dotCMS#32129 deactive active user (dotCMS#32206)

jdotcms · web-flow · commit 302b81cf8b6a · 2025-05-28T18:34:13.000Z
Allowing to activate/deactiver users by rest
diff --git a/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/ResponseUserDeletedEntityView.java b/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/ResponseUserDeletedEntityView.java
@@ -3,9 +3,11 @@
 import com.dotcms.rest.ResponseEntityView;
 
 /**
- * Returns the response entity view for an user deleted view
+ * Returns a map such as
+ * userID -> {userId}
+ * user   -> {userMap}
  */
-public class ResponseUserDeletedEntityView extends ResponseEntityView <UserDeletedView> {
+public class ResponseUserDeletedEntityView extends ResponseEntityView<UserDeletedView> {
     public ResponseUserDeletedEntityView(final UserDeletedView entity) {
         super(entity);
     }
diff --git a/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/ResponseUserMapEntityView.java b/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/ResponseUserMapEntityView.java
@@ -0,0 +1,16 @@
+package com.dotcms.rest.api.v1.user;
+
+import com.dotcms.rest.ResponseEntityView;
+
+import java.util.Map;
+
+/**
+ * Returns a map such as
+ * userID -> {userId}
+ * user   -> {userMap}
+ */
+public class ResponseUserMapEntityView extends ResponseEntityView <Map<String, Object>> {
+    public ResponseUserMapEntityView(Map<String, Object> entity) {
+        super(entity);
+    }
+}
diff --git a/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/UserResource.java b/dotCMS/src/main/java/com/dotcms/rest/api/v1/user/UserResource.java
@@ -14,6 +14,7 @@
 import com.dotcms.rest.api.v1.authentication.IncorrectPasswordException;
 import com.dotcms.rest.api.v1.authentication.ResponseUtil;
 import com.dotcms.rest.api.v1.site.ResponseSiteVariablesEntityView;
+import com.dotcms.rest.api.v1.workflow.BulkActionsResultView;
 import com.dotcms.rest.exception.BadRequestException;
 import com.dotcms.rest.exception.ForbiddenException;
 import com.dotcms.rest.exception.mapper.ExceptionMapperUtil;
@@ -65,6 +66,7 @@
 import javax.ws.rs.DefaultValue;
 import javax.ws.rs.GET;
 import javax.ws.rs.NotFoundException;
+import javax.ws.rs.PATCH;
 import javax.ws.rs.POST;
 import javax.ws.rs.PUT;
 import javax.ws.rs.Path;
@@ -865,6 +867,175 @@ public final Response udpate(@Context final HttpServletRequest httpServletReques
 		throw new ForbiddenException(USER_MSG + modUser.getUserId() + " does not have permissions to update users");
 	} // create.
 
