ManagePasswordsAction.java

/*
    This file is part of Cyclos (www.cyclos.org).
    A project of the Social Trade Organisation (www.socialtrade.org).

    Cyclos is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    Cyclos is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with Cyclos; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

 */
package nl.strohalm.cyclos.controls.access;

import javax.servlet.http.HttpServletRequest;

import nl.strohalm.cyclos.access.AdminMemberPermission;
import nl.strohalm.cyclos.access.BrokerPermission;
import nl.strohalm.cyclos.controls.ActionContext;
import nl.strohalm.cyclos.controls.BaseAction;
import nl.strohalm.cyclos.entities.access.AdminUser;
import nl.strohalm.cyclos.entities.access.MemberUser;
import nl.strohalm.cyclos.entities.access.OperatorUser;
import nl.strohalm.cyclos.entities.access.User;
import nl.strohalm.cyclos.entities.groups.BasicGroupSettings;
import nl.strohalm.cyclos.entities.members.Element;
import nl.strohalm.cyclos.entities.members.Member;
import nl.strohalm.cyclos.entities.members.Operator;
import nl.strohalm.cyclos.utils.RelationshipHelper;
import nl.strohalm.cyclos.utils.validation.ValidationException;

import org.apache.struts.action.ActionForward;

/**
 * Action used to manage an user's passwords: login and transaction
 * @author luis
 */
public class ManagePasswordsAction extends BaseAction {

    @Override
    protected ActionForward executeAction(final ActionContext context) throws Exception {
        final HttpServletRequest request = context.getRequest();
        final ManagePasswordsForm form = context.getForm();
        final long userId = form.getUserId();
        User user = null;
        try {
            if (userId > 0L) {
                user = elementService.loadUser(userId, RelationshipHelper.nested(User.Relationships.ELEMENT, Element.Relationships.GROUP));
            }
            if (user == null) {
                throw new Exception();
            }
        } catch (final Exception e) {
            throw new ValidationException();
        }

        Element element = user.getElement();
        if (element instanceof Operator) {
            element = elementService.load(element.getId(), RelationshipHelper.nested(Operator.Relationships.MEMBER, Element.Relationships.GROUP));
        }
        final BasicGroupSettings groupSettings = element.getGroup().getBasicSettings();
        boolean sendPasswordByEmail = false;
        if (user instanceof MemberUser) {
            sendPasswordByEmail = ((MemberUser) user).getMember().getMemberGroup().getMemberSettings().isSendPasswordByEmail();
        }

        boolean canChangePassword = false;
        boolean canResetPassword = false;
        boolean canManageTransactionPassword = false;

        final boolean tpUsed = groupSettings.getTransactionPassword() != null && groupSettings.getTransactionPassword().isUsed();

        // Determine which the actions can be performed
        if (context.isAdmin()) {
            canChangePassword = permissionService.hasPermission(AdminMemberPermission.ACCESS_CHANGE_PASSWORD);
            // Only can reset if send password by mail is enabled
            canResetPassword = sendPasswordByEmail && permissionService.hasPermission(AdminMemberPermission.ACCESS_RESET_PASSWORD);
            // Only can change TP if it is used
            canManageTransactionPassword = tpUsed && permissionService.hasPermission(AdminMemberPermission.ACCESS_TRANSACTION_PASSWORD);
        } else if (context.isMember()) {
            if (user instanceof OperatorUser) {
                // A member can manage it's operators passwords
                canChangePassword = true;
                canManageTransactionPassword = groupSettings.getTransactionPassword() != null && groupSettings.getTransactionPassword().isUsed();
                ;
            } else {
                // A member accessing as a broker
                if (!(user instanceof MemberUser) || !context.isBrokerOf((Member) element)) {
                    throw new ValidationException();
                }
                canChangePassword = permissionService.hasPermission(BrokerPermission.MEMBER_ACCESS_CHANGE_PASSWORD);
                // Only can reset if send password by mail is enabled
                canResetPassword = sendPasswordByEmail && permissionService.hasPermission(BrokerPermission.MEMBER_ACCESS_RESET_PASSWORD);
                canManageTransactionPassword = tpUsed && permissionService.hasPermission(BrokerPermission.MEMBER_ACCESS_TRANSACTION_PASSWORD);
            }
        }
        request.setAttribute("ofAdmin", user instanceof AdminUser);
        request.setAttribute("ofOperator", user instanceof OperatorUser);
        request.setAttribute("user", user);
        request.setAttribute("canChangePassword", canChangePassword);
        request.setAttribute("canResetPassword", canResetPassword);
        request.setAttribute("canManageTransactionPassword", canManageTransactionPassword);
        return context.getInputForward();
    }
}