1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import fr.paris.lutece.portal.service.security.AccessLogService;
37 import java.io.IOException;
38 import java.io.PrintWriter;
39 import java.sql.Timestamp;
40 import java.util.ArrayList;
41 import java.util.Collection;
42 import java.util.Collections;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.fileupload.FileItem;
52 import org.apache.commons.lang3.StringUtils;
53
54 import fr.paris.lutece.portal.business.rbac.RBACRole;
55 import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56 import fr.paris.lutece.portal.business.rbac.RBAC;
57 import fr.paris.lutece.portal.business.right.Level;
58 import fr.paris.lutece.portal.business.right.LevelHome;
59 import fr.paris.lutece.portal.business.right.Right;
60 import fr.paris.lutece.portal.business.right.RightHome;
61 import fr.paris.lutece.portal.business.user.AdminUser;
62 import fr.paris.lutece.portal.business.user.AdminUserHome;
63 import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65 import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69 import fr.paris.lutece.portal.business.xsl.XslExport;
70 import fr.paris.lutece.portal.business.xsl.XslExportHome;
71 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73 import fr.paris.lutece.portal.service.admin.AdminUserService;
74 import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75 import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76 import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77 import fr.paris.lutece.portal.service.i18n.I18nService;
78 import fr.paris.lutece.portal.service.message.AdminMessage;
79 import fr.paris.lutece.portal.service.message.AdminMessageService;
80 import fr.paris.lutece.portal.service.plugin.PluginService;
81 import fr.paris.lutece.portal.service.rbac.RBACService;
82 import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83 import fr.paris.lutece.portal.service.security.SecurityTokenService;
84 import fr.paris.lutece.portal.service.security.UserNotSignedException;
85 import fr.paris.lutece.portal.service.spring.SpringContextService;
86 import fr.paris.lutece.portal.service.template.AppTemplateService;
87 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88 import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89 import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90 import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91 import fr.paris.lutece.portal.service.util.AppException;
92 import fr.paris.lutece.portal.service.util.AppLogService;
93 import fr.paris.lutece.portal.service.util.AppPathService;
94 import fr.paris.lutece.portal.service.util.AppPropertiesService;
95 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96 import fr.paris.lutece.portal.service.xsl.XslExportService;
97 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98 import fr.paris.lutece.portal.web.constants.Messages;
99 import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117
118
119
120
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123 private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124 private static final long serialVersionUID = -6323157489236186522L;
125
126
127
128 private static final String CONSTANTE_UN = "1";
129 private static final String CONSTANT_USER_MSG = "User ";
130 private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131 private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132 private static final String CONSTANT_BO = "BO";
133
134
135 private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136
137
138 private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139 private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140 private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141 private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142 private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143 private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144 private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145 private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146 private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147 private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148 private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149 private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150 private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151 private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152 private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153 private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154 private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155 private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156
157
158 private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159 private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160 private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161 private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162 private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163 private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164 private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165 private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166 private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167 private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168 private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169 private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171 private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172 private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173 private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174 private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175 private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176 private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177 private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180 private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181 private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183 private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184 private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185 private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186 private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187 private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188 private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189 private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190 private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191 private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192 private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193 private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194 private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195 private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196 private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197 private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198 private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199
200
201 private static final String PARAMETER_ACCESS_CODE = "access_code";
202 private static final String PARAMETER_LAST_NAME = "last_name";
203 private static final String PARAMETER_FIRST_NAME = "first_name";
204 private static final String PARAMETER_EMAIL = "email";
205 private static final String PARAMETER_NOTIFY_USER = "notify_user";
206 private static final String PARAMETER_STATUS = "status";
207 private static final String PARAMETER_USER_ID = "id_user";
208 private static final String PARAMETER_ROLE = "roles";
209 private static final String PARAMETER_RIGHT = "right";
210 private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211 private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212 private static final String PARAMETER_LANGUAGE = "language";
213 private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214 private static final String PARAMETER_USER_LEVEL = "user_level";
215 private static final String PARAMETER_WORKGROUP = "workgroup";
216 private static final String PARAMETER_SELECT = "select";
217 private static final String PARAMETER_SELECT_ALL = "all";
218 private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219 private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220 private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221 private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222 private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224 private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225 private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226 private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227 private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228 private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229 private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230 private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231 private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232 private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234 private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235 private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236 private static final String PARAMETER_ATTRIBUTE = "attribute_";
237 private static final String PARAMETER_EMAIL_TYPE = "email_type";
238 private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239 private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242 private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243 private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246 private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247 private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248 private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249 private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250 private static final String PARAMETER_CANCEL = "cancel";
251 private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254 private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255 private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256 private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257 private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258 private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259 private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260 private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261 private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262 private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263 private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264 private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265 private static final String PARAMETER_RESET = "reset";
