View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.user;
35  
36  import fr.paris.lutece.portal.service.security.AccessLogService;
37  import java.io.IOException;
38  import java.io.PrintWriter;
39  import java.sql.Timestamp;
40  import java.util.ArrayList;
41  import java.util.Collection;
42  import java.util.Collections;
43  import java.util.HashMap;
44  import java.util.List;
45  import java.util.Locale;
46  import java.util.Map;
47  
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  
51  import org.apache.commons.fileupload.FileItem;
52  import org.apache.commons.lang3.StringUtils;
53  
54  import fr.paris.lutece.portal.business.rbac.RBACRole;
55  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56  import fr.paris.lutece.portal.business.rbac.RBAC;
57  import fr.paris.lutece.portal.business.right.Level;
58  import fr.paris.lutece.portal.business.right.LevelHome;
59  import fr.paris.lutece.portal.business.right.Right;
60  import fr.paris.lutece.portal.business.right.RightHome;
61  import fr.paris.lutece.portal.business.user.AdminUser;
62  import fr.paris.lutece.portal.business.user.AdminUserHome;
63  import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64  import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65  import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66  import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67  import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68  import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69  import fr.paris.lutece.portal.business.xsl.XslExport;
70  import fr.paris.lutece.portal.business.xsl.XslExportHome;
71  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72  import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73  import fr.paris.lutece.portal.service.admin.AdminUserService;
74  import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75  import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76  import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77  import fr.paris.lutece.portal.service.i18n.I18nService;
78  import fr.paris.lutece.portal.service.message.AdminMessage;
79  import fr.paris.lutece.portal.service.message.AdminMessageService;
80  import fr.paris.lutece.portal.service.plugin.PluginService;
81  import fr.paris.lutece.portal.service.rbac.RBACService;
82  import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83  import fr.paris.lutece.portal.service.security.SecurityTokenService;
84  import fr.paris.lutece.portal.service.security.UserNotSignedException;
85  import fr.paris.lutece.portal.service.spring.SpringContextService;
86  import fr.paris.lutece.portal.service.template.AppTemplateService;
87  import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88  import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89  import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90  import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91  import fr.paris.lutece.portal.service.util.AppException;
92  import fr.paris.lutece.portal.service.util.AppLogService;
93  import fr.paris.lutece.portal.service.util.AppPathService;
94  import fr.paris.lutece.portal.service.util.AppPropertiesService;
95  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96  import fr.paris.lutece.portal.service.xsl.XslExportService;
97  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98  import fr.paris.lutece.portal.web.constants.Messages;
99  import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117 
118 /**
119  * This class provides the user interface to manage app user features ( manage, create, modify, remove, ... )
120  */
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123     private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124     private static final long serialVersionUID = -6323157489236186522L;
125 
126     // //////////////////////////////////////////////////////////////////////////
127     // Constants
128     private static final String CONSTANTE_UN = "1";
129     private static final String CONSTANT_USER_MSG = "User ";
130     private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131     private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132     private static final String CONSTANT_BO = "BO";
133 
134     // Beans
135     private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136 
137     // Templates
138     private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139     private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140     private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141     private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142     private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143     private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144     private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145     private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146     private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147     private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148     private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149     private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150     private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151     private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152     private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153     private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154     private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155     private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156 
157     // Messages
158     private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159     private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160     private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161     private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162     private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163     private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164     private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165     private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166     private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167     private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168     private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169     private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171     private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172     private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173     private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174     private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175     private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176     private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177     private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180     private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181     private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183     private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184     private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185     private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186     private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187     private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188     private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189     private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190     private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191     private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192     private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193     private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194     private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195     private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196     private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197     private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198     private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199 
200     // Parameters
201     private static final String PARAMETER_ACCESS_CODE = "access_code";
202     private static final String PARAMETER_LAST_NAME = "last_name";
203     private static final String PARAMETER_FIRST_NAME = "first_name";
204     private static final String PARAMETER_EMAIL = "email";
205     private static final String PARAMETER_NOTIFY_USER = "notify_user";
206     private static final String PARAMETER_STATUS = "status";
207     private static final String PARAMETER_USER_ID = "id_user";
208     private static final String PARAMETER_ROLE = "roles";
209     private static final String PARAMETER_RIGHT = "right";
210     private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211     private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212     private static final String PARAMETER_LANGUAGE = "language";
213     private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214     private static final String PARAMETER_USER_LEVEL = "user_level";
215     private static final String PARAMETER_WORKGROUP = "workgroup";
216     private static final String PARAMETER_SELECT = "select";
217     private static final String PARAMETER_SELECT_ALL = "all";
218     private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219     private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220     private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221     private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222     private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223     private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224     private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225     private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226     private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227     private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228     private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229     private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230     private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231     private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232     private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233     private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234     private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235     private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236     private static final String PARAMETER_ATTRIBUTE = "attribute_";
237     private static final String PARAMETER_EMAIL_TYPE = "email_type";
238     private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239     private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242     private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243     private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246     private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247     private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248     private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249     private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250     private static final String PARAMETER_CANCEL = "cancel";
251     private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254     private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255     private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256     private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257     private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258     private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259     private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260     private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261     private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262     private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263     private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264     private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265     private static final String PARAMETER_RESET = "reset";
266 
267     // Jsp url
268     private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269     private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270     private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271     private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272     private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
273     private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
274     private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
275     private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
276     private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
277     private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
278     private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
279     private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
280     private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
281     private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
282     private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
283 
284     // Markers
285     private static final String MARK_USER_LIST = "user_list";
286     private static final String MARK_IMPORT_USER_LIST = "import_user_list";
287     private static final String MARK_ACCESS_CODE = "access_code";
288     private static final String MARK_LAST_NAME = "last_name";
289     private static final String MARK_FIRST_NAME = "first_name";
290     private static final String MARK_EMAIL = "email";
291     private static final String MARK_IMPORT_USER = "import_user";
292     private static final String MARK_USER = "user";
293     private static final String MARK_LEVEL = "level";
294     private static final String MARK_USER_RIGHT_LIST = "user_right_list";
295     private static final String MARK_ALL_ROLE_LIST = "all_role_list";
296     private static final String MARK_USER_ROLE_LIST = "user_role_list";
