Enable User account locking and disabling

src/main/java/org/genesys2/server/model/impl/User.java

@@ -16,6 +16,7 @@
 
 package org.genesys2.server.model.impl;
 
+import java.beans.Transient;
 import java.util.HashSet;
 import java.util.Set;
 import java.util.UUID;
@@ -84,6 +85,12 @@ public class User extends BusinessModel {
 	@Column(nullable = false, updatable = false, name = "sys")
 	private boolean systemAccount;
 
+	@Column
+	private boolean enabled;
+
+	@Column
+	private boolean locked;
+
 	
 	@PrePersist
 	void ensureUUID() {
@@ -176,4 +183,33 @@ public class User extends BusinessModel {
 	public boolean isSystemAccount() {
 		return systemAccount;
 	}
+
+	public boolean isEnabled() {
+		return this.enabled;
+	}
+	
+	public void setEnabled(boolean enabled) {
+		this.enabled = enabled;
+	}
+
+	public boolean isAccountLocked() {
+		return this.locked;
+	}
+	
+	public void setAccountLocked(boolean locked) {
+		this.locked = locked;
+	}
+	
+	@Transient
+	public boolean isAccountExpired() {
+		// We don't support account expiration
+		return false;
+	}
+	
+	@Transient
+	public boolean isPasswordExpired() {
+		// We don't support password expiration
+		return false;
+	}
+
 }

src/main/java/org/genesys2/server/service/UserService.java

@@ -44,11 +44,11 @@ public interface UserService {
 
 	@PreAuthorize("isAuthenticated()")
 	User getMe();
-	
+
 	User getUserByEmail(String email);
 
 	User getUserByUuid(String uuid);
-	
+
 	User getUserById(long userId) throws UserException;
 
 	boolean exists(String username) throws UserException;
@@ -58,10 +58,14 @@ public interface UserService {
 	UserWrapper getWrappedById(long userId) throws UserException;
 
 	@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.id == #userId")
-	User updateData(long userId, String name);
+	User updateData(long userId, String name, String email);
 
 	User getSystemUser(String string);
 
 	Page<User> listUsers(Pageable pageable);
 
+	void setAccountLock(String uuid, boolean locked);
+
+	void setAccountEnabled(String uuid, boolean enabled);
+
 }

src/main/java/org/genesys2/server/service/impl/AuthUserDetailsService.java

@@ -47,7 +47,13 @@ public class AuthUserDetailsService implements UserDetailsService {
 			return null;
 		}
 
-		AuthUserDetails userDetails = new AuthUserDetails(user.getUuid(), user.getPassword(), getGrantedAuthorities(user));
+		boolean enabled = user.isEnabled();
+		boolean accountNonExpired = !user.isAccountExpired();
+		boolean credentialsNonExpired = !user.isPasswordExpired();
+		boolean accountNonLocked = !user.isAccountLocked();
+
+		AuthUserDetails userDetails = new AuthUserDetails(user.getUuid(), user.getPassword(), enabled, accountNonExpired, credentialsNonExpired,
+				accountNonLocked, getGrantedAuthorities(user));
 
 		// set actual DB user for possible further purposes
 		userDetails.setUser(user);

src/main/java/org/genesys2/server/service/impl/UserServiceImpl.java

@@ -162,9 +162,10 @@ public class UserServiceImpl implements UserService {
 	@Override
 	@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.id == #userId")
 	@Transactional(readOnly = false)
-	public User updateData(long userId, String name) {
+	public User updateData(long userId, String name, String email) {
 		User user = userPersistence.findOne(userId);
 		user.setName(name);
+		user.setEmail(email);
 		userPersistence.save(user);
 		return user;
 	}
@@ -177,6 +178,28 @@ public class UserServiceImpl implements UserService {
 		userPersistence.save(user);
 	}
 
