 private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153 private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154 private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155 private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156
157
158 private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159 private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160 private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161 private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162 private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163 private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164 private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165 private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166 private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167 private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168 private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169 private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171 private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172 private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173 private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174 private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175 private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176 private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177 private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180 private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181 private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183 private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184 private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185 private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186 private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187 private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188 private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189 private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190 private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191 private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192 private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193 private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194 private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195 private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196 private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197 private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198 private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199
200
201 private static final String PARAMETER_ACCESS_CODE = "access_code";
202 private static final String PARAMETER_LAST_NAME = "last_name";
203 private static final String PARAMETER_FIRST_NAME = "first_name";
204 private static final String PARAMETER_EMAIL = "email";
205 private static final String PARAMETER_NOTIFY_USER = "notify_user";
206 private static final String PARAMETER_STATUS = "status";
207 private static final String PARAMETER_USER_ID = "id_user";
208 private static final String PARAMETER_ROLE = "roles";
209 private static final String PARAMETER_RIGHT = "right";
210 private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211 private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212 private static final String PARAMETER_LANGUAGE = "language";
213 private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214 private static final String PARAMETER_USER_LEVEL = "user_level";
215 private static final String PARAMETER_WORKGROUP = "workgroup";
216 private static final String PARAMETER_SELECT = "select";
217 private static final String PARAMETER_SELECT_ALL = "all";
218 private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219 private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220 private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221 private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222 private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224 private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225 private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226 private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227 private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228 private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229 private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230 private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231 private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232 private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234 private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235 private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236 private static final String PARAMETER_ATTRIBUTE = "attribute_";
237 private static final String PARAMETER_EMAIL_TYPE = "email_type";
238 private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239 private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242 private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243 private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246 private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247 private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248 private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249 private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250 private static final String PARAMETER_CANCEL = "cancel";
251 private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254 private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255 private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256 private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257 private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258 private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259 private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260 private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261 private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262 private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263 private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264 private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265 private static final String PARAMETER_RESET = "reset";
266
267
268 private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269 private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270 private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271 private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272 private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
273 private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
274 private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
275 private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
276 private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
277 private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
278 private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
279 private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
280 private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
281 private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
282 private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
283
284
285 private static final String MARK_USER_LIST = "user_list";
286 private static final String MARK_IMPORT_USER_LIST = "import_user_list";
287 private static final String MARK_ACCESS_CODE = "access_code";
288 private static final String MARK_LAST_NAME = "last_name";
289 private static final String MARK_FIRST_NAME = "first_name";
290 private static final String MARK_EMAIL = "email";
291 private static final String MARK_IMPORT_USER = "import_user";
292 private static final String MARK_USER = "user";
293 private static final String MARK_LEVEL = "level";
294 private static final String MARK_USER_RIGHT_LIST = "user_right_list";
295 private static final String MARK_ALL_ROLE_LIST = "all_role_list";
296 private static final String MARK_USER_ROLE_LIST = "user_role_list";
297 private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
298 private static final String MARK_PAGINATOR = "paginator";
299 private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
300 private static final String MARK_LANGUAGES_LIST = "languages_list";
301 private static final String MARK_CURRENT_LANGUAGE = "current_language";
302 private static final String MARK_USER_CREATION_URL = "url_user_creation";
303 private static final String MARK_CAN_DELEGATE = "can_delegate";
304 private static final String MARK_CAN_MODIFY = "can_modify";
305 private static final String MARK_USER_LEVELS_LIST = "user_levels";
306 private static final String MARK_CURRENT_USER = "current_user";
307 private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
308 private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
309 private static final String MARK_SELECT_ALL = "select_all";
310 private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
311 private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
312 private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
313 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
314 private static final String MARK_LOCALE = "locale";
315 private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
316 private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
317 private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
318 private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
319 private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
320 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
321 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
322 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