297     private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
298     private static final String MARK_PAGINATOR = "paginator";
299     private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
300     private static final String MARK_LANGUAGES_LIST = "languages_list";
301     private static final String MARK_CURRENT_LANGUAGE = "current_language";
302     private static final String MARK_USER_CREATION_URL = "url_user_creation";
303     private static final String MARK_CAN_DELEGATE = "can_delegate";
304     private static final String MARK_CAN_MODIFY = "can_modify";
305     private static final String MARK_USER_LEVELS_LIST = "user_levels";
306     private static final String MARK_CURRENT_USER = "current_user";
307     private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
308     private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
309     private static final String MARK_SELECT_ALL = "select_all";
310     private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
311     private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
312     private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
313     private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
314     private static final String MARK_LOCALE = "locale";
315     private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
316     private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
317     private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
318     private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
319     private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
320     private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
321     private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
322     private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
323     private static final String MARK_EMAIL_SENDER = "email_sender";
324     private static final String MARK_EMAIL_SUBJECT = "email_subject";
325     private static final String MARK_EMAIL_BODY = "email_body";
326     private static final String MARK_EMAIL_LABEL = "emailLabel";
327     private static final String MARK_WEBAPP_URL = "webapp_url";
328     private static final String MARK_LIST_MESSAGES = "csv_messages";
329     private static final String MARK_CSV_SEPARATOR = "csv_separator";
330     private static final String MARK_CSV_ESCAPE = "csv_escape";
331     private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
332     private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
333     private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
334     private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
335     private static final String MARK_ADMIN_AVATAR = "adminAvatar";
336     private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
337     private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
338     private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
339 
340     private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
341     private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
342     private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
343     private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
344     private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
345     private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
346     private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
347     private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
348     private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
349     private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
350     private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
351     private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
352     private static final String CONSTANT_POINT = ".";
353     private static final String CONSTANT_QUOTE = "\"";
354     private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
355     private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
356     private static final String CONSTANT_XML_USERS = "users";
357     private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
358     private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
359     private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
360     private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
361     private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
362     private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
363     private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
364     private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
365     private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
366     private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
367     private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
368     private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
369     private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
370 
371     private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
372 
373     private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
374     private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
375     private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
376     private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
377     private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
378 
379     private transient ImportAdminUserService _importAdminUserService;
380     private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
381 
382     private int _nItemsPerPage;
383     private String _strCurrentPageIndex;
384     private ItemNavigator _itemNavigator;
385 
386     /**
387      * Build the User list
388      *
389      * @param request
390      *            Http Request
391      * @return the AppUser list
392      */
393     public String getManageAdminUsers( HttpServletRequest request )
394     {
395         setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
396 
397         // Reinit session
398         reinitItemNavigator( );
399 
400         String strCreateUrl;
401         AdminUser currentUser = getUser( );
402 
403         Map<String, Object> model = new HashMap<>( );
404 
405         // creation in no-module mode : no import
406         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
407         {
408             strCreateUrl = JSP_URL_CREATE_USER;
409         }
410         else
411         {
412             strCreateUrl = JSP_URL_IMPORT_USER;
413         }
414 
415         String strURL = getHomeUrl( request );
416         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
417 
418         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
419         listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
420 
421         List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
422         List<AdminUser> listDisplayUsers = new ArrayList<>( );
423 
424         for ( AdminUser user : availableUsers )
425         {
426             if ( isUserAuthorizedToModifyUser( currentUser, user ) )
427             {
428                 listDisplayUsers.add( user );
429             }
430         }
431 
432         // SORT
433         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
434         String strAscSort = null;
435 
436         if ( strSortedAttributeName != null )
437         {
438             strAscSort = request.getParameter( Parameters.SORTED_ASC );
439 
440             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
441 
442             Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
443         }
444 
445         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
446         int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
447         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
448 
449         if ( strSortedAttributeName != null )
450         {
451             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
452         }
453 
454         if ( strAscSort != null )
455         {
456             url.addParameter( Parameters.SORTED_ASC, strAscSort );
457         }
458 
459         // PAGINATOR
460         LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
461                 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
462 
463         // USER LEVEL
464         Collection<Level> filteredLevels = new ArrayList<>( );
465 
466         for ( Level level : LevelHome.getLevelsList( ) )
467         {
468             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
469             {
470                 filteredLevels.add( level );
471             }
472         }
473 
474         boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
475                 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
476         boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
477                 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
478 
479         model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
480         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
481         model.put( MARK_PAGINATOR, paginator );
482         model.put( MARK_USER_LIST, paginator.getPageItems( ) );
483         model.put( MARK_USER_CREATION_URL, strCreateUrl );
484         model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
485         model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
486         model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
487         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
488 
489         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
490 
491         return getAdminPage( template.getHtml( ) );
492     }
493 
494     /**
495      * Display the page for user import. This page is used in module mode to link a user to its code in the module (for later authentication) and to populate
496      * the creation form with the data the module is able to provide.
497      * 
498      * @param request
499      *            the http request
500      * @return the html code for the import page
501      */
502     public String getFindImportAdminUser( HttpServletRequest request )
503     {
504         setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
505 
506         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
507         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
508         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
509         String strEmail = request.getParameter( PARAMETER_EMAIL );
510 
511         Map<String, Object> model = new HashMap<>( );
512         Collection<?> allImportUsers = null;
513 
514         if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
515         {
516             allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
517         }
518 
519         model.put( MARK_IMPORT_USER_LIST, allImportUsers );
520         model.put( MARK_ACCESS_CODE, strAccessCode );
521         model.put( MARK_LAST_NAME, strLastName );
522         model.put( MARK_FIRST_NAME, strFirstName );
523         model.put( MARK_EMAIL, strEmail );
524 
525         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
526 
527         return getAdminPage( template.getHtml( ) );
528     }
529 
530     /**
531      * Performs checks on the selected user to import and redirects on the creation form. This page is used in module mode.
532      * 
533      * @param request
534      *            The HTTP Request
535      * @return The Jsp URL of the creation form if check ok, an error page url otherwise
536      */
537     public String doSelectImportUser( HttpServletRequest request )
538     {
539         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
540 
541         if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
542         {
543             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
544         }
545 
546         // check that access code is not in use
547         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
548         {
549             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
550         }
551 
552         return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
553     }
554 
555     /**
556      * Returns the data capture form of a new User
557      *
558      * @param request
559      *            The HTTP Request
560      * @return The HTML form
561      */
562     public String getCreateAdminUser( HttpServletRequest request )
563     {
564         setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
565 
566         HtmlTemplate template;
567         AdminUser currentUser = getUser( );
568         Collection<Level> filteredLevels = new ArrayList<>( );
569 
570         for ( Level level : LevelHome.getLevelsList( ) )
571         {
572             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
573             {
574                 filteredLevels.add( level );
575             }
576         }
577 
578         // Default user parameter values
579         String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
580         Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
581         int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
582         String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
583         int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
584 
585         // Specific attributes
586         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
587 
588         // creation in no-module mode : load empty form
589         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
590         {
591             Map<String, Object> model = new HashMap<>( );
592 
593             model.put( MARK_USER_LEVELS_LIST, filteredLevels );
594             model.put( MARK_CURRENT_USER, currentUser );
595             model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
596             model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
597             model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
598             model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
