View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.user;
35  
36  import fr.paris.lutece.portal.service.security.AccessLogService;
37  import java.io.IOException;
38  import java.io.PrintWriter;
39  import java.sql.Timestamp;
40  import java.util.ArrayList;
41  import java.util.Collection;
42  import java.util.Collections;
43  import java.util.HashMap;
44  import java.util.List;
45  import java.util.Locale;
46  import java.util.Map;
47  
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  
51  import org.apache.commons.fileupload.FileItem;
52  import org.apache.commons.lang3.StringUtils;
53  
54  import fr.paris.lutece.portal.business.rbac.RBACRole;
55  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56  import fr.paris.lutece.portal.business.rbac.RBAC;
57  import fr.paris.lutece.portal.business.right.Level;
58  import fr.paris.lutece.portal.business.right.LevelHome;
59  import fr.paris.lutece.portal.business.right.Right;
60  import fr.paris.lutece.portal.business.right.RightHome;
61  import fr.paris.lutece.portal.business.user.AdminUser;
62  import fr.paris.lutece.portal.business.user.AdminUserHome;
63  import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64  import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65  import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66  import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67  import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68  import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69  import fr.paris.lutece.portal.business.xsl.XslExport;
70  import fr.paris.lutece.portal.business.xsl.XslExportHome;
71  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72  import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73  import fr.paris.lutece.portal.service.admin.AdminUserService;
74  import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75  import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76  import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77  import fr.paris.lutece.portal.service.i18n.I18nService;
78  import fr.paris.lutece.portal.service.message.AdminMessage;
79  import fr.paris.lutece.portal.service.message.AdminMessageService;
80  import fr.paris.lutece.portal.service.plugin.PluginService;
81  import fr.paris.lutece.portal.service.rbac.RBACService;
82  import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83  import fr.paris.lutece.portal.service.security.SecurityTokenService;
84  import fr.paris.lutece.portal.service.security.UserNotSignedException;
85  import fr.paris.lutece.portal.service.spring.SpringContextService;
86  import fr.paris.lutece.portal.service.template.AppTemplateService;
87  import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88  import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89  import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90  import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91  import fr.paris.lutece.portal.service.util.AppException;
92  import fr.paris.lutece.portal.service.util.AppLogService;
93  import fr.paris.lutece.portal.service.util.AppPathService;
94  import fr.paris.lutece.portal.service.util.AppPropertiesService;
95  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96  import fr.paris.lutece.portal.service.xsl.XslExportService;
97  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98  import fr.paris.lutece.portal.web.constants.Messages;
99  import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117 
118 /**
119  * This class provides the user interface to manage app user features ( manage, create, modify, remove, ... )
120  */
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123     private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124     private static final long serialVersionUID = -6323157489236186522L;
125 
126     // //////////////////////////////////////////////////////////////////////////
127     // Constants
128     private static final String CONSTANTE_UN = "1";
129     private static final String CONSTANT_USER_MSG = "User ";
130     private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131     private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132     private static final String CONSTANT_BO = "BO";
133 
134     // Beans
135     private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136 
137     // Templates
138     private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139     private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140     private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141     private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142     private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143     private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144     private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145     private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146     private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147     private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148     private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149     private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150     private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151     private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152     private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153     private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154     private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155     private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156 
157     // Messages
158     private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159     private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160     private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161     private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162     private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163     private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164     private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165     private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166     private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167     private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168     private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169     private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171     private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172     private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173     private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174     private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175     private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176     private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177     private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180     private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181     private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183     private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184     private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185     private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186     private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187     private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188     private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189     private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190     private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191     private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192     private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193     private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194     private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195     private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196     private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197     private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198     private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199 
200     // Parameters
201     private static final String PARAMETER_ACCESS_CODE = "access_code";
202     private static final String PARAMETER_LAST_NAME = "last_name";
203     private static final String PARAMETER_FIRST_NAME = "first_name";
204     private static final String PARAMETER_EMAIL = "email";
205     private static final String PARAMETER_NOTIFY_USER = "notify_user";
206     private static final String PARAMETER_STATUS = "status";
207     private static final String PARAMETER_USER_ID = "id_user";
208     private static final String PARAMETER_ROLE = "roles";
209     private static final String PARAMETER_RIGHT = "right";
210     private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211     private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212     private static final String PARAMETER_LANGUAGE = "language";
213     private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214     private static final String PARAMETER_USER_LEVEL = "user_level";
215     private static final String PARAMETER_WORKGROUP = "workgroup";
216     private static final String PARAMETER_SELECT = "select";
217     private static final String PARAMETER_SELECT_ALL = "all";
218     private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219     private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220     private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221     private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222     private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223     private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224     private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225     private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226     private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227     private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228     private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229     private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230     private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231     private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232     private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233     private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234     private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235     private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236     private static final String PARAMETER_ATTRIBUTE = "attribute_";
237     private static final String PARAMETER_EMAIL_TYPE = "email_type";
238     private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239     private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242     private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243     private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246     private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247     private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248     private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249     private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250     private static final String PARAMETER_CANCEL = "cancel";
251     private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254     private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255     private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256     private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257     private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258     private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259     private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260     private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261     private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262     private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263     private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264     private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265     private static final String PARAMETER_RESET = "reset";
266 
267     // Jsp url
268     private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269     private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270     private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271     private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272     private static final String JSP_URL_MANAGE_USERS = "jsp/admin/user/ManageUsers.jsp";
273     private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
274     private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
275     private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
276     private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
277     private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
278     private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
279     private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
280     private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
281     private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
282     private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
283     private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
284 
285     // Markers
286     private static final String MARK_USER_LIST = "user_list";
287     private static final String MARK_IMPORT_USER_LIST = "import_user_list";
288     private static final String MARK_ACCESS_CODE = "access_code";
289     private static final String MARK_LAST_NAME = "last_name";
290     private static final String MARK_FIRST_NAME = "first_name";
291     private static final String MARK_EMAIL = "email";
292     private static final String MARK_IMPORT_USER = "import_user";
293     private static final String MARK_USER = "user";
294     private static final String MARK_LEVEL = "level";
295     private static final String MARK_USER_RIGHT_LIST = "user_right_list";
296     private static final String MARK_ALL_ROLE_LIST = "all_role_list";
