[62] | 1 | import org.codehaus.groovy.grails.plugins.springsecurity.Secured |
---|
[58] | 2 | |
---|
[149] | 3 | @Secured(['ROLE_Manager','ROLE_AppAdmin']) |
---|
[97] | 4 | class PersonController extends BaseAppAdminController { |
---|
[58] | 5 | |
---|
[147] | 6 | def authenticateService |
---|
| 7 | def filterService |
---|
[58] | 8 | |
---|
[150] | 9 | // the delete, save and update actions only accept POST requests |
---|
| 10 | static Map allowedMethods = [delete: 'POST', save: 'POST', update: 'POST'] |
---|
[58] | 11 | |
---|
[150] | 12 | def index = { |
---|
| 13 | redirect action: list, params: params |
---|
| 14 | } |
---|
[58] | 15 | |
---|
[147] | 16 | def list = { |
---|
| 17 | params.max = Math.min( params.max ? params.max.toInteger() : 10, 100 ) |
---|
[58] | 18 | |
---|
[250] | 19 | if(!params.filter) { |
---|
| 20 | return [personList: Person.list(params), |
---|
| 21 | personTotal: Person.count(), |
---|
| 22 | filterParams: params] |
---|
| 23 | } |
---|
[147] | 24 | |
---|
| 25 | // filterPane: |
---|
| 26 | return[ personList: filterService.filter( params, Person ), |
---|
| 27 | personTotal: filterService.count( params, Person ), |
---|
| 28 | filterParams: com.zeddware.grails.plugins.filterpane.FilterUtils.extractFilterParams(params), |
---|
| 29 | params:params ] |
---|
| 30 | } |
---|
| 31 | |
---|
[150] | 32 | def show = { |
---|
[147] | 33 | |
---|
| 34 | // In the case of an actionSubmit button, rewrite action name from 'index'. |
---|
| 35 | if(params._action_Show) |
---|
| 36 | { params.action='show' } |
---|
| 37 | |
---|
[150] | 38 | def person = Person.get(params.id) |
---|
| 39 | if (!person) { |
---|
| 40 | flash.message = "Person not found with id $params.id" |
---|
| 41 | redirect action: list |
---|
| 42 | return |
---|
| 43 | } |
---|
| 44 | List roleNames = [] |
---|
| 45 | for (role in person.authorities) { |
---|
| 46 | roleNames << role.authority |
---|
| 47 | } |
---|
| 48 | roleNames.sort { n1, n2 -> |
---|
| 49 | n1 <=> n2 |
---|
| 50 | } |
---|
| 51 | [person: person, roleNames: roleNames] |
---|
| 52 | } |
---|
[58] | 53 | |
---|
[150] | 54 | /** |
---|
| 55 | * Person delete action. Before removing an existing person, |
---|
| 56 | * they should be removed from those authorities which they are involved. |
---|
| 57 | */ |
---|
| 58 | def delete = { |
---|
[58] | 59 | |
---|
[150] | 60 | def person = Person.get(params.id) |
---|
| 61 | if (person) { |
---|
| 62 | def authPrincipal = authenticateService.principal() |
---|
| 63 | // Avoid self-delete. |
---|
| 64 | if (!(authPrincipal instanceof String) && authPrincipal.username == person.loginName) { |
---|
| 65 | flash.message = "You cannot delete yourself, please login as another manager and try again." |
---|
[147] | 66 | redirect(action:show,id:params.id) |
---|
[150] | 67 | } |
---|
| 68 | else { |
---|
| 69 | //first, delete this person from Persons_Authorities table. |
---|
| 70 | Authority.findAll().each { it.removeFromPersons(person) } |
---|
[147] | 71 | person.isActive = false |
---|
| 72 | person.save(flush: true) |
---|
| 73 | |
---|
[97] | 74 | try { |
---|
[147] | 75 | person.delete(flush: true) |
---|
[91] | 76 | flash.message = "Person $params.id deleted." |
---|
[97] | 77 | redirect(action:list) |
---|
| 78 | } |
---|
| 79 | catch(org.springframework.dao.DataIntegrityViolationException e) { |
---|
| 80 | flash.message = "Could not delete '$person.loginName' due to database constraints, but all authorities have been removed." |
---|
| 81 | redirect(action:show,id:params.id) |
---|
| 82 | } |
---|
[150] | 83 | } |
---|
| 84 | } |
---|
| 85 | else { |
---|
| 86 | flash.message = "Person not found with id $params.id" |
---|
| 87 | } |
---|
| 88 | } |
---|
[58] | 89 | |
---|
[150] | 90 | def edit = { |
---|
[58] | 91 | |
---|
[147] | 92 | // In the case of an actionSubmit button, rewrite action name from 'index'. |
---|
| 93 | if(params._action_Edit) |
---|
| 94 | { params.action='edit' } |
---|
| 95 | |
---|
[150] | 96 | def person = Person.get(params.id) |
---|
| 97 | if (!person) { |
---|
| 98 | flash.message = "Person not found with id $params.id" |
---|
| 99 | redirect action: list |
---|
| 100 | return |
---|
| 101 | } |
---|
| 102 | params.message = "To allow login at least the 'ROLE_AppUser' authority must be given." |
---|
| 103 | return buildPersonModel(person) |
---|
| 104 | } |
---|
[58] | 105 | |
---|
[150] | 106 | /** |
---|
[294] | 107 | * Person update action. |
---|
| 108 | */ |
---|
[150] | 109 | def update = { |
---|
[294] | 110 | Person.withTransaction { status -> |