599             model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
600             model.put( MARK_ATTRIBUTES_LIST, listAttributes );
601             model.put( MARK_LOCALE, getLocale( ) );
602             model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
603             model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
604             model.put( MARK_RANDOM_PASSWORD_SIZE,
605                     AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
606             model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
607             model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
608 
609             template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
610         }
611         else
612         // creation in module mode : populate the form with the data from the user
613         // selected for import
614         {
615             // parameters retrieved from the "import" action (retrieves the data from the
616             // access code)
617             String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
618             AdminUser user = null;
619 
620             if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
621             {
622                 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
623             }
624 
625             Map<String, Object> model = new HashMap<>( );
626 
627             if ( user != null )
628             {
629                 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
630                 model.put( MARK_CURRENT_USER, currentUser );
631                 model.put( MARK_IMPORT_USER, user );
632                 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
633                 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
634                 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
635                 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
636                 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
637                 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
638                 model.put( MARK_LOCALE, getLocale( ) );
639                 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
640                 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
641                 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
642             }
643 
644             template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
645         }
646 
647         return getAdminPage( template.getHtml( ) );
648     }
649 
650     /**
651      * Process the data capture form of a new appUser
652      *
653      * @param request
654      *            The HTTP Request
655      * @return The Jsp URL of the process result
656      * @throws AccessDeniedException
657      *             If the security token is invalid
658      */
659     public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
660     {
661         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
662         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
663         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
664         String strEmail = request.getParameter( PARAMETER_EMAIL );
665         String strStatus = request.getParameter( PARAMETER_STATUS );
666         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
667         String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
668         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
669         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
670 
671         String message = checkParameters( request, JSP_URL_CREATE_USER );
672 
673         if ( message != null )
674         {
675             return message;
676         }
677 
678         // check again that access code is not in use
679         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
680         {
681             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
682         }
683 
684         // check again that email is not in use
685         if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
686         {
687             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
688         }
689 
690         // defines the new created user level
691         int nNewUserLevel = Integer.parseInt( strUserLevel );
692 
693         // check if the user is still an admin
694         if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
695         {
696             return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
697         }
698 
699         // creation in no-module mode : we manage the password
700         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
701         {
702             LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
703             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
704             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
705 
706             if ( StringUtils.isEmpty( strFirstPassword ) )
707             {
708                 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
709             }
710 
711             if ( !strFirstPassword.equals( strSecondPassword ) )
712             {
713                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
714             }
715 
716             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
717 
718             if ( StringUtils.isNotEmpty( strUrl ) )
719             {
720                 return strUrl;
721             }
722 
723             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
724 
725             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
726             user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
727 
728             user.setAccessCode( strAccessCode );
729             user.setLastName( strLastName );
730             user.setFirstName( strFirstName );
731             user.setEmail( strEmail );
732             user.setStatus( Integer.parseInt( strStatus ) );
733             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
734 
735             user.setUserLevel( nNewUserLevel );
736             user.setPasswordReset( Boolean.TRUE );
737             user.setAccessibilityMode( strAccessibilityMode != null );
738             user.setWorkgroupKey( strWorkgroupKey );
739 
740             AdminUserHome.create( user );
741             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
742 
743             if ( CONSTANTE_UN.equals( strNotifyUser ) )
744             {
745                 // Notify user for the creation of this account
746                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
747                         TEMPLATE_NOTIFY_USER );
748             }
749 
750             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
751                     CONSTANT_BO );
752         }
753         else
754         {
755             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
756             user.setAccessCode( strAccessCode );
757             user.setLastName( strLastName );
758             user.setFirstName( strFirstName );
759             user.setEmail( strEmail );
760             user.setStatus( Integer.parseInt( strStatus ) );
761             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
762 
763             user.setUserLevel( nNewUserLevel );
764             user.setAccessibilityMode( strAccessibilityMode != null );
765             user.setWorkgroupKey( strWorkgroupKey );
766 
767             AdminUserHome.create( user );
768             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
769 
770             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
771                     CONSTANT_BO );
772         }
773 
774         return JSP_MANAGE_USER;
775     }
776 
777     private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
778     {
779         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
780         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
781         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
782         String strEmail = request.getParameter( PARAMETER_EMAIL );
783 
784         if ( StringUtils.isEmpty( strAccessCode ) )
785         {
786             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
787         }
788 
789         if ( StringUtils.isEmpty( strLastName ) )
790         {
791             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
792         }
793 
794         if ( StringUtils.isEmpty( strFirstName ) )
795         {
796             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
797         }
798 
799         if ( StringUtils.isBlank( strEmail ) )
800         {
801             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
802         }
803 
804         if ( !AdminUserService.checkEmail( strEmail ) )
805         {
806             return AdminUserService.getEmailErrorMessageUrl( request );
807         }
808 
809         String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
810 
811         if ( strError != null )
812         {
813             return strError;
814         }
815 
816         if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
817         {
818             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
819         }
820 
821         return null;
822     }
823 
824     /**
825      * Returns the form to update info about a AppUser
826      *
827      * @param request
828      *            The Http request
829      * @return The HTML form to update info
830      * @throws AccessDeniedException
831      *             If the current user is not authorized to modify the user
832      */
833     public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
834     {
835         setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
836 
837         String strUserId = request.getParameter( PARAMETER_USER_ID );
838 
839         int nUserId = Integer.parseInt( strUserId );
840 
841         Map<String, Object> model = new HashMap<>( );
842         HtmlTemplate template;
843 
844         AdminUser user;
845         String strTemplateUrl;
846 
847         // creation in no-module mode : load form with password modification field and
848         // login modification field
849         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
850         {
851             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
852             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
853         }
854         else
855         {
856             user = AdminUserHome.findByPrimaryKey( nUserId );
857             strTemplateUrl = TEMPLATE_MODIFY_USER;
858         }
859 
860         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
861         {
862             return getManageAdminUsers( request );
863         }
864 
865         AdminUser currentUser = AdminUserService.getAdminUser( request );
866 
867         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
868         {
869             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
870         }
871 
872         Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
873         ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
874 
875         if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
876         {
877             for ( Level levelItem : LevelHome.getLevelsList( ) )
878             {
879                 filteredLevels.add( levelItem.getReferenceItem( ) );
880             }
881             ;
882             filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
883         }
884 
885         // ITEM NAVIGATION
886         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
887 
888         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
889         Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
890 
891         model.put( MARK_USER, user );
892         model.put( MARK_LEVEL, level );
893         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
894         model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
895         model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
896         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
897         model.put( MARK_ATTRIBUTES_LIST, listAttributes );
898         model.put( MARK_LOCALE, getLocale( ) );
899         model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
900         model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
901         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
902 
903         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
904 
905         return getAdminPage( template.getHtml( ) );
906     }
907 
908     /**
909      * Process the change form of an appUser
910      *
911      * @param request
912      *            The Http request
913      * @return The Jsp URL of the process result
914      * @throws AccessDeniedException
915      *             If the current user is not authorized to modify the user
916      */
917     public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
918     {
919         String strUserId = request.getParameter( PARAMETER_USER_ID );
920         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
921         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
922         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
923         String strEmail = request.getParameter( PARAMETER_EMAIL );
924         String strStatus = request.getParameter( PARAMETER_STATUS );
925         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
926         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
927         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
928         int nUserId = Integer.parseInt( strUserId );
929 
930         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
931         AdminUser currentUser = AdminUserService.getAdminUser( request );
932 
933         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
934         {
935             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
936         }
937 
938         // Check if the current user is trying to modify another user's right level.
939         // If that's the case, then make sure they have the required authorization to do it
940         if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
941         {
942             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
943         }
944 
945         String message = checkParameters( request, JSP_URL_MODIFY_USER );
946 
947         if ( message != null )
948         {
949             return message;
950         }
951 
952         int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
953 
954         // check again that access code is not in use
955         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
956         {
957             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
958         }
959 
960         checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
961 
962         // check again that email is not in use
963         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
964         {
965             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
966         }
967 
968         // modification in no-module mode : we manage the password
969         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
970         {
971             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
972 
973             user.setUserId( nUserId );
974             user.setAccessCode( strAccessCode );
975             user.setLastName( strLastName );
976             user.setFirstName( strFirstName );
977             user.setEmail( strEmail );
978             user.setWorkgroupKey( strWorkgroupKey );
979             user.setUserLevel( Integer.parseInt( strUserLevel ) );
980 
981             int nStatus = Integer.parseInt( strStatus );
982 
983             if ( nStatus != user.getStatus( ) )
984             {
985                 user.setStatus( nStatus );
986                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
987                         TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
988             }
989 
990             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
991             user.setAccessibilityMode( strAccessibilityMode != null );
992 
993             AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
994 
995             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
996 
997             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
998                     CONSTANT_BO );
999         }
1000         else
1001         {
1002             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1003             user.setUserId( nUserId );
1004             user.setAccessCode( strAccessCode );
1005             user.setLastName( strLastName );
1006             user.setFirstName( strFirstName );
1007             user.setEmail( strEmail );
1008             user.setStatus( Integer.parseInt( strStatus ) );
1009             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1010             user.setAccessibilityMode( strAccessibilityMode != null );
1011             user.setWorkgroupKey( strWorkgroupKey );
1012             user.setUserLevel( Integer.parseInt( strUserLevel ) );
1013 
1014             String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1015 
1016             if ( strError != null )
1017             {
1018                 return strError;
1019             }
1020 
1021             AdminUserHome.update( user );
1022 
1023             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1024 
1025             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1026                     CONSTANT_BO );
1027         }
1028 
1029         return JSP_MANAGE_USER;
1030     }
1031 
1032     /**
1033      * Returns the form to update password of AppUser
1034      *
1035      * @param request
1036      *            The Http request
1037      * @return The HTML form to update info
1038      * @throws AccessDeniedException
1039      *             If the current user is not authorized to modify the user
1040      */
1041     public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1042     {
1043         setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1044 
1045         String strUserId = request.getParameter( PARAMETER_USER_ID );
1046 
1047         int nUserId = Integer.parseInt( strUserId );
1048 
1049         Map<String, Object> model = new HashMap<>( );
1050         HtmlTemplate template;
1051 
1052         AdminUser user = null;
1053         String strTemplateUrl = "";
1054 
1055         // creation in no-module mode : load form with password modification field and
1056         // login modification field
1057         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1058         {
1059             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1060             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1061         }
1062         else
1063         {
1064             throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1065         }
1066 
1067         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1068         {
1069             throw new AppException( "User to modify password for not found" );
1070         }
1071 
1072         AdminUser currentUser = AdminUserService.getAdminUser( request );
1073 
1074         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1075         {
1076             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1077         }
1078 
1079         // ITEM NAVIGATION
1080         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1081 
1082         model.put( MARK_USER, user );
1083         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1084         model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1085         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1086 
1087         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1088 
1089         return getAdminPage( template.getHtml( ) );
1090     }
1091 
1092     /**
1093      * Process the change form of an appUser password
1094      *
1095      * @param request
1096      *            The Http request
1097      * @return The Jsp URL of the process result
1098      * @throws AccessDeniedException
1099      *             If the current user is not authorized to modify the user
1100      */
1101     public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1102     {
1103         if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1104         {
1105             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1106         }
1107         String strUserId = request.getParameter( PARAMETER_USER_ID );
1108 
1109         int nUserId = Integer.parseInt( strUserId );
1110 
1111         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1112 
1113         if ( userToModify == null )
1114         {
1115             throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1116         }
1117 
1118         AdminUser currentUser = AdminUserService.getAdminUser( request );
1119 
1120         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1121         {
1122             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1123         }
1124 
1125         // modification in no-module mode : we manage the password
1126         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1127         {
1128             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1129 
1130             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1131             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1132 
1133             if ( StringUtils.isEmpty( strFirstPassword ) )
1134             {
1135                 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1136                         I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1137                 }, AdminMessage.TYPE_STOP );
1138             }
1139 
1140             if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1141             {
1142                 // First and second password are filled but there are different
1143                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1144             }
1145 
1146             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1147 
1148             if ( StringUtils.isNotEmpty( strUrl ) )
1149             {
1150                 return strUrl;
1151             }
1152 
1153             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1154             user.setPasswordReset( Boolean.FALSE );
1155             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1156 
1157             AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1158 
1159             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1160                     user.getAccessCode( ), CONSTANT_BO );
1161         }
1162 
1163         return JSP_MANAGE_USER;
1164     }
1165 
1166     /**
1167      * Get a page to import users from a CSV file.
1168      * 
1169      * @param request
1170      *            The request
1171      * @return The HTML content
1172      */
1173     public String getImportUsersFromFile( HttpServletRequest request )
1174     {
1175         _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1176         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1177                 getUser( ) ) )
1178         {
1179             return getManageAdminUsers( request );
1180         }
1181 
1182         setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1183 
1184         Map<String, Object> model = new HashMap<>( );
1185 
1186         model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1187 
1188         String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1189         String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1190         String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1191         model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1192         model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1193         model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1194         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1195 
1196         String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1197         HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1198 
1199         return getAdminPage( template.getHtml( ) );
1200     }
1201 
1202     /**
1203      * Do import users from a CSV file
1204      * 
1205      * @param request
1206      *            The request
1207      * @return A DefaultPluginActionResult with the URL of the page to display, or the HTML content
1208      * @throws AccessDeniedException
1209      *             if the security token is invalid
1210      */
1211     public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1212     {
1213         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1214 
1215         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1216                 getUser( ) ) )
1217         {
1218             result.setHtmlContent( getManageAdminUsers( request ) );
1219 
1220             return result;
1221         }
1222 
1223         if ( request instanceof MultipartHttpServletRequest )
1224         {
1225             MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1226             FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1227             String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1228 
1229             if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1230             {
1231                 Object [ ] tabRequiredFields = {
1232                         I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1233                 };
1234                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1235 
1236                 return result;
1237             }
1238 
1239             if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1240                     && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1241                     || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1242             {
1243                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1244 
1245                 return result;
1246             }
1247             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1248             {
1249                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1250             }
1251 
1252             String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1253             boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1254             String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1255             boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1256 
1257             _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1258 
1259             List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1260                     AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1261 
1262             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1263                     CONSTANT_BO );
1264 
1265             request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1266 
1267             String strHtmlResult = getImportUsersFromFile( request );
1268             result.setHtmlContent( strHtmlResult );
1269         }
1270         else
1271         {
1272             Object [ ] tabRequiredFields = {
1273                     I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1274             };
1275             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1276         }
1277 
1278         return result;
1279     }
1280 
1281     /**
1282      * Get a page to export users
1283      * 
1284      * @param request
1285      *            The request
1286      * @return The html content
1287      */
1288     public String getExportUsers( HttpServletRequest request )
1289     {
1290         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1291                 getUser( ) ) )
1292         {
1293             return getManageAdminUsers( request );
1294         }
1295 
1296         setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1297 
1298         Map<String, Object> model = new HashMap<>( );
1299 
1300         ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1301 
1302         model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1303 
1304         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1305 
1306         return getAdminPage( template.getHtml( ) );
1307     }
1308 
1309     /**
1310      * Do export users
1311      * 
1312      * @param request
1313      *            The request
1314      * @param response
1315      *            The response
1316      * @return A DefaultPluginActionResult containing the result, or null if the file download has been initialized
1317      * @throws IOException
1318      *             If an IOException occurs
1319      */
1320     public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1321     {
1322         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1323 
1324         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1325                 getUser( ) ) )
1326         {
1327             result.setHtmlContent( getManageAdminUsers( request ) );
1328 
1329             return result;
1330         }
1331 
1332         String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1333         String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1334         String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1335         String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1336         String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1337         boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1338         boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1339         boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1340         boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1341 
1342         if ( StringUtils.isBlank( strXslExportId ) )
1343         {
1344             Object [ ] tabRequiredFields = {
1345                     I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1346             };
1347             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1348 
1349             return result;
1350         }
1351 
1352         int nIdXslExport = Integer.parseInt( strXslExportId );
1353 
1354         XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1355 
1356         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1357 
1358         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1359         List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1360 
1361         for ( IAttribute attribute : listAttributes )
1362         {
1363             if ( attribute instanceof ISimpleValuesAttributes )
1364             {
1365                 listAttributesFiltered.add( attribute );
1366             }
1367         }
1368 
1369         StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1370         XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1371 
1372         for ( AdminUser user : listUsers )
1373         {
1374             if ( !user.isStatusAnonymized( ) )
1375             {
1376                 sbXml.append(
1377                         AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1378             }
1379         }
1380 
1381         XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1382 
1383         String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1384         String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1385 
1386         if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1387         {
1388             response.setContentType( CONSTANT_MIME_TYPE_CSV );
1389         }
1390         else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1391         {
1392             response.setContentType( CONSTANT_MIME_TYPE_XML );
1393         }
1394         else
1395         {
1396             response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1397         }
1398 
1399         String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1400         response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1401 
1402         PrintWriter out = response.getWriter( );
1403         out.write( strExportedUsers );
1404         out.flush( );
1405         out.close( );
1406 
1407         return null;
1408     }
1409 
1410     /**
1411      * Returns the page of confirmation for deleting a provider
1412      *
1413      * @param request
1414      *            The Http Request
1415      * @return the confirmation url
1416      * @throws AccessDeniedException
1417      *             When not authorized
1418      */
1419     public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1420     {
1421         String strUserId = request.getParameter( PARAMETER_USER_ID );
1422         int nUserId = Integer.parseInt( strUserId );
1423         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1424 
1425         if ( user == null )
1426         {
1427             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1428         }
1429 
1430         AdminUser currentUser = AdminUserService.getAdminUser( request );
1431 
1432         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1433         {
1434             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1435         }
1436 
1437         String strUrlRemove = JSP_URL_REMOVE_USER;
1438         Map<String, Object> parameters = new HashMap<>( );
1439         parameters.put( PARAMETER_USER_ID, strUserId );
1440         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1441 
1442         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1443                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1444         }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters );
1445     }
1446 
1447     /**
1448      * Process to the confirmation of deleting of an AppUser
1449      *
1450      * @param request
1451      *            The Http Request
1452      * @return the HTML page
1453      * @throws AccessDeniedException
1454      *             If the user is not authorized
1455      */
1456     public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1457     {
1458         String strUserId = request.getParameter( PARAMETER_USER_ID );
1459         int nUserId = Integer.parseInt( strUserId );
1460         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1461 
1462         if ( user == null )
1463         {
1464             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
1465         }
1466         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1467         {
1468             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1469         }
1470 
1471         AdminUser currentUser = AdminUserService.getAdminUser( request );
1472 
1473         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1474         {
1475             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1476         }
1477 
1478         String strRemovedUserAccessCode = user.getAccessCode( );
1479 
1480         AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1481         AdminUserHome.removeAllRightsForUser( nUserId );
1482         AdminUserHome.removeAllRolesForUser( nUserId );
1483         AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1484         AdminUserHome.remove( nUserId );
1485 
1486         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1487                 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1488 
1489         return JSP_MANAGE_USER;
1490     }
1491 
1492     /**
1493      * Build the User right list
1494      *
1495      * @param request
1496      *            Http Request
1497      * @return the right list
1498      * @throws AccessDeniedException
1499      *             If the user is not authorized
1500      */
1501     public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1502     {
1503         setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1504 
1505         String strUserId = request.getParameter( PARAMETER_USER_ID );
1506         int nUserId = Integer.parseInt( strUserId );
1507 
1508         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1509 
1510         AdminUser currentUser = AdminUserService.getAdminUser( request );
1511 
1512         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1513         {
1514             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1515         }
1516 
1517         Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1518 
1519         // ITEM NAVIGATION
1520         setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1521 
1522         HashMap<String, Object> model = new HashMap<>( );
1523         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1524         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1525         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1526         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1527         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1528 
1529         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1530 
1531         return getAdminPage( template.getHtml( ) );
1532     }
1533 
1534     /**
1535      * Build the User workgroup list
1536      *
1537      * @param request
1538      *            Http Request
1539      * @return the right list
1540      * @throws AccessDeniedException
1541      *             If the user is not authorized
1542      */
1543     public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1544     {
1545         setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1546 
1547         String strUserId = request.getParameter( PARAMETER_USER_ID );
1548         int nUserId = Integer.parseInt( strUserId );
1549 
1550         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1551         AdminUser currentUser = AdminUserService.getAdminUser( request );
1552 
1553         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1554         {
1555             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1556         }
1557 
1558         ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1559 
1560         // ITEM NAVIGATION
1561         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1562 
1563         Map<String, Object> model = new HashMap<>( );
1564         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1565         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1566         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1567         model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1568         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1569 
1570         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1571 
1572         return getAdminPage( template.getHtml( ) );
1573     }
1574 
1575     /**
1576      * Build the assignable workgroups list
1577      *
1578      * @param request
1579      *            Http Request
1580      * @return the right list
1581      * @throws AccessDeniedException
1582      *             If the user is not authorized
1583      */
1584     public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1585     {
1586         boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1587 
1588         setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1589 
1590         String strUserId = request.getParameter( PARAMETER_USER_ID );
1591         int nUserId = Integer.parseInt( strUserId );
1592 
1593         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1594         AdminUser currentUser = getUser( );
1595 
1596         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1597         {
1598             return getManageAdminUsers( request );
1599         }
1600 
1601         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1602         {
1603             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1604         }
1605 
1606         ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1607         ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1608 
1609         ArrayList<String> checkedValues = new ArrayList<>( );
1610 
1611         for ( ReferenceItem item : userWorkspaces )
1612         {
1613             checkedValues.add( item.getCode( ) );
1614         }
1615 
1616         assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1617 
1618         // ITEM NAVIGATION
1619         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1620 
1621         Map<String, Object> model = new HashMap<>( );
1622         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1623         model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1624         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1625         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1626         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1627         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1628 
1629         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1630 
1631         return getAdminPage( template.getHtml( ) );
1632     }
1633 
1634     /**
1635      * Build the right list
1636      *
1637      * @param request
1638      *            Http Request
1639      * @return the right list
1640      * @throws AccessDeniedException
1641      *             If the user is not authorized
1642      */
1643     public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1644     {
1645         boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1646 
1647         String strSelectAll = request.getParameter( PARAMETER_SELECT );
1648         boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1649 
1650         setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1651 
1652         String strUserId = request.getParameter( PARAMETER_USER_ID );
1653         int nUserId = Integer.parseInt( strUserId );
1654 
1655         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1656         AdminUser currentUser = getUser( );
1657 
1658         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1659         {
1660             return getManageAdminUsers( request );
1661         }
1662 
1663         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1664         {
1665             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1666         }
1667 
1668         Collection<Right> rightList;
1669         Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1670 
1671         if ( bDelegateRights )
1672         {
1673             Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1674             rightList = new ArrayList<>( );
1675 
1676             for ( Right right : rights.values( ) )
1677             {
1678                 // logged user can only delegate rights with level higher or equal to user
1679                 // level.
