in guacamole/src/main/frontend/src/app/manage/controllers/manageUserController.js [24:504]
function manageUserController($scope, $injector) {
// Required types
var Error = $injector.get('Error');
var ManagementPermissions = $injector.get('ManagementPermissions');
var PermissionFlagSet = $injector.get('PermissionFlagSet');
var PermissionSet = $injector.get('PermissionSet');
var User = $injector.get('User');
// Required services
var $location = $injector.get('$location');
var $routeParams = $injector.get('$routeParams');
var $q = $injector.get('$q');
var authenticationService = $injector.get('authenticationService');
var dataSourceService = $injector.get('dataSourceService');
var membershipService = $injector.get('membershipService');
var permissionService = $injector.get('permissionService');
var requestService = $injector.get('requestService');
var schemaService = $injector.get('schemaService');
var userGroupService = $injector.get('userGroupService');
var userService = $injector.get('userService');
/**
* The identifiers of all data sources currently available to the
* authenticated user.
*
* @type String[]
*/
var dataSources = authenticationService.getAvailableDataSources();
/**
* The username of the current, authenticated user.
*
* @type String
*/
var currentUsername = authenticationService.getCurrentUsername();
/**
* The username of the original user from which this user is
* being cloned. Only valid if this is a new user.
*
* @type String
*/
var cloneSourceUsername = $location.search().clone;
/**
* The username of the user being edited. If a new user is
* being created, this will not be defined.
*
* @type String
*/
var username = $routeParams.id;
/**
* The unique identifier of the data source containing the user being
* edited.
*
* @type String
*/
$scope.dataSource = $routeParams.dataSource;
/**
* The string value representing the user currently being edited within the
* permission flag set. Note that his may not match the user's actual
* username - it is a marker that is (1) guaranteed to be associated with
* the current user's permissions in the permission set and (2) guaranteed
* not to collide with any user that does not represent the current user
* within the permission set.
*
* @type String
*/
$scope.selfUsername = '';
/**
* All user accounts associated with the same username as the account being
* created or edited, as a map of data source identifier to the User object
* within that data source.
*
* @type Object.<String, User>
*/
$scope.users = null;
/**
* The user being modified.
*
* @type User
*/
$scope.user = null;
/**
* All permissions associated with the user being modified.
*
* @type PermissionFlagSet
*/
$scope.permissionFlags = null;
/**
* The set of permissions that will be added to the user when the user is
* saved. Permissions will only be present in this set if they are
* manually added, and not later manually removed before saving.
*
* @type PermissionSet
*/
$scope.permissionsAdded = new PermissionSet();
/**
* The set of permissions that will be removed from the user when the user
* is saved. Permissions will only be present in this set if they are
* manually removed, and not later manually added before saving.
*
* @type PermissionSet
*/
$scope.permissionsRemoved = new PermissionSet();
/**
* The identifiers of all user groups which can be manipulated (all groups
* for which the user accessing this interface has UPDATE permission),
* either through adding the current user as a member or removing the
* current user from that group. If this information has not yet been
* retrieved, this will be null.
*
* @type String[]
*/
$scope.availableGroups = null;
/**
* The identifiers of all user groups of which the user is a member,
* taking into account any user groups which will be added/removed when
* saved. If this information has not yet been retrieved, this will be
* null.
*
* @type String[]
*/
$scope.parentGroups = null;
/**
* The set of identifiers of all parent user groups to which the user will
* be added when saved. Parent groups will only be present in this set if
* they are manually added, and not later manually removed before saving.
*
* @type String[]
*/
$scope.parentGroupsAdded = [];
/**
* The set of identifiers of all parent user groups from which the user
* will be removed when saved. Parent groups will only be present in this
* set if they are manually removed, and not later manually added before
* saving.
*
* @type String[]
*/
$scope.parentGroupsRemoved = [];
/**
* For each applicable data source, the management-related actions that the
* current user may perform on the user account currently being created
* or modified, as a map of data source identifier to the
* {@link ManagementPermissions} object describing the actions available
* within that data source, or null if the current user's permissions have
* not yet been loaded.
*
* @type Object.<String, ManagementPermissions>
*/
$scope.managementPermissions = null;
/**
* All available user attributes. This is only the set of attribute
* definitions, organized as logical groupings of attributes, not attribute
* values.
*
* @type Form[]
*/
$scope.attributes = null;
/**
* Returns whether critical data has completed being loaded.
*
* @returns {Boolean}
* true if enough data has been loaded for the user interface to be
* useful, false otherwise.
*/
$scope.isLoaded = function isLoaded() {
return $scope.users !== null
&& $scope.permissionFlags !== null
&& $scope.managementPermissions !== null
&& $scope.availableGroups !== null
&& $scope.parentGroups !== null
&& $scope.attributes !== null;
};
/**
* Returns whether the current user can edit the username of the user being
* edited within the given data source.
*
* @param {String} [dataSource]
* The identifier of the data source to check. If omitted, this will
* default to the currently-selected data source.
*
* @returns {Boolean}
* true if the current user can edit the username of the user being
* edited, false otherwise.
*/
$scope.canEditUsername = function canEditUsername(dataSource) {
return !username;
};
/**
* Loads the data associated with the user having the given username,
* preparing the interface for making modifications to that existing user.
*
* @param {String} dataSource
* The unique identifier of the data source containing the user to
* load.
*
* @param {String} username
* The username of the user to load.
*
* @returns {Promise}
* A promise which is resolved when the interface has been prepared for
* editing the given user.
*/
var loadExistingUser = function loadExistingUser(dataSource, username) {
return $q.all({
users : dataSourceService.apply(userService.getUser, dataSources, username),
// Use empty permission set if user cannot be found
permissions:
permissionService.getPermissions(dataSource, username)
['catch'](requestService.defaultValue(new PermissionSet())),
// Assume no parent groups if user cannot be found
parentGroups:
membershipService.getUserGroups(dataSource, username)
['catch'](requestService.defaultValue([]))
})
.then(function userDataRetrieved(values) {
$scope.users = values.users;
$scope.parentGroups = values.parentGroups;
// Create skeleton user if user does not exist
$scope.user = values.users[dataSource] || new User({
'username' : username
});
// The current user will be associated with username of the existing
// user in the retrieved permission set
$scope.selfUsername = username;
$scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions);
});
};
/**
* Loads the data associated with the user having the given username,
* preparing the interface for cloning that existing user.
*
* @param {String} dataSource
* The unique identifier of the data source containing the user to
* be cloned.
*
* @param {String} username
* The username of the user being cloned.
*
* @returns {Promise}
* A promise which is resolved when the interface has been prepared for
* cloning the given user.
*/
var loadClonedUser = function loadClonedUser(dataSource, username) {
return $q.all({
users : dataSourceService.apply(userService.getUser, [dataSource], username),
permissions : permissionService.getPermissions(dataSource, username),
parentGroups : membershipService.getUserGroups(dataSource, username)
})
.then(function userDataRetrieved(values) {
$scope.users = {};
$scope.user = values.users[dataSource];
$scope.parentGroups = values.parentGroups;
$scope.parentGroupsAdded = values.parentGroups;
// The current user will be associated with cloneSourceUsername in the
// retrieved permission set
$scope.selfUsername = username;
$scope.permissionFlags = PermissionFlagSet.fromPermissionSet(values.permissions);
$scope.permissionsAdded = values.permissions;
});
};
/**
* Loads skeleton user data, preparing the interface for creating a new
* user.
*
* @returns {Promise}
* A promise which is resolved when the interface has been prepared for
* creating a new user.
*/
var loadSkeletonUser = function loadSkeletonUser() {
// No users exist regardless of data source if there is no username
$scope.users = {};
// Use skeleton user object with no associated permissions
$scope.user = new User();
$scope.parentGroups = [];
$scope.permissionFlags = new PermissionFlagSet();
// As no permissions are yet associated with the user, it is safe to
// use any non-empty username as a placeholder for self-referential
// permissions
$scope.selfUsername = 'SELF';
return $q.resolve();
};
/**
* Loads the data required for performing the management task requested
* through the route parameters given at load time, automatically preparing
* the interface for editing an existing user, cloning an existing user, or
* creating an entirely new user.
*
* @returns {Promise}
* A promise which is resolved when the interface has been prepared
* for performing the requested management task.
