peoplesearch photo user permissions fix and enable photo setting

server/src/main/java/password/pwm/config/PwmSetting.java

@@ -965,6 +965,8 @@ public enum PwmSetting
             "peopleSearch.displayName.cardLabels", PwmSettingSyntax.STRING_ARRAY, PwmSettingCategory.PEOPLE_SEARCH ),
     PEOPLE_SEARCH_MAX_CACHE_SECONDS(
             "peopleSearch.maxCacheSeconds", PwmSettingSyntax.DURATION, PwmSettingCategory.PEOPLE_SEARCH ),
+    PEOPLE_SEARCH_ENABLE_PHOTO(
+            "peopleSearch.enablePhoto", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.PEOPLE_SEARCH ),
     PEOPLE_SEARCH_PHOTO_QUERY_FILTER(
             "peopleSearch.photo.queryFilter", PwmSettingSyntax.USER_PERMISSION, PwmSettingCategory.PEOPLE_SEARCH ),
     PEOPLE_SEARCH_SEARCH_FILTER(

server/src/main/java/password/pwm/http/servlet/helpdesk/HelpdeskClientDataBean.java

@@ -32,7 +32,7 @@ import password.pwm.config.option.MessageSendMethod;
 import password.pwm.config.profile.HelpdeskProfile;
 import password.pwm.config.value.data.ActionConfiguration;
 import password.pwm.config.value.data.FormConfiguration;
-import password.pwm.http.servlet.peoplesearch.PeopleSearchClientConfigBean;
+import password.pwm.http.servlet.peoplesearch.bean.SearchAttributeBean;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -57,7 +57,7 @@ public class HelpdeskClientDataBean implements Serializable
     private Map<String, Collection<IdentityVerificationMethod>> verificationMethods;
     private List<FormInformation> verificationForm;
     private int maxAdvancedSearchAttributes;
-    private List<PeopleSearchClientConfigBean.SearchAttribute> advancedSearchAttributes;
+    private List<SearchAttributeBean> advancedSearchAttributes;
     private boolean enableAdvancedSearch;
 
 
@@ -138,7 +138,7 @@ public class HelpdeskClientDataBean implements Serializable
             builder.verificationForm( formInformations );
         }
         {
-            final List<PeopleSearchClientConfigBean.SearchAttribute> searchAttributes = PeopleSearchClientConfigBean.SearchAttribute.searchAttributesFromForm(
+            final List<SearchAttributeBean> searchAttributes = SearchAttributeBean.searchAttributesFromForm(
                     locale,
                     helpdeskProfile.readSettingAsForm( PwmSetting.HELPDESK_SEARCH_FORM ) );
 

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchConfiguration.java

@@ -30,10 +30,9 @@ import password.pwm.config.Configuration;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.profile.LdapProfile;
 import password.pwm.config.value.data.FormConfiguration;
-import password.pwm.config.value.data.UserPermission;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.PwmRequest;
-import password.pwm.ldap.LdapPermissionTester;
+import password.pwm.util.java.StringUtil;
 import password.pwm.util.java.TimeDuration;
 
 import java.util.Collections;
@@ -65,7 +64,7 @@ public class PeopleSearchConfiguration
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_PHOTO_URL_OVERRIDE );
     }
 
-    boolean isPhotosEnabled( final UserIdentity actor, final SessionLabel sessionLabel )
+    public boolean isPhotosEnabled( final UserIdentity actor, final SessionLabel sessionLabel )
             throws PwmUnrecoverableException
     {
         if ( actor == null )
@@ -73,8 +72,11 @@ public class PeopleSearchConfiguration
             return false;
         }
 
-        final List<UserPermission> permissions =  pwmApplication.getConfig().readSettingAsUserPermission( PwmSetting.PEOPLE_SEARCH_PHOTO_QUERY_FILTER );
-        return LdapPermissionTester.testUserPermissions( pwmApplication, sessionLabel, actor, permissions );
+        final boolean settingEnabled = pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.PEOPLE_SEARCH_ENABLE_PHOTO );
+        final String photoAttribute = getPhotoAttribute( actor );
+        final String photoUrl = getPhotoUrlOverride( actor );
+        return settingEnabled
+                && ( !StringUtil.isEmpty( photoAttribute ) || !StringUtil.isEmpty( photoUrl ) );
     }
 
     public boolean isOrgChartEnabled()
@@ -107,32 +109,32 @@ public class PeopleSearchConfiguration
         return ldapProfile.readSettingAsString( PwmSetting.LDAP_ATTRIBUTE_ORGCHART_WORKFORCEID );
     }
 
-    boolean isOrgChartShowChildCount( )
+    public boolean isOrgChartShowChildCount()
     {
         return Boolean.parseBoolean( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_ORGCHART_ENABLE_CHILD_COUNT ) );
     }
 
-    int getOrgChartMaxParents( )
+    public int getOrgChartMaxParents()
     {
         return Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_ORGCHART_MAX_PARENTS ) );
     }
 
-    boolean isEnableExportCsv( )
+    public boolean isEnableExportCsv()
     {
         return pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.PEOPLE_SEARCH_ENABLE_EXPORT );
     }
 
-    int getExportCsvMaxDepth( )
+    public int getExportCsvMaxDepth()
     {
         return Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_EXPORT_CSV_MAX_DEPTH ) );
     }
 
-    boolean isEnableMailtoLinks( )
+    public boolean isEnableMailtoLinks()
     {
         return pwmApplication.getConfig().readSettingAsBoolean( PwmSetting.PEOPLE_SEARCH_ENABLE_TEAM_MAILTO );
     }
 
-    int getMailtoLinksMaxDepth( )
+    public int getMailtoLinksMaxDepth( )
     {
         return Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_EXPORT_CSV_MAX_DEPTH ) );
     }
@@ -153,7 +155,7 @@ public class PeopleSearchConfiguration
         return Integer.parseInt( pwmRequest.getConfig().readAppProperty( AppProperty.PEOPLESEARCH_EXPORT_CSV_MAX_ITEMS ) );
     }
 
-    List<FormConfiguration> getSearchForm()
+    public List<FormConfiguration> getSearchForm()
     {
         return pwmRequest.getConfig().readSettingAsForm( PwmSetting.PEOPLE_SEARCH_SEARCH_FORM );
     }
@@ -175,7 +177,7 @@ public class PeopleSearchConfiguration
         return ( int ) pwmRequest.getConfig().readSettingAsLong( PwmSetting.PEOPLE_SEARCH_RESULT_LIMIT );
     }
 
-    boolean isEnablePrinting()
+    public boolean isEnablePrinting()
     {
         return pwmRequest.getConfig().readSettingAsBoolean( PwmSetting.PEOPLE_SEARCH_ENABLE_PRINTING );
     }

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchDataReader.java

@@ -35,6 +35,7 @@ import password.pwm.PwmConstants;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.value.data.FormConfiguration;
+import password.pwm.config.value.data.UserPermission;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmOperationalException;
@@ -42,6 +43,13 @@ import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.PwmRequest;
 import password.pwm.http.PwmURL;
 import password.pwm.http.servlet.helpdesk.HelpdeskServletUtil;
+import password.pwm.http.servlet.peoplesearch.bean.AttributeDetailBean;
+import password.pwm.http.servlet.peoplesearch.bean.LinkReferenceBean;
+import password.pwm.http.servlet.peoplesearch.bean.OrgChartDataBean;
+import password.pwm.http.servlet.peoplesearch.bean.OrgChartReferenceBean;
+import password.pwm.http.servlet.peoplesearch.bean.SearchResultBean;
+import password.pwm.http.servlet.peoplesearch.bean.UserDetailBean;
+import password.pwm.http.servlet.peoplesearch.bean.UserReferenceBean;
 import password.pwm.i18n.Display;
 import password.pwm.ldap.LdapOperationsHelper;
 import password.pwm.ldap.LdapPermissionTester;
@@ -476,10 +484,19 @@ class PeopleSearchDataReader
         final boolean enabled = peopleSearchConfiguration.isPhotosEnabled( pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getSessionLabel() );
         if ( !enabled )
         {
-            LOGGER.debug( pwmRequest, () -> "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view" );
             return null;
         }
 
+        {
+            final List<UserPermission> permissions = pwmApplication.getConfig().readSettingAsUserPermission( PwmSetting.PEOPLE_SEARCH_PHOTO_QUERY_FILTER );
+            final boolean hasPermission = LdapPermissionTester.testUserPermissions( pwmApplication, pwmRequest.getSessionLabel(), userIdentity, permissions );
+            if ( !hasPermission )
+            {
+                LOGGER.debug( pwmRequest, () -> "user " + userIdentity.toString() + " failed photo query filter, denying photo view" );
+                return null;
+            }
+        }
+
         final String overrideURL = peopleSearchConfiguration.getPhotoUrlOverride( userIdentity );
         try
         {

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchServlet.java

@@ -40,6 +40,10 @@ import password.pwm.http.PwmHttpRequestWrapper;
 import password.pwm.http.PwmRequest;
 import password.pwm.http.PwmRequestFlag;
 import password.pwm.http.servlet.ControlledPwmServlet;
+import password.pwm.http.servlet.peoplesearch.bean.OrgChartDataBean;
+import password.pwm.http.servlet.peoplesearch.bean.PeopleSearchClientConfigBean;
+import password.pwm.http.servlet.peoplesearch.bean.SearchResultBean;
+import password.pwm.http.servlet.peoplesearch.bean.UserDetailBean;
 import password.pwm.ldap.PhotoDataBean;
 import password.pwm.svc.stats.Statistic;
 import password.pwm.svc.stats.StatisticsManager;

server/src/main/java/password/pwm/http/servlet/peoplesearch/UserDetailBean.java

@@ -1,87 +0,0 @@
-/*
- * Password Management Servlets (PWM)
- * http://www.pwm-project.org
- *
- * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2018 The PWM Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- */
-
-package password.pwm.http.servlet.peoplesearch;
-
-import java.io.Serializable;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-class UserDetailBean implements Serializable
-{
-    private List<String> displayNames;
-    private String userKey;
-    private Map<String, AttributeDetailBean> detail;
-    private String photoURL;
-    private List<LinkReferenceBean> links = Collections.emptyList();
-
-    public List<String> getDisplayNames( )
-    {
-        return displayNames;
-    }
-
-    public void setDisplayNames( final List<String> displayNames )
-    {
-        this.displayNames = displayNames;
-    }
-
-    public String getUserKey( )
-    {
-        return userKey;
-    }
-
-    public void setUserKey( final String userKey )
-    {
-        this.userKey = userKey;
-    }
-
-    public Map<String, AttributeDetailBean> getDetail( )
-    {
-        return detail;
-    }
-
-    public void setDetail( final Map<String, AttributeDetailBean> detail )
-    {
-        this.detail = detail;
-    }
-
-    public String getPhotoURL( )
-    {
-        return photoURL;
-    }
-
-    public void setPhotoURL( final String photoURL )
-    {
-        this.photoURL = photoURL;
-    }
-
-    public List<LinkReferenceBean> getLinks( )
-    {
-        return links;
-    }
-
-    public void setLinks( final List<LinkReferenceBean> links )
-    {
-        this.links = links;
-    }
-}

server/src/main/java/password/pwm/http/servlet/peoplesearch/AttributeDetailBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/AttributeDetailBean.java

@@ -20,14 +20,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
 
+import lombok.Data;
 import password.pwm.config.value.data.FormConfiguration;
 
