View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.user;
35  
36  import fr.paris.lutece.portal.service.security.AccessLogService;
37  import java.io.IOException;
38  import java.io.PrintWriter;
39  import java.sql.Timestamp;
40  import java.util.ArrayList;
41  import java.util.Collection;
42  import java.util.Collections;
43  import java.util.HashMap;
44  import java.util.List;
45  import java.util.Locale;
46  import java.util.Map;
47  
48  import javax.servlet.http.HttpServletRequest;
49  import javax.servlet.http.HttpServletResponse;
50  
51  import org.apache.commons.fileupload.FileItem;
52  import org.apache.commons.lang3.StringUtils;
53  
54  import fr.paris.lutece.portal.business.rbac.RBACRole;
55  import fr.paris.lutece.portal.business.rbac.RBACRoleHome;
56  import fr.paris.lutece.portal.business.rbac.RBAC;
57  import fr.paris.lutece.portal.business.right.Level;
58  import fr.paris.lutece.portal.business.right.LevelHome;
59  import fr.paris.lutece.portal.business.right.Right;
60  import fr.paris.lutece.portal.business.right.RightHome;
61  import fr.paris.lutece.portal.business.user.AdminUser;
62  import fr.paris.lutece.portal.business.user.AdminUserHome;
63  import fr.paris.lutece.portal.business.user.PasswordUpdateMode;
64  import fr.paris.lutece.portal.business.user.attribute.IAttribute;
65  import fr.paris.lutece.portal.business.user.attribute.ISimpleValuesAttributes;
66  import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
67  import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
68  import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
69  import fr.paris.lutece.portal.business.xsl.XslExport;
70  import fr.paris.lutece.portal.business.xsl.XslExportHome;
71  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
72  import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
73  import fr.paris.lutece.portal.service.admin.AdminUserService;
74  import fr.paris.lutece.portal.service.admin.ImportAdminUserService;
75  import fr.paris.lutece.portal.service.csv.CSVMessageDescriptor;
76  import fr.paris.lutece.portal.service.fileupload.FileUploadService;
77  import fr.paris.lutece.portal.service.i18n.I18nService;
78  import fr.paris.lutece.portal.service.message.AdminMessage;
79  import fr.paris.lutece.portal.service.message.AdminMessageService;
80  import fr.paris.lutece.portal.service.plugin.PluginService;
81  import fr.paris.lutece.portal.service.rbac.RBACService;
82  import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
83  import fr.paris.lutece.portal.service.security.SecurityTokenService;
84  import fr.paris.lutece.portal.service.security.UserNotSignedException;
85  import fr.paris.lutece.portal.service.spring.SpringContextService;
86  import fr.paris.lutece.portal.service.template.AppTemplateService;
87  import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
88  import fr.paris.lutece.portal.service.user.AdminUserResourceIdService;
89  import fr.paris.lutece.portal.service.user.attribute.AdminUserFieldService;
90  import fr.paris.lutece.portal.service.user.attribute.AttributeService;
91  import fr.paris.lutece.portal.service.util.AppException;
92  import fr.paris.lutece.portal.service.util.AppLogService;
93  import fr.paris.lutece.portal.service.util.AppPathService;
94  import fr.paris.lutece.portal.service.util.AppPropertiesService;
95  import fr.paris.lutece.portal.service.workgroup.AdminWorkgroupService;
96  import fr.paris.lutece.portal.service.xsl.XslExportService;
97  import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean;
98  import fr.paris.lutece.portal.web.constants.Messages;
99  import fr.paris.lutece.portal.web.constants.Parameters;
100 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
101 import fr.paris.lutece.portal.web.l10n.LocaleService;
102 import fr.paris.lutece.portal.web.pluginaction.DefaultPluginActionResult;
103 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
104 import fr.paris.lutece.portal.web.util.LocalizedPaginator;
105 import fr.paris.lutece.util.ReferenceItem;
106 import fr.paris.lutece.util.ReferenceList;
107 import fr.paris.lutece.util.date.DateUtil;
108 import fr.paris.lutece.util.filesystem.FileSystemUtil;
109 import fr.paris.lutece.util.html.AbstractPaginator;
110 import fr.paris.lutece.util.html.HtmlTemplate;
111 import fr.paris.lutece.util.html.ItemNavigator;
112 import fr.paris.lutece.util.password.PasswordUtil;
113 import fr.paris.lutece.util.sort.AttributeComparator;
114 import fr.paris.lutece.util.string.StringUtil;
115 import fr.paris.lutece.util.url.UrlItem;
116 import fr.paris.lutece.util.xml.XmlUtil;
117 
118 /**
119  * This class provides the user interface to manage app user features ( manage, create, modify, remove, ... )
120  */
121 public class AdminUserJspBean extends AdminFeaturesPageJspBean
122 {
123     private static final String ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES = "importUsersListMessages";
124     private static final long serialVersionUID = -6323157489236186522L;
125 
126     // //////////////////////////////////////////////////////////////////////////
127     // Constants
128     private static final String CONSTANTE_UN = "1";
129     private static final String CONSTANT_USER_MSG = "User ";
130     private static final String CONSTANT_NOT_AUTHORIZED = " is not authorized to permission ";
131     private static final String CONSTANT_ADVANCED_PARAMS = "core.advanced_parameters.";
132     private static final String CONSTANT_BO = "BO";
133 
134     // Beans
135     private static final String BEAN_IMPORT_ADMIN_USER_SERVICE = "adminUserImportService";
136 
137     // Templates
138     private static final String TEMPLATE_MANAGE_USERS = "admin/user/manage_users.html";
139     private static final String TEMPLATE_CREATE_USER = "admin/user/create_user.html";
140     private static final String TEMPLATE_MODIFY_USER = "admin/user/modify_user.html";
141     private static final String TEMPLATE_MANAGE_USER_RIGHTS = "admin/user/manage_user_rights.html";
142     private static final String TEMPLATE_MODIFY_USER_RIGHTS = "admin/user/modify_user_rights.html";
143     private static final String TEMPLATE_MANAGE_USER_ROLES = "admin/user/manage_user_roles.html";
144     private static final String TEMPLATE_MODIFY_USER_ROLES = "admin/user/modify_user_roles.html";
145     private static final String TEMPLATE_IMPORT_USER = "admin/user/import_module_user.html";
146     private static final String TEMPLATE_DEFAULT_CREATE_USER = "admin/user/create_user_default_module.html";
147     private static final String TEMPLATE_DEFAULT_MODIFY_USER = "admin/user/modify_user_default_module.html";
148     private static final String TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD = "admin/user/modify_user_password_default_module.html";
149     private static final String TEMPLATE_MANAGE_USER_WORKGROUPS = "admin/user/manage_user_workgroups.html";
150     private static final String TEMPLATE_MODIFY_USER_WORKGROUPS = "admin/user/modify_user_workgroups.html";
151     private static final String TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS = "admin/user/user_email_change_status.html";
152     private static final String TEMPLATE_NOTIFY_USER = "admin/user/notify_user_account_created.html";
153     private static final String TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER = "admin/user/field_anonymize_admin_user.html";
154     private static final String TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL = "admin/user/account_life_time_email.html";
155     private static final String TEMPLATE_EXPORT_USERS_FROM_FILE = "admin/user/export_users.html";
156 
157     // Messages
158     private static final String PROPERTY_MANAGE_USERS_PAGETITLE = "portal.users.manage_users.pageTitle";
159     private static final String PROPERTY_MODIFY_USER_PAGETITLE = "portal.users.modify_user.pageTitle";
160     private static final String PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE = "portal.users.modify_user_password.pageTitle";
161     private static final String PROPERTY_LABEL_FIRST_PASSWORD = "portal.users.modify_password_default_module.form.password.new";
162     private static final String PROPERTY_CREATE_USER_PAGETITLE = "portal.users.create_user.pageTitle";
163     private static final String PROPERTY_IMPORT_MODULE_USER_PAGETITLE = "portal.users.import_module_user.pageTitle";
164     private static final String PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE = "portal.users.manage_user_rights.pageTitle";
165     private static final String PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE = "portal.users.modify_user_rights.pageTitle";
166     private static final String PROPERTY_MANAGE_USER_ROLES_PAGETITLE = "portal.users.manage_user_roles.pageTitle";
167     private static final String PROPERTY_MODIFY_USER_ROLES_PAGETITLE = "portal.users.modify_user_roles.pageTitle";
168     private static final String PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE = "portal.users.import_users_from_file.pageTitle";
169     private static final String PROPERTY_EXPORT_USERS_PAGETITLE = "portal.users.export_users.pageTitle";
170     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE = "portal.users.message.confirmRemoveUser";
171     private static final String PROPERTY_USERS_PER_PAGE = "paginator.user.itemsPerPage";
172     private static final String PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE = "portal.users.delegate_user_rights.pageTitle";
173     private static final String PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE = "portal.users.manage_user_workgroups.pageTitle";
174     private static final String PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE = "portal.users.modify_user_workgroups.pageTitle";
175     private static final String PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED = "portal.users.message.user.accessCodeAlreadyUsed";
176     private static final String PROPERTY_MESSAGE_EMAIL_ALREADY_USED = "portal.users.message.user.accessEmailUsed";
177     private static final String PROPERTY_MESSAGE_DIFFERENTS_PASSWORD = "portal.users.message.differentsPassword";
178     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS = "portal.users.user_change_status.email.subject";
179     private static final String PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER = "portal.users.notify_user.email.subject";
180     private static final String PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN = "portal.users.manage_advanced_parameters.message.errorEmailPattern";
181     private static final String PROPERTY_MESSAGE_CONFIRM_USE_ASP = "portal.users.manage_advanced_parameters.message.confirmUseAdvancedSecurityParameters";
182     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP = "portal.users.manage_advanced_parameters.message.confirmRemoveAdvancedSecurityParameters";
183     private static final String PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED = "portal.users.message.noUserSelected";
184     private static final String PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER = "portal.users.message.confirmAnonymizeUser";
185     private static final String PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER = "portal.users.anonymize_user.titleAnonymizeUser";
186     private static final String PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED = "portal.users.message.noAccountToReactivate";
187     private static final String PROPERTY_MESSAGE_ACCOUNT_REACTIVATED = "portal.users.message.messageAccountReactivated";
188     private static final String PROPERTY_FIRST_EMAIL = "portal.users.accountLifeTime.labelFirstEmail";
189     private static final String PROPERTY_OTHER_EMAIL = "portal.users.accountLifeTime.labelOtherEmail";
190     private static final String PROPERTY_ACCOUNT_DEACTIVATES_EMAIL = "portal.users.accountLifeTime.labelAccountDeactivatedEmail";
191     private static final String PROPERTY_ACCOUNT_UPDATED_EMAIL = "portal.users.accountLifeTime.labelAccountUpdatedEmail";
192     private static final String PROPERTY_NOTIFY_PASSWORD_EXPIRED = "portal.users.accountLifeTime.labelPasswordExpired";
193     private static final String PROPERTY_MESSAGE_USER_ERROR_SESSION = "portal.users.message.user.error.session";
194     private static final String MESSAGE_NOT_AUTHORIZED = "Action not permited to current user";
195     private static final String MESSAGE_MANDATORY_FIELD = "portal.util.message.mandatoryField";
196     private static final String MESSAGE_ERROR_CSV_FILE_IMPORT = "portal.users.import_users_from_file.error_csv_file_import";
197     private static final String FIELD_IMPORT_USERS_FILE = "portal.users.import_users_from_file.labelImportFile";
198     private static final String FIELD_XSL_EXPORT = "portal.users.export_users.labelXslt";
199 
200     // Parameters
201     private static final String PARAMETER_ACCESS_CODE = "access_code";
202     private static final String PARAMETER_LAST_NAME = "last_name";
203     private static final String PARAMETER_FIRST_NAME = "first_name";
204     private static final String PARAMETER_EMAIL = "email";
205     private static final String PARAMETER_NOTIFY_USER = "notify_user";
206     private static final String PARAMETER_STATUS = "status";
207     private static final String PARAMETER_USER_ID = "id_user";
208     private static final String PARAMETER_ROLE = "roles";
209     private static final String PARAMETER_RIGHT = "right";
210     private static final String PARAMETER_FIRST_PASSWORD = "first_password";
211     private static final String PARAMETER_SECOND_PASSWORD = "second_password";
212     private static final String PARAMETER_LANGUAGE = "language";
213     private static final String PARAMETER_DELEGATE_RIGHTS = "delegate_rights";
214     private static final String PARAMETER_USER_LEVEL = "user_level";
215     private static final String PARAMETER_WORKGROUP = "workgroup";
216     private static final String PARAMETER_SELECT = "select";
217     private static final String PARAMETER_SELECT_ALL = "all";
218     private static final String PARAMETER_ACCESSIBILITY_MODE = "accessibility_mode";
219     private static final String PARAMETER_WORKGROUP_KEY = "workgroup_key";
220     private static final String PARAMETER_EMAIL_PATTERN = "email_pattern";
221     private static final String PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY = "is_email_pattern_set_manually";
222     private static final String PARAMETER_ID_EXPRESSION = "id_expression";
223     private static final String PARAMETER_FORCE_CHANGE_PASSWORD_REINIT = "force_change_password_reinit";
224     private static final String PARAMETER_PASSWORD_MINIMUM_LENGTH = "password_minimum_length";
225     private static final String PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE = "password_format_upper_lower_case";
226     private static final String PARAMETER_PASSWORD_FORMAT_NUMERO = "password_format_numero";
227     private static final String PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS = "password_format_special_characters";
228     private static final String PARAMETER_PASSWORD_DURATION = "password_duration";
229     private static final String PARAMETER_PASSWORD_HISTORY_SIZE = "password_history_size";
230     private static final String PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE = "maximum_number_password_change";
231     private static final String PARAMETER_TSW_SIZE_PASSWORD_CHANGE = "tsw_size_password_change";
232     private static final String PARAMETER_ACCOUNT_LIFE_TIME = "account_life_time";
233     private static final String PARAMETER_TIME_BEFORE_ALERT_ACCOUNT = "time_before_alert_account";
234     private static final String PARAMETER_NB_ALERT_ACCOUNT = "nb_alert_account";
235     private static final String PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT = "time_between_alerts_account";
236     private static final String PARAMETER_ATTRIBUTE = "attribute_";
237     private static final String PARAMETER_EMAIL_TYPE = "email_type";
238     private static final String PARAMETER_FIRST_ALERT_MAIL_SENDER = "first_alert_mail_sender";
239     private static final String PARAMETER_OTHER_ALERT_MAIL_SENDER = "other_alert_mail_sender";
240     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SENDER = "expired_alert_mail_sender";
241     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SENDER = "account_reactivated_mail_sender";
242     private static final String PARAMETER_FIRST_ALERT_MAIL_SUBJECT = "first_alert_mail_subject";
