1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import fr.paris.lutece.portal.service.security.AccessLogService;
37 import java.io.IOException;
38 import java.io.PrintWriter;
39 import java.sql.Timestamp;
40 import java.util.ArrayList;
41 import java.util.Collection;
42 import java.util.Collections;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 import javax.servlet.http.HttpServletRequest;
49 import javax.servlet.http.HttpServletResponse;
50
51 import org.apache.commons.fileupload.FileItem;
52 import org.apache.commons.lang3.StringUtils;
53
54 import fr.paris.lutece.portal.business.rbac.RBACRole;
55 import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56 import fr.paris.lutece.portal.business.rbac.RBAC;
57 import fr.paris.lutece.portal.business.right.Level;
58 import fr.paris.lutece.portal.business.right.LevelHome;
59 import fr.paris.lutece.portal.business.right.Right;
60 import fr.paris.lutece.portal.business.right.RightHome;
61 import fr.paris.lutece.portal.business.user.AdminUser;
62 import fr.paris.lutece.portal.business.user.AdminUserHome;
63 import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64 import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65 import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69 import fr.paris.lutece.portal.business.xsl.XslExport;
70 import fr.paris.lutece.portal.business.xsl.XslExportHome;
71 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73 import fr.paris.lutece.portal.service.admin.AdminUserService;
74 import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75 import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76 import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77 import fr.paris.lutece.portal.service.i18n.I18nService;
78 import fr.paris.lutece.portal.service.message.AdminMessage;
79 import fr.paris.lutece.portal.service.message.AdminMessageService;
80 import fr.paris.lutece.portal.service.plugin.PluginService;
81 import fr.paris.lutece.portal.service.rbac.RBACService;
82 import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83 import fr.paris.lutece.portal.service.security.SecurityTokenService;
84 import fr.paris.lutece.portal.service.security.UserNotSignedException;
85 import fr.paris.lutece.portal.service.spring.SpringContextService;
86 import fr.paris.lutece.portal.service.template.AppTemplateService;
87 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88 import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89 import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90 import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91 import fr.paris.lutece.portal.service.util.AppException;
92 import fr.paris.lutece.portal.service.util.AppLogService;
93 import fr.paris.lutece.portal.service.util.AppPathService;
94 import fr.paris.lutece.portal.service.util.AppPropertiesService;
95 import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96 import fr.paris.lutece.portal.service.xsl.XslExportService;
97 import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98 import fr.paris.lutece.portal.web.constants.Messages;
99 import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117
118
119
120
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123 private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124 private static final long serialVersionUID = -6323157489236186522L;
125
126
127
128 private static final String CONSTANTE_UN = "1";
129 private static final String CONSTANT_USER_MSG = "User ";
130 private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131 private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132 private static final String CONSTANT_BO = "BO";
133
134
135 private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136
137
138 private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139 private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140 private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141 private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142 private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143 private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144 private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145 private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146 private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147 private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148 private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149 private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150 private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151 private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152 private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153 private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154 private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155 private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156
157
158 private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159 private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160 private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161 private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162 private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163 private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164 private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165 private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166 private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167 private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168 private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169 private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171 private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172 private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173 private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174 private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175 private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176 private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177 private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179 private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180 private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181 private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182 private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183 private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184 private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185 private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186 private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187 private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188 private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189 private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190 private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191 private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192 private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193 private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194 private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195 private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196 private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197 private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198 private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199
200
201 private static final String PARAMETER_ACCESS_CODE = "access_code";
202 private static final String PARAMETER_LAST_NAME = "last_name";
203 private static final String PARAMETER_FIRST_NAME = "first_name";
204 private static final String PARAMETER_EMAIL = "email";
205 private static final String PARAMETER_NOTIFY_USER = "notify_user";
206 private static final String PARAMETER_STATUS = "status";
207 private static final String PARAMETER_USER_ID = "id_user";
208 private static final String PARAMETER_ROLE = "roles";
209 private static final String PARAMETER_RIGHT = "right";
210 private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211 private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212 private static final String PARAMETER_LANGUAGE = "language";
213 private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214 private static final String PARAMETER_USER_LEVEL = "user_level";
215 private static final String PARAMETER_WORKGROUP = "workgroup";
216 private static final String PARAMETER_SELECT = "select";
217 private static final String PARAMETER_SELECT_ALL = "all";
218 private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219 private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220 private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221 private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222 private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223 private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224 private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225 private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226 private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227 private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228 private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229 private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230 private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231 private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232 private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233 private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234 private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235 private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236 private static final String PARAMETER_ATTRIBUTE = "attribute_";
237 private static final String PARAMETER_EMAIL_TYPE = "email_type";
238 private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239 private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242 private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243 private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244 private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245 private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246 private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247 private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248 private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249 private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250 private static final String PARAMETER_CANCEL = "cancel";
