Commit df678a93 authored by Matija Obreza's avatar Matija Obreza

User management update

- Scrub and archive user accounts
- Deleted account name labeled "USER ACCOUNT DELETED"
parent 8d06b5f6
......@@ -71,4 +71,12 @@ public interface UserService extends BasicUserService<UserRole, User> {
* @throws UserException
*/
void disableMyAccount() throws UserException;
/**
* Disables the account and removes personally identifiable data.
*
* @param user
* @throws UserException
*/
void archiveUser(User user) throws UserException;
}
......@@ -407,4 +407,33 @@ public class UserServiceImpl extends BasicUserServiceImpl<UserRole, User> implem
userRepository.save(u);
}
@Override
@Transactional
public void archiveUser(User user) throws UserException {
user = userRepository.findOne(user.getId());
if (user.hasRole(UserRole.ADMINISTRATOR.getName())) {
throw new UserException("Refusing to disable active administrator account");
}
LOG.warn("Archiving user {}", user.getEmail());
Date now = new Date();
user.setAccountExpires(now);
user.setActive(false);
user.setAccountType(AccountType.LOCAL);
// user.setAccountType(AccountType.DELETED);
user.setEmail("deleted@" + now.getTime());
user.setPassword(THIS_IS_NOT_A_PASSWORD);
user.setFtpPassword(null);
user.setFullName("USER ACCOUNT DELETED");
user.setShortName("deleted" + now.getTime());
user.setPasswordExpires(now);
user.getRoles().clear();
userRepository.save(user);
LOG.warn("Removing ACL entries for {}", user.getEmail());
aclEntryRepository.delete(user.getAclEntries());
}
}
......@@ -198,6 +198,30 @@ public class UserProfileController extends BaseController {
return "redirect:" + URLBASE + user.getUuid();
}
@RequestMapping(value = "/{uuid:.+}/delete", method = RequestMethod.POST)
public String delete(ModelMap model, @PathVariable("uuid") String uuid) throws UserException {
final User user = userService.getUserByUuid(uuid);
if (user==null) {
throw new ResourceNotFoundException();
}
// if (user.getAccountType() == AccountType.DELETED) {
// LOG.warn("Account already archived.");
// return "redirect:" + VIEWBASE;
// }
if (! user.isAccountNonExpired()) {
LOG.warn("Account already expired.");
return "redirect:" + VIEWBASE;
}
LOG.warn("Archiving user account {}", user.getEmail());
userService.archiveUser(user);
return "redirect:" + VIEWBASE;
}
@RequestMapping(value = "/{uuid:.+}/update-roles", method = { RequestMethod.POST })
public String updateRoles(ModelMap model, @PathVariable("uuid") String uuid, @RequestParam("role") Set<UserRole> selectedRoles) {
final User user = userService.getUserByUuid(uuid);
......
......@@ -20,10 +20,9 @@
<c:forEach items="${pagedData.content}" var="user" varStatus="status">
<tr>
<td class="col-xs-5"><c:if test="${user.accountType != 'SYSTEM'}">
<a href="<c:url value="/admin/users/${user.uuid}" />"><c:out
value="${user.fullName}" /></a>
<c:out value="${user.fullName}" />
</c:if></td>
<td class="col-xs-5"><c:out value="${user.email}" /></td>
<td class="col-xs-5"><a href="<c:url value="/admin/users/${user.uuid}" />"><c:out value="${user.email}" /></a></td>
<td class="col-xs-2"><c:if test="${user.accountType == 'SYSTEM'}">SYSTEM</c:if>
<c:if test="${not user.enabled}">DISABLED</c:if> <c:if
test="${user.accountLocked}">LOCKED</c:if></td>
......
......@@ -22,6 +22,13 @@
<label for="password" class="col-lg-2 control-label"><spring:message code="user.email" /></label>
<div class="col-lg-5 form-control-static"><c:out value="${user.email}" /></div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label"><spring:message code="user.login-type" /></label>
<div class="col-lg-5 form-control-static">
<c:out value="${user.accountType}" />
</div>
</div>
<div class="form-group">
<label class="col-lg-2 control-label"><spring:message code="user.account-status" /></label>
......@@ -58,6 +65,7 @@
<security:authorize access="hasRole('ADMINISTRATOR')">
<c:if test="${user.accountNonExpired}">
<div class="form-group">
<button class="btn btn-default" id="acccount-lock">Lock</button>
<button class="btn btn-default" id="acccount-unlock">Unlock</button>
......@@ -65,22 +73,30 @@
<button class="btn btn-default" id="acccount-disable">Disable</button>
<button class="btn btn-default" id="acccount-enable">Enable</button>
</div>
</c:if>
</security:authorize>
<div class="form-group">
<security:authorize access="hasRole('ADMINISTRATOR') || (isAuthenticated() && principal.id == #user.id)">
<a href="<c:url value="/management/user/${user.uuid}/tokens" />" class="btn btn-default"><spring:message code="oauth-client.issued.tokens" /></a>
</security:authorize>
<security:authorize access="hasRole('ADMINISTRATOR') || principal.id == #user.id">
<c:if test="${not user.hasRole('VALIDATEDUSER')}">
<a href="<c:url value="/admin/users/${user.uuid}/send"/>" class="btn btn-default"/>Send validation email</a>
<c:if test="${user.accountNonExpired}">
<c:if test="${not user.hasRole('VALIDATEDUSER')}">
<a href="<c:url value="/admin/users/${user.uuid}/send"/>" class="btn btn-default"/>Send validation email</a>
</c:if>
</c:if>
</security:authorize>
<security:authorize access="hasRole('ADMINISTRATOR')">
<c:if test="${not user.hasRole('VETTEDUSER')}">
<a href="<c:url value="/admin/users/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
</c:if>
<c:if test="${user.accountNonExpired}">
<c:if test="${not user.hasRole('VETTEDUSER')}">
<a href="<c:url value="/admin/users/${user.uuid}/vetted-user"/> "class="btn btn-default"/>Vetted user</a>
</c:if>
<form style="display: inline-block" method="post" action="<c:url value="/admin/users/${user.uuid}/delete" />">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input class="btn btn-default" type="submit" value="delete" value="Delete">
</form>
</c:if>
</security:authorize>
</div>
<h3><spring:message code="team.user-teams" /></h3>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment