User management update

- Scrub and archive user accounts - Deleted account name labeled "USER ACCOUNT DELETED"

User management update
- Scrub and archive user accounts - Deleted account name labeled "USER ACCOUNT DELETED"
df678a93 · Matija Obreza · 8d06b5f6 · df678a93 · df678a93 · df678a93
Commit df678a93 authored Apr 27, 2018 by Matija Obreza
5 changed files
--- a/src/main/java/org/genesys2/server/service/UserService.java
+++ b/src/main/java/org/genesys2/server/service/UserService.java
@@ -71,4 +71,12 @@ public interface UserService extends BasicUserService<UserRole, User> {
 	 * @throws UserException 
 	 */
 	void disableMyAccount() throws UserException;
+
+	/**
+	 * Disables the account and removes personally identifiable data.
+	 * 
+	 * @param user
+	 * @throws UserException 
+	 */
+	void archiveUser(User user) throws UserException;
 }
--- a/src/main/java/org/genesys2/server/service/impl/UserServiceImpl.java
+++ b/src/main/java/org/genesys2/server/service/impl/UserServiceImpl.java
@@ -407,4 +407,33 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem

 		userRepository.save(u);
 	}
+	
+	@Override
+	@Transactional	
+	public void archiveUser(User user) throws UserException {
+		user = userRepository.findOne(user.getId());
+		
+		if (user.hasRole(UserRole.ADMINISTRATOR.getName())) {
+			throw new UserException("Refusing to disable active administrator account");
+		}
+		
+		LOG.warn("Archiving user {}", user.getEmail());
+		Date now = new Date();
+		user.setAccountExpires(now);
+		user.setActive(false);
+		user.setAccountType(AccountType.LOCAL);
+		// user.setAccountType(AccountType.DELETED);
+		user.setEmail("deleted@" + now.getTime());
+		user.setPassword(THIS_IS_NOT_A_PASSWORD);
+		user.setFtpPassword(null);
+		user.setFullName("USER ACCOUNT DELETED");
+		user.setShortName("deleted" + now.getTime());
+		user.setPasswordExpires(now);
+		user.getRoles().clear();
+
+		userRepository.save(user);
+
+		LOG.warn("Removing ACL entries for {}", user.getEmail());
+		aclEntryRepository.delete(user.getAclEntries());
+	}
 }
--- a/src/main/java/org/genesys2/server/servlet/controller/admin/UserProfileController.java
+++ b/src/main/java/org/genesys2/server/servlet/controller/admin/UserProfileController.java
@@ -198,6 +198,30 @@ public class UserProfileController extends BaseController {
 		return "redirect:" + URLBASE + user.getUuid();
 	}

+	@RequestMapping(value = "/{uuid:.+}/delete", method = RequestMethod.POST)
+	public String delete(ModelMap model, @PathVariable("uuid") String uuid) throws UserException {
+		final User user = userService.getUserByUuid(uuid);
+
+		if (user==null) {
+			throw new ResourceNotFoundException();
+		}
+
+		// if (user.getAccountType() == AccountType.DELETED) {
+		// LOG.warn("Account already archived.");
+		// return "redirect:" + VIEWBASE;
+		// }
+
+		if (! user.isAccountNonExpired()) {
+			LOG.warn("Account already expired.");
+			return "redirect:" + VIEWBASE;
+		}
+
+		LOG.warn("Archiving user account {}", user.getEmail());
+		userService.archiveUser(user);
+
+		return "redirect:" + VIEWBASE;
+	}
+
 	@RequestMapping(value = "/{uuid:.+}/update-roles", method = { RequestMethod.POST })
 	public String updateRoles(ModelMap model, @PathVariable("uuid") String uuid, @RequestParam("role") Set<UserRole> selectedRoles) {
 		final User user = userService.getUserByUuid(uuid);

