diff --git a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManager.java b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManager.java index eb1fbd0119..39e083e38a 100644 --- a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManager.java +++ b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManager.java @@ -73,4 +73,11 @@ public interface AuthenticationManager { * @see AuthenticationService#logout() */ void logout(); + + /** + * Checks if user is active + * @param user user to check + * @return true if user is active + */ + boolean isUserActive(User user); } \ No newline at end of file diff --git a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManagerBean.java b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManagerBean.java index 770e1318b9..52972f5e61 100644 --- a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManagerBean.java +++ b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManagerBean.java @@ -231,6 +231,17 @@ public void logout() { } } + @Override + public boolean isUserActive(User user) { + try (Transaction ignored = persistence.createTransaction()) { + User foundUser = persistence.getEntityManager().find(User.class, user.getId()); + if (foundUser == null) { + throw new NoResultException("User not found"); + } + return foundUser.getActive(); + } + } + protected AuthenticationDetails authenticateInternal(Credentials credentials) throws LoginException { AuthenticationDetails details = null; diff --git a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java index 9d246c1a68..9d9ca70268 100644 --- a/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java +++ b/modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java @@ -156,6 +156,12 @@ public void logout() { } } + @Override + public boolean isUserActive(User user) { + return authenticationManager.isUserActive(user); + } + + protected LoginException wrapInLoginException(Throwable throwable) { //noinspection ThrowableResultOfMethodCallIgnored Throwable rootCause = ExceptionUtils.getRootCause(throwable); diff --git a/modules/global/src/com/haulmont/cuba/security/auth/AuthenticationService.java b/modules/global/src/com/haulmont/cuba/security/auth/AuthenticationService.java index 3c23ada0b3..9c864ff1b2 100644 --- a/modules/global/src/com/haulmont/cuba/security/auth/AuthenticationService.java +++ b/modules/global/src/com/haulmont/cuba/security/auth/AuthenticationService.java @@ -73,4 +73,11 @@ public interface AuthenticationService { * @throws NoUserSessionException if session is absent or expired */ void logout(); + + /** + * Check if user is active + * @param user user to check + * @return true if user is active + */ + boolean isUserActive(User user); } \ No newline at end of file diff --git a/modules/web/src/com/haulmont/cuba/web/actions/ChangeSubstUserAction.java b/modules/web/src/com/haulmont/cuba/web/actions/ChangeSubstUserAction.java index 8468b697a6..2feaf8a23a 100644 --- a/modules/web/src/com/haulmont/cuba/web/actions/ChangeSubstUserAction.java +++ b/modules/web/src/com/haulmont/cuba/web/actions/ChangeSubstUserAction.java @@ -19,9 +19,11 @@ import com.haulmont.cuba.core.global.AppBeans; import com.haulmont.cuba.core.global.Messages; +import com.haulmont.cuba.gui.Notifications; import com.haulmont.cuba.gui.components.AbstractAction; import com.haulmont.cuba.gui.components.Frame; import com.haulmont.cuba.gui.icons.CubaIcon; +import com.haulmont.cuba.security.auth.AuthenticationService; import com.haulmont.cuba.security.entity.User; import com.haulmont.cuba.web.App; import com.haulmont.cuba.web.AppUI; @@ -42,25 +44,36 @@ public ChangeSubstUserAction(User user) { public void actionPerform(com.haulmont.cuba.gui.components.Component component) { AppUI ui = AppUI.getCurrent(); - WebScreens screens = (WebScreens) ui.getScreens(); + if (!isUserActive(user)) { + doRevert(); + ui.getNotifications().create(Notifications.NotificationType.ERROR) + .withCaption("User substitution is not allowed") + .withDescription(String.format("User '%s' is disabled", user.getName())) + .show(); + } else { + WebScreens screens = (WebScreens) ui.getScreens(); + screens.checkModificationsAndCloseAll() + .then(() -> { + App app = ui.getApp(); - screens.checkModificationsAndCloseAll() - .then(() -> { - App app = ui.getApp(); + try { + app.getConnection().substituteUser(user); + doAfterChangeUser(); + } catch (javax.persistence.NoResultException e) { + Messages messages = AppBeans.get(Messages.NAME); + app.getWindowManager().showNotification( + messages.formatMainMessage("substitutionNotPerformed", user.getName()), + Frame.NotificationType.WARNING + ); + doRevert(); + } + }) + .otherwise(this::doRevert); + } + } - try { - app.getConnection().substituteUser(user); - doAfterChangeUser(); - } catch (javax.persistence.NoResultException e) { - Messages messages = AppBeans.get(Messages.NAME); - app.getWindowManager().showNotification( - messages.formatMainMessage("substitutionNotPerformed", user.getName()), - Frame.NotificationType.WARNING - ); - doRevert(); - } - }) - .otherwise(this::doRevert); + private static boolean isUserActive(User user) { + return AppBeans.get(AuthenticationService.NAME).isUserActive(user); } public void doAfterChangeUser() {