323 private static final String MARK_EMAIL_SENDER = "email_sender";
324 private static final String MARK_EMAIL_SUBJECT = "email_subject";
325 private static final String MARK_EMAIL_BODY = "email_body";
326 private static final String MARK_EMAIL_LABEL = "emailLabel";
327 private static final String MARK_WEBAPP_URL = "webapp_url";
328 private static final String MARK_LIST_MESSAGES = "csv_messages";
329 private static final String MARK_CSV_SEPARATOR = "csv_separator";
330 private static final String MARK_CSV_ESCAPE = "csv_escape";
331 private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
332 private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
333 private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
334 private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
335 private static final String MARK_ADMIN_AVATAR = "adminAvatar";
336 private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
337 private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
338 private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
339
340 private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
341 private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
342 private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
343 private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
344 private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
345 private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
346 private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
347 private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
348 private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
349 private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
350 private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
351 private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
352 private static final String CONSTANT_POINT = ".";
353 private static final String CONSTANT_QUOTE = "\"";
354 private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
355 private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
356 private static final String CONSTANT_XML_USERS = "users";
357 private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
358 private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
359 private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
360 private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
361 private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
362 private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
363 private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
364 private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
365 private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
366 private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
367 private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
368 private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
369 private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
370
371 private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
372
373 private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
374 private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
375 private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
376 private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
377 private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
378
379 private transient ImportAdminUserService _importAdminUserService;
380 private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
381
382 private int _nItemsPerPage;
383 private String _strCurrentPageIndex;
384 private ItemNavigator _itemNavigator;
385
386
387
388
389
390
391
392
393 public String getManageAdminUsers( HttpServletRequest request )
394 {
395 setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
396
397
398 reinitItemNavigator( );
399
400 String strCreateUrl;
401 AdminUser currentUser = getUser( );
402
403 Map<String, Object> model = new HashMap<>( );
404
405
406 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
407 {
408 strCreateUrl = JSP_URL_CREATE_USER;
409 }
410 else
411 {
412 strCreateUrl = JSP_URL_IMPORT_USER;
413 }
414
415 String strURL = getHomeUrl( request );
416 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
417
418 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
419 listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
420
421 List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
422 List<AdminUser> listDisplayUsers = new ArrayList<>( );
423
424 for ( AdminUser user : availableUsers )
425 {
426 if ( isUserAuthorizedToModifyUser( currentUser, user ) )
427 {
428 listDisplayUsers.add( user );
429 }
430 }
431
432
433 String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
434 String strAscSort = null;
435
436 if ( strSortedAttributeName != null )
437 {
438 strAscSort = request.getParameter( Parameters.SORTED_ASC );
439
440 boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
441
442 Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
443 }
444
445 _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
446 int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
447 _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
448
449 if ( strSortedAttributeName != null )
450 {
451 url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
452 }
453
454 if ( strAscSort != null )
455 {
456 url.addParameter( Parameters.SORTED_ASC, strAscSort );
457 }
458
459
460 LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
461 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
462
463
464 Collection<Level> filteredLevels = new ArrayList<>( );
465
466 for ( Level level : LevelHome.getLevelsList( ) )
467 {
468 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
469 {
470 filteredLevels.add( level );
471 }
472 }
473
474 boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
475 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
476 boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
477 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
478
479 model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
480 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
481 model.put( MARK_PAGINATOR, paginator );
482 model.put( MARK_USER_LIST, paginator.getPageItems( ) );
483 model.put( MARK_USER_CREATION_URL, strCreateUrl );
484 model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
485 model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
486 model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
487 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
488
489 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
490
491 return getAdminPage( template.getHtml( ) );
492 }
493
494
495
496
497
498
499
500
501
502 public String getFindImportAdminUser( HttpServletRequest request )
503 {
504 setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
505
506 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
507 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
508 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
509 String strEmail = request.getParameter( PARAMETER_EMAIL );
510
511 Map<String, Object> model = new HashMap<>( );
512 Collection<?> allImportUsers = null;
513
514 if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
515 {
516 allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
517 }
518
519 model.put( MARK_IMPORT_USER_LIST, allImportUsers );
520 model.put( MARK_ACCESS_CODE, strAccessCode );
521 model.put( MARK_LAST_NAME, strLastName );
522 model.put( MARK_FIRST_NAME, strFirstName );
523 model.put( MARK_EMAIL, strEmail );
524
525 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
526
527 return getAdminPage( template.getHtml( ) );
528 }
529
530
531
532
533
534
535
536
537 public String doSelectImportUser( HttpServletRequest request )
538 {
539 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
540
541 if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
542 {
543 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
544 }
545
546
547 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
548 {
549 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
550 }
551
552 return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
553 }
554
555
556
557
558
559
560
561
562 public String getCreateAdminUser( HttpServletRequest request )
563 {
564 setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
565
566 HtmlTemplate template;
567 AdminUser currentUser = getUser( );
568 Collection<Level> filteredLevels = new ArrayList<>( );
569
570 for ( Level level : LevelHome.getLevelsList( ) )
571 {
572 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
573 {
574 filteredLevels.add( level );
575 }
576 }
577
578
579 String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
580 Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
581 int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
582 String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
583 int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
584
585
586 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
587
588
589 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
590 {
591 Map<String, Object> model = new HashMap<>( );
592
593 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
594 model.put( MARK_CURRENT_USER, currentUser );
595 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
596 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
597 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
598 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
599 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
600 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
601 model.put( MARK_LOCALE, getLocale( ) );
602 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
603 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
604 model.put( MARK_RANDOM_PASSWORD_SIZE,
605 AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
606 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
607 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
608
609 template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
610 }
611 else
612
613
614 {
615
616
617 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
618 AdminUser user = null;
619
620 if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
621 {
622 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
623 }
624
625 Map<String, Object> model = new HashMap<>( );
626
627 if ( user != null )
628 {
629 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
630 model.put( MARK_CURRENT_USER, currentUser );
631 model.put( MARK_IMPORT_USER, user );
632 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
633 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
634 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
635 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
636 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
637 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
638 model.put( MARK_LOCALE, getLocale( ) );
639 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
640 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
641 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
642 }
643
644 template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
645 }
646
647 return getAdminPage( template.getHtml( ) );
648 }
649
650
651
652
653
654
655
656
657
658
659 public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
660 {
661 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
662 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
663 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
664 String strEmail = request.getParameter( PARAMETER_EMAIL );
665 String strStatus = request.getParameter( PARAMETER_STATUS );
666 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
667 String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
668 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
669 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
670
671 String message = checkParameters( request, JSP_URL_CREATE_USER );
672
673 if ( message != null )
674 {
675 return message;
676 }
677
678
679 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
680 {
681 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
682 }
683
684
685 if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
686 {
687 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
688 }
689
690
691 int nNewUserLevel = Integer.parseInt( strUserLevel );
692
693
694 if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
695 {
696 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
697 }
698
699
700 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
701 {
702 LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
703 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
704 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
705
706 if ( StringUtils.isEmpty( strFirstPassword ) )
707 {
708 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
709 }
710
711 if ( !strFirstPassword.equals( strSecondPassword ) )
712 {
713 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
714 }
715
716 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
717
718 if ( StringUtils.isNotEmpty( strUrl ) )
719 {
720 return strUrl;
721 }
722
723 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
724
725 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
726 user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
727
728 user.setAccessCode( strAccessCode );
729 user.setLastName( strLastName );
730 user.setFirstName( strFirstName );
731 user.setEmail( strEmail );
732 user.setStatus( Integer.parseInt( strStatus ) );
733 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
734
735 user.setUserLevel( nNewUserLevel );
736 user.setPasswordReset( Boolean.TRUE );
737 user.setAccessibilityMode( strAccessibilityMode != null );
738 user.setWorkgroupKey( strWorkgroupKey );
739
740 AdminUserHome.create( user );
741 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
742
743 if ( CONSTANTE_UN.equals( strNotifyUser ) )
744 {
745
746 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
747 TEMPLATE_NOTIFY_USER );
748 }
749
750 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
751 CONSTANT_BO );
752 }
753 else
754 {
755 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
756 user.setAccessCode( strAccessCode );
757 user.setLastName( strLastName );
758 user.setFirstName( strFirstName );
759 user.setEmail( strEmail );
760 user.setStatus( Integer.parseInt( strStatus ) );
761 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
762
763 user.setUserLevel( nNewUserLevel );
764 user.setAccessibilityMode( strAccessibilityMode != null );
765 user.setWorkgroupKey( strWorkgroupKey );
766
767 AdminUserHome.create( user );
768 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
769
770 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
771 CONSTANT_BO );
772 }
773
774 return JSP_MANAGE_USER;
775 }
776
777 private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
778 {
779 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
780 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
781 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
782 String strEmail = request.getParameter( PARAMETER_EMAIL );
783
784 if ( StringUtils.isEmpty( strAccessCode ) )
785 {
786 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
787 }
788
789 if ( StringUtils.isEmpty( strLastName ) )
790 {
791 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
792 }
793
794 if ( StringUtils.isEmpty( strFirstName ) )
795 {
796 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
797 }
798
799 if ( StringUtils.isBlank( strEmail ) )
800 {
801 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
802 }
803
804 if ( !AdminUserService.checkEmail( strEmail ) )
805 {
806 return AdminUserService.getEmailErrorMessageUrl( request );
807 }
808
809 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
810
811 if ( strError != null )
812 {
813 return strError;
814 }
815
816 if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
817 {
818 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
819 }
820
821 return null;
822 }
823
824
825
826
827
828
829
830
831
832
833 public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
834 {
835 setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
836
837 String strUserId = request.getParameter( PARAMETER_USER_ID );
838
839 int nUserId = Integer.parseInt( strUserId );
840
841 Map<String, Object> model = new HashMap<>( );
842 HtmlTemplate template;
843
844 AdminUser user;
845 String strTemplateUrl;
846
847
848
849 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
850 {
851 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
852 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
853 }
854 else
855 {
856 user = AdminUserHome.findByPrimaryKey( nUserId );
857 strTemplateUrl = TEMPLATE_MODIFY_USER;
858 }
859
860 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
861 {
862 return getManageAdminUsers( request );
863 }
864
865 AdminUser currentUser = AdminUserService.getAdminUser( request );
866
867 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
868 {
869 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
870 }
871
872 Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
873 ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
874
875 if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
876 {
877 for (Level levelItem : LevelHome.getLevelsList( )) {
878 filteredLevels.add(levelItem.getReferenceItem());
879 };
880 filteredLevels.removeIf(levelItem -> levelItem.getCode().equals("0"));
881 }
882
883
884 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
885
886 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
887 Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
888
889 model.put( MARK_USER, user );
890 model.put( MARK_LEVEL, level );
891 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
892 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
893 model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
894 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
895 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
896 model.put( MARK_LOCALE, getLocale( ) );
897 model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
898 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
899 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
900
901 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
902
903 return getAdminPage( template.getHtml( ) );
904 }
905
906
907
908
909
910
911
912
913
914
915 public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
916 {
917 String strUserId = request.getParameter( PARAMETER_USER_ID );
918 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
919 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
920 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
921 String strEmail = request.getParameter( PARAMETER_EMAIL );
922 String strStatus = request.getParameter( PARAMETER_STATUS );
923 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
924 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
925 int nUserId = Integer.parseInt( strUserId );
926
927 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
928 AdminUser currentUser = AdminUserService.getAdminUser( request );
929
930 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
931 {
932 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
933 }
934
935 String message = checkParameters( request, JSP_URL_MODIFY_USER );
936
937 if ( message != null )
938 {
939 return message;
940 }
941
942 int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
943
944
945 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
946 {
947 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
948 }
949
950 checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
951
952
953 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
954 {
955 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
956 }
957
958
959 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
960 {
961 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
962
963 user.setUserId( nUserId );
964 user.setAccessCode( strAccessCode );
965 user.setLastName( strLastName );
966 user.setFirstName( strFirstName );
967 user.setEmail( strEmail );
968 user.setWorkgroupKey( strWorkgroupKey );
969
970 if ( isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) ){
971 user.setUserLevel( Integer.parseInt(request.getParameter( PARAMETER_USER_LEVEL )) );
972 }
973
974 int nStatus = Integer.parseInt( strStatus );
975
976 if ( nStatus != user.getStatus( ) )
977 {
978 user.setStatus( nStatus );
979 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
980 TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
981 }
982
983 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
984 user.setAccessibilityMode( strAccessibilityMode != null );
985
986 AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
987
988 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
989
990 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
991 CONSTANT_BO );
992 }
993 else
994 {
995 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
996 user.setUserId( nUserId );
997 user.setAccessCode( strAccessCode );
998 user.setLastName( strLastName );
999 user.setFirstName( strFirstName );
1000 user.setEmail( strEmail );
1001 user.setStatus( Integer.parseInt( strStatus ) );
1002 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1003 user.setAccessibilityMode( strAccessibilityMode != null );
1004 user.setWorkgroupKey( strWorkgroupKey );
1005
1006 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1007
1008 if ( strError != null )
1009 {
1010 return strError;
1011 }
1012
1013 AdminUserHome.update( user );
1014
1015 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1016
1017 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1018 CONSTANT_BO );
1019 }
1020
1021 return JSP_MANAGE_USER;
1022 }
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033 public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1034 {
1035 setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1036
1037 String strUserId = request.getParameter( PARAMETER_USER_ID );
1038
1039 int nUserId = Integer.parseInt( strUserId );
1040
1041 Map<String, Object> model = new HashMap<>( );
1042 HtmlTemplate template;
1043
1044 AdminUser user = null;
1045 String strTemplateUrl = "";
1046
1047
1048
1049 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1050 {
1051 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1052 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1053 }
1054 else
1055 {
1056 throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1057 }
1058
1059 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1060 {
1061 throw new AppException( "User to modify password for not found" );
1062 }
1063
1064 AdminUser currentUser = AdminUserService.getAdminUser( request );
1065
1066 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1067 {
1068 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1069 }
1070
1071
1072 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1073
1074 model.put( MARK_USER, user );
1075 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1076 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1077 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1078
1079 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1080
1081 return getAdminPage( template.getHtml( ) );
1082 }
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093 public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1094 {
1095 if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1096 {
1097 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1098 }
1099 String strUserId = request.getParameter( PARAMETER_USER_ID );
1100
1101 int nUserId = Integer.parseInt( strUserId );
1102
1103 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1104
1105 if ( userToModify == null )
1106 {
1107 throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1108 }
1109
1110 AdminUser currentUser = AdminUserService.getAdminUser( request );
1111
1112 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1113 {
1114 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1115 }
1116
1117
1118 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1119 {
1120 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1121
1122 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1123 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1124
1125 if ( StringUtils.isEmpty( strFirstPassword ) )
1126 {
1127 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1128 I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1129 }, AdminMessage.TYPE_STOP );
1130 }
1131
1132 if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1133 {
1134
1135 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1136 }
1137
1138 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1139
1140 if ( StringUtils.isNotEmpty( strUrl ) )
1141 {
1142 return strUrl;
1143 }
1144
1145 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1146 user.setPasswordReset( Boolean.FALSE );
1147 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1148
1149 AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1150
1151 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1152 user.getAccessCode( ), CONSTANT_BO );
1153 }
1154
1155 return JSP_MANAGE_USER;
1156 }
1157
1158
1159
1160
1161
1162
1163
1164
1165 public String getImportUsersFromFile( HttpServletRequest request )
1166 {
1167 _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1168 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1169 getUser( ) ) )
1170 {
1171 return getManageAdminUsers( request );
1172 }
1173
1174 setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1175
1176 Map<String, Object> model = new HashMap<>( );
1177
1178 model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1179
1180 String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1181 String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1182 String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1183 model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1184 model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1185 model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1186 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1187
1188 String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1189 HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1190
1191 return getAdminPage( template.getHtml( ) );
1192 }
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203 public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1204 {
1205 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1206
1207 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1208 getUser( ) ) )
1209 {
1210 result.setHtmlContent( getManageAdminUsers( request ) );
1211
1212 return result;
1213 }
1214
1215 if ( request instanceof MultipartHttpServletRequest )
1216 {
1217 MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1218 FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1219 String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1220
1221 if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1222 {
1223 Object [ ] tabRequiredFields = {
1224 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1225 };
1226 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1227
1228 return result;
1229 }
1230
1231 if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1232 && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1233 || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1234 {
1235 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1236
1237 return result;
1238 }
1239 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1240 {
1241 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1242 }
1243
1244 String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1245 boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1246 String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1247 boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1248
1249 _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1250
1251 List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1252 AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1253
1254 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1255 CONSTANT_BO );
1256
1257 request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1258
1259 String strHtmlResult = getImportUsersFromFile( request );
1260 result.setHtmlContent( strHtmlResult );
1261 }
1262 else
1263 {
1264 Object [ ] tabRequiredFields = {
1265 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1266 };
1267 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1268 }
1269
1270 return result;
1271 }
1272
1273
1274
1275
1276
1277
1278
1279
1280 public String getExportUsers( HttpServletRequest request )
1281 {
1282 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1283 getUser( ) ) )
1284 {
1285 return getManageAdminUsers( request );
1286 }
1287
1288 setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1289
1290 Map<String, Object> model = new HashMap<>( );
1291
1292 ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1293
1294 model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1295
1296 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1297
1298 return getAdminPage( template.getHtml( ) );
1299 }
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312 public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1313 {
