[62] | 1 | import org.codehaus.groovy.grails.plugins.springsecurity.Secured |
---|
[440] | 2 | import org.codehaus.groovy.grails.commons.ConfigurationHolder |
---|
[58] | 3 | |
---|
[628] | 4 | @Secured(['ROLE_AppAdmin', 'ROLE_Manager']) |
---|
[97] | 5 | class PersonController extends BaseAppAdminController { |
---|
[58] | 6 | |
---|
[440] | 7 | def filterService |
---|
| 8 | def personCsvService |
---|
[147] | 9 | def authenticateService |
---|
[58] | 10 | |
---|
[150] | 11 | // the delete, save and update actions only accept POST requests |
---|
| 12 | static Map allowedMethods = [delete: 'POST', save: 'POST', update: 'POST'] |
---|
[58] | 13 | |
---|
[150] | 14 | def index = { |
---|
| 15 | redirect action: list, params: params |
---|
| 16 | } |
---|
[58] | 17 | |
---|
[440] | 18 | /** |
---|
| 19 | * Disaply the import view. |
---|
| 20 | */ |
---|
| 21 | def importPersons = { |
---|
| 22 | } |
---|
| 23 | |
---|
| 24 | /** |
---|
| 25 | * Handle the import save. |
---|
| 26 | */ |
---|
| 27 | def importPersonsSave = { |
---|
| 28 | def result = personCsvService.importPersons(request) |
---|
| 29 | |
---|
| 30 | if(!result.error) { |
---|
| 31 | response.contentType = ConfigurationHolder.config.grails.mime.types["text"] |
---|
| 32 | response.setHeader("Content-disposition", "attachment; filename=LoginNamesAndPasswords.txt") |
---|
| 33 | render result.loginNamesAndPasswords |
---|
| 34 | return |
---|
| 35 | } |
---|
| 36 | |
---|
| 37 | flash.errorMessage = g.message(code: result.error.code, args: result.error.args) |
---|
| 38 | redirect(action: importPersons) |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | /** |
---|
| 42 | * Export a csv template. |
---|
| 43 | * NOTE: IE has a 'validating' bug in dev mode that causes the export to take a long time! |
---|
| 44 | * This does not appear to be a problem once deployed to Tomcat. |
---|
| 45 | */ |
---|
| 46 | def exportPersonsTemplate = { |
---|
| 47 | response.contentType = ConfigurationHolder.config.grails.mime.types["csv"] |
---|
| 48 | response.setHeader("Content-disposition", "attachment; filename=personsTemplate.csv") |
---|
| 49 | def s = personCsvService.buildPersonsTemplate() |
---|
| 50 | render s |
---|
| 51 | } |
---|
| 52 | |
---|
[147] | 53 | def list = { |
---|
| 54 | params.max = Math.min( params.max ? params.max.toInteger() : 10, 100 ) |
---|
[58] | 55 | |
---|
[250] | 56 | if(!params.filter) { |
---|
| 57 | return [personList: Person.list(params), |
---|
| 58 | personTotal: Person.count(), |
---|
| 59 | filterParams: params] |
---|
| 60 | } |
---|
[147] | 61 | |
---|
| 62 | // filterPane: |
---|
| 63 | return[ personList: filterService.filter( params, Person ), |
---|
| 64 | personTotal: filterService.count( params, Person ), |
---|
| 65 | filterParams: com.zeddware.grails.plugins.filterpane.FilterUtils.extractFilterParams(params), |
---|
| 66 | params:params ] |
---|
| 67 | } |
---|
| 68 | |
---|
[150] | 69 | def show = { |
---|
[147] | 70 | |
---|
| 71 | // In the case of an actionSubmit button, rewrite action name from 'index'. |
---|
| 72 | if(params._action_Show) |
---|
[375] | 73 | params.action='show' |
---|
[147] | 74 | |
---|
[150] | 75 | def person = Person.get(params.id) |
---|
| 76 | if (!person) { |
---|
| 77 | flash.message = "Person not found with id $params.id" |
---|
| 78 | redirect action: list |
---|
| 79 | return |
---|
| 80 | } |
---|
[295] | 81 | def authorityList = person.authorities.sort { p1, p2 -> p1.id <=> p2.id } |
---|
| 82 | [person: person, authorityList: authorityList] |
---|
[150] | 83 | } |
---|
[58] | 84 | |
---|
[150] | 85 | /** |
---|
| 86 | * Person delete action. Before removing an existing person, |
---|
| 87 | * they should be removed from those authorities which they are involved. |