297     private static final String MARK_USER_ROLE_LIST = "user_role_list";
298     private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
299     private static final String MARK_PAGINATOR = "paginator";
300     private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
301     private static final String MARK_LANGUAGES_LIST = "languages_list";
302     private static final String MARK_CURRENT_LANGUAGE = "current_language";
303     private static final String MARK_USER_CREATION_URL = "url_user_creation";
304     private static final String MARK_CAN_DELEGATE = "can_delegate";
305     private static final String MARK_CAN_MODIFY = "can_modify";
306     private static final String MARK_USER_LEVELS_LIST = "user_levels";
307     private static final String MARK_CURRENT_USER = "current_user";
308     private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
309     private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
310     private static final String MARK_SELECT_ALL = "select_all";
311     private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
312     private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
313     private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
314     private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
315     private static final String MARK_LOCALE = "locale";
316     private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
317     private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
318     private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
319     private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
320     private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
321     private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
322     private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
323     private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
324     private static final String MARK_EMAIL_SENDER = "email_sender";
325     private static final String MARK_EMAIL_SUBJECT = "email_subject";
326     private static final String MARK_EMAIL_BODY = "email_body";
327     private static final String MARK_EMAIL_LABEL = "emailLabel";
328     private static final String MARK_WEBAPP_URL = "webapp_url";
329     private static final String MARK_LIST_MESSAGES = "csv_messages";
330     private static final String MARK_CSV_SEPARATOR = "csv_separator";
331     private static final String MARK_CSV_ESCAPE = "csv_escape";
332     private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
333     private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
334     private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
335     private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
336     private static final String MARK_ADMIN_AVATAR = "adminAvatar";
337     private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
338     private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
339     private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
340 
341     private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
342     private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
343     private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
344     private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
345     private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
346     private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
347     private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
348     private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
349     private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
350     private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
351     private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
352     private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
353     private static final String CONSTANT_POINT = ".";
354     private static final String CONSTANT_QUOTE = "\"";
355     private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
356     private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
357     private static final String CONSTANT_XML_USERS = "users";
358     private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
359     private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
360     private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
361     private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
362     private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
363     private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
364     private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
365     private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
366     private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
367     private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
368     private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
369     private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
370     private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
371 
372     private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
373 
374     private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
375     private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
376     private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
377     private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
378     private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
379 
380     private transient ImportAdminUserService _importAdminUserService;
381     private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
382 
383     private int _nItemsPerPage;
384     private String _strCurrentPageIndex;
385     private ItemNavigator _itemNavigator;
386 
387     /**
388      * Build the User list
389      *
390      * @param request
391      *            Http Request
392      * @return the AppUser list
393      */
394     public String getManageAdminUsers( HttpServletRequest request )
395     {
396         setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
397 
398         // Reinit session
399         reinitItemNavigator( );
400 
401         String strCreateUrl;
402         AdminUser currentUser = getUser( );
403 
404         Map<String, Object> model = new HashMap<>( );
405 
406         // creation in no-module mode : no import
407         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
408         {
409             strCreateUrl = JSP_URL_CREATE_USER;
410         }
411         else
412         {
413             strCreateUrl = JSP_URL_IMPORT_USER;
414         }
415 
416         String strURL = getHomeUrl( request );
417         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
418 
419         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
420         listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
421 
422         List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
423         List<AdminUser> listDisplayUsers = new ArrayList<>( );
424 
425         for ( AdminUser user : availableUsers )
426         {
427             if ( isUserAuthorizedToModifyUser( currentUser, user ) )
428             {
429                 listDisplayUsers.add( user );
430             }
431         }
432 
433         // SORT
434         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
435         String strAscSort = null;
436 
437         if ( strSortedAttributeName != null )
438         {
439             strAscSort = request.getParameter( Parameters.SORTED_ASC );
440 
441             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
442 
443             Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
444         }
445 
446         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
447         int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
448         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
449 
450         if ( strSortedAttributeName != null )
451         {
452             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
453         }
454 
455         if ( strAscSort != null )
456         {
457             url.addParameter( Parameters.SORTED_ASC, strAscSort );
458         }
459 
460         // PAGINATOR
461         LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
462                 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
463 
464         // USER LEVEL
465         Collection<Level> filteredLevels = new ArrayList<>( );
466 
467         for ( Level level : LevelHome.getLevelsList( ) )
468         {
469             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
470             {
471                 filteredLevels.add( level );
472             }
473         }
474 
475         boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
476                 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
477         boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
478                 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
479 
480         model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
481         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
482         model.put( MARK_PAGINATOR, paginator );
483         model.put( MARK_USER_LIST, paginator.getPageItems( ) );
484         model.put( MARK_USER_CREATION_URL, strCreateUrl );
485         model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
486         model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
487         model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
488         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
489 
490         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
491 
492         return getAdminPage( template.getHtml( ) );
493     }
494 
495     /**
496      * Display the page for user import. This page is used in module mode to link a user to its code in the module (for later authentication) and to populate
497      * the creation form with the data the module is able to provide.
498      * 
499      * @param request
500      *            the http request
501      * @return the html code for the import page
502      */
503     public String getFindImportAdminUser( HttpServletRequest request )
504     {
505         setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
506 
507         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
508         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
509         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
510         String strEmail = request.getParameter( PARAMETER_EMAIL );
511 
512         Map<String, Object> model = new HashMap<>( );
513         Collection<?> allImportUsers = null;
514 
515         if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
516         {
517             allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
518         }
519 
520         model.put( MARK_IMPORT_USER_LIST, allImportUsers );
521         model.put( MARK_ACCESS_CODE, strAccessCode );
522         model.put( MARK_LAST_NAME, strLastName );
523         model.put( MARK_FIRST_NAME, strFirstName );
524         model.put( MARK_EMAIL, strEmail );
525 
526         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
527 
528         return getAdminPage( template.getHtml( ) );
529     }
530 
531     /**
532      * Performs checks on the selected user to import and redirects on the creation form. This page is used in module mode.
533      * 
534      * @param request
535      *            The HTTP Request
536      * @return The Jsp URL of the creation form if check ok, an error page url otherwise
537      */
538     public String doSelectImportUser( HttpServletRequest request )
539     {
540         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
541 
542         if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
543         {
544             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
545         }
546 
547         // check that access code is not in use
548         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
549         {
550             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
551         }
552 
553         return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
554     }
555 
556     /**
557      * Returns the data capture form of a new User
558      *
559      * @param request
560      *            The HTTP Request
561      * @return The HTML form
562      */
563     public String getCreateAdminUser( HttpServletRequest request )
564     {
565         setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
566 
567         HtmlTemplate template;
568         AdminUser currentUser = getUser( );
569         Collection<Level> filteredLevels = new ArrayList<>( );
570 
571         for ( Level level : LevelHome.getLevelsList( ) )
572         {
573             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
574             {
575                 filteredLevels.add( level );
576             }
577         }
578 
579         // Default user parameter values
580         String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
581         Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
582         int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
583         String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
584         int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
585 
586         // Specific attributes
587         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
588 
589         // creation in no-module mode : load empty form
590         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
591         {
592             Map<String, Object> model = new HashMap<>( );
593 
594             model.put( MARK_USER_LEVELS_LIST, filteredLevels );
595             model.put( MARK_CURRENT_USER, currentUser );
596             model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
597             model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
598             model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
599             model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
600             model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
601             model.put( MARK_ATTRIBUTES_LIST, listAttributes );
602             model.put( MARK_LOCALE, getLocale( ) );
603             model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
604             model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
605             model.put( MARK_RANDOM_PASSWORD_SIZE,
606                     AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
607             model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
608             model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
609 
610             template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
611         }
612         else
613         // creation in module mode : populate the form with the data from the user
614         // selected for import
615         {
616             // parameters retrieved from the "import" action (retrieves the data from the
617             // access code)
618             String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
619             AdminUser user = null;
620 
621             if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
622             {
623                 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
624             }
625 
626             Map<String, Object> model = new HashMap<>( );
627 
628             if ( user != null )
629             {
630                 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
631                 model.put( MARK_CURRENT_USER, currentUser );
632                 model.put( MARK_IMPORT_USER, user );
633                 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
634                 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
635                 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
636                 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
637                 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
638                 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
639                 model.put( MARK_LOCALE, getLocale( ) );
640                 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
641                 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
642                 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
643             }
644 
645             template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
646         }
647 
648         return getAdminPage( template.getHtml( ) );
649     }
650 
651     /**
652      * Process the data capture form of a new appUser
653      *
654      * @param request
655      *            The HTTP Request
656      * @return The Jsp URL of the process result
657      * @throws AccessDeniedException
658      *             If the security token is invalid
659      */
660     public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
661     {
662         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
663         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
664         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
665         String strEmail = request.getParameter( PARAMETER_EMAIL );
666         String strStatus = request.getParameter( PARAMETER_STATUS );
667         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
668         String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
669         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
670         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
671 
672         String message = checkParameters( request, JSP_URL_CREATE_USER );
673 
674         if ( message != null )
675         {
676             return message;
677         }
678 
679         // check again that access code is not in use
680         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
681         {
682             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
683         }
684 
685         // check again that email is not in use
686         if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
687         {
688             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
689         }
690 
691         // defines the new created user level
692         int nNewUserLevel = Integer.parseInt( strUserLevel );
693 
694         // check if the user is still an admin
695         if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
696         {
697             return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
698         }
699 
700         // creation in no-module mode : we manage the password
701         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
702         {
703             LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
704             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
705             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
706 
707             if ( StringUtils.isEmpty( strFirstPassword ) )
708             {
709                 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
710             }
711 
712             if ( !strFirstPassword.equals( strSecondPassword ) )
713             {
714                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
715             }
716 
717             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
718 
719             if ( StringUtils.isNotEmpty( strUrl ) )
720             {
721                 return strUrl;
722             }
723 
724             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
725 
726             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
727             user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
728 
729             user.setAccessCode( strAccessCode );
730             user.setLastName( strLastName );
731             user.setFirstName( strFirstName );
732             user.setEmail( strEmail );
733             user.setStatus( Integer.parseInt( strStatus ) );
734             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
735 
736             user.setUserLevel( nNewUserLevel );
737             user.setPasswordReset( Boolean.TRUE );
738             user.setAccessibilityMode( strAccessibilityMode != null );
739             user.setWorkgroupKey( strWorkgroupKey );
740 
741             AdminUserHome.create( user );
742             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
743 
744             if ( CONSTANTE_UN.equals( strNotifyUser ) )
745             {
746                 // Notify user for the creation of this account
747                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
748                         TEMPLATE_NOTIFY_USER );
749             }
750 
751             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
752                     CONSTANT_BO );
753         }
754         else
755         {
756             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
757             user.setAccessCode( strAccessCode );
758             user.setLastName( strLastName );
759             user.setFirstName( strFirstName );
760             user.setEmail( strEmail );
761             user.setStatus( Integer.parseInt( strStatus ) );
762             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
763 
764             user.setUserLevel( nNewUserLevel );
765             user.setAccessibilityMode( strAccessibilityMode != null );
766             user.setWorkgroupKey( strWorkgroupKey );
767 
768             AdminUserHome.create( user );
769             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
770 
771             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
772                     CONSTANT_BO );
773         }
774 
775         return JSP_MANAGE_USER;
776     }
777 
778     private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
779     {
780         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
781         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
782         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
783         String strEmail = request.getParameter( PARAMETER_EMAIL );
784 
785         if ( StringUtils.isEmpty( strAccessCode ) )
786         {
787             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
788         }
789 
790         if ( StringUtils.isEmpty( strLastName ) )
791         {
792             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
793         }
794 
795         if ( StringUtils.isEmpty( strFirstName ) )
796         {
797             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
798         }
799 
800         if ( StringUtils.isBlank( strEmail ) )
801         {
802             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
803         }
804 
805         if ( !AdminUserService.checkEmail( strEmail ) )
806         {
807             return AdminUserService.getEmailErrorMessageUrl( request );
808         }
809 
810         String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
811 
812         if ( strError != null )
813         {
814             return strError;
815         }
816 
817         if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
818         {
819             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
820         }
821 
822         return null;
823     }
824 
825     /**
826      * Returns the form to update info about a AppUser
827      *
828      * @param request
829      *            The Http request
830      * @return The HTML form to update info
831      * @throws AccessDeniedException
832      *             If the current user is not authorized to modify the user
833      */
834     public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
835     {
836         setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
837 
838         String strUserId = request.getParameter( PARAMETER_USER_ID );
839 
840         int nUserId = Integer.parseInt( strUserId );
841 
842         Map<String, Object> model = new HashMap<>( );
843         HtmlTemplate template;
844 
845         AdminUser user;
846         String strTemplateUrl;
847 
848         // creation in no-module mode : load form with password modification field and
849         // login modification field
850         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
851         {
852             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
853             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
854         }
855         else
856         {
857             user = AdminUserHome.findByPrimaryKey( nUserId );
858             strTemplateUrl = TEMPLATE_MODIFY_USER;
859         }
860 
861         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
862         {
863             return getManageAdminUsers( request );
864         }
865 
866         AdminUser currentUser = AdminUserService.getAdminUser( request );
867 
868         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
869         {
870             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
871         }
872 
873         Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
874         ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
875 
876         if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
877         {
878             for ( Level levelItem : LevelHome.getLevelsList( ) )
879             {
880                 filteredLevels.add( levelItem.getReferenceItem( ) );
881             }
882             ;
883             filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
884         }
885 
886         // ITEM NAVIGATION
887         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
888 
889         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
890         Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
891 
892         model.put( MARK_USER, user );
893         model.put( MARK_LEVEL, level );
894         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
895         model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
896         model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
897         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
898         model.put( MARK_ATTRIBUTES_LIST, listAttributes );
899         model.put( MARK_LOCALE, getLocale( ) );
900         model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
901         model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
902         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
903 
904         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
905 
906         return getAdminPage( template.getHtml( ) );
907     }
908 
909     /**
910      * Process the change form of an appUser
911      *
912      * @param request
913      *            The Http request
914      * @return The Jsp URL of the process result
915      * @throws AccessDeniedException
916      *             If the current user is not authorized to modify the user
917      */
918     public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
919     {
920         String strUserId = request.getParameter( PARAMETER_USER_ID );
921         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
922         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
923         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
924         String strEmail = request.getParameter( PARAMETER_EMAIL );
925         String strStatus = request.getParameter( PARAMETER_STATUS );
926         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
927         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
928         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
929         int nUserId = Integer.parseInt( strUserId );
930 
931         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
932         AdminUser currentUser = AdminUserService.getAdminUser( request );
933 
934         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
935         {
936             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
937         }
938 
939         // Check if the current user is trying to modify another user's right level.
940         // If that's the case, then make sure they have the required authorization to do it
941         if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
942         {
943             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
944         }
945 
946         String message = checkParameters( request, JSP_URL_MODIFY_USER );
947 
948         if ( message != null )
949         {
950             return message;
951         }
952 
953         int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
954 
955         // check again that access code is not in use
956         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
957         {
958             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
959         }
960 
961         checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
962 
963         // check again that email is not in use
964         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
965         {
966             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
967         }
968 
969         // modification in no-module mode : we manage the password
970         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
971         {
972             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
973 
974             user.setUserId( nUserId );
975             user.setAccessCode( strAccessCode );
976             user.setLastName( strLastName );
977             user.setFirstName( strFirstName );
978             user.setEmail( strEmail );
979             user.setWorkgroupKey( strWorkgroupKey );
980             user.setUserLevel( Integer.parseInt( strUserLevel ) );
981 
982             int nStatus = Integer.parseInt( strStatus );
983 
984             if ( nStatus != user.getStatus( ) )
985             {
986                 user.setStatus( nStatus );
987                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
988                         TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
989             }
990 
991             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
992             user.setAccessibilityMode( strAccessibilityMode != null );
993 
994             AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
995 
996             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
997 
998             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
999                     CONSTANT_BO );
1000         }
1001         else
1002         {
1003             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1004             user.setUserId( nUserId );
1005             user.setAccessCode( strAccessCode );
1006             user.setLastName( strLastName );
1007             user.setFirstName( strFirstName );
1008             user.setEmail( strEmail );
1009             user.setStatus( Integer.parseInt( strStatus ) );
1010             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1011             user.setAccessibilityMode( strAccessibilityMode != null );
1012             user.setWorkgroupKey( strWorkgroupKey );
1013             user.setUserLevel( Integer.parseInt( strUserLevel ) );
1014 
1015             String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1016 
1017             if ( strError != null )
1018             {
1019                 return strError;
1020             }
1021 
1022             AdminUserHome.update( user );
1023 
1024             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1025 
1026             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1027                     CONSTANT_BO );
1028         }
1029 
1030         return JSP_MANAGE_USER;
1031     }
1032 
1033     /**
1034      * Returns the form to update password of AppUser
1035      *
1036      * @param request
1037      *            The Http request
1038      * @return The HTML form to update info
1039      * @throws AccessDeniedException
1040      *             If the current user is not authorized to modify the user
1041      */
1042     public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1043     {
1044         setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1045 
1046         String strUserId = request.getParameter( PARAMETER_USER_ID );
1047 
1048         int nUserId = Integer.parseInt( strUserId );
1049 
1050         Map<String, Object> model = new HashMap<>( );
1051         HtmlTemplate template;
1052 
1053         AdminUser user = null;
1054         String strTemplateUrl = "";
1055 
1056         // creation in no-module mode : load form with password modification field and
1057         // login modification field
1058         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1059         {
1060             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1061             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1062         }
1063         else
1064         {
1065             throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1066         }
1067 
1068         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1069         {
1070             throw new AppException( "User to modify password for not found" );
1071         }
1072 
1073         AdminUser currentUser = AdminUserService.getAdminUser( request );
1074 
1075         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1076         {
1077             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1078         }
1079 
1080         // ITEM NAVIGATION
1081         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1082 
1083         model.put( MARK_USER, user );
1084         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1085         model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1086         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1087 
1088         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1089 
1090         return getAdminPage( template.getHtml( ) );
1091     }
1092 
1093     /**
1094      * Process the change form of an appUser password
1095      *
1096      * @param request
1097      *            The Http request
1098      * @return The Jsp URL of the process result
1099      * @throws AccessDeniedException
1100      *             If the current user is not authorized to modify the user
1101      */
1102     public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1103     {
1104         if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1105         {
1106             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1107         }
1108         String strUserId = request.getParameter( PARAMETER_USER_ID );
1109 
1110         int nUserId = Integer.parseInt( strUserId );
1111 
1112         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1113 
1114         if ( userToModify == null )
1115         {
1116             throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1117         }
1118 
1119         AdminUser currentUser = AdminUserService.getAdminUser( request );
1120 
1121         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1122         {
1123             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1124         }
1125 
1126         // modification in no-module mode : we manage the password
1127         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1128         {
1129             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1130 
1131             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1132             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1133 
1134             if ( StringUtils.isEmpty( strFirstPassword ) )
1135             {
1136                 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1137                         I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1138                 }, AdminMessage.TYPE_STOP );
1139             }
1140 
1141             if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1142             {
1143                 // First and second password are filled but there are different
1144                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1145             }
1146 
1147             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1148 
1149             if ( StringUtils.isNotEmpty( strUrl ) )
1150             {
1151                 return strUrl;
1152             }
1153 
1154             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1155             user.setPasswordReset( Boolean.FALSE );
1156             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1157 
1158             AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1159 
1160             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1161                     user.getAccessCode( ), CONSTANT_BO );
1162         }
1163 
1164         return JSP_MANAGE_USER;
1165     }
1166 
1167     /**
1168      * Get a page to import users from a CSV file.
1169      * 
1170      * @param request
1171      *            The request
1172      * @return The HTML content
1173      */
1174     public String getImportUsersFromFile( HttpServletRequest request )
1175     {
1176         _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1177         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1178                 getUser( ) ) )
1179         {
1180             return getManageAdminUsers( request );
1181         }
1182 
1183         setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1184 
1185         Map<String, Object> model = new HashMap<>( );
1186 
1187         model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1188 
1189         String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1190         String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1191         String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1192         model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1193         model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1194         model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1195         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1196 
1197         String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1198         HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1199 
1200         return getAdminPage( template.getHtml( ) );
1201     }
1202 
1203     /**
1204      * Do import users from a CSV file
1205      * 
1206      * @param request
1207      *            The request
1208      * @return A DefaultPluginActionResult with the URL of the page to display, or the HTML content
1209      * @throws AccessDeniedException
1210      *             if the security token is invalid
1211      */
1212     public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1213     {
1214         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1215 
1216         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1217                 getUser( ) ) )
1218         {
1219             result.setHtmlContent( getManageAdminUsers( request ) );
1220 
1221             return result;
1222         }
1223 
1224         if ( request instanceof MultipartHttpServletRequest )
1225         {
1226             MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1227             FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1228             String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1229 
1230             if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1231             {
1232                 Object [ ] tabRequiredFields = {
1233                         I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1234                 };
1235                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1236 
1237                 return result;
1238             }
1239 
1240             if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1241                     && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1242                     || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1243             {
1244                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1245 
1246                 return result;
1247             }
1248             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1249             {
1250                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1251             }
1252 
1253             String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1254             boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1255             String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1256             boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1257 
1258             _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1259 
1260             List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1261                     AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1262 
1263             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1264                     CONSTANT_BO );
1265 
1266             request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1267 
1268             String strHtmlResult = getImportUsersFromFile( request );
1269             result.setHtmlContent( strHtmlResult );
1270         }
1271         else
1272         {
1273             Object [ ] tabRequiredFields = {
1274                     I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1275             };
1276             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1277         }
1278 
1279         return result;
1280     }
1281 
1282     /**
1283      * Get a page to export users
1284      * 
1285      * @param request
1286      *            The request
1287      * @return The html content
1288      */
1289     public String getExportUsers( HttpServletRequest request )
1290     {
1291         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1292                 getUser( ) ) )
1293         {
1294             return getManageAdminUsers( request );
1295         }
1296 
1297         setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1298 
1299         Map<String, Object> model = new HashMap<>( );
1300 
1301         ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1302 
1303         model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1304 
1305         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1306 
1307         return getAdminPage( template.getHtml( ) );
1308     }
1309 
1310     /**
1311      * Do export users
1312      * 
1313      * @param request
1314      *            The request
1315      * @param response
1316      *            The response
1317      * @return A DefaultPluginActionResult containing the result, or null if the file download has been initialized
1318      * @throws IOException
1319      *             If an IOException occurs
1320      */
1321     public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1322     {
1323         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1324 
1325         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1326                 getUser( ) ) )
1327         {
1328             result.setHtmlContent( getManageAdminUsers( request ) );
1329 
1330             return result;
1331         }
1332 
1333         String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1334         String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1335         String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1336         String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1337         String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1338         boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1339         boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1340         boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1341         boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1342 
1343         if ( StringUtils.isBlank( strXslExportId ) )
1344         {
1345             Object [ ] tabRequiredFields = {
1346                     I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1347             };
1348             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1349 
1350             return result;
1351         }
1352 
1353         int nIdXslExport = Integer.parseInt( strXslExportId );
1354 
1355         XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1356 
1357         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1358 
1359         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1360         List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1361 
1362         for ( IAttribute attribute : listAttributes )
1363         {
1364             if ( attribute instanceof ISimpleValuesAttributes )
1365             {
1366                 listAttributesFiltered.add( attribute );
1367             }
1368         }
1369 
1370         StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1371         XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1372 
1373         for ( AdminUser user : listUsers )
1374         {
1375             if ( !user.isStatusAnonymized( ) )
1376             {
1377                 sbXml.append(
1378                         AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1379             }
1380         }
1381 
1382         XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1383 
1384         String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1385         String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1386 
1387         if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1388         {
1389             response.setContentType( CONSTANT_MIME_TYPE_CSV );
1390         }
1391         else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1392         {
1393             response.setContentType( CONSTANT_MIME_TYPE_XML );
1394         }
1395         else
1396         {
1397             response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1398         }
1399 
1400         String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1401         response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1402 
1403         PrintWriter out = response.getWriter( );
1404         out.write( strExportedUsers );
1405         out.flush( );
1406         out.close( );
1407 
1408         return null;
1409     }
1410 
1411     /**
1412      * Returns the page of confirmation for deleting a provider
1413      *
1414      * @param request
1415      *            The Http Request
1416      * @return the confirmation url
1417      * @throws AccessDeniedException
1418      *             When not authorized
1419      */
1420     public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1421     {
1422         String strUserId = request.getParameter( PARAMETER_USER_ID );
1423         int nUserId = Integer.parseInt( strUserId );
1424         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1425 
1426         if ( user == null )
1427         {
1428             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1429         }
1430 
1431         AdminUser currentUser = AdminUserService.getAdminUser( request );
1432 
1433         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1434         {
1435             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1436         }
1437 
1438         String strUrlRemove = JSP_URL_REMOVE_USER;
1439         Map<String, Object> parameters = new HashMap<>( );
1440         parameters.put( PARAMETER_USER_ID, strUserId );
1441         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1442 
1443         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1444                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1445         }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
1446     }
1447 
1448     /**
1449      * Process to the confirmation of deleting of an AppUser
1450      *
1451      * @param request
1452      *            The Http Request
1453      * @return the HTML page
1454      * @throws AccessDeniedException
1455      *             If the user is not authorized
1456      */
1457     public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1458     {
1459         String strUserId = request.getParameter( PARAMETER_USER_ID );
1460         int nUserId = Integer.parseInt( strUserId );
1461         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1462 
1463         if ( user == null )
1464         {
1465             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1466         }
1467         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1468         {
1469             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1470         }
1471 
1472         AdminUser currentUser = AdminUserService.getAdminUser( request );
1473 
1474         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1475         {
1476             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1477         }
1478 
1479         String strRemovedUserAccessCode = user.getAccessCode( );
1480 
1481         AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1482         AdminUserHome.removeAllRightsForUser( nUserId );
1483         AdminUserHome.removeAllRolesForUser( nUserId );
1484         AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1485         AdminUserHome.remove( nUserId );
1486 
1487         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1488                 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1489 
1490         return JSP_MANAGE_USER;
1491     }
1492 
1493     /**
1494      * Build the User right list
1495      *
1496      * @param request
1497      *            Http Request
1498      * @return the right list
1499      * @throws AccessDeniedException
1500      *             If the user is not authorized
1501      */
1502     public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1503     {
1504         setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1505 
1506         String strUserId = request.getParameter( PARAMETER_USER_ID );
1507         int nUserId = Integer.parseInt( strUserId );
1508 
1509         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1510 
1511         AdminUser currentUser = AdminUserService.getAdminUser( request );
1512 
1513         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1514         {
1515             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1516         }
1517 
1518         Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1519 
1520         // ITEM NAVIGATION
1521         setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1522 
1523         HashMap<String, Object> model = new HashMap<>( );
1524         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1525         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1526         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1527         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1528         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1529 
1530         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1531 
1532         return getAdminPage( template.getHtml( ) );
1533     }
1534 
1535     /**
1536      * Build the User workgroup list
1537      *
1538      * @param request
1539      *            Http Request
1540      * @return the right list
1541      * @throws AccessDeniedException
1542      *             If the user is not authorized
1543      */
1544     public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1545     {
1546         setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1547 
1548         String strUserId = request.getParameter( PARAMETER_USER_ID );
1549         int nUserId = Integer.parseInt( strUserId );
1550 
1551         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1552         AdminUser currentUser = AdminUserService.getAdminUser( request );
1553 
1554         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1555         {
1556             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1557         }
1558 
1559         ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1560 
1561         // ITEM NAVIGATION
1562         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1563 
1564         Map<String, Object> model = new HashMap<>( );
1565         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1566         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1567         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1568         model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1569         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1570 
1571         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1572 
1573         return getAdminPage( template.getHtml( ) );
1574     }
1575 
1576     /**
1577      * Build the assignable workgroups list
1578      *
1579      * @param request
1580      *            Http Request
1581      * @return the right list
1582      * @throws AccessDeniedException
1583      *             If the user is not authorized
1584      */
1585     public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1586     {
1587         boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1588 
1589         setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1590 
1591         String strUserId = request.getParameter( PARAMETER_USER_ID );
1592         int nUserId = Integer.parseInt( strUserId );
1593 
1594         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1595         AdminUser currentUser = getUser( );
1596 
1597         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1598         {
1599             return getManageAdminUsers( request );
1600         }
1601 
1602         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1603         {
1604             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1605         }
1606 
1607         ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1608         ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1609 
1610         ArrayList<String> checkedValues = new ArrayList<>( );
1611 
1612         for ( ReferenceItem item : userWorkspaces )
1613         {
1614             checkedValues.add( item.getCode( ) );
1615         }
1616 
1617         assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1618 
1619         // ITEM NAVIGATION
1620         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1621 
1622         Map<String, Object> model = new HashMap<>( );
1623         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1624         model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1625         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1626         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1627         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1628         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1629 
1630         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1631 
1632         return getAdminPage( template.getHtml( ) );
1633     }
1634 
1635     /**
1636      * Build the right list
1637      *
1638      * @param request
1639      *            Http Request
1640      * @return the right list
1641      * @throws AccessDeniedException
1642      *             If the user is not authorized
1643      */
1644     public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1645     {
1646         boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1647 
1648         String strSelectAll = request.getParameter( PARAMETER_SELECT );
1649         boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1650 
1651         setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1652 
1653         String strUserId = request.getParameter( PARAMETER_USER_ID );
1654         int nUserId = Integer.parseInt( strUserId );
1655 
1656         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1657         AdminUser currentUser = getUser( );
1658 
1659         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1660         {
1661             return getManageAdminUsers( request );
1662         }
1663 
1664         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1665         {
1666             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1667         }
1668 
1669         Collection<Right> rightList;
1670         Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1671 
1672         if ( bDelegateRights )
1673         {
1674             Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1675             rightList = new ArrayList<>( );
1676 
1677             for ( Right right : rights.values( ) )
1678             {
1679                 // logged user can only delegate rights with level higher or equal to user
1680                 // level.
1681                 if ( right.getLevel( ) >= user.getUserLevel( ) )
1682                 {
1683                     rightList.add( right );
1684                 }
1685             }
1686         }
1687         else
1688         {
1689             rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1690         }
1691 
1692         // ITEM NAVIGATION
1693         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1694 
1695         Map<String, Object> model = new HashMap<>( );
1696         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1697         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1698         model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1699         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1700         model.put( MARK_SELECT_ALL, bSelectAll );
1701         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1702         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1703         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1704 
1705         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1706 
1707         return getAdminPage( template.getHtml( ) );
1708     }
1709 
1710     /**
1711      * Process the change form of an appUser rights
1712      *
1713      * @param request
1714      *            The Http request
1715      * @return The Jsp URL of the process result
1716      * @throws AccessDeniedException
1717      *             If the user is not authorized
1718      */
1719     public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1720     {
1721         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1722         {
1723             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1724         }
1725         String strUserId = request.getParameter( PARAMETER_USER_ID );
1726         int nUserId = Integer.parseInt( strUserId );
1727 
1728         String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1729 
1730         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1731         AdminUser currentUser = AdminUserService.getAdminUser( request );
1732 
1733         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1734         {
1735             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1736         }
1737 
1738         AdminUserHome.removeAllOwnRightsForUser( user );
1739 
1740         if ( arrayRights != null )
1741         {
1742             for ( String strRight : arrayRights )
1743             {
1744                 AdminUserHome.createRightForUser( nUserId, strRight );
1745             }
1746         }
1747 
1748         HashMap<String, String [ ]> mapData = new HashMap<>( );
1749         mapData.put( user.getAccessCode( ), arrayRights );
1750         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1751 
1752         if ( user.getUserId( ) == currentUser.getUserId( ) )
1753         {
1754             try
1755             {
1756                 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1757             }
1758             catch( AccessDeniedException | UserNotSignedException e )
1759             {
1760                 AppLogService.error( e.getMessage( ), e );
1761             }
1762         }
1763 
1764         return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1765     }
1766 
1767     /**
1768      * Build the User role list
1769      *
1770      * @param request
1771      *            Http Request
1772      * @return the right list
1773      * @throws AccessDeniedException
1774      *             If the user is not authorized
1775      */
1776     public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1777     {
1778         setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1779 
1780         String strUserId = request.getParameter( PARAMETER_USER_ID );
1781         int nUserId = Integer.parseInt( strUserId );
1782         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1783         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1784 
1785         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1786         {
1787             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1788         }
1789 
1790         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1791 
1792         // ITEM NAVIGATION
1793         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1794 
1795         Map<String, Object> model = new HashMap<>( );
1796         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1797         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1798         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1799         model.put( MARK_USER_ROLE_LIST, roleList );
1800         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1801 
1802         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1803 
1804         return getAdminPage( template.getHtml( ) );
1805     }
1806 
1807     /**
1808      * Build the role list
1809      *
1810      * @param request
1811      *            Http Request
1812      * @return the right list
1813      * @throws AccessDeniedException
1814      *             IF the user is not authorized
1815      */
1816     public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1817     {
1818         boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1819         setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1820 
1821         String strUserId = request.getParameter( PARAMETER_USER_ID );
1822         int nUserId = Integer.parseInt( strUserId );
1823 
1824         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1825         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1826 
1827         if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1828         {
1829             return getManageAdminUsers( request );
1830         }
1831 
1832         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1833         {
1834             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1835         }
1836 
1837         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1838         Collection<RBACRole> assignableRoleList;
1839 
1840         if ( bDelegateRoles )
1841         {
1842             // assign connected user roles
1843             assignableRoleList = new ArrayList<>( );
1844 
1845             AdminUser currentUser = getUser( );
1846 
1847             for ( RBACRole role : RBACRoleHome.findAll( ) )
1848             {
1849                 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1850                 {
1851                     assignableRoleList.add( role );
1852                 }
1853             }
1854         }
1855         else
1856         {
1857             // assign all available roles
1858             assignableRoleList = RBACRoleHome.findAll( );
1859         }
1860 
1861         // ITEM NAVIGATION
1862         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1863 
1864         Map<String, Object> model = new HashMap<>( );
1865         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1866         model.put( MARK_USER_ROLE_LIST, roleList );
1867         model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1868         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1869         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1870         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1871 
1872         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1873 
1874         return getAdminPage( template.getHtml( ) );
1875     }
1876 
1877     /**
1878      * Process the change form of an appUser roles
1879      *
1880      * @param request
1881      *            The Http request
1882      * @return The Jsp URL of the process result
1883      * @throws AccessDeniedException
1884      *             IF the user is not authorized
1885      */
1886     public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1887     {
1888         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1889         {
1890             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1891         }
1892         String strUserId = request.getParameter( PARAMETER_USER_ID );
1893         int nUserId = Integer.parseInt( strUserId );
1894         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1895         AdminUser currentUser = AdminUserService.getAdminUser( request );
1896 
1897         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1898         {
1899             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1900         }
1901 
1902         String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1903 
1904         AdminUserHome.removeAllRolesForUser( nUserId );
1905 
1906         if ( arrayRoles != null )
1907         {
1908             for ( String strRole : arrayRoles )
1909             {
1910                 AdminUserHome.createRoleForUser( nUserId, strRole );
1911             }
1912         }
1913 
1914         HashMap<String, String [ ]> mapData = new HashMap<>( );
1915         mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1916         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1917 
1918         return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1919     }
1920 
1921     /**
1922      * Process the change form of an appUser workspaces
1923      *
1924      * @param request
1925      *            The Http request
1926      * @return The Jsp URL of the process result
1927      * @throws AccessDeniedException
1928      *             If the user is not authorized
1929      */
1930     public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1931     {
1932         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1933         {
1934             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1935         }
1936         String strUserId = request.getParameter( PARAMETER_USER_ID );
1937         int nUserId = Integer.parseInt( strUserId );
1938         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1939         AdminUser currentUser = getUser( );
1940 
1941         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1942         {
1943             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1944         }
1945 
1946         String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1947         ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1948 
1949         for ( ReferenceItem item : assignableWorkgroups )
1950         {
1951             AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1952         }
1953 
1954         if ( arrayWorkspaces != null )
1955         {
1956             for ( String strWorkgroupKey : arrayWorkspaces )
1957             {
1958                 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1959             }
1960         }
1961 
1962         HashMap<String, String [ ]> mapData = new HashMap<>( );
1963         mapData.put( user.getAccessCode( ), arrayWorkspaces );
1964         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1965 
1966         return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1967     }
1968 
1969     /**
1970      * Tell if 2 users have groups in common
1971      * 
1972      * @param user1
1973      *            User1
1974      * @param user2
1975      *            User2
1976      * @return true or false
1977      */
1978     private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1979     {
1980         ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1981 
1982         if ( workgroups.isEmpty( ) )
1983         {
1984             return true;
1985         }
1986 
1987         for ( ReferenceItem item : workgroups )
1988         {
1989             if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1990             {
1991                 return true;
1992             }
1993         }
1994 
1995         return false;
1996     }
1997 
1998     /**
1999      * Modify the default user parameter values.