1314 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1315
1316 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1317 getUser( ) ) )
1318 {
1319 result.setHtmlContent( getManageAdminUsers( request ) );
1320
1321 return result;
1322 }
1323
1324 String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1325 String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1326 String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1327 String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1328 String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1329 boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1330 boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1331 boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1332 boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1333
1334 if ( StringUtils.isBlank( strXslExportId ) )
1335 {
1336 Object [ ] tabRequiredFields = {
1337 I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1338 };
1339 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1340
1341 return result;
1342 }
1343
1344 int nIdXslExport = Integer.parseInt( strXslExportId );
1345
1346 XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1347
1348 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1349
1350 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1351 List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1352
1353 for ( IAttribute attribute : listAttributes )
1354 {
1355 if ( attribute instanceof ISimpleValuesAttributes )
1356 {
1357 listAttributesFiltered.add( attribute );
1358 }
1359 }
1360
1361 StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1362 XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1363
1364 for ( AdminUser user : listUsers )
1365 {
1366 if ( !user.isStatusAnonymized( ) )
1367 {
1368 sbXml.append(
1369 AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1370 }
1371 }
1372
1373 XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1374
1375 String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1376 String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1377
1378 if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1379 {
1380 response.setContentType( CONSTANT_MIME_TYPE_CSV );
1381 }
1382 else
1383 if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1384 {
1385 response.setContentType( CONSTANT_MIME_TYPE_XML );
1386 }
1387 else
1388 {
1389 response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1390 }
1391
1392 String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1393 response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1394
1395 PrintWriter out = response.getWriter( );
1396 out.write( strExportedUsers );
1397 out.flush( );
1398 out.close( );
1399
1400 return null;
1401 }
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412 public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1413 {
1414 String strUserId = request.getParameter( PARAMETER_USER_ID );
1415 int nUserId = Integer.parseInt( strUserId );
1416 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1417
1418 if ( user == null )
1419 {
1420 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1421 }
1422
1423 AdminUser currentUser = AdminUserService.getAdminUser( request );
1424
1425 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1426 {
1427 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1428 }
1429
1430 String strUrlRemove = JSP_URL_REMOVE_USER;
1431 Map<String, Object> parameters = new HashMap<>( );
1432 parameters.put( PARAMETER_USER_ID, strUserId );
1433 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1434
1435 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1436 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1437 }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters );
1438 }
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449 public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1450 {
1451 String strUserId = request.getParameter( PARAMETER_USER_ID );
1452 int nUserId = Integer.parseInt( strUserId );
1453 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1454
1455 if ( user == null )
1456 {
1457 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1458 }
1459 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1460 {
1461 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1462 }
1463
1464 AdminUser currentUser = AdminUserService.getAdminUser( request );
1465
1466 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1467 {
1468 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1469 }
1470
1471 String strRemovedUserAccessCode = user.getAccessCode( );
1472
1473 AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1474 AdminUserHome.removeAllRightsForUser( nUserId );
1475 AdminUserHome.removeAllRolesForUser( nUserId );
1476 AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1477 AdminUserHome.remove( nUserId );
1478
1479 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1480 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1481
1482 return JSP_MANAGE_USER;
1483 }
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494 public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1495 {
1496 setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1497
1498 String strUserId = request.getParameter( PARAMETER_USER_ID );
1499 int nUserId = Integer.parseInt( strUserId );
1500
1501 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1502
1503 AdminUser currentUser = AdminUserService.getAdminUser( request );
1504
1505 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1506 {
1507 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1508 }
1509
1510 Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1511
1512
1513 setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1514
1515 HashMap<String, Object> model = new HashMap<>( );
1516 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1517 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1518 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1519 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1520 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1521
1522 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1523
1524 return getAdminPage( template.getHtml( ) );
1525 }
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536 public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1537 {
1538 setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1539
1540 String strUserId = request.getParameter( PARAMETER_USER_ID );
1541 int nUserId = Integer.parseInt( strUserId );
1542
1543 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1544 AdminUser currentUser = AdminUserService.getAdminUser( request );
1545
1546 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1547 {
1548 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1549 }
1550
1551 ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1552
1553
1554 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1555
1556 Map<String, Object> model = new HashMap<>( );
1557 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1558 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1559 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1560 model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1561 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1562
1563 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1564
1565 return getAdminPage( template.getHtml( ) );
1566 }
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577 public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1578 {
1579 boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1580
1581 setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1582
1583 String strUserId = request.getParameter( PARAMETER_USER_ID );
1584 int nUserId = Integer.parseInt( strUserId );
1585
1586 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1587 AdminUser currentUser = getUser( );
1588
1589 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1590 {
1591 return getManageAdminUsers( request );
1592 }
1593
1594 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1595 {
1596 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1597 }
1598
1599 ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1600 ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1601
1602 ArrayList<String> checkedValues = new ArrayList<>( );
1603
1604 for ( ReferenceItem item : userWorkspaces )
1605 {
1606 checkedValues.add( item.getCode( ) );
1607 }
1608
1609 assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1610
1611
1612 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1613
1614 Map<String, Object> model = new HashMap<>( );
1615 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1616 model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1617 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1618 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1619 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1620 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1621
1622 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1623
1624 return getAdminPage( template.getHtml( ) );
1625 }
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636 public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1637 {
1638 boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1639
1640 String strSelectAll = request.getParameter( PARAMETER_SELECT );
1641 boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1642
1643 setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1644
1645 String strUserId = request.getParameter( PARAMETER_USER_ID );
1646 int nUserId = Integer.parseInt( strUserId );
1647
1648 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1649 AdminUser currentUser = getUser( );
1650
1651 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1652 {
