Context Navigation

source: trunk/grails-app/controllers/PersonController.groovy @ 834

Last change on this file since 834 was 724, checked in by gav, 14 years ago
Add some logic to protect the system (no delete or edit) and admin (no delete) pseudo persons.
File size: 9.5 KB

Rev	Line
[62]	1	import org.codehaus.groovy.grails.plugins.springsecurity.Secured
[440]	2	import org.codehaus.groovy.grails.commons.ConfigurationHolder
[58]	3
[628]	4	@Secured(['ROLE_AppAdmin', 'ROLE_Manager'])
[97]	5	class PersonController extends BaseAppAdminController {
[58]	6
[440]	7	def filterService
	8	def personCsvService
[147]	9	def authenticateService
[58]	10
[150]	11	// the delete, save and update actions only accept POST requests
	12	static Map allowedMethods = [delete: 'POST', save: 'POST', update: 'POST']
[58]	13
[150]	14	def index = {
	15	redirect action: list, params: params
	16	}
[58]	17
[440]	18	/**
	19	* Disaply the import view.
	20	*/
	21	def importPersons = {
	22	}
	23
	24	/**
	25	* Handle the import save.
	26	*/
	27	def importPersonsSave = {
	28	def result = personCsvService.importPersons(request)
	29
	30	if(!result.error) {
	31	response.contentType = ConfigurationHolder.config.grails.mime.types["text"]
	32	response.setHeader("Content-disposition", "attachment; filename=LoginNamesAndPasswords.txt")
	33	render result.loginNamesAndPasswords
	34	return
	35	}
	36
	37	flash.errorMessage = g.message(code: result.error.code, args: result.error.args)
	38	redirect(action: importPersons)
	39	}
	40
	41	/**
	42	* Export a csv template.
	43	* NOTE: IE has a 'validating' bug in dev mode that causes the export to take a long time!
	44	* This does not appear to be a problem once deployed to Tomcat.
	45	*/
	46	def exportPersonsTemplate = {
	47	response.contentType = ConfigurationHolder.config.grails.mime.types["csv"]
	48	response.setHeader("Content-disposition", "attachment; filename=personsTemplate.csv")
	49	def s = personCsvService.buildPersonsTemplate()
	50	render s
	51	}
	52
[147]	53	def list = {
	54	params.max = Math.min( params.max ? params.max.toInteger() : 10, 100 )
[58]	55
[250]	56	if(!params.filter) {
	57	return [personList: Person.list(params),
	58	personTotal: Person.count(),
	59	filterParams: params]
	60	}
[147]	61
	62	// filterPane:
	63	return[ personList: filterService.filter( params, Person ),
	64	personTotal: filterService.count( params, Person ),
	65	filterParams: com.zeddware.grails.plugins.filterpane.FilterUtils.extractFilterParams(params),
	66	params:params ]
	67	}
	68
[150]	69	def show = {
[147]	70
	71	// In the case of an actionSubmit button, rewrite action name from 'index'.
	72	if(params._action_Show)
[375]	73	params.action='show'
[147]	74
[150]	75	def person = Person.get(params.id)
	76	if (!person) {
	77	flash.message = "Person not found with id $params.id"
	78	redirect action: list
	79	return
	80	}
[295]	81	def authorityList = person.authorities.sort { p1, p2 -> p1.id <=> p2.id }
	82	[person: person, authorityList: authorityList]
[150]	83	}
[58]	84
[150]	85	/**
	86	* Person delete action. Before removing an existing person,
	87	* they should be removed from those authorities which they are involved.
	88	*/
	89	def delete = {
[58]	90
[150]	91	def person = Person.get(params.id)
	92	if (person) {
	93	def authPrincipal = authenticateService.principal()
	94	// Avoid self-delete.
	95	if (!(authPrincipal instanceof String) && authPrincipal.username == person.loginName) {
[724]	96	flash.errorMessage = "You cannot delete yourself, please login as another manager and try again."
[147]	97	redirect(action:show,id:params.id)
[150]	98	}
[724]	99	else if ( person.id == 1L) {
	100	flash.errorMessage = "You cannot delete the pseudo system person."
	101	redirect(action:show,id:params.id)
	102	}
	103	else if ( person.id == 2L) {
	104	flash.errorMessage = "You cannot delete the admin person."
	105	redirect(action:show,id:params.id)
	106	}
[150]	107	else {
	108	//first, delete this person from Persons_Authorities table.
	109	Authority.findAll().each { it.removeFromPersons(person) }
[147]	110	person.isActive = false
	111	person.save(flush: true)
	112
[97]	113	try {
[147]	114	person.delete(flush: true)
[91]	115	flash.message = "Person $params.id deleted."
[97]	116	redirect(action:list)
	117	}
	118	catch(org.springframework.dao.DataIntegrityViolationException e) {
	119	flash.message = "Could not delete '$person.loginName' due to database constraints, but all authorities have been removed."
	120	redirect(action:show,id:params.id)
	121	}
[150]	122	}
	123	}
	124	else {
[724]	125	flash.errorMessage = "Person not found with id $params.id"
[150]	126	}
	127	}
[58]	128
[150]	129	def edit = {
[58]	130
[147]	131	// In the case of an actionSubmit button, rewrite action name from 'index'.
	132	if(params._action_Edit)
[375]	133	params.action='edit'
[147]	134