266
267
268 private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269 private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270 private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271 private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272 private static final String JSP_URL_MANAGE_USERS = "jsp/admin/user/ManageUsers.jsp";
273 private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
274 private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
275 private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
276 private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
277 private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
278 private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
279 private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
280 private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
281 private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
282 private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
283 private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
284
285
286 private static final String MARK_USER_LIST = "user_list";
287 private static final String MARK_IMPORT_USER_LIST = "import_user_list";
288 private static final String MARK_ACCESS_CODE = "access_code";
289 private static final String MARK_LAST_NAME = "last_name";
290 private static final String MARK_FIRST_NAME = "first_name";
291 private static final String MARK_EMAIL = "email";
292 private static final String MARK_IMPORT_USER = "import_user";
293 private static final String MARK_USER = "user";
294 private static final String MARK_LEVEL = "level";
295 private static final String MARK_USER_RIGHT_LIST = "user_right_list";
296 private static final String MARK_ALL_ROLE_LIST = "all_role_list";
297 private static final String MARK_USER_ROLE_LIST = "user_role_list";
298 private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
299 private static final String MARK_PAGINATOR = "paginator";
300 private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
301 private static final String MARK_LANGUAGES_LIST = "languages_list";
302 private static final String MARK_CURRENT_LANGUAGE = "current_language";
303 private static final String MARK_USER_CREATION_URL = "url_user_creation";
304 private static final String MARK_CAN_DELEGATE = "can_delegate";
305 private static final String MARK_CAN_MODIFY = "can_modify";
306 private static final String MARK_USER_LEVELS_LIST = "user_levels";
307 private static final String MARK_CURRENT_USER = "current_user";
308 private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
309 private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
310 private static final String MARK_SELECT_ALL = "select_all";
311 private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
312 private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
313 private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
314 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
315 private static final String MARK_LOCALE = "locale";
316 private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
317 private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
318 private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
319 private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
320 private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
321 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
322 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
323 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
324 private static final String MARK_EMAIL_SENDER = "email_sender";
325 private static final String MARK_EMAIL_SUBJECT = "email_subject";
326 private static final String MARK_EMAIL_BODY = "email_body";
327 private static final String MARK_EMAIL_LABEL = "emailLabel";
328 private static final String MARK_WEBAPP_URL = "webapp_url";
329 private static final String MARK_LIST_MESSAGES = "csv_messages";
330 private static final String MARK_CSV_SEPARATOR = "csv_separator";
331 private static final String MARK_CSV_ESCAPE = "csv_escape";
332 private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
333 private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
334 private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
335 private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
336 private static final String MARK_ADMIN_AVATAR = "adminAvatar";
337 private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
338 private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
339 private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
340
341 private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
342 private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
343 private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
344 private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
345 private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
346 private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
347 private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
348 private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
349 private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
350 private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
351 private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
352 private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
353 private static final String CONSTANT_POINT = ".";
354 private static final String CONSTANT_QUOTE = "\"";
355 private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
356 private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
357 private static final String CONSTANT_XML_USERS = "users";
358 private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
359 private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
360 private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
361 private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
362 private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
363 private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
364 private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
365 private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
366 private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
367 private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
368 private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
369 private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
370 private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
371
372 private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
373
374 private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
375 private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
376 private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
377 private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
378 private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
379
380 private transient ImportAdminUserService _importAdminUserService;
381 private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
382
383 private int _nItemsPerPage;
384 private String _strCurrentPageIndex;
385 private ItemNavigator _itemNavigator;
386
387
388
389
390
391
392
393
394 public String getManageAdminUsers( HttpServletRequest request )
395 {
396 setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
397
398
399 reinitItemNavigator( );
400
401 String strCreateUrl;
402 AdminUser currentUser = getUser( );
403
404 Map<String, Object> model = new HashMap<>( );
405
406
407 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
408 {
409 strCreateUrl = JSP_URL_CREATE_USER;
410 }
411 else
412 {
413 strCreateUrl = JSP_URL_IMPORT_USER;
414 }
415
416 String strURL = getHomeUrl( request );
417 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
418
419 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
420 listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
421
422 List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
423 List<AdminUser> listDisplayUsers = new ArrayList<>( );
424
425 for ( AdminUser user : availableUsers )
426 {
427 if ( isUserAuthorizedToModifyUser( currentUser, user ) )
428 {
429 listDisplayUsers.add( user );
430 }
431 }
432
433
434 String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
435 String strAscSort = null;
436
437 if ( strSortedAttributeName != null )
438 {
439 strAscSort = request.getParameter( Parameters.SORTED_ASC );
440
441 boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
442
443 Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
444 }
445
446 _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
447 int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
448 _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
449
450 if ( strSortedAttributeName != null )
451 {
452 url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
453 }
454
455 if ( strAscSort != null )
456 {
457 url.addParameter( Parameters.SORTED_ASC, strAscSort );
458 }
459
460
461 LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
462 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
463
464
465 Collection<Level> filteredLevels = new ArrayList<>( );
466
467 for ( Level level : LevelHome.getLevelsList( ) )
468 {
469 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
470 {
471 filteredLevels.add( level );
472 }
473 }
474
475 boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
476 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
477 boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
478 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
479
480 model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
481 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
482 model.put( MARK_PAGINATOR, paginator );
483 model.put( MARK_USER_LIST, paginator.getPageItems( ) );
484 model.put( MARK_USER_CREATION_URL, strCreateUrl );
485 model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
486 model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
487 model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
488 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
489
490 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
491
492 return getAdminPage( template.getHtml( ) );
493 }
494
495
496
497
498
499
500
501
502
503 public String getFindImportAdminUser( HttpServletRequest request )
504 {
505 setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
506
507 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
508 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
509 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
510 String strEmail = request.getParameter( PARAMETER_EMAIL );
511
512 Map<String, Object> model = new HashMap<>( );
513 Collection<?> allImportUsers = null;
514
515 if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
516 {
517 allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
518 }
519
520 model.put( MARK_IMPORT_USER_LIST, allImportUsers );
521 model.put( MARK_ACCESS_CODE, strAccessCode );
522 model.put( MARK_LAST_NAME, strLastName );
523 model.put( MARK_FIRST_NAME, strFirstName );
524 model.put( MARK_EMAIL, strEmail );
525
526 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
527
528 return getAdminPage( template.getHtml( ) );
529 }
530
531
532
533
534
535
536
537
538 public String doSelectImportUser( HttpServletRequest request )
539 {
540 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
541
542 if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
543 {
544 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
545 }
546
547
548 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
549 {
550 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
551 }
552
553 return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
554 }
555
556
557
558
559
560
561
562
563 public String getCreateAdminUser( HttpServletRequest request )
564 {
565 setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
566
567 HtmlTemplate template;
568 AdminUser currentUser = getUser( );
569 Collection<Level> filteredLevels = new ArrayList<>( );
570
571 for ( Level level : LevelHome.getLevelsList( ) )
572 {
573 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
574 {
575 filteredLevels.add( level );
576 }
577 }
578
579
580 String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
581 Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
582 int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
583 String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
584 int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
585
586
587 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
588
589
590 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
591 {
592 Map<String, Object> model = new HashMap<>( );
593
594 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
595 model.put( MARK_CURRENT_USER, currentUser );
596 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
597 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
598 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
599 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
600 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
601 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
602 model.put( MARK_LOCALE, getLocale( ) );
603 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
604 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
605 model.put( MARK_RANDOM_PASSWORD_SIZE,
606 AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
607 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
608 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
609
610 template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
611 }
612 else
613
614
615 {
616
617
618 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
619 AdminUser user = null;
620
621 if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
622 {
623 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
624 }
625
626 Map<String, Object> model = new HashMap<>( );
627
628 if ( user != null )
629 {
630 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
631 model.put( MARK_CURRENT_USER, currentUser );
632 model.put( MARK_IMPORT_USER, user );
633 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
634 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
635 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
636 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
637 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
638 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
639 model.put( MARK_LOCALE, getLocale( ) );
640 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
641 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
642 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
643 }
644
645 template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
646 }
647
648 return getAdminPage( template.getHtml( ) );
649 }
650
651
652
653
654
655
656
657
658
659
660 public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
661 {
662 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
663 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
664 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
665 String strEmail = request.getParameter( PARAMETER_EMAIL );
666 String strStatus = request.getParameter( PARAMETER_STATUS );
667 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
668 String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
669 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
670 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
671
672 String message = checkParameters( request, JSP_URL_CREATE_USER );
673
674 if ( message != null )
675 {
676 return message;
677 }
678
679
680 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
681 {
682 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
683 }
684
685
686 if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
687 {
688 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
689 }
690
691
692 int nNewUserLevel = Integer.parseInt( strUserLevel );
693
694
695 if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
696 {
697 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
698 }
699
700
701 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
702 {
703 LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
704 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
705 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
706
707 if ( StringUtils.isEmpty( strFirstPassword ) )
708 {
709 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
710 }
711
712 if ( !strFirstPassword.equals( strSecondPassword ) )
713 {
714 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
715 }
716
717 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
718
719 if ( StringUtils.isNotEmpty( strUrl ) )
720 {
721 return strUrl;
722 }
723
724 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
725
726 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
727 user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
728
729 user.setAccessCode( strAccessCode );
730 user.setLastName( strLastName );
731 user.setFirstName( strFirstName );
732 user.setEmail( strEmail );
733 user.setStatus( Integer.parseInt( strStatus ) );
734 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
735
736 user.setUserLevel( nNewUserLevel );
737 user.setPasswordReset( Boolean.TRUE );
738 user.setAccessibilityMode( strAccessibilityMode != null );
739 user.setWorkgroupKey( strWorkgroupKey );
740
741 AdminUserHome.create( user );
742 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
743
744 if ( CONSTANTE_UN.equals( strNotifyUser ) )
745 {
746
747 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
748 TEMPLATE_NOTIFY_USER );
749 }
750
751 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
752 CONSTANT_BO );
753 }
754 else
755 {
756 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
757 user.setAccessCode( strAccessCode );
758 user.setLastName( strLastName );
759 user.setFirstName( strFirstName );
760 user.setEmail( strEmail );
761 user.setStatus( Integer.parseInt( strStatus ) );
762 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
763
764 user.setUserLevel( nNewUserLevel );
765 user.setAccessibilityMode( strAccessibilityMode != null );
766 user.setWorkgroupKey( strWorkgroupKey );
767
768 AdminUserHome.create( user );
769 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
770
771 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
772 CONSTANT_BO );
773 }
774
775 return JSP_MANAGE_USER;
776 }
777
778 private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
779 {
780 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
781 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
782 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
783 String strEmail = request.getParameter( PARAMETER_EMAIL );
784
785 if ( StringUtils.isEmpty( strAccessCode ) )
786 {
787 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
788 }
789
790 if ( StringUtils.isEmpty( strLastName ) )
791 {
792 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
793 }
794
795 if ( StringUtils.isEmpty( strFirstName ) )
796 {
797 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
798 }
799
800 if ( StringUtils.isBlank( strEmail ) )
801 {
802 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
803 }
804
805 if ( !AdminUserService.checkEmail( strEmail ) )
806 {
807 return AdminUserService.getEmailErrorMessageUrl( request );
808 }
809
810 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
811
812 if ( strError != null )
813 {
814 return strError;
815 }
816
817 if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
818 {
819 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
820 }
821
822 return null;
823 }
824
825
826
827
828
829
830
831
832
833
834 public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
835 {
836 setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
837
838 String strUserId = request.getParameter( PARAMETER_USER_ID );
839
840 int nUserId = Integer.parseInt( strUserId );
841
842 Map<String, Object> model = new HashMap<>( );
843 HtmlTemplate template;
844
845 AdminUser user;
846 String strTemplateUrl;
847
848
849
850 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
851 {
852 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
853 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
854 }
855 else
856 {
857 user = AdminUserHome.findByPrimaryKey( nUserId );
858 strTemplateUrl = TEMPLATE_MODIFY_USER;
859 }
860
861 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
862 {
863 return getManageAdminUsers( request );
864 }
865
866 AdminUser currentUser = AdminUserService.getAdminUser( request );
867
868 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
869 {
870 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
871 }
872
873 Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
874 ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
875
876 if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
877 {
878 for ( Level levelItem : LevelHome.getLevelsList( ) )
879 {
880 filteredLevels.add( levelItem.getReferenceItem( ) );
881 }
882 ;
883 filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
884 }
885
886
887 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
888
889 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
890 Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
891
892 model.put( MARK_USER, user );
893 model.put( MARK_LEVEL, level );
894 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
895 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
896 model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
897 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
898 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
899 model.put( MARK_LOCALE, getLocale( ) );
900 model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
901 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
902 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
903
904 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
905
906 return getAdminPage( template.getHtml( ) );
907 }
908
909
910
911
912
913
914
915
916
917
918 public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
919 {
920 String strUserId = request.getParameter( PARAMETER_USER_ID );
921 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
922 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
923 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
924 String strEmail = request.getParameter( PARAMETER_EMAIL );
925 String strStatus = request.getParameter( PARAMETER_STATUS );
926 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
927 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
928 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
929 int nUserId = Integer.parseInt( strUserId );
930
931 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
932 AdminUser currentUser = AdminUserService.getAdminUser( request );
933
934 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
935 {
936 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
937 }
938
939
940
941 if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
942 {
943 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
944 }
945
946 String message = checkParameters( request, JSP_URL_MODIFY_USER );
947
948 if ( message != null )
949 {
950 return message;
951 }
952
953 int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
954
955
956 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
957 {
958 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
959 }
960
961 checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
962
963
964 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
965 {
966 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
967 }
968
969
970 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
971 {
972 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
973
974 user.setUserId( nUserId );
975 user.setAccessCode( strAccessCode );
976 user.setLastName( strLastName );
977 user.setFirstName( strFirstName );
978 user.setEmail( strEmail );
979 user.setWorkgroupKey( strWorkgroupKey );
980 user.setUserLevel( Integer.parseInt( strUserLevel ) );
981
982 int nStatus = Integer.parseInt( strStatus );
983
984 if ( nStatus != user.getStatus( ) )
985 {
986 user.setStatus( nStatus );
987 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
988 TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
989 }
990
991 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
992 user.setAccessibilityMode( strAccessibilityMode != null );
993
994 AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
995
996 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
997
998 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
999 CONSTANT_BO );
1000 }
1001 else
1002 {
1003 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1004 user.setUserId( nUserId );
1005 user.setAccessCode( strAccessCode );
1006 user.setLastName( strLastName );
1007 user.setFirstName( strFirstName );
1008 user.setEmail( strEmail );
1009 user.setStatus( Integer.parseInt( strStatus ) );
1010 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1011 user.setAccessibilityMode( strAccessibilityMode != null );
1012 user.setWorkgroupKey( strWorkgroupKey );
1013 user.setUserLevel( Integer.parseInt( strUserLevel ) );
1014
1015 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1016
1017 if ( strError != null )
1018 {
1019 return strError;
1020 }
1021
1022 AdminUserHome.update( user );
1023
1024 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1025
1026 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1027 CONSTANT_BO );
1028 }
1029
1030 return JSP_MANAGE_USER;
1031 }
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042 public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1043 {
1044 setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1045
1046 String strUserId = request.getParameter( PARAMETER_USER_ID );
1047
1048 int nUserId = Integer.parseInt( strUserId );
1049
1050 Map<String, Object> model = new HashMap<>( );
1051 HtmlTemplate template;
1052
1053 AdminUser user = null;
1054 String strTemplateUrl = "";
1055
1056
1057
1058 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1059 {
1060 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1061 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1062 }
1063 else
1064 {
1065 throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1066 }
1067
1068 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1069 {
1070 throw new AppException( "User to modify password for not found" );
1071 }
1072
1073 AdminUser currentUser = AdminUserService.getAdminUser( request );
1074
1075 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1076 {
1077 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1078 }
1079
1080
1081 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1082
1083 model.put( MARK_USER, user );
1084 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1085 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1086 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1087
1088 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1089
1090 return getAdminPage( template.getHtml( ) );
1091 }
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102 public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1103 {
1104 if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1105 {
1106 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1107 }
1108 String strUserId = request.getParameter( PARAMETER_USER_ID );
1109
1110 int nUserId = Integer.parseInt( strUserId );
1111
1112 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1113
1114 if ( userToModify == null )
1115 {
1116 throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1117 }
1118
1119 AdminUser currentUser = AdminUserService.getAdminUser( request );
1120
1121 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1122 {
1123 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1124 }
1125
1126
1127 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1128 {
1129 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1130
1131 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1132 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1133
1134 if ( StringUtils.isEmpty( strFirstPassword ) )
1135 {
1136 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1137 I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1138 }, AdminMessage.TYPE_STOP );
1139 }
1140
1141 if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1142 {
1143
1144 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1145 }
1146
1147 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1148
1149 if ( StringUtils.isNotEmpty( strUrl ) )
1150 {
1151 return strUrl;
1152 }
1153
1154 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1155 user.setPasswordReset( Boolean.FALSE );
1156 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1157
1158 AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1159
1160 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1161 user.getAccessCode( ), CONSTANT_BO );
1162 }
1163
1164 return JSP_MANAGE_USER;
1165 }
1166
1167
1168
1169
1170
1171
1172
1173
1174 public String getImportUsersFromFile( HttpServletRequest request )
1175 {
1176 _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1177 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1178 getUser( ) ) )
1179 {
1180 return getManageAdminUsers( request );
1181 }
1182
1183 setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1184
1185 Map<String, Object> model = new HashMap<>( );
1186
1187 model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1188
1189 String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1190 String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1191 String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1192 model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1193 model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1194 model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1195 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1196
1197 String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1198 HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1199
1200 return getAdminPage( template.getHtml( ) );
1201 }
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212 public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1213 {
1214 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1215
1216 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1217 getUser( ) ) )
1218 {
1219 result.setHtmlContent( getManageAdminUsers( request ) );
1220
1221 return result;
1222 }
1223
1224 if ( request instanceof MultipartHttpServletRequest )
1225 {
1226 MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1227 FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1228 String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1229
1230 if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1231 {
1232 Object [ ] tabRequiredFields = {
1233 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1234 };
1235 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1236
1237 return result;
1238 }
1239
1240 if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1241 && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1242 || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1243 {
1244 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1245
1246 return result;
1247 }
1248 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1249 {
1250 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1251 }
1252
1253 String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1254 boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1255 String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1256 boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1257
1258 _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1259
1260 List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1261 AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1262
1263 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1264 CONSTANT_BO );
1265
1266 request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1267
1268 String strHtmlResult = getImportUsersFromFile( request );
1269 result.setHtmlContent( strHtmlResult );
1270 }
1271 else
1272 {
1273 Object [ ] tabRequiredFields = {
1274 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1275 };
1276 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1277 }
1278
1279 return result;
1280 }
1281
1282
1283
1284
1285
1286
1287
1288
1289 public String getExportUsers( HttpServletRequest request )
1290 {
1291 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1292 getUser( ) ) )
1293 {
1294 return getManageAdminUsers( request );
1295 }
1296
1297 setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1298
1299 Map<String, Object> model = new HashMap<>( );
1300
1301 ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1302
1303 model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1304
1305 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1306
1307 return getAdminPage( template.getHtml( ) );
1308 }
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321 public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1322 {
1323 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1324
1325 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1326 getUser( ) ) )
1327 {
1328 result.setHtmlContent( getManageAdminUsers( request ) );
1329
1330 return result;
1331 }
1332
1333 String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1334 String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1335 String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1336 String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1337 String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1338 boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1339 boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1340 boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1341 boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1342
1343 if ( StringUtils.isBlank( strXslExportId ) )
1344 {
1345 Object [ ] tabRequiredFields = {
1346 I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1347 };
1348 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1349
1350 return result;
1351 }
1352
1353 int nIdXslExport = Integer.parseInt( strXslExportId );
1354
1355 XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1356
1357 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1358
1359 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1360 List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1361
1362 for ( IAttribute attribute : listAttributes )
1363 {
1364 if ( attribute instanceof ISimpleValuesAttributes )
1365 {
1366 listAttributesFiltered.add( attribute );
1367 }
1368 }
1369
1370 StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1371 XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1372
1373 for ( AdminUser user : listUsers )
1374 {
1375 if ( !user.isStatusAnonymized( ) )
1376 {
1377 sbXml.append(
1378 AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1379 }
1380 }
1381
1382 XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1383
1384 String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1385 String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1386
1387 if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1388 {
1389 response.setContentType( CONSTANT_MIME_TYPE_CSV );
1390 }
1391 else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1392 {
1393 response.setContentType( CONSTANT_MIME_TYPE_XML );
1394 }
1395 else
1396 {
1397 response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1398 }
1399
1400 String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1401 response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1402
1403 PrintWriter out = response.getWriter( );
1404 out.write( strExportedUsers );
1405 out.flush( );
1406 out.close( );
1407
1408 return null;
1409 }
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420 public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1421 {
1422 String strUserId = request.getParameter( PARAMETER_USER_ID );
1423 int nUserId = Integer.parseInt( strUserId );
1424 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1425
1426 if ( user == null )
1427 {
1428 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1429 }
1430
1431 AdminUser currentUser = AdminUserService.getAdminUser( request );
1432
1433 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1434 {
1435 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1436 }
1437
1438 String strUrlRemove = JSP_URL_REMOVE_USER;
1439 Map<String, Object> parameters = new HashMap<>( );
1440 parameters.put( PARAMETER_USER_ID, strUserId );
1441 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1442
1443 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1444 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1445 }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
1446 }
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457 public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1458 {
1459 String strUserId = request.getParameter( PARAMETER_USER_ID );
1460 int nUserId = Integer.parseInt( strUserId );
1461 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1462
1463 if ( user == null )
1464 {
1465 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1466 }
1467 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1468 {
1469 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1470 }
1471
1472 AdminUser currentUser = AdminUserService.getAdminUser( request );
1473
1474 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1475 {
1476 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1477 }
1478
1479 String strRemovedUserAccessCode = user.getAccessCode( );
1480
1481 AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1482 AdminUserHome.removeAllRightsForUser( nUserId );
1483 AdminUserHome.removeAllRolesForUser( nUserId );
1484 AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1485 AdminUserHome.remove( nUserId );
1486
1487 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1488 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1489
1490 return JSP_MANAGE_USER;
1491 }
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502 public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1503 {
1504 setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1505
1506 String strUserId = request.getParameter( PARAMETER_USER_ID );
1507 int nUserId = Integer.parseInt( strUserId );
1508
1509 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1510
1511 AdminUser currentUser = AdminUserService.getAdminUser( request );
1512
1513 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1514 {
1515 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1516 }
1517
1518 Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1519
1520
1521 setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1522
1523 HashMap<String, Object> model = new HashMap<>( );
1524 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1525 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1526 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1527 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1528 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1529
1530 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1531
1532 return getAdminPage( template.getHtml( ) );
1533 }
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544 public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1545 {
1546 setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1547
1548 String strUserId = request.getParameter( PARAMETER_USER_ID );
1549 int nUserId = Integer.parseInt( strUserId );
1550
1551 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1552 AdminUser currentUser = AdminUserService.getAdminUser( request );
1553
1554 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1555 {
1556 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1557 }
1558
1559 ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1560
1561
1562 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1563
1564 Map<String, Object> model = new HashMap<>( );
1565 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1566 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1567 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1568 model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1569 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1570
1571 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1572
1573 return getAdminPage( template.getHtml( ) );
1574 }
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585 public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1586 {
1587 boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1588
1589 setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1590
1591 String strUserId = request.getParameter( PARAMETER_USER_ID );
1592 int nUserId = Integer.parseInt( strUserId );
1593
1594 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1595 AdminUser currentUser = getUser( );
1596
1597 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1598 {
1599 return getManageAdminUsers( request );
1600 }
1601
1602 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1603 {