251 private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253 private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254 private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255 private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256 private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257 private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258 private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259 private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260 private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261 private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262 private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263 private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264 private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265 private static final String PARAMETER_RESET = "reset";
266
267
268 private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269 private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270 private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271 private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272 private static final String JSP_URL_MANAGE_USERS = "jsp/admin/user/ManageUsers.jsp";
273 private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
274 private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
275 private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
276 private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
277 private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
278 private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
279 private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
280 private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
281 private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
282 private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
283 private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
284
285
286 private static final String MARK_USER_LIST = "user_list";
287 private static final String MARK_IMPORT_USER_LIST = "import_user_list";
288 private static final String MARK_ACCESS_CODE = "access_code";
289 private static final String MARK_LAST_NAME = "last_name";
290 private static final String MARK_FIRST_NAME = "first_name";
291 private static final String MARK_EMAIL = "email";
292 private static final String MARK_IMPORT_USER = "import_user";
293 private static final String MARK_USER = "user";
294 private static final String MARK_LEVEL = "level";
295 private static final String MARK_USER_RIGHT_LIST = "user_right_list";
296 private static final String MARK_ALL_ROLE_LIST = "all_role_list";
297 private static final String MARK_USER_ROLE_LIST = "user_role_list";
298 private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
299 private static final String MARK_PAGINATOR = "paginator";
300 private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
301 private static final String MARK_LANGUAGES_LIST = "languages_list";
302 private static final String MARK_CURRENT_LANGUAGE = "current_language";
303 private static final String MARK_USER_CREATION_URL = "url_user_creation";
304 private static final String MARK_CAN_DELEGATE = "can_delegate";
305 private static final String MARK_CAN_MODIFY = "can_modify";
306 private static final String MARK_USER_LEVELS_LIST = "user_levels";
307 private static final String MARK_CURRENT_USER = "current_user";
308 private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
309 private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
310 private static final String MARK_SELECT_ALL = "select_all";
311 private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
312 private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
313 private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
314 private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
315 private static final String MARK_LOCALE = "locale";
316 private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
317 private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
318 private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
319 private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
320 private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
321 private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
322 private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
323 private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
324 private static final String MARK_EMAIL_SENDER = "email_sender";
325 private static final String MARK_EMAIL_SUBJECT = "email_subject";
326 private static final String MARK_EMAIL_BODY = "email_body";
327 private static final String MARK_EMAIL_LABEL = "emailLabel";
328 private static final String MARK_WEBAPP_URL = "webapp_url";
329 private static final String MARK_LIST_MESSAGES = "csv_messages";
330 private static final String MARK_CSV_SEPARATOR = "csv_separator";
331 private static final String MARK_CSV_ESCAPE = "csv_escape";
332 private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
333 private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
334 private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
335 private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
336 private static final String MARK_ADMIN_AVATAR = "adminAvatar";
337 private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
338 private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
339 private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
340
341 private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
342 private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
343 private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
344 private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
345 private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
346 private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
347 private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
348 private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
349 private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
350 private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
351 private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
352 private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
353 private static final String CONSTANT_POINT = ".";
354 private static final String CONSTANT_QUOTE = "\"";
355 private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
356 private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
357 private static final String CONSTANT_XML_USERS = "users";
358 private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
359 private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
360 private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
361 private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
362 private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
363 private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
364 private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
365 private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
366 private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
367 private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
368 private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
369 private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
370 private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
371
372 private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
373
374 private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
375 private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
376 private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
377 private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
378 private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
379
380 private transient ImportAdminUserService _importAdminUserService;
381 private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
382
383 private int _nItemsPerPage;
384 private String _strCurrentPageIndex;
385 private ItemNavigator _itemNavigator;
386
387
388
389
390
391
392
393
394 public String getManageAdminUsers( HttpServletRequest request )
395 {
396 setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
397
398
399 reinitItemNavigator( );
400
401 String strCreateUrl;
402 AdminUser currentUser = getUser( );
403
404 Map<String, Object> model = new HashMap<>( );
405
406
407 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
408 {
409 strCreateUrl = JSP_URL_CREATE_USER;
410 }
411 else
412 {
413 strCreateUrl = JSP_URL_IMPORT_USER;
414 }
415
416 String strURL = getHomeUrl( request );
417 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
418
419 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
420 listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
421
422 List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
423 List<AdminUser> listDisplayUsers = new ArrayList<>( );
424
425 for ( AdminUser user : availableUsers )
426 {
427 if ( isUserAuthorizedToModifyUser( currentUser, user ) )
428 {
429 listDisplayUsers.add( user );
430 }
431 }
432
433
434 String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
435 String strAscSort = null;
436
437 if ( strSortedAttributeName != null )
438 {
439 strAscSort = request.getParameter( Parameters.SORTED_ASC );
440
441 boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
442
443 Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
444 }
445
446 _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
447 int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
448 _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
449
450 if ( strSortedAttributeName != null )
451 {
452 url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
453 }
454
455 if ( strAscSort != null )
456 {
457 url.addParameter( Parameters.SORTED_ASC, strAscSort );
458 }
459
460
461 LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
462 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
463
464
465 Collection<Level> filteredLevels = new ArrayList<>( );
466
467 for ( Level level : LevelHome.getLevelsList( ) )
468 {
469 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
470 {
471 filteredLevels.add( level );
472 }
473 }
474
475 boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
476 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
477 boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
478 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
479
480 model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
