/**
  * Checks if user role matches provided groups distinguished name.
  *
  * @param context
  * @param groupDn
  * @return true if managed user role is same as groupDn
  */
 protected boolean checkRole(User user, String groupDn) {
   boolean isSelf = false;
   Groups groups = user.getGroups();
   for (Group group : groups.values()) {
     String dn = Val.chkStr(group.getDistinguishedName());
     if (dn.equals(groupDn)) {
       isSelf = true;
       break;
     }
   }
   return isSelf;
 }
  private void executeModifyGroupAttribute(
      HttpServletRequest request,
      HttpServletResponse response,
      RequestContext context,
      boolean isAddAttributeRequest)
      throws IdentityException, IOException, NamingException, SQLException,
          CredentialPolicyException {
    String mimeType = "application/json";
    String filter = Val.chkStr(request.getParameter("q"));
    String attributeName = Val.chkStr(request.getParameter("an"));
    String attributeValue = Val.chkStr(request.getParameter("av"));
    if (filter.length() == 0) {
      response.getWriter().write("{ \"response\" : \"noResults\" }");
      return;
    }

    IdentityAdapter idAdapter = context.newIdentityAdapter();

    /*User selectableUser = new User();
    selectableUser.setDistinguishedName("*");
    idAdapter.readUserGroups(selectableUser);
    selectableGroups = selectableUser.getGroups();*/

    Groups groups = idAdapter.readGroups(filter);
    for (Group g : groups.values()) {
      if (isAddAttributeRequest) {
        try {
          idAdapter.addAttribute(g.getDistinguishedName(), attributeName, attributeValue);
        } catch (AttributeInUseException aiue) {
          // TODO : do nothing if attribute exists ? or overwrite ?
        }
      } else {
        idAdapter.removeAttribute(g.getDistinguishedName(), attributeName, attributeValue);
      }
    }

    writeCharacterResponse(
        response,
        "{ \"response\" : \"Group attribute modification was successful.\" }",
        "UTF-8",
        mimeType + ";charset=UTF-8");
  }
  /**
   * Serializes user information from ldap to json string.
   *
   * @param context request context
   * @param user the user to be serialized
   * @return the user profile information serialized as json string.
   * @throws IdentityException if a system error occurs preventing the action
   * @throws NamingException if an LDAP naming exception occurs
   */
  protected String serializeUserAsJson(RequestContext context, User user)
      throws IdentityException, NamingException {
    String usersJson = "{ \"attributes\": [";
    UserAttributeMap attributes = user.getProfile();
    boolean first = true;
    List<String> sortedKeys = new ArrayList<String>(attributes.keySet());
    // Collections.sort(sortedKeys); TODO to sort or not ?
    for (int i = 0; i < sortedKeys.size(); i++) {
      UserAttribute attr = attributes.get(sortedKeys.get(i));
      String key =
          Val.chkStr(msgBroker.retrieveMessage("catalog.identity.profile.label." + attr.getKey()));
      String value = "";
      value = Val.chkStr(attr.getValue());
      if (attr.getKey().equalsIgnoreCase("password")) continue;
      if (!first) {
        usersJson += ",";
      } else {
        first = false;
      }
      usersJson +=
          " { \"key\" : \""
              + Val.escapeStrForJson(key)
              + "\" , \"value\" : \""
              + Val.escapeStrForJson(value)
              + "\" }";
    }
    usersJson += " ] , ";

    usersJson += " \"userDn\" : \"" + user.getDistinguishedName() + " \" , ";

    String groupsJson = " \"groups\" : [";
    Groups groups = user.getGroups();
    groups.sort();
    boolean firstGroup = true;
    for (Group group : groups.values()) {
      String gkey = Val.chkStr(group.getKey());
      String name = Val.chkStr(group.getName());
      String dn = Val.chkStr(group.getDistinguishedName());
      if (!firstGroup) {
        groupsJson += ",";
      } else {
        firstGroup = false;
      }
      groupsJson +=
          " { \"key\" : \""
              + Val.escapeStrForJson(gkey)
              + "\" , \"name\" : \""
              + Val.escapeStrForJson(name)
              + "\" , \"dn\" : \""
              + Val.escapeStrForJson(dn)
              + "\" }";
    }
    groupsJson += " ] , ";

    String rolesJson = " \"selectableRoles\" : [";
    Roles roles = buildSelectableRoles(context);
    sortedKeys = new ArrayList<String>(roles.keySet());
    Collections.sort(sortedKeys);
    boolean firstRole = true;
    for (int i = 0; i < sortedKeys.size(); i++) {
      Role role = roles.get(sortedKeys.get(i));
      String roleDn = Val.chkStr(role.getDistinguishedName());
      String roleKey = Val.chkStr(role.getKey());
      String roleName = msgBroker.retrieveMessage(Val.chkStr(role.getResKey()));
      if (!role.isManage()) continue;
      boolean hasRole = false;
      for (Group group : groups.values()) {
        String groupDn = Val.chkStr(group.getDistinguishedName());
        if (roleDn.equals(groupDn)) {
          hasRole = true;
          break;
        }
      }
      if (!firstRole) {
        rolesJson += ",";
      } else {
        firstRole = false;
      }
      rolesJson +=
          " { \"roleName\" : \""
              + Val.escapeStrForJson(roleName)
              + "\" , \"roleDn\" : \""
              + Val.escapeStrForJson(roleDn)
              + "\" , \"roleKey\" : \""
              + Val.escapeStrForJson(roleKey)
              + "\" , \"hasRole\" : \""
              + hasRole
              + "\" }";
    }
    rolesJson += " ] } ";
    String json = usersJson + groupsJson + rolesJson;
    return json;
  }