Index: lams_admin/conf/language/lams/ApplicationResources.properties =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -679,3 +679,12 @@ sysadmin.lti.advantage.tool.public.key = Public key sysadmin.lti.advantage.tool.private.key = Private key sysadmin.add.staff.to.all.lessons = On staff login add them to all lessons in course +user.import.password.change.email.content.subject = Set up LAMS password +user.import.password.change.email.content.start = Hi {0}, +user.import.password.change.email.content.account.created = We have created an account for you on LAMS platform. Your user name is "{0}". Please follow this link to set up your password: {1} +user.import.password.change.email.content.link.label = SET UP LAMS PASSWORD +user.import.password.change.email.content.end = If the link expired, please go to {0} and click "Forgot your password?" link. +user.import.password.change.email.content.thanks = Thank you +user.import.password.change.email.content.footer = LAMS +label.import.email = Email users account activation emails +msg.password.generated = for user name "{0}" the following password was created: {1} Index: lams_admin/conf/language/lams/ApplicationResources_el_GR.properties =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/conf/language/lams/ApplicationResources_el_GR.properties (.../ApplicationResources_el_GR.properties) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/conf/language/lams/ApplicationResources_el_GR.properties (.../ApplicationResources_el_GR.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -350,7 +350,7 @@ label.ok = Εντάξει title.clone.lessons.for = Αντίγραφα για {0} Μαθήματα title.choose.group = Επιλέξτε την ομάδα από την οποία θα γίνει δημιουργία αντιγράφων των μαθημάτων της -label.choose = Επιλογή +label.choose = Επιλογή κλάδου title.select.lessons = Επιλογή μαθημάτων title.select.staff = Επιλογή προσωπικού message.add.all.monitors = Να γίνει προσθήκη όλων των εποπτών αυτής της ομάδας σε κάθε μάθημα; Index: lams_admin/conf/language/lams/ApplicationResources_en_AU.properties =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -676,3 +676,12 @@ sysadmin.lti.advantage.tool.public.key = Public key sysadmin.lti.advantage.tool.private.key = Private key sysadmin.add.staff.to.all.lessons = On staff login add them to all lessons in course +user.import.password.change.email.content.subject = Set up LAMS password +user.import.password.change.email.content.start = Hi {0}, +user.import.password.change.email.content.account.created = We have created an account for you on LAMS platform. Your user name is "{0}". Please follow this link to set up your password: {1} +user.import.password.change.email.content.link.label = SET UP LAMS PASSWORD +user.import.password.change.email.content.end = If the link expired, please go to {0} and click "Forgot your password?" link. +user.import.password.change.email.content.thanks = Thank you +user.import.password.change.email.content.footer = LAMS +label.import.email = Email users account activation emails +msg.password.generated = for user name "{0}" the following password was created: {1} Index: lams_admin/conf/language/lams/ApplicationResources_es_ES.properties =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/conf/language/lams/ApplicationResources_es_ES.properties (.../ApplicationResources_es_ES.properties) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/conf/language/lams/ApplicationResources_es_ES.properties (.../ApplicationResources_es_ES.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -676,3 +676,12 @@ sysadmin.lti.advantage.tool.public.key = Llave pública sysadmin.lti.advantage.tool.private.key = Llave privada sysadmin.add.staff.to.all.lessons = Agregar tutores y profesores a las lecciones existentes +user.import.password.change.email.content.subject = Configurar la contraseña de LAMS +user.import.password.change.email.content.start = Hola {0}, +user.import.password.change.email.content.account.created = Hemos creado una cuenta para usted en la plataforma LAMS. Su nombre de usuario es "{0}". Siga este enlace para configurar su contraseña: {1} +user.import.password.change.email.content.link.label = CONFIGURAR LA CONTRASEÑA DE LAMS +user.import.password.change.email.content.end = Si el enlace ha caducado, vaya a {0} y haga clic en "¿Olvidó su contraseña?" Enlace. +user.import.password.change.email.content.thanks = Gracias +user.import.password.change.email.content.footer = LAMS +label.import.email = Enviar a los usuarios correos electrónicos de activación de cuentas +msg.password.generated = para el nombre de usuario "{0}" se creó la siguiente contraseña: {1} Index: lams_admin/conf/language/lams/ApplicationResources_no_NO.properties =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/conf/language/lams/ApplicationResources_no_NO.properties (.../ApplicationResources_no_NO.properties) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/conf/language/lams/ApplicationResources_no_NO.properties (.../ApplicationResources_no_NO.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -676,3 +676,12 @@ sysadmin.lti.advantage.tool.public.key = Offentlig nøkkel sysadmin.lti.advantage.tool.private.key = Privat nøkkel sysadmin.add.staff.to.all.lessons = På personalinnlogging legg dem til alle leksjoner i kurset +user.import.password.change.email.content.subject = Definer LAMS passord +user.import.password.change.email.content.start = Hei{0} +user.import.password.change.email.content.account.created = Vi har opprettet en konto for deg på LAMS-plattformen. Brukernavnet ditt er " {0} ". Følg denne koblingen for å sette opp passordet ditt: {1} +user.import.password.change.email.content.link.label = KONFIGURER LAMS PASSORD +user.import.password.change.email.content.end = Hvis koblingen er utløpt, går du til {0} og klikker på koblingen «Har du glemt passordet ditt?» . +user.import.password.change.email.content.thanks = Takk skal du ha +user.import.password.change.email.content.footer = LAMS +label.import.email = E-poster for aktivering av brukerkontoer +msg.password.generated = for brukernavnet " {0} " ble følgende passord opprettet: {1} Index: lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java =================================================================== diff -u -rd16b5e9f75760819f274ee3be3beddae67f93af7 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision d16b5e9f75760819f274ee3be3beddae67f93af7) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/service/ImportService.java (.../ImportService.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -25,6 +25,8 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; +import java.nio.file.Files; +import java.nio.file.Paths; import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -39,11 +41,13 @@ import org.apache.poi.hssf.usermodel.HSSFWorkbook; import org.apache.poi.poifs.filesystem.POIFSFileSystem; import org.apache.poi.ss.usermodel.CellType; +import org.lamsfoundation.lams.integration.security.RandomPasswordGenerator; import org.lamsfoundation.lams.logevent.LogEvent; import org.lamsfoundation.lams.logevent.service.ILogEventService; import org.lamsfoundation.lams.themes.Theme; import org.lamsfoundation.lams.timezone.service.ITimezoneService; import org.lamsfoundation.lams.usermanagement.AuthenticationMethod; +import org.lamsfoundation.lams.usermanagement.ForgotPasswordRequest; import org.lamsfoundation.lams.usermanagement.Organisation; import org.lamsfoundation.lams.usermanagement.OrganisationState; import org.lamsfoundation.lams.usermanagement.OrganisationType; @@ -52,9 +56,14 @@ import org.lamsfoundation.lams.usermanagement.User; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; +import org.lamsfoundation.lams.util.Configuration; +import org.lamsfoundation.lams.util.ConfigurationKeys; +import org.lamsfoundation.lams.util.Emailer; +import org.lamsfoundation.lams.util.FileUtil; import org.lamsfoundation.lams.util.LanguageUtil; import org.lamsfoundation.lams.util.MessageService; import org.lamsfoundation.lams.util.ValidationUtil; +import org.lamsfoundation.lams.util.WebUtil; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; @@ -109,9 +118,17 @@ private static final short ADMIN_BROWSE_ALL_USERS = 5; private static final short ADMIN_CHANGE_STATUS = 6; + private static String USER_IMPORT_PASSWORD_CHANGE_EMAIL_TEMPLATE_CONTENT; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_PAGE_TITLE_PLACEHOLDER = "[PAGE_TITLE_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_TOP_HEADER_PLACEHOLDER = "[TOP_HEADER_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_START_PLACEHOLDER = "[CONTENT_START_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_LINK_PLACEHOLDER = "[CONTENT_LINK_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_END_PLACEHOLDER = "[CONTENT_END_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_THANKS_PLACEHOLDER = "[CONTENT_THANKS_PLACEHOLDER]"; + private static final String USER_IMPORT_PASSWORD_CHANGE_EMAIL_FOOTER_PLACEHOLDER = "[FOOTER_PLACEHOLDER]"; + // class-wide variables - ArrayList results = new ArrayList<>(); - ArrayList rowResult = new ArrayList<>(); + List rowResult = new ArrayList<>(); private boolean emptyRow; private boolean hasError; private Organisation parentOrg; @@ -139,21 +156,21 @@ } @Override - public List parseSpreadsheet(File fileItem, String sessionId) throws IOException { + public List> parseSpreadsheet(File fileItem, String sessionId, boolean sendEmail) throws IOException { if (isUserSpreadsheet(fileItem)) { - return parseUserSpreadsheet(fileItem, sessionId); + return parseUserSpreadsheet(fileItem, sessionId, sendEmail); } else if (isRolesSpreadsheet(fileItem)) { return parseRolesSpreadsheet(fileItem, sessionId); } - return new ArrayList(); + return new ArrayList<>(); } // returns x size list where x is number of orgs. // each item in the list lists the id, name, and parent's id of that org; otherwise // the items in the list are error messages. @Override - public List parseGroupSpreadsheet(File fileItem, String sessionId) throws IOException { - results = new ArrayList<>(); + public List> parseGroupSpreadsheet(File fileItem, String sessionId) throws IOException { + List> results = new ArrayList<>(); parentOrg = service.getRootOrganisation(); HSSFSheet sheet = getSheet(fileItem); int startRow = sheet.getFirstRowNum(); @@ -271,9 +288,9 @@ return endRow - startRow; } - @Override - public List parseUserSpreadsheet(File fileItem, String sessionId) throws IOException { - results = new ArrayList<>(); + private List> parseUserSpreadsheet(File fileItem, String sessionId, boolean sendEmail) + throws IOException { + List> results = new ArrayList<>(); HSSFSheet sheet = getSheet(fileItem); int startRow = sheet.getFirstRowNum(); int endRow = sheet.getLastRowNum(); @@ -290,8 +307,9 @@ emptyRow = true; hasError = false; rowResult = new ArrayList<>(); + StringBuilder generatedPassword = new StringBuilder(); row = sheet.getRow(i); - user = parseUser(row, i); + user = parseUser(row, i, generatedPassword); if (emptyRow) { ImportService.log.debug("Row " + i + " is empty."); @@ -301,30 +319,40 @@ ImportService.log.debug("Row " + i + " has an error which has been sent to the browser."); results.add(rowResult); writeErrorsAuditLog(i + 1, rowResult, userDTO); - updateImportStatus(sessionId, results.size()); + updateImportStatus(sessionId, results.size(), successful); continue; } else { try { service.saveUser(user); successful++; writeAuditLog(user, userDTO); - ImportService.log.debug("Row " + i + " saved user: " + user.getLogin()); + ImportService.log.debug("Row " + i + " saved user: " + user.getLogin() + + (generatedPassword.length() > 0 ? " with a generated password" : "")); + if (sendEmail) { + sendUserImportPasswordChangeEmail(user); + } } catch (Exception e) { ImportService.log.debug(e); rowResult.add(messageService.getMessage("error.fail.add")); + generatedPassword = new StringBuilder(); } if (rowResult.size() > 0) { if (ImportService.log.isDebugEnabled()) { ImportService.log.debug("Row " + i + " has " + rowResult.size() + " messages."); } writeErrorsAuditLog(i + 1, rowResult, userDTO); } + if (generatedPassword.length() > 0) { + rowResult.add(messageService.getMessage("msg.password.generated", + new String[] { user.getLogin(), generatedPassword.toString() })); + } results.add(rowResult); - updateImportStatus(sessionId, results.size()); + updateImportStatus(sessionId, results.size(), successful); } } ImportService.log.debug("Found " + results.size() + " users in spreadsheet."); writeSuccessAuditLog(successful, userDTO, "audit.successful.user.import"); + return results; } @@ -336,15 +364,96 @@ ss.setAttribute(IImportService.STATUS_IMPORTED, 0); } - private void updateImportStatus(String sessionId, int imported) { + private void updateImportStatus(String sessionId, int imported, int successful) { HttpSession ss = SessionManager.getSession(sessionId); ss.removeAttribute(IImportService.STATUS_IMPORTED); ss.setAttribute(IImportService.STATUS_IMPORTED, imported); + ss.setAttribute(IImportService.STATUS_SUCCESSFUL, successful); } + /** + * Send an email with password change link so the user can set up their password after account got created. + */ + private void sendUserImportPasswordChangeEmail(User user) { + try { + if (USER_IMPORT_PASSWORD_CHANGE_EMAIL_TEMPLATE_CONTENT == null) { + USER_IMPORT_PASSWORD_CHANGE_EMAIL_TEMPLATE_CONTENT = Files + .readString(Paths.get(Configuration.get(ConfigurationKeys.LAMS_EAR_DIR), FileUtil.LAMS_WWW_DIR, + "userImportPasswordChangeEmailTemplate.html")); + } + + String key = RandomPasswordGenerator.generateForgotPasswordKey(); + + // all good, save the request in the db + ForgotPasswordRequest fp = new ForgotPasswordRequest(); + fp.setRequestDate(new Date()); + fp.setUserId(user.getUserId()); + fp.setRequestKey(key); + service.save(fp); + + // fill email content with given user's data + StringBuilder content = new StringBuilder(USER_IMPORT_PASSWORD_CHANGE_EMAIL_TEMPLATE_CONTENT); + String emailSubject = messageService.getMessage("user.import.password.change.email.content.subject"); + + int placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_PAGE_TITLE_PLACEHOLDER); + int placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_PAGE_TITLE_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, emailSubject); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_TOP_HEADER_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_TOP_HEADER_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, emailSubject); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_START_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_START_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, + messageService.getMessage("user.import.password.change.email.content.start", + new Object[] { user.getFirstName() + " " + user.getLastName() })); + + StringBuilder changePasswordLink = new StringBuilder("") + .append(messageService.getMessage("user.import.password.change.email.content.link.label")) + .append(""); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_LINK_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_LINK_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, + messageService.getMessage("user.import.password.change.email.content.account.created", + new Object[] { user.getLogin(), changePasswordLink.toString() })); + + String baseServerURL = WebUtil.getBaseServerURL(); + StringBuilder serverLink = new StringBuilder("") + .append(baseServerURL).append(""); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_END_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_END_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, messageService.getMessage( + "user.import.password.change.email.content.end", new Object[] { serverLink.toString() })); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_THANKS_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_CONTENT_THANKS_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, + messageService.getMessage("user.import.password.change.email.content.thanks")); + + placeholderStart = content.indexOf(USER_IMPORT_PASSWORD_CHANGE_EMAIL_FOOTER_PLACEHOLDER); + placeholderEnd = placeholderStart + USER_IMPORT_PASSWORD_CHANGE_EMAIL_FOOTER_PLACEHOLDER.length(); + content.replace(placeholderStart, placeholderEnd, + messageService.getMessage("user.import.password.change.email.content.footer")); + + boolean isHtmlFormat = true; + + log.info(content.toString()); + // send the email + Emailer.sendFromSupportEmail(emailSubject, user.getEmail(), content.toString(), isHtmlFormat); + } catch (Exception e) { + // failure handling + log.error("Problem sending email to: " + user.getLogin() + " with email: " + user.getEmail(), e); + } + } + @Override - public List parseRolesSpreadsheet(File fileItem, String sessionId) throws IOException { - results = new ArrayList<>(); + public List> parseRolesSpreadsheet(File fileItem, String sessionId) throws IOException { + List> results = new ArrayList<>(); HSSFSheet sheet = getSheet(fileItem); int startRow = sheet.getFirstRowNum(); int endRow = sheet.getLastRowNum(); @@ -375,7 +484,7 @@ ImportService.log.debug("Row " + i + " has an error which has been sent to the browser."); results.add(rowResult); writeErrorsAuditLog(i + 1, rowResult, userDTO); - updateImportStatus(sessionId, results.size()); + updateImportStatus(sessionId, results.size(), successful); continue; } else { try { @@ -392,7 +501,7 @@ writeErrorsAuditLog(i + 1, rowResult, userDTO); } results.add(rowResult); - updateImportStatus(sessionId, results.size()); + updateImportStatus(sessionId, results.size(), successful); } } ImportService.log.debug("Found " + results.size() + " users in spreadsheet."); @@ -458,7 +567,7 @@ * gathers error messages for each cell as required, unless it's the login field in which case, flags whole row as * empty. */ - private User parseUser(HSSFRow row, int rowIndex) { + private User parseUser(HSSFRow row, int rowIndex, StringBuilder generatedPassword) { User user = new User(); String[] args = new String[1]; @@ -485,11 +594,9 @@ String password = parseStringCell(row.getCell(ImportService.PASSWORD)); // password validation if (StringUtils.isBlank(password)) { - rowResult.add(messageService.getMessage("error.password.required")); - hasError = true; - return null; - } - if (!ValidationUtil.isPasswordValueValid(password, password)) { + password = RandomPasswordGenerator.nextPassword(); + generatedPassword.append(password); + } else if (!ValidationUtil.isPasswordValueValid(password, password)) { rowResult.add(messageService.getMessage("label.password.restrictions")); hasError = true; return null; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java =================================================================== diff -u -r399fafea8d30e59f81414f332a7e8a5ed527aee4 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision 399fafea8d30e59f81414f332a7e8a5ed527aee4) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -121,7 +121,8 @@ // test requestor's permission Organisation org = null; - Boolean canEdit = userManagementService.isUserGlobalGroupManager(); + boolean isAppAdmin = userManagementService.isUserAppAdmin(); + Boolean canEdit = userManagementService.isUserGlobalGroupManager() || isAppAdmin; if (orgId != null) { org = (Organisation) userManagementService.findById(Organisation.class, orgId); if (!canEdit) { Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgRoleSaveController.java =================================================================== diff -u -r74f5181ce3ce7949669ac12999797880a2af0b0c -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgRoleSaveController.java (.../UserOrgRoleSaveController.java) (revision 74f5181ce3ce7949669ac12999797880a2af0b0c) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgRoleSaveController.java (.../UserOrgRoleSaveController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -26,6 +26,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; @@ -39,6 +41,7 @@ import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.util.MessageService; +import org.lamsfoundation.lams.web.filter.AuditLogFilter; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; import org.springframework.beans.factory.annotation.Autowired; @@ -119,6 +122,16 @@ user.setTwoFactorAuthenticationEnabled(true); userManagementService.save(user); } + + auditLog(orgId, user.getUserId(), roleIds); + + // FMALIKOFF 5/7/7 Commented out the following code that set the roles in the course if the current org is a class, as the logic + // is done in service.setRolesForUserOrganisation() + //if (organisation.getOrganisationType().getOrganisationTypeId().equals(OrganisationType.CLASS_TYPE)) { + // if (service.getUserOrganisation(bean.getUserId(), organisation.getParentOrganisation().getOrganisationId())==null) { + // service.setRolesForUserOrganisation(user, organisation.getParentOrganisation(), (List)Arrays.asList(roleIds)); + // } + //} } return "redirect:/usermanage.do?org=" + orgId; } @@ -128,4 +141,12 @@ UserDTO user = (UserDTO) ss.getAttribute(AttributeNames.USER); return user != null ? user.getUserID() : null; } + + private void auditLog(Integer organisationId, Integer userId, String[] roleIds) { + List roles = Stream.of(roleIds).collect(Collectors + .mapping(roleId -> Role.ROLE_MAP.get(Integer.valueOf(roleId)), Collectors.toUnmodifiableList())); + StringBuilder auditLogMessage = new StringBuilder("assigned to user ").append(userId).append(" roles ") + .append(roles).append(" in organisation ").append(organisationId); + AuditLogFilter.log(auditLogMessage); + } } \ No newline at end of file Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -29,6 +29,8 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import java.util.TreeSet; +import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -42,6 +44,7 @@ import org.lamsfoundation.lams.usermanagement.UserOrganisation; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; +import org.lamsfoundation.lams.web.filter.AuditLogFilter; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; import org.springframework.beans.factory.annotation.Autowired; @@ -112,6 +115,7 @@ String[] userIds = userOrgForm.getUserIds(); List userIdList = userIds == null ? Collections.emptyList() : Arrays.asList(userIds); log.debug("new user membership of orgId=" + orgId + " will be: " + userIdList); + Set removedUserIds = new TreeSet<>(); // remove UserOrganisations that aren't in form data Iterator iter = uos.iterator(); @@ -127,14 +131,16 @@ log.debug("removed userId=" + userId + " from orgId=" + orgId); // remove from subgroups userManagementService.deleteChildUserOrganisations(uo.getUser(), uo.getOrganisation()); + + removedUserIds.add(userId); } } // add UserOrganisations that are in form data List newUserOrganisations = new ArrayList<>(); for (int i = 0; i < userIdList.size(); i++) { Integer userId = new Integer(userIdList.get(i)); Iterator iter2 = uos.iterator(); - Boolean alreadyInOrg = false; + boolean alreadyInOrg = false; while (iter2.hasNext()) { UserOrganisation uo = (UserOrganisation) iter2.next(); if (uo.getUser().getUserId().equals(userId)) { @@ -152,6 +158,11 @@ organisation.setUserOrganisations(uos); userManagementService.save(organisation); + auditLog(orgId, + newUserOrganisations.stream().collect( + Collectors.mapping(uo -> uo.getUser().getUserId(), Collectors.toCollection(TreeSet::new))), + removedUserIds, canEditRole); + // if no new users, then finish; otherwise forward to where roles can be assigned for new users. if (newUserOrganisations.isEmpty()) { log.debug("no new users to add to orgId=" + orgId); @@ -173,4 +184,27 @@ } } -} + private void auditLog(Integer organisationId, Set addedUserIds, Set removedUserIds, + boolean canEditRole) { + if (addedUserIds.isEmpty() && removedUserIds.isEmpty()) { + return; + } + + StringBuilder auditLogMessage = new StringBuilder(); + if (!addedUserIds.isEmpty()) { + auditLogMessage.append("added users ").append(addedUserIds).append(" "); + if (!canEditRole) { + auditLogMessage.append("and assigned them LEARNER role "); + } + if (!removedUserIds.isEmpty()) { + auditLogMessage.append("and "); + } + } + if (!removedUserIds.isEmpty()) { + auditLogMessage.append("removed users ").append(removedUserIds); + } + auditLogMessage.append(" to/from organisation ").append(organisationId); + + AuditLogFilter.log(auditLogMessage); + } +} \ No newline at end of file Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java =================================================================== diff -u -r74f5181ce3ce7949669ac12999797880a2af0b0c -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java (.../UserRolesSaveController.java) (revision 74f5181ce3ce7949669ac12999797880a2af0b0c) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java (.../UserRolesSaveController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -27,6 +27,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.Stream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -41,6 +43,7 @@ import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.usermanagement.service.IUserManagementService; import org.lamsfoundation.lams.util.MessageService; +import org.lamsfoundation.lams.web.filter.AuditLogFilter; import org.lamsfoundation.lams.web.session.SessionManager; import org.lamsfoundation.lams.web.util.AttributeNames; import org.springframework.beans.factory.annotation.Autowired; @@ -110,7 +113,6 @@ request.setAttribute("fullName", user.getFullName()); return "forward:/userroles.do"; } - List userRolesList = roles == null || roles.length < 1 ? List.of() : Arrays.asList(roles); if (userRolesList.contains(Role.ROLE_SYSADMIN.toString()) && !userRolesList.contains(Role.ROLE_APPADMIN.toString())) { @@ -127,6 +129,8 @@ userManagementService.save(user); } + auditLog(orgId, userId, roles); + return "redirect:/usermanage.do?org=" + orgId; } @@ -135,4 +139,12 @@ UserDTO user = (UserDTO) ss.getAttribute(AttributeNames.USER); return user != null ? user.getUserID() : null; } -} \ No newline at end of file + + private void auditLog(Integer organisationId, Integer userId, String[] roleIds) { + List roles = Stream.of(roleIds).collect(Collectors + .mapping(roleId -> Role.ROLE_MAP.get(Integer.valueOf(roleId)), Collectors.toUnmodifiableList())); + StringBuilder auditLogMessage = new StringBuilder("assigned to user ").append(userId).append(" roles ") + .append(roles).append(" in organisation ").append(organisationId); + AuditLogFilter.log(auditLogMessage); + } +} Index: lams_admin/web/WEB-INF/web.xml =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/web/WEB-INF/web.xml (.../web.xml) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/web/WEB-INF/web.xml (.../web.xml) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -15,14 +15,6 @@ contextConfigLocation classpath:/org/lamsfoundation/lams/admin/adminApplicationContext.xml - - locatorFactorySelector - classpath:/org/lamsfoundation/lams/beanRefContext.xml - - - parentContextKey - context.central - migration.systemname @@ -75,6 +67,10 @@ + AuditLogFilter + org.lamsfoundation.lams.web.filter.AuditLogFilter + + CSRFGuard org.owasp.csrfguard.CsrfGuardFilter @@ -92,6 +88,10 @@ /* + AuditLogFilter + *.do + + CSRFGuard *.do @@ -101,7 +101,7 @@ - org.springframework.web.context.ContextLoaderListener + org.lamsfoundation.lams.web.filter.LamsContextLoaderListener @@ -210,12 +210,40 @@ - Secure Content + Sysadmin Content /* GET POST + SYSADMIN + + + + + + Group Manager Content + /usersearch.do + /orgmanage.do + /orgmanage/* + /organisation/create.do + /organisation/edit.do + /orgsave.do + /usermanage.do + /userorgsave.do + /userorg.do + /userorgrolesave.do + /userroles.do + /userrolessave.do + /user/edit.do + /user/basiclist.do + /user/searchsingle.do + /usersave/saveUserDetails.do + /css/* + GET + POST + + GROUP MANAGER APPADMIN Index: lams_admin/web/import/importexcel.jsp =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/web/import/importexcel.jsp (.../importexcel.jsp) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/web/import/importexcel.jsp (.../importexcel.jsp) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -185,6 +185,12 @@ + +
+ +
Index: lams_admin/web/organisation/list.jsp =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/web/organisation/list.jsp (.../list.jsp) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/web/organisation/list.jsp (.../list.jsp) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -33,6 +33,10 @@ display: inline-block; margin-top: 5px; } + + .course-admin-property { + padding-left: 20px !important; + } @@ -197,15 +201,18 @@ - : + : + + + : - : + : - : + : Index: lams_admin/web/user.jsp =================================================================== diff -u -r399fafea8d30e59f81414f332a7e8a5ed527aee4 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_admin/web/user.jsp (.../user.jsp) (revision 399fafea8d30e59f81414f332a7e8a5ed527aee4) +++ lams_admin/web/user.jsp (.../user.jsp) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -58,7 +58,7 @@ password : { required: true, minlength : , - maxlength : 25, + maxlength : 50, charactersAllowed : true, pwcheck : true }, @@ -283,13 +283,13 @@ *: + maxlength="50" id="password" cssClass="form-control" /> *: + maxlength="50" id="password2" cssClass="form-control" /> @@ -495,16 +495,15 @@ -
- +
- +
" /> Index: lams_central/conf/language/lams/ApplicationResources.properties =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/conf/language/lams/ApplicationResources.properties (.../ApplicationResources.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -1083,10 +1083,8 @@ authoring.label.application.exercise.doku.gallery.walk.enabled = Gallery Walk authoring.label.application.exercise.doku.gallery.walk.enabled.tooltip = Use Gallery Walk to promote inter- and intra-teams discussion, higher order thinking, cooperative learning and team building. If enabled, after you start Gallery Walk in Monitoring, the document created for each team is shared to all other teams. Students in their teams then can give each others feedback and rate on their work. label.qb.advanced.search = Advanced search -label.qb.advanced.search.same.ld = Present in this learning design -label.qb.advanced.search.same.ld.tip = Show only questions which were already used in this sequence's activities. authoring.create.doku.question.tooltip = Present a case to the students and as team they will collaboratively create a document in response. -authoring.label.application.exercise.doku.gallery.walk.read.only.tooltip = Students will not be able to neither comment on nor rate other teams' work. +authoring.label.application.exercise.doku.gallery.walk.read.only.tooltip = Students will not be able to comment or rate other teams' work. authoring.label.application.exercise.doku.description = Description/Case authoring.label.application.exercise.doku.instructions = Document Base authoring.label.application.exercise.doku.instructions.tooltip = If you want the students to have a template document to guide them on their collaborative response, add your template here. @@ -1128,3 +1126,7 @@ label.vsa.deallocate.confirm = Are you sure you want to mark this answer as not correct? Students' scores will be recalculated. authoring.fla.remove.button.confirm = Are you sure you want to remove this item? authoring.fla.remove.button.tip = Remove this item +label.qb.advanced.search.same.ld = Present in this learning design +label.qb.advanced.search.same.ld.tip = Show only questions which were already used in this sequence's activities. +label.authoring.short.answer.exact.match = Learner answer must exactly match expected answer +signup.email.verify.subject = LAMS confirm email address Index: lams_central/conf/language/lams/ApplicationResources_en_AU.properties =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/conf/language/lams/ApplicationResources_en_AU.properties (.../ApplicationResources_en_AU.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -1084,7 +1084,7 @@ authoring.label.application.exercise.doku.gallery.walk.enabled.tooltip = Use Gallery Walk to promote inter- and intra-teams discussion, higher order thinking, cooperative learning and team building. If enabled, after you start Gallery Walk in Monitoring, the document created for each team is shared to all other teams. Students in their teams then can give each others feedback and rate on their work. label.qb.advanced.search = Advanced search authoring.create.doku.question.tooltip = Present a case to the students and as team they will collaboratively create a document in response. -authoring.label.application.exercise.doku.gallery.walk.read.only.tooltip = Students will not be able to neither comment on nor rate other teams' work. +authoring.label.application.exercise.doku.gallery.walk.read.only.tooltip = Students will not be able to comment or rate other teams' work. authoring.label.application.exercise.doku.description = Description/Case authoring.label.application.exercise.doku.instructions = Document Base authoring.label.application.exercise.doku.instructions.tooltip = If you want the students to have a template document to guide them on their collaborative response, add your template here. @@ -1126,3 +1126,7 @@ label.vsa.deallocate.confirm = Are you sure you want to mark this answer as not correct? Students' scores will be recalculated. authoring.fla.remove.button.confirm = Are you sure you want to remove this item? authoring.fla.remove.button.tip = Remove this item +label.qb.advanced.search.same.ld = Present in this learning design +label.qb.advanced.search.same.ld.tip = Show only questions which were already used in this sequence's activities. +label.authoring.short.answer.exact.match = Learner answer must exactly match expected answer +signup.email.verify.subject = LAMS confirm email address Index: lams_central/conf/language/lams/ApplicationResources_es_ES.properties =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/conf/language/lams/ApplicationResources_es_ES.properties (.../ApplicationResources_es_ES.properties) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/conf/language/lams/ApplicationResources_es_ES.properties (.../ApplicationResources_es_ES.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -1124,3 +1124,9 @@ label.vsa.allocate.description = Asigne las respuestas de los estudiantes arrastrándolas y soltándolas para corregir las opciones label.vsa.deallocate.button.tip = Haga clic para mover la respuesta a la cola label.vsa.deallocate.confirm = ¿Estás seguro de que quieres marcar esta respuesta como no correcta? Los puntajes de los estudiantes serán recalculados. +authoring.fla.remove.button.confirm = ¿Está seguro de que desea eliminar este elemento? +authoring.fla.remove.button.tip = Eliminar este elemento +label.qb.advanced.search.same.ld = Presente en este diseño de aprendizaje +label.qb.advanced.search.same.ld.tip = Muestre solo las preguntas que ya se usaron en las actividades de esta secuencia. +label.authoring.short.answer.exact.match = La respuesta del alumno debe coincidir exactamente con la respuesta esperada. +signup.email.verify.subject = [LAMS] Confirmación de correo electrónico Index: lams_central/conf/language/lams/ApplicationResources_no_NO.properties =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/conf/language/lams/ApplicationResources_no_NO.properties (.../ApplicationResources_no_NO.properties) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/conf/language/lams/ApplicationResources_no_NO.properties (.../ApplicationResources_no_NO.properties) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -1126,3 +1126,7 @@ label.vsa.deallocate.confirm = Er du sikker på at du vil merke dette svaret som feil? Studentenes poengsum vil bli beregnet på nytt. authoring.fla.remove.button.confirm = Er du sikker på at du vl fjerne dette resultatet ? authoring.fla.remove.button.tip = Fjern dette elementet +label.qb.advanced.search.same.ld = Tilstede i dette læringsdesignet +label.qb.advanced.search.same.ld.tip = Vis kun spørsmål som allerede ble brukt i denne sekvensens aktiviteter. +label.authoring.short.answer.exact.match = Elevens svar må samsvare nøyaktig med forventet svar +signup.email.verify.subject = LAMS bekrefte e-postadresse Index: lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java =================================================================== diff -u -rd16b5e9f75760819f274ee3be3beddae67f93af7 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java (.../UniversalLoginModule.java) (revision d16b5e9f75760819f274ee3be3beddae67f93af7) +++ lams_central/src/java/org/lamsfoundation/lams/security/UniversalLoginModule.java (.../UniversalLoginModule.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -201,7 +201,7 @@ if (!validatePassword(password)) { if (UniversalLoginModule.log.isDebugEnabled()) { - UniversalLoginModule.log.debug("Bad password for user: " + userName); + UniversalLoginModule.log.info("Bad password for user: " + userName); } throw new FailedLoginException("Incorrect password"); } @@ -527,4 +527,4 @@ public static void setAuthenticationToken(String token) { UniversalLoginModule.internalAuthenticationTokens.put(token, System.currentTimeMillis()); } -} \ No newline at end of file +} Index: lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -213,7 +213,7 @@ boolean isMonitor = roles.contains(Role.ROLE_GROUP_MANAGER) || roles.contains(Role.ROLE_MONITOR); boolean disabled = !isMonitor && isKumaliveDisabledForOrganisation; links.add(new IndexLinkBean(isMonitor ? "index.kumalive.teacher" : "index.kumalive", - "javascript:openKumalive(" + organisationId + ")", + "javascript:openKumalive(" + organisationId + ",'" + (isMonitor ? "teacher" : "learner") + "')", "fa fa-fw fa-bolt" + (disabled ? " disabled" : ""), "index.kumalive.tooltip")); } @@ -227,10 +227,9 @@ private IndexOrgBean populateContentsOrgBean(IndexOrgBean orgBean, Organisation org, List roles, String username, boolean isAppAdmin) throws SQLException, NamingException { Integer userId = getUser(username).getUserId(); - + // set lesson beans - Map map = populateLessonBeans(userId, org.getOrganisationId(), - roles); + Map map = populateLessonBeans(userId, org.getOrganisationId(), roles); List lessonBeans = IndexUtils.sortLessonBeans(org.getOrderedLessonIds(), map); orgBean.setLessons(lessonBeans); @@ -245,7 +244,8 @@ List childOrgBeans = new ArrayList<>(); for (Organisation childOrganisation : childOrganisations) { - if (OrganisationState.ACTIVE.equals(childOrganisation.getOrganisationState().getOrganisationStateId())) { + if (OrganisationState.ACTIVE + .equals(childOrganisation.getOrganisationState().getOrganisationStateId())) { List classRoles = new ArrayList<>(); List userOrganisationRoles = userManagementService .getUserOrganisationRoles(childOrganisation.getOrganisationId(), username); @@ -262,7 +262,7 @@ classRoles.add(Role.ROLE_GROUP_MANAGER); } IndexOrgBean childOrgBean = createOrgBean(childOrganisation, classRoles, username, isAppAdmin); - + //check whether organisation was collapsed by the user if (isCollapsingSubcoursesEnabled) { for (UserOrganisationCollapsed userOrganisationCollapsed : userOrganisationsCollapsed) { @@ -273,7 +273,7 @@ } } } - + childOrgBeans.add(childOrgBean); } } @@ -331,7 +331,7 @@ if (isGroupManagerOrMonitor) { lessonLinks.addFirst(new IndexLinkBean("index.monitor", - "javascript:showMonitorLessonDialog(" + bean.getId() + ")", "fa fa-fw fa-heartbeat", null)); + "javascript:openMonitorLesson(" + bean.getId() + ", null)", "fa fa-fw fa-heartbeat", null)); } // Adding lesson notifications links if enabled Index: lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -114,8 +114,8 @@ } boolean IS_HTML_FORMAT = false; - eventNotificationService.sendMessage(currentUser.getUserID(), userId.intValue(), - IEventNotificationService.DELIVERY_METHOD_MAIL, subject, body, IS_HTML_FORMAT); + eventNotificationService.sendMessage(null, userId.intValue(), IEventNotificationService.DELIVERY_METHOD_MAIL, + subject, body, IS_HTML_FORMAT); String ccEmail = emailForm.getCcEmail(); if (StringUtils.isNotBlank(ccEmail) && ValidationUtil.isEmailValid(ccEmail, false)) { Index: lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java (.../HomeController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/src/java/org/lamsfoundation/lams/web/HomeController.java (.../HomeController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -244,11 +244,9 @@ return "errorContent"; } - boolean forceRegularMonitor = WebUtil.readBooleanParam(req, "forceRegularMonitor", false); // security check will be done there String url = Configuration.get(ConfigurationKeys.SERVER_URL) - + "monitoring/monitoring/monitorLesson.do?lessonID=" + lessonId + "&forceRegularMonitor=" - + forceRegularMonitor; + + "monitoring/monitoring/monitorLesson.do?lessonID=" + lessonId; res.sendRedirect(url); return null; } Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java =================================================================== diff -u -rd13f92ca7aa2afe69ccfc88656fa5e1afe8d5f31 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java (.../LoginAsController.java) (revision d13f92ca7aa2afe69ccfc88656fa5e1afe8d5f31) +++ lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java (.../LoginAsController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -101,6 +101,7 @@ UniversalLoginModule.setAuthenticationToken(token); // redirect to login page request.setAttribute("redirectURL", "/lams/index.jsp"); + request.setAttribute("isLoginAs", true); return "login"; } } Index: lams_central/web/WEB-INF/web.xml =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/web/WEB-INF/web.xml (.../web.xml) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/web/WEB-INF/web.xml (.../web.xml) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -10,38 +10,7 @@ - - - contextConfigLocation - - - - locatorFactorySelector - classpath:/org/lamsfoundation/lams/beanRefContext.xml - - - - parentContextKey - context.central - - Owasp.CsrfGuard.Config WEB-INF/Owasp.CsrfGuard.properties @@ -78,6 +47,10 @@ + AuditLogFilter + org.lamsfoundation.lams.web.filter.AuditLogFilter + + CSRFGuard org.owasp.csrfguard.CsrfGuardFilter @@ -160,14 +133,19 @@ /ckeditor/* + AuditLogFilter + /loginas.do + + CSRFGuard *.do + /ForgotPasswordRequest - org.springframework.web.context.ContextLoaderListener + org.lamsfoundation.lams.web.filter.LamsContextLoaderListener Index: lams_central/web/includes/javascript/openUrls.js =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/web/includes/javascript/openUrls.js (.../openUrls.js) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/web/includes/javascript/openUrls.js (.../openUrls.js) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -49,34 +49,14 @@ function openMonitorLesson( lessonID, url ) { if (!url) { - url = '/lams/home/monitorLesson.do?'; + // change back to Home controller after upgrade!! + url = '/lams/monitoring/monitoring/monitorLesson.do?'; } url += 'lessonID='+ lessonID; - - if (isMac) { - if(belowMinRes) { - monitorLessonWin = window.open(url,'mWindow','width=' + monitor_width - + ',height=' + monitor_height + ',resizable,scrollbars' + getCenterParams(monitor_width, monitor_height)); - } else { - monitorLessonWin = window.open(url,'mWindow','width=' + monitor_width - + ',height=' + monitor_height + ',resizable,scrollbars' + getCenterParams(monitor_width, monitor_height)); - } - } else { - if (monitorLessonWin && !monitorLessonWin.closed) { - monitorLessonWin.location = url; - monitorLessonWin.focus(); - } else { - monitorLessonWin = window.open(url,'mWindow','width=' + monitor_width - + ',height=' + monitor_height + ',resizable,resizable,scrollbars' - + getCenterParams(monitor_width, monitor_height)); - } - } + sessionStorage.removeItem("lamsMonitoringCurrentTab"); + window.location.href = url; } -function openTBLMonitorLesson( lessonID ) { - openMonitorLesson(lessonID, '/lams/monitoring/tblmonitor/start.do?') -} - function openLearner( lessonId, url ) { if (!url) { url = '/lams/home/learner.do?'; Index: lams_central/web/main.jsp =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r3f3f34c22194aeaf302e1fd332925dffd35019aa --- lams_central/web/main.jsp (.../main.jsp) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/web/main.jsp (.../main.jsp) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) @@ -14,9 +14,9 @@ - - - + + + @@ -29,7 +29,7 @@ - +