---|
[58] | 111 | |
---|
[294] | 112 | def person = Person.get(params.id) |
---|
| 113 | if (!person) { |
---|
| 114 | flash.message = "Person not found with id $params.id" |
---|
| 115 | redirect action: edit, id: params.id |
---|
| 116 | return |
---|
| 117 | } |
---|
[58] | 118 | |
---|
[294] | 119 | long version = params.version.toLong() |
---|
| 120 | if (person.version > version) { |
---|
| 121 | person.errors.rejectValue 'version', "person.optimistic.locking.failure", |
---|
| 122 | "Another user has updated this Person while you were editing." |
---|
| 123 | render view: 'edit', model: buildPersonModel(person) |
---|
| 124 | return |
---|
| 125 | } |
---|
[58] | 126 | |
---|
[294] | 127 | person.properties = params |
---|
| 128 | person.setPersonGroupsFromCheckBoxList(params.personGroups) |
---|
[73] | 129 | |
---|
[294] | 130 | if(params.pass == "") { |
---|
| 131 | person.pass = "InsertNothingToClearValidation" |
---|
[73] | 132 | } |
---|
[294] | 133 | else { |
---|
| 134 | if (person.validate()) { |
---|
| 135 | person.password = authenticateService.encodePassword(params.pass) |
---|
| 136 | } |
---|
| 137 | } |
---|
[73] | 138 | |
---|
[294] | 139 | if (!person.hasErrors() && person.save(flush: true)) { |
---|
| 140 | addRemoveRoles(person) |
---|
| 141 | flash.message = "Person '$params.id - $params.loginName' updated." |
---|
| 142 | redirect action: show, id: person.id |
---|
| 143 | } |
---|
| 144 | else { |
---|
| 145 | render view: 'edit', model: buildPersonModel(person) |
---|
| 146 | } |
---|
[73] | 147 | |
---|
[294] | 148 | } //end withTransaction |
---|
| 149 | } // update() |
---|
[58] | 150 | |
---|
[150] | 151 | def create = { |
---|
| 152 | params.message = "To allow login at least the 'ROLE_AppUser' authority must be given." |
---|
[294] | 153 | [person: new Person(params), authorityList: getLimitedAuthorityList()] |
---|
[150] | 154 | } |
---|
[58] | 155 | |
---|
[150] | 156 | /** |
---|
[294] | 157 | * Person save action. |
---|
| 158 | */ |
---|
[150] | 159 | def save = { |
---|
[294] | 160 | Person.withTransaction { status -> |
---|
[58] | 161 | |
---|
[294] | 162 | def person = new Person() |
---|
| 163 | person.properties = params |
---|
| 164 | person.password = authenticateService.encodePassword(params.pass) |
---|
| 165 | person.setPersonGroupsFromCheckBoxList(params.personGroups) |
---|
| 166 | if (person.save(flush: true)) { |
---|
| 167 | addRemoveRoles(person) |
---|
| 168 | redirect action: show, id: person.id |
---|
| 169 | } |
---|
| 170 | else { |
---|
| 171 | render view: 'create', model: [person: person, authorityList: getLimitedAuthorityList()] |
---|
| 172 | } |
---|
| 173 | |
---|
| 174 | } //end withTransaction |
---|
[150] | 175 | } |
---|
[58] | 176 | |
---|
[294] | 177 | private void addRemoveRoles(person) { |
---|
| 178 | for (key in params.keySet()) { |
---|
| 179 | if(key.startsWith("ROLE")) |
---|
[150] | 180 | Authority.findByAuthority(key).addToPersons(person) |
---|
[294] | 181 | else if(key.startsWith("_ROLE")) |
---|
| 182 | Authority.findByAuthority(key.substring(1)).removeFromPersons(person) |
---|
[150] | 183 | } |
---|
| 184 | } |
---|
[58] | 185 | |
---|
[150] | 186 | private Map buildPersonModel(person) { |
---|
[58] | 187 | |
---|
[294] | 188 | List roles = getLimitedAuthorityList() |
---|
[150] | 189 | roles.sort { r1, r2 -> |
---|
| 190 | r1.authority <=> r2.authority |
---|
| 191 | } |
---|
| 192 | Set userRoleNames = [] |
---|
| 193 | for (role in person.authorities) { |
---|
| 194 | userRoleNames << role.authority |
---|
| 195 | } |
---|
| 196 | LinkedHashMap<Authority, Boolean> roleMap = [:] |
---|
| 197 | for (role in roles) { |
---|
| 198 | roleMap[(role)] = userRoleNames.contains(role.authority) |
---|
| 199 | } |
---|
[58] | 200 | |
---|
[150] | 201 | return [person: person, roleMap: roleMap] |
---|
| 202 | } |
---|
[294] | 203 | |
---|
| 204 | /** |
---|
| 205 | * Get the full authorityList if current user is an App Admin else leave that authority off the list. |
---|
| 206 | */ |
---|
| 207 | def getLimitedAuthorityList = { |
---|
| 208 | def authorityList = [] |
---|
| 209 | if(authenticateService.ifAnyGranted('ROLE_AppAdmin')) |
---|
| 210 | authorityList = Authority.list().sort { p1, p2 -> p1.authority.compareToIgnoreCase(p2.authority) } |
---|
| 211 | else |
---|
| 212 | authorityList = Authority.withCriteria { gt("id", 1L) }.sort { p1, p2 -> p1.authority.compareToIgnoreCase(p2.authority) } |
---|
| 213 | |
---|
| 214 | return authorityList |
---|
| 215 | } |
---|
[58] | 216 | } |
---|