[150]	135	def person = Person.get(params.id)
	136	if (!person) {
	137	flash.message = "Person not found with id $params.id"
	138	redirect action: list
	139	return
	140	}
[724]	141
	142	if ( person.id == 1L) {
	143	flash.errorMessage = "You cannot edit the pseudo system person."
	144	redirect(action:show,id:params.id)
	145	return
	146	}
	147
[150]	148	params.message = "To allow login at least the 'ROLE_AppUser' authority must be given."
	149	return buildPersonModel(person)
	150	}
[58]	151
[150]	152	/**
[294]	153	* Person update action.
	154	*/
[150]	155	def update = {
[294]	156	Person.withTransaction { status ->
[58]	157
[294]	158	def person = Person.get(params.id)
	159	if (!person) {
	160	flash.message = "Person not found with id $params.id"
	161	redirect action: edit, id: params.id
	162	return
	163	}
[58]	164
[294]	165	long version = params.version.toLong()
	166	if (person.version > version) {
[403]	167	person.errors.rejectValue 'version', "default.optimistic.locking.failure"
[294]	168	render view: 'edit', model: buildPersonModel(person)
	169	return
	170	}
[58]	171
[724]	172	if ( person.id == 1L) {
	173	flash.errorMessage = "You cannot edit the pseudo system person."
	174	redirect(action:show,id:params.id)
	175	return
	176	}
	177
[294]	178	person.properties = params
	179	person.setPersonGroupsFromCheckBoxList(params.personGroups)
[633]	180	person.setPurchasingGroupsFromCheckBoxList(params.purchasingGroups)
[73]	181
[294]	182	if(params.pass == "") {
	183	person.pass = "InsertNothingToClearValidation"
[73]	184	}
[294]	185	else {
	186	if (person.validate()) {
	187	person.password = authenticateService.encodePassword(params.pass)
	188	}
	189	}
[73]	190
[294]	191	if (!person.hasErrors() && person.save(flush: true)) {
[295]	192	addRemoveAuthorities(person)
[294]	193	flash.message = "Person '$params.id - $params.loginName' updated."
	194	redirect action: show, id: person.id
	195	}
	196	else {
	197	render view: 'edit', model: buildPersonModel(person)
	198	}
[73]	199
[294]	200	} //end withTransaction
	201	} // update()
[58]	202
[150]	203	def create = {
	204	params.message = "To allow login at least the 'ROLE_AppUser' authority must be given."
[294]	205	[person: new Person(params), authorityList: getLimitedAuthorityList()]
[150]	206	}
[58]	207
[150]	208	/**
[294]	209	* Person save action.
	210	*/
[150]	211	def save = {
[294]	212	Person.withTransaction { status ->
[58]	213
[294]	214	def person = new Person()
	215	person.properties = params
	216	person.password = authenticateService.encodePassword(params.pass)
	217	person.setPersonGroupsFromCheckBoxList(params.personGroups)
[633]	218	person.setPurchasingGroupsFromCheckBoxList(params.purchasingGroups)
[294]	219	if (person.save(flush: true)) {
[295]	220	addRemoveAuthorities(person)
[294]	221	redirect action: show, id: person.id
	222	}
	223	else {
	224	render view: 'create', model: [person: person, authorityList: getLimitedAuthorityList()]
	225	}
	226
	227	} //end withTransaction
[150]	228	}
[58]	229
[295]	230	/**
	231	* Add or remove authorities from person as indicated in params.
	232	*/
	233	private void addRemoveAuthorities(person) {
	234	def authMap = [:]
	235
	236	// Build authMap from params.
[294]	237	for (key in params.keySet()) {
[295]	238	if(key.startsWith("ROLE")) {
	239	authMap.(key.toString()) = "add"
	240	}
	241	else if(key.startsWith("_ROLE")) {
	242	if( !authMap.(key.substring(1)) ) authMap.(key.substring(1)) = "remove"
	243	}
[150]	244	}
[295]	245
	246	// Add or remove authorities.
	247	for(a in authMap) {
	248	if(a.value == "add")
	249	Authority.findByAuthority(a.key.toString()).addToPersons(person)
	250	else
	251	Authority.findByAuthority(a.key.toString()).removeFromPersons(person)
	252	}
[150]	253	}
[58]	254
[150]	255	private Map buildPersonModel(person) {
[58]	256
[294]	257	List roles = getLimitedAuthorityList()
[150]	258	Set userRoleNames = []
	259	for (role in person.authorities) {
	260	userRoleNames << role.authority
	261	}
	262	LinkedHashMap<Authority, Boolean> roleMap = [:]
	263	for (role in roles) {
	264	roleMap[(role)] = userRoleNames.contains(role.authority)
	265	}
[58]	266
[150]	267	return [person: person, roleMap: roleMap]
	268	}
[294]	269
	270	/**
	271	* Get the full authorityList if current user is an App Admin else leave that authority off the list.
	272	*/
[295]	273	private List getLimitedAuthorityList() {
[294]	274	def authorityList = []
	275	if(authenticateService.ifAnyGranted('ROLE_AppAdmin'))
[295]	276	authorityList = Authority.list().sort { p1, p2 -> p1.id <=> p2.id }
[294]	277	else
[295]	278	authorityList = Authority.withCriteria { gt("id", 1L) }.sort { p1, p2 -> p1.id <=> p2.id }
[294]	279
	280	return authorityList
	281	}
[295]	282	} // end class

Note: See TracBrowser for help on using the repository browser.

Download in other formats: