<%@ page contentType="text/html; charset=UTF-8" %> <%-- - - Copyright (C) 2005-2008 Jive Software, 2017-2025 Ignite Realtime Foundation. All rights reserved. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. --%> <%@ page import="gnu.inet.encoding.Stringprep"%> <%@ page import="org.jivesoftware.openfire.group.Group"%> <%@ page import="org.jivesoftware.openfire.group.GroupManager"%> <%@ page import="org.jivesoftware.openfire.group.GroupNotFoundException"%> <%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager"%> <%@ page import="org.jivesoftware.openfire.user.UserManager"%> <%@ page import="org.jivesoftware.openfire.user.UserNotFoundException"%> <%@ page import="org.jivesoftware.util.CookieUtils"%> <%@ page import="org.jivesoftware.util.ParamUtils"%> <%@ page import="org.jivesoftware.util.StringUtils"%> <%@ page import="org.jivesoftware.util.ListPager" %> <%@ page import="org.xmpp.packet.JID"%> <%@ page import="java.io.UnsupportedEncodingException"%> <%@ page import="java.net.URLDecoder" %> <%@ page import="java.net.URLEncoder" %> <%@ page import="java.util.*" %> <%@ page import="java.util.function.Predicate" %> <%@ page import="org.slf4j.LoggerFactory" %> <%@ page import="org.jivesoftware.openfire.group.SharedGroupVisibility" %> <%@ page import="java.nio.charset.StandardCharsets" %> <%@ taglib uri="admin" prefix="admin" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> <%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %> <%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %> <% webManager.init(pageContext); %> <% // Get parameters boolean updateDetails = request.getParameter( "updateDetails" ) != null; boolean addMember = request.getParameter( "addMember") != null; boolean removeMember = request.getParameter( "removeMember") != null; boolean updateMember = request.getParameter("updateMember") != null; boolean updateContactListSettings = request.getParameter("updateContactListSettings") != null; boolean cancel = request.getParameter("cancel") != null; String name = ParamUtils.getParameter( request, "name" ); // update for group name String description = ParamUtils.getParameter( request, "description" ); // update for group description. String username = ParamUtils.getParameter(request, "username"); String [] adminJIDs = ParamUtils.getParameters(request, "admin"); String [] deleteMembers = ParamUtils.getParameters(request, "delete"); String groupName = ParamUtils.getParameter(request, "group"); GroupManager groupManager = webManager.getGroupManager(); boolean groupInfoChanged = ParamUtils.getBooleanParameter(request, "groupChanged", false); Map errors = new HashMap<>(); boolean enableRosterGroups = ParamUtils.getBooleanParameter(request,"enableRosterGroups"); String groupDisplayName = ParamUtils.getParameter(request,"groupDisplayName"); String showGroup = ParamUtils.getParameter(request,"showGroup"); List groupNames = Arrays.asList(ParamUtils.getParameters(request, "groupNames")); Group group = groupManager.getGroup(groupName); boolean success; Cookie csrfCookie = CookieUtils.getCookie(request, "csrf"); String csrfParam = ParamUtils.getParameter(request, "csrf"); if ( addMember || removeMember || updateMember || updateContactListSettings || updateDetails ) { if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) { addMember = false; removeMember = false; updateContactListSettings = false; updateMember = false; updateDetails = false; errors.put("csrf", "CSRF Failure!"); } } csrfParam = StringUtils.randomString(15); CookieUtils.setCookie(request, response, "csrf", csrfParam, -1); pageContext.setAttribute("csrf", csrfParam); if (cancel) { response.sendRedirect("group-summary.jsp"); return; } // Handle a request to update the group details (name, description). if ( updateDetails ) { // Validate if ( name == null || name.trim().isEmpty() ) { errors.put( "name", "Name cannot be null or empty." ); } else if ( !groupName.equalsIgnoreCase( name.trim() ) ) { try { webManager.getGroupManager().getGroup( name.trim(), true ); errors.put( "alreadyExists", name.trim() ); } catch ( GroupNotFoundException e) { // intended. } } if ( errors.isEmpty() ) { try { webManager.getGroupManager().getGroup( groupName ); group.setName( name.trim() ); group.setDescription( description != null ? description.trim() : null ); if ( !SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents() ) { // Log the event webManager.logEvent( "edited group " + groupName, "name = " + group.getName() + ",description = " + group.getDescription() ); } // Successful, so redirect response.sendRedirect( "group-edit.jsp?groupChanged=true&group=" + URLEncoder.encode( group.getName(), StandardCharsets.UTF_8) + ListPager.getQueryString(request, '&', "searchName") ); return; } catch ( Exception e ) { errors.put( "general", e.getMessage() ); } } } // Handle a request to update the contact list settings. if ( updateContactListSettings ) { if (enableRosterGroups && (groupDisplayName == null || groupDisplayName.trim().isEmpty())) { errors.put("groupDisplayName", "Group display name cannot be null or empty."); } if (errors.isEmpty()) { if (enableRosterGroups) { if ( !"spefgroups".equals( showGroup ) ) { // not spefgroups? Either 'everybody' or 'onlyGroup' - in any case, no 'groupList' should be empty. groupNames = new ArrayList<>(); } if ("everybody".equals(showGroup)) { group.shareWithEverybody(groupDisplayName.trim()); } else if ("spefgroups".equals(showGroup)) { // The stored value for 'showInRoster' is either 'onlyGroup' or 'everybody', when sharing is enabled // 'spefgroups' isn't actually saved. That's represented by 'onlyGroup' combined with a 'groupList'. group.shareWithUsersInGroups(toList( groupNames.toArray( new String[]{} ) ), groupDisplayName.trim()); showGroup = "onlyGroup"; } else { group.shareWithUsersInSameGroup(groupDisplayName.trim()); } if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) { // Log the event webManager.logEvent("enabled roster groups for "+groupName, "showinroster = "+showGroup+"\ndisplayname = "+groupDisplayName+"\ngrouplist = "+toList(groupNames.toArray( new String[]{} ) )); } } else { group.shareWithNobody(); if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) { // Log the event webManager.logEvent("disabled roster groups for "+groupName, null); } } // Get admin list and compare it the admin posted list. response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, StandardCharsets.UTF_8) + "&groupChanged=true" + ListPager.getQueryString(request, '&', "searchName") ); return; } } // Handle a request to update the privilege of an existing group member. if (errors.isEmpty() && updateMember) { final Set newAdmins = new HashSet<>(); for ( final String adminJID : adminJIDs ) { newAdmins.add( new JID( adminJID ) ); } // Process changes to admins. First, add users that are newly marked as 'admin'... for ( final JID newAdmin : newAdmins ) { if ( !group.getAdmins().contains( newAdmin ) ) { group.getAdmins().add( newAdmin ); } } // ... all users that are unmarked should be moved from the 'admins' group to the 'members' group. final Set oldAdmins = new HashSet<>( group.getAdmins() ); oldAdmins.removeAll( newAdmins ); // All left are no longer supposed to be admins. for ( final JID oldAdmin : oldAdmins ) { // Update privilege by explicitly adding the old admin to the member group. group.getMembers().add(oldAdmin); } if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) { // Log the event webManager.logEvent("updated group membership for "+groupName, null); } // Get admin list and compare it the admin posted list. response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, StandardCharsets.UTF_8) + "&updatesuccess=true" + ListPager.getQueryString(request, '&', "searchName") ); return; } // Handle a request to add a new group member. if ( errors.isEmpty() && addMember) { if ( username == null || username.trim().isEmpty() ) { errors.put( "addMember", "username" ); } else { boolean memberAdded = false; username = username.trim(); username = username.toLowerCase(); if ( username.contains( "@" ) ) { try { UserManager.getInstance().getUser( JID.escapeNode( username ) ); // That means that this user has an email address as their node. username = JID.escapeNode( username ); } catch (UserNotFoundException e) { // that's ok. } } // Add to group as member by default. try { if ( !username.contains( "@" ) ) { // No @ was found so assume this is a JID of a local user username = JID.escapeNode(username); username = Stringprep.nodeprep(username); UserManager.getInstance().getUser(username); memberAdded = group.getMembers().add(webManager.getXMPPServer().createJID(username, null)); } else { // Admin entered a JID. Add the JID directly to the list of group members memberAdded = group.getMembers().add( new JID(username) ); if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) { // Log the event webManager.logEvent("added group member to "+groupName, "username = "+username); } } } catch ( Exception e ) { errors.put( "general", e.getMessage() ); LoggerFactory.getLogger("group-edit.jsp").warn("Problem adding new user '{}' to existing group '{}' in admin console.", groupName, username, e); } if ( memberAdded ) { response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, StandardCharsets.UTF_8) + "&success=true" + ListPager.getQueryString(request, '&', "searchName") ); return; } } } // Handle a request to remove group members. if ( errors.isEmpty() && removeMember ) { for (String deleteMember : deleteMembers) { JID member = new JID(deleteMember); group.getMembers().remove(member); group.getAdmins().remove(member); } response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, StandardCharsets.UTF_8) + "&deletesuccess=true" + ListPager.getQueryString(request, '&', "searchName") ); return; } success = groupInfoChanged || ParamUtils.getBooleanParameter(request, "success") || ParamUtils.getBooleanParameter(request, "deletesuccess") || ParamUtils.getBooleanParameter(request, "updatesuccess") || ParamUtils.getBooleanParameter(request, "creategroupsuccess"); SharedGroupVisibility visibility = group.getSharedWith(); if ( SharedGroupVisibility.usersOfGroups == visibility ) { groupNames = group.getSharedWithUsersInGroupNames(); } pageContext.setAttribute( "success", success ); pageContext.setAttribute( "errors", errors ); pageContext.setAttribute( "groupInfoChanged", groupInfoChanged ); pageContext.setAttribute( "group", group ); pageContext.setAttribute( "onlySharedWithOwnGroup", groupNames.isEmpty() || (groupNames.size() == 1 && groupNames.contains(group.getName()))); pageContext.setAttribute( "groupNames", groupNames ); final List allMembers = new ArrayList<>(); allMembers.addAll( group.getAdmins() ); allMembers.addAll( group.getMembers() ); Collections.sort( allMembers ); Predicate filter = jid -> true; final String searchName = ParamUtils.getStringParameter(request, "searchName", "").trim(); if(!searchName.isEmpty()) { filter = filter.and(jid -> StringUtils.containsIgnoringCase(jid.toString(), searchName)); } final ListPager listPager = new ListPager<>(request, response, allMembers, filter, "group", "searchName"); pageContext.setAttribute( "listPager", listPager ); pageContext.setAttribute("searchName", searchName); final List groups = new ArrayList<>(groupManager.getGroups()); groups.sort(Comparator.comparing(Group::getName)); pageContext.setAttribute("groups", groups); %> <fmt:message key="group.edit.title"/>

${listPager.hiddenFields}
*
">
*
${listPager.hiddenFields}


">

${listPager.hiddenFields}
 ">
: ${listPager.totalItemCount} : -- -

: [ ${listPager.pageLinks} ] -- : ${listPager.pageSizeSelection}

${listPager.hiddenFields} <%--@elvariable id="member" type="org.xmpp.packet.JID"--%>
 



"/> search
" alt=""> " alt=""> " alt=""> " alt=""> " alt=""> " alt="">   *
 
*

: [ ${listPager.pageLinks} ]

 ${listPager.jumpToPageForm} <%! private static List toList( String[] array ) { List result = new ArrayList<>(); if (array == null || array.length == 0) { return result; } for (String anArray : array) { String item; item = URLDecoder.decode( anArray, StandardCharsets.UTF_8); result.add(item); } return result; } %>