243     private static final String PARAMETER_OTHER_ALERT_MAIL_SUBJECT = "other_alert_mail_subject";
244     private static final String PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT = "expired_alert_mail_subject";
245     private static final String PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT = "account_reactivated_mail_subject";
246     private static final String PARAMETER_FIRST_ALERT_MAIL = "core_first_alert_mail";
247     private static final String PARAMETER_OTHER_ALERT_MAIL = "core_other_alert_mail";
248     private static final String PARAMETER_EXPIRATION_MAIL = "core_expiration_mail";
249     private static final String PARAMETER_ACCOUNT_REACTIVATED = "core_account_reactivated_mail";
250     private static final String PARAMETER_CANCEL = "cancel";
251     private static final String PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED = "notify_user_password_expired";
252     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER = "password_expired_mail_sender";
253     private static final String PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT = "password_expired_mail_subject";
254     private static final String PARAMETER_NOTIFY_PASSWORD_EXPIRED = "core_password_expired";
255     private static final String PARAMETER_IMPORT_USERS_FILE = "import_file";
256     private static final String PARAMETER_SKIP_FIRST_LINE = "ignore_first_line";
257     private static final String PARAMETER_UPDATE_USERS = "update_existing_users";
258     private static final String PARAMETER_XSL_EXPORT_ID = "xsl_export_id";
259     private static final String PARAMETER_EXPORT_ROLES = "export_roles";
260     private static final String PARAMETER_EXPORT_ATTRIBUTES = "export_attributes";
261     private static final String PARAMETER_EXPORT_RIGHTS = "export_rights";
262     private static final String PARAMETER_EXPORT_WORKGROUPS = "export_workgroups";
263     private static final String PARAMETER_RESET_TOKEN_VALIDITY = "reset_token_validity";
264     private static final String PARAMETER_LOCK_RESET_TOKEN_TO_SESSION = "lock_reset_token_to_session";
265     private static final String PARAMETER_RESET = "reset";
266 
267     // Jsp url
268     private static final String JSP_MANAGE_USER_RIGHTS = "ManageUserRights.jsp";
269     private static final String JSP_MANAGE_USER_ROLES = "ManageUserRoles.jsp";
270     private static final String JSP_MANAGE_USER = "ManageUsers.jsp";
271     private static final String JSP_MANAGE_USER_WORKGROUPS = "ManageUserWorkgroups.jsp";
272     private static final String JSP_URL_MANAGE_USERS = "jsp/admin/user/ManageUsers.jsp";
273     private static final String JSP_URL_REMOVE_USER = "jsp/admin/user/DoRemoveUser.jsp";
274     private static final String JSP_URL_CREATE_USER = "jsp/admin/user/CreateUser.jsp";
275     private static final String JSP_URL_IMPORT_USER = "jsp/admin/user/ImportUser.jsp";
276     private static final String JSP_URL_MODIFY_USER = "jsp/admin/user/ModifyUser.jsp";
277     private static final String JSP_URL_MANAGE_USER_RIGHTS = "jsp/admin/user/ManageUserRights.jsp";
278     private static final String JSP_URL_MANAGE_USER_ROLES = "jsp/admin/user/ManageUserRoles.jsp";
279     private static final String JSP_URL_MANAGE_USER_WORKGROUPS = "jsp/admin/user/ManageUserWorkgroups.jsp";
280     private static final String JSP_URL_USE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoUseAdvancedSecurityParameters.jsp";
281     private static final String JSP_URL_REMOVE_ADVANCED_SECUR_PARAM = "jsp/admin/user/DoRemoveAdvancedSecurityParameters.jsp";
282     private static final String JSP_URL_ANONYMIZE_ADMIN_USER = "jsp/admin/user/DoAnonymizeAdminUser.jsp";
283     private static final String JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL = "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp";
284 
285     // Markers
286     private static final String MARK_USER_LIST = "user_list";
287     private static final String MARK_IMPORT_USER_LIST = "import_user_list";
288     private static final String MARK_ACCESS_CODE = "access_code";
289     private static final String MARK_LAST_NAME = "last_name";
290     private static final String MARK_FIRST_NAME = "first_name";
291     private static final String MARK_EMAIL = "email";
292     private static final String MARK_IMPORT_USER = "import_user";
293     private static final String MARK_USER = "user";
294     private static final String MARK_LEVEL = "level";
295     private static final String MARK_USER_RIGHT_LIST = "user_right_list";
296     private static final String MARK_ALL_ROLE_LIST = "all_role_list";
297     private static final String MARK_USER_ROLE_LIST = "user_role_list";
298     private static final String MARK_ALL_RIGHT_LIST = "all_right_list";
299     private static final String MARK_PAGINATOR = "paginator";
300     private static final String MARK_NB_ITEMS_PER_PAGE = "nb_items_per_page";
301     private static final String MARK_LANGUAGES_LIST = "languages_list";
302     private static final String MARK_CURRENT_LANGUAGE = "current_language";
303     private static final String MARK_USER_CREATION_URL = "url_user_creation";
304     private static final String MARK_CAN_DELEGATE = "can_delegate";
305     private static final String MARK_CAN_MODIFY = "can_modify";
306     private static final String MARK_USER_LEVELS_LIST = "user_levels";
307     private static final String MARK_CURRENT_USER = "current_user";
308     private static final String MARK_USER_WORKGROUP_LIST = "user_workgroup_list";
309     private static final String MARK_ALL_WORKSGROUP_LIST = "all_workgroup_list";
310     private static final String MARK_SELECT_ALL = "select_all";
311     private static final String MARK_PERMISSION_ADVANCED_PARAMETER = "permission_advanced_parameter";
312     private static final String MARK_PERMISSION_IMPORT_EXPORT_USERS = "permission_import_export_users";
313     private static final String MARK_ITEM_NAVIGATOR = "item_navigator";
314     private static final String MARK_ATTRIBUTES_LIST = "attributes_list";
315     private static final String MARK_LOCALE = "locale";
316     private static final String MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES = "map_list_attribute_default_values";
317     private static final String MARK_DEFAULT_USER_LEVEL = "default_user_level";
318     private static final String MARK_DEFAULT_USER_NOTIFICATION = "default_user_notification";
319     private static final String MARK_DEFAULT_USER_LANGUAGE = "default_user_language";
320     private static final String MARK_DEFAULT_USER_STATUS = "default_user_status";
321     private static final String MARK_ACCESS_FAILURES_MAX = "access_failures_max";
322     private static final String MARK_ACCESS_FAILURES_INTERVAL = "access_failures_interval";
323     private static final String MARK_BANNED_DOMAIN_NAMES = "banned_domain_names";
324     private static final String MARK_EMAIL_SENDER = "email_sender";
325     private static final String MARK_EMAIL_SUBJECT = "email_subject";
326     private static final String MARK_EMAIL_BODY = "email_body";
327     private static final String MARK_EMAIL_LABEL = "emailLabel";
328     private static final String MARK_WEBAPP_URL = "webapp_url";
329     private static final String MARK_LIST_MESSAGES = "csv_messages";
330     private static final String MARK_CSV_SEPARATOR = "csv_separator";
331     private static final String MARK_CSV_ESCAPE = "csv_escape";
332     private static final String MARK_ATTRIBUTES_SEPARATOR = "attributes_separator";
333     private static final String MARK_LIST_XSL_EXPORT = "refListXsl";
334     private static final String MARK_DEFAULT_VALUE_WORKGROUP_KEY = "workgroup_key_default_value";
335     private static final String MARK_WORKGROUP_KEY_LIST = "workgroup_key_list";
336     private static final String MARK_ADMIN_AVATAR = "adminAvatar";
337     private static final String MARK_RANDOM_PASSWORD_SIZE = "randomPasswordSize";
338     private static final String MARK_MINIMUM_PASSWORD_SIZE = "minimumPasswordSize";
339     private static final String MARK_DEFAULT_MODE_USED = "defaultModeUsed";
340 
341     private static final String CONSTANT_EMAIL_TYPE_FIRST = "first";
342     private static final String CONSTANT_EMAIL_TYPE_OTHER = "other";
343     private static final String CONSTANT_EMAIL_TYPE_EXPIRED = "expired";
344     private static final String CONSTANT_EMAIL_TYPE_REACTIVATED = "reactivated";
345     private static final String CONSTANT_EMAIL_PASSWORD_EXPIRED = "password_expired";
346     private static final String CONSTANT_EXTENSION_CSV_FILE = ".csv";
347     private static final String CONSTANT_EXTENSION_XML_FILE = ".xml";
348     private static final String CONSTANT_MIME_TYPE_CSV = "application/csv";
349     private static final String CONSTANT_MIME_TYPE_XML = "application/xml";
350     private static final String CONSTANT_MIME_TYPE_TEXT_CSV = "text/csv";
351     private static final String CONSTANT_MIME_TYPE_OCTETSTREAM = "application/octet-stream";
352     private static final String CONSTANT_EXPORT_USERS_FILE_NAME = "users";
353     private static final String CONSTANT_POINT = ".";
354     private static final String CONSTANT_QUOTE = "\"";
355     private static final String CONSTANT_ATTACHEMENT_FILE_NAME = "attachement; filename=\"";
356     private static final String CONSTANT_ATTACHEMENT_DISPOSITION = "Content-Disposition";
357     private static final String CONSTANT_XML_USERS = "users";
358     private static final String CONSTANT_CREATE_ADMINUSER = "lutece.admin.createAdminUser";
359     private static final String CONSTANT_REMOVE_ADMINUSER = "lutece.admin.removeAdminUser";
360     private static final String CONSTANT_ANONYMIZE_ADMINUSER = "lutece.admin.anonymizeAdminUser";
361     private static final String CONSTANT_MODIFY_ADMINUSER = "lutece.admin.modifyAdminUser";
362     private static final String CONSTANT_MODIFY_ADMINUSER_GROUPS = "lutece.admin.modifyAdminUserGroups";
363     private static final String CONSTANT_MODIFY_ADMINUSER_PASSWORD = "lutece.admin.modifyAdminUserPassword";
364     private static final String CONSTANT_MODIFY_ADMINUSER_ROLES = "lutece.admin.modifyAdminUserRoles";
365     private static final String CONSTANT_MODIFY_ADMINUSER_RIGHTS = "lutece.admin.modifyAdminUserRights";
366     private static final String CONSTANT_IMPORT_ADMINUSERS = "lutece.admin.importAdminUsers";
367     private static final String CONSTANT_MODIFY_DEFAULT_PARAMETERS = "lutece.admin.modifyUserDefaultParameters";
368     private static final String CONSTANT_MODIFY_DEFAULT_SECURITY = "lutece.admin.modifyUserDefaultSecurity";
369     private static final String CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.removeAdvanceSecurityParameters";
370     private static final String CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS = "lutece.admin.useAdvanceSecurityParameters";
371 
372     private static final String TOKEN_TECHNICAL_ADMIN = AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS;
373 
374     private static final String ANCHOR_DEFAULT_USER_PARAMETER_VALUES = "defaultUserParameterValues";
375     private static final String ANCHOR_MODIFY_EMAIL_PATTERN = "modifyEmailPattern";
376     private static final String ANCHOR_ADVANCED_SECURITY_PARAMETERS = "advancedSecurityParameters";
377     private static final String ANCHOR_LIFE_TIME_EMAILS = "lifeTimeEmails";
378     private static final String ANCHOR_ANONYMIZE_USERS = "anonymizeUsers";
379 
380     private transient ImportAdminUserService _importAdminUserService;
381     private boolean _bAdminAvatar = PluginService.isPluginEnable( "adminavatar" );
382 
383     private int _nItemsPerPage;
384     private String _strCurrentPageIndex;
385     private ItemNavigator _itemNavigator;
386 
387     /**
388      * Build the User list
389      *
390      * @param request
391      *            Http Request
392      * @return the AppUser list
393      */
394     public String getManageAdminUsers( HttpServletRequest request )
395     {
396         setPageTitleProperty( PROPERTY_MANAGE_USERS_PAGETITLE );
397 
398         // Reinit session
399         reinitItemNavigator( );
400 
401         String strCreateUrl;
402         AdminUser currentUser = getUser( );
403 
404         Map<String, Object> model = new HashMap<>( );
405 
406         // creation in no-module mode : no import
407         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
408         {
409             strCreateUrl = JSP_URL_CREATE_USER;
410         }
411         else
412         {
413             strCreateUrl = JSP_URL_IMPORT_USER;
414         }
415 
416         String strURL = getHomeUrl( request );
417         UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( strURL );
418 
419         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
420         listUsers = AdminWorkgroupService.getAuthorizedCollection( listUsers, getUser( ) );
421 
422         List<AdminUser> availableUsers = AdminUserService.getFilteredUsersInterface( listUsers, request, model, url );
423         List<AdminUser> listDisplayUsers = new ArrayList<>( );
424 
425         for ( AdminUser user : availableUsers )
426         {
427             if ( isUserAuthorizedToModifyUser( currentUser, user ) )
428             {
429                 listDisplayUsers.add( user );
430             }
431         }
432 
433         // SORT
434         String strSortedAttributeName = request.getParameter( Parameters.SORTED_ATTRIBUTE_NAME );
435         String strAscSort = null;
436 
437         if ( strSortedAttributeName != null )
438         {
439             strAscSort = request.getParameter( Parameters.SORTED_ASC );
440 
441             boolean bIsAscSort = Boolean.parseBoolean( strAscSort );
442 
443             Collections.sort( listDisplayUsers, new AttributeComparator( strSortedAttributeName, bIsAscSort ) );
444         }
445 
446         _strCurrentPageIndex = AbstractPaginator.getPageIndex( request, AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex );
447         int defaultItemsPerPage = AppPropertiesService.getPropertyInt( PROPERTY_USERS_PER_PAGE, 50 );
448         _nItemsPerPage = AbstractPaginator.getItemsPerPage( request, AbstractPaginator.PARAMETER_ITEMS_PER_PAGE, _nItemsPerPage, defaultItemsPerPage );
449 
450         if ( strSortedAttributeName != null )
451         {
452             url.addParameter( Parameters.SORTED_ATTRIBUTE_NAME, strSortedAttributeName );
453         }
454 
455         if ( strAscSort != null )
456         {
457             url.addParameter( Parameters.SORTED_ASC, strAscSort );
458         }
459 
460         // PAGINATOR
461         LocalizedPaginator<AdminUser> paginator = new LocalizedPaginator<>( listDisplayUsers, _nItemsPerPage, url.getUrl( ),
462                 AbstractPaginator.PARAMETER_PAGE_INDEX, _strCurrentPageIndex, getLocale( ) );
463 
464         // USER LEVEL
465         Collection<Level> filteredLevels = new ArrayList<>( );
466 
467         for ( Level level : LevelHome.getLevelsList( ) )
468         {
469             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
470             {
471                 filteredLevels.add( level );
472             }
473         }
474 
475         boolean bPermissionAdvancedParameter = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
476                 AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS, getUser( ) );
477         boolean bPermissionImportExportUsers = RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID,
478                 AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS, getUser( ) );
479 
480         model.put( MARK_NB_ITEMS_PER_PAGE, "" + _nItemsPerPage );
481         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
482         model.put( MARK_PAGINATOR, paginator );
483         model.put( MARK_USER_LIST, paginator.getPageItems( ) );
484         model.put( MARK_USER_CREATION_URL, strCreateUrl );
485         model.put( MARK_PERMISSION_ADVANCED_PARAMETER, bPermissionAdvancedParameter );
486         model.put( MARK_PERMISSION_IMPORT_EXPORT_USERS, bPermissionImportExportUsers );
487         model.put( MARK_ADMIN_AVATAR, _bAdminAvatar );
488         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
489 
490         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USERS, getLocale( ), model );
491 
492         return getAdminPage( template.getHtml( ) );
493     }
494 
495     /**
496      * Display the page for user import. This page is used in module mode to link a user to its code in the module (for later authentication) and to populate
497      * the creation form with the data the module is able to provide.
