/**
* Displays a list of users that can be managed by admins
*
* @param request
* @param response
* @return
*/
@SuppressWarnings("unchecked")
@PreAuthorize("hasRole('STORE_ADMIN')")
@RequestMapping(
value = "/admin/users/paging.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String pageUsers(HttpServletRequest request, HttpServletResponse response) {
AjaxResponse resp = new AjaxResponse();
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
String sCurrentUser = request.getRemoteUser();
try {
User currentUser = userService.getByUserName(sCurrentUser);
List<User> users = null;
if (UserUtils.userInGroup(currentUser, Constants.GROUP_SUPERADMIN)) {
users = userService.listUser();
} else {
users = userService.listByStore(store);
}
for (User user : users) {
if (!UserUtils.userInGroup(user, Constants.GROUP_SUPERADMIN)) {
if (!currentUser.equals(user.getAdminName())) {
@SuppressWarnings("rawtypes")
Map entry = new HashMap();
entry.put("userId", user.getId());
entry.put("name", user.getFirstName() + " " + user.getLastName());
entry.put("email", user.getAdminEmail());
entry.put("active", user.isActive());
resp.addDataEntry(entry);
}
}
}
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
} catch (Exception e) {
LOGGER.error("Error while paging products", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
}
String returnString = resp.toJSONString();
return returnString;
}
// password reset functionality --- Sajid Shajahan
@RequestMapping(
value = "/admin/users/resetPasswordSecurityQtn.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String resetPasswordSecurityQtn(
@ModelAttribute(value = "userReset") UserReset userReset,
HttpServletRequest request,
HttpServletResponse response,
Locale locale) {
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
Language userLanguage = null;
Locale userLocale = null;
AjaxResponse resp = new AjaxResponse();
// String question1 = request.getParameter("question1");
// String question2 = request.getParameter("question2");
// String question3 = request.getParameter("question3");
String answer1 = request.getParameter("answer1");
String answer2 = request.getParameter("answer2");
String answer3 = request.getParameter("answer3");
try {
HttpSession session = request.getSession();
User dbUser = userService.getByUserName((String) session.getAttribute("username_reset"));
if (dbUser != null) {
if (dbUser.getAnswer1().equals(answer1.trim())
&& dbUser.getAnswer2().equals(answer2.trim())
&& dbUser.getAnswer3().equals(answer3.trim())) {
userLanguage = dbUser.getDefaultLanguage();
userLocale = LocaleUtils.getLocale(userLanguage);
String tempPass = userReset.generateRandomString();
String pass = passwordEncoder.encodePassword(tempPass, null);
dbUser.setAdminPassword(pass);
userService.update(dbUser);
// send email
try {
String[] storeEmail = {store.getStoreEmailAddress()};
Map<String, String> templateTokens =
EmailUtils.createEmailObjectsMap(
request.getContextPath(), store, messages, userLocale);
templateTokens.put(
EmailConstants.EMAIL_RESET_PASSWORD_TXT,
messages.getMessage("email.user.resetpassword.text", userLocale));
templateTokens.put(
EmailConstants.EMAIL_CONTACT_OWNER,
messages.getMessage("email.contactowner", storeEmail, userLocale));
templateTokens.put(
EmailConstants.EMAIL_PASSWORD_LABEL,
messages.getMessage("label.generic.password", userLocale));
templateTokens.put(EmailConstants.EMAIL_USER_PASSWORD, tempPass);
Email email = new Email();
email.setFrom(store.getStorename());
email.setFromEmail(store.getStoreEmailAddress());
email.setSubject(messages.getMessage("label.generic.changepassword", userLocale));
email.setTo(dbUser.getAdminEmail());
email.setTemplateName(RESET_PASSWORD_TPL);
email.setTemplateTokens(templateTokens);
emailService.sendHtmlEmail(store, email);
} catch (Exception e) {
LOGGER.error("Cannot send email to user", e);
}
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
resp.setStatusMessage(messages.getMessage("User.resetPassword.resetSuccess", locale));
} else {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.wrongSecurityQtn", locale));
}
} else {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.userNotFound", locale));
}
} catch (ServiceException e) {
e.printStackTrace();
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale));
}
String returnString = resp.toJSONString();
return returnString;
}
// password reset functionality --- Sajid Shajahan
@RequestMapping(
value = "/admin/users/resetPassword.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String resetPassword(
HttpServletRequest request, HttpServletResponse response, Locale locale) {
AjaxResponse resp = new AjaxResponse();
String userName = request.getParameter("username");
/**
* Get User with userService.getByUserName Get 3 security questions from User.getQuestion1,
* user.getQuestion2, user.getQuestion3
*/
HttpSession session = request.getSession();
session.setAttribute("username_reset", userName);
try {
if (!StringUtils.isBlank(userName)) {
User dbUser = userService.getByUserName(userName);
if (dbUser == null) {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("message.username.notfound", locale));
