X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;ds=sidebyside;f=source%2Fmircoders%2Fservlet%2FServletModuleUsers.java;h=4d29ed4f771ecb38bed49e64b523abce94793112;hb=6b6b6215ebe066b81f1fa6b0c71a532ca7b4fc3f;hp=1d6e2e0ec510887e2e9fa619887f9bae5ab782df;hpb=a459f111d85598df56c6ab711cec11632676b39c;p=mir.git diff --git a/source/mircoders/servlet/ServletModuleUsers.java b/source/mircoders/servlet/ServletModuleUsers.java index 1d6e2e0e..4d29ed4f 100755 --- a/source/mircoders/servlet/ServletModuleUsers.java +++ b/source/mircoders/servlet/ServletModuleUsers.java @@ -18,100 +18,111 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * In addition, as a special exception, The Mir-coders gives permission to link - * the code of this program with any library licensed under the Apache Software License, - * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library - * (or with modified versions of the above that use the same license as the above), - * and distribute linked combinations including the two. You must obey the - * GNU General Public License in all respects for all of the code used other than - * the above mentioned libraries. If you modify this file, you may extend this - * exception to your version of the file, but you are not obligated to do so. + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your version. */ package mircoders.servlet; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import mir.entity.adapter.EntityAdapterEngine; +import mir.entity.adapter.EntityAdapterModel; import mir.log.LoggerWrapper; import mir.servlet.ServletModule; import mir.servlet.ServletModuleExc; import mir.servlet.ServletModuleFailure; import mir.servlet.ServletModuleUserExc; -import mir.storage.StorageObjectFailure; import mir.util.HTTPRequestParser; +import mir.util.URLBuilder; +import mircoders.entity.EntityUsers; +import mircoders.global.MirGlobal; import mircoders.module.ModuleUsers; import mircoders.storage.DatabaseUsers; -import freemarker.template.SimpleHash; -/* - * ServletModuleUsers - - * liefert HTML fuer Users +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.*; + +/** * * - * @author RK */ - public class ServletModuleUsers extends ServletModule { private static ServletModuleUsers instance = new ServletModuleUsers(); public static ServletModule getInstance() { return instance; } + protected ModuleUsers usersModule; private ServletModuleUsers() { super(); logger = new LoggerWrapper("ServletModule.Users"); - templateListString = configuration.getString("ServletModule.Users.ListTemplate"); - templateObjektString = configuration.getString("ServletModule.Users.ObjektTemplate"); - templateConfirmString = configuration.getString("ServletModule.Users.ConfirmTemplate"); - try { - mainModule = new ModuleUsers(DatabaseUsers.getInstance()); + definition = "user"; + usersModule = new ModuleUsers(); + mainModule = usersModule; } - catch (StorageObjectFailure e) { + catch (Throwable e) { logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage()); } } - public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String idParam = req.getParameter("id"); + String idParam = aRequest.getParameter("id"); if (idParam == null) throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified"); try { - deliver(req, res, mainModule.getById(idParam), templateObjektString); + EntityUsers user = (EntityUsers) mainModule.getById(idParam); + MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user); + + showUser(idParam, false, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure(e); } } - public void add(HttpServletRequest req, HttpServletResponse res) + public void add(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { - SimpleHash mergeData = new SimpleHash(); - mergeData.put("new", "1"); - deliver(req, res, mergeData, templateObjektString); + MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest)); + + showUser(null, false, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure(e); } } - public String checkPassword(HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure + public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure { if ( (aRequestParser.getParameter("newpassword") != null && aRequestParser.getParameter("newpassword").length() > 0) || - (aRequestParser.getParameter("newpassword2") != null && - aRequestParser.getParameter("newpassword2").length() > 0) + (aRequestParser.getParameter("newpassword2") != null && + aRequestParser.getParameter("newpassword2").length() > 0) ) { String newPassword = aRequestParser.getParameterWithDefault("newpassword", ""); String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", ""); + String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", ""); + + try { + if (!usersModule.checkUserPassword(aUser, oldPassword)) { + throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {}); + } + } + catch (Throwable t) { + throw new ServletModuleFailure(t); + } + if (newPassword.length() == 0 || newPassword2.length() == 0) { throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {}); @@ -123,26 +134,30 @@ public class ServletModuleUsers extends ServletModule return newPassword; } - else - return null; + return null; } public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure { try { + MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest)); + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject()); - String newPassword=checkPassword(requestParser); + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); if (newPassword!=null) withValues.put("password", newPassword); else throw new ServletModuleUserExc("user.error.missingpassword", new String[] {}); String id = mainModule.add(withValues); + + logAdminUsage(aRequest, id, "object added"); + if (requestParser.hasParameter("returnurl")) - redirect(aResponse, requestParser.getParameter("returnurl")); + ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl")); else list(aRequest, aResponse); } @@ -155,17 +170,26 @@ public class ServletModuleUsers extends ServletModule { try { HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + String id = requestParser.getParameter("id"); + EntityUsers user = (EntityUsers) mainModule.getById(id); + MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user); Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject()); + if (!withValues.containsKey("is_admin")) + withValues.put("is_admin","0"); + if (!withValues.containsKey("is_disabled")) + withValues.put("is_disabled","0"); - String newPassword=checkPassword(requestParser); + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); if (newPassword!=null) - withValues.put("password", newPassword); + withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword)); mainModule.set(withValues); + logAdminUsage(aRequest, id, "object modified"); + if (requestParser.hasParameter("returnurl")) - redirect(aResponse, requestParser.getParameter("returnurl")); + ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl")); else list(aRequest, aResponse); } @@ -174,5 +198,167 @@ public class ServletModuleUsers extends ServletModule } } + public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure + { + try { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + String id = requestParser.getParameter("id"); + EntityUsers user = (EntityUsers) mainModule.getById(id); + MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user); + + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); + if (newPassword!=null) { + user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword)); + user.update(); + + logAdminUsage(aRequest, id, "password changed"); + + // hackish: to make sure the cached logged in user is up-to-date: + ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId())); + } + + if (requestParser.hasParameter("returnurl")) + ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl")); + else + ServletHelper.redirect(aResponse, ""); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc + { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + + int offset = requestParser.getIntegerWithDefault("offset", 0); + + returnUserList(aRequest, aResponse, offset); + } + + public void returnUserList( + HttpServletRequest aRequest, + HttpServletResponse aResponse, + int anOffset) throws ServletModuleExc { + + URLBuilder urlBuilder = new URLBuilder(); + + try { + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + + List list = + EntityAdapterEngine.retrieveAdapterList(model, definition, "", "login", nrEntitiesPerListPage, anOffset); + + responseData.put("nexturl", null); + responseData.put("prevurl", null); + + urlBuilder.setValue("module", "Users"); + urlBuilder.setValue("do", "list"); + + urlBuilder.setValue("offset", anOffset); + responseData.put("offset" , new Integer(anOffset).toString()); + responseData.put("thisurl" , urlBuilder.getQuery()); + + if (list.size()>=nrEntitiesPerListPage) { + urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage)); + responseData.put("nexturl" , urlBuilder.getQuery()); + } + + if (anOffset>0) { + urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0)); + responseData.put("prevurl" , urlBuilder.getQuery()); + } + + responseData.put("users", list); + responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest)))); + responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest)))); + responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest)))); + + responseData.put("from" , Integer.toString(anOffset+1)); + responseData.put("to", Integer.toString(anOffset+list.size())); + responseData.put("offset" , Integer.toString(anOffset)); + + ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse) + throws ServletModuleExc { + try { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel(); + Object user; + URLBuilder urlBuilder = new URLBuilder(); + + urlBuilder.setValue("module", "Users"); + if (anOnlyPassword) + urlBuilder.setValue("do", "changepassword"); + else + urlBuilder.setValue("do", "edit"); + urlBuilder.setValue("id", anId); + urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl")); + + if (anId!=null) { + responseData.put("new", Boolean.FALSE); + user = model.makeEntityAdapter("user", mainModule.getById(anId)); + } + else { + List fields = DatabaseUsers.getInstance().getFieldNames(); + responseData.put("new", Boolean.TRUE); + Map emptyUser = new HashMap(); + Iterator i = fields.iterator(); + while (i.hasNext()) { + emptyUser.put(i.next(), null); + } + + user = emptyUser; + } + responseData.put("user", user); + responseData.put("passwordonly", new Boolean(anOnlyPassword)); + responseData.put("returnurl", requestParser.getParameter("returnurl")); + responseData.put("thisurl", urlBuilder.getQuery()); + + ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure { + try { + EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id")); + + MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user); + + super.delete(aRequest, aResponse); + } + catch (Throwable t) { + throw new ServletModuleFailure(t); + } + } + + public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc + { + String idParam = aRequest.getParameter("id"); + + if (idParam == null) + throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified"); + + try { + EntityUsers user = (EntityUsers) mainModule.getById(idParam); + MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user); + + showUser(idParam, true, aRequest, aResponse); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } } +