Add user activity check before substitution

modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManager.java

@@ -73,4 +73,11 @@ public interface AuthenticationManager {
      * @see AuthenticationService#logout()
      */
     void logout();
+
+    /**
+     * Checks if user is active
+     * @param user user to check
+     * @return true if user is active
+     */
+    boolean isUserActive(User user);
 }

modules/core/src/com/haulmont/cuba/security/auth/AuthenticationManagerBean.java

@@ -231,6 +231,17 @@ public void logout() {
         }
     }
 
+    @Override
+    public boolean isUserActive(User user) {
+        try (Transaction ignored = persistence.createTransaction()) {
+            User foundUser = persistence.getEntityManager().find(User.class, user.getId());
+            if (foundUser == null) {
+                throw new NoResultException("User not found");
+            }
+            return foundUser.getActive();
+        }
+    }
+
     protected AuthenticationDetails authenticateInternal(Credentials credentials) throws LoginException {
         AuthenticationDetails details = null;
 

modules/core/src/com/haulmont/cuba/security/auth/AuthenticationServiceBean.java

@@ -156,6 +156,12 @@ public void logout() {
         }
     }
 
+    @Override
+    public boolean isUserActive(User user) {
+        return authenticationManager.isUserActive(user);
+    }
+
+
     protected LoginException wrapInLoginException(Throwable throwable) {
         //noinspection ThrowableResultOfMethodCallIgnored
         Throwable rootCause = ExceptionUtils.getRootCause(throwable);

modules/global/src/com/haulmont/cuba/security/auth/AuthenticationService.java

@@ -73,4 +73,11 @@ public interface AuthenticationService {
      * @throws NoUserSessionException if session is absent or expired
      */
     void logout();
+
+    /**
+     * Check if user is active
+     * @param user user to check
+     * @return true if user is active
+     */
+    boolean isUserActive(User user);
 }

modules/web/src/com/haulmont/cuba/web/actions/ChangeSubstUserAction.java

@@ -19,9 +19,11 @@
 
 import com.haulmont.cuba.core.global.AppBeans;
 import com.haulmont.cuba.core.global.Messages;
+import com.haulmont.cuba.gui.Notifications;
 import com.haulmont.cuba.gui.components.AbstractAction;
 import com.haulmont.cuba.gui.components.Frame;
 import com.haulmont.cuba.gui.icons.CubaIcon;
+import com.haulmont.cuba.security.auth.AuthenticationService;
 import com.haulmont.cuba.security.entity.User;
 import com.haulmont.cuba.web.App;
 import com.haulmont.cuba.web.AppUI;
@@ -42,25 +44,36 @@ public ChangeSubstUserAction(User user) {
     public void actionPerform(com.haulmont.cuba.gui.components.Component component) {
         AppUI ui = AppUI.getCurrent();
 
-        WebScreens screens = (WebScreens) ui.getScreens();
+        if (!isUserActive(user)) {
+            doRevert();
+            ui.getNotifications().create(Notifications.NotificationType.ERROR)
+                    .withCaption("User substitution is not allowed")
+                    .withDescription(String.format("User '%s' is disabled", user.getName()))
+                    .show();
+        } else {
+            WebScreens screens = (WebScreens) ui.getScreens();
+            screens.checkModificationsAndCloseAll()
+                    .then(() -> {
+                        App app = ui.getApp();
 
-        screens.checkModificationsAndCloseAll()
-                .then(() -> {
-                    App app = ui.getApp();
+                        try {
+                            app.getConnection().substituteUser(user);
+                            doAfterChangeUser();
+                        } catch (javax.persistence.NoResultException e) {
+                            Messages messages = AppBeans.get(Messages.NAME);
+                            app.getWindowManager().showNotification(
+                                    messages.formatMainMessage("substitutionNotPerformed", user.getName()),
+                                    Frame.NotificationType.WARNING
+                            );
+                            doRevert();
+                        }
+                    })
+                    .otherwise(this::doRevert);
+        }
+    }
 
-                    try {
-                        app.getConnection().substituteUser(user);
-                        doAfterChangeUser();
-                    } catch (javax.persistence.NoResultException e) {
-                        Messages messages = AppBeans.get(Messages.NAME);
-                        app.getWindowManager().showNotification(
-                                messages.formatMainMessage("substitutionNotPerformed", user.getName()),
-                                Frame.NotificationType.WARNING
-                        );
-                        doRevert();
-                    }
-                })
-                .otherwise(this::doRevert);
+    private static boolean isUserActive(User user) {
+        return AppBeans.<AuthenticationService>get(AuthenticationService.NAME).isUserActive(user);
     }
 
     public void doAfterChangeUser() {