2000      * 
2001      * @param request
2002      *            HttpServletRequest
2003      * @return The Jsp URL of the process result
2004      * @throws AccessDeniedException
2005      *             If the user does not have the permission
2006      */
2007     public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2008     {
2009         if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2010         {
2011             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2012         }
2013         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2014                 getUser( ) ) )
2015         {
2016             throw new AccessDeniedException(
2017                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2018         }
2019 
2020         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2021         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2022         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2023         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2024 
2025         Map logParametersMap = new HashMap( );
2026         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2027         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2028         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2029         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2030         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2031                 CONSTANT_BO );
2032 
2033         return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2034     }
2035 
2036     /**
2037      * Modify the default user parameter security values.
2038      * 
2039      * @param request
2040      *            HttpServletRequest
2041      * @return The Jsp URL of the process result
2042      * @throws AccessDeniedException
2043      *             If the user does not have the permission
2044      */
2045     public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2046     {
2047         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2048         {
2049             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2050         }
2051         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2052                 getUser( ) ) )
2053         {
2054             throw new AccessDeniedException(
2055                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2056         }
2057 
2058         Map logParametersMap = new HashMap( );
2059 
2060         String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2061         strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2062 
2063         DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2064         logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2065 
2066         // Parameter password length
2067         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2068         logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2069 
2070         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2071         logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2072         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2073                 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2074         logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2075 
2076         boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2077 
2078         if ( bUseAdvancedSecurityParameter )
2079         {
2080             // Parameter format
2081             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2082                     request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2083             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2084             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2085             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2086             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2087                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2088             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2089                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2090 
2091             // Parameter password duration
2092             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2093             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2094 
2095             // Password history size
2096             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2097             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2098 
2099             // maximum number of password change
2100             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2101                     request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2102             logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2103 
2104             // maximum number of password change
2105             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2106                     request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2107             logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2108 
2109             // Notify user when his password expires
2110             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2111                     request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2112             logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2113         }
2114 
2115         // Time of life of accounts
2116         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2117         logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2118 
2119         // Time before the first alert when an account will expire
2120         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2121                 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2122         logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2123 
2124         // Number of alerts sent to a user when his account will expire
2125         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2126         logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2127 
2128         // Time between alerts
2129         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2130                 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2131         logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2132 
2133         // Max access failure
2134         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2135         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2136 
2137         // Access failure interval
2138         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2139         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2140 
2141         // Banned domain names
2142         AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2143         logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2144 
2145         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2146                 CONSTANT_BO );
2147 
2148         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2149     }
2150 
2151     /**
2152      * Modify the email pattern
2153      * 
2154      * @param request
2155      *            HttpServletRequest
2156      * @return The Jsp URL of the process result
2157      * @throws AccessDeniedException
2158      *             If the user does not have the permission
2159      */
2160     public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2161     {
2162         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2163                 getUser( ) ) )
2164         {
2165             throw new AccessDeniedException(
2166                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2167         }
2168         if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2169         {
2170             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2171             {
2172                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2173             }
2174             return doResetEmailPattern( request );
2175         }
2176         String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2177         String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2178 
2179         if ( StringUtils.isNotBlank( strEmailPattern ) )
2180         {
2181             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2182             {
2183                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2184             }
2185             AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2186             return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2187         }
2188         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2189     }
2190 
2191     /**
2192      * Reset the email pattern
2193      * 
2194      * @return the jsp return
2195      */
2196     private String doResetEmailPattern( HttpServletRequest request )
2197     {
2198         AdminUserService.doResetEmailPattern( );
2199 
2200         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2201     }
2202 
2203     /**
2204      * Do insert a regular expression
2205      * 
2206      * @param request
2207      *            {@link HttpServletRequest}
2208      * @return the jsp return
2209      * @throws AccessDeniedException
2210      *             access denied if the AdminUser does not have the permission
2211      */
2212     public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2213     {
2214         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2215         {
2216             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2217         }
2218         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2219                 getUser( ) ) )
2220         {
2221             throw new AccessDeniedException(
2222                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2223         }
2224 
2225         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2226 
2227         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2228         {
2229             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2230             AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2231         }
2232 
2233         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2234     }
2235 
2236     /**
2237      * Do remove a regular expression
2238      * 
2239      * @param request
2240      *            {@link HttpServletRequest}
2241      * @return the jsp return
2242      * @throws AccessDeniedException
2243      *             access denied if the AdminUser does not have the permission
2244      */
2245     public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2246     {
2247         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2248         {
2249             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2250         }
2251         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2252                 getUser( ) ) )
2253         {
2254             throw new AccessDeniedException(
2255                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2256         }
2257 
2258         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2259 
2260         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2261         {
2262             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2263             AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2264         }
2265 
2266         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2267     }
2268 
2269     /**
2270      * Get the admin message to confirm the enabling or the disabling of the advanced security parameters
2271      * 
2272      * @param request
2273      *            The request
2274      * @return The url of the admin message
2275      */
2276     public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2277     {
2278         Map<String, Object> parameters = new HashMap<>( 1 );
2279         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2280 
2281         if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2282         {
2283             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2284                     AdminMessage.TYPE_CONFIRMATION, parameters );
2285         }
2286 
2287         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2288                 parameters );
2289     }
2290 
2291     /**
2292      * Enable advanced security parameters
2293      * 
2294      * @param request
2295      *            The request
2296      * @return The Jsp URL of the process result
2297      * @throws AccessDeniedException
2298      *             if the security token is invalid
2299      */
2300     public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2301     {
2302         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2303         {
2304             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2305         }
2306         AdminUserService.useAdvancedSecurityParameters( );
2307 
2308         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2309                 CONSTANT_BO );
2310 
2311         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2312     }
2313 
2314     /**
2315      * Disable advanced security parameters
2316      * 
2317      * @param request
2318      *            The request
2319      * @return The Jsp URL of the process result
2320      * @throws AccessDeniedException
2321      *             if the security token is invalid
2322      */
2323     public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2324     {
2325         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2326         {
2327             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2328         }
2329         AdminUserService.removeAdvancedSecurityParameters( );
2330 
2331         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2332                 CONSTANT_BO );
2333 
2334         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2335     }
2336 
2337     /**
2338      * Get the page with the list of every anonymizable attribute
2339      * 
2340      * @param request
2341      *            The request
2342      * @return The admin page
2343      */
2344     public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2345     {
2346         Map<String, Object> model = new HashMap<>( );
2347 
2348         List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2349         List<IAttribute> listAttributesText = new ArrayList<>( );
2350 
2351         for ( IAttribute attribut : listAllAttributes )
2352         {
2353             if ( attribut.isAnonymizable( ) )
2354             {
2355                 listAttributesText.add( attribut );
2356             }
2357         }
2358 
2359         model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2360 
2361         model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2362         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2363 
2364         setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2365 
2366         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2367 
2368         return getAdminPage( template.getHtml( ) );
2369     }
2370 
2371     /**
2372      * Change the anonymization status of user parameters.
2373      * 
2374      * @param request
2375      *            The request
2376      * @return the Jsp URL of the process result
2377      * @throws AccessDeniedException
2378      *             If the security token is invalid
2379      */
2380     public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2381     {
2382         if ( request.getParameter( PARAMETER_CANCEL ) != null )
2383         {
2384             return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2385         }
2386         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2387         {
2388             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2389         }
2390 
2391         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2392         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2393         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2394         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2395 
2396         AttributeService attributeService = AttributeService.getInstance( );
2397 
2398         List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2399         List<IAttribute> listAttributesText = new ArrayList<>( );
2400 
2401         for ( IAttribute attribut : listAllAttributes )
2402         {
2403             if ( attribut.isAnonymizable( ) )
2404             {
2405                 listAttributesText.add( attribut );
2406             }
2407         }
2408 
2409         for ( IAttribute attribute : listAttributesText )
2410         {
2411             Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2412             attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2413         }
2414 
2415         return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2416     }
2417 
2418     /**
2419      * Get the confirmation page before anonymizing a user.