+	/**
+     * Activate an existing user.
+     *
+     * Only Admin User or have access to Users and Roles Portlets can update an existing user
+     *
+     * @param httpServletRequest
+     * @return User Updated
+     * @throws Exception
+     */
+    @Operation(summary = "Active an existing user.",
+            responses = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If success returns a map with the user + user id."),
+                    @ApiResponse(
+                            responseCode = "403",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user is not an admin or access to the role + user layouts or does have permission, it will return a 403."),
+                    @ApiResponse(
+                            responseCode = "404",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user to update does not exist"),
+                    @ApiResponse(
+                            responseCode = "400",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user information is not valid"),
+            })
+    @PATCH
+    @Path("/activate/{userId}")
+    @JSONP
+    @NoCache
+    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+    public final ResponseUserMapEntityView active(@Context final HttpServletRequest httpServletRequest,
+                                 @Context final HttpServletResponse httpServletResponse,
+                                 @PathParam("userId") @Parameter(
+                                         required = true,
+                                         description = "Identifier of an user.\n\n" +
+                                                 "Example value: `b9d89c80-3d88-4311-8365-187323c96436` ",
+                                         schema = @Schema(type = "string"))
+                                 final String userId)
+            throws Exception {
+
+        final User modUser = new WebResource.InitBuilder(webResource)
+                .requiredBackendUser(true)
+                .requiredFrontendUser(false)
+                .requestAndResponse(httpServletRequest, httpServletResponse)
+                .rejectWhenNoUser(true)
+                .init().getUser();
+
+        Logger.debug(this, ()-> "Activating user: " + modUser.getUserId());
+
+        final boolean isRoleAdministrator = modUser.isAdmin() ||
+                (
+                        APILocator.getLayoutAPI().doesUserHaveAccessToPortlet(PortletID.ROLES.toString(), modUser) &&
+                                APILocator.getLayoutAPI().doesUserHaveAccessToPortlet(PortletID.USERS.toString(), modUser)
+                );
+
+        if (isRoleAdministrator) {
+
+            final User userToUpdated = this.userAPI.loadUserById(userId);
+            if (Objects.isNull(userToUpdated)) {
+
+                throw new NoSuchUserException("User with id " + userId + " does not exist");
+            }
+
+            userToUpdated.setActive(true);
+            this.userAPI.save(userToUpdated, modUser, false);
+
+            return new ResponseUserMapEntityView(Map.of(USER_ID, userToUpdated.getUserId(),
+                    "user", userToUpdated.toMap())); // 200
+        }
+
+        throw new ForbiddenException(USER_MSG + modUser.getUserId() + " does not have permissions to update users");
+    } // active.
+
+    /**
+     * Deactivate an existing user.
+     *
+     * Only Admin User or have access to Users and Roles Portlets can update an existing user
+     *
+     * @param httpServletRequest
+     * @return User Updated
+     * @throws Exception
+     */
+    @Operation(summary = "Deactivate an existing user.",
+            responses = {
+                    @ApiResponse(
+                            responseCode = "200",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If success returns a map with the user + user id."),
+                    @ApiResponse(
+                            responseCode = "403",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user is not an admin or access to the role + user layouts or does have permission, it will return a 403."),
+                    @ApiResponse(
+                            responseCode = "404",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user to update does not exist"),
+                    @ApiResponse(
+                            responseCode = "400",
+                            content = @Content(mediaType = "application/json",
+                                    schema = @Schema(implementation =
+                                            ResponseUserMapEntityView.class)),
+                            description = "If the user information is not valid"),
+            })
+    @PATCH
+    @Path("/deactivate/{userId}")
+    @JSONP
+    @NoCache
+    @Produces({MediaType.APPLICATION_JSON, "application/javascript"})
+    public final ResponseUserMapEntityView deactivate(@Context final HttpServletRequest httpServletRequest,
+                                                  @Context final HttpServletResponse httpServletResponse,
+                                                  @PathParam("userId") @Parameter(
+                                                          required = true,
+                                                          description = "Identifier of an user.\n\n" +
+                                                                  "Example value: `b9d89c80-3d88-4311-8365-187323c96436` ",
+                                                          schema = @Schema(type = "string"))
+                                                  final String userId)
+            throws Exception {
+
+        final User modUser = new WebResource.InitBuilder(webResource)
+                .requiredBackendUser(true)
+                .requiredFrontendUser(false)
+                .requestAndResponse(httpServletRequest, httpServletResponse)
+                .rejectWhenNoUser(true)
+                .init().getUser();
+
+        Logger.debug(this, ()-> "Deactivating user: " + modUser.getUserId());
+
+        final boolean isRoleAdministrator = modUser.isAdmin() ||
+                (
+                        APILocator.getLayoutAPI().doesUserHaveAccessToPortlet(PortletID.ROLES.toString(), modUser) &&
+                                APILocator.getLayoutAPI().doesUserHaveAccessToPortlet(PortletID.USERS.toString(), modUser)
+                );
+
+        if (isRoleAdministrator) {
+
+            final User userToUpdated = this.userAPI.loadUserById(userId);
+            if (Objects.isNull(userToUpdated)) {
+
+                throw new NoSuchUserException("User with id " + userId + " does not exist");
+            }
+
+            userToUpdated.setActive(false);
+            this.userAPI.save(userToUpdated, modUser, false);
+
+            return new ResponseUserMapEntityView(Map.of(USER_ID, userToUpdated.getUserId(),
+                    "user", userToUpdated.toMap())); // 200
+        }
+
+        throw new ForbiddenException(USER_MSG + modUser.getUserId() + " does not have permissions to update users");
+    } // deactivate.
+
+
 	@WrapInTransaction
 	private User updateUser(final User modUser, final HttpServletRequest request,
 							final UserForm updateUserForm) throws DotDataException, DotSecurityException,
@@ -1068,5 +1239,5 @@ public final void delete(@Context final HttpServletRequest httpServletRequest,
 
 			throw new ForbiddenException(USER_MSG + modUser.getUserId() + " does not have permissions to update users");
 		}
-	} // active.
+	} // delete.
 }
diff --git a/dotcms-postman/src/main/resources/postman/UserResource.postman_collection.json b/dotcms-postman/src/main/resources/postman/UserResource.postman_collection.json
