AdminManagerImpl.java example

Explorer
ORCID-Source-master
/**
 * =============================================================================
 *
 * ORCID (R) Open Source
 * http://orcid.org
 *
 * Copyright (c) 2012-2014 ORCID, Inc.
 * Licensed under an MIT-Style License (MIT)
 * http://orcid.org/open-source-license
 *
 * This copyright and license information (including a link to the full license)
 * shall be included in its entirety in all copies or substantial portion of
 * the software.
 *
 * =============================================================================
 */
package org.orcid.core.manager.impl;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;

import javax.annotation.Resource;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.orcid.core.admin.LockReason;
import org.orcid.core.locale.LocaleManager;
import org.orcid.core.manager.AdminManager;
import org.orcid.core.manager.EmailManager;
import org.orcid.core.manager.EncryptionManager;
import org.orcid.core.manager.NotificationManager;
import org.orcid.core.manager.ProfileEntityCacheManager;
import org.orcid.core.manager.ProfileEntityManager;
import org.orcid.core.utils.JsonUtils;
import org.orcid.jaxb.model.record_v2.Email;
import org.orcid.persistence.dao.GivenPermissionToDao;
import org.orcid.persistence.jpa.entities.ProfileEntity;
import org.orcid.pojo.AdminDelegatesRequest;
import org.orcid.pojo.ProfileDeprecationRequest;
import org.springframework.transaction.annotation.Transactional;

public class AdminManagerImpl implements AdminManager {
    public static final String AUTHORIZE_DELEGATION_ACTION = "/manage/authorize-delegates";
    
    @Resource
    private ProfileEntityManager profileEntityManager;        
    
    @Resource
    private EmailManager emailManager;
    
    @Resource
    private LocaleManager localeManager;
    
    @Resource
    NotificationManager notificationManager;
    
    @Resource
    private EncryptionManager encryptionManager;
    
    @Resource
    private OrcidUrlManager orcidUrlManager;
    
    @Resource
    private GivenPermissionToDao givenPermissionToDao;
    
    @Resource(name = "profileEntityCacheManager")
    private ProfileEntityCacheManager profileEntityCacheManager;
    
    @Override    
    @Transactional
    public boolean deprecateProfile(ProfileDeprecationRequest result, String deprecatedOrcid, String primaryOrcid) {        
        // Get deprecated profile
        ProfileEntity deprecated = profileEntityCacheManager.retrieve(deprecatedOrcid);
        ProfileEntity primary = profileEntityCacheManager.retrieve(primaryOrcid);        
        
        // If both users exists
        if (deprecated != null && primary != null) {
            // If account is already deprecated
            if (deprecated.getDeprecatedDate() != null) {
                result.getErrors().add(localeManager.resolveMessage("admin.profile_deprecation.errors.already_deprecated", deprecatedOrcid));
            } else if (primary.getDeprecatedDate() != null) {
                // If primary is deprecated
                result.getErrors().add(localeManager.resolveMessage("admin.profile_deprecation.errors.primary_account_deprecated", primaryOrcid));
            } else {
                // If the primary account is deactivated, return an error
                if (primary.getDeactivationDate() != null) {
                    result.getErrors().add(localeManager.resolveMessage("admin.profile_deprecation.errors.primary_account_is_deactivated", primaryOrcid));
                } else {                    
                    return profileEntityManager.deprecateProfile(deprecatedOrcid, primaryOrcid);
                }
            }
        }
        
        return false;
    }
    
    public AdminDelegatesRequest startDelegationProcess(AdminDelegatesRequest request, String trusted, String managed) {
        boolean haveErrors = false;
        // The permission should not already exist
        if (givenPermissionToDao.findByGiverAndReceiverOrcid(managed, trusted) != null) {
            request.getErrors().add(localeManager.resolveMessage("admin.delegate.error.permission_already_exists", trusted, managed));
            haveErrors = true;
        }
        
        // Restriction #1: Both accounts must be claimed
        boolean isTrustedClaimed = profileEntityManager.isProfileClaimed(trusted);
        boolean isManagedClaimed = profileEntityManager.isProfileClaimed(managed);

        if (!isTrustedClaimed || !isManagedClaimed) {
            if (!isTrustedClaimed && !isManagedClaimed) {
                request.getErrors().add(localeManager.resolveMessage("admin.delegate.error.not_claimed.both", trusted, request.getManaged().getValue()));
            } else if (!isTrustedClaimed) {
                request.getTrusted().getErrors().add(localeManager.resolveMessage("admin.delegate.error.not_claimed", request.getTrusted().getValue()));
            } else {
                request.getManaged().getErrors().add(localeManager.resolveMessage("admin.delegate.error.not_claimed", request.getManaged().getValue()));
            }
            haveErrors = true;
        }

        // Restriction #2: Trusted individual must have a verified primary email
        // address
        if (!emailManager.isPrimaryEmailVerified(trusted)) {
            request.getTrusted().getErrors().add(localeManager.resolveMessage("admin.delegate.error.primary_email_not_verified", request.getTrusted().getValue()));
            haveErrors = true;
        }

        // Restriction #3: They cant be the same account
        if (trusted.equalsIgnoreCase(managed)) {
            request.getErrors().add(localeManager.resolveMessage("admin.delegate.error.cant_be_the_same", request.getTrusted().getValue(), request.getManaged().getValue()));
            haveErrors = true;
        }

        if (haveErrors)
            return request;

        // Generate link
        String link = generateEncryptedLink(trusted, managed);

        // Send email to managed account
        notificationManager.sendDelegationRequestEmail(managed, trusted, link);

        Email primaryEmail = emailManager.findPrimaryEmail(managed);
        
        request.setSuccessMessage(localeManager.resolveMessage("admin.delegate.admin.success", primaryEmail.getEmail()));
        
        return request;
    }
    
    /**
     * Encrypts a string
     * 
     * @param unencrypted
     * @return the string encrypted
     * */
    private String generateEncryptedLink(String trusted, String managed) {
        Map<String, String> params = new HashMap<String, String>();
        params.put(TRUSTED_USER_PARAM, trusted);
        params.put(MANAGED_USER_PARAM, managed);
        String paramsString = JsonUtils.convertToJsonString(params);
        if (StringUtils.isNotBlank(paramsString)) {
            String encryptedParams = encryptionManager.encryptForExternalUse(paramsString);
            String base64EncodedParams = Base64.encodeBase64URLSafeString(encryptedParams.getBytes());
            String url = orcidUrlManager.getBaseUrl() + AUTHORIZE_DELEGATION_ACTION + "?key=" + base64EncodedParams;
            return url;
        } else {
            return null;
        }
    }
    
    @Override
    public String removeSecurityQuestion(String orcid) {
        if(profileEntityManager.orcidExists(orcid)) {                    
            profileEntityManager.updateSecurityQuestion(orcid, null, null);
        } else {
            return localeManager.resolveMessage("admin.errors.unable_to_fetch_info");
        }        
        return null;
    }

    @Override
    public List<String> getLockReasons() {
        return Arrays.asList(LockReason.values()).stream().map(lr -> lr.getLabel()).collect(Collectors.toList());
    }
}