481 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
482 model.put( MARK_PAGINATOR, paginator );
483 model.put( MARK_USER_LIST, paginator.getPageItems( ) );
484 model.put( MARK_USER_CREATION_URL, strCreateUrl );
485 model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
486 model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
487 model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
488 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
489
490 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
491
492 return getAdminPage( template.getHtml( ) );
493 }
494
495
496
497
498
499
500
501
502
503 public String getFindImportAdminUser( HttpServletRequest request )
504 {
505 setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
506
507 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
508 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
509 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
510 String strEmail = request.getParameter( PARAMETER_EMAIL );
511
512 Map<String, Object> model = new HashMap<>( );
513 Collection<?> allImportUsers = null;
514
515 if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
516 {
517 allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
518 }
519
520 model.put( MARK_IMPORT_USER_LIST, allImportUsers );
521 model.put( MARK_ACCESS_CODE, strAccessCode );
522 model.put( MARK_LAST_NAME, strLastName );
523 model.put( MARK_FIRST_NAME, strFirstName );
524 model.put( MARK_EMAIL, strEmail );
525
526 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
527
528 return getAdminPage( template.getHtml( ) );
529 }
530
531
532
533
534
535
536
537
538 public String doSelectImportUser( HttpServletRequest request )
539 {
540 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
541
542 if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
543 {
544 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
545 }
546
547
548 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
549 {
550 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
551 }
552
553 return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
554 }
555
556
557
558
559
560
561
562
563 public String getCreateAdminUser( HttpServletRequest request )
564 {
565 setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
566
567 HtmlTemplate template;
568 AdminUser currentUser = getUser( );
569 Collection<Level> filteredLevels = new ArrayList<>( );
570
571 for ( Level level : LevelHome.getLevelsList( ) )
572 {
573 if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
574 {
575 filteredLevels.add( level );
576 }
577 }
578
579
580 String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
581 Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
582 int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
583 String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
584 int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
585
586
587 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
588
589
590 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
591 {
592 Map<String, Object> model = new HashMap<>( );
593
594 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
595 model.put( MARK_CURRENT_USER, currentUser );
596 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
597 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
598 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
599 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
600 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
601 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
602 model.put( MARK_LOCALE, getLocale( ) );
603 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
604 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
605 model.put( MARK_RANDOM_PASSWORD_SIZE,
606 AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
607 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
608 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
609
610 template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
611 }
612 else
613
614
615 {
616
617
618 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
619 AdminUser user = null;
620
621 if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
622 {
623 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
624 }
625
626 Map<String, Object> model = new HashMap<>( );
627
628 if ( user != null )
629 {
630 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
631 model.put( MARK_CURRENT_USER, currentUser );
632 model.put( MARK_IMPORT_USER, user );
633 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
634 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
635 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
636 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
637 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
638 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
639 model.put( MARK_LOCALE, getLocale( ) );
640 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
641 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
642 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
643 }
644
645 template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
646 }
647
648 return getAdminPage( template.getHtml( ) );
649 }
650
651
652
653
654
655
656
657
658
659
660 public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
661 {
662 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
663 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
664 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
665 String strEmail = request.getParameter( PARAMETER_EMAIL );
666 String strStatus = request.getParameter( PARAMETER_STATUS );
667 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
668 String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
669 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
670 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
671
672 String message = checkParameters( request, JSP_URL_CREATE_USER );
673
674 if ( message != null )
675 {
676 return message;
677 }
678
679
680 if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
681 {
682 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
683 }
684
685
686 if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
687 {
688 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
689 }
690
691
692 int nNewUserLevel = Integer.parseInt( strUserLevel );
693
694
695 if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
696 {
697 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
698 }
699
700
701 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
702 {
703 LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
704 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
705 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
706
707 if ( StringUtils.isEmpty( strFirstPassword ) )
708 {
709 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
710 }
711
712 if ( !strFirstPassword.equals( strSecondPassword ) )
713 {
714 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
715 }
716
717 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
718
719 if ( StringUtils.isNotEmpty( strUrl ) )
720 {
721 return strUrl;
722 }
723
724 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
725
726 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
727 user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
728
729 user.setAccessCode( strAccessCode );
730 user.setLastName( strLastName );
731 user.setFirstName( strFirstName );
732 user.setEmail( strEmail );
733 user.setStatus( Integer.parseInt( strStatus ) );
734 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
735
736 user.setUserLevel( nNewUserLevel );
737 user.setPasswordReset( Boolean.TRUE );
738 user.setAccessibilityMode( strAccessibilityMode != null );
739 user.setWorkgroupKey( strWorkgroupKey );
740
741 AdminUserHome.create( user );
742 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
743
744 if ( CONSTANTE_UN.equals( strNotifyUser ) )
745 {
746
747 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
748 TEMPLATE_NOTIFY_USER );
749 }
750
751 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
752 CONSTANT_BO );
753 }
754 else
755 {
756 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
757 user.setAccessCode( strAccessCode );
758 user.setLastName( strLastName );
759 user.setFirstName( strFirstName );
760 user.setEmail( strEmail );
761 user.setStatus( Integer.parseInt( strStatus ) );
762 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
763
764 user.setUserLevel( nNewUserLevel );
765 user.setAccessibilityMode( strAccessibilityMode != null );
766 user.setWorkgroupKey( strWorkgroupKey );
767
768 AdminUserHome.create( user );
769 AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
770
771 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
772 CONSTANT_BO );
773 }
774
775 return JSP_MANAGE_USER;
776 }
777
778 private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
779 {
780 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
781 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
782 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
783 String strEmail = request.getParameter( PARAMETER_EMAIL );
784
785 if ( StringUtils.isEmpty( strAccessCode ) )
786 {
787 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
788 }
789
790 if ( StringUtils.isEmpty( strLastName ) )
791 {
792 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
793 }
794
795 if ( StringUtils.isEmpty( strFirstName ) )
796 {
797 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
798 }
799
800 if ( StringUtils.isBlank( strEmail ) )
801 {
802 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
803 }
804
805 if ( !AdminUserService.checkEmail( strEmail ) )
806 {
807 return AdminUserService.getEmailErrorMessageUrl( request );
808 }
809
810 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
811
812 if ( strError != null )
813 {
814 return strError;
815 }
816
817 if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
818 {
819 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
820 }
821
822 return null;
823 }
824
825
826
827
828
829
830
831
832
833
834 public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
835 {
836 setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
837
838 String strUserId = request.getParameter( PARAMETER_USER_ID );
839
840 int nUserId = Integer.parseInt( strUserId );
841
842 Map<String, Object> model = new HashMap<>( );
843 HtmlTemplate template;
844
845 AdminUser user;
846 String strTemplateUrl;
847
848
849
850 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
851 {
852 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
