2 * Copyright (C) 2001, 2002 The Mir-coders group
\r
4 * This file is part of Mir.
\r
6 * Mir is free software; you can redistribute it and/or modify
\r
7 * it under the terms of the GNU General Public License as published by
\r
8 * the Free Software Foundation; either version 2 of the License, or
\r
9 * (at your option) any later version.
\r
11 * Mir is distributed in the hope that it will be useful,
\r
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
\r
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
\r
14 * GNU General Public License for more details.
\r
16 * You should have received a copy of the GNU General Public License
\r
17 * along with Mir; if not, write to the Free Software
\r
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
\r
20 * In addition, as a special exception, The Mir-coders gives permission to link
\r
21 * the code of this program with any library licensed under the Apache Software License,
\r
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
\r
23 * (or with modified versions of the above that use the same license as the above),
\r
24 * and distribute linked combinations including the two. You must obey the
\r
25 * GNU General Public License in all respects for all of the code used other than
\r
26 * the above mentioned libraries. If you modify this file, you may extend this
\r
27 * exception to your version of the file, but you are not obligated to do so.
\r
28 * If you do not wish to do so, delete this exception statement from your version.
\r
31 package mircoders.servlet;
\r
33 import java.util.HashMap;
\r
34 import java.util.Iterator;
\r
35 import java.util.List;
\r
36 import java.util.Locale;
\r
37 import java.util.Map;
\r
38 import javax.servlet.http.HttpServletRequest;
\r
39 import javax.servlet.http.HttpServletResponse;
\r
41 import mir.entity.adapter.EntityAdapterModel;
\r
42 import mir.entity.adapter.EntityIteratorAdapter;
\r
43 import mir.log.LoggerWrapper;
\r
44 import mir.servlet.ServletModule;
\r
45 import mir.servlet.ServletModuleExc;
\r
46 import mir.servlet.ServletModuleFailure;
\r
47 import mir.servlet.ServletModuleUserExc;
\r
48 import mir.storage.StorageObjectFailure;
\r
49 import mir.util.CachingRewindableIterator;
\r
50 import mir.util.HTTPRequestParser;
\r
51 import mir.util.URLBuilder;
\r
52 import mircoders.entity.EntityUsers;
\r
53 import mircoders.global.MirGlobal;
\r
54 import mircoders.module.ModuleUsers;
\r
55 import mircoders.storage.DatabaseUsers;
\r
56 import mircoders.global.*;
\r
61 * <p>Description: </p>
\r
62 * <p>Copyright: Copyright (c) 2003</p>
\r
64 * @author not attributable
\r
67 public class ServletModuleUsers extends ServletModule
\r
69 private static ServletModuleUsers instance = new ServletModuleUsers();
\r
70 public static ServletModule getInstance() { return instance; }
\r
71 protected ModuleUsers usersModule;
\r
73 private ServletModuleUsers() {
\r
75 logger = new LoggerWrapper("ServletModule.Users");
\r
78 model = MirGlobal.localizer().dataModel().adapterModel();
\r
79 definition = "user";
\r
80 usersModule = new ModuleUsers(DatabaseUsers.getInstance());
\r
81 mainModule = usersModule;
\r
83 catch (Throwable e) {
\r
84 logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());
\r
88 public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
\r
90 String idParam = aRequest.getParameter("id");
\r
92 if (idParam == null)
\r
93 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
\r
96 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
\r
97 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
\r
99 showUser(idParam, false, aRequest, aResponse);
\r
101 catch (Throwable e) {
\r
102 throw new ServletModuleFailure(e);
\r
106 public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
\r
107 throws ServletModuleExc
\r
110 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
\r
112 showUser(null, false, aRequest, aResponse);
\r
114 catch (Throwable e) {
\r
115 throw new ServletModuleFailure(e);
\r
119 public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
\r
121 if ( (aRequestParser.getParameter("newpassword") != null &&
\r
122 aRequestParser.getParameter("newpassword").length() > 0) ||
\r
123 (aRequestParser.getParameter("newpassword2") != null &&
\r
124 aRequestParser.getParameter("newpassword2").length() > 0)
\r
126 String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
\r
127 String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
\r
128 String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
\r
131 if (!usersModule.checkUserPassword(aUser, oldPassword)) {
\r
132 throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
\r
135 catch (Throwable t) {
\r
136 throw new ServletModuleFailure(t);
\r
140 if (newPassword.length() == 0 || newPassword2.length() == 0) {
\r
141 throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
\r
144 if (!newPassword.equals(newPassword2)) {
\r
145 throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});
\r
148 return newPassword;
\r
154 public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
\r
155 throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
\r
158 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
\r
160 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
161 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
\r
163 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
\r
164 if (newPassword!=null)
\r
165 withValues.put("password", newPassword);
\r
167 throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
\r
169 String id = mainModule.add(withValues);
\r
171 logAdminUsage(aRequest, id, "object added");
\r
173 if (requestParser.hasParameter("returnurl"))
\r
174 redirect(aResponse, requestParser.getParameter("returnurl"));
\r
176 list(aRequest, aResponse);
\r
178 catch (Throwable e) {
\r
179 throw new ServletModuleFailure(e);
\r
183 public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
\r
186 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
187 String id = requestParser.getParameter("id");
\r
188 EntityUsers user = (EntityUsers) mainModule.getById(id);
\r
189 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
\r
191 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
\r
192 if (!withValues.containsKey("is_admin"))
\r
193 withValues.put("is_admin","0");
\r
195 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
\r
196 if (newPassword!=null)
\r
197 withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
\r
199 mainModule.set(withValues);
\r
201 logAdminUsage(aRequest, id, "object modified");
\r
203 if (requestParser.hasParameter("returnurl"))
\r
204 redirect(aResponse, requestParser.getParameter("returnurl"));
\r
206 list(aRequest, aResponse);
\r
208 catch (Throwable e) {
\r
209 throw new ServletModuleFailure(e);
\r
213 public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
\r
216 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
217 String id = requestParser.getParameter("id");
\r
218 EntityUsers user = (EntityUsers) mainModule.getById(id);
\r
219 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
\r
221 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
\r
222 if (newPassword!=null) {
\r
223 user.setValueForProperty("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
\r
226 logAdminUsage(aRequest, id, "password changed");
\r
228 // hackish: to make sure the cached logged in user is up-to-date:
\r
229 ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
\r
232 if (requestParser.hasParameter("returnurl"))
\r
233 redirect(aResponse, requestParser.getParameter("returnurl"));
\r
235 redirect(aResponse, "");
\r
237 catch (Throwable e) {
\r
238 throw new ServletModuleFailure(e);
\r
242 public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
\r
244 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
246 int offset = requestParser.getIntegerWithDefault("offset", 0);
\r
248 returnUserList(aRequest, aResponse, offset);
\r
251 public void returnUserList(
\r
252 HttpServletRequest aRequest,
\r
253 HttpServletResponse aResponse,
\r
254 int anOffset) throws ServletModuleExc {
\r
256 // ML: to be deleted, support for 3 extra vars to be added
\r
258 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
259 URLBuilder urlBuilder = new URLBuilder();
\r
260 EntityAdapterModel model;
\r
264 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
\r
265 model = MirGlobal.localizer().dataModel().adapterModel();
\r
268 new CachingRewindableIterator(
\r
269 new EntityIteratorAdapter( "", "login", nrEntitiesPerListPage,
\r
270 MirGlobal.localizer().dataModel().adapterModel(), "user", nrEntitiesPerListPage, anOffset)
\r
273 responseData.put("nexturl", null);
\r
274 responseData.put("prevurl", null);
\r
276 count=mainModule.getSize("");
\r
278 urlBuilder.setValue("module", "Users");
\r
279 urlBuilder.setValue("do", "list");
\r
281 urlBuilder.setValue("offset", anOffset);
\r
282 responseData.put("offset" , new Integer(anOffset).toString());
\r
283 responseData.put("thisurl" , urlBuilder.getQuery());
\r
285 if (count>=anOffset+nrEntitiesPerListPage) {
\r
286 urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));
\r
287 responseData.put("nexturl" , urlBuilder.getQuery());
\r
291 urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
\r
292 responseData.put("prevurl" , urlBuilder.getQuery());
\r
295 responseData.put("users", userList);
\r
296 responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
\r
297 responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
\r
298 responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
\r
300 responseData.put("from" , Integer.toString(anOffset+1));
\r
301 responseData.put("count", Integer.toString(count));
\r
302 responseData.put("to", Integer.toString(Math.min(anOffset+nrEntitiesPerListPage, count)));
\r
303 responseData.put("offset" , Integer.toString(anOffset));
\r
305 ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
\r
307 catch (Throwable e) {
\r
308 throw new ServletModuleFailure(e);
\r
312 public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
\r
313 throws ServletModuleExc {
\r
315 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
\r
316 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
\r
317 EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
\r
319 URLBuilder urlBuilder = new URLBuilder();
\r
321 urlBuilder.setValue("module", "Users");
\r
322 if (anOnlyPassword)
\r
323 urlBuilder.setValue("do", "changepassword");
\r
325 urlBuilder.setValue("do", "edit");
\r
326 urlBuilder.setValue("id", anId);
\r
327 urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
\r
330 responseData.put("new", Boolean.FALSE);
\r
331 user = model.makeEntityAdapter("user", mainModule.getById(anId));
\r
334 List fields = DatabaseUsers.getInstance().getFields();
\r
335 responseData.put("new", Boolean.TRUE);
\r
336 user = new HashMap();
\r
337 Iterator i = fields.iterator();
\r
338 while (i.hasNext()) {
\r
339 user.put(i.next(), null);
\r
342 MirGlobal.localizer().adminInterface().initializeArticle(user);
\r
344 responseData.put("user", user);
\r
345 responseData.put("passwordonly", new Boolean(anOnlyPassword));
\r
347 responseData.put("returnurl", requestParser.getParameter("returnurl"));
\r
348 responseData.put("thisurl", urlBuilder.getQuery());
\r
350 ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
\r
352 catch (Throwable e) {
\r
353 throw new ServletModuleFailure(e);
\r
357 public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
\r
359 EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
\r
361 MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
\r
363 super.delete(aRequest, aResponse);
\r
365 catch (Throwable t) {
\r
366 throw new ServletModuleFailure(t);
\r
370 public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
\r
372 String idParam = aRequest.getParameter("id");
\r
374 if (idParam == null)
\r
375 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
\r
378 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
\r
379 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
\r
381 showUser(idParam, true, aRequest, aResponse);
\r
383 catch (Throwable e) {
\r
384 throw new ServletModuleFailure(e);
\r