SystemRolesAndRightsForm.java

/**
* OLAT - Online Learning and Training<br>
* http://www.olat.org
* <p>
* Licensed under the Apache License, Version 2.0 (the "License"); <br>
* you may not use this file except in compliance with the License.<br>
* You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing,<br>
* software distributed under the License is distributed on an "AS IS" BASIS, <br>
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. <br>
* See the License for the specific language governing permissions and <br>
* limitations under the License.
* <p>
* Copyright (c) since 2004 at Multimedia- & E-Learning Services (MELS),<br>
* University of Zurich, Switzerland.
* <hr>
* <a href="http://www.openolat.org">
* OpenOLAT - Online Learning and Training</a><br>
* This file has been modified by the OpenOLAT community. Changes are licensed
* under the Apache 2.0 license as the original file.
*/

package org.olat.admin.user;

import java.util.ArrayList;
import java.util.List;

import org.olat.basesecurity.BaseSecurity;
import org.olat.basesecurity.BaseSecurityModule;
import org.olat.basesecurity.Constants;
import org.olat.basesecurity.SecurityGroup;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.form.flexible.FormItem;
import org.olat.core.gui.components.form.flexible.FormItemContainer;
import org.olat.core.gui.components.form.flexible.elements.MultipleSelectionElement;
import org.olat.core.gui.components.form.flexible.elements.SelectionElement;
import org.olat.core.gui.components.form.flexible.elements.SingleSelection;
import org.olat.core.gui.components.form.flexible.elements.SpacerElement;
import org.olat.core.gui.components.form.flexible.impl.FormBasicController;
import org.olat.core.gui.components.form.flexible.impl.FormEvent;
import org.olat.core.gui.components.form.flexible.impl.FormLayoutContainer;
import org.olat.core.gui.control.Controller;
import org.olat.core.gui.control.Event;
import org.olat.core.gui.control.WindowControl;
import org.olat.core.id.Identity;
import org.springframework.beans.factory.annotation.Autowired;


/**
 * Initial Date:  Jan 27, 2006
 * @author gnaegi
 * @author matthai
 * <pre>
 * Description:
 * Form to configure the users system roles and the basic type 
 * of the user account (user or guest).
 */

public class SystemRolesAndRightsForm extends FormBasicController {
	
	private SingleSelection AnonymousRE;
	private SelectionElement RolesSE;
	private SpacerElement rolesSep;
	private SpacerElement sysSep;
	private SingleSelection statusRE;
	private MultipleSelectionElement sendLoginDeniedEmailCB;
	
	private Identity identity;
	private final boolean iAmOlatAdmin;
	private final boolean isAdmin, isUserManager, isAuthor, isGroupManager, isPoolManager, isGuestOnly, isInstitutionalResourceManager;
	private final boolean canGuestsByConfig, canAuthorsByConfig, canGroupmanagersByConfig, canPoolmanagersByConfig, canInstitutionalResourceManagerByConfig, canStatus;

	private List<String> statusKeys, statusValues;
	private List<String> roleKeys, roleValues;
	
	private static final String KUSER   = "isUserManager";
	private static final String KGROUP  = "isGroupManager";
	private static final String KPOOL   = "isPoolManager";
	private static final String KAUTHOR = "isAuthor";
	private static final String KADMIN  = "isAdmin";
	private static final String KRESMAN = "isInstitutionalResourcemanager";
	
	@Autowired
	private BaseSecurity secMgr;
	
	public SystemRolesAndRightsForm(UserRequest ureq, WindowControl wControl, Identity identity) {
		super(ureq, wControl);
		
		this.identity = identity;
		iAmOlatAdmin = ureq.getUserSession().getRoles().isOLATAdmin();

		// get user system roles groups from security manager
		SecurityGroup adminGroup = secMgr.findSecurityGroupByName(Constants.GROUP_ADMIN);
		isAdmin = secMgr.isIdentityInSecurityGroup(identity, adminGroup);
		
		SecurityGroup userManagerGroup = secMgr.findSecurityGroupByName(Constants.GROUP_USERMANAGERS);
		isUserManager = secMgr.isIdentityInSecurityGroup(identity, userManagerGroup);

		SecurityGroup authorGroup = secMgr.findSecurityGroupByName(Constants.GROUP_AUTHORS);
		isAuthor = secMgr.isIdentityInSecurityGroup(identity, authorGroup);
	
		SecurityGroup groupmanagerGroup = secMgr.findSecurityGroupByName(Constants.GROUP_GROUPMANAGERS);
		isGroupManager = secMgr.isIdentityInSecurityGroup(identity, groupmanagerGroup);
		
		SecurityGroup poolmanagerGroup = secMgr.findSecurityGroupByName(Constants.GROUP_POOL_MANAGER);
		isPoolManager = secMgr.isIdentityInSecurityGroup(identity, poolmanagerGroup);

		SecurityGroup isAnonymous = secMgr.findSecurityGroupByName(Constants.GROUP_ANONYMOUS);
		isGuestOnly = secMgr.isIdentityInSecurityGroup(identity, isAnonymous);
		
		SecurityGroup institutionalResourceManager = secMgr.findSecurityGroupByName(Constants.GROUP_INST_ORES_MANAGER);
		isInstitutionalResourceManager = secMgr.isIdentityInSecurityGroup(identity, institutionalResourceManager);
		
		statusKeys = new ArrayList<>(4);
		statusKeys.add(Integer.toString(Identity.STATUS_ACTIV));
		statusKeys.add(Integer.toString(Identity.STATUS_PERMANENT));
		statusKeys.add(Integer.toString(Identity.STATUS_LOGIN_DENIED));
		
		
		statusValues = new ArrayList<>(4);
		statusValues.add(translate("rightsForm.status.activ"));
		statusValues.add(translate("rightsForm.status.permanent"));
		statusValues.add(translate("rightsForm.status.login_denied"));
		
		if (identity.getStatus() == Identity.STATUS_DELETED) {
			statusKeys.add(Integer.toString(Identity.STATUS_DELETED));
			statusValues.add(translate("rightsForm.status.deleted"));
		}
		
		roleKeys = new ArrayList<>();
		roleValues = new ArrayList<>();

		canGuestsByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_GUESTS;	
		canAuthorsByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_AUTHORS;

		canPoolmanagersByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_POOLMANAGERS;		
		canGroupmanagersByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_GROUPMANAGERS;
		canInstitutionalResourceManagerByConfig = BaseSecurityModule.USERMANAGER_CAN_MANAGE_INSTITUTIONAL_RESOURCE_MANAGER;
		canStatus = BaseSecurityModule.USERMANAGER_CAN_MANAGE_INSTITUTIONAL_RESOURCE_MANAGER;

		if (iAmOlatAdmin) {
			roleKeys.add(KUSER);
			roleValues.add(translate("rightsForm.isUsermanager"));
		}
		
		if (iAmOlatAdmin || canGroupmanagersByConfig) {
			roleKeys.add(KGROUP);
			roleValues.add(translate("rightsForm.isGroupmanager"));
		}

		if (iAmOlatAdmin || canPoolmanagersByConfig) {
			roleKeys.add(KPOOL);
			roleValues.add(translate("rightsForm.isPoolmanager"));
		}

		if (iAmOlatAdmin || canAuthorsByConfig) {
			roleKeys.add(KAUTHOR);
			roleValues.add(translate("rightsForm.isAuthor"));
		}

		if (iAmOlatAdmin) {
			roleKeys.add(KADMIN);
			roleValues.add(translate("rightsForm.isAdmin"));
		}

		if (iAmOlatAdmin || canInstitutionalResourceManagerByConfig) {
			roleKeys.add(KRESMAN);
			String iname = identity.getUser().getProperty("institutionalName", null);
			roleValues.add(
				iname != null
				? translate("rightsForm.isInstitutionalResourceManager.institution",iname)
				: translate("rightsForm.isInstitutionalResourceManager")
			);
		}

		initForm(ureq);
	}

	private void update () {
		setAnonymous(isGuestOnly);
		
		setUsermanager(isUserManager);
		setGroupmanager(isGroupManager);
		setAuthor(isAuthor);
		setAdmin(isAdmin);
		setInstitutionalResourceManager(isInstitutionalResourceManager);
		setPoolmanager(isPoolManager);
		
		setStatus(identity.getStatus());
		
		RolesSE.setVisible(!isAnonymous());
		rolesSep.setVisible(!isAnonymous());
	}
	
	protected boolean isAdmin() {
		return getRole(KADMIN);
	}

	public void setAdmin(boolean isAdmin) {
		setRole (KADMIN, isAdmin);
	}

	public boolean isAnonymous() {
		return AnonymousRE.getSelectedKey().equals("true");
	}

	private void setAnonymous(boolean isAnonymous) {
			AnonymousRE.select(isAnonymous ? "true":"false", true);
	}

	protected boolean isAuthor() {
		return getRole(KAUTHOR);
	}

	protected void setAuthor(boolean isAuthor) {
		setRole(KAUTHOR, isAuthor);
	}

	protected boolean isGroupmanager() {
		return getRole(KGROUP);
	}

	private void setGroupmanager(boolean isGroupmanager) {
		setRole(KGROUP, isGroupmanager);
	}
	
	protected boolean isPoolmanager() {
		return getRole(KPOOL);
	}

	private void setPoolmanager(boolean isPoolmanager) {
		setRole(KPOOL, isPoolmanager);
	}

	protected boolean isUsermanager() {
		return getRole(KUSER);
	}

	private void setUsermanager(boolean isUsermanager) {
		setRole(KUSER, isUsermanager);
	}
	
	private void setInstitutionalResourceManager(boolean isInstitutionalResourceManager) {
		setRole(KRESMAN, isInstitutionalResourceManager);
	}
	
	public boolean isInstitutionalResourceManager() {
		return getRole(KRESMAN);
	}
	
	protected Integer getStatus() {
		return new Integer(statusRE.getSelectedKey());
	}
	
	private void setStatus(Integer status) {
		String statusStr = status.toString();
		for(String statusKey:statusKeys) {
			if(statusStr.equals(statusKey)) {
				statusRE.select(statusKey, true);
			}
		}
		statusRE.setEnabled(!Identity.STATUS_DELETED.equals(status));
	}

	public boolean getSendLoginDeniedEmail() {
		return sendLoginDeniedEmailCB.isSelected(0);
	}
	
	private void setRole (String k, boolean tf) {
		if (roleKeys.contains(k)) RolesSE.select(k, tf); 
	}
	
	private boolean getRole (String k) {
		return roleKeys.contains(k) ? RolesSE.isSelected(roleKeys.indexOf(k)) : false;
	}
	
	@Override
	protected void formOK(UserRequest ureq) {
		fireEvent (ureq, Event.DONE_EVENT);
	}
	
	@Override
	protected void formCancelled(UserRequest ureq) {
		fireEvent (ureq, Event.CANCELLED_EVENT);
	}
	
	@Override
	protected void formInnerEvent (UserRequest ureq, FormItem source, FormEvent event) {
		if (source == AnonymousRE) {
			RolesSE.setVisible(!isAnonymous());
			rolesSep.setVisible(!isAnonymous());
		} else if (source == statusRE && (iAmOlatAdmin || canStatus)) {
			sendLoginDeniedEmailCB.setVisible(statusRE.isSelected(2));
		}
		
	}

	@Override
	protected void initForm(FormItemContainer formLayout, Controller listener, UserRequest ureq) {
		
		AnonymousRE = uifactory.addRadiosVertical(
				"anonymous", "rightsForm.isAnonymous", formLayout, 
				new String[]{"true", "false"},
				new String[]{translate("rightsForm.isAnonymous.true"), translate("rightsForm.isAnonymous.false")}
		);
		sysSep = uifactory.addSpacerElement("syssep", formLayout, false);
		if (iAmOlatAdmin || canGuestsByConfig) {
			AnonymousRE.addActionListener(FormEvent.ONCLICK);
		} else {
			AnonymousRE.setVisible(false);
			sysSep.setVisible(false);
		}
		
		RolesSE = uifactory.addCheckboxesVertical(
				"roles", "rightsForm.roles", formLayout,
				roleKeys.toArray(new String[roleKeys.size()]),
				roleValues.toArray(new String[roleValues.size()]), 1);
		rolesSep = uifactory.addSpacerElement("rolesSep", formLayout, false);
		
		statusRE = uifactory.addRadiosVertical(
				"status", "rightsForm.status", formLayout,
				statusKeys.toArray(new String[statusKeys.size()]),
				statusValues.toArray(new String[statusKeys.size()])
		);
		statusRE.addActionListener(FormEvent.ONCHANGE);
		sendLoginDeniedEmailCB = uifactory.addCheckboxesHorizontal("rightsForm.sendLoginDeniedEmail", formLayout, new String[]{"y"}, new String[]{translate("rightsForm.sendLoginDeniedEmail")});
		sendLoginDeniedEmailCB.setLabel(null, null);
		
		rolesSep.setVisible(iAmOlatAdmin);
		statusRE.setVisible(iAmOlatAdmin || canStatus);
		if(isAdmin) {
			statusRE.setEnabled(false);
		}
		sendLoginDeniedEmailCB.setVisible(false);
		
		FormLayoutContainer buttonGroupLayout = FormLayoutContainer.createButtonLayout("buttonGroupLayout", getTranslator());
		formLayout.add(buttonGroupLayout);
		uifactory.addFormSubmitButton("submit", buttonGroupLayout);
		uifactory.addFormCancelButton("cancel", buttonGroupLayout, ureq, getWindowControl());
		
		update();
	}

	@Override
	protected void doDispose() {
		//
	}

}