1680                 if ( right.getLevel( ) >= user.getUserLevel( ) )
1681                 {
1682                     rightList.add( right );
1683                 }
1684             }
1685         }
1686         else
1687         {
1688             rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1689         }
1690 
1691         // ITEM NAVIGATION
1692         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1693 
1694         Map<String, Object> model = new HashMap<>( );
1695         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1696         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1697         model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1698         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1699         model.put( MARK_SELECT_ALL, bSelectAll );
1700         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1701         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1702         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1703 
1704         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1705 
1706         return getAdminPage( template.getHtml( ) );
1707     }
1708 
1709     /**
1710      * Process the change form of an appUser rights
1711      *
1712      * @param request
1713      *            The Http request
1714      * @return The Jsp URL of the process result
1715      * @throws AccessDeniedException
1716      *             If the user is not authorized
1717      */
1718     public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1719     {
1720         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1721         {
1722             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1723         }
1724         String strUserId = request.getParameter( PARAMETER_USER_ID );
1725         int nUserId = Integer.parseInt( strUserId );
1726 
1727         String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1728 
1729         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1730         AdminUser currentUser = AdminUserService.getAdminUser( request );
1731 
1732         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1733         {
1734             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1735         }
1736 
1737         AdminUserHome.removeAllOwnRightsForUser( user );
1738 
1739         if ( arrayRights != null )
1740         {
1741             for ( String strRight : arrayRights )
1742             {
1743                 AdminUserHome.createRightForUser( nUserId, strRight );
1744             }
1745         }
1746 
1747         HashMap<String, String [ ]> mapData = new HashMap<>( );
1748         mapData.put( user.getAccessCode( ), arrayRights );
1749         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1750 
1751         if ( user.getUserId( ) == currentUser.getUserId( ) )
1752         {
1753             try
1754             {
1755                 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1756             }
1757             catch( AccessDeniedException | UserNotSignedException e )
1758             {
1759                 AppLogService.error( e.getMessage( ), e );
1760             }
1761         }
1762 
1763         return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1764     }
1765 
1766     /**
1767      * Build the User role list
1768      *
1769      * @param request
1770      *            Http Request
1771      * @return the right list
1772      * @throws AccessDeniedException
1773      *             If the user is not authorized
1774      */
1775     public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1776     {
1777         setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1778 
1779         String strUserId = request.getParameter( PARAMETER_USER_ID );
1780         int nUserId = Integer.parseInt( strUserId );
1781         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1782         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1783 
1784         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1785         {
1786             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1787         }
1788 
1789         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1790 
1791         // ITEM NAVIGATION
1792         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1793 
1794         Map<String, Object> model = new HashMap<>( );
1795         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1796         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1797         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1798         model.put( MARK_USER_ROLE_LIST, roleList );
1799         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1800 
1801         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1802 
1803         return getAdminPage( template.getHtml( ) );
1804     }
1805 
1806     /**
1807      * Build the role list
1808      *
1809      * @param request
1810      *            Http Request
1811      * @return the right list
1812      * @throws AccessDeniedException
1813      *             IF the user is not authorized
1814      */
1815     public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1816     {
1817         boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1818         setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1819 
1820         String strUserId = request.getParameter( PARAMETER_USER_ID );
1821         int nUserId = Integer.parseInt( strUserId );
1822 
1823         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1824         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1825 
1826         if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1827         {
1828             return getManageAdminUsers( request );
1829         }
1830 
1831         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1832         {
1833             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1834         }
1835 
1836         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1837         Collection<RBACRole> assignableRoleList;
1838 
1839         if ( bDelegateRoles )
1840         {
1841             // assign connected user roles
1842             assignableRoleList = new ArrayList<>( );
1843 
1844             AdminUser currentUser = getUser( );
1845 
1846             for ( RBACRole role : RBACRoleHome.findAll( ) )
1847             {
1848                 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1849                 {
1850                     assignableRoleList.add( role );
1851                 }
1852             }
1853         }
1854         else
1855         {
1856             // assign all available roles
1857             assignableRoleList = RBACRoleHome.findAll( );
1858         }
1859 
1860         // ITEM NAVIGATION
1861         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1862 
1863         Map<String, Object> model = new HashMap<>( );
1864         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1865         model.put( MARK_USER_ROLE_LIST, roleList );
1866         model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1867         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1868         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1869         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1870 
1871         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1872 
1873         return getAdminPage( template.getHtml( ) );
1874     }
1875 
1876     /**
1877      * Process the change form of an appUser roles
1878      *
1879      * @param request
1880      *            The Http request
1881      * @return The Jsp URL of the process result
1882      * @throws AccessDeniedException
1883      *             IF the user is not authorized
1884      */
1885     public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1886     {
1887         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1888         {
1889             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1890         }
1891         String strUserId = request.getParameter( PARAMETER_USER_ID );
1892         int nUserId = Integer.parseInt( strUserId );
1893         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1894         AdminUser currentUser = AdminUserService.getAdminUser( request );
1895 
1896         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1897         {
1898             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1899         }
1900 
1901         String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1902 
1903         AdminUserHome.removeAllRolesForUser( nUserId );
1904 
1905         if ( arrayRoles != null )
1906         {
1907             for ( String strRole : arrayRoles )
1908             {
1909                 AdminUserHome.createRoleForUser( nUserId, strRole );
1910             }
1911         }
1912 
1913         HashMap<String, String [ ]> mapData = new HashMap<>( );
1914         mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1915         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1916 
1917         return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1918     }
1919 
1920     /**
1921      * Process the change form of an appUser workspaces
1922      *
1923      * @param request
1924      *            The Http request
1925      * @return The Jsp URL of the process result
1926      * @throws AccessDeniedException
1927      *             If the user is not authorized
1928      */
1929     public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1930     {
1931         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1932         {
1933             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1934         }
1935         String strUserId = request.getParameter( PARAMETER_USER_ID );
1936         int nUserId = Integer.parseInt( strUserId );
1937         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1938         AdminUser currentUser = getUser( );
1939 
1940         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1941         {
1942             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1943         }
1944 
1945         String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1946         ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1947 
1948         for ( ReferenceItem item : assignableWorkgroups )
1949         {
1950             AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1951         }
1952 
1953         if ( arrayWorkspaces != null )
1954         {
1955             for ( String strWorkgroupKey : arrayWorkspaces )
1956             {
1957                 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1958             }
1959         }
1960 
1961         HashMap<String, String [ ]> mapData = new HashMap<>( );
1962         mapData.put( user.getAccessCode( ), arrayWorkspaces );
1963         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1964 
1965         return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1966     }
1967 
1968     /**
1969      * Tell if 2 users have groups in common
1970      * 
1971      * @param user1
1972      *            User1
1973      * @param user2
1974      *            User2
1975      * @return true or false
1976      */
1977     private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1978     {
1979         ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1980 
1981         if ( workgroups.isEmpty( ) )
1982         {
1983             return true;
1984         }
1985 
1986         for ( ReferenceItem item : workgroups )
1987         {
1988             if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
1989             {
1990                 return true;
1991             }
1992         }
1993 
1994         return false;
1995     }
1996 
1997     /**
1998      * Modify the default user parameter values.
1999      * 
2000      * @param request
2001      *            HttpServletRequest
2002      * @return The Jsp URL of the process result
2003      * @throws AccessDeniedException
2004      *             If the user does not have the permission
2005      */
2006     public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2007     {
2008         if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2009         {
2010             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2011         }
2012         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2013                 getUser( ) ) )
2014         {
2015             throw new AccessDeniedException(
2016                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2017         }
2018 
2019         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2020         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2021         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2022         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2023 
2024         Map logParametersMap = new HashMap( );
2025         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2026         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2027         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2028         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2029         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2030                 CONSTANT_BO );
2031 
2032         return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2033     }
2034 
2035     /**
2036      * Modify the default user parameter security values.
