alpha.portal.webapp.controller.UserFormController.java Source code

Java tutorial

Introduction

Here is the source code for alpha.portal.webapp.controller.UserFormController.java

Source

/**************************************************************************
 * alpha-Portal: A web portal, for managing knowledge-driven 
 * ad-hoc processes, in form of case files.
 * ==============================================
 * Copyright (C) 2011-2012 by 
 *   - Christoph P. Neumann (http://www.chr15t0ph.de)
 *   - and the SWAT 2011 team
 **************************************************************************
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *     http://www.apache.org/licenses/LICENSE-2.0
 * Unless required by applicable law or agreed to in writing, software 
 * distributed under the License is distributed on an "AS IS" BASIS, 
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and 
 * limitations under the License.
 **************************************************************************
 * $Id$
 *************************************************************************/
package alpha.portal.webapp.controller;

import java.util.HashSet;
import java.util.Locale;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.appfuse.Constants;
import org.appfuse.model.Role;
import org.appfuse.model.User;
import org.appfuse.service.RoleManager;
import org.appfuse.service.UserExistsException;
import org.appfuse.service.UserManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mail.MailException;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

import alpha.portal.model.ContributorRole;
import alpha.portal.model.UserExtension;
import alpha.portal.service.ContributorRoleManager;
import alpha.portal.service.UserExtensionManager;
import alpha.portal.webapp.util.RequestUtil;

/**
 * Implementation of <strong>SimpleFormController</strong> that interacts with
 * the {@link UserManager} to retrieve/persist values to the database.
 * 
 * <p>
 * <a href="UserFormController.java.html"><i>View Source</i></a>
 * 
 * @author <a href="mailto:matt@raibledesigns.com">Matt Raible</a>
 */
@Controller
@RequestMapping("/userform*")
public class UserFormController extends BaseFormController {

    /** The role manager. */
    @Autowired
    private RoleManager roleManager;

    /** The contributor role manager. */
    @Autowired
    private ContributorRoleManager contributorRoleManager;

    /** The user extension manager. */
    @Autowired
    private UserExtensionManager userExtensionManager;

    /**
     * Instantiates a new user form controller.
     */
    public UserFormController() {
        this.setCancelView("redirect:/mainMenu");
        this.setSuccessView("redirect:/admin/users");
    }

    /**
     * On submit.
     * 
     * @param user
     *            the user
     * @param errors
     *            the errors
     * @param request
     *            the request
     * @param response
     *            the response
     * @param model
     *            the model
     * @return the string
     * @throws Exception
     *             the exception
     */
    @RequestMapping(method = RequestMethod.POST)
    public String onSubmit(final User user, final BindingResult errors, final HttpServletRequest request,
            final HttpServletResponse response, final Model model) throws Exception {
        if (request.getParameter("cancel") != null) {
            if (!StringUtils.equals(request.getParameter("from"), "list"))
                return this.getCancelView();
            else
                return this.getSuccessView();
        }

        if (this.validator != null) { // validator is null during testing
            this.validator.validate(user, errors);

            if (errors.hasErrors() && (request.getParameter("delete") == null)) {
                model.addAttribute("contributorRoles", this.contributorRoleManager.getAll());
                return "userform";
            }
        }

        this.log.debug("entering 'onSubmit' method...");

        final Locale locale = request.getLocale();

        if (request.getParameter("delete") != null) {
            this.getUserManager().removeUser(user.getId().toString());
            this.saveMessage(request, this.getText("user.deleted", user.getFullName(), locale));

            return this.getSuccessView();
        } else {

            // only attempt to change roles if user is admin for other users,
            // showForm() method will handle populating
            if (request.isUserInRole(Constants.ADMIN_ROLE)) {
                final String[] userRoles = request.getParameterValues("userRoles");

                if (userRoles != null) {
                    user.getRoles().clear();
                    for (final String roleName : userRoles) {
                        user.addRole(this.roleManager.getRole(roleName));
                    }
                }
            }

            final Integer originalVersion = user.getVersion();

            try {
                this.getUserManager().saveUser(user);
            } catch (final AccessDeniedException ade) {
                // thrown by UserSecurityAdvice configured in aop:advisor
                // userManagerSecurity
                this.log.warn(ade.getMessage());
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                return null;
            } catch (final UserExistsException e) {
                errors.rejectValue("username", "errors.existing.user",
                        new Object[] { user.getUsername(), user.getEmail() }, "duplicate user");

                // redisplay the unencrypted passwords
                user.setPassword(user.getConfirmPassword());
                // reset the version # to what was passed in
                user.setVersion(originalVersion);

                model.addAttribute("contributorRoles", this.contributorRoleManager.getAll());
                return "userform";
            }

            if (!StringUtils.equals(request.getParameter("from"), "list")) {
                this.saveMessage(request, this.getText("user.saved", user.getFullName(), locale));

                // return to main Menu
                return this.getCancelView();
            } else {
                if (StringUtils.isBlank(request.getParameter("version"))) {
                    this.saveMessage(request, this.getText("user.added", user.getFullName(), locale));

