/**
* Executes a remove member action.
*
* @param request HTTP request.
* @param response HTTP response.
* @param context request context
* @throws Exception if an exception occurs
*/
protected void executeRemoveMember(
HttpServletRequest request, HttpServletResponse response, RequestContext context)
throws Exception {
try {
String[] parts = request.getRequestURI().toString().split("/");
String member = Val.chkStr(request.getParameter("member"));
String attempt = Val.chkStr(request.getParameter("attempt"));
IdentityAdapter idAdapter = context.newIdentityAdapter();
User user = new User();
user.setDistinguishedName(member);
idAdapter.readUserProfile(user);
if (parts.length > 0) {
String groupIdentifier = URLDecoder.decode(parts[5].trim(), "UTF-8");
if (!groupIdentifier.endsWith(groupDIT)) {
IdentityConfiguration idConfig = context.getIdentityConfiguration();
Roles configuredRoles = idConfig.getConfiguredRoles();
Role roleRegistered = configuredRoles.get(groupIdentifier);
groupIdentifier = roleRegistered.getDistinguishedName();
}
boolean isSelf = checkSelf(context, member);
if ((isSelf && attempt.equals("2")) || !isSelf) {
boolean checkGroupConfigured = true;
if (checkIfAllowConfigured(context)) {
checkGroupConfigured = checkIfConfigured(context, groupIdentifier);
}
boolean isAllowedToManage = true;
isAllowedToManage = checkIfAllowedToManage(context, groupIdentifier);
if (checkGroupConfigured) {
if (isAllowedToManage) {
idAdapter.removeUserFromGroup(user, groupIdentifier);
response
.getWriter()
.write(msgBroker.retrieveMessage("catalog.identity.removeRole.success"));
} else {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST,
"{ \"error\":\""
+ groupIdentifier
+ " is not allowed to be managed in geoportal. \"}");
return;
}
} else {
response.sendError(
HttpServletResponse.SC_BAD_REQUEST,
"{ \"error\":\"" + groupIdentifier + " is not configured in geoportal. \"}");
return;
}
} else {
response.getWriter().write("prompt");
}
}
} finally {
}
}
/**
* Builds a collection of configured roles in Geoportal (gpt.xml).
*
* @param context the current request context (contains the active user)
* @return the collection of roles
*/
protected Roles buildSelectableRoles(RequestContext context) {
IdentityConfiguration idConfig = context.getIdentityConfiguration();
Roles selectableRoles = idConfig.getConfiguredRoles();
return selectableRoles;
}
/**
* Process the HTTP request.
*
* @param request HTTP request.
* @param response HTTP response.
* @param context request context
* @throws ServletException if error invoking command.
* @throws IOException if error writing to the buffer.
*/
@SuppressWarnings("unused")
protected void execute(
HttpServletRequest request, HttpServletResponse response, RequestContext context)
throws Exception {
msgBroker = new FacesContextBroker(request, response).extractMessageBroker();
String homePage = "/catalog/main/home.page";
String contextPath = request.getContextPath();
try {
if (!checkHasManageUsers(context)) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
}
checkRole(context);
} catch (NotAuthorizedException e) {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "{ \"error\":\"Not Authorized.\"}");
return;
}
String[] parts = request.getRequestURI().toString().split("/");
IdentityConfiguration idConfig = context.getIdentityConfiguration();
if (idConfig != null) {
LdapConfiguration ldapConfig = idConfig.getLdapConfiguration();
if (ldapConfig != null) {
userDIT = ldapConfig.getUserProperties().getUserSearchDIT();
groupDIT = ldapConfig.getGroupProperties().getGroupSearchDIT();
}
}
if (parts.length >= 5 && parts[4].equals("users") && parts[5].equals("search")) {
executeSearch(request, response, context);
} else if (parts.length >= 5 && parts[4].equals("users") && parts[5].equals("searchMembers")) {
executeSearchMembers(request, response, context);
} else if (parts.length >= 5 && (parts[4].equals("users")) && parts[5].equals("addAttribute")) {
// executeModifyUserAttribute(request,response,context,true);
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
} else if (parts.length >= 5
&& (parts[4].equals("users"))
&& parts[5].equals("removeAttribute")) {
// executeModifyUserAttribute(request,response,context,false);
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
} else if (parts.length >= 5
&& (parts[4].equals("groups"))
&& parts[5].equals("addAttribute")) {
// executeModifyGroupAttribute(request,response,context,true);
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
} else if (parts.length >= 5
&& (parts[4].equals("groups"))
&& parts[5].equals("removeAttribute")) {
executeModifyGroupAttribute(request, response, context, false);
} else if (parts.length >= 7 && parts[4].equals("users") && parts[6].equals("profile")) {
executeReadUser(request, response, context);
} else if (parts.length >= 7 && parts[4].equals("groups") && parts[6].equals("addMember")) {
executeAddMember(request, response, context);
} else if (parts.length >= 7 && parts[4].equals("groups") && parts[6].equals("removeMember")) {
executeRemoveMember(request, response, context);
} else if (parts.length >= 7 && parts[4].equals("users") && parts[6].equals("delete")) {
if (!checkHasDeleteUser(context)) {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
}
executeDeleteUser(request, response, context);
} else if (parts.length >= 5 && parts[4].equals("users")) {
executeReadUser(request, response, context);
} else if (parts.length >= 5 && parts[4].equals("groups") && parts[5].equals("configured")) {
executeReadConfigureRoles(request, response, context);
} else {
response.sendError(HttpServletResponse.SC_BAD_REQUEST, "{ \"error\":\"Invalid request.\"}");
return;
}
}