---|
| 88 | */ |
---|
| 89 | def delete = { |
---|
[58] | 90 | |
---|
[150] | 91 | def person = Person.get(params.id) |
---|
| 92 | if (person) { |
---|
| 93 | def authPrincipal = authenticateService.principal() |
---|
| 94 | // Avoid self-delete. |
---|
| 95 | if (!(authPrincipal instanceof String) && authPrincipal.username == person.loginName) { |
---|
| 96 | flash.message = "You cannot delete yourself, please login as another manager and try again." |
---|
[147] | 97 | redirect(action:show,id:params.id) |
---|
[150] | 98 | } |
---|
| 99 | else { |
---|
| 100 | //first, delete this person from Persons_Authorities table. |
---|
| 101 | Authority.findAll().each { it.removeFromPersons(person) } |
---|
[147] | 102 | person.isActive = false |
---|
| 103 | person.save(flush: true) |
---|
| 104 | |
---|
[97] | 105 | try { |
---|
[147] | 106 | person.delete(flush: true) |
---|
[91] | 107 | flash.message = "Person $params.id deleted." |
---|
[97] | 108 | redirect(action:list) |
---|
| 109 | } |
---|
| 110 | catch(org.springframework.dao.DataIntegrityViolationException e) { |
---|
| 111 | flash.message = "Could not delete '$person.loginName' due to database constraints, but all authorities have been removed." |
---|
| 112 | redirect(action:show,id:params.id) |
---|
| 113 | } |
---|
[150] | 114 | } |
---|
| 115 | } |
---|
| 116 | else { |
---|
| 117 | flash.message = "Person not found with id $params.id" |
---|
| 118 | } |
---|
| 119 | } |
---|
[58] | 120 | |
---|
[150] | 121 | def edit = { |
---|
[58] | 122 | |
---|
[147] | 123 | // In the case of an actionSubmit button, rewrite action name from 'index'. |
---|
| 124 | if(params._action_Edit) |
---|
[375] | 125 | params.action='edit' |
---|
[147] | 126 | |
---|
[150] | 127 | def person = Person.get(params.id) |
---|
| 128 | if (!person) { |
---|
| 129 | flash.message = "Person not found with id $params.id" |
---|
| 130 | redirect action: list |
---|
| 131 | return |
---|
| 132 | } |
---|
| 133 | params.message = "To allow login at least the 'ROLE_AppUser' authority must be given." |
---|
| 134 | return buildPersonModel(person) |
---|
| 135 | } |
---|
[58] | 136 | |
---|
[150] | 137 | /** |
---|
[294] | 138 | * Person update action. |
---|
| 139 | */ |
---|
[150] | 140 | def update = { |
---|
[294] | 141 | Person.withTransaction { status -> |
---|
[58] | 142 | |
---|
[294] | 143 | def person = Person.get(params.id) |
---|
| 144 | if (!person) { |
---|
| 145 | flash.message = "Person not found with id $params.id" |
---|
| 146 | redirect action: edit, id: params.id |
---|
| 147 | return |
---|
| 148 | } |
---|
[58] | 149 | |
---|
[294] | 150 | long version = params.version.toLong() |
---|
| 151 | if (person.version > version) { |
---|
[403] | 152 | person.errors.rejectValue 'version', "default.optimistic.locking.failure" |
---|
[294] | 153 | render view: 'edit', model: buildPersonModel(person) |
---|
| 154 | return |
---|
| 155 | } |
---|
[58] | 156 | |
---|
[294] | 157 | person.properties = params |
---|
| 158 | person.setPersonGroupsFromCheckBoxList(params.personGroups) |
---|
[633] | 159 | person.setPurchasingGroupsFromCheckBoxList(params.purchasingGroups) |
---|
[73] | 160 | |
---|
[294] | 161 | if(params.pass == "") { |
---|
| 162 | person.pass = "InsertNothingToClearValidation" |
---|
[73] | 163 | } |
---|
[294] | 164 | else { |
---|
| 165 | if (person.validate()) { |
---|
| 166 | person.password = authenticateService.encodePassword(params.pass) |
---|
| 167 | } |
---|
| 168 | } |
---|
[73] | 169 | |
---|
[294] | 170 | if (!person.hasErrors() && person.save(flush: true)) { |
---|
[295] | 171 | addRemoveAuthorities(person) |
---|
[294] | 172 | flash.message = "Person '$params.id - $params.loginName' updated." |
---|
