From 12e4a04e3d6b16aa91029f125997d38a1f05aeb5 Mon Sep 17 00:00:00 2001 From: zapata Date: Thu, 19 Jun 2003 02:24:12 +0000 Subject: [PATCH] restriction of user activity: concept of super-users: the only ones that can add/edit users --- bundles/admin_en.properties | 6 +- etc/producer/startpage.template | 2 +- source/Mir.java | 224 ++++++++----------- source/default.properties | 3 + source/mircoders/accesscontrol/AccessControl.java | 134 +++++++++++ .../mircoders/accesscontrol/AuthorizationExc.java | 38 ++++ .../accesscontrol/AuthorizationFailure.java | 43 ++++ source/mircoders/entity/EntityContent.java | 26 +-- source/mircoders/global/MirGlobal.java | 28 ++- source/mircoders/module/ModuleUsers.java | 23 +- source/mircoders/servlet/ServletHelper.java | 22 +- source/mircoders/servlet/ServletModuleAbuse.java | 6 +- source/mircoders/servlet/ServletModuleAdmin.java | 2 +- source/mircoders/servlet/ServletModuleComment.java | 4 +- source/mircoders/servlet/ServletModuleContent.java | 76 +++---- .../mircoders/servlet/ServletModuleFileEdit.java | 6 +- .../mircoders/servlet/ServletModuleLocalizer.java | 49 +++-- .../mircoders/servlet/ServletModuleOpenIndy.java | 8 +- .../mircoders/servlet/ServletModuleProducer.java | 2 +- .../servlet/ServletModuleUploadedMedia.java | 90 ++++---- source/mircoders/servlet/ServletModuleUsers.java | 245 +++++++++++++++++++-- templates/admin/FUNCTIONS.template | 120 ++++++++-- templates/admin/contentlist.template | 3 - templates/admin/head.template | 1 + templates/admin/user.template | 35 +-- templates/admin/userlist.template | 28 +-- 26 files changed, 845 insertions(+), 379 deletions(-) create mode 100755 source/mircoders/accesscontrol/AccessControl.java create mode 100755 source/mircoders/accesscontrol/AuthorizationExc.java create mode 100755 source/mircoders/accesscontrol/AuthorizationFailure.java diff --git a/bundles/admin_en.properties b/bundles/admin_en.properties index 72b647cb..60031ed4 100755 --- a/bundles/admin_en.properties +++ b/bundles/admin_en.properties @@ -1,6 +1,6 @@ ########## admin ########## # language: english -# $Id: admin_en.properties,v 1.48 2003/05/03 23:30:49 zapata Exp $ +# $Id: admin_en.properties,v 1.48.2.1 2003/06/19 02:24:12 zapata Exp $ languagename=English @@ -338,6 +338,8 @@ topiclist.htmltitle=topiclist # users user.htmltitle=User user.login=Login +user.ownpassword=Your own password +user.oldpassword=Old password user.password=Password user.password2=Password (confirmation) user.admin=Admin @@ -437,6 +439,7 @@ abuse.filter.expression = Expression # head head.start=start head.logout=logout +head.changepassword=password head.help=help head.search=search head.logged_in=logged in @@ -480,6 +483,7 @@ media.error.unsupportedformat=The format of the media you uploaded is not suppor user.error.missingpasswords=The new password must be entered twice user.error.passwordmismatch=The passwords are not equal user.error.missingpassword=A password must be entered +user.error.incorrectpassword= Incorrect password ########## infomessages ########## diff --git a/etc/producer/startpage.template b/etc/producer/startpage.template index 485d3850..0cf6fbda 100755 --- a/etc/producer/startpage.template +++ b/etc/producer/startpage.template @@ -41,7 +41,7 @@

- my.mir.indymedia.org + ${config["Mir.Name"]} diff --git a/source/Mir.java b/source/Mir.java index bbb4d33b..9a870acf 100755 --- a/source/Mir.java +++ b/source/Mir.java @@ -80,7 +80,7 @@ import mircoders.storage.DatabaseUsers; * Mir.java - main servlet, that dispatches to servletmodules * * @author $Author: zapata $ - * @version $Id: Mir.java,v 1.49.2.1 2003/06/13 03:54:08 zapata Exp $ + * @version $Id: Mir.java,v 1.49.2.2 2003/06/19 02:24:12 zapata Exp $ * */ public class Mir extends AbstractServlet { @@ -137,8 +137,6 @@ public class Mir extends AbstractServlet { } } - // FIXME: this should probalby go into AbstractServlet so it can be used in - // OpenMir as well -mh protected String getDefaultLanguage(HttpServletRequest aRequest) { String defaultlanguage = MirGlobal.config().getString("Mir.Login.DefaultLanguage", ""); @@ -164,148 +162,122 @@ public class Mir extends AbstractServlet { return fallbackLocale; } - public void process(HttpServletRequest aRequest, HttpServletResponse aResponse) - throws ServletException, IOException, UnavailableException { - long startTime = System.currentTimeMillis(); - long sessionConnectTime = 0; - EntityUsers userEntity; - HttpSession session; - String http = ""; + public void process(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletException, IOException, UnavailableException { + try { + long startTime = System.currentTimeMillis(); + long sessionConnectTime = 0; + EntityUsers userEntity; + HttpSession session; - configuration.addProperty("ServletName", getServletName()); + configuration.addProperty("ServletName", getServletName()); - session = aRequest.getSession(true); - userEntity = (EntityUsers) session.getAttribute("login.uid"); + session = aRequest.getSession(true); + userEntity = ServletHelper.getUser(aRequest); - if (aRequest.getServerPort() == 443) { - http = "https"; - } - else { - http = "http"; - } + setNoCaching(aResponse); - setNoCaching(aResponse); + Locale locale = new Locale(getDefaultLanguage(aRequest), ""); - Locale locale = new Locale(getDefaultLanguage(aRequest), ""); + aResponse.setContentType("text/html; charset=" + + configuration.getString("Mir.DefaultHTMLCharset", "UTF-8")); - aResponse.setContentType("text/html; charset=" + - configuration.getString("Mir.DefaultHTMLCharset", "UTF-8")); + String moduleName = aRequest.getParameter("module"); + checkLanguage(session, aRequest); - String moduleName = aRequest.getParameter("module"); - checkLanguage(session, aRequest); + // Authentication + if ( ( (moduleName != null) && moduleName.equals("login")) || (userEntity == null)) { + String user = aRequest.getParameter("login"); + String passwd = aRequest.getParameter("password"); + logger.debug("--login: evaluating for user: " + user); + userEntity = allowedUser(user, passwd); - // Authentication - if (((moduleName != null) && moduleName.equals("login")) || (userEntity == null)) { - String user = aRequest.getParameter("login"); - String passwd = aRequest.getParameter("password"); - logger.debug("--login: evaluating for user: " + user); - userEntity = allowedUser(user, passwd); + if (userEntity == null) { + // login failed: redirecting to login + logger.warn("--login: failed!"); + _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); - if (userEntity == null) { - // login failed: redirecting to login - logger.warn("--login: failed!"); - _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); + return; + } + else if ( (moduleName != null) && moduleName.equals("login")) { + // login successful + logger.info("--login: successful! setting uid: " + userEntity.getId()); + ServletHelper.setUser(aRequest, userEntity); - return; - } - else if ((moduleName != null) && moduleName.equals("login")) { - // login successful - logger.info("--login: successful! setting uid: " + userEntity.getId()); - session.setAttribute("login.uid", userEntity); - logger.debug("--login: trying to retrieve login.target"); - - String target = (String) session.getAttribute("login.target"); - - if (target != null) { - logger.debug("Redirect: " + target); - - int serverPort = aRequest.getServerPort(); - String redirect = ""; - String redirectString = ""; - - if (serverPort == 80) { - redirect = - aResponse.encodeURL(http + "://" + aRequest.getServerName() + target); - redirectString = - "going Mir"; - } else { - redirect = - aResponse.encodeURL(http + "://" + aRequest.getServerName() + ":" + - aRequest.getServerPort() + target); - redirectString = - "going Mir"; - } + logger.debug("--login: trying to retrieve login.target"); + String target = (String) session.getAttribute("login.target"); + + if (target != null) { + logger.debug("Redirect: " + target); - aResponse.getWriter().println(redirectString); + aResponse.sendRedirect( + MirPropertiesConfiguration.instance().getString("RootUri") + "/Mir?" + target); - //aResponse.sendRedirect(redirect); - } else { - // redirecting to default target - logger.debug("--login: no target - redirecting to default"); - _sendStartPage(aResponse, aRequest, aResponse.getWriter(), userEntity); + } + else { + logger.debug("--login: no target - redirecting to default"); + _sendStartPage(aResponse, aRequest, aResponse.getWriter(), userEntity); + } + + return; } + // if login succesful + } + // if login + + if ( (moduleName != null) && moduleName.equals("logout")) { + logger.info("--logout"); + session.invalidate(); + + _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); return; } - // if login succesful - } - // if login - - if ((moduleName != null) && moduleName.equals("logout")) { - logger.info("--logout"); - session.invalidate(); - _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); + // Check if authed! + if (userEntity == null) { + // redirect to loginpage + String redirectString = aRequest.getRequestURI(); + String queryString = aRequest.getQueryString(); - return; - } + if ( (queryString != null) && queryString.length() != 0) { + redirectString += ("?" + aRequest.getQueryString()); + session.setAttribute("login.target", redirectString); + } - // Check if authed! - if (userEntity == null) { - // redirect to loginpage - String redirectString = aRequest.getRequestURI(); - String queryString = aRequest.getQueryString(); + _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); - if ((queryString != null) && queryString.length()!=0) { - redirectString += ("?" + aRequest.getQueryString()); - session.setAttribute("login.target", redirectString); + return; } - _sendLoginPage(aResponse, aRequest, aResponse.getWriter()); + // If no module is specified goto standard startpage + if ( (moduleName == null) || moduleName.equals("")) { + _sendStartPage(aResponse, aRequest, aResponse.getWriter(), userEntity); - return; - } - - // If no module is specified goto standard startpage - if ((moduleName == null) || moduleName.equals("")) { -// logger.debug("no module: redirect to standardpage"); - _sendStartPage(aResponse, aRequest, aResponse.getWriter(), userEntity); + return; + } - return; - } + try { + // get servletmodule by parameter and continue with dispacher + ServletModule smod = getServletModuleForName(moduleName); + ServletModuleDispatch.dispatch(smod, aRequest, aResponse); + } + catch (Throwable e) { + Throwable cause = ExceptionFunctions.traceCauseException(e); - try { - // get servletmodule by parameter and continue with dispacher - ServletModule smod = getServletModuleForName(moduleName); - ServletModuleDispatch.dispatch(smod, aRequest, aResponse); - } - catch (Throwable e) { - Throwable cause = ExceptionFunctions.traceCauseException(e); + if (cause instanceof ServletModuleUserExc) + handleUserError(aRequest, aResponse, aResponse.getWriter(), (ServletModuleUserExc) cause); + else + handleError(aRequest, aResponse, aResponse.getWriter(), cause); - if (cause instanceof ServletModuleUserExc) - handleUserError(aRequest, aResponse, aResponse.getWriter(), (ServletModuleUserExc) cause); - else - handleError(aRequest, aResponse, aResponse.getWriter(), cause); + } + // timing... + sessionConnectTime = System.currentTimeMillis() - startTime; + logger.info("EXECTIME (" + moduleName + "): " + sessionConnectTime + " ms"); + } + catch (Throwable t) { + throw new ServletException(t.toString()); } - - // timing... - sessionConnectTime = System.currentTimeMillis() - startTime; - logger.info("EXECTIME (" + moduleName + "): " + sessionConnectTime + " ms"); } /** @@ -442,7 +414,7 @@ public class Mir extends AbstractServlet { String sessionUrl = aResponse.encodeURL(""); try { - Map mergeData = ServletHelper.makeGenerationData(aResponse, new Locale[] {getLocale(aRequest), getFallbackLocale()}, "bundles.admin", "bundles.adminlocal"); + Map mergeData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] {getLocale(aRequest), getFallbackLocale()}, "bundles.admin", "bundles.adminlocal"); mergeData.put("messages", new CachingRewindableIterator( new EntityIteratorAdapter( "", "webdb_create desc", 10, @@ -469,20 +441,4 @@ public class Mir extends AbstractServlet { public String getServletInfo() { return "Mir " + configuration.getString("Mir.Version"); } - -/* private void checkLanguage(HttpSession session, HttpServletRequest aRequest) { - // a lang parameter always sets the language - String lang = aRequest.getParameter("language"); - - if (lang != null) { - logger.info("selected language " + lang + " overrides accept-language"); - setLanguage(session, lang); - } - // otherwise store language from accept header in session - else if (session.getAttribute("language") == null) { - logger.info("accept-language is " + aRequest.getLocale().getLanguage()); - setLanguage(session, aRequest.getLocale().getLanguage()); - } - } -*/ } diff --git a/source/default.properties b/source/default.properties index 5262a210..8a2f18c8 100755 --- a/source/default.properties +++ b/source/default.properties @@ -83,6 +83,9 @@ Mir.Login.Languages=en;de;fr;nl;es;pt;eu;sv;tr;zh;gz Mir.Admin.FallbackLanguage=en +# Which usernames have admin priviliges (, seperated usernames) +AccessControl.SuperUsers = admin + # the templates Mir.Localizer.Producer.GeneratorLibrary= default=freemarker(etc/producer/) Mir.Localizer.Admin.GeneratorLibrary= default=freemarker(templates/admin/) diff --git a/source/mircoders/accesscontrol/AccessControl.java b/source/mircoders/accesscontrol/AccessControl.java new file mode 100755 index 00000000..6db8bece --- /dev/null +++ b/source/mircoders/accesscontrol/AccessControl.java @@ -0,0 +1,134 @@ +/* + * Copyright (C) 2001, 2002 The Mir-coders group + * + * This file is part of Mir. + * + * Mir is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Mir is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Mir; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * In addition, as a special exception, The Mir-coders gives permission to link + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. + * If you do not wish to do so, delete this exception statement from your version. + */ + +package mircoders.accesscontrol; + +import java.util.*; +import mir.log.*; +import mir.config.*; +import mircoders.entity.*; +import mircoders.global.*; + +public class AccessControl { + private UserAccessControl user; + protected LoggerWrapper logger = new LoggerWrapper("Global.AccessControl"); + protected MirPropertiesConfiguration configuration; + + public AccessControl() { + try { + configuration = MirPropertiesConfiguration.instance(); + + user = new UserAccessControl(configuration.getVector("AccessControl.SuperUsers")); + } + catch (Throwable t) { + throw new RuntimeException(t.toString()); + } + } + + public UserAccessControl user() { + return user; + } + + public class UserAccessControl { + private List superusers; + + public UserAccessControl(List aSuperUsers) { + superusers = new Vector(aSuperUsers); + } + + public void assertMayAddUsers(EntityUsers aSubject) throws AuthorizationExc, AuthorizationFailure { + try { + if (!mayAddUsers(aSubject)) + throw new AuthorizationExc("not allowed to add users"); + } + catch (Throwable t) { + throw new AuthorizationFailure(t); + } + + } + + public boolean mayAddUsers(EntityUsers aSubject) { + return superusers.contains(aSubject.getValue("login")); + } + + public void assertMayEditUser(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure { + try { + if (!mayEditUser(aSubject, anObject)) + throw new AuthorizationExc("not allowed to edit user " + anObject.getId()); + } + catch (Throwable t) { + throw new AuthorizationFailure(t); + } + + } + + public boolean mayEditUser(EntityUsers aSubject, EntityUsers anObject) { + return superusers.contains(aSubject.getValue("login")); + } + + public boolean mayEditUsers(EntityUsers aSubject) { + return superusers.contains(aSubject.getValue("login")); + } + + public void assertMayDeleteUser(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure { + try { + if (!mayDeleteUser(aSubject, anObject)) + throw new AuthorizationExc("not allowed to delete user " + anObject.getId()); + } + catch (Throwable t) { + throw new AuthorizationFailure(t); + } + } + + public boolean mayDeleteUser(EntityUsers aSubject, EntityUsers anObject) { + return superusers.contains(aSubject.getValue("login")); + } + + public boolean mayDeleteUsers(EntityUsers aSubject) { + return superusers.contains(aSubject.getValue("login")); + } + + public boolean mayChangeUserPassword(EntityUsers aSubject, EntityUsers anObject) { + return aSubject.getId().equals(anObject.getId()) || superusers.contains(aSubject.getValue("login")); + } + + public void assertMayChangeUserPassword(EntityUsers aSubject, EntityUsers anObject) throws AuthorizationExc, AuthorizationFailure { + try { + if (!mayChangeUserPassword(aSubject, anObject)) + throw new AuthorizationExc("not allowed to change user " + anObject.getId()+"'s password"); + } + catch (Throwable t) { + throw new AuthorizationFailure(t); + } + + } + + } +} diff --git a/source/mircoders/accesscontrol/AuthorizationExc.java b/source/mircoders/accesscontrol/AuthorizationExc.java new file mode 100755 index 00000000..b6c373fe --- /dev/null +++ b/source/mircoders/accesscontrol/AuthorizationExc.java @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2001, 2002 The Mir-coders group + * + * This file is part of Mir. + * + * Mir is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Mir is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Mir; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * In addition, as a special exception, The Mir-coders gives permission to link + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. + * If you do not wish to do so, delete this exception statement from your version. + */ +package mircoders.accesscontrol; + +import multex.Exc; + +public class AuthorizationExc extends Exc { + public AuthorizationExc(String aMessage) { + super(aMessage); + } +} diff --git a/source/mircoders/accesscontrol/AuthorizationFailure.java b/source/mircoders/accesscontrol/AuthorizationFailure.java new file mode 100755 index 00000000..90e3237d --- /dev/null +++ b/source/mircoders/accesscontrol/AuthorizationFailure.java @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2001, 2002 The Mir-coders group + * + * This file is part of Mir. + * + * Mir is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Mir is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Mir; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * In addition, as a special exception, The Mir-coders gives permission to link + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. + * If you do not wish to do so, delete this exception statement from your version. + */ +package mircoders.accesscontrol; + +import multex.Failure; + +public class AuthorizationFailure extends Failure { + + public AuthorizationFailure(String aMessage, Throwable aCause) { + super (aMessage, aCause); + } + + public AuthorizationFailure(Throwable aCause) { + this (aCause.getMessage(), aCause); + } +} diff --git a/source/mircoders/entity/EntityContent.java b/source/mircoders/entity/EntityContent.java index 5eb2bf58..4c76c9e9 100755 --- a/source/mircoders/entity/EntityContent.java +++ b/source/mircoders/entity/EntityContent.java @@ -18,13 +18,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * In addition, as a special exception, The Mir-coders gives permission to link - * the code of this program with any library licensed under the Apache Software License, - * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library - * (or with modified versions of the above that use the same license as the above), - * and distribute linked combinations including the two. You must obey the - * GNU General Public License in all respects for all of the code used other than - * the above mentioned libraries. If you modify this file, you may extend this - * exception to your version of the file, but you are not obligated to do so. + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your version. */ @@ -53,7 +53,7 @@ import freemarker.template.TemplateModelException; * this class implements mapping of one line of the database table content * to a java object * - * @version $Id: EntityContent.java,v 1.19 2003/04/21 12:42:54 idfx Exp $ + * @version $Id: EntityContent.java,v 1.19.2.1 2003/06/19 02:24:12 zapata Exp $ * @author mir-coders group * */ @@ -174,7 +174,7 @@ public class EntityContent extends Entity if (_entCache.containsKey(key)) { return (TemplateModel)_entCache.get(key); } - if (key.equals("to_comments")) { +/* if (key.equals("to_comments")) { try { _entCache.put(key, getComments()); return (TemplateModel)_entCache.get(key); @@ -239,7 +239,7 @@ public class EntityContent extends Entity else { return new SimpleScalar(getValue(key)); } - +*/ } return null; } @@ -266,9 +266,9 @@ public class EntityContent extends Entity * * @return freemarker.template.SimpleList */ - private EntityList getComments() throws StorageObjectFailure { - return ((DatabaseContent)theStorageObject).getComments(this); - } +// private EntityList getComments() throws StorageObjectFailure { +// return ((DatabaseContent)theStorageObject).getComments(this); +// } private boolean hasMedia() throws StorageObjectFailure { diff --git a/source/mircoders/global/MirGlobal.java b/source/mircoders/global/MirGlobal.java index ea72306d..aaff2879 100755 --- a/source/mircoders/global/MirGlobal.java +++ b/source/mircoders/global/MirGlobal.java @@ -18,13 +18,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * In addition, as a special exception, The Mir-coders gives permission to link - * the code of this program with any library licensed under the Apache Software License, - * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library - * (or with modified versions of the above that use the same license as the above), - * and distribute linked combinations including the two. You must obey the - * GNU General Public License in all respects for all of the code used other than - * the above mentioned libraries. If you modify this file, you may extend this - * exception to your version of the file, but you are not obligated to do so. + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your version. */ @@ -35,6 +35,7 @@ import mir.config.MirPropertiesConfiguration.PropertiesConfigExc; import mir.misc.ConfigException; import mircoders.localizer.MirCachingLocalizerDecorator; import mircoders.localizer.MirLocalizer; +import mircoders.accesscontrol.*; public class MirGlobal { static private MirPropertiesConfiguration configuration; @@ -42,6 +43,7 @@ public class MirGlobal { static private ProducerEngine producerEngine; static private Abuse abuse; static private MRUCache mruCache; + static private AccessControl accessControl; public static MirLocalizer localizer() { String localizerClassName; @@ -106,11 +108,19 @@ public class MirGlobal { public static MRUCache mruCache() { synchronized(MirGlobal.class) { if (mruCache == null) { - mruCache = new MRUCache(); + mruCache = new MRUCache(); } return mruCache; } } + + public static synchronized AccessControl accessControl() { + if (accessControl == null) { + accessControl=new AccessControl(); + } + + return accessControl; + } } - + diff --git a/source/mircoders/module/ModuleUsers.java b/source/mircoders/module/ModuleUsers.java index 6a89ec96..7c0f3041 100755 --- a/source/mircoders/module/ModuleUsers.java +++ b/source/mircoders/module/ModuleUsers.java @@ -18,13 +18,13 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * In addition, as a special exception, The Mir-coders gives permission to link - * the code of this program with any library licensed under the Apache Software License, - * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library - * (or with modified versions of the above that use the same license as the above), - * and distribute linked combinations including the two. You must obey the - * GNU General Public License in all respects for all of the code used other than - * the above mentioned libraries. If you modify this file, you may extend this - * exception to your version of the file, but you are not obligated to do so. + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your version. */ @@ -94,6 +94,15 @@ public class ModuleUsers extends AbstractModule } } + public boolean checkUserPassword(EntityUsers aUser, String aPassword) throws ModuleExc, ModuleFailure { + try { + return aUser.getValue("password").equals(MirGlobal.localizer().adminInterface().makePasswordDigest(aPassword)); + } + catch (Throwable t) { + throw new ModuleFailure(t); + } + } + private Map digestPassword(Map aValues) throws ModuleExc, ModuleFailure { Map result = aValues; diff --git a/source/mircoders/servlet/ServletHelper.java b/source/mircoders/servlet/ServletHelper.java index 4c23cb5f..beba69c0 100755 --- a/source/mircoders/servlet/ServletHelper.java +++ b/source/mircoders/servlet/ServletHelper.java @@ -34,7 +34,7 @@ import java.util.HashMap; import java.util.Locale; import java.util.Map; -import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.*; import org.apache.struts.util.MessageResources; @@ -47,21 +47,22 @@ import mir.servlet.ServletModuleFailure; import mir.util.CachingRewindableIterator; import mir.util.ResourceBundleGeneratorFunction; import mircoders.global.MirGlobal; +import mircoders.entity.*; public class ServletHelper { static LoggerWrapper logger = new LoggerWrapper("ServletModule.Helper"); - public static Map makeGenerationData(HttpServletResponse aResponse, Locale[] aLocales) throws ServletModuleExc { - return makeGenerationData(aResponse, aLocales, "bundles.adminlocal", "bundles.admin"); + public static Map makeGenerationData(HttpServletRequest aRequest, HttpServletResponse aResponse, Locale[] aLocales) throws ServletModuleExc { + return makeGenerationData(aRequest, aResponse, aLocales, "bundles.adminlocal", "bundles.admin"); } - public static Map makeGenerationData(HttpServletResponse aResponse, Locale[] aLocales, String aBundle) throws ServletModuleExc { - return makeGenerationData(aResponse, aLocales, aBundle, aBundle); + public static Map makeGenerationData(HttpServletRequest aRequest, HttpServletResponse aResponse, Locale[] aLocales, String aBundle) throws ServletModuleExc { + return makeGenerationData(aRequest, aResponse, aLocales, aBundle, aBundle); } - public static Map makeGenerationData(HttpServletResponse aResponse, Locale[] aLocales, String aBundle, String aDefaultBundle) throws ServletModuleExc { + public static Map makeGenerationData(HttpServletRequest aRequest, HttpServletResponse aResponse, Locale[] aLocales, String aBundle, String aDefaultBundle) throws ServletModuleExc { try { Map result = new HashMap(); @@ -73,6 +74,7 @@ public class ServletHelper { aResponse.encodeURL(MirGlobal.config().getString("RootUri") + "/servlet/Mir")); result.put("returnurl", null); + result.put("login_user", getUser(aRequest)); Object languages = new CachingRewindableIterator( @@ -136,4 +138,12 @@ public class ServletHelper { throw new ServletModuleFailure(t); } } + + public static void setUser(HttpServletRequest aRequest, EntityUsers aUser) { + aRequest.getSession().setAttribute("login.uid", aUser); + } + + public static EntityUsers getUser(HttpServletRequest aRequest) { + return (EntityUsers) aRequest.getSession().getAttribute("login.uid"); + } } diff --git a/source/mircoders/servlet/ServletModuleAbuse.java b/source/mircoders/servlet/ServletModuleAbuse.java index af691d6e..8ab8aece 100755 --- a/source/mircoders/servlet/ServletModuleAbuse.java +++ b/source/mircoders/servlet/ServletModuleAbuse.java @@ -86,7 +86,7 @@ public class ServletModuleAbuse extends ServletModule { URLBuilder urlBuilder = new URLBuilder(); try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); urlBuilder.setValue("module", "Abuse"); urlBuilder.setValue("do", "showfilters"); @@ -107,7 +107,7 @@ public class ServletModuleAbuse extends ServletModule { URLBuilder urlBuilder = new URLBuilder(); try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); urlBuilder.setValue("module", "Abuse"); urlBuilder.setValue("do", "showsettings"); @@ -165,7 +165,7 @@ public class ServletModuleAbuse extends ServletModule { int count; try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); urlBuilder.setValue("module", "Abuse"); urlBuilder.setValue("do", "showlog"); responseData.put("thisurl", urlBuilder.getQuery()); diff --git a/source/mircoders/servlet/ServletModuleAdmin.java b/source/mircoders/servlet/ServletModuleAdmin.java index 4b591e9b..f7534b66 100755 --- a/source/mircoders/servlet/ServletModuleAdmin.java +++ b/source/mircoders/servlet/ServletModuleAdmin.java @@ -55,7 +55,7 @@ public class ServletModuleAdmin extends ServletModule int count; try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); urlBuilder.setValue("module", "Admin"); urlBuilder.setValue("do", "superusermenu"); diff --git a/source/mircoders/servlet/ServletModuleComment.java b/source/mircoders/servlet/ServletModuleComment.java index 27043434..0415fbb4 100755 --- a/source/mircoders/servlet/ServletModuleComment.java +++ b/source/mircoders/servlet/ServletModuleComment.java @@ -108,7 +108,7 @@ public class ServletModuleComment extends ServletModule public void showComment(String anId, HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] {getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] {getLocale(aRequest), getFallbackLocale(aRequest)}); EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel(); Map comment; URLBuilder urlBuilder = new URLBuilder(); @@ -263,7 +263,7 @@ public class ServletModuleComment extends ServletModule int count; try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); model = MirGlobal.localizer().dataModel().adapterModel(); Object commentList = diff --git a/source/mircoders/servlet/ServletModuleContent.java b/source/mircoders/servlet/ServletModuleContent.java index f62ce11d..fde748f4 100755 --- a/source/mircoders/servlet/ServletModuleContent.java +++ b/source/mircoders/servlet/ServletModuleContent.java @@ -71,7 +71,7 @@ import freemarker.template.SimpleHash; * ServletModuleContent - * deliver html for the article admin form. * - * @version $Id: ServletModuleContent.java,v 1.52.2.1 2003/05/24 15:56:38 zapata Exp $ + * @version $Id: ServletModuleContent.java,v 1.52.2.2 2003/06/19 02:24:13 zapata Exp $ * @author rk, mir-coders * */ @@ -166,22 +166,21 @@ public class ServletModuleContent extends ServletModule } } - public void add(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { - _showObject(null, req, res); + public void add(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { + _showObject(null, aRequest, aResponse); } - public void insert(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { //theLog.printDebugInfo(":: content :: trying to insert"); try { - EntityUsers user = _getUser(req); - Map withValues = getIntersectingValues(req, DatabaseContent.getInstance()); + Map withValues = getIntersectingValues(aRequest, DatabaseContent.getInstance()); String now = StringUtil.date2webdbDate(new GregorianCalendar()); withValues.put("date", now); withValues.put("publish_path", StringUtil.webdbDate2path(now)); - withValues.put("to_publisher", user.getId()); + withValues.put("to_publisher", ServletHelper.getUser(aRequest)); withValues.put("is_produced", "0"); if (!withValues.containsKey("is_published")) withValues.put("is_published","0"); @@ -195,29 +194,27 @@ public class ServletModuleContent extends ServletModule String id = mainModule.add(withValues); List topics; - DatabaseContentToTopics.getInstance().setTopics(id, req.getParameterValues("to_topic")); + DatabaseContentToTopics.getInstance().setTopics(id, aRequest.getParameterValues("to_topic")); - _showObject(id, req, res); + _showObject(id, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure(e); } } - public void delete(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { if (!configuration.getString("Mir.Localizer.Admin.AllowDeleteArticle", "0").equals("1")) throw new ServletModuleExc("Operation not permitted"); - EntityUsers user = _getUser(req); - - String idParam = req.getParameter("id"); + String idParam = aRequest.getParameter("id"); if (idParam == null) throw new ServletModuleExc("Invalid call: id missing"); - String confirmParam = req.getParameter("confirm"); - String cancelParam = req.getParameter("cancel"); + String confirmParam = aRequest.getParameter("confirm"); + String cancelParam = aRequest.getParameter("cancel"); - logger.info("where = " + req.getParameter("where")); + logger.info("where = " + aRequest.getParameter("where")); if (confirmParam == null && cancelParam == null) { @@ -225,10 +222,10 @@ public class ServletModuleContent extends ServletModule mergeData.put("module", "Content"); mergeData.put("infoString", "Content: " + idParam); mergeData.put("id", idParam); - mergeData.put("where", req.getParameter("where")); - mergeData.put("order", req.getParameter("order")); - mergeData.put("offset", req.getParameter("offset")); - deliver(req, res, mergeData, templateConfirmString); + mergeData.put("where", aRequest.getParameter("where")); + mergeData.put("order", aRequest.getParameter("order")); + mergeData.put("offset", aRequest.getParameter("offset")); + deliver(aRequest, aResponse, mergeData, templateConfirmString); } else { if (confirmParam!= null && !confirmParam.equals("")) { @@ -252,28 +249,28 @@ public class ServletModuleContent extends ServletModule catch (Throwable e) { throw new ServletModuleFailure(e); } - list(req,res); + list(aRequest,aResponse); } else { // Datensatz anzeigen - _showObject(idParam, req, res); + _showObject(idParam, aRequest, aResponse); } } } - public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String idParam = req.getParameter("id"); + String idParam = aRequest.getParameter("id"); if (idParam == null) throw new ServletModuleExc("Invalid call: id not supplied "); - _showObject(idParam, req, res); + _showObject(idParam, aRequest, aResponse); } // methods for attaching media file - public void attach(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void attach(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String mediaIdParam = req.getParameter("mid"); - String articleId = req.getParameter("articleid"); + String mediaIdParam = aRequest.getParameter("mid"); + String articleId = aRequest.getParameter("articleid"); if (articleId == null || mediaIdParam==null) throw new ServletModuleExc("smod content :: attach :: articleid/mid missing"); @@ -286,13 +283,13 @@ public class ServletModuleContent extends ServletModule throw new ServletModuleFailure(e); } - _showObject(articleId, req, res); + _showObject(articleId, aRequest, aResponse); } - public void dettach(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void dettach(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String articleId = req.getParameter("articleid"); - String midParam = req.getParameter("mid"); + String articleId = aRequest.getParameter("articleid"); + String midParam = aRequest.getParameter("mid"); if (articleId == null) throw new ServletModuleExc("smod content :: dettach :: articleid missing"); if (midParam == null) @@ -306,7 +303,7 @@ public class ServletModuleContent extends ServletModule throw new ServletModuleFailure(e); } - _showObject(articleId, req, res); + _showObject(articleId, aRequest, aResponse); } public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc @@ -367,7 +364,7 @@ public class ServletModuleContent extends ServletModule throws ServletModuleExc { try { HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel(); Map article; URLBuilder urlBuilder = new URLBuilder(); @@ -400,8 +397,6 @@ public class ServletModuleContent extends ServletModule new EntityIteratorAdapter("", configuration.getString("Mir.Localizer.Admin.TopicListOrder"), 20, MirGlobal.localizer().dataModel().adapterModel(), "topic")); - - responseData.put("returnurl", requestParser.getParameter("returnurl")); responseData.put("thisurl", urlBuilder.getQuery()); @@ -427,7 +422,7 @@ public class ServletModuleContent extends ServletModule int count; try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); model = MirGlobal.localizer().dataModel().adapterModel(); Object articleList = @@ -567,11 +562,4 @@ public class ServletModuleContent extends ServletModule redirect(aResponse, returnUrl); } - - private EntityUsers _getUser(HttpServletRequest req) - { - HttpSession session=req.getSession(false); - - return (EntityUsers)session.getAttribute("login.uid"); - } } diff --git a/source/mircoders/servlet/ServletModuleFileEdit.java b/source/mircoders/servlet/ServletModuleFileEdit.java index 3b4ca3bf..87803e34 100755 --- a/source/mircoders/servlet/ServletModuleFileEdit.java +++ b/source/mircoders/servlet/ServletModuleFileEdit.java @@ -59,7 +59,7 @@ import mir.util.URLBuilder; * in the config file. * * @author $Author: zapata $ - * @version $Revision: 1.13 $ $Date: 2003/05/08 02:43:42 $ + * @version $Revision: 1.13.2.1 $ $Date: 2003/06/19 02:24:13 $ * */ @@ -228,7 +228,7 @@ public class ServletModuleFileEdit extends ServletModule public void listSubDirectory(FileEditDirectory aDirectory, String aSubDirectory, HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); File dir = new File(aDirectory.getRootDirectory(), aSubDirectory); if (!validateDirectory(aDirectory, dir) || !dir.isDirectory()) { @@ -271,7 +271,7 @@ public class ServletModuleFileEdit extends ServletModule listSubDirectory(aDirectory, "", aRequest, aResponse); } else { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); URLBuilder urlBuilder = new URLBuilder(); urlBuilder.setValue("module", "FileEdit"); diff --git a/source/mircoders/servlet/ServletModuleLocalizer.java b/source/mircoders/servlet/ServletModuleLocalizer.java index 119e626f..0f9a8956 100755 --- a/source/mircoders/servlet/ServletModuleLocalizer.java +++ b/source/mircoders/servlet/ServletModuleLocalizer.java @@ -100,7 +100,7 @@ public class ServletModuleLocalizer extends ServletModule { try { HttpSession session = aRequest.getSession(false); return MirGlobal.localizer().dataModel().adapterModel().makeEntityAdapter - ("user", (EntityUsers) session.getAttribute("login.uid")); + ("user", ServletHelper.getUser(aRequest)); } catch (Throwable e) { throw new ServletModuleFailure("ServletModuleLocalizer.getActiveUser: " + e.getMessage(), e); @@ -145,19 +145,21 @@ public class ServletModuleLocalizer extends ServletModule { String[] operations = aRequest.getParameterValues("operation"); - for (int i=0; i0) { - List parts = StringRoutines.splitString(operations[i], ";"); + if (operations!=null) { + for (int i = 0; i < operations.length; i++) { + if (operations[i].length() > 0) { + List parts = StringRoutines.splitString(operations[i], ";"); - if (parts.size() != 2) { - logger.error("commentoperationbatch: operation string invalid: " + - operations[i]); - } - else { - String commentIdString = (String) parts.get(0); - String operationString = (String) parts.get(1); + if (parts.size() != 2) { + logger.error("commentoperationbatch: operation string invalid: " + + operations[i]); + } + else { + String commentIdString = (String) parts.get(0); + String operationString = (String) parts.get(1); - performCommentOperation(getActiveUser(aRequest), commentIdString, operationString); + performCommentOperation(getActiveUser(aRequest), commentIdString, operationString); + } } } } @@ -204,18 +206,21 @@ public class ServletModuleLocalizer extends ServletModule { String[] operations = aRequest.getParameterValues("operation"); - for (int i=0; i0) { - List parts = StringRoutines.splitString(operations[i], ";"); + if (operations!=null) { - if (parts.size() != 2) { - logger.error("articleoperationbatch: operation string invalid: " + operations[i]); - } - else { - String articleIdString = (String) parts.get(0); - String operationString = (String) parts.get(1); + for (int i = 0; i < operations.length; i++) { + if (operations[i].length() > 0) { + List parts = StringRoutines.splitString(operations[i], ";"); - performArticleOperation(getActiveUser(aRequest), articleIdString, operationString); + if (parts.size() != 2) { + logger.error("articleoperationbatch: operation string invalid: " + operations[i]); + } + else { + String articleIdString = (String) parts.get(0); + String operationString = (String) parts.get(1); + + performArticleOperation(getActiveUser(aRequest), articleIdString, operationString); + } } } } diff --git a/source/mircoders/servlet/ServletModuleOpenIndy.java b/source/mircoders/servlet/ServletModuleOpenIndy.java index 9358ffb3..4ada8b97 100755 --- a/source/mircoders/servlet/ServletModuleOpenIndy.java +++ b/source/mircoders/servlet/ServletModuleOpenIndy.java @@ -120,7 +120,7 @@ import mircoders.storage.DatabaseTopics; * open-postings to the newswire * * @author mir-coders group - * @version $Id: ServletModuleOpenIndy.java,v 1.89.2.3 2003/06/13 03:54:08 zapata Exp $ + * @version $Id: ServletModuleOpenIndy.java,v 1.89.2.4 2003/06/19 02:24:13 zapata Exp $ * */ @@ -580,7 +580,7 @@ public class ServletModuleOpenIndy extends ServletModule Session session = new HTTPAdapters.HTTPSessionAdapter(aRequest.getSession()); SimpleResponse response = new SimpleResponse( - ServletHelper.makeGenerationData(aResponse, new Locale[] { getResponseLocale(aRequest.getSession(), aRequest), getFallbackLocale(aRequest)}, + ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getResponseLocale(aRequest.getSession(), aRequest), getFallbackLocale(aRequest)}, "bundles.open")); response.setResponseValue("actionURL", aResponse.encodeURL(HttpUtils.getRequestURL(aRequest).toString())+"?"+SESSION_REQUEST_KEY+"="+aRequest.getSession().getId()); @@ -1126,7 +1126,7 @@ public class ServletModuleOpenIndy extends ServletModule public void deliver(PrintWriter anOutputWriter, HttpServletRequest aRequest, HttpServletResponse aResponse, Map aData, Map anExtra, String aGenerator) throws ServletModuleFailure { try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}, "bundles.open"); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}, "bundles.open"); responseData.put("data", aData); responseData.put("extra", anExtra); @@ -1146,7 +1146,7 @@ public class ServletModuleOpenIndy extends ServletModule public void deliver(PrintWriter anOutputWriter, HttpServletRequest aRequest, HttpServletResponse aResponse, Map aData, Map anExtra, String aGenerator,String aLocaleString) throws ServletModuleFailure { try { - Map responseData = ServletHelper.makeGenerationData(aResponse, new Locale[] { new Locale(aLocaleString,""), getFallbackLocale(aRequest)}, "bundles.open"); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { new Locale(aLocaleString,""), getFallbackLocale(aRequest)}, "bundles.open"); responseData.put("data", aData); responseData.put("extra", anExtra); diff --git a/source/mircoders/servlet/ServletModuleProducer.java b/source/mircoders/servlet/ServletModuleProducer.java index 69be3b59..97d3791d 100755 --- a/source/mircoders/servlet/ServletModuleProducer.java +++ b/source/mircoders/servlet/ServletModuleProducer.java @@ -104,7 +104,7 @@ public class ServletModuleProducer extends ServletModule try { generator = MirGlobal.localizer().generators().makeAdminGeneratorLibrary().makeGenerator("producerqueue.template"); - generationData = ServletHelper.makeGenerationData(aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + generationData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); generationData.put( "thisurl", "module=Producer&do=showProducerQueueStatus"); producersData = new Vector(); diff --git a/source/mircoders/servlet/ServletModuleUploadedMedia.java b/source/mircoders/servlet/ServletModuleUploadedMedia.java index ba34a639..595bd2c5 100755 --- a/source/mircoders/servlet/ServletModuleUploadedMedia.java +++ b/source/mircoders/servlet/ServletModuleUploadedMedia.java @@ -76,7 +76,7 @@ import freemarker.template.SimpleList; * ServletModuleBilder - * liefert HTML fuer Bilder * - * @version $Id: ServletModuleUploadedMedia.java,v 1.28 2003/04/29 02:36:51 zapata Exp $ + * @version $Id: ServletModuleUploadedMedia.java,v 1.28.2.1 2003/06/19 02:24:13 zapata Exp $ * @author RK, the mir-coders group */ @@ -94,18 +94,17 @@ public abstract class ServletModuleUploadedMedia logger = new LoggerWrapper("ServletModule.UploadedMedia"); } - public void insert(HttpServletRequest req, HttpServletResponse res) + public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc { try { - HTTPParsedRequest parsedRequest = new HTTPParsedRequest(req, + HTTPParsedRequest parsedRequest = new HTTPParsedRequest(aRequest, configuration.getString("Mir.DefaultEncoding"), configuration.getInt("MaxMediaUploadSize")*1024, configuration.getString("TempDir")); - EntityUsers user = _getUser(req); Map mediaValues = new HashMap(); - mediaValues.put("to_publisher", _getUser(req).getId()); + mediaValues.put("to_publisher", ServletHelper.getUser(aRequest).getId()); Iterator i = mainModule.getStorageObject().getFields().iterator(); while (i.hasNext()) { @@ -139,7 +138,7 @@ public abstract class ServletModuleUploadedMedia entContent.attach(((EntityUploadedMedia) i.next()).getId()); } - ((ServletModuleContent) ServletModuleContent.getInstance())._showObject(articleid, req, res); + ((ServletModuleContent) ServletModuleContent.getInstance())._showObject(articleid, aRequest, aResponse); return; } @@ -153,7 +152,7 @@ public abstract class ServletModuleUploadedMedia comment.attach( ( (EntityUploadedMedia) i.next()).getId()); } - ((ServletModuleComment) ServletModuleComment.getInstance()).showComment(commentid, req, res); + ((ServletModuleComment) ServletModuleComment.getInstance()).showComment(commentid, aRequest, aResponse); return; } @@ -169,7 +168,7 @@ public abstract class ServletModuleUploadedMedia //fetch the popups popups.put("mediafolderPopupData", DatabaseMediafolder.getInstance().getPopupData()); // raus damit - deliver(req, res, mergeData, popups, templateListString); + deliver(aRequest, aResponse, mergeData, popups, templateListString); } catch (Throwable t) { Throwable cause = ExceptionFunctions.traceCauseException(t); @@ -181,14 +180,13 @@ public abstract class ServletModuleUploadedMedia } } - public void update(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { + public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { - HTTPParsedRequest parsedRequest = new HTTPParsedRequest(req, + HTTPParsedRequest parsedRequest = new HTTPParsedRequest(aRequest, configuration.getString("Mir.DefaultEncoding"), configuration.getInt("MaxMediaUploadSize")*1024, configuration.getString("TempDir")); - EntityUsers user = _getUser(req); Map mediaValues = new HashMap(); Iterator i = mainModule.getStorageObject().getFields().iterator(); @@ -199,14 +197,14 @@ public abstract class ServletModuleUploadedMedia mediaValues.put(field, value); } - mediaValues.put("to_publisher", user.getId()); + mediaValues.put("to_publisher", ServletHelper.getUser(aRequest)); mediaValues.put("is_produced", "0"); if (!mediaValues.containsKey("is_published")) mediaValues.put("is_published", "0"); String id = mainModule.set(mediaValues); logger.debug("update: media ID = " + id); - _edit(id, req, res); + _edit(id, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure("upload -- exception " + e.toString(), e); @@ -215,30 +213,30 @@ public abstract class ServletModuleUploadedMedia } - public void list(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { + public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { // Parameter auswerten SimpleHash mergeData = new SimpleHash(); SimpleHash popups = new SimpleHash(); - String query_text = req.getParameter("query_text"); + String query_text = aRequest.getParameter("query_text"); mergeData.put("query_text", query_text); if (query_text != null) mergeData.put("query_text_encoded", URLEncoder.encode(query_text)); - String query_field = req.getParameter("query_field"); + String query_field = aRequest.getParameter("query_field"); mergeData.put("query_field", query_field); - String query_is_published = req.getParameter("query_is_published"); + String query_is_published = aRequest.getParameter("query_is_published"); mergeData.put("query_is_published", query_is_published); - String query_media_folder = req.getParameter("query_media_folder"); + String query_media_folder = aRequest.getParameter("query_media_folder"); mergeData.put("query_media_folder", query_media_folder); - String offset = req.getParameter("offset"); + String offset = aRequest.getParameter("offset"); if (offset == null || offset.equals("")) offset = "0"; mergeData.put("offset", offset); - String order = req.getParameter("order"); + String order = aRequest.getParameter("order"); if (order == null || order.equals("")) order = "webdb_lastchange desc"; // if in connection mode to content - mergeData.put("articleid", req.getParameter("articleid")); - mergeData.put("commentid", req.getParameter("commentid")); + mergeData.put("articleid", aRequest.getParameter("articleid")); + mergeData.put("commentid", aRequest.getParameter("commentid")); // sql basteln @@ -280,7 +278,7 @@ public abstract class ServletModuleUploadedMedia } popups.put("mediafolderPopupData", DatabaseMediafolder.getInstance().getPopupData()); - deliver(req, res, mergeData, popups, templateListString); + deliver(aRequest, aResponse, mergeData, popups, templateListString); } catch (Throwable e) { throw new ServletModuleFailure(e); @@ -288,16 +286,16 @@ public abstract class ServletModuleUploadedMedia } - public void add(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { + public void add(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { SimpleHash mergeData = new SimpleHash(); SimpleHash popups = new SimpleHash(); String maxMedia = MirPropertiesConfiguration.instance().getString("ServletModule.OpenIndy.MaxMediaUploadItems"); - String numOfMedia = req.getParameter("medianum"); + String numOfMedia = aRequest.getParameter("medianum"); mergeData.put("new", "1"); - mergeData.put("articleid", req.getParameter("articleid")); - mergeData.put("commentid", req.getParameter("commentid")); + mergeData.put("articleid", aRequest.getParameter("articleid")); + mergeData.put("commentid", aRequest.getParameter("commentid")); popups.put("mediafolderPopupData", DatabaseMediafolder.getInstance().getPopupData()); @@ -316,24 +314,24 @@ public abstract class ServletModuleUploadedMedia } mergeData.put("medianum",numOfMedia); mergeData.put("mediafields",mediaFields); - deliver(req, res, mergeData, popups, templateObjektString); + deliver(aRequest, aResponse, mergeData, popups, templateObjektString); } catch (Exception e) { throw new ServletModuleFailure(e); } } - public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { - String idParam = req.getParameter("id"); - _edit(idParam, req, res); + public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { + String idParam = aRequest.getParameter("id"); + _edit(idParam, aRequest, aResponse); } - private void _edit(String idParam, HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { + private void _edit(String idParam, HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { if (idParam != null && !idParam.equals("")) { try { SimpleHash popups = new SimpleHash(); popups.put("mediafolderPopupData", DatabaseMediafolder.getInstance().getPopupData()); - deliver(req, res, mainModule.getById(idParam), popups, + deliver(aRequest, aResponse, mainModule.getById(idParam), popups, templateObjektString); } catch (Throwable e) { @@ -346,14 +344,8 @@ public abstract class ServletModuleUploadedMedia } - /** @todo should be in ServletModule.java */ - private EntityUsers _getUser(HttpServletRequest req) { - HttpSession session = req.getSession(false); - return (EntityUsers) session.getAttribute("login.uid"); - } - - public void getMedia(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc { - String idParam = req.getParameter("id"); + public void getMedia(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { + String idParam = aRequest.getParameter("id"); if (idParam!=null && !idParam.equals("")) { try { EntityUploadedMedia ent = (EntityUploadedMedia)mainModule.getById(idParam); @@ -366,9 +358,9 @@ public abstract class ServletModuleUploadedMedia mediaHandler = MediaHelper.getHandler(mediaType); InputStream in = mediaHandler.getMedia(ent, mediaType); - res.setContentType(ctx.getMimeType(fName)); - //important that before calling this res.getWriter was not called first - ServletOutputStream out = res.getOutputStream(); + aResponse.setContentType(ctx.getMimeType(fName)); + //important that before calling this aResponse.getWriter was not called first + ServletOutputStream out = aResponse.getOutputStream(); int read ; byte[] buf = new byte[8 * 1024]; @@ -386,9 +378,9 @@ public abstract class ServletModuleUploadedMedia // no exception allowed } - public void getIcon(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void getIcon(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String idParam = req.getParameter("id"); + String idParam = aRequest.getParameter("id"); if (idParam!