1604 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1605 }
1606
1607 ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1608 ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1609
1610 ArrayList<String> checkedValues = new ArrayList<>( );
1611
1612 for ( ReferenceItem item : userWorkspaces )
1613 {
1614 checkedValues.add( item.getCode( ) );
1615 }
1616
1617 assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1618
1619
1620 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1621
1622 Map<String, Object> model = new HashMap<>( );
1623 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1624 model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1625 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1626 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1627 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1628 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1629
1630 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1631
1632 return getAdminPage( template.getHtml( ) );
1633 }
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644 public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1645 {
1646 boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1647
1648 String strSelectAll = request.getParameter( PARAMETER_SELECT );
1649 boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1650
1651 setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1652
1653 String strUserId = request.getParameter( PARAMETER_USER_ID );
1654 int nUserId = Integer.parseInt( strUserId );
1655
1656 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1657 AdminUser currentUser = getUser( );
1658
1659 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1660 {
1661 return getManageAdminUsers( request );
1662 }
1663
1664 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1665 {
1666 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1667 }
1668
1669 Collection<Right> rightList;
1670 Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1671
1672 if ( bDelegateRights )
1673 {
1674 Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1675 rightList = new ArrayList<>( );
1676
1677 for ( Right right : rights.values( ) )
1678 {
1679
1680
1681 if ( right.getLevel( ) >= user.getUserLevel( ) )
1682 {
1683 rightList.add( right );
1684 }
1685 }
1686 }
1687 else
1688 {
1689 rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1690 }
1691
1692
1693 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1694
1695 Map<String, Object> model = new HashMap<>( );
1696 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1697 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1698 model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1699 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1700 model.put( MARK_SELECT_ALL, bSelectAll );
1701 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1702 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1703 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1704
1705 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1706
1707 return getAdminPage( template.getHtml( ) );
1708 }
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719 public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1720 {
1721 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1722 {
1723 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1724 }
1725 String strUserId = request.getParameter( PARAMETER_USER_ID );
1726 int nUserId = Integer.parseInt( strUserId );
1727
1728 String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1729
1730 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1731 AdminUser currentUser = AdminUserService.getAdminUser( request );
1732
1733 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1734 {
1735 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1736 }
1737
1738 AdminUserHome.removeAllOwnRightsForUser( user );
1739
1740 if ( arrayRights != null )
1741 {
1742 for ( String strRight : arrayRights )
1743 {
1744 AdminUserHome.createRightForUser( nUserId, strRight );
1745 }
1746 }
1747
1748 HashMap<String, String [ ]> mapData = new HashMap<>( );
1749 mapData.put( user.getAccessCode( ), arrayRights );
1750 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1751
1752 if ( user.getUserId( ) == currentUser.getUserId( ) )
1753 {
1754 try
1755 {
1756 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1757 }
1758 catch( AccessDeniedException | UserNotSignedException e )
1759 {
1760 AppLogService.error( e.getMessage( ), e );
1761 }
1762 }
1763
1764 return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1765 }
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776 public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1777 {
1778 setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1779
1780 String strUserId = request.getParameter( PARAMETER_USER_ID );
1781 int nUserId = Integer.parseInt( strUserId );
1782 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1783 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1784
1785 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1786 {
1787 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1788 }
1789
1790 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1791
1792
1793 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1794
1795 Map<String, Object> model = new HashMap<>( );
1796 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1797 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1798 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1799 model.put( MARK_USER_ROLE_LIST, roleList );
1800 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1801
1802 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1803
1804 return getAdminPage( template.getHtml( ) );
1805 }
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816 public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1817 {
1818 boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1819 setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1820
1821 String strUserId = request.getParameter( PARAMETER_USER_ID );
1822 int nUserId = Integer.parseInt( strUserId );
1823
1824 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1825 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1826
1827 if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1828 {
1829 return getManageAdminUsers( request );
1830 }
1831
1832 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1833 {
1834 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1835 }
1836
1837 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1838 Collection<RBACRole> assignableRoleList;
1839
1840 if ( bDelegateRoles )
1841 {
1842
1843 assignableRoleList = new ArrayList<>( );
1844
1845 AdminUser currentUser = getUser( );
1846
1847 for ( RBACRole role : RBACRoleHome.findAll( ) )
1848 {
1849 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1850 {
1851 assignableRoleList.add( role );
1852 }
1853 }
1854 }
1855 else
1856 {
1857
1858 assignableRoleList = RBACRoleHome.findAll( );
1859 }
1860
1861
1862 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1863
1864 Map<String, Object> model = new HashMap<>( );
1865 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1866 model.put( MARK_USER_ROLE_LIST, roleList );
1867 model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1868 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1869 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1870 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1871
1872 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1873
1874 return getAdminPage( template.getHtml( ) );
1875 }
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886 public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1887 {
1888 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1889 {
1890 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1891 }
1892 String strUserId = request.getParameter( PARAMETER_USER_ID );
1893 int nUserId = Integer.parseInt( strUserId );
1894 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1895 AdminUser currentUser = AdminUserService.getAdminUser( request );
1896
1897 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1898 {
1899 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1900 }
1901
1902 String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1903
1904 AdminUserHome.removeAllRolesForUser( nUserId );
1905
1906 if ( arrayRoles != null )
1907 {
1908 for ( String strRole : arrayRoles )
1909 {
1910 AdminUserHome.createRoleForUser( nUserId, strRole );
1911 }
1912 }
1913
1914 HashMap<String, String [ ]> mapData = new HashMap<>( );
1915 mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1916 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1917
1918 return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1919 }
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930 public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1931 {
1932 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1933 {
1934 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1935 }
1936 String strUserId = request.getParameter( PARAMETER_USER_ID );
1937 int nUserId = Integer.parseInt( strUserId );
1938 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1939 AdminUser currentUser = getUser( );
1940
1941 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1942 {
1943 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1944 }
1945
1946 String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1947 ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1948
1949 for ( ReferenceItem item : assignableWorkgroups )
1950 {
1951 AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1952 }
1953
1954 if ( arrayWorkspaces != null )
1955 {
1956 for ( String strWorkgroupKey : arrayWorkspaces )
1957 {
1958 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1959 }
1960 }
1961
1962 HashMap<String, String [ ]> mapData = new HashMap<>( );
1963 mapData.put( user.getAccessCode( ), arrayWorkspaces );
1964 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1965
1966 return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1967 }
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978 private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1979 {
1980 ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1981
1982 if ( workgroups.isEmpty( ) )
1983 {
1984 return true;
1985 }
1986
1987 for ( ReferenceItem item : workgroups )
1988 {
1989 if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1990 {
1991 return true;
1992 }
1993 }
1994
1995 return false;
1996 }
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007 public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2008 {
2009 if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2010 {
2011 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2012 }
2013 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2014 getUser( ) ) )
2015 {
2016 throw new AccessDeniedException(
2017 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2018 }
2019
2020 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2021 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2022 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2023 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2024
2025 Map logParametersMap = new HashMap( );
2026 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2027 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2028 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2029 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2030 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2031 CONSTANT_BO );
2032
2033 return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2034 }
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045 public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2046 {
2047 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2048 {
2049 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2050 }
2051 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2052 getUser( ) ) )
2053 {
2054 throw new AccessDeniedException(
2055 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2056 }
2057
2058 Map logParametersMap = new HashMap( );
2059
2060 String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2061 strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2062
2063 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2064 logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2065
2066
2067 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2068 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2069
2070 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2071 logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2072 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2073 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2074 logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2075
2076 boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2077
2078 if ( bUseAdvancedSecurityParameter )
2079 {
2080
2081 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2082 request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2083 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2084 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2085 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2086 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2087 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2088 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2089 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2090
2091
2092 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2093 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2094
2095
2096 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2097 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2098
2099
2100 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2101 request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2102 logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2103
2104
2105 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2106 request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2107 logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2108
2109
2110 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2111 request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2112 logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2113 }
2114
2115
2116 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2117 logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2118
2119
2120 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2121 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2122 logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2123
2124
2125 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2126 logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2127
2128
2129 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2130 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2131 logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2132
2133
2134 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2135 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2136
2137
2138 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2139 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2140
2141
2142 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2143 logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2144
2145 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2146 CONSTANT_BO );
2147
2148 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2149 }
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160 public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2161 {
2162 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2163 getUser( ) ) )
2164 {
2165 throw new AccessDeniedException(
2166 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2167 }
2168 if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2169 {
2170 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2171 {
2172 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2173 }
2174 return doResetEmailPattern( request );
2175 }
2176 String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2177 String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2178
2179 if ( StringUtils.isNotBlank( strEmailPattern ) )
2180 {
2181 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2182 {
2183 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2184 }
2185 AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2186 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2187 }
2188 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2189 }
2190
2191
2192
2193
2194
2195
2196 private String doResetEmailPattern( HttpServletRequest request )
2197 {
2198 AdminUserService.doResetEmailPattern( );
2199
2200 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2201 }
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212 public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2213 {
2214 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2215 {
2216 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2217 }
2218 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2219 getUser( ) ) )
2220 {
2221 throw new AccessDeniedException(
2222 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2223 }
2224
2225 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2226
2227 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2228 {
2229 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2230 AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2231 }
2232
2233 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2234 }
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245 public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2246 {
2247 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2248 {
2249 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2250 }
2251 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2252 getUser( ) ) )
2253 {
2254 throw new AccessDeniedException(
2255 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2256 }
2257
2258 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2259
2260 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2261 {
2262 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2263 AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2264 }
2265
2266 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2267 }
2268
2269
2270
2271
2272
2273
2274
2275
2276 public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2277 {
2278 Map<String, Object> parameters = new HashMap<>( 1 );
2279 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2280
2281 if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2282 {
2283 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2284 AdminMessage.TYPE_CONFIRMATION, parameters );
2285 }
2286
2287 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2288 parameters );
2289 }
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300 public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2301 {
2302 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2303 {
2304 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2305 }
2306 AdminUserService.useAdvancedSecurityParameters( );
2307
2308 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2309 CONSTANT_BO );
2310
2311 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2312 }
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323 public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2324 {
2325 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2326 {
2327 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2328 }
2329 AdminUserService.removeAdvancedSecurityParameters( );
2330
2331 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2332 CONSTANT_BO );
2333
2334 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2335 }
2336
2337
2338
2339
2340
2341
2342
2343
2344 public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2345 {
2346 Map<String, Object> model = new HashMap<>( );
2347
2348 List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2349 List<IAttribute> listAttributesText = new ArrayList<>( );
2350
2351 for ( IAttribute attribut : listAllAttributes )
2352 {
2353 if ( attribut.isAnonymizable( ) )
2354 {
2355 listAttributesText.add( attribut );
2356 }
2357 }
2358
2359 model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2360
2361 model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2362 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2363
2364 setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2365
2366 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2367
2368 return getAdminPage( template.getHtml( ) );
2369 }
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380 public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2381 {
2382 if ( request.getParameter( PARAMETER_CANCEL ) != null )