853 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
854 }
855 else
856 {
857 user = AdminUserHome.findByPrimaryKey( nUserId );
858 strTemplateUrl = TEMPLATE_MODIFY_USER;
859 }
860
861 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
862 {
863 return getManageAdminUsers( request );
864 }
865
866 AdminUser currentUser = AdminUserService.getAdminUser( request );
867
868 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
869 {
870 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
871 }
872
873 Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
874 ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
875
876 if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
877 {
878 for ( Level levelItem : LevelHome.getLevelsList( ) )
879 {
880 filteredLevels.add( levelItem.getReferenceItem( ) );
881 }
882 ;
883 filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
884 }
885
886
887 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
888
889 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
890 Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
891
892 model.put( MARK_USER, user );
893 model.put( MARK_LEVEL, level );
894 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
895 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
896 model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
897 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
898 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
899 model.put( MARK_LOCALE, getLocale( ) );
900 model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
901 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
902 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
903
904 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
905
906 return getAdminPage( template.getHtml( ) );
907 }
908
909
910
911
912
913
914
915
916
917
918 public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
919 {
920 String strUserId = request.getParameter( PARAMETER_USER_ID );
921 String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
922 String strLastName = request.getParameter( PARAMETER_LAST_NAME );
923 String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
924 String strEmail = request.getParameter( PARAMETER_EMAIL );
925 String strStatus = request.getParameter( PARAMETER_STATUS );
926 String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
927 String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
928 String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
929 int nUserId = Integer.parseInt( strUserId );
930
931 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
932 AdminUser currentUser = AdminUserService.getAdminUser( request );
933
934 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
935 {
936 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
937 }
938
939
940
941 if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
942 {
943 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
944 }
945
946 String message = checkParameters( request, JSP_URL_MODIFY_USER );
947
948 if ( message != null )
949 {
950 return message;
951 }
952
953 int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
954
955
956 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
957 {
958 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
959 }
960
961 checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
962
963
964 if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
965 {
966 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
967 }
968
969
970 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
971 {
972 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
973
974 user.setUserId( nUserId );
975 user.setAccessCode( strAccessCode );
976 user.setLastName( strLastName );
977 user.setFirstName( strFirstName );
978 user.setEmail( strEmail );
979 user.setWorkgroupKey( strWorkgroupKey );
980 user.setUserLevel( Integer.parseInt( strUserLevel ) );
981
982 int nStatus = Integer.parseInt( strStatus );
983
984 if ( nStatus != user.getStatus( ) )
985 {
986 user.setStatus( nStatus );
987 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
988 TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
989 }
990
991 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
992 user.setAccessibilityMode( strAccessibilityMode != null );
993
994 AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
995
996 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
997
998 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
999 CONSTANT_BO );
1000 }
1001 else
1002 {
1003 AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1004 user.setUserId( nUserId );
1005 user.setAccessCode( strAccessCode );
1006 user.setLastName( strLastName );
1007 user.setFirstName( strFirstName );
1008 user.setEmail( strEmail );
1009 user.setStatus( Integer.parseInt( strStatus ) );
1010 user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1011 user.setAccessibilityMode( strAccessibilityMode != null );
1012 user.setWorkgroupKey( strWorkgroupKey );
1013 user.setUserLevel( Integer.parseInt( strUserLevel ) );
1014
1015 String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1016
1017 if ( strError != null )
1018 {
1019 return strError;
1020 }
1021
1022 AdminUserHome.update( user );
1023
1024 AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1025
1026 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1027 CONSTANT_BO );
1028 }
1029
1030 return JSP_MANAGE_USER;
1031 }
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042 public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1043 {
1044 setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1045
1046 String strUserId = request.getParameter( PARAMETER_USER_ID );
1047
1048 int nUserId = Integer.parseInt( strUserId );
1049
1050 Map<String, Object> model = new HashMap<>( );
1051 HtmlTemplate template;
1052
1053 AdminUser user = null;
1054 String strTemplateUrl = "";
1055
1056
1057
1058 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1059 {
1060 user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1061 strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1062 }
1063 else
1064 {
1065 throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1066 }
1067
1068 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1069 {
1070 throw new AppException( "User to modify password for not found" );
1071 }
1072
1073 AdminUser currentUser = AdminUserService.getAdminUser( request );
1074
1075 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1076 {
1077 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1078 }
1079
1080
1081 setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1082
1083 model.put( MARK_USER, user );
1084 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1085 model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1086 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1087
1088 template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1089
1090 return getAdminPage( template.getHtml( ) );
1091 }
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102 public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1103 {
1104 if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1105 {
1106 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1107 }
1108 String strUserId = request.getParameter( PARAMETER_USER_ID );
1109
1110 int nUserId = Integer.parseInt( strUserId );
1111
1112 AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1113
1114 if ( userToModify == null )
1115 {
1116 throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1117 }
1118
1119 AdminUser currentUser = AdminUserService.getAdminUser( request );
1120
1121 if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1122 {
1123 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1124 }
1125
1126
1127 if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1128 {
1129 LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1130
1131 String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1132 String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1133
1134 if ( StringUtils.isEmpty( strFirstPassword ) )
1135 {
1136 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1137 I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1138 }, AdminMessage.TYPE_STOP );
1139 }
1140
1141 if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1142 {
1143
1144 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1145 }
1146
1147 String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1148
1149 if ( StringUtils.isNotEmpty( strUrl ) )
1150 {
1151 return strUrl;
1152 }
1153
1154 user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1155 user.setPasswordReset( Boolean.FALSE );
1156 user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1157
1158 AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1159
1160 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1161 user.getAccessCode( ), CONSTANT_BO );
1162 }
1163
1164 return JSP_MANAGE_USER;
1165 }
1166
1167
1168
1169
1170
1171
1172
1173
1174 public String getImportUsersFromFile( HttpServletRequest request )
1175 {
1176 _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1177 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1178 getUser( ) ) )
1179 {
1180 return getManageAdminUsers( request );
1181 }
1182
1183 setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1184
1185 Map<String, Object> model = new HashMap<>( );
1186
1187 model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1188
1189 String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1190 String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1191 String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1192 model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1193 model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1194 model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1195 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1196
1197 String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1198 HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1199
1200 return getAdminPage( template.getHtml( ) );
1201 }
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212 public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1213 {
1214 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1215
1216 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1217 getUser( ) ) )
1218 {
1219 result.setHtmlContent( getManageAdminUsers( request ) );
1220
1221 return result;
1222 }
1223
1224 if ( request instanceof MultipartHttpServletRequest )
1225 {
