View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.user.attribute;
35  
36  import java.util.HashMap;
37  import java.util.Iterator;
38  import java.util.List;
39  import java.util.Map;
40  
41  import javax.servlet.http.HttpServletRequest;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import fr.paris.lutece.portal.business.user.attribute.IAttribute;
46  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
47  import fr.paris.lutece.portal.service.message.AdminMessage;
48  import fr.paris.lutece.portal.service.message.AdminMessageService;
49  import fr.paris.lutece.portal.service.security.SecurityTokenService;
50  import fr.paris.lutece.portal.service.template.AppTemplateService;
51  import fr.paris.lutece.portal.service.user.attribute.AttributeService;
52  import fr.paris.lutece.portal.service.util.AppLogService;
53  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
54  import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
55  import fr.paris.lutece.util.html.HtmlTemplate;
56  
57  /**
58   *
59   * AttributeJspBean
60   *
61   */
62  public class AttributeJspBean extends AdminFeaturesPageJspBean
63  {
64      /**
65       * Generated serial version UID
66       */
67      private static final long serialVersionUID = 183073111112521149L;
68  
69      // CONSTANTS
70      private static final String QUESTION_MARK = "?";
71      private static final String EQUAL = "=";
72  
73      // PARAMETERS
74      private static final String PARAMETER_ATTRIBUTE_TYPE_CLASS_NAME = "attribute_type_class_name";
75      private static final String PARAMETER_CANCEL = "cancel";
76      private static final String PARAMETER_APPLY = "apply";
77      private static final String PARAMETER_ID_ATTRIBUTE = "id_attribute";
78  
79      // MARKS
80      private static final String MARK_ATTRIBUTE_TYPE = "attribute_type";
81      private static final String MARK_ATTRIBUTE = "attribute";
82      private static final String MARK_ATTRIBUTE_FIELDS_LIST = "attribute_fields_list";
83  
84      // PROPERTIES
85      private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ATTRIBUTE = "portal.users.manage_attributes.message.confirmRemoveAttribute";
86  
87      // JSP
88      private static final String JSP_URL_REMOVE_ATTRIBUTE = "jsp/admin/user/attribute/DoRemoveAttribute.jsp";
89      private static final String ANCHOR_ADMIN_DASHBOARDS = "attributes_management";
90      private static final String JSP_MODIFY_ATTRIBUTE = "ModifyAttribute.jsp";
91      private static final AttributeService _attributeService = AttributeService.getInstance( );
92  
93      /**
94       * Get user attribute creation interface
95       * 
96       * @param request
97       *            HttpServletRequest
98       * @return the Html form
99       */
100     public String getCreateAttribute( HttpServletRequest request )
101     {
102         String strAttributeTypeClassName = request.getParameter( PARAMETER_ATTRIBUTE_TYPE_CLASS_NAME );
103 
104         IAttribute attribute = null;
105 
106         try
107         {
108             attribute = (IAttribute) Class.forName( strAttributeTypeClassName ).newInstance( );
109         }
110         catch( IllegalAccessException | InstantiationException | ClassNotFoundException e )
111         {
112             AppLogService.error( e.getMessage( ), e );
113         }
114 
115         if ( attribute == null )
116         {
117             return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
118         }
119 
120         setPageTitleProperty( attribute.getPropertyCreatePageTitle( ) );
121 
122         attribute.setAttributeType( getLocale( ) );
123 
124         HtmlTemplate template;
125         Map<String, Object> model = new HashMap<>( );
126         model.put( MARK_ATTRIBUTE_TYPE, attribute.getAttributeType( ) );
127         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateCreateAttribute( ) ) );
128 
129         template = AppTemplateService.getTemplate( attribute.getTemplateCreateAttribute( ), getLocale( ), model );
130 
131         return getAdminPage( template.getHtml( ) );
132     }
133 
134     /**
135      * Create an user attribute
136      * 
137      * @param request
138      *            HttpServletRequest
139      * @return The Jsp URL of the process result
140      * @throws AccessDeniedException
141      *             if the security token is invalid
142      */
143     public String doCreateAttribute( HttpServletRequest request ) throws AccessDeniedException
144     {
145         String strAttributeTypeClassName = request.getParameter( PARAMETER_ATTRIBUTE_TYPE_CLASS_NAME );
146         String strActionCancel = request.getParameter( PARAMETER_CANCEL );
147         String strActionApply = request.getParameter( PARAMETER_APPLY );
148 
149         if ( StringUtils.isEmpty( strActionCancel ) )
150         {
151             IAttribute attribute = null;
152 
153             try
154             {
155                 attribute = (IAttribute) Class.forName( strAttributeTypeClassName ).newInstance( );
156             }
157             catch( IllegalAccessException | InstantiationException | ClassNotFoundException e )
158             {
159                 AppLogService.error( e.getMessage( ), e );