2383 {
2384 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2385 }
2386 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2387 {
2388 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2389 }
2390
2391 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2392 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2393 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2394 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2395
2396 AttributeService attributeService = AttributeService.getInstance( );
2397
2398 List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2399 List<IAttribute> listAttributesText = new ArrayList<>( );
2400
2401 for ( IAttribute attribut : listAllAttributes )
2402 {
2403 if ( attribut.isAnonymizable( ) )
2404 {
2405 listAttributesText.add( attribut );
2406 }
2407 }
2408
2409 for ( IAttribute attribute : listAttributesText )
2410 {
2411 Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2412 attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2413 }
2414
2415 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2416 }
2417
2418
2419
2420
2421
2422
2423
2424
2425 public String getAnonymizeAdminUser( HttpServletRequest request )
2426 {
2427 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2428
2429 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2430 {
2431 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2432 }
2433
2434 int nUserId = Integer.parseInt( strAdminUserId );
2435 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2436
2437 if ( user == null )
2438 {
2439 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2440 }
2441
2442 String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2443 Map<String, Object> parameters = new HashMap<>( );
2444 parameters.put( PARAMETER_USER_ID, strAdminUserId );
2445 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2446
2447 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2448 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2449 }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
2450 }
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461 public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2462 {
2463 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2464
2465 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2466 {
2467 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2468 }
2469
2470 int nUserId = Integer.parseInt( strAdminUserId );
2471 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2472
2473 if ( user == null )
2474 {
2475 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2476 }
2477 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2478 {
2479 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2480 }
2481
2482 AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2483
2484 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2485 CONSTANT_BO );
2486
2487 return JSP_MANAGE_USER;
2488 }
2489
2490
2491
2492
2493
2494
2495
2496
2497 public String reactivateAccount( HttpServletRequest request )
2498 {
2499 AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2500 String strUrl;
2501 int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2502 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2503
2504 if ( user.getAccountMaxValidDate( ) != null )
2505 {
2506
2507 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2508 {
2509 AdminUserService.updateUserExpirationDate( user );
2510 }
2511
2512 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2513 AdminMessage.TYPE_INFO );
2514 }
2515 else
2516 {
2517 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2518 AdminMessage.TYPE_ERROR );
2519 }
2520
2521 return strUrl;
2522 }
2523
2524
2525
2526
2527
2528
2529
2530
2531 public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2532 {
2533 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2534
2535 Map<String, Object> model = new HashMap<>( );
2536 String strSenderKey = StringUtils.EMPTY;
2537 String strSubjectKey = StringUtils.EMPTY;
2538 String strBodyKey = StringUtils.EMPTY;
2539 String strTitle = StringUtils.EMPTY;
2540
2541 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2542 {
2543 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2544 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2545 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2546 strTitle = PROPERTY_FIRST_EMAIL;
2547 }
2548 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2549 {
2550 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2551 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2552 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2553 strTitle = PROPERTY_OTHER_EMAIL;
2554 }
2555 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2556 {
2557 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2558 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2559 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2560 strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2561 }
2562 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2563 {
2564 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2565 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2566 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2567 strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2568 }
2569 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2570 {
2571 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2572 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2573 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2574 strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2575 }
2576
2577 String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2578 String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2579
2580 defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2581
2582 String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2583
2584
2585 setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2586
2587 model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2588 model.put( MARK_EMAIL_SENDER, strSender );
2589 model.put( MARK_EMAIL_SUBJECT, strSubject );
2590 model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2591 model.put( MARK_EMAIL_LABEL, strTitle );
2592 model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2593 model.put( MARK_LOCALE, getLocale( ) );
2594 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2595 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2596
2597 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2598
2599 return getAdminPage( template.getHtml( ) );
2600 }
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611 public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2612 {
2613 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2614 {
2615 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2616 }
2617 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2618
2619 String strSenderKey = StringUtils.EMPTY;
2620 String strSubjectKey = StringUtils.EMPTY;
2621 String strBodyKey = StringUtils.EMPTY;
2622
2623 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2624 {
2625 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2626 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2627 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2628 }
2629 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2630 {
2631 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2632 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2633 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2634 }
2635 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2636 {
2637 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2638 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2639 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2640 }
2641 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2642 {
2643 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2644 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2645 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2646 }
2647 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2648 {
2649 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2650 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2651 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2652 }
2653
2654 AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2655 AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2656 DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2657
2658 return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2659 }
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669 private void setItemNavigator( int nIdAdminUser, String strUrl )
2670 {
2671 if ( _itemNavigator == null )
2672 {
2673 List<String> listIdsRight = new ArrayList<>( );
2674 int nCurrentItemId = 0;
2675 int nIndex = 0;
2676
2677 AdminUser currentUser = getUser( );
2678
2679 for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2680 {
2681 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2682 {
2683 listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2684
2685 if ( adminUser.getUserId( ) == nIdAdminUser )
2686 {
2687 nCurrentItemId = nIndex;
2688 }
2689
2690 nIndex++;
2691 }
2692 }
2693
2694 _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2695 }
2696 else
2697 {
2698 _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2699 _itemNavigator.setBaseUrl( strUrl );
2700 }
2701 }
2702
2703
2704
2705
2706 private void reinitItemNavigator( )
2707 {
2708 _itemNavigator = null;
2709 }
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720 private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2721 {
2722 if ( currentUser == null || userToModify == null )
2723 {
2724 return false;
2725 }
2726 return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2727 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2728 }
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739 private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2740 {
2741 if ( currentUser == null || userToModify == null )
2742 {
2743 return false;
2744 }
2745 return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2746 }
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757 private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2758 {
2759 if ( strSelectedUserLevel != null )
2760 {
2761 int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2762 return nSelectedUserLevel != user.getUserLevel( );
2763 }
2764 return false;
2765 }
2766 }