                    // Send an account information e-mail
                    this.message.setSubject(this.getText("signup.email.subject", locale));

                    try {
                        this.sendUserMessage(user,
                                this.getText("newuser.email.message", user.getFullName(), locale),
                                RequestUtil.getAppURL(request));
                    } catch (final MailException me) {
                        this.saveError(request, me.getCause().getLocalizedMessage());
                    }

                    return this.getSuccessView();
                } else {
                    this.saveMessage(request, this.getText("user.updated.byAdmin", user.getFullName(), locale));
                }
            }
        }

        return "redirect:/mainMenu";
    }

    /**
     * On user role save.
     * 
     * @param jspUserExtension
     *            the jsp user extension
     * @param request
     *            the request
     * @param response
     *            the response
     * @return the string
     */
    @RequestMapping(method = RequestMethod.POST, params = { "saveRoles" })
    public String onUserRoleSave(final UserExtension jspUserExtension, final HttpServletRequest request,
            final HttpServletResponse response) {
        // parameters when editing users as an admin
        final String id = request.getParameter("id");
        final String from = request.getParameter("from");
        Long idL = null;
        if (id != null) {
            try {
                idL = Long.parseLong(id);
            } catch (final NumberFormatException e) {
                return "redirect:/caseMenu";
            }
        }
        // get current user for checks
        final User user = this.getUserManager().getUserByUsername(request.getRemoteUser());
        // check whether id exists and user is allowed to edit this one
        if (((id != null) && !this.getUserManager().exists(idL))
                || ((id != null) && (idL != user.getId()) && !request.isUserInRole(Constants.ADMIN_ROLE)))
            return "redirect:/caseMenu";
        // reload UserExtension from database or create a new one
        UserExtension userExtension;
        // if user is editing himself
        if (id == null) {
            if (this.userExtensionManager.exists(user.getId())) {
                userExtension = this.userExtensionManager.get(user.getId());
            } else {
                userExtension = new UserExtension(this.getUserManager().get(user.getId()));
            }
        } else {// if admin is editing other users
            if (this.userExtensionManager.exists(idL)) {
                userExtension = this.userExtensionManager.get(idL);
            } else {
                userExtension = new UserExtension(this.getUserManager().get(idL));
            }
        }
        // parse submitted roleIds to ContributorRole
        final Set<ContributorRole> roles = new HashSet<ContributorRole>();
        if ((jspUserExtension != null) && (jspUserExtension.getRoles() != null)) {
            for (final ContributorRole jspRole : jspUserExtension.getRoles()) {
                Long roleId = null;
                try {
                    // WTF, Spring puts the submitted roleIds into name!
                    roleId = Long.parseLong(jspRole.getName());
                } catch (final NumberFormatException e) {
                    this.saveError(request, "userextension.invalidRole");
                    continue;
                }
                if (!this.contributorRoleManager.exists(roleId)) {
                    this.saveError(request, "userextension.invalidRole");
                    continue;
                } else {
                    roles.add(this.contributorRoleManager.get(roleId));
                }
            }
        }
        userExtension.setRoles(roles);
        userExtension = this.userExtensionManager.save(userExtension);

        return "redirect:/userform?id=" + userExtension.getUserId() + (from != null ? "&from=" + from : "");

    }

    /**
     * Show form.
     * 
     * @param request
     *            the request
     * @param response
     *            the response
     * @return the model and view
     * @throws Exception
     *             the exception
     */
    @ModelAttribute
    @RequestMapping(method = { RequestMethod.GET, RequestMethod.POST })
    protected ModelAndView showForm(final HttpServletRequest request, final HttpServletResponse response)
            throws Exception {

        final ModelAndView model = new ModelAndView();
        User user;

        // If not an administrator, make sure user is not trying to add or edit
        // another user
        if (!request.isUserInRole(Constants.ADMIN_ROLE) && !this.isFormSubmission(request)) {
            if (this.isAdd(request) || (request.getParameter("id") != null)) {
                response.sendError(HttpServletResponse.SC_FORBIDDEN);
                this.log.warn("User '" + request.getRemoteUser() + "' is trying to edit user with id '"
                        + request.getParameter("id") + "'");

                throw new AccessDeniedException("You do not have permission to modify other users.");
            }
        }

        if (!this.isFormSubmission(request)) {
            final String userId = request.getParameter("id");

            // if user logged in with remember me, display a warning that they
            // can't change passwords
            this.log.debug("checking for remember me login...");

            final AuthenticationTrustResolver resolver = new AuthenticationTrustResolverImpl();
            final SecurityContext ctx = SecurityContextHolder.getContext();

            if (ctx.getAuthentication() != null) {
                final Authentication auth = ctx.getAuthentication();

                if (resolver.isRememberMe(auth)) {
                    request.getSession().setAttribute("cookieLogin", "true");

                    // add warning message
                    this.saveMessage(request, this.getText("userProfile.cookieLogin", request.getLocale()));
                }
            }

            if ((userId == null) && !this.isAdd(request)) {
                user = this.getUserManager().getUserByUsername(request.getRemoteUser());
            } else if (!StringUtils.isBlank(userId) && !"".equals(request.getParameter("version"))) {
                user = this.getUserManager().getUser(userId);
            } else {
                user = new User();
                user.addRole(new Role(Constants.USER_ROLE));
            }

            user.setConfirmPassword(user.getPassword());

            UserExtension userExtension;
            final Long uId = user.getId();
            if ((uId != null) && this.userExtensionManager.exists(uId)) {
                userExtension = this.userExtensionManager.get(uId);
            } else {
                userExtension = new UserExtension(user);
            }

            model.addObject("userExtension", userExtension);
            model.addObject("contributorRoles", this.contributorRoleManager.getAll());

        } else {
            // populate user object from database, so all fields don't need to
            // be hidden fields in form
            user = this.getUserManager().getUser(request.getParameter("id"));
        }

        model.addObject("user", user);

        return model;
    }

    /**
     * Checks if is form submission.
     * 
     * @param request
     *            the request
     * @return true, if is form submission
     */
    private boolean isFormSubmission(final HttpServletRequest request) {
        return request.getMethod().equalsIgnoreCase("post");
    }

    /**
     * Checks if is adds the.
     * 
     * @param request
     *            the request
     * @return true, if is adds the
     */
    protected boolean isAdd(final HttpServletRequest request) {
        final String method = request.getParameter("method");
        return ((method != null) && method.equalsIgnoreCase("add"));
    }
}