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
 
+@Data
 public class AttributeDetailBean implements Serializable
 {
     private String name;
@@ -36,66 +38,4 @@ public class AttributeDetailBean implements Serializable
     private List<String> values;
     private Collection<UserReferenceBean> userReferences;
     private boolean searchable;
-
-    public String getName( )
-    {
-        return name;
-    }
-
-    public void setName( final String name )
-    {
-        this.name = name;
-    }
-
-    public String getLabel( )
-    {
-        return label;
-    }
-
-    public void setLabel( final String label )
-    {
-        this.label = label;
-    }
-
-    public FormConfiguration.Type getType( )
-    {
-        return type;
-    }
-
-    public void setType( final FormConfiguration.Type type )
-    {
-        this.type = type;
-    }
-
-    public List<String> getValues( )
-    {
-        return values;
-    }
-
-    public void setValues( final List<String> values )
-    {
-        this.values = values;
-    }
-
-    public Collection<UserReferenceBean> getUserReferences( )
-    {
-        return userReferences;
-    }
-
-    public void setUserReferences( final Collection<UserReferenceBean> userReferences )
-    {
-        this.userReferences = userReferences;
-    }
-
-    public boolean isSearchable( )
-    {
-        return searchable;
-    }
-
-    public void setSearchable( final boolean searchable )
-    {
-        this.searchable = searchable;
-    }
-
-
 }

server/src/main/java/password/pwm/http/servlet/peoplesearch/LinkReferenceBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/LinkReferenceBean.java

@@ -20,32 +20,15 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
+
+import lombok.Data;
 
 import java.io.Serializable;
 
-class LinkReferenceBean implements Serializable
+@Data
+public class LinkReferenceBean implements Serializable
 {
     private String name;
     private String link;
-
-    public String getName( )
-    {
-        return name;
-    }
-
-    public void setName( final String name )
-    {
-        this.name = name;
-    }
-
-    public String getLink( )
-    {
-        return link;
-    }
-
-    public void setLink( final String link )
-    {
-        this.link = link;
-    }
 }

server/src/main/java/password/pwm/http/servlet/peoplesearch/OrgChartDataBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/OrgChartDataBean.java

@@ -20,18 +20,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
 
-import lombok.Getter;
-import lombok.Setter;
+import lombok.Data;
 
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.List;
 
-@Getter
-@Setter
-class OrgChartDataBean implements Serializable
+@Data
+public class OrgChartDataBean implements Serializable
 {
     private OrgChartReferenceBean parent;
     private OrgChartReferenceBean self;

server/src/main/java/password/pwm/http/servlet/peoplesearch/OrgChartReferenceBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/OrgChartReferenceBean.java

@@ -20,18 +20,16 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
 
-import lombok.Getter;
-import lombok.Setter;
+import lombok.Data;
 
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 
-@Getter
-@Setter
-class OrgChartReferenceBean implements Serializable
+@Data
+public class OrgChartReferenceBean implements Serializable
 {
     public String userKey;
     public List<String> displayNames = new ArrayList<>();

server/src/main/java/password/pwm/http/servlet/peoplesearch/PeopleSearchClientConfigBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/PeopleSearchClientConfigBean.java

@@ -20,7 +20,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
 
 import lombok.Builder;
 import lombok.Value;
@@ -31,10 +31,9 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.value.data.FormConfiguration;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.http.PwmRequest;
+import password.pwm.http.servlet.peoplesearch.PeopleSearchConfiguration;
 
 import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Locale;
@@ -51,7 +50,7 @@ public class PeopleSearchClientConfigBean implements Serializable
     private boolean orgChartShowChildCount;
     private int orgChartMaxParents;
     private int maxAdvancedSearchAttributes;
-    private List<SearchAttribute> advancedSearchAttributes;
+    private List<SearchAttributeBean> advancedSearchAttributes;
     private boolean enableOrgChartPrinting;
     private boolean enableExport;
     private int exportMaxDepth;
@@ -59,43 +58,7 @@ public class PeopleSearchClientConfigBean implements Serializable
     private int mailtoLinkMaxDepth;
 