498      * 
499      * @param request
500      *            the http request
501      * @return the html code for the import page
502      */
503     public String getFindImportAdminUser( HttpServletRequest request )
504     {
505         setPageTitleProperty( PROPERTY_IMPORT_MODULE_USER_PAGETITLE );
506 
507         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
508         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
509         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
510         String strEmail = request.getParameter( PARAMETER_EMAIL );
511 
512         Map<String, Object> model = new HashMap<>( );
513         Collection<?> allImportUsers = null;
514 
515         if ( StringUtils.isNotEmpty( strLastName ) || StringUtils.isNotEmpty( strFirstName ) || StringUtils.isNotEmpty( strEmail ) )
516         {
517             allImportUsers = AdminAuthenticationService.getInstance( ).getUserListFromModule( strLastName, strFirstName, strEmail );
518         }
519 
520         model.put( MARK_IMPORT_USER_LIST, allImportUsers );
521         model.put( MARK_ACCESS_CODE, strAccessCode );
522         model.put( MARK_LAST_NAME, strLastName );
523         model.put( MARK_FIRST_NAME, strFirstName );
524         model.put( MARK_EMAIL, strEmail );
525 
526         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_IMPORT_USER, getLocale( ), model );
527 
528         return getAdminPage( template.getHtml( ) );
529     }
530 
531     /**
532      * Performs checks on the selected user to import and redirects on the creation form. This page is used in module mode.
533      * 
534      * @param request
535      *            The HTTP Request
536      * @return The Jsp URL of the creation form if check ok, an error page url otherwise
537      */
538     public String doSelectImportUser( HttpServletRequest request )
539     {
540         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
541 
542         if ( ( strAccessCode == null ) || ( strAccessCode.equals( "" ) ) )
543         {
544             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
545         }
546 
547         // check that access code is not in use
548         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
549         {
550             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, JSP_URL_IMPORT_USER, AdminMessage.TYPE_STOP );
551         }
552 
553         return AppPathService.getBaseUrl( request ) + JSP_URL_CREATE_USER + "?" + PARAMETER_ACCESS_CODE + "=" + strAccessCode;
554     }
555 
556     /**
557      * Returns the data capture form of a new User
558      *
559      * @param request
560      *            The HTTP Request
561      * @return The HTML form
562      */
563     public String getCreateAdminUser( HttpServletRequest request )
564     {
565         setPageTitleProperty( PROPERTY_CREATE_USER_PAGETITLE );
566 
567         HtmlTemplate template;
568         AdminUser currentUser = getUser( );
569         Collection<Level> filteredLevels = new ArrayList<>( );
570 
571         for ( Level level : LevelHome.getLevelsList( ) )
572         {
573             if ( currentUser.isAdmin( ) || currentUser.hasRights( level.getId( ) ) )
574             {
575                 filteredLevels.add( level );
576             }
577         }
578 
579         // Default user parameter values
580         String strDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
581         Level defaultLevel = LevelHome.findByPrimaryKey( Integer.parseInt( strDefaultLevel ) );
582         int nDefaultUserNotification = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
583         String strDefaultUserLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
584         int nDefaultUserStatus = Integer.parseInt( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
585 
586         // Specific attributes
587         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
588 
589         // creation in no-module mode : load empty form
590         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
591         {
592             Map<String, Object> model = new HashMap<>( );
593 
594             model.put( MARK_USER_LEVELS_LIST, filteredLevels );
595             model.put( MARK_CURRENT_USER, currentUser );
596             model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( getLocale( ) ) );
597             model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
598             model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
599             model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
600             model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
601             model.put( MARK_ATTRIBUTES_LIST, listAttributes );
602             model.put( MARK_LOCALE, getLocale( ) );
603             model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
604             model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
605             model.put( MARK_RANDOM_PASSWORD_SIZE,
606                     AppPropertiesService.getPropertyInt( PasswordUtil.PROPERTY_PASSWORD_SIZE, PasswordUtil.CONSTANT_DEFAULT_RANDOM_PASSWORD_SIZE ) );
607             model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
608             model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
609 
610             template = AppTemplateService.getTemplate( TEMPLATE_DEFAULT_CREATE_USER, getLocale( ), model );
611         }
612         else
613         // creation in module mode : populate the form with the data from the user
614         // selected for import
615         {
616             // parameters retrieved from the "import" action (retrieves the data from the
617             // access code)
618             String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
619             AdminUser user = null;
620 
621             if ( ( strAccessCode != null ) && ( !strAccessCode.equals( "" ) ) )
622             {
623                 user = AdminAuthenticationService.getInstance( ).getUserPublicDataFromModule( strAccessCode );
624             }
625 
626             Map<String, Object> model = new HashMap<>( );
627 
628             if ( user != null )
629             {
630                 model.put( MARK_USER_LEVELS_LIST, filteredLevels );
631                 model.put( MARK_CURRENT_USER, currentUser );
632                 model.put( MARK_IMPORT_USER, user );
633                 model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
634                 model.put( MARK_DEFAULT_USER_LEVEL, defaultLevel );
635                 model.put( MARK_DEFAULT_USER_NOTIFICATION, nDefaultUserNotification );
636                 model.put( MARK_DEFAULT_USER_LANGUAGE, strDefaultUserLanguage );
637                 model.put( MARK_DEFAULT_USER_STATUS, nDefaultUserStatus );
638                 model.put( MARK_ATTRIBUTES_LIST, listAttributes );
639                 model.put( MARK_LOCALE, getLocale( ) );
640                 model.put( MARK_DEFAULT_VALUE_WORKGROUP_KEY, AdminWorkgroupService.ALL_GROUPS );
641                 model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
642                 model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_CREATE_USER ) );
643             }
644 
645             template = AppTemplateService.getTemplate( TEMPLATE_CREATE_USER, getLocale( ), model );
646         }
647 
648         return getAdminPage( template.getHtml( ) );
649     }
650 
651     /**
652      * Process the data capture form of a new appUser
653      *
654      * @param request
655      *            The HTTP Request
656      * @return The Jsp URL of the process result
657      * @throws AccessDeniedException
658      *             If the security token is invalid
659      */
660     public String doCreateAdminUser( HttpServletRequest request ) throws AccessDeniedException
661     {
662         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
663         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
664         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
665         String strEmail = request.getParameter( PARAMETER_EMAIL );
666         String strStatus = request.getParameter( PARAMETER_STATUS );
667         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
668         String strNotifyUser = request.getParameter( PARAMETER_NOTIFY_USER );
669         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
670         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
671 
672         String message = checkParameters( request, JSP_URL_CREATE_USER );
673 
674         if ( message != null )
675         {
676             return message;
677         }
678 
679         // check again that access code is not in use
680         if ( AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode ) != -1 )
681         {
682             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
683         }
684 
685         // check again that email is not in use
686         if ( AdminUserHome.checkEmailAlreadyInUse( strEmail ) != -1 )
687         {
688             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
689         }
690 
691         // defines the new created user level
692         int nNewUserLevel = Integer.parseInt( strUserLevel );
693 
694         // check if the user is still an admin
695         if ( !( getUser( ).hasRights( nNewUserLevel ) || getUser( ).isAdmin( ) ) )
696         {
697             return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
698         }
699 
700         // creation in no-module mode : we manage the password
701         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
702         {
703             LuteceDefaultAdminUser/authentication/LuteceDefaultAdminUser.html#LuteceDefaultAdminUser">LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
704             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
705             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
706 
707             if ( StringUtils.isEmpty( strFirstPassword ) )
708             {
709                 return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
710             }
711 
712             if ( !strFirstPassword.equals( strSecondPassword ) )
713             {
714                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
715             }
716 
717             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, 0 );
718 
719             if ( StringUtils.isNotEmpty( strUrl ) )
720             {
721                 return strUrl;
722             }
723 
724             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
725 
726             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
727             user.setAccountMaxValidDate( AdminUserService.getAccountMaxValidDate( ) );
728 
729             user.setAccessCode( strAccessCode );
730             user.setLastName( strLastName );
731             user.setFirstName( strFirstName );
732             user.setEmail( strEmail );
733             user.setStatus( Integer.parseInt( strStatus ) );
734             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
735 
736             user.setUserLevel( nNewUserLevel );
737             user.setPasswordReset( Boolean.TRUE );
738             user.setAccessibilityMode( strAccessibilityMode != null );
739             user.setWorkgroupKey( strWorkgroupKey );
740 
741             AdminUserHome.create( user );
742             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
743 
744             if ( CONSTANTE_UN.equals( strNotifyUser ) )
745             {
746                 // Notify user for the creation of this account
747                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, strFirstPassword, PROPERTY_MESSAGE_EMAIL_SUBJECT_NOTIFY_USER,
748                         TEMPLATE_NOTIFY_USER );
749             }
750 
751             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
752                     CONSTANT_BO );
753         }
754         else
755         {
756             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
757             user.setAccessCode( strAccessCode );
758             user.setLastName( strLastName );
759             user.setFirstName( strFirstName );
760             user.setEmail( strEmail );
761             user.setStatus( Integer.parseInt( strStatus ) );
762             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
763 
764             user.setUserLevel( nNewUserLevel );
765             user.setAccessibilityMode( strAccessibilityMode != null );
766             user.setWorkgroupKey( strWorkgroupKey );
767 
768             AdminUserHome.create( user );
769             AdminUserFieldService.doCreateUserFields( user, request, getLocale( ) );
770 
771             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_CREATE_ADMINUSER, getUser( ), user.getAccessCode( ),
772                     CONSTANT_BO );
773         }
774 
775         return JSP_MANAGE_USER;
776     }
777 
778     private String checkParameters( HttpServletRequest request, String strJspUrl ) throws AccessDeniedException
779     {
780         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
781         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
782         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
783         String strEmail = request.getParameter( PARAMETER_EMAIL );
784 
785         if ( StringUtils.isEmpty( strAccessCode ) )
786         {
787             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
788         }
789 
790         if ( StringUtils.isEmpty( strLastName ) )
791         {
792             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
793         }
794 
795         if ( StringUtils.isEmpty( strFirstName ) )
796         {
797             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
798         }
799 
800         if ( StringUtils.isBlank( strEmail ) )
801         {
802             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP );
803         }
804 
805         if ( !AdminUserService.checkEmail( strEmail ) )
806         {
807             return AdminUserService.getEmailErrorMessageUrl( request );
808         }
809 
810         String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
811 
812         if ( strError != null )
813         {
814             return strError;
815         }
816 
817         if ( !SecurityTokenService.getInstance( ).validate( request, strJspUrl ) )
818         {
819             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
820         }
821 
822         return null;
823     }
824 
825     /**
826      * Returns the form to update info about a AppUser
827      *
828      * @param request
829      *            The Http request
830      * @return The HTML form to update info
831      * @throws AccessDeniedException
832      *             If the current user is not authorized to modify the user
833      */
834     public String getModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
835     {
836         setPageTitleProperty( PROPERTY_MODIFY_USER_PAGETITLE );
837 
838         String strUserId = request.getParameter( PARAMETER_USER_ID );
839 
840         int nUserId = Integer.parseInt( strUserId );
841 
842         Map<String, Object> model = new HashMap<>( );
843         HtmlTemplate template;
844 
845         AdminUser user;
846         String strTemplateUrl;
847 
848         // creation in no-module mode : load form with password modification field and
849         // login modification field
850         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
851         {
852             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
853             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER;
854         }
855         else
856         {
857             user = AdminUserHome.findByPrimaryKey( nUserId );
858             strTemplateUrl = TEMPLATE_MODIFY_USER;
859         }
860 
861         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
862         {
863             return getManageAdminUsers( request );
864         }
865 
866         AdminUser currentUser = AdminUserService.getAdminUser( request );
867 
868         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
869         {
870             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
871         }
872 
873         Level level = LevelHome.findByPrimaryKey( user.getUserLevel( ) );
874         ReferenceListml#ReferenceList">ReferenceList filteredLevels = new ReferenceList( );
875 
876         if ( isUserAuthorizedToChangeUserLevel( currentUser, user ) )
877         {
878             for ( Level levelItem : LevelHome.getLevelsList( ) )
879             {
880                 filteredLevels.add( levelItem.getReferenceItem( ) );
881             }
882             ;
883             filteredLevels.removeIf( levelItem -> levelItem.getCode( ).equals( "0" ) );
884         }
885 
886         // ITEM NAVIGATION
887         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
888 
889         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( getLocale( ) );
890         Map<String, Object> map = AdminUserFieldService.getAdminUserFields( listAttributes, nUserId, getLocale( ) );
891 
892         model.put( MARK_USER, user );
893         model.put( MARK_LEVEL, level );
894         model.put( MARK_USER_LEVELS_LIST, filteredLevels );
895         model.put( MARK_LANGUAGES_LIST, I18nService.getAdminLocales( user.getLocale( ) ) );
896         model.put( MARK_CURRENT_LANGUAGE, user.getLocale( ).getLanguage( ) );
897         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
898         model.put( MARK_ATTRIBUTES_LIST, listAttributes );
899         model.put( MARK_LOCALE, getLocale( ) );
900         model.put( MARK_MAP_LIST_ATTRIBUTE_DEFAULT_VALUES, map );
901         model.put( MARK_WORKGROUP_KEY_LIST, AdminWorkgroupService.getUserWorkgroups( getUser( ), getLocale( ) ) );
902         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_USER ) );
903 
904         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
905 
906         return getAdminPage( template.getHtml( ) );
907     }
908 
909     /**
910      * Process the change form of an appUser
911      *
912      * @param request
913      *            The Http request
914      * @return The Jsp URL of the process result
915      * @throws AccessDeniedException
916      *             If the current user is not authorized to modify the user
917      */
918     public String doModifyAdminUser( HttpServletRequest request ) throws AccessDeniedException
919     {
920         String strUserId = request.getParameter( PARAMETER_USER_ID );
921         String strAccessCode = request.getParameter( PARAMETER_ACCESS_CODE );
922         String strLastName = request.getParameter( PARAMETER_LAST_NAME );
923         String strFirstName = request.getParameter( PARAMETER_FIRST_NAME );
924         String strEmail = request.getParameter( PARAMETER_EMAIL );
925         String strStatus = request.getParameter( PARAMETER_STATUS );
926         String strAccessibilityMode = request.getParameter( PARAMETER_ACCESSIBILITY_MODE );
927         String strWorkgroupKey = request.getParameter( PARAMETER_WORKGROUP_KEY );
928         String strUserLevel = request.getParameter( PARAMETER_USER_LEVEL );
929         int nUserId = Integer.parseInt( strUserId );
930 
931         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
932         AdminUser currentUser = AdminUserService.getAdminUser( request );
933 
934         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
935         {
936             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
937         }
938 
939         // Check if the current user is trying to modify another user's right level.