1653 return getManageAdminUsers( request );
1654 }
1655
1656 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1657 {
1658 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1659 }
1660
1661 Collection<Right> rightList;
1662 Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1663
1664 if ( bDelegateRights )
1665 {
1666 Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1667 rightList = new ArrayList<>( );
1668
1669 for ( Right right : rights.values( ) )
1670 {
1671
1672
1673 if ( right.getLevel( ) >= user.getUserLevel( ) )
1674 {
1675 rightList.add( right );
1676 }
1677 }
1678 }
1679 else
1680 {
1681 rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1682 }
1683
1684
1685 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1686
1687 Map<String, Object> model = new HashMap<>( );
1688 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1689 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1690 model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1691 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1692 model.put( MARK_SELECT_ALL, bSelectAll );
1693 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1694 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1695 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1696
1697 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1698
1699 return getAdminPage( template.getHtml( ) );
1700 }
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711 public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1712 {
1713 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1714 {
1715 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1716 }
1717 String strUserId = request.getParameter( PARAMETER_USER_ID );
1718 int nUserId = Integer.parseInt( strUserId );
1719
1720 String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1721
1722 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1723 AdminUser currentUser = AdminUserService.getAdminUser( request );
1724
1725 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1726 {
1727 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1728 }
1729
1730 AdminUserHome.removeAllOwnRightsForUser( user );
1731
1732 if ( arrayRights != null )
1733 {
1734 for ( String strRight : arrayRights )
1735 {
1736 AdminUserHome.createRightForUser( nUserId, strRight );
1737 }
1738 }
1739
1740 HashMap<String, String [ ]> mapData = new HashMap<>( );
1741 mapData.put( user.getAccessCode( ), arrayRights );
1742 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1743
1744 if ( user.getUserId( ) == currentUser.getUserId( ) )
1745 {
1746 try
1747 {
1748 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1749 }
1750 catch( AccessDeniedException | UserNotSignedException e )
1751 {
1752 AppLogService.error( e.getMessage( ), e );
1753 }
1754 }
1755
1756 return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1757 }
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768 public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1769 {
1770 setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1771
1772 String strUserId = request.getParameter( PARAMETER_USER_ID );
1773 int nUserId = Integer.parseInt( strUserId );
1774 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1775 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1776
1777 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1778 {
1779 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1780 }
1781
1782 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1783
1784
1785 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1786
1787 Map<String, Object> model = new HashMap<>( );
1788 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1789 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1790 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1791 model.put( MARK_USER_ROLE_LIST, roleList );
1792 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1793
1794 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1795
1796 return getAdminPage( template.getHtml( ) );
1797 }
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808 public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1809 {
1810 boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1811 setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1812
1813 String strUserId = request.getParameter( PARAMETER_USER_ID );
1814 int nUserId = Integer.parseInt( strUserId );
1815
1816 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1817 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1818
1819 if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1820 {
1821 return getManageAdminUsers( request );
1822 }
1823
1824 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1825 {
1826 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1827 }
1828
1829 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1830 Collection<RBACRole> assignableRoleList;
1831
1832 if ( bDelegateRoles )
1833 {
1834
1835 assignableRoleList = new ArrayList<>( );
1836
1837 AdminUser currentUser = getUser( );
1838
1839 for ( RBACRole role : RBACRoleHome.findAll( ) )
1840 {
1841 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1842 {
1843 assignableRoleList.add( role );
1844 }
1845 }
1846 }
1847 else
1848 {
1849
1850 assignableRoleList = RBACRoleHome.findAll( );
1851 }
1852
1853
1854 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1855
1856 Map<String, Object> model = new HashMap<>( );
1857 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1858 model.put( MARK_USER_ROLE_LIST, roleList );
1859 model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1860 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1861 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1862 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1863
1864 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1865
1866 return getAdminPage( template.getHtml( ) );
1867 }
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878 public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1879 {
1880 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1881 {
1882 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1883 }
1884 String strUserId = request.getParameter( PARAMETER_USER_ID );
1885 int nUserId = Integer.parseInt( strUserId );
1886 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1887 AdminUser currentUser = AdminUserService.getAdminUser( request );
1888
1889 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1890 {
1891 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1892 }
1893
1894 String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1895
1896 AdminUserHome.removeAllRolesForUser( nUserId );
1897
1898 if ( arrayRoles != null )
1899 {
1900 for ( String strRole : arrayRoles )
1901 {
1902 AdminUserHome.createRoleForUser( nUserId, strRole );
1903 }
1904 }
1905
1906 HashMap<String, String [ ]> mapData = new HashMap<>( );
1907 mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1908 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1909
1910 return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1911 }
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922 public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1923 {
1924 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1925 {
1926 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1927 }
1928 String strUserId = request.getParameter( PARAMETER_USER_ID );
1929 int nUserId = Integer.parseInt( strUserId );
1930 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1931 AdminUser currentUser = getUser( );
1932
1933 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1934 {
1935 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1936 }
1937
1938 String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1939 ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1940
1941 for ( ReferenceItem item : assignableWorkgroups )
1942 {
1943 AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1944 }
1945
1946 if ( arrayWorkspaces != null )
1947 {
1948 for ( String strWorkgroupKey : arrayWorkspaces )
1949 {
1950 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1951 }
1952 }
1953
1954 HashMap<String, String [ ]> mapData = new HashMap<>( );
1955 mapData.put( user.getAccessCode( ), arrayWorkspaces );
1956 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1957
1958 return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1959 }
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970 private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1971 {
1972 ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1973
1974 if ( workgroups.isEmpty( ) )
1975 {
1976 return true;
1977 }
1978
1979 for ( ReferenceItem item : workgroups )
1980 {
1981 if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1982 {
1983 return true;
1984 }
1985 }
1986
1987 return false;
1988 }
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999 public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2000 {
2001 if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2002 {
2003 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2004 }
2005 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2006 getUser( ) ) )
2007 {
2008 throw new AccessDeniedException(
2009 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2010 }
2011
2012 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2013 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2014 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2015 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2016
2017 Map logParametersMap = new HashMap( );
2018 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2019 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2020 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2021 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2022 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2023 CONSTANT_BO );