 
-
-    @Value
-    @Builder
-    public static class SearchAttribute implements Serializable
-    {
-        private String attribute;
-        private String label;
-        private FormConfiguration.Type type;
-        private Map<String, String> options;
-
-        public static List<SearchAttribute> searchAttributesFromForm(
-                final Locale locale,
-                final List<FormConfiguration> formConfigurations
-        )
-        {
-            final List<SearchAttribute> returnList = new ArrayList<>( );
-            for ( final FormConfiguration formConfiguration : formConfigurations )
-            {
-                final String attribute = formConfiguration.getName();
-                final String label = formConfiguration.getLabel( locale );
-
-                final SearchAttribute searchAttribute = SearchAttribute.builder()
-                        .attribute( attribute )
-                        .type( formConfiguration.getType() )
-                        .label( label )
-                        .options( formConfiguration.getSelectOptions() )
-                        .build();
-
-                returnList.add( searchAttribute );
-            }
-
-            return Collections.unmodifiableList( returnList );
-        }
-    }
-
-
-    static PeopleSearchClientConfigBean fromConfig(
+    public static PeopleSearchClientConfigBean fromConfig(
             final PwmRequest pwmRequest,
             final PeopleSearchConfiguration peopleSearchConfiguration,
             final UserIdentity userIdentity
@@ -115,7 +78,9 @@ public class PeopleSearchClientConfigBean implements Serializable
         }
 
 
-        final List<SearchAttribute> searchAttributes = SearchAttribute.searchAttributesFromForm( locale, peopleSearchConfiguration.getSearchForm() );
+        final List<SearchAttributeBean> searchAttributeBeans = SearchAttributeBean.searchAttributesFromForm(
+                locale,
+                peopleSearchConfiguration.getSearchForm() );
 
         return PeopleSearchClientConfigBean.builder()
                 .searchColumns( searchColumns )
@@ -128,7 +93,7 @@ public class PeopleSearchClientConfigBean implements Serializable
                 .enableOrgChartPrinting( peopleSearchConfiguration.isEnablePrinting() )
 
                 .maxAdvancedSearchAttributes( 3 )
-                .advancedSearchAttributes( searchAttributes )
+                .advancedSearchAttributes( searchAttributeBeans )
 
                 .mailtoLinkMaxDepth( peopleSearchConfiguration.getMailtoLinksMaxDepth() )
                 .enableMailtoLinks( peopleSearchConfiguration.isEnableMailtoLinks() )

server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/SearchAttributeBean.java

@@ -0,0 +1,68 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2018 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+package password.pwm.http.servlet.peoplesearch.bean;
+
+import lombok.Builder;
+import lombok.Value;
+import password.pwm.config.value.data.FormConfiguration;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+@Value
+@Builder
+public class SearchAttributeBean implements Serializable
+{
+    private String attribute;
+    private String label;
+    private FormConfiguration.Type type;
+    private Map<String, String> options;
+
+    public static List<SearchAttributeBean> searchAttributesFromForm(
+            final Locale locale,
+            final List<FormConfiguration> formConfigurations
+    )
+    {
+        final List<SearchAttributeBean> returnList = new ArrayList<>( );
+        for ( final FormConfiguration formConfiguration : formConfigurations )
+        {
+            final String attribute = formConfiguration.getName();
+            final String label = formConfiguration.getLabel( locale );
+
+            final SearchAttributeBean searchAttribute = SearchAttributeBean.builder()
+                    .attribute( attribute )
+                    .type( formConfiguration.getType() )
+                    .label( label )
+                    .options( formConfiguration.getSelectOptions() )
+                    .build();
+
+            returnList.add( searchAttribute );
+        }
+
+        return Collections.unmodifiableList( returnList );
+    }
+}

server/src/main/java/password/pwm/http/servlet/peoplesearch/SearchResultBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/SearchResultBean.java

@@ -20,7 +20,9 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
+
+import lombok.Data;
 
 import lombok.Builder;
 import lombok.Value;
@@ -31,7 +33,8 @@ import java.util.Map;
 
 @Value
 @Builder( toBuilder = true )
-class SearchResultBean implements Serializable
+@Data
+public class SearchResultBean implements Serializable
 {
     private List<Map<String, Object>> searchResults;
     private boolean sizeExceeded;

server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/UserDetailBean.java

@@ -0,0 +1,39 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://www.pwm-project.org
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2018 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
+package password.pwm.http.servlet.peoplesearch.bean;
+
+import lombok.Data;
+
+import java.io.Serializable;
+import java.util.List;
+import java.util.Map;
+
+@Data
+public class UserDetailBean implements Serializable
+{
+    private List<String> displayNames;
+    private String userKey;
+    private Map<String, AttributeDetailBean> detail;
+    private String photoURL;
+    private List<LinkReferenceBean> links;
+}

server/src/main/java/password/pwm/http/servlet/peoplesearch/UserReferenceBean.java → server/src/main/java/password/pwm/http/servlet/peoplesearch/bean/UserReferenceBean.java

@@ -20,32 +20,15 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-package password.pwm.http.servlet.peoplesearch;
+package password.pwm.http.servlet.peoplesearch.bean;
+
+import lombok.Data;
 
 import java.io.Serializable;
 
-class UserReferenceBean implements Serializable
+@Data
+public class UserReferenceBean implements Serializable
 {
     private String userKey;
     private String displayName;
-
-    public String getUserKey( )
-    {
-        return userKey;
-    }
-
-    public void setUserKey( final String userKey )
-    {
-        this.userKey = userKey;
-    }
-
-    public String getDisplayName( )
-    {
-        return displayName;
-    }
-
-    public void setDisplayName( final String displayName )
-    {
-        this.displayName = displayName;
-    }
 }

server/src/main/resources/password/pwm/config/PwmSetting.xml

@@ -3153,6 +3153,11 @@
             <value>false</value>
         </default>
     </setting>
+    <setting hidden="false" key="peopleSearch.enablePhoto" level="1">
+        <default>
+            <value>true</value>
+        </default>
+    </setting>
     <setting hidden="false" key="peopleSearch.enableOrgChart" level="1">
         <default>
             <value>true</value>

server/src/main/resources/password/pwm/i18n/Display.properties

@@ -300,7 +300,7 @@ Long_Title_Main_Menu=Password self-service main menu. From here you can change y
 Long_Title_NewUser=Create a new user account.
 Long_Title_PeopleSearch=Lookup contact information for your colleagues.
 Long_Title_SetupResponses=Security questions and answers allow you to recover a forgotten password.
-Long_Title_SetupOtpSecret=Setup mobile app device.  If you forget your password, you can use your mobile device to authenticate to this site.
+Long_Title_SetupOtpSecret=Setup your mobile device to allow you to recover a forgotten password.
 Long_Title_Shortcuts=Personalized shortcuts.
 Long_Title_UpdateProfile=Update your user profile data.
 Long_Title_UserEventHistory=Password event history.  See when you have changed your password in the past.

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -590,6 +590,7 @@ Setting_Description_peopleSearch.displayName.user=Specify the display name for u
 Setting_Description_peopleSearch.enable=Enable this option to enable the People Search module.
 Setting_Description_peopleSearch.enableExport=Enable this option to allow download of organizational chart data.
 Setting_Description_peopleSearch.enableTeamMailto=Enable this option to allow to show a link that will email a team of users in the orgchart view.
+Setting_Description_peopleSearch.enablePhoto=Enable this option to show photos of people in the organizational chart and detail used view. 
 Setting_Description_peopleSearch.enableOrgChart=Enable this option to show an organizational chart of users.
 Setting_Description_peopleSearch.enablePublic=Enable this option to allow access to the People Search module for unauthenticated users.
 Setting_Description_peopleSearch.enablePrinting=Enable this option to show a print option in the org chart view.
@@ -1110,6 +1111,7 @@ Setting_Label_peopleSearch.displayName.user=UserDN Name Display
 Setting_Label_peopleSearch.enable=Enable People Search
 Setting_Label_peopleSearch.enableExport=Enable Export
 Setting_Label_peopleSearch.enableTeamMailto=Enable Team Mailto
+Setting_Label_peopleSearch.enablePhoto=Enable Photos
 Setting_Label_peopleSearch.enableOrgChart=Enable Organizational Chart
 Setting_Label_peopleSearch.enablePublic=Enable People Search Public (Non-Authenticated) Access
 Setting_Label_peopleSearch.enablePrinting=Enable Printing