940         // If that's the case, then make sure they have the required authorization to do it
941         if ( isUserLevelModified( userToModify, strUserLevel ) && !isUserAuthorizedToChangeUserLevel( currentUser, userToModify ) )
942         {
943             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
944         }
945 
946         String message = checkParameters( request, JSP_URL_MODIFY_USER );
947 
948         if ( message != null )
949         {
950             return message;
951         }
952 
953         int checkCode = AdminUserHome.checkAccessCodeAlreadyInUse( strAccessCode );
954 
955         // check again that access code is not in use
956         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
957         {
958             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCESS_CODE_ALREADY_USED, AdminMessage.TYPE_STOP );
959         }
960 
961         checkCode = AdminUserHome.checkEmailAlreadyInUse( strEmail );
962 
963         // check again that email is not in use
964         if ( ( checkCode != -1 ) && ( checkCode != nUserId ) )
965         {
966             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_EMAIL_ALREADY_USED, AdminMessage.TYPE_STOP );
967         }
968 
969         // modification in no-module mode : we manage the password
970         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
971         {
972             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
973 
974             user.setUserId( nUserId );
975             user.setAccessCode( strAccessCode );
976             user.setLastName( strLastName );
977             user.setFirstName( strFirstName );
978             user.setEmail( strEmail );
979             user.setWorkgroupKey( strWorkgroupKey );
980             user.setUserLevel( Integer.parseInt( strUserLevel ) );
981 
982             int nStatus = Integer.parseInt( strStatus );
983 
984             if ( nStatus != user.getStatus( ) )
985             {
986                 user.setStatus( nStatus );
987                 AdminUserService.notifyUser( AppPathService.getBaseUrl( request ), user, PROPERTY_MESSAGE_EMAIL_SUBJECT_CHANGE_STATUS,
988                         TEMPLATE_ADMIN_EMAIL_CHANGE_STATUS );
989             }
990 
991             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
992             user.setAccessibilityMode( strAccessibilityMode != null );
993 
994             AdminUserHome.update( user, PasswordUpdateMode.IGNORE );
995 
996             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
997 
998             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
999                     CONSTANT_BO );
1000         }
1001         else
1002         {
1003             AdminUserbusiness/user/AdminUser.html#AdminUser">AdminUser user = new AdminUser( );
1004             user.setUserId( nUserId );
1005             user.setAccessCode( strAccessCode );
1006             user.setLastName( strLastName );
1007             user.setFirstName( strFirstName );
1008             user.setEmail( strEmail );
1009             user.setStatus( Integer.parseInt( strStatus ) );
1010             user.setLocale( new Locale( request.getParameter( PARAMETER_LANGUAGE ) ) );
1011             user.setAccessibilityMode( strAccessibilityMode != null );
1012             user.setWorkgroupKey( strWorkgroupKey );
1013             user.setUserLevel( Integer.parseInt( strUserLevel ) );
1014 
1015             String strError = AdminUserFieldService.checkUserFields( request, getLocale( ) );
1016 
1017             if ( strError != null )
1018             {
1019                 return strError;
1020             }
1021 
1022             AdminUserHome.update( user );
1023 
1024             AdminUserFieldService.doModifyUserFields( user, request, getLocale( ), getUser( ) );
1025 
1026             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser, user.getAccessCode( ),
1027                     CONSTANT_BO );
1028         }
1029 
1030         return JSP_MANAGE_USER;
1031     }
1032 
1033     /**
1034      * Returns the form to update password of AppUser
1035      *
1036      * @param request
1037      *            The Http request
1038      * @return The HTML form to update info
1039      * @throws AccessDeniedException
1040      *             If the current user is not authorized to modify the user
1041      */
1042     public String getModifyUserPassword( HttpServletRequest request ) throws AccessDeniedException
1043     {
1044         setPageTitleProperty( PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE );
1045 
1046         String strUserId = request.getParameter( PARAMETER_USER_ID );
1047 
1048         int nUserId = Integer.parseInt( strUserId );
1049 
1050         Map<String, Object> model = new HashMap<>( );
1051         HtmlTemplate template;
1052 
1053         AdminUser user = null;
1054         String strTemplateUrl = "";
1055 
1056         // creation in no-module mode : load form with password modification field and
1057         // login modification field
1058         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1059         {
1060             user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1061             strTemplateUrl = TEMPLATE_DEFAULT_MODIFY_USER_PASSWORD;
1062         }
1063         else
1064         {
1065             throw new AppException( "Cannot modify password when not in DeafultModuleUsed mode" );
1066         }
1067 
1068         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1069         {
1070             throw new AppException( "User to modify password for not found" );
1071         }
1072 
1073         AdminUser currentUser = AdminUserService.getAdminUser( request );
1074 
1075         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1076         {
1077             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1078         }
1079 
1080         // ITEM NAVIGATION
1081         setItemNavigator( user.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_USER );
1082 
1083         model.put( MARK_USER, user );
1084         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1085         model.put( MARK_MINIMUM_PASSWORD_SIZE, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
1086         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) );
1087 
1088         template = AppTemplateService.getTemplate( strTemplateUrl, getLocale( ), model );
1089 
1090         return getAdminPage( template.getHtml( ) );
1091     }
1092 
1093     /**
1094      * Process the change form of an appUser password
1095      *
1096      * @param request
1097      *            The Http request
1098      * @return The Jsp URL of the process result
1099      * @throws AccessDeniedException
1100      *             If the current user is not authorized to modify the user
1101      */
1102     public String doModifyAdminUserPassword( HttpServletRequest request ) throws AccessDeniedException
1103     {
1104         if ( !SecurityTokenService.getInstance( ).validate( request, PROPERTY_MODIFY_USER_PASSWORD_PAGETITLE ) )
1105         {
1106             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1107         }
1108         String strUserId = request.getParameter( PARAMETER_USER_ID );
1109 
1110         int nUserId = Integer.parseInt( strUserId );
1111 
1112         AdminUser userToModify = AdminUserHome.findByPrimaryKey( nUserId );
1113 
1114         if ( userToModify == null )
1115         {
1116             throw new AppException( CONSTANT_USER_MSG + strUserId + " not found" );
1117         }
1118 
1119         AdminUser currentUser = AdminUserService.getAdminUser( request );
1120 
1121         if ( !isUserAuthorizedToModifyUser( currentUser, userToModify ) )
1122         {
1123             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1124         }
1125 
1126         // modification in no-module mode : we manage the password
1127         if ( AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) )
1128         {
1129             LuteceDefaultAdminUser user = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( nUserId );
1130 
1131             String strFirstPassword = request.getParameter( PARAMETER_FIRST_PASSWORD );
1132             String strSecondPassword = request.getParameter( PARAMETER_SECOND_PASSWORD );
1133 
1134             if ( StringUtils.isEmpty( strFirstPassword ) )
1135             {
1136                 return AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, new String [ ] {
1137                         I18nService.getLocalizedString( PROPERTY_LABEL_FIRST_PASSWORD, getLocale( ) )
1138                 }, AdminMessage.TYPE_STOP );
1139             }
1140 
1141             if ( !StringUtils.equals( strFirstPassword, strSecondPassword ) )
1142             {
1143                 // First and second password are filled but there are different
1144                 return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_DIFFERENTS_PASSWORD, AdminMessage.TYPE_STOP );
1145             }
1146 
1147             String strUrl = AdminUserService.checkPassword( request, strFirstPassword, nUserId, Boolean.TRUE );
1148 
1149             if ( StringUtils.isNotEmpty( strUrl ) )
1150             {
1151                 return strUrl;
1152             }
1153 
1154             user.setPassword( AdminUserService.encryptPassword( strFirstPassword ) );
1155             user.setPasswordReset( Boolean.FALSE );
1156             user.setPasswordMaxValidDate( AdminUserService.getPasswordMaxValidDate( ) );
1157 
1158             AdminUserHome.update( user, PasswordUpdateMode.UPDATE );
1159 
1160             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_PASSWORD, currentUser,
1161                     user.getAccessCode( ), CONSTANT_BO );
1162         }
1163 
1164         return JSP_MANAGE_USER;
1165     }
1166 
1167     /**
1168      * Get a page to import users from a CSV file.