return resp.toJSONString();
}
Map<String, String> entry = new HashMap<String, String>();
entry.put(QUESTION_1, dbUser.getQuestion1());
entry.put(QUESTION_2, dbUser.getQuestion2());
entry.put(QUESTION_3, dbUser.getQuestion3());
resp.addDataEntry(entry);
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
} else {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale));
}
} catch (Exception e) {
e.printStackTrace();
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setStatusMessage(messages.getMessage("User.resetPassword.Error", locale));
return resp.toJSONString();
}
String returnString = resp.toJSONString();
return returnString;
}
@PreAuthorize("hasRole('AUTH')")
@RequestMapping(
value = "/admin/users/remove.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String removeUser(HttpServletRequest request, Locale locale)
throws Exception {
// do not remove super admin
String sUserId = request.getParameter("userId");
AjaxResponse resp = new AjaxResponse();
String userName = request.getRemoteUser();
User remoteUser = userService.getByUserName(userName);
try {
Long userId = Long.parseLong(sUserId);
User user = userService.getById(userId);
/** In order to remove a User the logged in ser must be STORE_ADMIN or SUPER_USER */
if (user == null) {
resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
if (!request.isUserInRole(Constants.GROUP_ADMIN)) {
resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
// check if the user removed has group ADMIN
boolean isAdmin = false;
if (UserUtils.userInGroup(remoteUser, Constants.GROUP_ADMIN)
|| UserUtils.userInGroup(remoteUser, Constants.GROUP_SUPERADMIN)) {
isAdmin = true;
}
if (!isAdmin) {
resp.setStatusMessage(
messages.getMessage("message.security.caanotremovesuperadmin", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
userService.delete(user);
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
} catch (Exception e) {
LOGGER.error("Error while deleting product price", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setErrorMessage(e);
}
String returnString = resp.toJSONString();
return returnString;
}
@PreAuthorize("hasRole('AUTH')")
@RequestMapping(
value = "/admin/users/checkUserCode.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String checkUserCode(
HttpServletRequest request, HttpServletResponse response, Locale locale) {
String code = request.getParameter("code");
String id = request.getParameter("id");
AjaxResponse resp = new AjaxResponse();
try {
if (StringUtils.isBlank(code)) {
resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST);
return resp.toJSONString();
}
User user = userService.getByUserName(code);
if (!StringUtils.isBlank(id) && user != null) {
try {
Long lid = Long.parseLong(id);
if (user.getAdminName().equals(code) && user.getId() == lid) {
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
return resp.toJSONString();
}
} catch (Exception e) {
resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST);
return resp.toJSONString();
}
}
if (StringUtils.isBlank(code)) {
resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST);
return resp.toJSONString();
}
if (user != null) {
resp.setStatus(AjaxResponse.CODE_ALREADY_EXIST);
return resp.toJSONString();
}
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
} catch (Exception e) {
LOGGER.error("Error while getting user", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setErrorMessage(e);
}
String returnString = resp.toJSONString();
return returnString;
}
@PreAuthorize("hasRole('CUSTOMER')")
@RequestMapping(
value = "/admin/customers/resetPassword.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String resetPassword(
HttpServletRequest request, HttpServletResponse response) {
String customerId = request.getParameter("customerId");
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
AjaxResponse resp = new AjaxResponse();
try {
Long id = Long.parseLong(customerId);
Customer customer = customerService.getById(id);
if (customer == null) {
resp.setErrorString("Customer does not exist");
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
if (customer.getMerchantStore().getId().intValue() != store.getId().intValue()) {
resp.setErrorString("Invalid customer id");
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
Language userLanguage = customer.getDefaultLanguage();
Locale customerLocale = LocaleUtils.getLocale(userLanguage);
String password = UserReset.generateRandomString();
String encodedPassword = passwordEncoder.encodePassword(password, null);
customer.setPassword(encodedPassword);
customerService.saveOrUpdate(customer);
// send email
try {
// creation of a user, send an email
String[] storeEmail = {store.getStoreEmailAddress()};
Map<String, String> templateTokens =
EmailUtils.createEmailObjectsMap(
request.getContextPath(), store, messages, customerLocale);
templateTokens.put(
EmailConstants.LABEL_HI, messages.getMessage("label.generic.hi", customerLocale));
templateTokens.put(
EmailConstants.EMAIL_CUSTOMER_FIRSTNAME, customer.getBilling().getFirstName());
templateTokens.put(