1226 MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1227 FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1228 String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1229
1230 if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1231 {
1232 Object [ ] tabRequiredFields = {
1233 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1234 };
1235 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1236
1237 return result;
1238 }
1239
1240 if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1241 && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1242 || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1243 {
1244 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1245
1246 return result;
1247 }
1248 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1249 {
1250 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1251 }
1252
1253 String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1254 boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1255 String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1256 boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1257
1258 _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1259
1260 List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1261 AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1262
1263 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1264 CONSTANT_BO );
1265
1266 request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1267
1268 String strHtmlResult = getImportUsersFromFile( request );
1269 result.setHtmlContent( strHtmlResult );
1270 }
1271 else
1272 {
1273 Object [ ] tabRequiredFields = {
1274 I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1275 };
1276 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1277 }
1278
1279 return result;
1280 }
1281
1282
1283
1284
1285
1286
1287
1288
1289 public String getExportUsers( HttpServletRequest request )
1290 {
1291 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1292 getUser( ) ) )
1293 {
1294 return getManageAdminUsers( request );
1295 }
1296
1297 setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1298
1299 Map<String, Object> model = new HashMap<>( );
1300
1301 ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1302
1303 model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1304
1305 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1306
1307 return getAdminPage( template.getHtml( ) );
1308 }
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321 public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1322 {
1323 DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1324
1325 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1326 getUser( ) ) )
1327 {
1328 result.setHtmlContent( getManageAdminUsers( request ) );
1329
1330 return result;
1331 }
1332
1333 String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1334 String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1335 String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1336 String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1337 String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1338 boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1339 boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1340 boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1341 boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1342
1343 if ( StringUtils.isBlank( strXslExportId ) )
1344 {
1345 Object [ ] tabRequiredFields = {
1346 I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1347 };
1348 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1349
1350 return result;
1351 }
1352
1353 int nIdXslExport = Integer.parseInt( strXslExportId );
1354
1355 XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1356
1357 Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1358
1359 List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1360 List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1361
1362 for ( IAttribute attribute : listAttributes )
1363 {
1364 if ( attribute instanceof ISimpleValuesAttributes )
1365 {
1366 listAttributesFiltered.add( attribute );
1367 }
1368 }
1369
1370 StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1371 XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1372
1373 for ( AdminUser user : listUsers )
1374 {
1375 if ( !user.isStatusAnonymized( ) )
1376 {
1377 sbXml.append(
1378 AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1379 }
1380 }
1381
1382 XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1383
1384 String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1385 String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1386
1387 if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1388 {
1389 response.setContentType( CONSTANT_MIME_TYPE_CSV );
1390 }
1391 else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1392 {
1393 response.setContentType( CONSTANT_MIME_TYPE_XML );
1394 }
1395 else
1396 {
1397 response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1398 }
1399
1400 String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1401 response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1402
1403 PrintWriter out = response.getWriter( );
1404 out.write( strExportedUsers );
1405 out.flush( );
1406 out.close( );
1407
1408 return null;
1409 }
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420 public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1421 {
1422 String strUserId = request.getParameter( PARAMETER_USER_ID );
1423 int nUserId = Integer.parseInt( strUserId );
1424 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1425
1426 if ( user == null )
1427 {
1428 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1429 }
1430
1431 AdminUser currentUser = AdminUserService.getAdminUser( request );
1432
1433 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1434 {
1435 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1436 }
1437
1438 String strUrlRemove = JSP_URL_REMOVE_USER;
1439 Map<String, Object> parameters = new HashMap<>( );
1440 parameters.put( PARAMETER_USER_ID, strUserId );
1441 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1442
1443 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1444 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1445 }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
1446 }
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457 public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1458 {
1459 String strUserId = request.getParameter( PARAMETER_USER_ID );
1460 int nUserId = Integer.parseInt( strUserId );
1461 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1462
1463 if ( user == null )
1464 {
1465 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1466 }
1467 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1468 {
1469 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1470 }
1471
1472 AdminUser currentUser = AdminUserService.getAdminUser( request );
1473
1474 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1475 {
1476 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1477 }
1478
1479 String strRemovedUserAccessCode = user.getAccessCode( );
1480
1481
1482 if( currentUser.isAdmin( ) )
1483 {
1484 AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1485 AdminUserHome.removeAllRightsForUser( nUserId );
1486 AdminUserHome.removeAllRolesForUser( nUserId );
1487 AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1488 AdminUserHome.remove( nUserId );
1489
1490 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1491 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1492 }
1493 else
1494 {
1495 if (user.isStatusActive())
1496 {
1497 user.setStatus( AdminUser.NOT_ACTIVE_CODE );
1498 AdminUserHome.update( user );
1499
1500 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser,
1501 strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1502 }
1503 }
1504
1505 return JSP_MANAGE_USER;
1506 }
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517 public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1518 {
1519 setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1520
1521 String strUserId = request.getParameter( PARAMETER_USER_ID );
1522 int nUserId = Integer.parseInt( strUserId );
1523
1524 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1525
1526 AdminUser currentUser = AdminUserService.getAdminUser( request );
1527
1528 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1529 {
1530 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1531 }
1532
1533 Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1534
1535
1536 setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1537
1538 HashMap<String, Object> model = new HashMap<>( );
1539 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1540 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1541 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1542 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1543 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1544
1545 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1546
1547 return getAdminPage( template.getHtml( ) );
1548 }
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559 public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1560 {
1561 setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1562
1563 String strUserId = request.getParameter( PARAMETER_USER_ID );
1564 int nUserId = Integer.parseInt( strUserId );
1565
1566 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1567 AdminUser currentUser = AdminUserService.getAdminUser( request );
1568
1569 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1570 {
1571 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1572 }
1573
1574 ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1575
1576
1577 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1578
1579 Map<String, Object> model = new HashMap<>( );
1580 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1581 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1582 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1583 model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1584 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1585
1586 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1587
1588 return getAdminPage( template.getHtml( ) );
1589 }
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600 public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1601 {
1602 boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1603
1604 setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1605
1606 String strUserId = request.getParameter( PARAMETER_USER_ID );