1169      * 
1170      * @param request
1171      *            The request
1172      * @return The HTML content
1173      */
1174     public String getImportUsersFromFile( HttpServletRequest request )
1175     {
1176         _importAdminUserService = SpringContextService.getBean( BEAN_IMPORT_ADMIN_USER_SERVICE );
1177         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1178                 getUser( ) ) )
1179         {
1180             return getManageAdminUsers( request );
1181         }
1182 
1183         setPageTitleProperty( PROPERTY_IMPORT_USERS_FROM_FILE_PAGETITLE );
1184 
1185         Map<String, Object> model = new HashMap<>( );
1186 
1187         model.put( MARK_LIST_MESSAGES, request.getAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES ) );
1188 
1189         String strCsvSeparator = StringUtils.EMPTY + _importAdminUserService.getCSVSeparator( );
1190         String strCsvEscapeCharacter = StringUtils.EMPTY + _importAdminUserService.getCSVEscapeCharacter( );
1191         String strAttributesSeparator = StringUtils.EMPTY + _importAdminUserService.getAttributesSeparator( );
1192         model.put( MARK_CSV_SEPARATOR, strCsvSeparator );
1193         model.put( MARK_CSV_ESCAPE, strCsvEscapeCharacter );
1194         model.put( MARK_ATTRIBUTES_SEPARATOR, strAttributesSeparator );
1195         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_IMPORT_USER ) );
1196 
1197         String strTemplate = _importAdminUserService.getImportFromFileTemplate( );
1198         HtmlTemplate template = AppTemplateService.getTemplate( strTemplate, AdminUserService.getLocale( request ), model );
1199 
1200         return getAdminPage( template.getHtml( ) );
1201     }
1202 
1203     /**
1204      * Do import users from a CSV file
1205      * 
1206      * @param request
1207      *            The request
1208      * @return A DefaultPluginActionResult with the URL of the page to display, or the HTML content
1209      * @throws AccessDeniedException
1210      *             if the security token is invalid
1211      */
1212     public DefaultPluginActionResult doImportUsersFromFile( HttpServletRequest request ) throws AccessDeniedException
1213     {
1214         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1215 
1216         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1217                 getUser( ) ) )
1218         {
1219             result.setHtmlContent( getManageAdminUsers( request ) );
1220 
1221             return result;
1222         }
1223 
1224         if ( request instanceof MultipartHttpServletRequest )
1225         {
1226             MultipartHttpServletRequestce/portal/web/upload/MultipartHttpServletRequest.html#MultipartHttpServletRequest">MultipartHttpServletRequest multipartRequest = (MultipartHttpServletRequest) request;
1227             FileItem fileItem = multipartRequest.getFile( PARAMETER_IMPORT_USERS_FILE );
1228             String strMimeType = FileSystemUtil.getMIMEType( FileUploadService.getFileNameOnly( fileItem ) );
1229 
1230             if ( !( ( fileItem != null ) && !StringUtils.EMPTY.equals( fileItem.getName( ) ) ) )
1231             {
1232                 Object [ ] tabRequiredFields = {
1233                         I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1234                 };
1235                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1236 
1237                 return result;
1238             }
1239 
1240             if ( ( !strMimeType.equals( CONSTANT_MIME_TYPE_CSV ) && !strMimeType.equals( CONSTANT_MIME_TYPE_OCTETSTREAM )
1241                     && !strMimeType.equals( CONSTANT_MIME_TYPE_TEXT_CSV ) )
1242                     || !fileItem.getName( ).toLowerCase( Locale.ENGLISH ).endsWith( CONSTANT_EXTENSION_CSV_FILE ) )
1243             {
1244                 result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_CSV_FILE_IMPORT, AdminMessage.TYPE_STOP ) );
1245 
1246                 return result;
1247             }
1248             if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_IMPORT_USER ) )
1249             {
1250                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1251             }
1252 
1253             String strSkipFirstLine = multipartRequest.getParameter( PARAMETER_SKIP_FIRST_LINE );
1254             boolean bSkipFirstLine = StringUtils.isNotEmpty( strSkipFirstLine );
1255             String strUpdateUsers = multipartRequest.getParameter( PARAMETER_UPDATE_USERS );
1256             boolean bUpdateUsers = StringUtils.isNotEmpty( strUpdateUsers );
1257 
1258             _importAdminUserService.setUpdateExistingUsers( bUpdateUsers );
1259 
1260             List<CSVMessageDescriptor> listMessages = _importAdminUserService.readCSVFile( fileItem, 0, false, false, bSkipFirstLine,
1261                     AdminUserService.getLocale( request ), AppPathService.getBaseUrl( request ) );
1262 
1263             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_IMPORT_ADMINUSERS, getUser( ), fileItem.getName( ),
1264                     CONSTANT_BO );
1265 
1266             request.setAttribute( ATTRIBUTE_IMPORT_USERS_LIST_MESSAGES, listMessages );
1267 
1268             String strHtmlResult = getImportUsersFromFile( request );
1269             result.setHtmlContent( strHtmlResult );
1270         }
1271         else
1272         {
1273             Object [ ] tabRequiredFields = {
1274                     I18nService.getLocalizedString( FIELD_IMPORT_USERS_FILE, getLocale( ) )
1275             };
1276             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1277         }
1278 
1279         return result;
1280     }
1281 
1282     /**
1283      * Get a page to export users
1284      * 
1285      * @param request
1286      *            The request
1287      * @return The html content
1288      */
1289     public String getExportUsers( HttpServletRequest request )
1290     {
1291         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
1292                 getUser( ) ) )
1293         {
1294             return getManageAdminUsers( request );
1295         }
1296 
1297         setPageTitleProperty( PROPERTY_EXPORT_USERS_PAGETITLE );
1298 
1299         Map<String, Object> model = new HashMap<>( );
1300 
1301         ReferenceList refListXsl = XslExportHome.getRefListByPlugin( PluginService.getCore( ) );
1302 
1303         model.put( MARK_LIST_XSL_EXPORT, refListXsl );
1304 
1305         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_EXPORT_USERS_FROM_FILE, AdminUserService.getLocale( request ), model );
1306 
1307         return getAdminPage( template.getHtml( ) );
1308     }
1309 
1310     /**
1311      * Do export users
1312      * 
1313      * @param request
1314      *            The request
1315      * @param response
1316      *            The response
1317      * @return A DefaultPluginActionResult containing the result, or null if the file download has been initialized
1318      * @throws IOException
1319      *             If an IOException occurs
1320      */
1321     public DefaultPluginActionResult doExportUsers( HttpServletRequest request, HttpServletResponse response ) throws IOException
1322     {
1323         DefaultPluginActionResultefaultPluginActionResult.html#DefaultPluginActionResult">DefaultPluginActionResult result = new DefaultPluginActionResult( );
1324 
1325         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_IMPORT_EXPORT_USERS,
1326                 getUser( ) ) )
1327         {
1328             result.setHtmlContent( getManageAdminUsers( request ) );
1329 
1330             return result;
1331         }
1332 
1333         String strXslExportId = request.getParameter( PARAMETER_XSL_EXPORT_ID );
1334         String strExportAttributes = request.getParameter( PARAMETER_EXPORT_ATTRIBUTES );
1335         String strExportRoles = request.getParameter( PARAMETER_EXPORT_ROLES );
1336         String strExportRights = request.getParameter( PARAMETER_EXPORT_RIGHTS );
1337         String strExportWorkgroups = request.getParameter( PARAMETER_EXPORT_WORKGROUPS );
1338         boolean bExportAttributes = StringUtils.isNotEmpty( strExportAttributes );
1339         boolean bExportRoles = StringUtils.isNotEmpty( strExportRoles );
1340         boolean bExportRights = StringUtils.isNotEmpty( strExportRights );
1341         boolean bExportWorkgroups = StringUtils.isNotEmpty( strExportWorkgroups );
1342 
1343         if ( StringUtils.isBlank( strXslExportId ) )
1344         {
1345             Object [ ] tabRequiredFields = {
1346                     I18nService.getLocalizedString( FIELD_XSL_EXPORT, getLocale( ) )
1347             };
1348             result.setRedirect( AdminMessageService.getMessageUrl( request, MESSAGE_MANDATORY_FIELD, tabRequiredFields, AdminMessage.TYPE_STOP ) );
1349 
1350             return result;
1351         }
1352 
1353         int nIdXslExport = Integer.parseInt( strXslExportId );
1354 
1355         XslExport xslExport = XslExportHome.findByPrimaryKey( nIdXslExport );
1356 
1357         Collection<AdminUser> listUsers = AdminUserHome.findUserList( );
1358 
1359         List<IAttribute> listAttributes = AttributeService.getInstance( ).getAllAttributesWithFields( LocaleService.getDefault( ) );
1360         List<IAttribute> listAttributesFiltered = new ArrayList<>( );
1361 
1362         for ( IAttribute attribute : listAttributes )
1363         {
1364             if ( attribute instanceof ISimpleValuesAttributes )
1365             {
1366                 listAttributesFiltered.add( attribute );
1367             }
1368         }
1369 
1370         StringBuffer sbXml = new StringBuffer( XmlUtil.getXmlHeader( ) );
1371         XmlUtil.beginElement( sbXml, CONSTANT_XML_USERS );
1372 
1373         for ( AdminUser user : listUsers )
1374         {
1375             if ( !user.isStatusAnonymized( ) )
1376             {
1377                 sbXml.append(
1378                         AdminUserService.getXmlFromUser( user, bExportRoles, bExportRights, bExportWorkgroups, bExportAttributes, listAttributesFiltered ) );
1379             }
1380         }
1381 
1382         XmlUtil.endElement( sbXml, CONSTANT_XML_USERS );
1383 
1384         String strXml = StringUtil.replaceAccent( sbXml.toString( ) );
1385         String strExportedUsers = XslExportService.exportXMLWithXSL( nIdXslExport, strXml );
1386 
1387         if ( CONSTANT_MIME_TYPE_CSV.contains( xslExport.getExtension( ) ) )
1388         {
1389             response.setContentType( CONSTANT_MIME_TYPE_CSV );
1390         }
1391         else if ( CONSTANT_EXTENSION_XML_FILE.contains( xslExport.getExtension( ) ) )
1392         {
1393             response.setContentType( CONSTANT_MIME_TYPE_XML );
1394         }
1395         else
1396         {
1397             response.setContentType( CONSTANT_MIME_TYPE_OCTETSTREAM );
1398         }
1399 
1400         String strFileName = CONSTANT_EXPORT_USERS_FILE_NAME + CONSTANT_POINT + xslExport.getExtension( );
1401         response.setHeader( CONSTANT_ATTACHEMENT_DISPOSITION, CONSTANT_ATTACHEMENT_FILE_NAME + strFileName + CONSTANT_QUOTE );
1402 
1403         PrintWriter out = response.getWriter( );
1404         out.write( strExportedUsers );
1405         out.flush( );
1406         out.close( );
1407 
1408         return null;
1409     }
1410 
1411     /**
1412      * Returns the page of confirmation for deleting a provider
1413      *
1414      * @param request
1415      *            The Http Request
1416      * @return the confirmation url
1417      * @throws AccessDeniedException
1418      *             When not authorized
1419      */
1420     public String doConfirmRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1421     {
1422         String strUserId = request.getParameter( PARAMETER_USER_ID );
1423         int nUserId = Integer.parseInt( strUserId );
1424         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1425 
1426         if ( user == null )
1427         {
1428             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1429         }
1430 
1431         AdminUser currentUser = AdminUserService.getAdminUser( request );
1432 
1433         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1434         {
1435             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1436         }
1437 
1438         String strUrlRemove = JSP_URL_REMOVE_USER;
1439         Map<String, Object> parameters = new HashMap<>( );
1440         parameters.put( PARAMETER_USER_ID, strUserId );
1441         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_REMOVE_USER ) );
1442 
1443         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE, new Object [ ] {
1444                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
1445         }, null, strUrlRemove, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
1446     }
1447 
1448     /**
1449      * Process to the confirmation of deleting of an AppUser
1450      *
1451      * @param request
1452      *            The Http Request
1453      * @return the HTML page
1454      * @throws AccessDeniedException
1455      *             If the user is not authorized
1456      */
1457     public String doRemoveAdminUser( HttpServletRequest request ) throws AccessDeniedException
1458     {
1459         String strUserId = request.getParameter( PARAMETER_USER_ID );
1460         int nUserId = Integer.parseInt( strUserId );
1461         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1462 
1463         if ( user == null )
1464         {
1465             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
1466         }
1467         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_REMOVE_USER ) )
1468         {
1469             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1470         }
1471 
1472         AdminUser currentUser = AdminUserService.getAdminUser( request );
1473 
1474         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1475         {
1476             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1477         }
1478 
1479         String strRemovedUserAccessCode = user.getAccessCode( );
1480 
1481         // Only level 0 users can physically delete a user.
1482         if( currentUser.isAdmin( ) )
1483         {
1484             AdminUserFieldService.doRemoveUserFields( user, request, getLocale( ) );
1485             AdminUserHome.removeAllRightsForUser( nUserId );
1486             AdminUserHome.removeAllRolesForUser( nUserId );
1487             AdminUserHome.removeAllPasswordHistoryForUser( nUserId );
1488             AdminUserHome.remove( nUserId );
1489 
1490             AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADMINUSER, currentUser,
1491                     strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1492         }
1493         else
1494         {
1495             if (user.isStatusActive())
1496             {
1497                 user.setStatus( AdminUser.NOT_ACTIVE_CODE );
1498                 AdminUserHome.update( user );
1499 
1500                 AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER, currentUser,
1501                         strUserId + " : " + strRemovedUserAccessCode, CONSTANT_BO );
1502             }
1503         }
1504 
1505         return JSP_MANAGE_USER;
1506     }
1507 
1508     /**
1509      * Build the User right list
1510      *
1511      * @param request
1512      *            Http Request
1513      * @return the right list
1514      * @throws AccessDeniedException
1515      *             If the user is not authorized
1516      */
1517     public String getManageAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1518     {
1519         setPageTitleProperty( PROPERTY_MANAGE_USER_RIGHTS_PAGETITLE );
1520 
1521         String strUserId = request.getParameter( PARAMETER_USER_ID );
1522         int nUserId = Integer.parseInt( strUserId );
1523 
1524         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1525 
1526         AdminUser currentUser = AdminUserService.getAdminUser( request );
1527 
1528         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1529         {
1530             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1531         }
1532 
1533         Collection<Right> rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1534 
1535         // ITEM NAVIGATION
1536         setItemNavigator( selectedUser.getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1537 
1538         HashMap<String, Object> model = new HashMap<>( );
1539         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1540         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1541         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1542         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1543         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1544 
1545         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_RIGHTS, getLocale( ), model );
1546 
1547         return getAdminPage( template.getHtml( ) );
1548     }
1549 
1550     /**
1551      * Build the User workgroup list
1552      *
1553      * @param request
1554      *            Http Request
1555      * @return the right list
1556      * @throws AccessDeniedException
1557      *             If the user is not authorized
1558      */
1559     public String getManageAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1560     {
1561         setPageTitleProperty( PROPERTY_MANAGE_USER_WORKGROUPS_PAGETITLE );
1562 
1563         String strUserId = request.getParameter( PARAMETER_USER_ID );
1564         int nUserId = Integer.parseInt( strUserId );
1565 
1566         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1567         AdminUser currentUser = AdminUserService.getAdminUser( request );
1568 
1569         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1570         {
1571             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1572         }
1573 
1574         ReferenceList workgroupsList = AdminWorkgroupHome.getUserWorkgroups( selectedUser );
1575 
1576         // ITEM NAVIGATION
1577         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1578 
1579         Map<String, Object> model = new HashMap<>( );
1580         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1581         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1582         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1583         model.put( MARK_USER_WORKGROUP_LIST, workgroupsList );
1584         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1585 
1586         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_WORKGROUPS, getLocale( ), model );
1587 
1588         return getAdminPage( template.getHtml( ) );
1589     }
1590 
1591     /**
1592      * Build the assignable workgroups list
1593      *
1594      * @param request
1595      *            Http Request
1596      * @return the right list
1597      * @throws AccessDeniedException
1598      *             If the user is not authorized
1599      */
1600     public String getModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1601     {
1602         boolean bDelegateWorkgroups = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1603 
1604         setPageTitleProperty( bDelegateWorkgroups ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_WORKGROUPS_PAGETITLE );
1605 
1606         String strUserId = request.getParameter( PARAMETER_USER_ID );
1607         int nUserId = Integer.parseInt( strUserId );
1608 
1609         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1610         AdminUser currentUser = getUser( );
1611 
1612         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1613         {
1614             return getManageAdminUsers( request );
1615         }
1616 
1617         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1618         {
1619             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1620         }
1621 
1622         ReferenceList userWorkspaces = AdminWorkgroupHome.getUserWorkgroups( user );
1623         ReferenceList assignableWorkspaces = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1624 
1625         ArrayList<String> checkedValues = new ArrayList<>( );
1626 
1627         for ( ReferenceItem item : userWorkspaces )
1628         {
1629             checkedValues.add( item.getCode( ) );
1630         }
1631 
1632         assignableWorkspaces.checkItems( checkedValues.toArray( new String [ checkedValues.size( )] ) );
1633 
1634         // ITEM NAVIGATION
1635         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_WORKGROUPS );
1636 
1637         Map<String, Object> model = new HashMap<>( );
1638         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1639         model.put( MARK_ALL_WORKSGROUP_LIST, assignableWorkspaces );
1640         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateWorkgroups ) );
1641         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1642         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1643         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_WORKGROUPS ) );
1644 
1645         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_WORKGROUPS, getLocale( ), model );
1646 
1647         return getAdminPage( template.getHtml( ) );
1648     }
1649 
1650     /**
1651      * Build the right list
1652      *
1653      * @param request
1654      *            Http Request
1655      * @return the right list
1656      * @throws AccessDeniedException
1657      *             If the user is not authorized
1658      */
1659     public String getModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1660     {
1661         boolean bDelegateRights = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1662 
1663         String strSelectAll = request.getParameter( PARAMETER_SELECT );
1664         boolean bSelectAll = ( ( strSelectAll != null ) && strSelectAll.equals( PARAMETER_SELECT_ALL ) );
1665 
1666         setPageTitleProperty( bDelegateRights ? PROPERTY_DELEGATE_USER_RIGHTS_PAGETITLE : PROPERTY_MODIFY_USER_RIGHTS_PAGETITLE );
1667 
1668         String strUserId = request.getParameter( PARAMETER_USER_ID );
1669         int nUserId = Integer.parseInt( strUserId );
1670 
1671         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1672         AdminUser currentUser = getUser( );
1673 
1674         if ( ( user == null ) || ( user.getUserId( ) == 0 ) )
1675         {
1676             return getManageAdminUsers( request );
1677         }
1678 
1679         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1680         {
1681             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1682         }
1683 
1684         Collection<Right> rightList;
1685         Collection<Right> allRightList = RightHome.getRightsList( user.getUserLevel( ) );
1686 
1687         if ( bDelegateRights )
1688         {
1689             Map<String, Right> rights = AdminUserHome.getRightsListForUser( currentUser.getUserId( ) );
1690             rightList = new ArrayList<>( );
1691 
1692             for ( Right right : rights.values( ) )
1693             {
1694                 // logged user can only delegate rights with level higher or equal to user
1695                 // level.
