Commit c24519a4 authored by Matija Obreza's avatar Matija Obreza
Browse files

Enable User account locking and disabling

parent 122f3c8d
......@@ -16,6 +16,7 @@
package org.genesys2.server.model.impl;
import java.beans.Transient;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
......@@ -84,6 +85,12 @@ public class User extends BusinessModel {
@Column(nullable = false, updatable = false, name = "sys")
private boolean systemAccount;
@Column
private boolean enabled;
@Column
private boolean locked;
@PrePersist
void ensureUUID() {
......@@ -176,4 +183,33 @@ public class User extends BusinessModel {
public boolean isSystemAccount() {
return systemAccount;
}
public boolean isEnabled() {
return this.enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
public boolean isAccountLocked() {
return this.locked;
}
public void setAccountLocked(boolean locked) {
this.locked = locked;
}
@Transient
public boolean isAccountExpired() {
// We don't support account expiration
return false;
}
@Transient
public boolean isPasswordExpired() {
// We don't support password expiration
return false;
}
}
......@@ -44,11 +44,11 @@ public interface UserService {
@PreAuthorize("isAuthenticated()")
User getMe();
User getUserByEmail(String email);
User getUserByUuid(String uuid);
User getUserById(long userId) throws UserException;
boolean exists(String username) throws UserException;
......@@ -58,10 +58,14 @@ public interface UserService {
UserWrapper getWrappedById(long userId) throws UserException;
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.id == #userId")
User updateData(long userId, String name);
User updateData(long userId, String name, String email);
User getSystemUser(String string);
Page<User> listUsers(Pageable pageable);
void setAccountLock(String uuid, boolean locked);
void setAccountEnabled(String uuid, boolean enabled);
}
......@@ -47,7 +47,13 @@ public class AuthUserDetailsService implements UserDetailsService {
return null;
}
AuthUserDetails userDetails = new AuthUserDetails(user.getUuid(), user.getPassword(), getGrantedAuthorities(user));
boolean enabled = user.isEnabled();
boolean accountNonExpired = !user.isAccountExpired();
boolean credentialsNonExpired = !user.isPasswordExpired();
boolean accountNonLocked = !user.isAccountLocked();
AuthUserDetails userDetails = new AuthUserDetails(user.getUuid(), user.getPassword(), enabled, accountNonExpired, credentialsNonExpired,
accountNonLocked, getGrantedAuthorities(user));
// set actual DB user for possible further purposes
userDetails.setUser(user);
......
......@@ -162,9 +162,10 @@ public class UserServiceImpl implements UserService {
@Override
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.id == #userId")
@Transactional(readOnly = false)
public User updateData(long userId, String name) {
public User updateData(long userId, String name, String email) {
User user = userPersistence.findOne(userId);
user.setName(name);
user.setEmail(email);
userPersistence.save(user);
return user;
}
......@@ -177,6 +178,28 @@ public class UserServiceImpl implements UserService {
userPersistence.save(user);
}
@Override
@Transactional(readOnly = false)
@PreAuthorize("hasRole('ADMINISTRATOR')")
public void setAccountEnabled(String uuid, boolean enabled) {
User user = userPersistence.findByUuid(uuid);
if (! enabled && user.getRoles().contains(UserRole.ADMINISTRATOR))
throw new SecurityException("Can't disable ADMINISTRATOR accounts");
user.setEnabled(enabled);
userPersistence.save(user);
}
@Override
@Transactional(readOnly = false)
@PreAuthorize("hasRole('ADMINISTRATOR')")
public void setAccountLock(String uuid, boolean locked) {
User user = userPersistence.findByUuid(uuid);
if (locked && user.getRoles().contains(UserRole.ADMINISTRATOR))
throw new SecurityException("Can't lock ADMINISTRATOR accounts");
user.setAccountLocked(locked);
userPersistence.save(user);
}
private void setPassword(User user, String rawPassword) {
// encrypt password
user.setPassword(passwordEncoder.encode(rawPassword));
......
......@@ -93,15 +93,15 @@ public class UserProfileController extends BaseController {
return "/user/edit";
}
@PreAuthorize("isAuthenticated()")
@RequestMapping(value = "/update", method = { RequestMethod.POST })
public String updateMe(ModelMap model, @RequestParam("name") String name, @RequestParam("pwd1") String pwd1, @RequestParam("pwd2") String pwd2) {
User user = userService.getMe();
@RequestMapping(value = "/{uuid:.+}/update", method = { RequestMethod.POST })
@PreAuthorize("hasRole('ADMINISTRATOR') || principal.user.uuid == #uuid")
public String update(ModelMap model, @PathVariable("uuid") String uuid, @RequestParam("name") String name,@RequestParam("email") String email, @RequestParam("pwd1") String pwd1, @RequestParam("pwd2") String pwd2) {
User user = userService.getUserByUuid(uuid);
if (user == null) {
throw new ResourceNotFoundException();
}
userService.updateData(user.getId(), name);
userService.updateData(user.getId(), name, email);
if (StringUtils.isNotBlank(pwd1)) {
if (pwd1.equals(pwd2)) {
......@@ -117,6 +117,6 @@ public class UserProfileController extends BaseController {
}
}
return "redirect:/profile";
return "redirect:/profile/" + user.getUuid();
}
}
......@@ -77,6 +77,21 @@ public class UserController extends RestController {
LOG.info("Creating team " + teamJson);
return OAuth2Cleanup.clean(teamService.addTeam(teamJson.name));
}
@RequestMapping(value = "/user/{uuid}/locked", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody
boolean changeLock(@PathVariable("uuid") String uuid, @RequestBody boolean locked) {
userService.setAccountLock(uuid, locked);
return true;
}
@RequestMapping(value = "/user/{uuid}/enabled", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody
boolean changeEnabled(@PathVariable("uuid") String uuid, @RequestBody boolean enabled) {
userService.setAccountEnabled(uuid, enabled);
return true;
}
@RequestMapping(value = "/me/teams/{teamId}/leave", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE)
public @ResponseBody
......
