2 * Copyright (C) 2001, 2002 The Mir-coders group
4 * This file is part of Mir.
6 * Mir is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Mir is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Mir; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * In addition, as a special exception, The Mir-coders gives permission to link
21 * the code of this program with any library licensed under the Apache Software License,
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
23 * (or with modified versions of the above that use the same license as the above),
24 * and distribute linked combinations including the two. You must obey the
25 * GNU General Public License in all respects for all of the code used other than
26 * the above mentioned libraries. If you modify this file, you may extend this
27 * exception to your version of the file, but you are not obligated to do so.
28 * If you do not wish to do so, delete this exception statement from your version.
31 package mircoders.servlet;
33 import mir.entity.adapter.EntityAdapterEngine;
34 import mir.entity.adapter.EntityAdapterModel;
35 import mir.servlet.AdminServletModule;
36 import mir.servlet.ServletModuleExc;
37 import mir.servlet.ServletModuleFailure;
38 import mir.servlet.ServletModuleUserExc;
39 import mir.util.HTTPRequestParser;
40 import mir.util.URLBuilder;
41 import mircoders.entity.EntityUsers;
42 import mircoders.global.MirGlobal;
43 import mircoders.module.ModuleUsers;
44 import mircoders.storage.DatabaseUsers;
46 import javax.servlet.http.HttpServletRequest;
47 import javax.servlet.http.HttpServletResponse;
48 import java.util.HashMap;
49 import java.util.Iterator;
50 import java.util.List;
51 import java.util.Locale;
58 public class ServletModuleUsers extends AdminServletModule {
59 protected ModuleUsers usersModule = new ModuleUsers();
61 public ServletModuleUsers() {
63 mainModule = usersModule;
66 public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc {
67 String idParam = aRequest.getParameter("id");
69 if (idParam == null) {
70 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
74 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
75 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
77 showUser(idParam, false, aRequest, aResponse);
80 throw new ServletModuleFailure(e);
84 public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
85 throws ServletModuleExc
88 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
90 showUser(null, false, aRequest, aResponse);
93 throw new ServletModuleFailure(e);
97 public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
99 if ( (aRequestParser.getParameter("newpassword") != null &&
100 aRequestParser.getParameter("newpassword").length() > 0) ||
101 (aRequestParser.getParameter("newpassword2") != null &&
102 aRequestParser.getParameter("newpassword2").length() > 0)
104 String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
105 String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
106 String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
109 if (!usersModule.checkUserPassword(aUser, oldPassword)) {
110 throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
113 catch (Throwable t) {
114 throw new ServletModuleFailure(t);
118 if (newPassword.length() == 0 || newPassword2.length() == 0) {
119 throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
122 if (!newPassword.equals(newPassword2)) {
123 throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});
131 public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
132 throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
135 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
137 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
138 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
140 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
141 if (newPassword!=null)
142 withValues.put("password", newPassword);
144 throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
146 String id = mainModule.add(withValues);
148 logAdminUsage(aRequest, id, "object added");
150 if (requestParser.hasParameter("returnurl"))
151 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
153 list(aRequest, aResponse);
155 catch (Throwable e) {
156 throw new ServletModuleFailure(e);
160 public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
163 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
164 String id = requestParser.getParameter("id");
165 EntityUsers user = (EntityUsers) mainModule.getById(id);
166 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
168 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
169 if (!withValues.containsKey("is_admin"))
170 withValues.put("is_admin","0");
171 if (!withValues.containsKey("is_disabled"))
172 withValues.put("is_disabled","0");
174 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
175 if (newPassword!=null)
176 withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
178 mainModule.set(withValues);
180 logAdminUsage(aRequest, id, "object modified");
182 if (requestParser.hasParameter("returnurl"))
183 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
185 list(aRequest, aResponse);
187 catch (Throwable e) {
188 throw new ServletModuleFailure(e);
192 public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
195 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
196 String id = requestParser.getParameter("id");
197 EntityUsers user = (EntityUsers) mainModule.getById(id);
198 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
200 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
201 if (newPassword!=null) {
202 user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
205 logAdminUsage(aRequest, id, "password changed");
207 // hackish: to make sure the cached logged in user is up-to-date:
208 ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
211 if (requestParser.hasParameter("returnurl"))
212 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
214 ServletHelper.redirect(aResponse, "");
216 catch (Throwable e) {
217 throw new ServletModuleFailure(e);
221 public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
223 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
225 int offset = requestParser.getIntegerWithDefault("offset", 0);
227 returnUserList(aRequest, aResponse, offset);
230 public void returnUserList(
231 HttpServletRequest aRequest,
232 HttpServletResponse aResponse,
233 int anOffset) throws ServletModuleExc {
235 URLBuilder urlBuilder = new URLBuilder();
238 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
241 EntityAdapterEngine.retrieveAdapterList(getModel(), definition,
242 "", "login", nrEntitiesPerListPage, anOffset);
244 responseData.put("nexturl", null);
245 responseData.put("prevurl", null);
247 urlBuilder.setValue("module", "Users");
248 urlBuilder.setValue("do", "list");
250 urlBuilder.setValue("offset", anOffset);
251 responseData.put("offset" , Integer.toString(anOffset));
252 responseData.put("thisurl" , urlBuilder.getQuery());
254 if (list.size()>=nrEntitiesPerListPage) {
255 urlBuilder.setValue("offset", anOffset + nrEntitiesPerListPage);
256 responseData.put("nexturl" , urlBuilder.getQuery());
260 urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
261 responseData.put("prevurl" , urlBuilder.getQuery());
264 responseData.put("users", list);
265 responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
266 responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
267 responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
269 responseData.put("from" , Integer.toString(anOffset+1));
270 responseData.put("to", Integer.toString(anOffset+list.size()));
271 responseData.put("offset" , Integer.toString(anOffset));
273 ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
275 catch (Throwable e) {
276 throw new ServletModuleFailure(e);
280 public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
281 throws ServletModuleExc {
283 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
284 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
285 EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
287 URLBuilder urlBuilder = new URLBuilder();
289 urlBuilder.setValue("module", "Users");
291 urlBuilder.setValue("do", "changepassword");
293 urlBuilder.setValue("do", "edit");
294 urlBuilder.setValue("id", anId);
295 urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
298 responseData.put("new", Boolean.FALSE);
299 user = model.makeEntityAdapter("user", mainModule.getById(anId));
302 List fields = DatabaseUsers.getInstance().getFieldNames();
303 responseData.put("new", Boolean.TRUE);
304 Map emptyUser = new HashMap();
305 Iterator i = fields.iterator();
306 while (i.hasNext()) {
307 emptyUser.put(i.next(), null);
312 responseData.put("user", user);
313 responseData.put("passwordonly", new Boolean(anOnlyPassword));
315 responseData.put("returnurl", requestParser.getParameter("returnurl"));
316 responseData.put("thisurl", urlBuilder.getQuery());
318 ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
320 catch (Throwable e) {
321 throw new ServletModuleFailure(e);
325 public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
327 EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
329 MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
331 super.delete(aRequest, aResponse);
333 catch (Throwable t) {
334 throw new ServletModuleFailure(t);
338 public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
340 String idParam = aRequest.getParameter("id");
343 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
346 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
347 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
349 showUser(idParam, true, aRequest, aResponse);
351 catch (Throwable e) {
352 throw new ServletModuleFailure(e);