160             }
161 
162             if ( attribute == null )
163             {
164                 getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
165             }
166             else
167             {
168                 String strError = attribute.setAttributeData( request );
169 
170                 if ( StringUtils.isNotBlank( strError ) )
171                 {
172                     return strError;
173                 }
174                 if ( !SecurityTokenService.getInstance( ).validate( request, attribute.getTemplateCreateAttribute( ) ) )
175                 {
176                     throw new AccessDeniedException( ERROR_INVALID_TOKEN );
177                 }
178                 _attributeService.createAttribute( attribute );
179 
180                 if ( strActionApply != null )
181                 {
182                     return JSP_MODIFY_ATTRIBUTE + QUESTION_MARK + PARAMETER_ID_ATTRIBUTE + EQUAL + attribute.getIdAttribute( );
183                 }
184             }
185         }
186 
187         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
188     }
189 
190     /**
191      * Get the user attribute modification interface
192      * 
193      * @param request
194      *            HttpServletRequest
195      * @return the html form
196      */
197     public String getModifyAttribute( HttpServletRequest request )
198     {
199         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
200 
201         if ( StringUtils.isNotBlank( strIdAttribute ) && StringUtils.isNumeric( strIdAttribute ) )
202         {
203             // Check if the ID attribute is correct
204             int nIdAttribute = Integer.parseInt( strIdAttribute );
205 
206             IAttribute attribute = _attributeService.getAttributeWithFields( nIdAttribute, getLocale( ) );
207 
208             setPageTitleProperty( attribute.getPropertyModifyPageTitle( ) );
209 
210             HtmlTemplate template;
211             Map<String, Object> model = new HashMap<>( );
212             model.put( MARK_ATTRIBUTE, attribute );
213             model.put( MARK_ATTRIBUTE_FIELDS_LIST, attribute.getListAttributeFields( ) );
214             model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, attribute.getTemplateModifyAttribute( ) ) );
215 
216             template = AppTemplateService.getTemplate( attribute.getTemplateModifyAttribute( ), getLocale( ), model );
217 
218             return getAdminPage( template.getHtml( ) );
219         }
220 
221         // Otherwise, we redirect the user to the attribute management interface
222         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
223     }
224 
225     /**
226      * Modify the attribute
227      * 
228      * @param request
229      *            HttpServletRequest
230      * @return The Jsp URL of the process result
231      * @throws AccessDeniedException
232      *             if the security token is invalid
233      */
234     public String doModifyAttribute( HttpServletRequest request ) throws AccessDeniedException
235     {
236         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
237         int nIdAttribute = Integer.parseInt( strIdAttribute );
238         String strActionCancel = request.getParameter( PARAMETER_CANCEL );
239         String strActionApply = request.getParameter( PARAMETER_APPLY );
240 
241         if ( StringUtils.isEmpty( strActionCancel ) )
242         {
243             IAttribute attribute = _attributeService.getAttributeWithFields( nIdAttribute, getLocale( ) );
244 
245             if ( attribute != null )
246             {
247                 String strError = attribute.setAttributeData( request );
248 
249                 if ( strError != null )
250                 {
251                     return strError;
252                 }
253                 if ( !SecurityTokenService.getInstance( ).validate( request, attribute.getTemplateModifyAttribute( ) ) )
254                 {
255                     throw new AccessDeniedException( ERROR_INVALID_TOKEN );
256                 }
257 
258                 _attributeService.updateAttribute( attribute );
259 
260                 if ( strActionApply != null )
261                 {
262                     return JSP_MODIFY_ATTRIBUTE + QUESTION_MARK + PARAMETER_ID_ATTRIBUTE + EQUAL + attribute.getIdAttribute( );
263                 }
264             }
265         }
266 
267         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
268     }
269 
270     /**
271      * Get the confirmation to remove an user attribute
272      * 
273      * @param request
274      *            HttpServletRequest
275      * @return The Jsp URL of the confirmation window
276      */
277     public String doConfirmRemoveAttribute( HttpServletRequest request )
278     {
279         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
280 
281         Map<String, String> parameters = new HashMap<>( );
282         parameters.put( PARAMETER_ID_ATTRIBUTE, strIdAttribute );
283         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_ATTRIBUTE ) );
284 
285         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ATTRIBUTE, JSP_URL_REMOVE_ATTRIBUTE, AdminMessage.TYPE_CONFIRMATION,
286                 parameters );
287     }
288 
289     /**
290      * Remove an user attribute
291      * 
292      * @param request
293      *            HttpServletRequest
294      * @return The Jsp URL of the process result
295      * @throws AccessDeniedException
296      *             if the security token is invalid
297      */
298     public String doRemoveAttribute( HttpServletRequest request ) throws AccessDeniedException
299     {
300         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
301 
302         if ( StringUtils.isNotBlank( strIdAttribute ) && StringUtils.isNumeric( strIdAttribute ) )
303         {
304             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_ATTRIBUTE ) )
305             {
306                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
307             }
308             int nIdAttribute = Integer.parseInt( strIdAttribute );
309             _attributeService.removeAttribute( nIdAttribute );
310         }
311 
312         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
313     }
314 
315     /**
316      * Move up the position of the attribute field
317      * 
318      * @param request
319      *            HttpServletRequest
320      * @return The Jsp URL of the process result
321      * @throws AccessDeniedException
322      *             if the security token is invalid
323      */
324     public String doMoveUpAttribute( HttpServletRequest request ) throws AccessDeniedException
325     {
326         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
327 
328         if ( StringUtils.isNotBlank( strIdAttribute ) && StringUtils.isNumeric( strIdAttribute ) )
329         {
330             if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
331             {
332                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
333             }
334             int nIdAttribute = Integer.parseInt( strIdAttribute );
335 
336             List<IAttribute> listAttributes = _attributeService.getAllAttributesWithoutFields( getLocale( ) );
337             IAttribute previousAttribute;
338             IAttribute currentAttribute;
339 
340             Iterator<IAttribute> it = listAttributes.iterator( );
341             previousAttribute = it.next( );
342             currentAttribute = it.next( );
343 
344             while ( it.hasNext( ) && ( currentAttribute.getIdAttribute( ) != nIdAttribute ) )
345             {
346                 previousAttribute = currentAttribute;
347                 currentAttribute = it.next( );
348             }
349 
350             int previousAttributePosition = previousAttribute.getPosition( );
351             int currentAttributePosition = currentAttribute.getPosition( );
352             previousAttribute.setPosition( currentAttributePosition );
353             currentAttribute.setPosition( previousAttributePosition );
354 
355             _attributeService.updateAttribute( previousAttribute );
356             _attributeService.updateAttribute( currentAttribute );
357         }
358 
359         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
360     }
361 
362     /**
363      * Move down the position of the attribute field
364      * 
365      * @param request
366      *            HttpServletRequest
367      * @return The Jsp URL of the process result
368      * @throws AccessDeniedException
369      *             if the security token is invalid
370      */
371     public String doMoveDownAttribute( HttpServletRequest request ) throws AccessDeniedException
372     {
373         String strIdAttribute = request.getParameter( PARAMETER_ID_ATTRIBUTE );
374 
375         if ( StringUtils.isNotBlank( strIdAttribute ) && StringUtils.isNumeric( strIdAttribute ) )
376         {
377             if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
378             {
379                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
380             }
381             int nIdAttribute = Integer.parseInt( strIdAttribute );
382 
383             List<IAttribute> listAttributes = _attributeService.getAllAttributesWithoutFields( getLocale( ) );
384             IAttribute nextAttribute = null;
385             IAttribute currentAttribute = null;
386 
387             Iterator<IAttribute> it = listAttributes.iterator( );
388             currentAttribute = it.next( );
389             nextAttribute = it.next( );
390 
391             while ( it.hasNext( ) && ( currentAttribute.getIdAttribute( ) != nIdAttribute ) )
392             {
393                 currentAttribute = nextAttribute;
394                 nextAttribute = it.next( );
395             }
396 
397             int nextAttributePosition = nextAttribute.getPosition( );
398             int currentAttributePosition = currentAttribute.getPosition( );
399             nextAttribute.setPosition( currentAttributePosition );
400             currentAttribute.setPosition( nextAttributePosition );
401 
402             _attributeService.updateAttribute( nextAttribute );
403             _attributeService.updateAttribute( currentAttribute );
404         }
405 
406         return getAdminDashboardsUrl( request, ANCHOR_ADMIN_DASHBOARDS );
407     }
408 }