2037      * 
2038      * @param request
2039      *            HttpServletRequest
2040      * @return The Jsp URL of the process result
2041      * @throws AccessDeniedException
2042      *             If the user does not have the permission
2043      */
2044     public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2045     {
2046         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2047         {
2048             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2049         }
2050         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2051                 getUser( ) ) )
2052         {
2053             throw new AccessDeniedException(
2054                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2055         }
2056 
2057         Map logParametersMap = new HashMap( );
2058 
2059         String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2060         strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2061 
2062         DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2063         logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2064 
2065         // Parameter password length
2066         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2067         logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2068 
2069         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2070         logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2071         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2072                 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2073         logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2074 
2075         boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2076 
2077         if ( bUseAdvancedSecurityParameter )
2078         {
2079             // Parameter format
2080             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2081                     request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2082             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2083             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2084             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2085             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2086                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2087             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2088                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2089 
2090             // Parameter password duration
2091             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2092             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2093 
2094             // Password history size
2095             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2096             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2097 
2098             // maximum number of password change
2099             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2100                     request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2101             logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2102 
2103             // maximum number of password change
2104             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2105                     request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2106             logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2107 
2108             // Notify user when his password expires
2109             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2110                     request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2111             logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2112         }
2113 
2114         // Time of life of accounts
2115         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2116         logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2117 
2118         // Time before the first alert when an account will expire
2119         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2120                 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2121         logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2122 
2123         // Number of alerts sent to a user when his account will expire
2124         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2125         logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2126 
2127         // Time between alerts
2128         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2129                 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2130         logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2131 
2132         // Max access failure
2133         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2134         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2135 
2136         // Access failure interval
2137         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2138         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2139 
2140         // Banned domain names
2141         AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2142         logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2143 
2144         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2145                 CONSTANT_BO );
2146 
2147         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2148     }
2149 
2150     /**
2151      * Modify the email pattern
2152      * 
2153      * @param request
2154      *            HttpServletRequest
2155      * @return The Jsp URL of the process result
2156      * @throws AccessDeniedException
2157      *             If the user does not have the permission
2158      */
2159     public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2160     {
2161         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2162                 getUser( ) ) )
2163         {
2164             throw new AccessDeniedException(
2165                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2166         }
2167         if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2168         {
2169             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2170             {
2171                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2172             }
2173             return doResetEmailPattern( request );
2174         }
2175         String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2176         String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2177 
2178         if ( StringUtils.isNotBlank( strEmailPattern ) )
2179         {
2180             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2181             {
2182                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2183             }
2184             AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2185             return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2186         }
2187         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2188     }
2189 
2190     /**
2191      * Reset the email pattern
2192      * 
2193      * @return the jsp return
2194      */
2195     private String doResetEmailPattern( HttpServletRequest request )
2196     {
2197         AdminUserService.doResetEmailPattern( );
2198 
2199         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2200     }
2201 
2202     /**
2203      * Do insert a regular expression
2204      * 
2205      * @param request
2206      *            {@link HttpServletRequest}
2207      * @return the jsp return
2208      * @throws AccessDeniedException
2209      *             access denied if the AdminUser does not have the permission
2210      */
2211     public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2212     {
2213         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2214         {
2215             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2216         }
2217         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2218                 getUser( ) ) )
2219         {
2220             throw new AccessDeniedException(
2221                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2222         }
2223 
2224         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2225 
2226         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2227         {
2228             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2229             AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2230         }
2231 
2232         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2233     }
2234 
2235     /**
2236      * Do remove a regular expression
2237      * 
2238      * @param request
2239      *            {@link HttpServletRequest}
2240      * @return the jsp return
2241      * @throws AccessDeniedException
2242      *             access denied if the AdminUser does not have the permission
2243      */
2244     public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2245     {
2246         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2247         {
2248             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2249         }
2250         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2251                 getUser( ) ) )
2252         {
2253             throw new AccessDeniedException(
2254                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2255         }
2256 
2257         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2258 
2259         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2260         {
2261             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2262             AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2263         }
2264 
2265         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2266     }
2267 
2268     /**
2269      * Get the admin message to confirm the enabling or the disabling of the advanced security parameters
2270      * 
2271      * @param request
2272      *            The request
2273      * @return The url of the admin message
2274      */
2275     public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2276     {
2277         Map<String, Object> parameters = new HashMap<>( 1 );
2278         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2279 
2280         if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2281         {
2282             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2283                     AdminMessage.TYPE_CONFIRMATION, parameters );
2284         }
2285 
2286         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2287                 parameters );
2288     }
2289 
2290     /**
2291      * Enable advanced security parameters
2292      * 
2293      * @param request
2294      *            The request
2295      * @return The Jsp URL of the process result
2296      * @throws AccessDeniedException
2297      *             if the security token is invalid
2298      */
2299     public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2300     {
2301         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2302         {
2303             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2304         }
2305         AdminUserService.useAdvancedSecurityParameters( );
2306 
2307         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2308                 CONSTANT_BO );
2309 
2310         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2311     }
2312 
2313     /**
2314      * Disable advanced security parameters
2315      * 
2316      * @param request
2317      *            The request
2318      * @return The Jsp URL of the process result
2319      * @throws AccessDeniedException
2320      *             if the security token is invalid
2321      */
2322     public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2323     {
2324         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2325         {
2326             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2327         }
2328         AdminUserService.removeAdvancedSecurityParameters( );
2329 
2330         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2331                 CONSTANT_BO );
2332 
2333         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2334     }
2335 
2336     /**
2337      * Get the page with the list of every anonymizable attribute
2338      * 
2339      * @param request
2340      *            The request
2341      * @return The admin page
2342      */
2343     public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2344     {
2345         Map<String, Object> model = new HashMap<>( );
2346 
2347         List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2348         List<IAttribute> listAttributesText = new ArrayList<>( );
2349 
2350         for ( IAttribute attribut : listAllAttributes )
2351         {
2352             if ( attribut.isAnonymizable( ) )
2353             {
2354                 listAttributesText.add( attribut );
2355             }
2356         }
2357 
2358         model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2359 
2360         model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2361         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2362 
2363         setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2364 
2365         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2366 
2367         return getAdminPage( template.getHtml( ) );
2368     }
2369 
2370     /**
2371      * Change the anonymization status of user parameters.
2372      * 
2373      * @param request
2374      *            The request
2375      * @return the Jsp URL of the process result
2376      * @throws AccessDeniedException
2377      *             If the security token is invalid
2378      */
2379     public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2380     {
2381         if ( request.getParameter( PARAMETER_CANCEL ) != null )
2382         {
2383             return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2384         }
2385         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2386         {
2387             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2388         }
2389 
2390         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2391         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2392         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2393         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2394 
2395         AttributeService attributeService = AttributeService.getInstance( );
2396 
2397         List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2398         List<IAttribute> listAttributesText = new ArrayList<>( );
2399 
2400         for ( IAttribute attribut : listAllAttributes )
2401         {
2402             if ( attribut.isAnonymizable( ) )
2403             {
2404                 listAttributesText.add( attribut );
2405             }
2406         }
2407 
2408         for ( IAttribute attribute : listAttributesText )
2409         {
2410             Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2411             attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2412         }
2413 
2414         return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2415     }
2416 
2417     /**
2418      * Get the confirmation page before anonymizing a user.