+	@Override
+	@Transactional(readOnly = false)
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	public void setAccountEnabled(String uuid, boolean enabled) {
+		User user = userPersistence.findByUuid(uuid);
+		if (! enabled && user.getRoles().contains(UserRole.ADMINISTRATOR))
+			throw new SecurityException("Can't disable ADMINISTRATOR accounts");
+		user.setEnabled(enabled);
+		userPersistence.save(user);
+	}
+
+	@Override
+	@Transactional(readOnly = false)
+	@PreAuthorize("hasRole('ADMINISTRATOR')")
+	public void setAccountLock(String uuid, boolean locked) {
+		User user = userPersistence.findByUuid(uuid);
+		if (locked && user.getRoles().contains(UserRole.ADMINISTRATOR))
+			throw new SecurityException("Can't lock ADMINISTRATOR accounts");
+		user.setAccountLocked(locked);
+		userPersistence.save(user);
+	}
+
 	private void setPassword(User user, String rawPassword) {
 		// encrypt password
 		user.setPassword(passwordEncoder.encode(rawPassword));

src/main/java/org/genesys2/server/servlet/controller/UserProfileController.java

@@ -93,15 +93,15 @@ public class UserProfileController extends BaseController {
 		return "/user/edit";
 	}
 
-	@PreAuthorize("isAuthenticated()")
-	@RequestMapping(value = "/update", method = { RequestMethod.POST })
-	public String updateMe(ModelMap model, @RequestParam("name") String name, @RequestParam("pwd1") String pwd1, @RequestParam("pwd2") String pwd2) {
-		User user = userService.getMe();
+	@RequestMapping(value = "/{uuid:.+}/update", method = { RequestMethod.POST })
+	@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
+	public String update(ModelMap model, @PathVariable("uuid") String uuid, @RequestParam("name") String name,@RequestParam("email") String email, @RequestParam("pwd1") String pwd1, @RequestParam("pwd2") String pwd2) {
+		User user = userService.getUserByUuid(uuid);
 		if (user == null) {
 			throw new ResourceNotFoundException();
 		}
 
-		userService.updateData(user.getId(), name);
+		userService.updateData(user.getId(), name, email);
 
 		if (StringUtils.isNotBlank(pwd1)) {
 			if (pwd1.equals(pwd2)) {
@@ -117,6 +117,6 @@ public class UserProfileController extends BaseController {
 			}
 		}
 
-		return "redirect:/profile";
+		return "redirect:/profile/" + user.getUuid();
 	}
 }

src/main/java/org/genesys2/server/servlet/controller/rest/UserController.java

@@ -77,6 +77,21 @@ public class UserController extends RestController {
 		LOG.info("Creating team " + teamJson);
 		return OAuth2Cleanup.clean(teamService.addTeam(teamJson.name));
 	}
+	
+	@RequestMapping(value = "/user/{uuid}/locked", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
+	public @ResponseBody
+	boolean changeLock(@PathVariable("uuid") String uuid, @RequestBody boolean locked) {
+		userService.setAccountLock(uuid, locked);
+		return true;
+	}
+	
+
+	@RequestMapping(value = "/user/{uuid}/enabled", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
+	public @ResponseBody
+	boolean changeEnabled(@PathVariable("uuid") String uuid, @RequestBody boolean enabled) {
+		userService.setAccountEnabled(uuid, enabled);
+		return true;
+	}
 
 	@RequestMapping(value = "/me/teams/{teamId}/leave", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
 	public @ResponseBody

src/main/resources/content/language.properties

@@ -93,6 +93,7 @@ user.pulldown.heading=You are {0}
 user.create-new-account=Create an account
 user.full-name=Full Name
 user.email=E-mail Address
+user.account-status=Account Status
 userprofile.page.title=User profile
 userprofile.update.title=Update your profile
 

src/main/webapp/WEB-INF/jsp/user/edit.jsp

@@ -11,7 +11,7 @@
 		<spring:message code="userprofile.update.title" />
 	</h1>
 
-	<form role="form" class="form-horizontal validate" action="<c:url value="/profile/update" />" method="post">
+	<form role="form" class="form-horizontal validate" action="<c:url value="/profile/${user.uuid}/update" />" method="post">
 		<div class="form-group">
 			<label for="name" class="col-lg-2 control-label"><spring:message code="registration.full-name" /></label>
 			<div class="col-lg-3">

