* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* In addition, as a special exception, The Mir-coders gives permission to link
- * the code of this program with any library licensed under the Apache Software License,
- * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
- * (or with modified versions of the above that use the same license as the above),
- * and distribute linked combinations including the two. You must obey the
- * GNU General Public License in all respects for all of the code used other than
- * the above mentioned libraries. If you modify this file, you may extend this
- * exception to your version of the file, but you are not obligated to do so.
+ * the code of this program with any library licensed under the Apache Software License,
+ * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
+ * (or with modified versions of the above that use the same license as the above),
+ * and distribute linked combinations including the two. You must obey the
+ * GNU General Public License in all respects for all of the code used other than
+ * the above mentioned libraries. If you modify this file, you may extend this
+ * exception to your version of the file, but you are not obligated to do so.
* If you do not wish to do so, delete this exception statement from your version.
*/
package mircoders.servlet;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import mir.entity.adapter.EntityAdapterEngine;
+import mir.entity.adapter.EntityAdapterModel;
import mir.log.LoggerWrapper;
import mir.servlet.ServletModule;
import mir.servlet.ServletModuleExc;
import mir.servlet.ServletModuleFailure;
import mir.servlet.ServletModuleUserExc;
-import mir.storage.StorageObjectFailure;
import mir.util.HTTPRequestParser;
+import mir.util.URLBuilder;
+import mircoders.entity.EntityUsers;
+import mircoders.global.MirGlobal;
import mircoders.module.ModuleUsers;
import mircoders.storage.DatabaseUsers;
-import freemarker.template.SimpleHash;
-/*
- * ServletModuleUsers -
- * liefert HTML fuer Users
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.util.*;
+
+/**
*
*
- * @author RK
*/
-
public class ServletModuleUsers extends ServletModule
{
private static ServletModuleUsers instance = new ServletModuleUsers();
public static ServletModule getInstance() { return instance; }
+ protected ModuleUsers usersModule;
private ServletModuleUsers() {
super();
logger = new LoggerWrapper("ServletModule.Users");
- templateListString = configuration.getString("ServletModule.Users.ListTemplate");
- templateObjektString = configuration.getString("ServletModule.Users.ObjektTemplate");
- templateConfirmString = configuration.getString("ServletModule.Users.ConfirmTemplate");
-
try {
- mainModule = new ModuleUsers(DatabaseUsers.getInstance());
+ definition = "user";
+ usersModule = new ModuleUsers();
+ mainModule = usersModule;
}
- catch (StorageObjectFailure e) {
+ catch (Throwable e) {
logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());
}
}
- public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc
+ public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
{
- String idParam = req.getParameter("id");
+ String idParam = aRequest.getParameter("id");
if (idParam == null)
throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
try {
- deliver(req, res, mainModule.getById(idParam), templateObjektString);
+ EntityUsers user = (EntityUsers) mainModule.getById(idParam);
+ MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
+
+ showUser(idParam, false, aRequest, aResponse);
}
catch (Throwable e) {
throw new ServletModuleFailure(e);
}
}
- public void add(HttpServletRequest req, HttpServletResponse res)
+ public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
throws ServletModuleExc
{
try {
- SimpleHash mergeData = new SimpleHash();
- mergeData.put("new", "1");
- deliver(req, res, mergeData, templateObjektString);
+ MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
+
+ showUser(null, false, aRequest, aResponse);
}
catch (Throwable e) {
throw new ServletModuleFailure(e);
}
}
- public String checkPassword(HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
{
if ( (aRequestParser.getParameter("newpassword") != null &&
aRequestParser.getParameter("newpassword").length() > 0) ||
- (aRequestParser.getParameter("newpassword2") != null &&
- aRequestParser.getParameter("newpassword2").length() > 0)
+ (aRequestParser.getParameter("newpassword2") != null &&
+ aRequestParser.getParameter("newpassword2").length() > 0)
) {
String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
+ String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
+
+ try {
+ if (!usersModule.checkUserPassword(aUser, oldPassword)) {
+ throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
+ }
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure(t);
+ }
+
if (newPassword.length() == 0 || newPassword2.length() == 0) {
throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
return newPassword;
}
- else
- return null;
+ return null;
}
public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
{
try {
+ MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
+
HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
- String newPassword=checkPassword(requestParser);
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
if (newPassword!=null)
withValues.put("password", newPassword);
else
throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
String id = mainModule.add(withValues);
+
+ logAdminUsage(aRequest, id, "object added");
+
if (requestParser.hasParameter("returnurl"))
- redirect(aResponse, requestParser.getParameter("returnurl"));
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
else
list(aRequest, aResponse);
}
{
try {
HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ String id = requestParser.getParameter("id");
+ EntityUsers user = (EntityUsers) mainModule.getById(id);
+ MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
+ if (!withValues.containsKey("is_admin"))
+ withValues.put("is_admin","0");
+ if (!withValues.containsKey("is_disabled"))
+ withValues.put("is_disabled","0");
- String newPassword=checkPassword(requestParser);
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
if (newPassword!=null)
- withValues.put("password", newPassword);
+ withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
mainModule.set(withValues);
+ logAdminUsage(aRequest, id, "object modified");
+
if (requestParser.hasParameter("returnurl"))
- redirect(aResponse, requestParser.getParameter("returnurl"));
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
else
list(aRequest, aResponse);
}
}
}
+ public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
+ {
+ try {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ String id = requestParser.getParameter("id");
+ EntityUsers user = (EntityUsers) mainModule.getById(id);
+ MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
+
+ String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
+ if (newPassword!=null) {
+ user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
+ user.update();
+
+ logAdminUsage(aRequest, id, "password changed");
+
+ // hackish: to make sure the cached logged in user is up-to-date:
+ ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
+ }
+
+ if (requestParser.hasParameter("returnurl"))
+ ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
+ else
+ ServletHelper.redirect(aResponse, "");
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
+ {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+
+ int offset = requestParser.getIntegerWithDefault("offset", 0);
+
+ returnUserList(aRequest, aResponse, offset);
+ }
+
+ public void returnUserList(
+ HttpServletRequest aRequest,
+ HttpServletResponse aResponse,
+ int anOffset) throws ServletModuleExc {
+
+ URLBuilder urlBuilder = new URLBuilder();
+
+ try {
+ Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
+
+ List list =
+ EntityAdapterEngine.retrieveAdapterList(model, definition, "", "login", nrEntitiesPerListPage, anOffset);
+
+ responseData.put("nexturl", null);
+ responseData.put("prevurl", null);
+
+ urlBuilder.setValue("module", "Users");
+ urlBuilder.setValue("do", "list");
+
+ urlBuilder.setValue("offset", anOffset);
+ responseData.put("offset" , new Integer(anOffset).toString());
+ responseData.put("thisurl" , urlBuilder.getQuery());
+
+ if (list.size()>=nrEntitiesPerListPage) {
+ urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));
+ responseData.put("nexturl" , urlBuilder.getQuery());
+ }
+
+ if (anOffset>0) {
+ urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
+ responseData.put("prevurl" , urlBuilder.getQuery());
+ }
+
+ responseData.put("users", list);
+ responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
+ responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
+ responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
+
+ responseData.put("from" , Integer.toString(anOffset+1));
+ responseData.put("to", Integer.toString(anOffset+list.size()));
+ responseData.put("offset" , Integer.toString(anOffset));
+
+ ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
+ throws ServletModuleExc {
+ try {
+ HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
+ Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
+ EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
+ Object user;
+ URLBuilder urlBuilder = new URLBuilder();
+
+ urlBuilder.setValue("module", "Users");
+ if (anOnlyPassword)
+ urlBuilder.setValue("do", "changepassword");
+ else
+ urlBuilder.setValue("do", "edit");
+ urlBuilder.setValue("id", anId);
+ urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
+
+ if (anId!=null) {
+ responseData.put("new", Boolean.FALSE);
+ user = model.makeEntityAdapter("user", mainModule.getById(anId));
+ }
+ else {
+ List fields = DatabaseUsers.getInstance().getFieldNames();
+ responseData.put("new", Boolean.TRUE);
+ Map emptyUser = new HashMap();
+ Iterator i = fields.iterator();
+ while (i.hasNext()) {
+ emptyUser.put(i.next(), null);
+ }
+
+ user = emptyUser;
+ }
+ responseData.put("user", user);
+ responseData.put("passwordonly", new Boolean(anOnlyPassword));
+ responseData.put("returnurl", requestParser.getParameter("returnurl"));
+ responseData.put("thisurl", urlBuilder.getQuery());
+
+ ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
+
+ public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
+ try {
+ EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
+
+ MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
+
+ super.delete(aRequest, aResponse);
+ }
+ catch (Throwable t) {
+ throw new ServletModuleFailure(t);
+ }
+ }
+
+ public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
+ {
+ String idParam = aRequest.getParameter("id");
+
+ if (idParam == null)
+ throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
+
+ try {
+ EntityUsers user = (EntityUsers) mainModule.getById(idParam);
+ MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
+
+ showUser(idParam, true, aRequest, aResponse);
+ }
+ catch (Throwable e) {
+ throw new ServletModuleFailure(e);
+ }
+ }
}
+