EmailConstants.EMAIL_CUSTOMER_LASTNAME, customer.getBilling().getLastName());
templateTokens.put(
EmailConstants.EMAIL_RESET_PASSWORD_TXT,
messages.getMessage("email.customer.resetpassword.text", customerLocale));
templateTokens.put(
EmailConstants.EMAIL_CONTACT_OWNER,
messages.getMessage("email.contactowner", storeEmail, customerLocale));
templateTokens.put(
EmailConstants.EMAIL_PASSWORD_LABEL,
messages.getMessage("label.generic.password", customerLocale));
templateTokens.put(EmailConstants.EMAIL_CUSTOMER_PASSWORD, password);
Email email = new Email();
email.setFrom(store.getStorename());
email.setFromEmail(store.getStoreEmailAddress());
email.setSubject(messages.getMessage("label.generic.changepassword", customerLocale));
email.setTo(customer.getEmailAddress());
email.setTemplateName(RESET_PASSWORD_TPL);
email.setTemplateTokens(templateTokens);
emailService.sendHtmlEmail(store, email);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
} catch (Exception e) {
LOGGER.error("Cannot send email to user", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
}
} catch (Exception e) {
LOGGER.error("An exception occured while changing password", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
}
return resp.toJSONString();
}
/**
* Deserves shop and admin
*
* @param request
* @param locale
* @return
* @throws Exception
*/
@PreAuthorize("hasRole('CUSTOMER')")
@RequestMapping(
value = {"/admin/customers/attributes/save.html"},
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String saveCustomerAttributes(HttpServletRequest request, Locale locale)
throws Exception {
AjaxResponse resp = new AjaxResponse();
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
// 1=1&2=on&3=eeee&4=on&customer=1
@SuppressWarnings("rawtypes")
Enumeration parameterNames = request.getParameterNames();
Customer customer = null;
while (parameterNames.hasMoreElements()) {
String parameterName = (String) parameterNames.nextElement();
String parameterValue = request.getParameter(parameterName);
if (CUSTOMER_ID_PARAMETER.equals(parameterName)) {
customer = customerService.getById(new Long(parameterValue));
break;
}
}
if (customer == null) {
LOGGER.error("Customer id [customer] is not defined in the parameters");
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
if (customer.getMerchantStore().getId().intValue() != store.getId().intValue()) {
LOGGER.error("Customer id does not belong to current store");
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
List<CustomerAttribute> customerAttributes =
customerAttributeService.getByCustomer(store, customer);
Map<Long, CustomerAttribute> customerAttributesMap = new HashMap<Long, CustomerAttribute>();
for (CustomerAttribute attr : customerAttributes) {
customerAttributesMap.put(attr.getCustomerOption().getId(), attr);
}
parameterNames = request.getParameterNames();
while (parameterNames.hasMoreElements()) {
String parameterName = (String) parameterNames.nextElement();
String parameterValue = request.getParameter(parameterName);
try {
String[] parameterKey = parameterName.split("-");
com.wms.core.business.customer.model.attribute.CustomerOption customerOption = null;
com.wms.core.business.customer.model.attribute.CustomerOptionValue customerOptionValue =
null;
if (CUSTOMER_ID_PARAMETER.equals(parameterName)) {
continue;
}
if (parameterKey.length > 1) {
// parse key - value
String key = parameterKey[0];
String value = parameterKey[1];
// should be on
customerOption = customerOptionService.getById(new Long(key));
customerOptionValue = customerOptionValueService.getById(new Long(value));
} else {
customerOption = customerOptionService.getById(new Long(parameterName));
customerOptionValue = customerOptionValueService.getById(new Long(parameterValue));
}
// get the attribute
// CustomerAttribute attribute = customerAttributeService.getByCustomerOptionId(store,
// customer.getId(), customerOption.getId());
CustomerAttribute attribute = customerAttributesMap.get(customerOption.getId());
if (attribute == null) {
attribute = new CustomerAttribute();
attribute.setCustomer(customer);
attribute.setCustomerOption(customerOption);
} else {
customerAttributes.remove(attribute);
}
if (customerOption.getCustomerOptionType().equals(CustomerOptionType.Text.name())) {
if (!StringUtils.isBlank(parameterValue)) {
attribute.setCustomerOptionValue(customerOptionValue);
attribute.setTextValue(parameterValue);
} else {
attribute.setTextValue(null);
}
} else {
attribute.setCustomerOptionValue(customerOptionValue);
}
if (attribute.getId() != null && attribute.getId().longValue() > 0) {
if (attribute.getCustomerOptionValue() == null) {
customerAttributeService.delete(attribute);
} else {
customerAttributeService.update(attribute);
}
} else {
customerAttributeService.save(attribute);
}
} catch (Exception e) {
LOGGER.error("Cannot get parameter information " + parameterName, e);
}
}
// and now the remaining to be removed
for (CustomerAttribute attr : customerAttributes) {
customerAttributeService.delete(attr);
}
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
return resp.toJSONString();
}