1696                 if ( right.getLevel( ) >= user.getUserLevel( ) )
1697                 {
1698                     rightList.add( right );
1699                 }
1700             }
1701         }
1702         else
1703         {
1704             rightList = AdminUserHome.getRightsListForUser( nUserId ).values( );
1705         }
1706 
1707         // ITEM NAVIGATION
1708         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_RIGHTS );
1709 
1710         Map<String, Object> model = new HashMap<>( );
1711         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1712         model.put( MARK_USER_RIGHT_LIST, I18nService.localizeCollection( rightList, getLocale( ) ) );
1713         model.put( MARK_ALL_RIGHT_LIST, I18nService.localizeCollection( allRightList, getLocale( ) ) );
1714         model.put( MARK_CAN_DELEGATE, String.valueOf( bDelegateRights ) );
1715         model.put( MARK_SELECT_ALL, bSelectAll );
1716         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1717         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1718         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_RIGHTS ) );
1719 
1720         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_RIGHTS, getLocale( ), model );
1721 
1722         return getAdminPage( template.getHtml( ) );
1723     }
1724 
1725     /**
1726      * Process the change form of an appUser rights
1727      *
1728      * @param request
1729      *            The Http request
1730      * @return The Jsp URL of the process result
1731      * @throws AccessDeniedException
1732      *             If the user is not authorized
1733      */
1734     public String doModifyAdminUserRights( HttpServletRequest request ) throws AccessDeniedException
1735     {
1736         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_RIGHTS ) )
1737         {
1738             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1739         }
1740         String strUserId = request.getParameter( PARAMETER_USER_ID );
1741         int nUserId = Integer.parseInt( strUserId );
1742 
1743         String [ ] arrayRights = request.getParameterValues( PARAMETER_RIGHT );
1744 
1745         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1746         AdminUser currentUser = AdminUserService.getAdminUser( request );
1747 
1748         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1749         {
1750             throw new AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1751         }
1752 
1753         AdminUserHome.removeAllOwnRightsForUser( user );
1754 
1755         if ( arrayRights != null )
1756         {
1757             for ( String strRight : arrayRights )
1758             {
1759                 AdminUserHome.createRightForUser( nUserId, strRight );
1760             }
1761         }
1762 
1763         HashMap<String, String [ ]> mapData = new HashMap<>( );
1764         mapData.put( user.getAccessCode( ), arrayRights );
1765         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_RIGHTS, currentUser, mapData, CONSTANT_BO );
1766 
1767         if ( user.getUserId( ) == currentUser.getUserId( ) )
1768         {
1769             try
1770             {
1771                 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1772             }
1773             catch( AccessDeniedException | UserNotSignedException e )
1774             {
1775                 AppLogService.error( e.getMessage( ), e );
1776             }
1777         }
1778 
1779         return JSP_MANAGE_USER_RIGHTS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1780     }
1781 
1782     /**
1783      * Build the User role list
1784      *
1785      * @param request
1786      *            Http Request
1787      * @return the right list
1788      * @throws AccessDeniedException
1789      *             If the user is not authorized
1790      */
1791     public String getManageAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1792     {
1793         setPageTitleProperty( PROPERTY_MANAGE_USER_ROLES_PAGETITLE );
1794 
1795         String strUserId = request.getParameter( PARAMETER_USER_ID );
1796         int nUserId = Integer.parseInt( strUserId );
1797         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1798         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1799 
1800         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1801         {
1802             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1803         }
1804 
1805         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1806 
1807         // ITEM NAVIGATION
1808         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1809 
1810         Map<String, Object> model = new HashMap<>( );
1811         model.put( MARK_CAN_MODIFY, getUser( ).isParent( selectedUser ) || getUser( ).isAdmin( ) );
1812         model.put( MARK_CAN_DELEGATE, getUser( ).getUserId( ) != nUserId );
1813         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1814         model.put( MARK_USER_ROLE_LIST, roleList );
1815         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1816 
1817         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MANAGE_USER_ROLES, getLocale( ), model );
1818 
1819         return getAdminPage( template.getHtml( ) );
1820     }
1821 
1822     /**
1823      * Build the role list
1824      *
1825      * @param request
1826      *            Http Request
1827      * @return the right list
1828      * @throws AccessDeniedException
1829      *             IF the user is not authorized
1830      */
1831     public String getModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1832     {
1833         boolean bDelegateRoles = Boolean.parseBoolean( request.getParameter( PARAMETER_DELEGATE_RIGHTS ) );
1834         setPageTitleProperty( PROPERTY_MODIFY_USER_ROLES_PAGETITLE );
1835 
1836         String strUserId = request.getParameter( PARAMETER_USER_ID );
1837         int nUserId = Integer.parseInt( strUserId );
1838 
1839         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1840         AdminUser userCurrent = AdminUserService.getAdminUser( request );
1841 
1842         if ( ( selectedUser == null ) || ( selectedUser.getUserId( ) == 0 ) )
1843         {
1844             return getManageAdminUsers( request );
1845         }
1846 
1847         if ( !isUserAuthorizedToModifyUser( userCurrent, selectedUser ) )
1848         {
1849             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1850         }
1851 
1852         Collection<RBACRole> roleList = AdminUserHome.getRolesListForUser( nUserId ).values( );
1853         Collection<RBACRole> assignableRoleList;
1854 
1855         if ( bDelegateRoles )
1856         {
1857             // assign connected user roles
1858             assignableRoleList = new ArrayList<>( );
1859 
1860             AdminUser currentUser = getUser( );
1861 
1862             for ( RBACRole role : RBACRoleHome.findAll( ) )
1863             {
1864                 if ( currentUser.isAdmin( ) || RBACService.isUserInRole( currentUser, role.getKey( ) ) )
1865                 {
1866                     assignableRoleList.add( role );
1867                 }
1868             }
1869         }
1870         else
1871         {
1872             // assign all available roles
1873             assignableRoleList = RBACRoleHome.findAll( );
1874         }
1875 
1876         // ITEM NAVIGATION
1877         setItemNavigator( nUserId, AppPathService.getBaseUrl( request ) + JSP_URL_MANAGE_USER_ROLES );
1878 
1879         Map<String, Object> model = new HashMap<>( );
1880         model.put( MARK_USER, AdminUserHome.findByPrimaryKey( nUserId ) );
1881         model.put( MARK_USER_ROLE_LIST, roleList );
1882         model.put( MARK_ALL_ROLE_LIST, assignableRoleList );
1883         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
1884         model.put( MARK_DEFAULT_MODE_USED, AdminAuthenticationService.getInstance( ).isDefaultModuleUsed( ) );
1885         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MANAGE_USER_ROLES ) );
1886 
1887         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_USER_ROLES, getLocale( ), model );
1888 
1889         return getAdminPage( template.getHtml( ) );
1890     }
1891 
1892     /**
1893      * Process the change form of an appUser roles
1894      *
1895      * @param request
1896      *            The Http request
1897      * @return The Jsp URL of the process result
1898      * @throws AccessDeniedException
1899      *             IF the user is not authorized
1900      */
1901     public String doModifyAdminUserRoles( HttpServletRequest request ) throws AccessDeniedException
1902     {
1903         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_ROLES ) )
1904         {
1905             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1906         }
1907         String strUserId = request.getParameter( PARAMETER_USER_ID );
1908         int nUserId = Integer.parseInt( strUserId );
1909         AdminUser selectedUser = AdminUserHome.findByPrimaryKey( nUserId );
1910         AdminUser currentUser = AdminUserService.getAdminUser( request );
1911 
1912         if ( !isUserAuthorizedToModifyUser( currentUser, selectedUser ) )
1913         {
1914             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1915         }
1916 
1917         String [ ] arrayRoles = request.getParameterValues( PARAMETER_ROLE );
1918 
1919         AdminUserHome.removeAllRolesForUser( nUserId );
1920 
1921         if ( arrayRoles != null )
1922         {
1923             for ( String strRole : arrayRoles )
1924             {
1925                 AdminUserHome.createRoleForUser( nUserId, strRole );
1926             }
1927         }
1928 
1929         HashMap<String, String [ ]> mapData = new HashMap<>( );
1930         mapData.put( selectedUser.getAccessCode( ), arrayRoles );
1931         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_ROLES, currentUser, mapData, CONSTANT_BO );
1932 
1933         return JSP_MANAGE_USER_ROLES + "?" + PARAMETER_USER_ID + "=" + nUserId;
1934     }
1935 
1936     /**
1937      * Process the change form of an appUser workspaces
1938      *
1939      * @param request
1940      *            The Http request
1941      * @return The Jsp URL of the process result
1942      * @throws AccessDeniedException
1943      *             If the user is not authorized
1944      */
1945     public String doModifyAdminUserWorkgroups( HttpServletRequest request ) throws AccessDeniedException
1946     {
1947         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MANAGE_USER_WORKGROUPS ) )
1948         {
1949             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
1950         }
1951         String strUserId = request.getParameter( PARAMETER_USER_ID );
1952         int nUserId = Integer.parseInt( strUserId );
1953         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
1954         AdminUser currentUser = getUser( );
1955 
1956         if ( !isUserAuthorizedToModifyUser( currentUser, user ) )
1957         {
1958             throw new fr.paris.lutece.portal.service.admin.AccessDeniedException( MESSAGE_NOT_AUTHORIZED );
1959         }
1960 
1961         String [ ] arrayWorkspaces = request.getParameterValues( PARAMETER_WORKGROUP );
1962         ReferenceList assignableWorkgroups = AdminWorkgroupHome.getUserWorkgroups( currentUser );
1963 
1964         for ( ReferenceItem item : assignableWorkgroups )
1965         {
1966             AdminWorkgroupHome.removeUserFromWorkgroup( user, item.getCode( ) );
1967         }
1968 
1969         if ( arrayWorkspaces != null )
1970         {
1971             for ( String strWorkgroupKey : arrayWorkspaces )
1972             {
1973                 AdminWorkgroupHome.addUserForWorkgroup( user, strWorkgroupKey );
1974             }
1975         }
1976 
1977         HashMap<String, String [ ]> mapData = new HashMap<>( );
1978         mapData.put( user.getAccessCode( ), arrayWorkspaces );
1979         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_ADMINUSER_GROUPS, currentUser, mapData, CONSTANT_BO );
1980 
1981         return JSP_MANAGE_USER_WORKGROUPS + "?" + PARAMETER_USER_ID + "=" + nUserId;
1982     }
1983 
1984     /**
1985      * Tell if 2 users have groups in common
1986      * 
1987      * @param user1
1988      *            User1
1989      * @param user2
1990      *            User2
1991      * @return true or false
1992      */
1993     private boolean haveCommonWorkgroups( AdminUser../../../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser user1, AdminUser user2 )
1994     {
1995         ReferenceList workgroups = AdminWorkgroupHome.getUserWorkgroups( user1 );
1996 
1997         if ( workgroups.isEmpty( ) )
1998         {
1999             return true;
2000         }
2001 
2002         for ( ReferenceItem item : workgroups )
2003         {
2004             if ( AdminWorkgroupHome.isUserInWorkgroup( user2, item.getCode( ) ) )
2005             {
2006                 return true;
2007             }
2008         }
2009 
2010         return false;
2011     }
2012 
2013     /**
2014      * Modify the default user parameter values.
2015      * 
2016      * @param request
2017      *            HttpServletRequest
2018      * @return The Jsp URL of the process result
2019      * @throws AccessDeniedException
2020      *             If the user does not have the permission
2021      */
2022     public String doModifyDefaultUserParameterValues( HttpServletRequest request ) throws AccessDeniedException
2023     {
2024         if ( !SecurityTokenService.getInstance( ).validate( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) )
2025         {
2026             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2027         }
2028         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2029                 getUser( ) ) )
2030         {
2031             throw new AccessDeniedException(
2032                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2033         }
2034 
2035         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2036         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2037         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2038         DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2039 
2040         Map logParametersMap = new HashMap( );
2041         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_STATUS, request.getParameter( PARAMETER_STATUS ) );
2042         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, request.getParameter( PARAMETER_USER_LEVEL ) );
2043         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, request.getParameter( PARAMETER_NOTIFY_USER ) );
2044         logParametersMap.put( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, request.getParameter( PARAMETER_LANGUAGE ) );
2045         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_PARAMETERS, getUser( ), logParametersMap,
2046                 CONSTANT_BO );
2047 
2048         return getAdminDashboardsUrl( request, ANCHOR_DEFAULT_USER_PARAMETER_VALUES );
2049     }
2050 
2051     /**
2052      * Modify the default user parameter security values.
2053      * 
2054      * @param request
2055      *            HttpServletRequest
2056      * @return The Jsp URL of the process result
2057      * @throws AccessDeniedException
2058      *             If the user does not have the permission
2059      */
2060     public String doModifyDefaultUserSecurityValues( HttpServletRequest request ) throws AccessDeniedException
2061     {
2062         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2063         {
2064             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2065         }
2066         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2067                 getUser( ) ) )
2068         {
2069             throw new AccessDeniedException(
2070                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2071         }
2072 
2073         Map logParametersMap = new HashMap( );
2074 
2075         String strForceChangePasswordValue = request.getParameter( PARAMETER_FORCE_CHANGE_PASSWORD_REINIT );
2076         strForceChangePasswordValue = StringUtils.isNotBlank( strForceChangePasswordValue ) ? strForceChangePasswordValue : StringUtils.EMPTY;
2077 
2078         DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2079         logParametersMap.put( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, strForceChangePasswordValue );
2080 
2081         // Parameter password length
2082         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2083         logParametersMap.put( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, request.getParameter( PARAMETER_PASSWORD_MINIMUM_LENGTH ) );
2084 
2085         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2086         logParametersMap.put( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, request.getParameter( PARAMETER_RESET_TOKEN_VALIDITY ) );
2087         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION,
2088                 request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2089         logParametersMap.put( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, request.getParameter( PARAMETER_LOCK_RESET_TOKEN_TO_SESSION ) );
2090 
2091         boolean bUseAdvancedSecurityParameter = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2092 
2093         if ( bUseAdvancedSecurityParameter )
2094         {
2095             // Parameter format
2096             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE,
2097                     request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2098             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_UPPER_LOWER_CASE, request.getParameter( PARAMETER_PASSWORD_FORMAT_UPPER_LOWER_CASE ) );
2099             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2100             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_NUMERO, request.getParameter( PARAMETER_PASSWORD_FORMAT_NUMERO ) );
2101             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2102                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2103             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_FORMAT_SPECIAL_CHARACTERS,
2104                     request.getParameter( PARAMETER_PASSWORD_FORMAT_SPECIAL_CHARACTERS ) );
2105 
2106             // Parameter password duration
2107             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2108             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_DURATION, request.getParameter( PARAMETER_PASSWORD_DURATION ) );
2109 
2110             // Password history size
2111             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2112             logParametersMap.put( AdminUserService.DSKEY_PASSWORD_HISTORY_SIZE, request.getParameter( PARAMETER_PASSWORD_HISTORY_SIZE ) );
2113 
2114             // maximum number of password change
2115             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE,
2116                     request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2117             logParametersMap.put( AdminUserService.DSKEY_MAXIMUM_NUMBER_PASSWORD_CHANGE, request.getParameter( PARAMETER_MAXIMUM_NUMBER_PASSWORD_CHANGE ) );
2118 
2119             // maximum number of password change
2120             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE,
2121                     request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2122             logParametersMap.put( AdminUserService.DSKEY_TSW_SIZE_PASSWORD_CHANGE, request.getParameter( PARAMETER_TSW_SIZE_PASSWORD_CHANGE ) );
2123 
2124             // Notify user when his password expires
2125             AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED,
2126                     request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2127             logParametersMap.put( AdminUserService.DSKEY_NOTIFY_USER_PASSWORD_EXPIRED, request.getParameter( PARAMETER_NOTIFY_USER_PASSWORD_EXPIRED ) );
2128         }
2129 
2130         // Time of life of accounts
2131         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2132         logParametersMap.put( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, request.getParameter( PARAMETER_ACCOUNT_LIFE_TIME ) );
2133 
2134         // Time before the first alert when an account will expire
2135         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT,
2136                 request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2137         logParametersMap.put( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, request.getParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT ) );
2138 
2139         // Number of alerts sent to a user when his account will expire
2140         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2141         logParametersMap.put( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, request.getParameter( PARAMETER_NB_ALERT_ACCOUNT ) );
2142 
2143         // Time between alerts
2144         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT,
2145                 request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2146         logParametersMap.put( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, request.getParameter( PARAMETER_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2147 
2148         // Max access failure
2149         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2150         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_MAX, request.getParameter( MARK_ACCESS_FAILURES_MAX ) );
2151 
2152         // Access failure interval
2153         AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2154         logParametersMap.put( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, request.getParameter( MARK_ACCESS_FAILURES_INTERVAL ) );
2155 
2156         // Banned domain names
2157         AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2158         logParametersMap.put( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, request.getParameter( MARK_BANNED_DOMAIN_NAMES ) );
2159 
2160         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_MODIFY_DEFAULT_SECURITY, getUser( ), logParametersMap,
2161                 CONSTANT_BO );
2162 
2163         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2164     }
2165 
2166     /**
2167      * Modify the email pattern
2168      * 
2169      * @param request
2170      *            HttpServletRequest
2171      * @return The Jsp URL of the process result
2172      * @throws AccessDeniedException
2173      *             If the user does not have the permission
2174      */
2175     public String doModifyEmailPattern( HttpServletRequest request ) throws AccessDeniedException
2176     {
2177         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2178                 getUser( ) ) )
2179         {
2180             throw new AccessDeniedException(
2181                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2182         }
2183         if ( PARAMETER_RESET.equals( request.getParameter( PARAMETER_RESET ) ) )
2184         {
2185             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2186             {
2187                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2188             }
2189             return doResetEmailPattern( request );
2190         }
2191         String strSetManually = request.getParameter( PARAMETER_IS_EMAIL_PATTERN_SET_MANUALLY );
2192         String strEmailPattern = request.getParameter( PARAMETER_EMAIL_PATTERN );
2193 
2194         if ( StringUtils.isNotBlank( strEmailPattern ) )
2195         {
2196             if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2197             {
2198                 throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2199             }
2200             AdminUserService.doModifyEmailPattern( strEmailPattern, strSetManually != null );
2201             return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2202         }
2203         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ERROR_EMAIL_PATTERN, AdminMessage.TYPE_STOP );
2204     }
2205 
2206     /**
2207      * Reset the email pattern
2208      * 
2209      * @return the jsp return
2210      */
2211     private String doResetEmailPattern( HttpServletRequest request )
2212     {
2213         AdminUserService.doResetEmailPattern( );
2214 
2215         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2216     }
2217 
2218     /**
2219      * Do insert a regular expression
2220      * 
2221      * @param request
2222      *            {@link HttpServletRequest}
2223      * @return the jsp return
2224      * @throws AccessDeniedException
2225      *             access denied if the AdminUser does not have the permission
2226      */
2227     public String doInsertRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2228     {
2229         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2230         {
2231             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2232         }
2233         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2234                 getUser( ) ) )
2235         {
2236             throw new AccessDeniedException(
2237                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2238         }
2239 
2240         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2241 
2242         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2243         {
2244             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2245             AdminUserService.doInsertRegularExpression( nRegularExpressionId );
2246         }
2247 
2248         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2249     }
2250 
2251     /**
2252      * Do remove a regular expression
2253      * 
2254      * @param request
2255      *            {@link HttpServletRequest}
2256      * @return the jsp return
2257      * @throws AccessDeniedException
2258      *             access denied if the AdminUser does not have the permission
2259      */
2260     public String doRemoveRegularExpression( HttpServletRequest request ) throws AccessDeniedException
2261     {
2262         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2263         {
2264             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2265         }
2266         if ( !RBACService.isAuthorized( AdminUser.RESOURCE_TYPE, RBAC.WILDCARD_RESOURCES_ID, AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS,
2267                 getUser( ) ) )
2268         {
2269             throw new AccessDeniedException(
2270                     CONSTANT_USER_MSG + getUser( ) + CONSTANT_NOT_AUTHORIZED + AdminUserResourceIdService.PERMISSION_MANAGE_ADVANCED_PARAMETERS );
2271         }
2272 
2273         String strRegularExpressionId = request.getParameter( PARAMETER_ID_EXPRESSION );
2274 
2275         if ( StringUtils.isNotBlank( strRegularExpressionId ) && StringUtils.isNumeric( strRegularExpressionId ) )
2276         {
2277             int nRegularExpressionId = Integer.parseInt( strRegularExpressionId );
2278             AdminUserService.doRemoveRegularExpression( nRegularExpressionId );
2279         }
2280 
2281         return getAdminDashboardsUrl( request, ANCHOR_MODIFY_EMAIL_PATTERN );
2282     }
2283 
2284     /**
2285      * Get the admin message to confirm the enabling or the disabling of the advanced security parameters
2286      * 
2287      * @param request
2288      *            The request
2289      * @return The url of the admin message
2290      */
2291     public String getChangeUseAdvancedSecurityParameters( HttpServletRequest request )
2292     {
2293         Map<String, Object> parameters = new HashMap<>( 1 );
2294         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2295 
2296         if ( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) )
2297         {
2298             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_ASP, JSP_URL_REMOVE_ADVANCED_SECUR_PARAM,
2299                     AdminMessage.TYPE_CONFIRMATION, parameters );
2300         }
2301 
2302         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_USE_ASP, JSP_URL_USE_ADVANCED_SECUR_PARAM, AdminMessage.TYPE_CONFIRMATION,
2303                 parameters );
2304     }
2305 
2306     /**
2307      * Enable advanced security parameters
2308      * 
2309      * @param request
2310      *            The request
2311      * @return The Jsp URL of the process result
2312      * @throws AccessDeniedException
2313      *             if the security token is invalid
2314      */
2315     public String doUseAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2316     {
2317         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2318         {
2319             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2320         }
2321         AdminUserService.useAdvancedSecurityParameters( );
2322 
2323         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_USE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2324                 CONSTANT_BO );
2325 
2326         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2327     }
2328 
2329     /**
2330      * Disable advanced security parameters
2331      * 
2332      * @param request
2333      *            The request
2334      * @return The Jsp URL of the process result
2335      * @throws AccessDeniedException
2336      *             if the security token is invalid
2337      */
2338     public String doRemoveAdvancedSecurityParameters( HttpServletRequest request ) throws AccessDeniedException
2339     {
2340         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2341         {
2342             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2343         }
2344         AdminUserService.removeAdvancedSecurityParameters( );
2345 
2346         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_REMOVE_ADVANCE_SECURITY_PARAMETERS, getUser( ), null,
2347                 CONSTANT_BO );
2348 
2349         return getAdminDashboardsUrl( request, ANCHOR_ADVANCED_SECURITY_PARAMETERS );
2350     }
2351 
2352     /**
2353      * Get the page with the list of every anonymizable attribute
2354      * 
2355      * @param request
2356      *            The request
2357      * @return The admin page
2358      */
2359     public String getChangeFieldAnonymizeAdminUsers( HttpServletRequest request )
2360     {
2361         Map<String, Object> model = new HashMap<>( );
2362 
2363         List<IAttribute> listAllAttributes = AttributeService.getInstance( ).getAllAttributesWithoutFields( getLocale( ) );
2364         List<IAttribute> listAttributesText = new ArrayList<>( );
2365 
2366         for ( IAttribute attribut : listAllAttributes )
2367         {
2368             if ( attribut.isAnonymizable( ) )
2369             {
2370                 listAttributesText.add( attribut );
2371             }
2372         }
2373 
2374         model.put( MARK_ATTRIBUTES_LIST, listAttributesText );
2375 
2376         model.putAll( AdminUserHome.getAnonymizationStatusUserStaticField( ) );
2377         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, TOKEN_TECHNICAL_ADMIN ) );
2378 
2379         setPageTitleProperty( PROPERTY_MESSAGE_TITLE_CHANGE_ANONYMIZE_USER );
2380 
2381         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_FIELD_ANONYMIZE_ADMIN_USER, getLocale( ), model );
2382 
2383         return getAdminPage( template.getHtml( ) );
2384     }
2385 
2386     /**
2387      * Change the anonymization status of user parameters.
2388      * 
2389      * @param request
2390      *            The request
2391      * @return the Jsp URL of the process result
2392      * @throws AccessDeniedException
2393      *             If the security token is invalid
2394      */
2395     public String doChangeFieldAnonymizeAdminUsers( HttpServletRequest request ) throws AccessDeniedException
2396     {
2397         if ( request.getParameter( PARAMETER_CANCEL ) != null )
2398         {
2399             return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2400         }
2401         if ( !SecurityTokenService.getInstance( ).validate( request, TOKEN_TECHNICAL_ADMIN ) )
2402         {
2403             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2404         }
2405 
2406         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_ACCESS_CODE, Boolean.valueOf( request.getParameter( PARAMETER_ACCESS_CODE ) ) );
2407         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_FIRST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_FIRST_NAME ) ) );
2408         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_LAST_NAME, Boolean.valueOf( request.getParameter( PARAMETER_LAST_NAME ) ) );
2409         AdminUserHome.updateAnonymizationStatusUserStaticField( PARAMETER_EMAIL, Boolean.valueOf( request.getParameter( PARAMETER_EMAIL ) ) );
2410 
2411         AttributeService attributeService = AttributeService.getInstance( );
2412 
2413         List<IAttribute> listAllAttributes = attributeService.getAllAttributesWithoutFields( getLocale( ) );
2414         List<IAttribute> listAttributesText = new ArrayList<>( );
2415 
2416         for ( IAttribute attribut : listAllAttributes )
2417         {
2418             if ( attribut.isAnonymizable( ) )
2419             {
2420                 listAttributesText.add( attribut );
2421             }
2422         }
2423 
2424         for ( IAttribute attribute : listAttributesText )
2425         {
2426             Boolean bNewValue = Boolean.valueOf( request.getParameter( PARAMETER_ATTRIBUTE + Integer.toString( attribute.getIdAttribute( ) ) ) );
2427             attributeService.updateAnonymizationStatusUserField( attribute.getIdAttribute( ), bNewValue );
2428         }
2429 
2430         return getAdminDashboardsUrl( request, ANCHOR_ANONYMIZE_USERS );
2431     }
2432 
2433     /**
2434      * Get the confirmation page before anonymizing a user.
