/*
- * Copyright (C) 2001, 2002 The Mir-coders group
+ * Copyright (C) 2001, 2002 The Mir-coders group
*
* This file is part of Mir.
*
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* In addition, as a special exception, The Mir-coders gives permission to link
- * the code of this program with the com.oreilly.servlet library, any library
- * licensed under the Apache Software License, The Sun (tm) Java Advanced
- * Imaging library (JAI), The Sun JIMI library (or with modified versions of
- * the above that use the same license as the above), and distribute linked
- * combinations including the two. You must obey the GNU General Public
- * License in all respects for all of the code used other than the above
- * mentioned libraries. If you modify this file, you may extend this exception
- * to your version of the file, but you are not obligated to do so. If you do
- * not wish to do so, delete this exception statement from your version.
+ * the code of this program with any library licensed under the Apache Software License,
+ * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
+ * (or with modified versions of the above that use the same license as the above),
+ * and distribute linked combinations including the two. You must obey the
+ * GNU General Public License in all respects for all of the code used other than
+ * the above mentioned libraries. If you modify this file, you may extend this
+ * exception to your version of the file, but you are not obligated to do so.
+ * If you do not wish to do so, delete this exception statement from your version.
*/
package mircoders.servlet;
-import java.io.*;
-import java.sql.*;
-import java.util.*;
-import javax.servlet.*;
-import javax.servlet.http.*;
-
-import freemarker.template.*;
-
-import mir.servlet.*;
-import mir.module.*;
-import mir.misc.*;
-import mir.entity.*;
-import mir.storage.*;
-import mir.log.*;
+import mir.entity.adapter.EntityAdapterEngine;
+import mir.entity.adapter.EntityAdapterModel;
+import mir.log.LoggerWrapper;
+import mir.servlet.ServletModule;
+import mir.servlet.ServletModuleExc;
+import mir.servlet.ServletModuleFailure;
+import mir.servlet.ServletModuleUserExc;
+import mir.util.HTTPRequestParser;
+import mir.util.URLBuilder;
+import mircoders.entity.EntityUsers;
+import mircoders.global.MirGlobal;
+import mircoders.module.ModuleUsers;
+import mircoders.storage.DatabaseUsers;
-import mircoders.entity.*;
-import mircoders.storage.*;
-import mircoders.module.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.*;
-/*
- * ServletModuleUsers -
- * liefert HTML fuer Users
+/**
*
*
- * @author RK
*/
-
-public class ServletModuleUsers extends mir.servlet.ServletModule
+public class ServletModuleUsers extends ServletModule
{
private static ServletModuleUsers instance = new ServletModuleUsers();
public static ServletModule getInstance() { return instance; }
+ protected ModuleUsers usersModule;
private ServletModuleUsers() {
+ super();
logger = new LoggerWrapper("ServletModule.Users");
- templateListString = MirConfig.getProp("ServletModule.Users.ListTemplate");
- templateObjektString = MirConfig.getProp("ServletModule.Users.ObjektTemplate");
- templateConfirmString = MirConfig.getProp("ServletModule.Users.ConfirmTemplate");
-
try {
- mainModule = new ModuleUsers(DatabaseUsers.getInstance());
+ definition = "user";
+ usersModule = new ModuleUsers();
+ mainModule = usersModule;
}
- catch (StorageObjectException e) {
+ catch (Throwable e) {
logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());
}
}
- public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleException
+ public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
{
- String idParam = req.getParameter("id");
+ String idParam = aRequest.getParameter("id");
+
if (idParam == null)
- throw new ServletModuleException("ServletModuleUser.edit: invalid call: (id) not specified");
+ throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
try {
- deliver(req, res, mainModule.getById(idParam), templateObjektString);
+ EntityUsers user = (EntityUsers) mainModule.getById(idParam);
+ MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
+
+ showUser(idParam, false, aRequest, aResponse);
}
- catch (ModuleException e) {
- throw new ServletModuleException(e.toString());
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
}
}
- public void add(HttpServletRequest req, HttpServletResponse res)
- throws ServletModuleException
+ public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
+ throws ServletModuleExc
{
try {
- SimpleHash mergeData = new SimpleHash();
- mergeData.put("new", "1");
- deliver(req, res, mergeData, templateObjektString);
+ MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
+
+ showUser(null, false, aRequest, aResponse);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ if ( (aRequestParser.getParameter("newpassword") != null &&
+ aRequestParser.getParameter("newpassword").length() > 0) ||
+ (aRequestParser.getParameter("newpassword2") != null &&
+ aRequestParser.getParameter("newpassword2").length() > 0)
+ ) {
+ String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
+ String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
+ String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
+
+ try {
+ if (!usersModule.checkUserPassword(aUser, oldPassword)) {
+ throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
+ }
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure(t);
+ }
+
+
+ if (newPassword.length() == 0 || newPassword2.length() == 0) {
+ throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
+ }
+
+ if (!newPassword.equals(newPassword2)) {
+ throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});
+ }
+
+ return newPassword;
}
- catch (Exception e) { throw new ServletModuleException(e.toString());}
+ return null;
}
- public void insert(HttpServletRequest req, HttpServletResponse res)
- throws ServletModuleException
+ public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
+ throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
{
try {
- HashMap withValues = getIntersectingValues(req, mainModule.getStorageObject());
+ MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
+
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
+
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
+ if (newPassword!=null)
+ withValues.put("password", newPassword);
+ else
+ throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
+
String id = mainModule.add(withValues);
- deliver(req, res, mainModule.getById(id), templateObjektString);
+
+ logAdminUsage(aRequest, id, "object added");
+
+ if (requestParser.hasParameter("returnurl"))
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
+ else
+ list(aRequest, aResponse);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ try {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ String id = requestParser.getParameter("id");
+ EntityUsers user = (EntityUsers) mainModule.getById(id);
+ MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
+
+ Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
+ if (!withValues.containsKey("is_admin"))
+ withValues.put("is_admin","0");
+ if (!withValues.containsKey("is_disabled"))
+ withValues.put("is_disabled","0");
+
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
+ if (newPassword!=null)
+ withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
+
+ mainModule.set(withValues);
+
+ logAdminUsage(aRequest, id, "object modified");
+
+ if (requestParser.hasParameter("returnurl"))
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
+ else
+ list(aRequest, aResponse);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ try {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ String id = requestParser.getParameter("id");
+ EntityUsers user = (EntityUsers) mainModule.getById(id);
+ MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
+
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
+ if (newPassword!=null) {
+ user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
+ user.update();
+
+ logAdminUsage(aRequest, id, "password changed");
+
+ // hackish: to make sure the cached logged in user is up-to-date:
+ ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
+ }
+
+ if (requestParser.hasParameter("returnurl"))
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
+ else
+ ServletHelper.redirect(aResponse, "");
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
+ {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+
+ int offset = requestParser.getIntegerWithDefault("offset", 0);
+
+ returnUserList(aRequest, aResponse, offset);
+ }
+
+ public void returnUserList(
+ HttpServletRequest aRequest,
+ HttpServletResponse aResponse,
+ int anOffset) throws ServletModuleExc {
+
+ URLBuilder urlBuilder = new URLBuilder();
+
+ try {
+ Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
+
+ List list =
+ EntityAdapterEngine.retrieveAdapterList(model, definition, "", "login", nrEntitiesPerListPage, anOffset);
+
+ responseData.put("nexturl", null);
+ responseData.put("prevurl", null);
+
+ urlBuilder.setValue("module", "Users");
+ urlBuilder.setValue("do", "list");
+
+ urlBuilder.setValue("offset", anOffset);
+ responseData.put("offset" , new Integer(anOffset).toString());
+ responseData.put("thisurl" , urlBuilder.getQuery());
+
+ if (list.size()>=nrEntitiesPerListPage) {
+ urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));
+ responseData.put("nexturl" , urlBuilder.getQuery());
+ }
+
+ if (anOffset>0) {
+ urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
+ responseData.put("prevurl" , urlBuilder.getQuery());
+ }
+
+ responseData.put("users", list);
+ responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
+ responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
+ responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
+
+ responseData.put("from" , Integer.toString(anOffset+1));
+ responseData.put("to", Integer.toString(anOffset+list.size()));
+ responseData.put("offset" , Integer.toString(anOffset));
+
+ ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
+ throws ServletModuleExc {
+ try {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
+ EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
+ Object user;
+ URLBuilder urlBuilder = new URLBuilder();
+
+ urlBuilder.setValue("module", "Users");
+ if (anOnlyPassword)
+ urlBuilder.setValue("do", "changepassword");
+ else
+ urlBuilder.setValue("do", "edit");
+ urlBuilder.setValue("id", anId);
+ urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
+
+ if (anId!=null) {
+ responseData.put("new", Boolean.FALSE);
+ user = model.makeEntityAdapter("user", mainModule.getById(anId));
+ }
+ else {
+ List fields = DatabaseUsers.getInstance().getFieldNames();
+ responseData.put("new", Boolean.TRUE);
+ Map emptyUser = new HashMap();
+ Iterator i = fields.iterator();
+ while (i.hasNext()) {
+ emptyUser.put(i.next(), null);
+ }
+
+ user = emptyUser;
+ }
+ responseData.put("user", user);
+ responseData.put("passwordonly", new Boolean(anOnlyPassword));
+
+ responseData.put("returnurl", requestParser.getParameter("returnurl"));
+ responseData.put("thisurl", urlBuilder.getQuery());
+
+ ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
+ try {
+ EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
+
+ MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
+
+ super.delete(aRequest, aResponse);
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure(t);
+ }
+ }
+
+ public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
+ {
+ String idParam = aRequest.getParameter("id");
+
+ if (idParam == null)
+ throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
+
+ try {
+ EntityUsers user = (EntityUsers) mainModule.getById(idParam);
+ MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
+
+ showUser(idParam, true, aRequest, aResponse);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
}
- catch (Exception e) { throw new ServletModuleException(e.toString());}
}
}
+
projects / mir.git / blobdiff