/**
* Displays a list of users that can be managed by admins
*
* @param request
* @param response
* @return
*/
@SuppressWarnings("unchecked")
@PreAuthorize("hasRole('STORE_ADMIN')")
@RequestMapping(
value = "/admin/users/paging.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String pageUsers(HttpServletRequest request, HttpServletResponse response) {
AjaxResponse resp = new AjaxResponse();
MerchantStore store = (MerchantStore) request.getAttribute(Constants.ADMIN_STORE);
String sCurrentUser = request.getRemoteUser();
try {
User currentUser = userService.getByUserName(sCurrentUser);
List<User> users = null;
if (UserUtils.userInGroup(currentUser, Constants.GROUP_SUPERADMIN)) {
users = userService.listUser();
} else {
users = userService.listByStore(store);
}
for (User user : users) {
if (!UserUtils.userInGroup(user, Constants.GROUP_SUPERADMIN)) {
if (!currentUser.equals(user.getAdminName())) {
@SuppressWarnings("rawtypes")
Map entry = new HashMap();
entry.put("userId", user.getId());
entry.put("name", user.getFirstName() + " " + user.getLastName());
entry.put("email", user.getAdminEmail());
entry.put("active", user.isActive());
resp.addDataEntry(entry);
}
}
}
resp.setStatus(AjaxResponse.RESPONSE_STATUS_SUCCESS);
} catch (Exception e) {
LOGGER.error("Error while paging products", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
}
String returnString = resp.toJSONString();
return returnString;
}
@PreAuthorize("hasRole('AUTH')")
@RequestMapping(
value = "/admin/users/remove.html",
method = RequestMethod.POST,
produces = "application/json")
public @ResponseBody String removeUser(HttpServletRequest request, Locale locale)
throws Exception {
// do not remove super admin
String sUserId = request.getParameter("userId");
AjaxResponse resp = new AjaxResponse();
String userName = request.getRemoteUser();
User remoteUser = userService.getByUserName(userName);
try {
Long userId = Long.parseLong(sUserId);
User user = userService.getById(userId);
/** In order to remove a User the logged in ser must be STORE_ADMIN or SUPER_USER */
if (user == null) {
resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
if (!request.isUserInRole(Constants.GROUP_ADMIN)) {
resp.setStatusMessage(messages.getMessage("message.unauthorized", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
// check if the user removed has group ADMIN
boolean isAdmin = false;
if (UserUtils.userInGroup(remoteUser, Constants.GROUP_ADMIN)
|| UserUtils.userInGroup(remoteUser, Constants.GROUP_SUPERADMIN)) {
isAdmin = true;
}
if (!isAdmin) {
resp.setStatusMessage(
messages.getMessage("message.security.caanotremovesuperadmin", locale));
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
return resp.toJSONString();
}
userService.delete(user);
resp.setStatus(AjaxResponse.RESPONSE_OPERATION_COMPLETED);
} catch (Exception e) {
LOGGER.error("Error while deleting product price", e);
resp.setStatus(AjaxResponse.RESPONSE_STATUS_FAIURE);
resp.setErrorMessage(e);
}
String returnString = resp.toJSONString();
return returnString;
}
