/**
   * Displays a list of users that can be managed by admins
   *
   * @param request
   * @param response
   * @return
   */
  @SuppressWarnings("unchecked")
  @PreAuthorize("hasRole('STORE_ADMIN')")
  @RequestMapping(
      value = "/admin/users/paging.html",
      method = RequestMethod.POST,
      produces = "application/json")
  public @ResponseBody String pageUsers(HttpServletRequest request, HttpServletResponse response) {

    AjaxResponse resp = new AjaxResponse();
    MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);

    String sCurrentUser = request.getRemoteUser();

    try {

      User currentUser = userService.getByUserName(sCurrentUser);
      List<User> users = null;
      if (UserUtils.userInGroup(currentUser, Constants.GROUP_SUPERADMIN)) {
        users = userService.listUser();
      } else {
        users = userService.listByStore(store);
      }

      for (User user : users) {

        if (!UserUtils.userInGroup(user, Constants.GROUP_SUPERADMIN)) {

          if (!currentUser.equals(user.getAdminName())) {

            @SuppressWarnings("rawtypes")
            Map entry = new HashMap();
            entry.put("userId", user.getId());
            entry.put("name", user.getFirstName() + " " + user.getLastName());
            entry.put("email", user.getAdminEmail());
            entry.put("active", user.isActive());
            resp.addDataEntry(entry);
          }
        }
      }

      resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);

    } catch (Exception e) {
      LOGGER.error("Error while paging products", e);
      resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
    }

    String returnString = resp.toJSONString();

    return returnString;
  }
  @PreAuthorize("hasRole('AUTH')")
  @RequestMapping(
      value = "/admin/users/remove.html",
      method = RequestMethod.POST,
      produces = "application/json")
  public @ResponseBody String removeUser(HttpServletRequest request, Locale locale)
      throws Exception {

    // do not remove super admin

    String sUserId = request.getParameter("userId");

    AjaxResponse resp = new AjaxResponse();

    String userName = request.getRemoteUser();
    User remoteUser = userService.getByUserName(userName);

    try {

      Long userId = Long.parseLong(sUserId);
      User user = userService.getById(userId);

      /** In order to remove a User the logged in ser must be STORE_ADMIN or SUPER_USER */
      if (user == null) {
        resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        return resp.toJSONString();
      }

      if (!request.isUserInRole(Constants.GROUP_ADMIN)) {
        resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        return resp.toJSONString();
      }

      // check if the user removed has group ADMIN
      boolean isAdmin = false;
      if (UserUtils.userInGroup(remoteUser, Constants.GROUP_ADMIN)
          || UserUtils.userInGroup(remoteUser, Constants.GROUP_SUPERADMIN)) {
        isAdmin = true;
      }

      if (!isAdmin) {
        resp.setStatusMessage(
            messages.getMessage("message.security.caanotremovesuperadmin", locale));
        resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
        return resp.toJSONString();
      }

      userService.delete(user);

      resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);

    } catch (Exception e) {
      LOGGER.error("Error while deleting product price", e);
      resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
      resp.setErrorMessage(e);
    }

    String returnString = resp.toJSONString();

    return returnString;
  }