src/main/webapp/WEB-INF/jsp/user/index.jsp

@@ -23,7 +23,11 @@
 				<td><c:if test="${not user.systemAccount}"><a href="<c:url value="/profile/${user.uuid}" />"><c:out value="${user.name}" /></a></c:if></td>
 				<td>${user.uuid}</td>
 				<td>${user.email}</td>
-				<td>${user.systemAccount ? 'SYSTEM' : ''}</td>
+				<td>
+					<c:if test="${user.systemAccount}">SYSTEM</c:if>
+					<c:if test="${not user.enabled}">DISABLED</c:if>
+					<c:if test="${user.accountLocked}">LOCKED</c:if>
+				</td>
 			</tr>
 		</c:forEach>
 	</table>

src/main/webapp/WEB-INF/jsp/user/profile.jsp

@@ -26,9 +26,28 @@
 				<label for="password" class="col-lg-2 control-label"><spring:message code="user.email" /></label>
 				<div class="col-lg-3">${user.email}</div>
 			</div>
+		
+			<div class="form-group">
+				<label class="col-lg-2 control-label"><spring:message code="user.account-status" /></label>
+				<div class="col-lg-3">
+					<c:if test="${user.systemAccount}">SYSTEM</c:if>
+					<c:if test="${not user.enabled}">DISABLED</c:if>
+					<c:if test="${user.accountLocked}">LOCKED</c:if>
+				</div>
+			</div>
 		</security:authorize>
 	</div>
 	
+	<security:authorize access="hasRole('ADMINISTRATOR')">
+	<div class="form-group">
+		<button class="btn" id="acccount-lock">Lock</button>
+		<button class="btn" id="acccount-unlock">Unlock</button>
+
+		<button class="btn" id="acccount-disable">Disable</button>
+		<button class="btn" id="acccount-enable">Enable</button>
+	</div>
+	</security:authorize>
+	
 	<h3><spring:message code="team.user-teams" /></h3>
 
 	<ul class="funny-list">
@@ -53,11 +72,15 @@
 			</div>
 		</div>
 	</form>
+	</security:authorize>
 	
+	<security:authorize access="isAuthenticated()">
 	<script src="<c:url value="/html/js/main.js" />"></script>
 	<script src="<c:url value="/html/js/jsonclient.js" />"></script>
 	<script type="text/javascript">
 	jQuery(document).ready(function() {
+
+	<security:authorize access="principal.user.id == #user.id">
 		$("#new-team-form input[type=submit]").on("click", function(e) {
 			e.preventDefault();
 			x01("<c:url value="/json/v0/me/teams" />", { success: function(e) {
@@ -72,10 +95,37 @@
 						window.location.reload();
 					}});
 		});
+	</security:authorize>
+
+	<security:authorize access="hasRole('ADMINISTRATOR')">
+		$("button#acccount-enable").on("click", function(e) {
+			e.preventDefault();
+			x01("<c:url value="/json/v0/user/${user.uuid}/enabled" />", { success: function(e) {
+				window.location.reload();
+			}}, true);
+		});
+		$("button#acccount-disable").on("click", function(e) {
+			e.preventDefault();
+			x01("<c:url value="/json/v0/user/${user.uuid}/enabled" />", { success: function(e) {
+				window.location.reload();
+			}}, false);
+		});
+		$("button#acccount-lock").on("click", function(e) {
+			e.preventDefault();
+			x01("<c:url value="/json/v0/user/${user.uuid}/locked" />", { success: function(e) {
+				window.location.reload();
+			}}, true);
+		});
+		$("button#acccount-unlock").on("click", function(e) {
+			e.preventDefault();
+			x01("<c:url value="/json/v0/user/${user.uuid}/locked" />", { success: function(e) {
+				window.location.reload();
+			}}, false);
+		});
+	</security:authorize>
 	});
 	</script>
-	</security:authorize>
-	
+	</security:authorize>	
 	
 </body>
 </html>
\ No newline at end of file