group-delete.jsp 3.89 KB
Newer Older
Matt Tucker's avatar
Matt Tucker committed
1 2 3 4 5
<%--
  -	$RCSfile$
  -	$Revision$
  -	$Date$
  -
6
  - Copyright (C) 2004-2008 Jive Software. All rights reserved.
Matt Tucker's avatar
Matt Tucker committed
7
  -
8 9 10 11 12 13 14 15 16 17 18
  - Licensed under the Apache License, Version 2.0 (the "License");
  - you may not use this file except in compliance with the License.
  - You may obtain a copy of the License at
  -
  -     http://www.apache.org/licenses/LICENSE-2.0
  -
  - Unless required by applicable law or agreed to in writing, software
  - distributed under the License is distributed on an "AS IS" BASIS,
  - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  - See the License for the specific language governing permissions and
  - limitations under the License.
Matt Tucker's avatar
Matt Tucker committed
19 20 21
--%>

<%@ page import="org.jivesoftware.util.*,
22
                 org.jivesoftware.openfire.group.Group,
Matt Tucker's avatar
Matt Tucker committed
23
                 java.net.URLEncoder"
Matt Tucker's avatar
Matt Tucker committed
24 25
    errorPage="error.jsp"
%>
26
<%@ page import="org.jivesoftware.openfire.security.SecurityAuditManager" %>
Matt Tucker's avatar
Matt Tucker committed
27

28 29
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/fmt" prefix="fmt" %>
Matt Tucker's avatar
Matt Tucker committed
30 31 32 33 34 35 36 37

<jsp:useBean id="webManager" class="org.jivesoftware.util.WebManager" />
<% webManager.init(request, response, session, application, out ); %>

<%  // Get parameters //
    boolean cancel = request.getParameter("cancel") != null;
    boolean delete = request.getParameter("delete") != null;
    String groupName = ParamUtils.getParameter(request,"group");
38 39 40 41 42 43 44 45 46 47 48
    Cookie csrfCookie = CookieUtils.getCookie(request, "csrf");
    String csrfParam = ParamUtils.getParameter(request, "csrf");

    if (delete) {
        if (csrfCookie == null || csrfParam == null || !csrfCookie.getValue().equals(csrfParam)) {
            delete = false;
        }
    }
    csrfParam = StringUtils.randomString(15);
    CookieUtils.setCookie(request, response, "csrf", csrfParam, -1);
    pageContext.setAttribute("csrf", csrfParam);
Matt Tucker's avatar
Matt Tucker committed
49 50 51

    // Handle a cancel
    if (cancel) {
Matt Tucker's avatar
Matt Tucker committed
52
        response.sendRedirect("group-edit.jsp?group=" + URLEncoder.encode(groupName, "UTF-8"));
Matt Tucker's avatar
Matt Tucker committed
53 54 55 56 57 58 59 60 61 62
        return;
    }

    // Load the group object
    Group group = webManager.getGroupManager().getGroup(groupName);

    // Handle a group delete:
    if (delete) {
        // Delete the group
        webManager.getGroupManager().deleteGroup(group);
63 64 65 66
        if (!SecurityAuditManager.getSecurityAuditProvider().blockGroupEvents()) {
            // Log the event
            webManager.logEvent("deleted group "+group, null);
        }
Matt Tucker's avatar
Matt Tucker committed
67 68 69 70 71 72
        // Done, so redirect
        response.sendRedirect("group-summary.jsp?deletesuccess=true");
        return;
    }
%>

73 74 75 76
<html>
    <head>
        <title><fmt:message key="group.delete.title"/></title>
        <meta name="subPageID" content="group-delete"/>
77
        <meta name="extraParams" content="<%= "group="+URLEncoder.encode(groupName, "UTF-8") %>"/>
78 79 80
        <meta name="helpPage" content="delete_a_group.html"/>
    </head>
    <body>
Matt Tucker's avatar
Matt Tucker committed
81

82 83
<% if (webManager.getGroupManager().isReadOnly()) { %>
<div class="error">
Matt Tucker's avatar
Matt Tucker committed
84
    <fmt:message key="group.read_only"/>
85 86 87
</div>
<% } %>

Matt Tucker's avatar
Matt Tucker committed
88
<p>
89
<fmt:message key="group.delete.hint_info" />
Matt Tucker's avatar
Matt Tucker committed
90
<b><a href="group-edit.jsp?group=<%= URLEncoder.encode(group.getName(), "UTF-8")%>"><%= group.getName() %></a></b>
91
<fmt:message key="group.delete.hint_info1" />
Matt Tucker's avatar
Matt Tucker committed
92 93 94
</p>

<form action="group-delete.jsp">
95
    <input type="hidden" name="csrf" value="${csrf}">
Sven Tantau's avatar
Sven Tantau committed
96
<input type="hidden" name="group" value="<%= StringUtils.escapeForXML(groupName) %>">
97 98
<input type="submit" name="delete" value="<fmt:message key="group.delete.delete" />">
<input type="submit" name="cancel" value="<fmt:message key="global.cancel" />">
Matt Tucker's avatar
Matt Tucker committed
99 100
</form>

101 102 103 104 105 106 107 108 109 110 111 112 113 114
    <%  // Disable the form if a read-only user provider.
    if (webManager.getGroupManager().isReadOnly()) { %>

<script language="Javascript" type="text/javascript">
  function disable() {
    var limit = document.forms[0].elements.length;
    for (i=0;i<limit;i++) {
      document.forms[0].elements[i].disabled = true;
    }
  }
  disable();
</script>
    <% } %>

115
    </body>
Sven Tantau's avatar
Sven Tantau committed
116
</html>