EditUserFormAction.java

/*
 * This software was designed and created by Jason Carroll.
 * Copyright (c) 2002, 2003, 2004 Jason Carroll.
 * The author can be reached at jcarroll@cowsultants.com
 * ITracker website: http://www.cowsultants.com
 * ITracker forums: http://www.cowsultants.com/phpBB/index.php
 *
 * This program is free software; you can redistribute it and/or modify
 * it only under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 */

package org.itracker.web.actions.admin.user;

import org.apache.log4j.Logger;
import org.apache.struts.action.*;
import org.itracker.model.*;
import org.itracker.model.util.UserUtilities;
import org.itracker.services.ProjectService;
import org.itracker.services.UserService;
import org.itracker.web.actions.base.ItrackerBaseAction;
import org.itracker.web.forms.UserForm;
import org.itracker.web.util.Constants;
import org.itracker.web.util.ServletContextUtils;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;

public class EditUserFormAction extends ItrackerBaseAction {
    private static final Logger log = Logger.getLogger(EditUserFormAction.class);

    public ActionForward execute(ActionMapping mapping,
                                 ActionForm form,
                                 HttpServletRequest request,
                                 HttpServletResponse response)
            throws ServletException, IOException {

        ActionMessages errors = new ActionMessages();

        HttpSession session = request.getSession(true);
        String action = request.getParameter("action");
        String pageTitleKey;
        String pageTitleArg = "";
        boolean isUpdate = ( action != null && action.equals("update") );


        try {

            UserService userService = ServletContextUtils.getItrackerServices().getUserService();
            ProjectService projectService = ServletContextUtils.getItrackerServices().getProjectService();

            List<Project> projects;
            User editUser = null;
            HashMap<Integer, HashMap<String, Permission>> userPermissions = new HashMap<Integer, HashMap<String, Permission>>();

            List<NameValuePair> permissionNames = UserUtilities.getPermissionTypeNames(getLocale(request));
            UserForm userForm = (UserForm) form;

            if (userForm == null) {
                userForm = new UserForm();
            }

            if ("create".equals(action)) {

                if (!userService.allowProfileCreation(null, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB)) {
                    errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.noprofilecreates"));
                    saveErrors(request, errors);

                    return mapping.findForward("error");
                }

                editUser = new User();
                editUser.setId(-1);
                editUser.setStatus(UserUtilities.STATUS_ACTIVE);
                userForm.setAction("create");
                userForm.setId(editUser.getId());

            } else if ("update".equals(action)) {

                Integer userId = userForm.getId();

                if (userId == null) {
                    errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invaliduser"));
                } else {

                    editUser = userService.getUser(userId);

                    if (editUser == null) {
                        errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invaliduser"));
                    } else {

                        userForm.setAction("update");
                        userForm.setId(editUser.getId());
                        userForm.setLogin(editUser.getLogin());
                        userForm.setFirstName(editUser.getFirstName());
                        userForm.setLastName(editUser.getLastName());
                        userForm.setEmail(editUser.getEmail());
                        userForm.setSuperUser(editUser.isSuperUser());

                        List<Permission> permissionList = userService.getPermissionsByUserId(editUser.getId());
                        HashMap<String, Boolean> formPermissions = new HashMap<>();

                        boolean allowProfileUpdate = userService.allowProfileUpdates(editUser, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB);
                        request.setAttribute("allowProfileUpdate", allowProfileUpdate);

                        boolean allowPasswordUpdate = userService.allowPasswordUpdates(editUser, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB);
                        request.setAttribute("allowPasswordUpdate", allowPasswordUpdate);

                        boolean allowPermissionUpdate = userService.allowPermissionUpdates(editUser, null, UserUtilities.AUTH_TYPE_UNKNOWN, UserUtilities.REQ_SOURCE_WEB);
                        request.setAttribute("allowPermissionUpdate", allowPermissionUpdate);

                        if (editUser.getId() > 0) {
                            request.setAttribute("isUpdate", true);
                        }

                        for (int i = 0; i < permissionList.size(); i++) {

                            log.debug("Processing permission type: " + permissionList.get(i).getPermissionType());

                            //if getPermissionType returned -1, this is a SuperUser. He will still be able to set project permissions.  

                            if (permissionList.size() > 0 && permissionList.get(0).getPermissionType() == PermissionType.USER_ADMIN) {

                                if (permissionList.size() > 1 && i != 0) {

                                    Integer projectId = permissionList.get(i).getProject().getId();

                                    if (userPermissions.get(projectId) == null) {
                                        HashMap<String, Permission> projectPermissions = new HashMap<>();
                                        userPermissions.put(permissionList.get(i).getProject().getId(), projectPermissions);
                                    }

                                    formPermissions.put(permissionList.get(i).getPermissionType().name(permissionList.get(i).getProject()), true);

                                    PermissionType permissionType = permissionList.get(i).getPermissionType();

                                    Permission thisPermission = permissionList.get(i);
                                    HashMap<String, Permission> permissionHashMap = userPermissions.get(projectId);
                                    permissionHashMap.put(String.valueOf(permissionType), thisPermission);

                                }

                            } else {

                                Integer projectId = permissionList.get(i).getProject().getId();

                                if (userPermissions.get(projectId) == null) {
                                    HashMap<String, Permission> projectPermissions = new HashMap<>();
                                    userPermissions.put(permissionList.get(i).getProject().getId(), projectPermissions);
                                }

                                formPermissions.put(permissionList.get(i).getPermissionType().name(permissionList.get(i).getProject()), true);

                                PermissionType permissionType = permissionList.get(i).getPermissionType();

                                Permission thisPermission = permissionList.get(i);
                                HashMap<String, Permission> permissionHashMap =  userPermissions.get(projectId);
                                permissionHashMap.put(String.valueOf(permissionType), thisPermission);

                            }

                        }

                        userForm.setPermissions(formPermissions);
                    }
                }

            } else {
                errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidaction"));
            }

            if (editUser == null) {
                return mapping.findForward("unauthorized");
            }
            if (isUpdate) {
                pageTitleKey = "itracker.web.admin.edituser.title.update";
                pageTitleArg = editUser.getLogin();

            } else {
                pageTitleKey = "itracker.web.admin.edituser.title.create";
            }

            request.setAttribute("isUpdate", isUpdate);
            request.setAttribute("pageTitleKey", pageTitleKey);
            request.setAttribute("pageTitleArg", pageTitleArg);
            if (errors.isEmpty()) {

                String userStatus = UserUtilities.getStatusName(editUser.getStatus());
                request.setAttribute("userStatus", userStatus);

                projects = projectService.getAllAvailableProjects();
                Collections.sort(projects, Project.PROJECT_COMPARATOR);
                request.setAttribute(Constants.PROJECTS_KEY, projects);

                request.setAttribute("userForm", userForm);
                session.setAttribute(Constants.EDIT_USER_KEY, editUser);
                session.setAttribute(Constants.EDIT_USER_PERMS_KEY, userPermissions);
                request.setAttribute("permissionNames", permissionNames);
                request.setAttribute("permissionRowColIdxes", new Integer[]{0, 1});
                saveToken(request);

                return mapping.findForward("edituserform");

            }

        } catch (Exception e) {
            log.error("Exception while creating edit user form.", e);
            errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.system"));
        }

        if (!errors.isEmpty()) {
            saveErrors(request, errors);
        }

        return mapping.findForward("error");

    }

}