Banning and deleting users

Luca Liechti · Luca Liechti · commit fa97b8816078 · 2020-01-08T14:03:36.000+01:00
diff --git a/src/main/java/radius/config/MultiHttpSecurityConfig.java b/src/main/java/radius/config/MultiHttpSecurityConfig.java
@@ -40,7 +40,8 @@ protected void configure(HttpSecurity http) throws Exception {
 				.authorizeRequests()
 				.antMatchers("/profile", "/answers", "/status", "/toggleStatus").authenticated()
 				.antMatchers("/admin/**", "/updateConfiguration/**", "/contactUsers/**",
-						"/sendNewsletter/**", "/actuator/**", "/health/**").hasRole("ADMIN")
+						"/sendNewsletter/**", "/banUser**", "/deleteUser**", "/unsubscribeNewsletter**",
+						"/actuator/**", "/health/**").hasRole("ADMIN")
 				.anyRequest().permitAll();
 
 			http
diff --git a/src/main/java/radius/data/dto/EmailSourceDto.java b/src/main/java/radius/data/dto/EmailSourceDto.java
@@ -15,4 +15,7 @@ public class EmailSourceDto {
     @NotEmpty
     private String source;
 
+    @NotEmpty
+    private String uuid;
+
 }
diff --git a/src/main/java/radius/data/repository/JDBCNewsletterRepository.java b/src/main/java/radius/data/repository/JDBCNewsletterRepository.java
@@ -60,7 +60,8 @@ private static final class NewsletterDtoRowMapper implements RowMapper<EmailSour
         public EmailSourceDto mapRow(ResultSet rs, int rowNum) throws SQLException {
             return new EmailSourceDto(
                 rs.getString("email"),
-                rs.getString("source")
+                rs.getString("source"),
+                rs.getString("uuid")
             );
         }
     }
diff --git a/src/main/java/radius/data/repository/JDBCUserRepository.java b/src/main/java/radius/data/repository/JDBCUserRepository.java
@@ -7,6 +7,7 @@
 import org.springframework.stereotype.Repository;
 import radius.User;
 import radius.exceptions.EmailAlreadyExistsException;
+import radius.exceptions.UserHasMatchesException;
 import radius.web.service.ConfigService;
 
 import javax.sql.DataSource;
@@ -39,6 +40,7 @@ public class JDBCUserRepository implements UserRepository {
 	private static final String DELETE_USER = 			"DELETE FROM users WHERE email = ?";
 	private static final String UPDATE_LAST_LOGIN = 	"UPDATE users SET lastlogin = ? WHERE email = ?";
 	private static final String REGION_DENSITY =		"SELECT locations FROM users";
+	private static final String BAN_USER = 				"UPDATE users SET banned = TRUE WHERE email = ?";
 
 	@Autowired
     public void init(DataSource jdbcdatasource, ConfigService configService) {
@@ -153,9 +155,13 @@ private boolean userExists(String email) {
 	}
 
 	@Override
-	public void deleteUser(String email) {
-		jdbcTemplate.update(DELETE_AUTHORITIES, email);
-		jdbcTemplate.update(DELETE_USER, email);
+	public void deleteUser(String email) throws UserHasMatchesException {
+		try {
+			jdbcTemplate.update(DELETE_AUTHORITIES, email);
+			jdbcTemplate.update(DELETE_USER, email);
+		} catch (Exception e) {
+			throw new UserHasMatchesException();
+		}
 	}
 
 	@Override
@@ -178,6 +184,11 @@ public List<String> regionDensity() {
 		List<Map<String, Object>> locations = jdbcTemplate.queryForList(REGION_DENSITY);
 		return locations.stream().map(map -> (String) map.get("locations")).collect(Collectors.toList());
 	}
+
+	@Override
+	public void banUser(String email) {
+		jdbcTemplate.update(BAN_USER, email);
+	}
 }
 
 
diff --git a/src/main/java/radius/data/repository/UserRepository.java b/src/main/java/radius/data/repository/UserRepository.java
@@ -34,4 +34,6 @@ public interface UserRepository {
     void updateLastLogin(String name);
 
     List<String> regionDensity();
+
+    void banUser(String username);
 }
diff --git a/src/main/java/radius/web/controller/AdminController.java b/src/main/java/radius/web/controller/AdminController.java
@@ -5,6 +5,7 @@
 import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 import radius.data.form.ConfigurationForm;
 import radius.data.form.NewsletterForm;
 import radius.web.service.*;
@@ -13,6 +14,7 @@
 import java.util.Arrays;
 import java.util.List;
 import java.util.Locale;
+import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
@@ -41,6 +43,45 @@ public String admin() {
         return "admin";
     }
 
+    @RequestMapping(path="/banUser", method=GET)
+    public String banUser(@RequestParam(value = "uuid") String uuid, Model model) {
+        Optional<String> optionalUser = userService.findEmailByUuid(uuid);
+        if(optionalUser.isPresent()) {
+            if(userService.banUser(optionalUser.get())) {
+                model.addAttribute("success", Boolean.TRUE);
+            } else {
+                model.addAttribute("failure", Boolean.TRUE);
+            }
+        }
+        model.addAttribute("users", userService.allUsers());
+        return "admin";
+    }
+
+    @RequestMapping(path="/deleteUser", method=GET)
+    public String deleteUser(@RequestParam(value = "uuid") String uuid, Model model) {
+        Optional<String> optionalUser = userService.findEmailByUuid(uuid);
+        if(optionalUser.isPresent()) {
+            if(userService.deleteUser(optionalUser.get())) {
+                model.addAttribute("success", Boolean.TRUE);
+            } else {
+                model.addAttribute("failure", Boolean.TRUE);
+            }
+        }
+        model.addAttribute("users", userService.allUsers());
+        return "admin";
+    }
+
+    @RequestMapping(path="/unsubscribeNewsletter", method=GET)
+    public String unsubscribeNewsletter(@RequestParam(value = "uuid") String uuid, Model model) {
+        if(newsletterservice.unsubscribe(uuid)){
+            model.addAttribute("success", Boolean.TRUE);
+        } else {
+            model.addAttribute("failure", Boolean.TRUE);
+        }
+        model.addAttribute("newsletterRecipients", newsletterservice.allRecipients());
+        return "admin";
+    }
+
     @RequestMapping(path="/updateConfiguration", method=POST)
     public String updateConfiguration(@ModelAttribute("configurationForm") @Valid ConfigurationForm form, Model model,
                                       BindingResult result) {
diff --git a/src/main/java/radius/web/service/UserService.java b/src/main/java/radius/web/service/UserService.java
@@ -189,6 +189,15 @@ public boolean deleteUser(String username) {
         return true;
     }
 
+    public boolean banUser(String username) {
+        try {
+            userRepo.banUser(username);
+        } catch (Exception e) {
+            return false;
+        }
+        return true;
+    }
+
     public List<User> matchableUsers() {
         try {
             return userRepo.matchableUsers();
diff --git a/src/main/webapp/WEB-INF/views/admin.jsp b/src/main/webapp/WEB-INF/views/admin.jsp
@@ -143,6 +143,18 @@
 <main class="firstcontainer container">
     <section id="leftsection" style="max-width: 1140px;margin: 0 auto;margin-bottom: 20px;">
 
+        <c:if test="${success != null}">
+            <p class="result success">
+                 Aktion erfolgreich ausgeführt.<br>
+            </p>
+        </c:if>
+
+        <c:if test="${failure != null}">
+            <p class="result error">
+                Ein Fehler ist aufgetreten. Versuchen Sie es nochmal.<br>
+            </p>
+        </c:if>
+
         <c:if test="${successfullySent != null}">
             <p class="result success">
                 ${successfullySent} Mails wurden erfolgreich gesendet.<br>
@@ -200,6 +212,7 @@
                             <th></th>
                             <th>Email</th>
                             <th>Source</th>
+                            <th>Delete</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -208,6 +221,9 @@
                                 <td></td>
                                 <td>${recipient.email}</td>
                                 <td>${recipient.source}</td>
+                                <td>
+                                    <a href="<c:url value='/unsubscribeNewsletter?uuid=${recipient.uuid}'/>" class="adminbutton delete" onClick="return confirm('Diese Aktion kann nicht rückgängig gemacht werden. Sicher?');">delete</a>
+                                </td>
                             </tr>
                         </c:forEach>
                     </tbody>
@@ -266,9 +282,11 @@
                             <th>Vorname</th>
                             <th>Name</th>
                             <th>Email</th>
-                            <th>Email bestätigt</th>
+                            <!--<th>Email bestätigt</th>-->
                             <th>Status</th>
                             <th>Letzte Änderung</th>
+                            <th>Sperren</th>
+                            <th>Löschen</th>
                         </tr>
                     </thead>
                     <tbody>
@@ -278,9 +296,15 @@
                                 <td>${user.firstname}</td>
                                 <td>${user.lastname}</td>
                                 <td>${user.email}</td>
-                                <td><spring:message code="question.${user.enabled}"/></td>
+                                <!--<td><spring:message code="question.${user.enabled}"/></td>-->
                                 <td><spring:message code="status.${user.status}"/></td>
                                 <td><fmt:formatDate value="${user.dateModified}" pattern = "yyyy-MM-dd"/></td>
+                                <td>
+                                    <a href="<c:url value='/banUser?uuid=${user.uuid}'/>" class="adminbutton ban" onClick="return confirm('Diese Aktion kann nur manuell rückgängig gemacht werden. Sicher?');">sperren</a>
+                                </td>
+                                <td>
+                                    <a href="<c:url value='/deleteUser?uuid=${user.uuid}'/>" class="adminbutton delete" onClick="return confirm('Diese Aktion kann nicht rückgängig gemacht werden. Sicher?');">löschen</a>
+                                </td>
                             </tr>
                         </c:forEach>
                     </tbody>
diff --git a/src/main/webapp/css/admin.css b/src/main/webapp/css/admin.css
@@ -104,3 +104,14 @@ figure {
     margin-right: 8px;
     opacity: 0.7;
 }
+.adminbutton,
+.adminbutton:visited {
+    color: white;
+    text-decoration: none;
+}
+.ban {
+    background-color: #D02643;
+}
+.delete {
+    background-color: #000;
+}
diff --git a/src/main/webapp/js/admin.js b/src/main/webapp/js/admin.js
@@ -40,7 +40,7 @@ $(document).ready(function() {
 });
 
 var USER_EMAIL_COLUMN = 3;
-var USER_STATUS_COLUMN = 5;
+var USER_STATUS_COLUMN = 4;
 var NEWSLETTER_EMAIL_COLUMN = 1;
 var NEWSLETTER_SOURCE_COLUMN = 2;
 

Original file line number	Diff line number	Diff line change
`@@ -15,4 +15,7 @@ public class EmailSourceDto {`
`15`	`15`	`@NotEmpty`
`16`	`16`	`private String source;`
`17`	`17`
	`18`	`+ @NotEmpty`
	`19`	`+ private String uuid;`
	`20`	`+`
`18`	`21`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,8 @@ private static final class NewsletterDtoRowMapper implements RowMapper<EmailSour`
`60`	`60`	`public EmailSourceDto mapRow(ResultSet rs, int rowNum) throws SQLException {`
`61`	`61`	`return new EmailSourceDto(`
`62`	`62`	`rs.getString("email"),`
`63`		`- rs.getString("source")`
	`63`	`+ rs.getString("source"),`
	`64`	`+ rs.getString("uuid")`
`64`	`65`	`);`
`65`	`66`	`}`
`66`	`67`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,4 +34,6 @@ public interface UserRepository {`
`34`	`34`	`void updateLastLogin(String name);`
`35`	`35`
`36`	`36`	`List<String> regionDensity();`
	`37`	`+`
	`38`	`+ void banUser(String username);`
`37`	`39`	`}`