2435      * 
2436      * @param request
2437      *            The request
2438      * @return The URL of the confirmation page
2439      */
2440     public String getAnonymizeAdminUser( HttpServletRequest request )
2441     {
2442         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2443 
2444         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2445         {
2446             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2447         }
2448 
2449         int nUserId = Integer.parseInt( strAdminUserId );
2450         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2451 
2452         if ( user == null )
2453         {
2454             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2455         }
2456 
2457         String strUrl = JSP_URL_ANONYMIZE_ADMIN_USER;
2458         Map<String, Object> parameters = new HashMap<>( );
2459         parameters.put( PARAMETER_USER_ID, strAdminUserId );
2460         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_ANONYMIZE_ADMIN_USER ) );
2461 
2462         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_ANONYMIZE_USER, new Object [ ] {
2463                 user.getFirstName( ), user.getLastName( ), user.getAccessCode( )
2464         }, null, strUrl, null, AdminMessage.TYPE_CONFIRMATION, parameters, JSP_URL_MANAGE_USERS );
2465     }
2466 
2467     /**
2468      * Anonymize a user
2469      * 
2470      * @param request
2471      *            The request
2472      * @return The Jsp URL of the process result
2473      * @throws AccessDeniedException
2474      *             in case of invalid security token
2475      */
2476     public String doAnonymizeAdminUser( HttpServletRequest request ) throws AccessDeniedException
2477     {
2478         String strAdminUserId = request.getParameter( PARAMETER_USER_ID );
2479 
2480         if ( !StringUtils.isNumeric( strAdminUserId ) || strAdminUserId.isEmpty( ) )
2481         {
2482             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ADMIN_USER_SELECTED, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_STOP );
2483         }
2484 
2485         int nUserId = Integer.parseInt( strAdminUserId );
2486         AdminUser user = AdminUserHome.findByPrimaryKey( nUserId );
2487 
2488         if ( user == null )
2489         {
2490             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_USER_ERROR_SESSION, JSP_URL_MANAGE_USERS, AdminMessage.TYPE_ERROR );
2491         }
2492         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_ANONYMIZE_ADMIN_USER ) )
2493         {
2494             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2495         }
2496 
2497         AdminUserService.anonymizeUser( nUserId, getLocale( ) );
2498 
2499         AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_RIGHTS, CONSTANT_ANONYMIZE_ADMINUSER, getUser( ), user.getAccessCode( ),
2500                 CONSTANT_BO );
2501 
2502         return JSP_MANAGE_USER;
2503     }
2504 
2505     /**
2506      * Update a user account life time
2507      * 
2508      * @param request
2509      *            The request
2510      * @return The Jsp URL of the process result
2511      */
2512     public String reactivateAccount( HttpServletRequest request )
2513     {
2514         AdminUser user = AdminUserHome.findByPrimaryKey( AdminUserService.getAdminUser( request ).getUserId( ) );
2515         String strUrl;
2516         int nbDaysBeforeFirstAlert = AdminUserService.getIntegerSecurityParameter( PARAMETER_TIME_BEFORE_ALERT_ACCOUNT );
2517         Timestamp firstAlertMaxDate = new Timestamp( new java.util.Date( ).getTime( ) + DateUtil.convertDaysInMiliseconds( nbDaysBeforeFirstAlert ) );
2518 
2519         if ( user.getAccountMaxValidDate( ) != null )
2520         {
2521             // If the account is close to expire but has not expired yet
2522             if ( ( user.getAccountMaxValidDate( ).getTime( ) < firstAlertMaxDate.getTime( ) ) && ( user.getStatus( ) < AdminUser.EXPIRED_CODE ) )
2523             {
2524                 AdminUserService.updateUserExpirationDate( user );
2525             }
2526 
2527             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_ACCOUNT_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2528                     AdminMessage.TYPE_INFO );
2529         }
2530         else
2531         {
2532             strUrl = AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_NO_ACCOUNT_TO_REACTIVATED, AppPathService.getAdminMenuUrl( ),
2533                     AdminMessage.TYPE_ERROR );
2534         }
2535 
2536         return strUrl;
2537     }
2538 
2539     /**
2540      * Get the modify account life time emails page
2541      * 
2542      * @param request
2543      *            The request
2544      * @return The html to display
2545      */
2546     public String getModifyAccountLifeTimeEmails( HttpServletRequest request )
2547     {
2548         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2549 
2550         Map<String, Object> model = new HashMap<>( );
2551         String strSenderKey = StringUtils.EMPTY;
2552         String strSubjectKey = StringUtils.EMPTY;
2553         String strBodyKey = StringUtils.EMPTY;
2554         String strTitle = StringUtils.EMPTY;
2555 
2556         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2557         {
2558             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2559             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2560             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2561             strTitle = PROPERTY_FIRST_EMAIL;
2562         }
2563         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2564         {
2565             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2566             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2567             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2568             strTitle = PROPERTY_OTHER_EMAIL;
2569         }
2570         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2571         {
2572             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2573             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2574             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2575             strTitle = PROPERTY_ACCOUNT_DEACTIVATES_EMAIL;
2576         }
2577         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2578         {
2579             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2580             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2581             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2582             strTitle = PROPERTY_ACCOUNT_UPDATED_EMAIL;
2583         }
2584         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2585         {
2586             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2587             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2588             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2589             strTitle = PROPERTY_NOTIFY_PASSWORD_EXPIRED;
2590         }
2591 
2592         String defaultUserParameter = DefaultUserParameterHome.findByKey( strSenderKey );
2593         String strSender = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2594 
2595         defaultUserParameter = DefaultUserParameterHome.findByKey( strSubjectKey );
2596 
2597         String strSubject = ( defaultUserParameter == null ) ? StringUtils.EMPTY : defaultUserParameter;
2598 
2599         // ITEM NAVIGATION
2600         setItemNavigator( getUser( ).getUserId( ), AppPathService.getBaseUrl( request ) + JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL );
2601 
2602         model.put( PARAMETER_EMAIL_TYPE, strEmailType );
2603         model.put( MARK_EMAIL_SENDER, strSender );
2604         model.put( MARK_EMAIL_SUBJECT, strSubject );
2605         model.put( MARK_EMAIL_BODY, DatabaseTemplateService.getTemplateFromKey( strBodyKey, true ) );
2606         model.put( MARK_EMAIL_LABEL, strTitle );
2607         model.put( MARK_WEBAPP_URL, AppPathService.getBaseUrl( request ) );
2608         model.put( MARK_LOCALE, getLocale( ) );
2609         model.put( MARK_ITEM_NAVIGATOR, _itemNavigator );
2610         model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) );
2611 
2612         HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_ACCOUNT_LIFE_TIME_EMAIL, getLocale( ), model );
2613 
2614         return getAdminPage( template.getHtml( ) );
2615     }
2616 
2617     /**
2618      * Update an account life time email
2619      * 
2620      * @param request
2621      *            The request
2622      * @return The Jsp URL of the process result
2623      * @throws AccessDeniedException
2624      *             if the security token is invalid
2625      */
2626     public String doModifyAccountLifeTimeEmails( HttpServletRequest request ) throws AccessDeniedException
2627     {
2628         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_URL_MODIFY_ACCOUNT_LIFE_TIME_EMAIL ) )
2629         {
2630             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
2631         }
2632         String strEmailType = request.getParameter( PARAMETER_EMAIL_TYPE );
2633 
2634         String strSenderKey = StringUtils.EMPTY;
2635         String strSubjectKey = StringUtils.EMPTY;
2636         String strBodyKey = StringUtils.EMPTY;
2637 
2638         if ( CONSTANT_EMAIL_TYPE_FIRST.equalsIgnoreCase( strEmailType ) )
2639         {
2640             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SENDER;
2641             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_FIRST_ALERT_MAIL_SUBJECT;
2642             strBodyKey = PARAMETER_FIRST_ALERT_MAIL;
2643         }
2644         else if ( CONSTANT_EMAIL_TYPE_OTHER.equalsIgnoreCase( strEmailType ) )
2645         {
2646             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SENDER;
2647             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_OTHER_ALERT_MAIL_SUBJECT;
2648             strBodyKey = PARAMETER_OTHER_ALERT_MAIL;
2649         }
2650         else if ( CONSTANT_EMAIL_TYPE_EXPIRED.equalsIgnoreCase( strEmailType ) )
2651         {
2652             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SENDER;
2653             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_EXPIRED_ALERT_MAIL_SUBJECT;
2654             strBodyKey = PARAMETER_EXPIRATION_MAIL;
2655         }
2656         else if ( CONSTANT_EMAIL_TYPE_REACTIVATED.equalsIgnoreCase( strEmailType ) )
2657         {
2658             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SENDER;
2659             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_REACTIVATED_ALERT_MAIL_SUBJECT;
2660             strBodyKey = PARAMETER_ACCOUNT_REACTIVATED;
2661         }
2662         else if ( CONSTANT_EMAIL_PASSWORD_EXPIRED.equalsIgnoreCase( strEmailType ) )
2663         {
2664             strSenderKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SENDER;
2665             strSubjectKey = CONSTANT_ADVANCED_PARAMS + PARAMETER_PASSWORD_EXPIRED_MAIL_SUBJECT;
2666             strBodyKey = PARAMETER_NOTIFY_PASSWORD_EXPIRED;
2667         }
2668 
2669         AdminUserService.updateSecurityParameter( strSenderKey, request.getParameter( MARK_EMAIL_SENDER ) );
2670         AdminUserService.updateSecurityParameter( strSubjectKey, request.getParameter( MARK_EMAIL_SUBJECT ) );
2671         DatabaseTemplateService.updateTemplate( strBodyKey, request.getParameter( MARK_EMAIL_BODY ) );
2672 
2673         return getAdminDashboardsUrl( request, ANCHOR_LIFE_TIME_EMAILS );
2674     }
2675 
2676     /**
2677      * Get the item navigator
2678      * 
2679      * @param nIdAdminUser
2680      *            the admin user id
2681      * @param strUrl
2682      *            the url
2683      */
2684     private void setItemNavigator( int nIdAdminUser, String strUrl )
2685     {
2686         if ( _itemNavigator == null )
2687         {
2688             List<String> listIdsRight = new ArrayList<>( );
2689             int nCurrentItemId = 0;
2690             int nIndex = 0;
2691 
2692             AdminUser currentUser = getUser( );
2693 
2694             for ( AdminUser adminUser : AdminUserHome.findUserList( ) )
2695             {
2696                 if ( ( adminUser != null ) && isUserAuthorizedToModifyUser( currentUser, adminUser ) )
2697                 {
2698                     listIdsRight.add( Integer.toString( adminUser.getUserId( ) ) );
2699 
2700                     if ( adminUser.getUserId( ) == nIdAdminUser )
2701                     {
2702                         nCurrentItemId = nIndex;
2703                     }
2704 
2705                     nIndex++;
2706                 }
2707             }
2708 
2709             _itemNavigator = new ItemNavigator( listIdsRight, nCurrentItemId, strUrl, PARAMETER_USER_ID );
2710         }
2711         else
2712         {
2713             _itemNavigator.setCurrentItemId( Integer.toString( nIdAdminUser ) );
2714             _itemNavigator.setBaseUrl( strUrl );
2715         }
2716     }
2717 
2718     /**
2719      * Reinit the item navigator
2720      */
2721     private void reinitItemNavigator( )
2722     {
2723         _itemNavigator = null;
2724     }
2725 
2726     /**
2727      * Check if a user is authorized to modify another user
2728      * 
2729      * @param currentUser
2730      *            The current user
2731      * @param userToModify
2732      *            The user to modify
2733      * @return True if the current user can modify the other user, false otherwise
2734      */
2735     private boolean isUserAuthorizedToModifyUser( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2736     {
2737         if ( currentUser == null || userToModify == null )
2738         {
2739             return false;
2740         }
2741         return currentUser.isAdmin( ) || ( currentUser.isParent( userToModify )
2742                 && ( ( haveCommonWorkgroups( currentUser, userToModify ) ) || ( !AdminWorkgroupHome.checkUserHasWorkgroup( userToModify.getUserId( ) ) ) ) );
2743     }
2744 
2745     /**
2746      * Check if a user is authorized to modify another user's right level
2747      * 
2748      * @param currentUser
2749      *            The user doing the modification
2750      * @param userToModify
2751      *            The user whose right level is being modified
2752      * @return true if the user's right level can be modified, false otherwise
2753      */
2754     private boolean isUserAuthorizedToChangeUserLevel( AdminUser../../../../fr/paris/lutece/portal/business/user/AdminUser.html#AdminUser">AdminUser currentUser, AdminUser userToModify )
2755     {
2756         if ( currentUser == null || userToModify == null )
2757         {
2758             return false;
2759         }
2760         return currentUser.checkRight( "CORE_LEVEL_MANAGEMENT" ) && userToModify.getUserLevel( ) != 0;
2761     }
2762 
2763     /**
2764      * Check if a user's right level has been modified
2765      * 
2766      * @param user
2767      *            The user whose right level is being modified
2768      * @param strSelectedUserLevel
2769      *            The new right level selected
2770      * @return true if the level has been modified, false otherwise
2771      */
2772     private boolean isUserLevelModified( AdminUser user, String strSelectedUserLevel )
2773     {
2774         if ( strSelectedUserLevel != null )
2775         {
2776             int nSelectedUserLevel = Integer.parseInt( strSelectedUserLevel );
2777             return nSelectedUserLevel != user.getUserLevel( );
2778         }
2779         return false;
2780     }
2781 }