2419      * 
2420      * @param request
2421      *            The request
2422      * @return The URL of the confirmation page
2423      */
2424     public String getAnonymizeAdminUser( HttpServletRequest request )
2425     {
2426         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2427 
2428         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2429         {
2430             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2431         }
2432 
2433         int nUserId = Integer.parseInt( strAdminUserId );
2434         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2435 
2436         if ( user == null )
2437         {
2438             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2439         }
2440 
2441         String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2442         Map<String, Object> parameters = new HashMap<>( );
2443         parameters.put( PARAMETER_USER_ID, strAdminUserId );
2444         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2445 
2446         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2447                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2448         }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters );
2449     }
2450 
2451     /**
2452      * Anonymize a user
2453      * 
2454      * @param request
2455      *            The request
2456      * @return The Jsp URL of the process result
2457      * @throws AccessDeniedException
2458      *             in case of invalid security token
2459      */
2460     public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2461     {
2462         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2463 
2464         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2465         {
2466             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, AdminMessage.TYPE_STOP );
2467         }
2468 
2469         int nUserId = Integer.parseInt( strAdminUserId );
2470         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2471 
2472         if ( user == null )
2473         {
2474             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, AdminMessage.TYPE_ERROR );
2475         }
2476         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2477         {
2478             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2479         }
2480 
2481         AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2482 
2483         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2484                 CONSTANT_BO );
2485 
2486         return JSP_MANAGE_USER;
2487     }
2488 
2489     /**
2490      * Update a user account life time
2491      * 
2492      * @param request
2493      *            The request
2494      * @return The Jsp URL of the process result
2495      */
2496     public String reactivateAccount( HttpServletRequest request )
2497     {
2498         AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2499         String strUrl;
2500         int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2501         Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2502 
2503         if ( user.getAccountMaxValidDate( ) != null )
2504         {
2505             // If the account is close to expire but has not expired yet
2506             if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2507             {
2508                 AdminUserService.updateUserExpirationDate( user );
2509             }
2510 
2511             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2512                     AdminMessage.TYPE_INFO );
2513         }
2514         else
2515         {
2516             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2517                     AdminMessage.TYPE_ERROR );
2518         }
2519 
2520         return strUrl;
2521     }
2522 
2523     /**
2524      * Get the modify account life time emails page
2525      * 
2526      * @param request
2527      *            The request
2528      * @return The html to display
2529      */
2530     public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2531     {
2532         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2533 
2534         Map<String, Object> model = new HashMap<>( );
2535         String strSenderKey = StringUtils.EMPTY;
2536         String strSubjectKey = StringUtils.EMPTY;
2537         String strBodyKey = StringUtils.EMPTY;
2538         String strTitle = StringUtils.EMPTY;
2539 
2540         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2541         {
2542             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2543             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2544             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2545             strTitle = PROPERTY_FIRST_EMAIL;
2546         }
2547         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2548         {
2549             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2550             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2551             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2552             strTitle = PROPERTY_OTHER_EMAIL;
2553         }
2554         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2555         {
2556             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2557             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2558             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2559             strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2560         }
2561         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2562         {
2563             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2564             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2565             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2566             strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2567         }
2568         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2569         {
2570             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2571             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2572             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2573             strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2574         }
2575 
2576         String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2577         String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2578 
2579         defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2580 
2581         String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2582 
2583         // ITEM NAVIGATION
2584         setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2585 
2586         model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2587         model.put( MARK_EMAIL_SENDER, strSender );
2588         model.put( MARK_EMAIL_SUBJECT, strSubject );
2589         model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2590         model.put( MARK_EMAIL_LABEL, strTitle );
2591         model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2592         model.put( MARK_LOCALE, getLocale( ) );
2593         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2594         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2595 
2596         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2597 
2598         return getAdminPage( template.getHtml( ) );
2599     }
2600 
2601     /**
2602      * Update an account life time email
2603      * 
2604      * @param request
2605      *            The request
2606      * @return The Jsp URL of the process result
2607      * @throws AccessDeniedException
2608      *             if the security token is invalid
2609      */
2610     public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2611     {
2612         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2613         {
2614             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2615         }
2616         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2617 
2618         String strSenderKey = StringUtils.EMPTY;
2619         String strSubjectKey = StringUtils.EMPTY;
2620         String strBodyKey = StringUtils.EMPTY;
2621 
2622         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2623         {
2624             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2625             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2626             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2627         }
2628         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2629         {
2630             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2631             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2632             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2633         }
2634         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2635         {
2636             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2637             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2638             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2639         }
2640         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2641         {
2642             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2643             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2644             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2645         }
2646         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2647         {
2648             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2649             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2650             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2651         }
2652 
2653         AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2654         AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2655         DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2656 
2657         return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2658     }
2659 
2660     /**
2661      * Get the item navigator
2662      * 
2663      * @param nIdAdminUser
2664      *            the admin user id
2665      * @param strUrl
2666      *            the url
2667      */
2668     private void setItemNavigator( int nIdAdminUser, String strUrl )
2669     {
2670         if ( _itemNavigator == null )
2671         {
2672             List<String> listIdsRight = new ArrayList<>( );
2673             int nCurrentItemId = 0;
2674             int nIndex = 0;
2675 
2676             AdminUser currentUser = getUser( );
2677 
2678             for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2679             {
2680                 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2681                 {
2682                     listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2683 
2684                     if ( adminUser.getUserId( ) == nIdAdminUser )
2685                     {
2686                         nCurrentItemId = nIndex;
2687                     }
2688 
2689                     nIndex++;
2690                 }
2691             }
2692 
2693             _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2694         }
2695         else
2696         {
2697             _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2698             _itemNavigator.setBaseUrl( strUrl );
2699         }
2700     }
2701 
2702     /**
2703      * Reinit the item navigator
2704      */
2705     private void reinitItemNavigator( )
2706     {
2707         _itemNavigator = null;
2708     }
2709 
2710     /**
2711      * Check if a user is authorized to modify another user
2712      * 
2713      * @param currentUser
2714      *            The current user
2715      * @param userToModify
2716      *            The user to modify
2717      * @return True if the current user can modify the other user, false otherwise
2718      */
2719     private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2720     {
2721         if ( currentUser == null || userToModify == null )
2722         {
2723             return false;
2724         }
2725         return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2726                 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2727     }
2728 
2729     /**
2730      * Check if a user is authorized to modify another user's right level
2731      * 
2732      * @param currentUser
2733      *            The user doing the modification
2734      * @param userToModify
2735      *            The user whose right level is being modified
2736      * @return true if the user's right level can be modified, false otherwise
2737      */
2738     private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2739     {
2740         if ( currentUser == null || userToModify == null )
2741         {
2742             return false;
2743         }
2744         return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2745     }
2746 
2747     /**
2748      * Check if a user's right level has been modified
2749      * 
2750      * @param user
2751      *            The user whose right level is being modified
2752      * @param strSelectedUserLevel
2753      *            The new right level selected
2754      * @return true if the level has been modified, false otherwise
2755      */
2756     private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2757     {
2758         if ( strSelectedUserLevel != null )
2759         {
2760             int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2761             return nSelectedUserLevel != user.getUserLevel( );
2762         }
2763         return false;
2764     }
2765 }