| 173 | redirect action: show, id: person.id |
---|
| 174 | } |
---|
| 175 | else { |
---|
| 176 | render view: 'edit', model: buildPersonModel(person) |
---|
| 177 | } |
---|
[73] | 178 | |
---|
[294] | 179 | } //end withTransaction |
---|
| 180 | } // update() |
---|
[58] | 181 | |
---|
[150] | 182 | def create = { |
---|
| 183 | params.message = "To allow login at least the 'ROLE_AppUser' authority must be given." |
---|
[294] | 184 | [person: new Person(params), authorityList: getLimitedAuthorityList()] |
---|
[150] | 185 | } |
---|
[58] | 186 | |
---|
[150] | 187 | /** |
---|
[294] | 188 | * Person save action. |
---|
| 189 | */ |
---|
[150] | 190 | def save = { |
---|
[294] | 191 | Person.withTransaction { status -> |
---|
[58] | 192 | |
---|
[294] | 193 | def person = new Person() |
---|
| 194 | person.properties = params |
---|
| 195 | person.password = authenticateService.encodePassword(params.pass) |
---|
| 196 | person.setPersonGroupsFromCheckBoxList(params.personGroups) |
---|
[633] | 197 | person.setPurchasingGroupsFromCheckBoxList(params.purchasingGroups) |
---|
[294] | 198 | if (person.save(flush: true)) { |
---|
[295] | 199 | addRemoveAuthorities(person) |
---|
[294] | 200 | redirect action: show, id: person.id |
---|
| 201 | } |
---|
| 202 | else { |
---|
| 203 | render view: 'create', model: [person: person, authorityList: getLimitedAuthorityList()] |
---|
| 204 | } |
---|
| 205 | |
---|
| 206 | } //end withTransaction |
---|
[150] | 207 | } |
---|
[58] | 208 | |
---|
[295] | 209 | /** |
---|
| 210 | * Add or remove authorities from person as indicated in params. |
---|
| 211 | */ |
---|
| 212 | private void addRemoveAuthorities(person) { |
---|
| 213 | def authMap = [:] |
---|
| 214 | |
---|
| 215 | // Build authMap from params. |
---|
[294] | 216 | for (key in params.keySet()) { |
---|
[295] | 217 | if(key.startsWith("ROLE")) { |
---|
| 218 | authMap.(key.toString()) = "add" |
---|
| 219 | } |
---|
| 220 | else if(key.startsWith("_ROLE")) { |
---|
| 221 | if( !authMap.(key.substring(1)) ) authMap.(key.substring(1)) = "remove" |
---|
| 222 | } |
---|
[150] | 223 | } |
---|
[295] | 224 | |
---|
| 225 | // Add or remove authorities. |
---|
| 226 | for(a in authMap) { |
---|
| 227 | if(a.value == "add") |
---|
| 228 | Authority.findByAuthority(a.key.toString()).addToPersons(person) |
---|
| 229 | else |
---|
| 230 | Authority.findByAuthority(a.key.toString()).removeFromPersons(person) |
---|
| 231 | } |
---|
[150] | 232 | } |
---|
[58] | 233 | |
---|
[150] | 234 | private Map buildPersonModel(person) { |
---|
[58] | 235 | |
---|
[294] | 236 | List roles = getLimitedAuthorityList() |
---|
[150] | 237 | Set userRoleNames = [] |
---|
| 238 | for (role in person.authorities) { |
---|
| 239 | userRoleNames << role.authority |
---|
| 240 | } |
---|
| 241 | LinkedHashMap<Authority, Boolean> roleMap = [:] |
---|
| 242 | for (role in roles) { |
---|
| 243 | roleMap[(role)] = userRoleNames.contains(role.authority) |
---|
| 244 | } |
---|
[58] | 245 | |
---|
[150] | 246 | return [person: person, roleMap: roleMap] |
---|
| 247 | } |
---|
[294] | 248 | |
---|
| 249 | /** |
---|
| 250 | * Get the full authorityList if current user is an App Admin else leave that authority off the list. |
---|
| 251 | */ |
---|
[295] | 252 | private List getLimitedAuthorityList() { |
---|
[294] | 253 | def authorityList = [] |
---|
| 254 | if(authenticateService.ifAnyGranted('ROLE_AppAdmin')) |
---|
[295] | 255 | authorityList = Authority.list().sort { p1, p2 -> p1.id <=> p2.id } |
---|
[294] | 256 | else |
---|
[295] | 257 | authorityList = Authority.withCriteria { gt("id", 1L) }.sort { p1, p2 -> p1.id <=> p2.id } |
---|
[294] | 258 | |
---|
| 259 | return authorityList |
---|
| 260 | } |
---|
[295] | 261 | } // end class |
---|