......@@ -93,6 +93,7 @@ user.pulldown.heading=You are {0}
user.create-new-account=Create an account
user.full-name=Full Name
user.email=E-mail Address
user.account-status=Account Status
userprofile.page.title=User profile
userprofile.update.title=Update your profile
......
......@@ -11,7 +11,7 @@
<spring:message code="userprofile.update.title" />
</h1>
<form role="form" class="form-horizontal validate" action="<c:url value="/profile/update" />" method="post">
<form role="form" class="form-horizontal validate" action="<c:url value="/profile/${user.uuid}/update" />" method="post">
<div class="form-group">
<label for="name" class="col-lg-2 control-label"><spring:message code="registration.full-name" /></label>
<div class="col-lg-3">
......
......@@ -23,7 +23,11 @@
<td><c:if test="${not user.systemAccount}"><a href="<c:url value="/profile/${user.uuid}" />"><c:out value="${user.name}" /></a></c:if></td>
<td>${user.uuid}</td>
<td>${user.email}</td>
<td>${user.systemAccount ? 'SYSTEM' : ''}</td>
<td>
<c:if test="${user.systemAccount}">SYSTEM</c:if>
<c:if test="${not user.enabled}">DISABLED</c:if>
<c:if test="${user.accountLocked}">LOCKED</c:if>
</td>
</tr>
</c:forEach>
</table>
......
......@@ -26,9 +26,28 @@
<label for="password" class="col-lg-2 control-label"><spring:message code="user.email" /></label>
<div class="col-lg-3">${user.email}</div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label"><spring:message code="user.account-status" /></label>
<div class="col-lg-3">
<c:if test="${user.systemAccount}">SYSTEM</c:if>
<c:if test="${not user.enabled}">DISABLED</c:if>
<c:if test="${user.accountLocked}">LOCKED</c:if>
</div>
</div>
</security:authorize>
</div>
<security:authorize access="hasRole('ADMINISTRATOR')">
<div class="form-group">
<button class="btn" id="acccount-lock">Lock</button>
<button class="btn" id="acccount-unlock">Unlock</button>
<button class="btn" id="acccount-disable">Disable</button>
<button class="btn" id="acccount-enable">Enable</button>
</div>
</security:authorize>
<h3><spring:message code="team.user-teams" /></h3>
<ul class="funny-list">
......@@ -53,11 +72,15 @@
</div>
</div>
</form>
</security:authorize>
<security:authorize access="isAuthenticated()">
<script src="<c:url value="/html/js/main.js" />"></script>
<script src="<c:url value="/html/js/jsonclient.js" />"></script>
<script type="text/javascript">
jQuery(document).ready(function() {
<security:authorize access="principal.user.id == #user.id">
$("#new-team-form input[type=submit]").on("click", function(e) {
e.preventDefault();
x01("<c:url value="/json/v0/me/teams" />", { success: function(e) {
......@@ -72,10 +95,37 @@
window.location.reload();
}});
});
</security:authorize>
<security:authorize access="hasRole('ADMINISTRATOR')">
$("button#acccount-enable").on("click", function(e) {
e.preventDefault();
x01("<c:url value="/json/v0/user/${user.uuid}/enabled" />", { success: function(e) {
window.location.reload();
}}, true);
});
$("button#acccount-disable").on("click", function(e) {
e.preventDefault();
x01("<c:url value="/json/v0/user/${user.uuid}/enabled" />", { success: function(e) {
window.location.reload();
}}, false);
});
$("button#acccount-lock").on("click", function(e) {
e.preventDefault();
x01("<c:url value="/json/v0/user/${user.uuid}/locked" />", { success: function(e) {
window.location.reload();
}}, true);
});
$("button#acccount-unlock").on("click", function(e) {
e.preventDefault();
x01("<c:url value="/json/v0/user/${user.uuid}/locked" />", { success: function(e) {
window.location.reload();
}}, false);
});
</security:authorize>
});
</script>
</security:authorize>
</security:authorize>
</body>
</html>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment