admin activity logger added

[mir.git] / source / mircoders / servlet / ServletModuleUsers.java

/*\r
 * Copyright (C) 2001, 2002 The Mir-coders group\r
 *\r
 * This file is part of Mir.\r
 *\r
 * Mir is free software; you can redistribute it and/or modify\r
 * it under the terms of the GNU General Public License as published by\r
 * the Free Software Foundation; either version 2 of the License, or\r
 * (at your option) any later version.\r
 *\r
 * Mir is distributed in the hope that it will be useful,\r
 * but WITHOUT ANY WARRANTY; without even the implied warranty of\r
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\r
 * GNU General Public License for more details.\r
 *\r
 * You should have received a copy of the GNU General Public License\r
 * along with Mir; if not, write to the Free Software\r
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA\r
 *\r
 * In addition, as a special exception, The Mir-coders gives permission to link\r
 * the code of this program with  any library licensed under the Apache Software License,\r
 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library\r
 * (or with modified versions of the above that use the same license as the above),\r
 * and distribute linked combinations including the two.  You must obey the\r
 * GNU General Public License in all respects for all of the code used other than\r
 * the above mentioned libraries.  If you modify this file, you may extend this\r
 * exception to your version of the file, but you are not obligated to do so.\r
 * If you do not wish to do so, delete this exception statement from your version.\r
 */\r
\r
package mircoders.servlet;\r
\r
import java.util.HashMap;\r
import java.util.Iterator;\r
import java.util.List;\r
import java.util.Locale;\r
import java.util.Map;\r
import javax.servlet.http.HttpServletRequest;\r
import javax.servlet.http.HttpServletResponse;\r
\r
import mir.entity.adapter.EntityAdapterModel;\r
import mir.entity.adapter.EntityIteratorAdapter;\r
import mir.log.LoggerWrapper;\r
import mir.servlet.ServletModule;\r
import mir.servlet.ServletModuleExc;\r
import mir.servlet.ServletModuleFailure;\r
import mir.servlet.ServletModuleUserExc;\r
import mir.storage.StorageObjectFailure;\r
import mir.util.CachingRewindableIterator;\r
import mir.util.HTTPRequestParser;\r
import mir.util.URLBuilder;\r
import mircoders.entity.EntityUsers;\r
import mircoders.global.MirGlobal;\r
import mircoders.module.ModuleUsers;\r
import mircoders.storage.DatabaseUsers;\r
import mircoders.global.*;\r
\r
/**\r
 *\r
 * <p>Title: </p>\r
 * <p>Description: </p>\r
 * <p>Copyright: Copyright (c) 2003</p>\r
 * <p>Company: </p>\r
 * @author not attributable\r
 * @version 1.0\r
 */\r
public class ServletModuleUsers extends ServletModule\r
{\r
  private static ServletModuleUsers instance = new ServletModuleUsers();\r
  public static ServletModule getInstance() { return instance; }\r
  protected ModuleUsers usersModule;\r
\r
  private ServletModuleUsers() {\r
    super();\r
    logger = new LoggerWrapper("ServletModule.Users");\r
\r
    try {\r
      model = MirGlobal.localizer().dataModel().adapterModel();\r
      definition = "user";\r
      usersModule = new ModuleUsers(DatabaseUsers.getInstance());\r
      mainModule = usersModule;\r
    }\r
    catch (Throwable e) {\r
      logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());\r
    }\r
  }\r
\r
  public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc\r
  {\r
    String idParam = aRequest.getParameter("id");\r
\r
    if (idParam == null)\r
      throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");\r
\r
    try {\r
      EntityUsers user = (EntityUsers) mainModule.getById(idParam);\r
      MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);\r
\r
      showUser(idParam, false, aRequest, aResponse);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)\r
      throws ServletModuleExc\r
  {\r
    try {\r
      MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));\r
\r
      showUser(null, false, aRequest, aResponse);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure\r
  {\r
    if ( (aRequestParser.getParameter("newpassword") != null &&\r
          aRequestParser.getParameter("newpassword").length() > 0) ||\r
        (aRequestParser.getParameter("newpassword2") != null &&\r
         aRequestParser.getParameter("newpassword2").length() > 0)\r
        ) {\r
      String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");\r
      String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");\r
      String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");\r
\r
      try {\r
        if (!usersModule.checkUserPassword(aUser, oldPassword)) {\r
          throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});\r
        }\r
      }\r
      catch (Throwable t) {\r
        throw new ServletModuleFailure(t);\r
      }\r
\r
\r
      if (newPassword.length() == 0 || newPassword2.length() == 0) {\r
        throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});\r
      }\r
\r
      if (!newPassword.equals(newPassword2)) {\r
        throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});\r
      }\r
\r
      return newPassword;\r
    }\r
    else\r
      return null;\r
  }\r
\r
  public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)\r
      throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure\r
  {\r
    try {\r
      MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));\r
\r
      HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
      Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());\r
\r
      String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);\r
      if (newPassword!=null)\r
        withValues.put("password", newPassword);\r
      else\r
        throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});\r
\r
      String id = mainModule.add(withValues);\r
\r
      logAdminUsage(aRequest, id, "object added");\r
\r
      if (requestParser.hasParameter("returnurl"))\r
        redirect(aResponse, requestParser.getParameter("returnurl"));\r
      else\r
        list(aRequest, aResponse);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure\r
  {\r
    try {\r
      HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
      String id = requestParser.getParameter("id");\r
      EntityUsers user = (EntityUsers) mainModule.getById(id);\r
      MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);\r
\r
      Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());\r
      if (!withValues.containsKey("is_admin"))\r
        withValues.put("is_admin","0");\r
\r
      String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);\r
      if (newPassword!=null)\r
        withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));\r
\r
      mainModule.set(withValues);\r
\r
      logAdminUsage(aRequest, id, "object modified");\r
\r
      if (requestParser.hasParameter("returnurl"))\r
        redirect(aResponse, requestParser.getParameter("returnurl"));\r
      else\r
        list(aRequest, aResponse);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure\r
  {\r
    try {\r
      HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
      String id = requestParser.getParameter("id");\r
      EntityUsers user = (EntityUsers) mainModule.getById(id);\r
      MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);\r
\r
      String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);\r
      if (newPassword!=null) {\r
        user.setValueForProperty("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));\r
        user.update();\r
\r
        logAdminUsage(aRequest, id, "password changed");\r
\r
        // hackish: to make sure the cached logged in user is up-to-date:\r
        ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));\r
      }\r
\r
      if (requestParser.hasParameter("returnurl"))\r
        redirect(aResponse, requestParser.getParameter("returnurl"));\r
      else\r
        redirect(aResponse, "");\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc\r
  {\r
    HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
\r
    int offset = requestParser.getIntegerWithDefault("offset", 0);\r
\r
    returnUserList(aRequest, aResponse, offset);\r
  }\r
\r
  public void returnUserList(\r
       HttpServletRequest aRequest,\r
       HttpServletResponse aResponse,\r
       int anOffset) throws ServletModuleExc {\r
\r
// ML: to be deleted, support for 3 extra vars to be added\r
\r
    HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
    URLBuilder urlBuilder = new URLBuilder();\r
    EntityAdapterModel model;\r
    int count;\r
\r
    try {\r
      Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});\r
      model = MirGlobal.localizer().dataModel().adapterModel();\r
\r
      Object userList =\r
          new CachingRewindableIterator(\r
            new EntityIteratorAdapter( "", "login", nrEntitiesPerListPage,\r
               MirGlobal.localizer().dataModel().adapterModel(), "user", nrEntitiesPerListPage, anOffset)\r
      );\r
\r
      responseData.put("nexturl", null);\r
      responseData.put("prevurl", null);\r
\r
      count=mainModule.getSize("");\r
\r
      urlBuilder.setValue("module", "Users");\r
      urlBuilder.setValue("do", "list");\r
\r
      urlBuilder.setValue("offset", anOffset);\r
      responseData.put("offset" , new Integer(anOffset).toString());\r
      responseData.put("thisurl" , urlBuilder.getQuery());\r
\r
      if (count>=anOffset+nrEntitiesPerListPage) {\r
        urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));\r
        responseData.put("nexturl" , urlBuilder.getQuery());\r
      }\r
\r
      if (anOffset>0) {\r
        urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));\r
        responseData.put("prevurl" , urlBuilder.getQuery());\r
      }\r
\r
      responseData.put("users", userList);\r
      responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));\r
      responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));\r
      responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));\r
\r
      responseData.put("from" , Integer.toString(anOffset+1));\r
      responseData.put("count", Integer.toString(count));\r
      responseData.put("to", Integer.toString(Math.min(anOffset+nrEntitiesPerListPage, count)));\r
      responseData.put("offset" , Integer.toString(anOffset));\r
\r
      ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)\r
      throws ServletModuleExc {\r
    try {\r
      HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);\r
      Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});\r
      EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();\r
      Map user;\r
      URLBuilder urlBuilder = new URLBuilder();\r
\r
      urlBuilder.setValue("module", "Users");\r
      if (anOnlyPassword)\r
        urlBuilder.setValue("do", "changepassword");\r
      else\r
        urlBuilder.setValue("do", "edit");\r
      urlBuilder.setValue("id", anId);\r
      urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));\r
\r
      if (anId!=null) {\r
        responseData.put("new", Boolean.FALSE);\r
        user = model.makeEntityAdapter("user", mainModule.getById(anId));\r
      }\r
      else {\r
        List fields = DatabaseUsers.getInstance().getFields();\r
        responseData.put("new", Boolean.TRUE);\r
        user = new HashMap();\r
        Iterator i = fields.iterator();\r
        while (i.hasNext()) {\r
          user.put(i.next(), null);\r
        }\r
\r
        MirGlobal.localizer().adminInterface().initializeArticle(user);\r
      }\r
      responseData.put("user", user);\r
      responseData.put("passwordonly", new Boolean(anOnlyPassword));\r
\r
      responseData.put("returnurl", requestParser.getParameter("returnurl"));\r
      responseData.put("thisurl", urlBuilder.getQuery());\r
\r
      ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
\r
  public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {\r
    try {\r
      EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));\r
\r
      MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);\r
\r
      super.delete(aRequest, aResponse);\r
    }\r
    catch (Throwable t) {\r
      throw new ServletModuleFailure(t);\r
    }\r
  }\r
\r
  public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc\r
  {\r
    String idParam = aRequest.getParameter("id");\r
\r
    if (idParam == null)\r
      throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");\r
\r
    try {\r
      EntityUsers user = (EntityUsers) mainModule.getById(idParam);\r
      MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);\r
\r
      showUser(idParam, true, aRequest, aResponse);\r
    }\r
    catch (Throwable e) {\r
      throw new ServletModuleFailure(e);\r
    }\r
  }\r
}\r
\r