2024
2025 return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2026 }
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037 public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2038 {
2039 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2040 {
2041 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2042 }
2043 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2044 getUser( ) ) )
2045 {
2046 throw new AccessDeniedException(
2047 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2048 }
2049
2050 Map logParametersMap = new HashMap( );
2051
2052 String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2053 strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2054
2055 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2056 logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2057
2058
2059 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2060 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2061
2062 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2063 logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2064 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2065 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2066 logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2067
2068 boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2069
2070 if ( bUseAdvancedSecurityParameter )
2071 {
2072
2073 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2074 request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2075 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2076 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2077 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2078 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2079 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2080 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2081 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2082
2083
2084 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2085 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2086
2087
2088 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2089 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2090
2091
2092 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2093 request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2094 logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2095
2096
2097 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2098 request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2099 logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2100
2101
2102 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2103 request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2104 logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2105 }
2106
2107
2108 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2109 logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2110
2111
2112 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2113 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2114 logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2115
2116
2117 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2118 logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2119
2120
2121 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2122 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2123 logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2124
2125
2126 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2127 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2128
2129
2130 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2131 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2132
2133
2134 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2135 logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2136
2137 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2138 CONSTANT_BO );
2139
2140 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2141 }
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152 public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2153 {
2154 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2155 getUser( ) ) )
2156 {
2157 throw new AccessDeniedException(
2158 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2159 }
2160 if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2161 {
2162 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2163 {
2164 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2165 }
2166 return doResetEmailPattern( request );
2167 }
2168 String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2169 String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2170
2171 if ( StringUtils.isNotBlank( strEmailPattern ) )
2172 {
2173 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2174 {
2175 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2176 }
2177 AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2178 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2179 }
2180 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2181 }
2182
2183
2184
2185
2186
2187
2188 private String doResetEmailPattern( HttpServletRequest request )
2189 {
2190 AdminUserService.doResetEmailPattern( );
2191
2192 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2193 }
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204 public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2205 {
2206 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2207 {
2208 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2209 }
2210 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2211 getUser( ) ) )
2212 {
2213 throw new AccessDeniedException(
2214 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2215 }
2216
2217 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2218
2219 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2220 {
2221 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2222 AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2223 }
2224
2225 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2226 }
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237 public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2238 {
2239 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2240 {
2241 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2242 }
2243 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2244 getUser( ) ) )
2245 {
2246 throw new AccessDeniedException(
2247 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2248 }
2249
2250 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2251
2252 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2253 {
2254 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2255 AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2256 }
2257
2258 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2259 }
2260
2261
2262
2263
2264
2265
2266
2267
2268 public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2269 {
2270 Map<String, Object> parameters = new HashMap<>( 1 );
2271 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2272
2273 if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2274 {
2275 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2276 AdminMessage.TYPE_CONFIRMATION, parameters );
2277 }
2278
2279 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2280 parameters );
2281 }
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292 public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2293 {
2294 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2295 {
2296 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2297 }
2298 AdminUserService.useAdvancedSecurityParameters( );
2299
2300 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2301 CONSTANT_BO );
2302
2303 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2304 }
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315 public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2316 {
2317 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2318 {
2319 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2320 }
2321 AdminUserService.removeAdvancedSecurityParameters( );
2322
2323 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2324 CONSTANT_BO );
2325
2326 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2327 }
2328
2329
2330
2331
2332
2333
2334
2335
2336 public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2337 {
2338 Map<String, Object> model = new HashMap<>( );
2339
2340 List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2341 List<IAttribute> listAttributesText = new ArrayList<>( );
2342
2343 for ( IAttribute attribut : listAllAttributes )
2344 {
2345 if ( attribut.isAnonymizable( ) )
2346 {
2347 listAttributesText.add( attribut );
2348 }
2349 }
2350
2351 model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2352
2353 model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2354 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2355
2356 setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2357
2358 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2359
2360 return getAdminPage( template.getHtml( ) );
2361 }
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372 public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2373 {
2374 if ( request.getParameter( PARAMETER_CANCEL ) != null )
2375 {
2376 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2377 }
2378 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2379 {
2380 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2381 }
2382
2383 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2384 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2385 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2386 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2387
2388 AttributeService attributeService = AttributeService.getInstance( );