--- a/src/main/webapp/WEB-INF/jsp/admin/users/index.jsp
+++ b/src/main/webapp/WEB-INF/jsp/admin/users/index.jsp
@@ -20,10 +20,9 @@
 			<c:forEach items="${pagedData.content}" var="user" varStatus="status">
 				<tr>
 					<td class="col-xs-5"><c:if test="${user.accountType != 'SYSTEM'}">
-							<a href="<c:url value="/admin/users/${user.uuid}" />"><c:out
-									value="${user.fullName}" /></a>
+							<c:out value="${user.fullName}" />
 						</c:if></td>
-					<td class="col-xs-5"><c:out value="${user.email}" /></td>
+					<td class="col-xs-5"><a href="<c:url value="/admin/users/${user.uuid}" />"><c:out value="${user.email}" /></a></td>
 					<td class="col-xs-2"><c:if test="${user.accountType == 'SYSTEM'}">SYSTEM</c:if>
 						<c:if test="${not user.enabled}">DISABLED</c:if> <c:if
 							test="${user.accountLocked}">LOCKED</c:if></td>

--- a/src/main/webapp/WEB-INF/jsp/admin/users/profile.jsp
+++ b/src/main/webapp/WEB-INF/jsp/admin/users/profile.jsp
@@ -22,6 +22,13 @@
 				<label for="password" class="col-lg-2 control-label"><spring:message code="user.email" /></label>
 				<div class="col-lg-5 form-control-static"><c:out value="${user.email}" /></div>
 			</div>
+			
+			<div class="form-group">
+				<label class="col-lg-2 control-label"><spring:message code="user.login-type" /></label>
+				<div class="col-lg-5 form-control-static">
+					<c:out value="${user.accountType}" />
+				</div>
+			</div>

 			<div class="form-group">
 				<label class="col-lg-2 control-label"><spring:message code="user.account-status" /></label>
@@ -58,6 +65,7 @@


 	<security:authorize access="hasRole('ADMINISTRATOR')">
+		<c:if test="${user.accountNonExpired}">
 		<div class="form-group">
 			<button class="btn btn-default" id="acccount-lock">Lock</button>
 			<button class="btn btn-default" id="acccount-unlock">Unlock</button>
@@ -65,22 +73,30 @@
 			<button class="btn btn-default" id="acccount-disable">Disable</button>
 			<button class="btn btn-default" id="acccount-enable">Enable</button>
 		</div>
+		</c:if>		
 	</security:authorize>

 	<div class="form-group">
                <security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.id == #user.id)">
                    <a href="<c:url value="/management/user/${user.uuid}/tokens" />" class="btn btn-default"><spring:message code="oauth-client.issued.tokens" /></a>
-                </security:authorize>
-                <security:authorize access="hasRole('ADMINISTRATOR') || principal.id == #user.id">
-                	<c:if test="${not user.hasRole('VALIDATEDUSER')}">
-                    <a href="<c:url value="/admin/users/${user.uuid}/send"/>"  class="btn btn-default"/>Send validation email</a>
+                	<c:if test="${user.accountNonExpired}">
+	                	<c:if test="${not user.hasRole('VALIDATEDUSER')}">
+	                    <a href="<c:url value="/admin/users/${user.uuid}/send"/>"  class="btn btn-default"/>Send validation email</a>
+	                    </c:if>
                    </c:if>
                </security:authorize>
                <security:authorize access="hasRole('ADMINISTRATOR')">
-                	<c:if test="${not user.hasRole('VETTEDUSER')}">
-					<a href="<c:url value="/admin/users/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
-					</c:if>
+                	<c:if test="${user.accountNonExpired}">
+	                	<c:if test="${not user.hasRole('VETTEDUSER')}">
+							<a href="<c:url value="/admin/users/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
+						</c:if>
+	                	<form style="display: inline-block" method="post" action="<c:url value="/admin/users/${user.uuid}/delete" />">
+					        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
+	                		<input class="btn btn-default" type="submit" value="delete" value="Delete">
+	                	</form>
+                	</c:if>
                </security:authorize>
+                
    </div>

 	<h3><spring:message code="team.user-teams" /></h3>