1607 int nUserId = Integer.parseInt( strUserId );
1608
1609 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1610 AdminUser currentUser = getUser( );
1611
1612 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1613 {
1614 return getManageAdminUsers( request );
1615 }
1616
1617 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1618 {
1619 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1620 }
1621
1622 ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1623 ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1624
1625 ArrayList<String> checkedValues = new ArrayList<>( );
1626
1627 for ( ReferenceItem item : userWorkspaces )
1628 {
1629 checkedValues.add( item.getCode( ) );
1630 }
1631
1632 assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1633
1634
1635 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1636
1637 Map<String, Object> model = new HashMap<>( );
1638 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1639 model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1640 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1641 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1642 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1643 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1644
1645 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1646
1647 return getAdminPage( template.getHtml( ) );
1648 }
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659 public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1660 {
1661 boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1662
1663 String strSelectAll = request.getParameter( PARAMETER_SELECT );
1664 boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1665
1666 setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1667
1668 String strUserId = request.getParameter( PARAMETER_USER_ID );
1669 int nUserId = Integer.parseInt( strUserId );
1670
1671 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1672 AdminUser currentUser = getUser( );
1673
1674 if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1675 {
1676 return getManageAdminUsers( request );
1677 }
1678
1679 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1680 {
1681 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1682 }
1683
1684 Collection<Right> rightList;
1685 Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1686
1687 if ( bDelegateRights )
1688 {
1689 Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1690 rightList = new ArrayList<>( );
1691
1692 for ( Right right : rights.values( ) )
1693 {
1694
1695
1696 if ( right.getLevel( ) >= user.getUserLevel( ) )
1697 {
1698 rightList.add( right );
1699 }
1700 }
1701 }
1702 else
1703 {
1704 rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1705 }
1706
1707
1708 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1709
1710 Map<String, Object> model = new HashMap<>( );
1711 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1712 model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1713 model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1714 model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1715 model.put( MARK_SELECT_ALL, bSelectAll );
1716 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1717 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1718 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1719
1720 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1721
1722 return getAdminPage( template.getHtml( ) );
1723 }
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734 public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1735 {
1736 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1737 {
1738 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1739 }
1740 String strUserId = request.getParameter( PARAMETER_USER_ID );
1741 int nUserId = Integer.parseInt( strUserId );
1742
1743 String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1744
1745 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1746 AdminUser currentUser = AdminUserService.getAdminUser( request );
1747
1748 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1749 {
1750 throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1751 }
1752
1753 AdminUserHome.removeAllOwnRightsForUser( user );
1754
1755 if ( arrayRights != null )
1756 {
1757 for ( String strRight : arrayRights )
1758 {
1759 AdminUserHome.createRightForUser( nUserId, strRight );
1760 }
1761 }
1762
1763 HashMap<String, String [ ]> mapData = new HashMap<>( );
1764 mapData.put( user.getAccessCode( ), arrayRights );
1765 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1766
1767 if ( user.getUserId( ) == currentUser.getUserId( ) )
1768 {
1769 try
1770 {
1771 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1772 }
1773 catch( AccessDeniedException | UserNotSignedException e )
1774 {
1775 AppLogService.error( e.getMessage( ), e );
1776 }
1777 }
1778
1779 return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1780 }
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791 public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1792 {
1793 setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1794
1795 String strUserId = request.getParameter( PARAMETER_USER_ID );
1796 int nUserId = Integer.parseInt( strUserId );
1797 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1798 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1799
1800 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1801 {
1802 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1803 }
1804
1805 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1806
1807
1808 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1809
1810 Map<String, Object> model = new HashMap<>( );
1811 model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1812 model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1813 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1814 model.put( MARK_USER_ROLE_LIST, roleList );
1815 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1816
1817 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1818
1819 return getAdminPage( template.getHtml( ) );
1820 }
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831 public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1832 {
1833 boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1834 setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1835
1836 String strUserId = request.getParameter( PARAMETER_USER_ID );
1837 int nUserId = Integer.parseInt( strUserId );
1838
1839 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1840 AdminUser userCurrent = AdminUserService.getAdminUser( request );
1841
1842 if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1843 {
1844 return getManageAdminUsers( request );
1845 }
1846
1847 if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1848 {
1849 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1850 }
1851
1852 Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1853 Collection<RBACRole> assignableRoleList;
1854
1855 if ( bDelegateRoles )
1856 {
1857
1858 assignableRoleList = new ArrayList<>( );
1859
1860 AdminUser currentUser = getUser( );
1861
1862 for ( RBACRole role : RBACRoleHome.findAll( ) )
1863 {
1864 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1865 {
1866 assignableRoleList.add( role );
1867 }
1868 }
1869 }
1870 else
1871 {
1872
1873 assignableRoleList = RBACRoleHome.findAll( );
1874 }
1875
1876
1877 setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1878
1879 Map<String, Object> model = new HashMap<>( );
1880 model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1881 model.put( MARK_USER_ROLE_LIST, roleList );
1882 model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1883 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1884 model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1885 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1886
1887 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1888
1889 return getAdminPage( template.getHtml( ) );
1890 }
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901 public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1902 {
1903 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1904 {
1905 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1906 }
1907 String strUserId = request.getParameter( PARAMETER_USER_ID );
1908 int nUserId = Integer.parseInt( strUserId );
1909 AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1910 AdminUser currentUser = AdminUserService.getAdminUser( request );
1911
1912 if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1913 {
1914 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1915 }
1916
1917 String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1918
1919 AdminUserHome.removeAllRolesForUser( nUserId );
1920
1921 if ( arrayRoles != null )
1922 {
1923 for ( String strRole : arrayRoles )
1924 {
1925 AdminUserHome.createRoleForUser( nUserId, strRole );
1926 }
1927 }
1928
1929 HashMap<String, String [ ]> mapData = new HashMap<>( );
1930 mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1931 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1932
1933 return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1934 }
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945 public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1946 {
1947 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1948 {
1949 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1950 }
1951 String strUserId = request.getParameter( PARAMETER_USER_ID );
1952 int nUserId = Integer.parseInt( strUserId );
1953 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1954 AdminUser currentUser = getUser( );
1955
1956 if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1957 {
1958 throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1959 }
1960
1961 String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1962 ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1963
1964 for ( ReferenceItem item : assignableWorkgroups )
1965 {
1966 AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1967 }
1968
1969 if ( arrayWorkspaces != null )
1970 {
1971 for ( String strWorkgroupKey : arrayWorkspaces )
1972 {
1973 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1974 }
1975 }
1976
1977 HashMap<String, String [ ]> mapData = new HashMap<>( );
1978 mapData.put( user.getAccessCode( ), arrayWorkspaces );
1979 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1980
1981 return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1982 }
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993 private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1994 {
1995 ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1996
1997 if ( workgroups.isEmpty( ) )
1998 {
1999 return true;
2000 }
2001
2002 for ( ReferenceItem item : workgroups )
2003 {
2004 if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
2005 {
2006 return true;
2007 }
2008 }
2009
2010 return false;
2011 }
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022 public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2023 {
2024 if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2025 {
2026 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2027 }
2028 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2029 getUser( ) ) )
2030 {
2031 throw new AccessDeniedException(
2032 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2033 }
2034
2035 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2036 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2037 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2038 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2039
2040 Map logParametersMap = new HashMap( );
2041 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2042 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2043 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2044 logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2045 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2046 CONSTANT_BO );
2047
2048 return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2049 }
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060 public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2061 {
2062 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2063 {
2064 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2065 }
2066 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2067 getUser( ) ) )
2068 {
2069 throw new AccessDeniedException(
2070 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2071 }
2072
2073 Map logParametersMap = new HashMap( );
2074
2075 String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2076 strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2077
2078 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2079 logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2080
2081
2082 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2083 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2084
2085 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2086 logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2087 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2088 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2089 logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2090
2091 boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2092
2093 if ( bUseAdvancedSecurityParameter )
2094 {
2095
2096 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2097 request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2098 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2099 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2100 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2101 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2102 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2103 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2104 request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2105
2106
2107 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2108 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2109
2110
2111 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2112 logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2113
2114
2115 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2116 request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2117 logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2118
2119
2120 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2121 request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2122 logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2123
2124
2125 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2126 request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2127 logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2128 }
2129
2130
2131 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2132 logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2133
2134
2135 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2136 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2137 logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2138
2139
2140 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2141 logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2142
2143
2144 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2145 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2146 logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2147
2148
2149 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2150 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2151
2152
2153 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2154 logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2155
2156
2157 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2158 logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2159
2160 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2161 CONSTANT_BO );
2162
2163 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2164 }
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175 public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2176 {
2177 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2178 getUser( ) ) )
2179 {
2180 throw new AccessDeniedException(
2181 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2182 }
2183 if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2184 {
2185 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2186 {
2187 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2188 }
2189 return doResetEmailPattern( request );
2190 }
2191 String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2192 String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2193
2194 if ( StringUtils.isNotBlank( strEmailPattern ) )
2195 {
2196 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2197 {
2198 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2199 }
2200 AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2201 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2202 }
2203 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2204 }
2205
2206
2207
2208
2209
2210
2211 private String doResetEmailPattern( HttpServletRequest request )
2212 {
2213 AdminUserService.doResetEmailPattern( );
2214
2215 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2216 }
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227 public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2228 {
2229 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2230 {
2231 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2232 }
2233 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2234 getUser( ) ) )
2235 {
2236 throw new AccessDeniedException(
2237 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2238 }
2239
2240 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2241
2242 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2243 {
2244 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2245 AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2246 }
2247
2248 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2249 }
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260 public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2261 {
2262 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2263 {
2264 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2265 }
2266 if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2267 getUser( ) ) )
2268 {
2269 throw new AccessDeniedException(
2270 CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2271 }
2272
2273 String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2274
2275 if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2276 {
2277 int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2278 AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2279 }
2280
2281 return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2282 }
2283
2284
2285
2286
2287
2288
2289
2290
2291 public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2292 {
2293 Map<String, Object> parameters = new HashMap<>( 1 );
2294 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2295
2296 if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2297 {
2298 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2299 AdminMessage.TYPE_CONFIRMATION, parameters );
2300 }
2301
2302 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2303 parameters );
2304 }
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315 public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2316 {
2317 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2318 {
2319 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2320 }
2321 AdminUserService.useAdvancedSecurityParameters( );
2322
2323 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2324 CONSTANT_BO );
2325
2326 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2327 }
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338 public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2339 {
2340 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2341 {
2342 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2343 }
2344 AdminUserService.removeAdvancedSecurityParameters( );
2345
2346 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2347 CONSTANT_BO );
2348
2349 return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2350 }
2351
2352
2353
2354
2355
2356
2357
2358
2359 public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2360 {
2361 Map<String, Object> model = new HashMap<>( );
2362
2363 List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2364 List<IAttribute> listAttributesText = new ArrayList<>( );
2365
2366 for ( IAttribute attribut : listAllAttributes )
2367 {
2368 if ( attribut.isAnonymizable( ) )
2369 {
2370 listAttributesText.add( attribut );
2371 }
2372 }
2373
2374 model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2375
2376 model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2377 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2378
2379 setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2380
2381 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2382
2383 return getAdminPage( template.getHtml( ) );
2384 }
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395 public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2396 {