2389
2390 List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2391 List<IAttribute> listAttributesText = new ArrayList<>( );
2392
2393 for ( IAttribute attribut : listAllAttributes )
2394 {
2395 if ( attribut.isAnonymizable( ) )
2396 {
2397 listAttributesText.add( attribut );
2398 }
2399 }
2400
2401 for ( IAttribute attribute : listAttributesText )
2402 {
2403 Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2404 attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2405 }
2406
2407 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2408 }
2409
2410
2411
2412
2413
2414
2415
2416
2417 public String getAnonymizeAdminUser( HttpServletRequest request )
2418 {
2419 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2420
2421 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2422 {
2423 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2424 }
2425
2426 int nUserId = Integer.parseInt( strAdminUserId );
2427 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2428
2429 if ( user == null )
2430 {
2431 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2432 }
2433
2434 String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2435 Map<String, Object> parameters = new HashMap<>( );
2436 parameters.put( PARAMETER_USER_ID, strAdminUserId );
2437 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2438
2439 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2440 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2441 }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters );
2442 }
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453 public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2454 {
2455 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2456
2457 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2458 {
2459 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2460 }
2461
2462 int nUserId = Integer.parseInt( strAdminUserId );
2463 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2464
2465 if ( user == null )
2466 {
2467 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2468 }
2469 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2470 {
2471 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2472 }
2473
2474 AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2475
2476 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2477 CONSTANT_BO );
2478
2479 return JSP_MANAGE_USER;
2480 }
2481
2482
2483
2484
2485
2486
2487
2488
2489 public String reactivateAccount( HttpServletRequest request )
2490 {
2491 AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2492 String strUrl;
2493 int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2494 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2495
2496 if ( user.getAccountMaxValidDate( ) != null )
2497 {
2498
2499 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2500 {
2501 AdminUserService.updateUserExpirationDate( user );
2502 }
2503
2504 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2505 AdminMessage.TYPE_INFO );
2506 }
2507 else
2508 {
2509 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2510 AdminMessage.TYPE_ERROR );
2511 }
2512
2513 return strUrl;
2514 }
2515
2516
2517
2518
2519
2520
2521
2522
2523 public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2524 {
2525 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2526
2527 Map<String, Object> model = new HashMap<>( );
2528 String strSenderKey = StringUtils.EMPTY;
2529 String strSubjectKey = StringUtils.EMPTY;
2530 String strBodyKey = StringUtils.EMPTY;
2531 String strTitle = StringUtils.EMPTY;
2532
2533 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2534 {
2535 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2536 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2537 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2538 strTitle = PROPERTY_FIRST_EMAIL;
2539 }
2540 else
2541 if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2542 {
2543 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2544 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2545 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2546 strTitle = PROPERTY_OTHER_EMAIL;
2547 }
2548 else
2549 if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2550 {
2551 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2552 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2553 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2554 strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2555 }
2556 else
2557 if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2558 {
2559 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2560 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2561 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2562 strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2563 }
2564 else
2565 if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2566 {
2567 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2568 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2569 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2570 strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2571 }
2572
2573 String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2574 String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2575
2576 defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2577
2578 String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2579
2580
2581 setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2582
2583 model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2584 model.put( MARK_EMAIL_SENDER, strSender );
2585 model.put( MARK_EMAIL_SUBJECT, strSubject );
2586 model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey ) );
2587 model.put( MARK_EMAIL_LABEL, strTitle );
2588 model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2589 model.put( MARK_LOCALE, getLocale( ) );
2590 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2591 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2592
2593 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2594
2595 return getAdminPage( template.getHtml( ) );
2596 }
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607 public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2608 {
2609 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2610 {
2611 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2612 }
2613 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2614
2615 String strSenderKey = StringUtils.EMPTY;
2616 String strSubjectKey = StringUtils.EMPTY;
2617 String strBodyKey = StringUtils.EMPTY;
2618
2619 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2620 {
2621 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2622 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2623 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2624 }
2625 else
2626 if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2627 {
2628 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2629 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2630 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2631 }
2632 else
2633 if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2634 {
2635 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2636 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2637 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2638 }
2639 else
2640 if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2641 {
2642 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2643 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2644 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2645 }
2646 else
2647 if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2648 {
2649 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2650 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2651 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2652 }
2653
2654 AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2655 AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2656 DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2657
2658 return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2659 }
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669 private void setItemNavigator( int nIdAdminUser, String strUrl )
2670 {
2671 if ( _itemNavigator == null )
2672 {
2673 List<String> listIdsRight = new ArrayList<>( );
2674 int nCurrentItemId = 0;
2675 int nIndex = 0;
2676
2677 AdminUser currentUser = getUser( );
2678
2679 for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2680 {
2681 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2682 {
2683 listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2684
2685 if ( adminUser.getUserId( ) == nIdAdminUser )
2686 {
2687 nCurrentItemId = nIndex;
2688 }
2689
2690 nIndex++;
2691 }
2692 }
2693
2694 _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2695 }
2696 else
2697 {
2698 _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2699 _itemNavigator.setBaseUrl( strUrl );
2700 }
2701 }
2702
2703
2704
2705
2706 private void reinitItemNavigator( )
2707 {
2708 _itemNavigator = null;
2709 }
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720 private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2721 {
2722 if ( currentUser == null || userToModify == null )
2723 {
2724 return false;
2725 }
2726 return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2727 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2728 }
2729
2730 private boolean isUserAuthorizedToChangeUserLevel ( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify ) {
2731 if ( currentUser == null || userToModify == null )
2732 {
2733 return false;
2734 }
2735 if( currentUser.checkRight("CORE_LEVEL_MANAGEMENT") && userToModify.getUserLevel() != 0) {
2736 return true;
2737 }
2738 else {
2739 return false;
2740 }
2741
2742 }
2743 }