2420      * 
2421      * @param request
2422      *            The request
2423      * @return The URL of the confirmation page
2424      */
2425     public String getAnonymizeAdminUser( HttpServletRequest request )
2426     {
2427         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2428 
2429         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2430         {
2431             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2432         }
2433 
2434         int nUserId = Integer.parseInt( strAdminUserId );
2435         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2436 
2437         if ( user == null )
2438         {
2439             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2440         }
2441 
2442         String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2443         Map<String, Object> parameters = new HashMap<>( );
2444         parameters.put( PARAMETER_USER_ID, strAdminUserId );
2445         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2446 
2447         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2448                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2449         }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
2450     }
2451 
2452     /**
2453      * Anonymize a user
2454      * 
2455      * @param request
2456      *            The request
2457      * @return The Jsp URL of the process result
2458      * @throws AccessDeniedException
2459      *             in case of invalid security token
2460      */
2461     public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2462     {
2463         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2464 
2465         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2466         {
2467             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2468         }
2469 
2470         int nUserId = Integer.parseInt( strAdminUserId );
2471         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2472 
2473         if ( user == null )
2474         {
2475             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2476         }
2477         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2478         {
2479             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2480         }
2481 
2482         AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2483 
2484         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2485                 CONSTANT_BO );
2486 
2487         return JSP_MANAGE_USER;
2488     }
2489 
2490     /**
2491      * Update a user account life time
2492      * 
2493      * @param request
2494      *            The request
2495      * @return The Jsp URL of the process result
2496      */
2497     public String reactivateAccount( HttpServletRequest request )
2498     {
2499         AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2500         String strUrl;
2501         int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2502         Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2503 
2504         if ( user.getAccountMaxValidDate( ) != null )
2505         {
2506             // If the account is close to expire but has not expired yet
2507             if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2508             {
2509                 AdminUserService.updateUserExpirationDate( user );
2510             }
2511 
2512             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2513                     AdminMessage.TYPE_INFO );
2514         }
2515         else
2516         {
2517             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2518                     AdminMessage.TYPE_ERROR );
2519         }
2520 
2521         return strUrl;
2522     }
2523 
2524     /**
2525      * Get the modify account life time emails page
2526      * 
2527      * @param request
2528      *            The request
2529      * @return The html to display
2530      */
2531     public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2532     {
2533         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2534 
2535         Map<String, Object> model = new HashMap<>( );
2536         String strSenderKey = StringUtils.EMPTY;
2537         String strSubjectKey = StringUtils.EMPTY;
2538         String strBodyKey = StringUtils.EMPTY;
2539         String strTitle = StringUtils.EMPTY;
2540 
2541         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2542         {
2543             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2544             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2545             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2546             strTitle = PROPERTY_FIRST_EMAIL;
2547         }
2548         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2549         {
2550             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2551             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2552             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2553             strTitle = PROPERTY_OTHER_EMAIL;
2554         }
2555         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2556         {
2557             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2558             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2559             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2560             strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2561         }
2562         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2563         {
2564             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2565             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2566             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2567             strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2568         }
2569         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2570         {
2571             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2572             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2573             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2574             strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2575         }
2576 
2577         String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2578         String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2579 
2580         defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2581 
2582         String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2583 
2584         // ITEM NAVIGATION
2585         setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2586 
2587         model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2588         model.put( MARK_EMAIL_SENDER, strSender );
2589         model.put( MARK_EMAIL_SUBJECT, strSubject );
2590         model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2591         model.put( MARK_EMAIL_LABEL, strTitle );
2592         model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2593         model.put( MARK_LOCALE, getLocale( ) );
2594         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2595         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2596 
2597         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2598 
2599         return getAdminPage( template.getHtml( ) );
2600     }
2601 
2602     /**
2603      * Update an account life time email
2604      * 
2605      * @param request
2606      *            The request
2607      * @return The Jsp URL of the process result
2608      * @throws AccessDeniedException
2609      *             if the security token is invalid
2610      */
2611     public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2612     {
2613         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2614         {
2615             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2616         }
2617         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2618 
2619         String strSenderKey = StringUtils.EMPTY;
2620         String strSubjectKey = StringUtils.EMPTY;
2621         String strBodyKey = StringUtils.EMPTY;
2622 
2623         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2624         {
2625             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2626             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2627             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2628         }
2629         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2630         {
2631             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2632             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2633             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2634         }
2635         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2636         {
2637             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2638             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2639             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2640         }
2641         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2642         {
2643             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2644             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2645             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2646         }
2647         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2648         {
2649             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2650             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2651             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2652         }
2653 
2654         AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2655         AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2656         DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2657 
2658         return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2659     }
2660 
2661     /**
2662      * Get the item navigator
2663      * 
2664      * @param nIdAdminUser
2665      *            the admin user id
2666      * @param strUrl
2667      *            the url
2668      */
2669     private void setItemNavigator( int nIdAdminUser, String strUrl )
2670     {
2671         if ( _itemNavigator == null )
2672         {
2673             List<String> listIdsRight = new ArrayList<>( );
2674             int nCurrentItemId = 0;
2675             int nIndex = 0;
2676 
2677             AdminUser currentUser = getUser( );
2678 
2679             for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2680             {
2681                 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2682                 {
2683                     listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2684 
2685                     if ( adminUser.getUserId( ) == nIdAdminUser )
2686                     {
2687                         nCurrentItemId = nIndex;
2688                     }
2689 
2690                     nIndex++;
2691                 }
2692             }
2693 
2694             _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2695         }
2696         else
2697         {
2698             _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2699             _itemNavigator.setBaseUrl( strUrl );
2700         }
2701     }
2702 
2703     /**
2704      * Reinit the item navigator
2705      */
2706     private void reinitItemNavigator( )
2707     {
2708         _itemNavigator = null;
2709     }
2710 
2711     /**
2712      * Check if a user is authorized to modify another user
2713      * 
2714      * @param currentUser
2715      *            The current user
2716      * @param userToModify
2717      *            The user to modify
2718      * @return True if the current user can modify the other user, false otherwise
2719      */
2720     private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2721     {
2722         if ( currentUser == null || userToModify == null )
2723         {
2724             return false;
2725         }
2726         return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2727                 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2728     }
2729 
2730     /**
2731      * Check if a user is authorized to modify another user's right level
2732      * 
2733      * @param currentUser
2734      *            The user doing the modification
2735      * @param userToModify
2736      *            The user whose right level is being modified
2737      * @return true if the user's right level can be modified, false otherwise
2738      */
2739     private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2740     {
2741         if ( currentUser == null || userToModify == null )
2742         {
2743             return false;
2744         }
2745         return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2746     }
2747 
2748     /**
2749      * Check if a user's right level has been modified
2750      * 
2751      * @param user
2752      *            The user whose right level is being modified
2753      * @param strSelectedUserLevel
2754      *            The new right level selected
2755      * @return true if the level has been modified, false otherwise
2756      */
2757     private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2758     {
2759         if ( strSelectedUserLevel != null )
2760         {
2761             int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2762             return nSelectedUserLevel != user.getUserLevel( );
2763         }
2764         return false;
2765     }
2766 }