2397 if ( request.getParameter( PARAMETER_CANCEL ) != null )
2398 {
2399 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2400 }
2401 if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2402 {
2403 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2404 }
2405
2406 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2407 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2408 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2409 AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2410
2411 AttributeService attributeService = AttributeService.getInstance( );
2412
2413 List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2414 List<IAttribute> listAttributesText = new ArrayList<>( );
2415
2416 for ( IAttribute attribut : listAllAttributes )
2417 {
2418 if ( attribut.isAnonymizable( ) )
2419 {
2420 listAttributesText.add( attribut );
2421 }
2422 }
2423
2424 for ( IAttribute attribute : listAttributesText )
2425 {
2426 Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2427 attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2428 }
2429
2430 return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2431 }
2432
2433
2434
2435
2436
2437
2438
2439
2440 public String getAnonymizeAdminUser( HttpServletRequest request )
2441 {
2442 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2443
2444 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2445 {
2446 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2447 }
2448
2449 int nUserId = Integer.parseInt( strAdminUserId );
2450 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2451
2452 if ( user == null )
2453 {
2454 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2455 }
2456
2457 String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2458 Map<String, Object> parameters = new HashMap<>( );
2459 parameters.put( PARAMETER_USER_ID, strAdminUserId );
2460 parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2461
2462 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2463 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2464 }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
2465 }
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476 public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2477 {
2478 String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2479
2480 if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2481 {
2482 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2483 }
2484
2485 int nUserId = Integer.parseInt( strAdminUserId );
2486 AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2487
2488 if ( user == null )
2489 {
2490 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2491 }
2492 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2493 {
2494 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2495 }
2496
2497 AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2498
2499 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2500 CONSTANT_BO );
2501
2502 return JSP_MANAGE_USER;
2503 }
2504
2505
2506
2507
2508
2509
2510
2511
2512 public String reactivateAccount( HttpServletRequest request )
2513 {
2514 AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2515 String strUrl;
2516 int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2517 Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2518
2519 if ( user.getAccountMaxValidDate( ) != null )
2520 {
2521
2522 if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2523 {
2524 AdminUserService.updateUserExpirationDate( user );
2525 }
2526
2527 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2528 AdminMessage.TYPE_INFO );
2529 }
2530 else
2531 {
2532 strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2533 AdminMessage.TYPE_ERROR );
2534 }
2535
2536 return strUrl;
2537 }
2538
2539
2540
2541
2542
2543
2544
2545
2546 public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2547 {
2548 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2549
2550 Map<String, Object> model = new HashMap<>( );
2551 String strSenderKey = StringUtils.EMPTY;
2552 String strSubjectKey = StringUtils.EMPTY;
2553 String strBodyKey = StringUtils.EMPTY;
2554 String strTitle = StringUtils.EMPTY;
2555
2556 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2557 {
2558 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2559 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2560 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2561 strTitle = PROPERTY_FIRST_EMAIL;
2562 }
2563 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2564 {
2565 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2566 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2567 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2568 strTitle = PROPERTY_OTHER_EMAIL;
2569 }
2570 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2571 {
2572 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2573 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2574 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2575 strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2576 }
2577 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2578 {
2579 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2580 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2581 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2582 strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2583 }
2584 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2585 {
2586 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2587 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2588 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2589 strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2590 }
2591
2592 String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2593 String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2594
2595 defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2596
2597 String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2598
2599
2600 setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2601
2602 model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2603 model.put( MARK_EMAIL_SENDER, strSender );
2604 model.put( MARK_EMAIL_SUBJECT, strSubject );
2605 model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2606 model.put( MARK_EMAIL_LABEL, strTitle );
2607 model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2608 model.put( MARK_LOCALE, getLocale( ) );
2609 model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2610 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2611
2612 HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2613
2614 return getAdminPage( template.getHtml( ) );
2615 }
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626 public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2627 {
2628 if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2629 {
2630 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2631 }
2632 String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2633
2634 String strSenderKey = StringUtils.EMPTY;
2635 String strSubjectKey = StringUtils.EMPTY;
2636 String strBodyKey = StringUtils.EMPTY;
2637
2638 if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2639 {
2640 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2641 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2642 strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2643 }
2644 else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2645 {
2646 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2647 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2648 strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2649 }
2650 else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2651 {
2652 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2653 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2654 strBodyKey = PARAMETER_EXPIRATION_MAIL;
2655 }
2656 else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2657 {
2658 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2659 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2660 strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2661 }
2662 else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2663 {
2664 strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2665 strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2666 strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2667 }
2668
2669 AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2670 AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2671 DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2672
2673 return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2674 }
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684 private void setItemNavigator( int nIdAdminUser, String strUrl )
2685 {
2686 if ( _itemNavigator == null )
2687 {
2688 List<String> listIdsRight = new ArrayList<>( );
2689 int nCurrentItemId = 0;
2690 int nIndex = 0;
2691
2692 AdminUser currentUser = getUser( );
2693
2694 for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2695 {
2696 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2697 {
2698 listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2699
2700 if ( adminUser.getUserId( ) == nIdAdminUser )
2701 {
2702 nCurrentItemId = nIndex;
2703 }
2704
2705 nIndex++;
2706 }
2707 }
2708
2709 _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2710 }
2711 else
2712 {
2713 _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2714 _itemNavigator.setBaseUrl( strUrl );
2715 }
2716 }
2717
2718
2719
2720
2721 private void reinitItemNavigator( )
2722 {
2723 _itemNavigator = null;
2724 }
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735 private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2736 {
2737 if ( currentUser == null || userToModify == null )
2738 {
2739 return false;
2740 }
2741 return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2742 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2743 }
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754 private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2755 {
2756 if ( currentUser == null || userToModify == null )
2757 {
2758 return false;
2759 }
2760 return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2761 }
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772 private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2773 {
2774 if ( strSelectedUserLevel != null )
2775 {
2776 int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2777 return nSelectedUserLevel != user.getUserLevel( );
2778 }
2779 return false;
2780 }
2781 }