*/
var loadRequestedUser = function loadRequestedUser() {
// Pull user data and permissions if we are editing an existing user
if (username)
return loadExistingUser($scope.dataSource, username);
// If we are cloning an existing user, pull his/her data instead
if (cloneSourceUsername)
return loadClonedUser($scope.dataSource, cloneSourceUsername);
// If we are creating a new user, populate skeleton user data
return loadSkeletonUser();
};
// Populate interface with requested data
$q.all({
userData : loadRequestedUser(),
permissions : dataSourceService.apply(permissionService.getEffectivePermissions, dataSources, currentUsername),
userGroups : userGroupService.getUserGroups($scope.dataSource, [ PermissionSet.ObjectPermissionType.UPDATE ]),
attributes : schemaService.getUserAttributes($scope.dataSource)
})
.then(function dataReceived(values) {
$scope.attributes = values.attributes;
$scope.managementPermissions = {};
angular.forEach(dataSources, function addAccountPage(dataSource) {
// Determine whether data source contains this user
var exists = (dataSource in $scope.users);
// Add the identifiers of all modifiable user groups
$scope.availableGroups = [];
angular.forEach(values.userGroups, function addUserGroupIdentifier(userGroup) {
$scope.availableGroups.push(userGroup.identifier);
});
// Calculate management actions available for this specific account
$scope.managementPermissions[dataSource] = ManagementPermissions.fromPermissionSet(
values.permissions[dataSource],
PermissionSet.SystemPermissionType.CREATE_USER,
PermissionSet.hasUserPermission,
exists ? username : null);
});
}, requestService.DIE);
/**
* Returns the URL for the page which manages the user account currently
* being edited under the given data source. The given data source need not
* be the same as the data source currently selected.
*
* @param {String} dataSource
* The unique identifier of the data source that the URL is being
* generated for.
*
* @returns {String}
* The URL for the page which manages the user account currently being
* edited under the given data source.
*/
$scope.getUserURL = function getUserURL(dataSource) {
return '/manage/' + encodeURIComponent(dataSource) + '/users/' + encodeURIComponent(username || '');
};
/**
* Cancels all pending edits, returning to the main list of users.
*/
$scope.returnToUserList = function returnToUserList() {
$location.url('/settings/users');
};
/**
* Cancels all pending edits, opening an edit page for a new user
* which is prepopulated with the data from the user currently being edited.
*/
$scope.cloneUser = function cloneUser() {
$location.path('/manage/' + encodeURIComponent($scope.dataSource) + '/users').search('clone', username);
};
/**
* Saves the current user, creating a new user or updating the existing
* user depending on context, returning a promise which is resolved if the
* save operation succeeds and rejected if the save operation fails.
*
* @returns {Promise}
* A promise which is resolved if the save operation succeeds and is
* rejected with an {@link Error} if the save operation fails.
*/
$scope.saveUser = function saveUser() {
// Verify passwords match
if ($scope.passwordMatch !== $scope.user.password) {
return $q.reject(new Error({
translatableMessage : {
key : 'MANAGE_USER.ERROR_PASSWORD_MISMATCH'
}
}));
}
// Save or create the user, depending on whether the user exists
var saveUserPromise;
if ($scope.dataSource in $scope.users)
saveUserPromise = userService.saveUser($scope.dataSource, $scope.user);
else
saveUserPromise = userService.createUser($scope.dataSource, $scope.user);
return saveUserPromise.then(function savedUser() {
// Move permission flags if username differs from marker
if ($scope.selfUsername !== $scope.user.username) {
// Rename added permission
if ($scope.permissionsAdded.userPermissions[$scope.selfUsername]) {
$scope.permissionsAdded.userPermissions[$scope.user.username] = $scope.permissionsAdded.userPermissions[$scope.selfUsername];
delete $scope.permissionsAdded.userPermissions[$scope.selfUsername];
}
// Rename removed permission
if ($scope.permissionsRemoved.userPermissions[$scope.selfUsername]) {
$scope.permissionsRemoved.userPermissions[$scope.user.username] = $scope.permissionsRemoved.userPermissions[$scope.selfUsername];
delete $scope.permissionsRemoved.userPermissions[$scope.selfUsername];
}
}
// Upon success, save any changed permissions/groups
return $q.all([
permissionService.patchPermissions($scope.dataSource, $scope.user.username, $scope.permissionsAdded, $scope.permissionsRemoved),
membershipService.patchUserGroups($scope.dataSource, $scope.user.username, $scope.parentGroupsAdded, $scope.parentGroupsRemoved)
]);
});
};
/**
* Deletes the current user, returning a promise which is resolved if the
* delete operation succeeds and rejected if the delete operation fails.
*
* @returns {Promise}
* A promise which is resolved if the delete operation succeeds and is
* rejected with an {@link Error} if the delete operation fails.
*/
$scope.deleteUser = function deleteUser() {
return userService.deleteUser($scope.dataSource, $scope.user);
};
}]);