=null && !idParam.equals("")) { try { EntityUploadedMedia ent = (EntityUploadedMedia) mainModule.getById(idParam); @@ -401,9 +393,9 @@ public abstract class ServletModuleUploadedMedia if (in==null) throw new ServletModuleExc("no icon available"); - res.setContentType(mediaHandler.getIconMimeType(ent, mediaType)); - //important that before calling this res.getWriter was not called first - ServletOutputStream out = res.getOutputStream(); + aResponse.setContentType(mediaHandler.getIconMimeType(ent, mediaType)); + //important that before calling this aResponse.getWriter was not called first + ServletOutputStream out = aResponse.getOutputStream(); int read ; byte[] buf = new byte[8 * 1024]; diff --git a/source/mircoders/servlet/ServletModuleUsers.java b/source/mircoders/servlet/ServletModuleUsers.java index 1d6e2e0e..35fbda77 100755 --- a/source/mircoders/servlet/ServletModuleUsers.java +++ b/source/mircoders/servlet/ServletModuleUsers.java @@ -18,33 +18,38 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * In addition, as a special exception, The Mir-coders gives permission to link - * the code of this program with any library licensed under the Apache Software License, - * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library - * (or with modified versions of the above that use the same license as the above), - * and distribute linked combinations including the two. You must obey the - * GNU General Public License in all respects for all of the code used other than - * the above mentioned libraries. If you modify this file, you may extend this - * exception to your version of the file, but you are not obligated to do so. + * the code of this program with any library licensed under the Apache Software License, + * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library + * (or with modified versions of the above that use the same license as the above), + * and distribute linked combinations including the two. You must obey the + * GNU General Public License in all respects for all of the code used other than + * the above mentioned libraries. If you modify this file, you may extend this + * exception to your version of the file, but you are not obligated to do so. * If you do not wish to do so, delete this exception statement from your version. */ package mircoders.servlet; -import java.util.Map; +import java.util.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import freemarker.template.SimpleHash; + import mir.log.LoggerWrapper; import mir.servlet.ServletModule; import mir.servlet.ServletModuleExc; import mir.servlet.ServletModuleFailure; import mir.servlet.ServletModuleUserExc; import mir.storage.StorageObjectFailure; -import mir.util.HTTPRequestParser; +import mir.util.*; +import mir.entity.adapter.*; import mircoders.module.ModuleUsers; import mircoders.storage.DatabaseUsers; -import freemarker.template.SimpleHash; +import mircoders.global.*; +import mircoders.entity.*; +import mircoders.servlet.*; /* * ServletModuleUsers - @@ -56,54 +61,62 @@ import freemarker.template.SimpleHash; public class ServletModuleUsers extends ServletModule { + private String editTemplate; + private String listTemplate; + private static ServletModuleUsers instance = new ServletModuleUsers(); public static ServletModule getInstance() { return instance; } + protected ModuleUsers usersModule; private ServletModuleUsers() { super(); logger = new LoggerWrapper("ServletModule.Users"); - templateListString = configuration.getString("ServletModule.Users.ListTemplate"); - templateObjektString = configuration.getString("ServletModule.Users.ObjektTemplate"); + listTemplate = configuration.getString("ServletModule.Users.ListTemplate"); + editTemplate = configuration.getString("ServletModule.Users.ObjektTemplate"); templateConfirmString = configuration.getString("ServletModule.Users.ConfirmTemplate"); try { - mainModule = new ModuleUsers(DatabaseUsers.getInstance()); + usersModule = new ModuleUsers(DatabaseUsers.getInstance()); + mainModule = usersModule; } catch (StorageObjectFailure e) { logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage()); } } - public void edit(HttpServletRequest req, HttpServletResponse res) throws ServletModuleExc + public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { - String idParam = req.getParameter("id"); + String idParam = aRequest.getParameter("id"); if (idParam == null) throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified"); try { - deliver(req, res, mainModule.getById(idParam), templateObjektString); + EntityUsers user = (EntityUsers) mainModule.getById(idParam); + MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user); + + showUser(idParam, false, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure(e); } } - public void add(HttpServletRequest req, HttpServletResponse res) + public void add(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc { try { - SimpleHash mergeData = new SimpleHash(); - mergeData.put("new", "1"); - deliver(req, res, mergeData, templateObjektString); + MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest)); + + showUser(null, false, aRequest, aResponse); } catch (Throwable e) { throw new ServletModuleFailure(e); } } - public String checkPassword(HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure + public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure { if ( (aRequestParser.getParameter("newpassword") != null && aRequestParser.getParameter("newpassword").length() > 0) || @@ -112,6 +125,17 @@ public class ServletModuleUsers extends ServletModule ) { String newPassword = aRequestParser.getParameterWithDefault("newpassword", ""); String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", ""); + String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", ""); + + try { + if (!usersModule.checkUserPassword(aUser, oldPassword)) { + throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {}); + } + } + catch (Throwable t) { + throw new ServletModuleFailure(t); + } + if (newPassword.length() == 0 || newPassword2.length() == 0) { throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {}); @@ -131,10 +155,12 @@ public class ServletModuleUsers extends ServletModule throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure { try { + MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest)); + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject()); - String newPassword=checkPassword(requestParser); + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); if (newPassword!=null) withValues.put("password", newPassword); else @@ -155,10 +181,12 @@ public class ServletModuleUsers extends ServletModule { try { HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + EntityUsers user = (EntityUsers) mainModule.getById(requestParser.getParameter("id")); + MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user); Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject()); - String newPassword=checkPassword(requestParser); + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); if (newPassword!=null) withValues.put("password", newPassword); @@ -174,5 +202,176 @@ public class ServletModuleUsers extends ServletModule } } + public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure + { + try { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + EntityUsers user = (EntityUsers) mainModule.getById(requestParser.getParameter("id")); + MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user); + + String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser); + if (newPassword!=null) { + user.setValueForProperty("password", newPassword); + user.update(); + + // hackish: to make sure the cached logged in user is up-to-date: + ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId())); + } + + if (requestParser.hasParameter("returnurl")) + redirect(aResponse, requestParser.getParameter("returnurl")); + else + redirect(aResponse, ""); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc + { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + + int offset = requestParser.getIntegerWithDefault("offset", 0); + + returnUserList(aRequest, aResponse, offset); + } + + public void returnUserList( + HttpServletRequest aRequest, + HttpServletResponse aResponse, + int anOffset) throws ServletModuleExc { + + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + URLBuilder urlBuilder = new URLBuilder(); + EntityAdapterModel model; + int count; + int nrUsersPerPage = 20; + + try { + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + model = MirGlobal.localizer().dataModel().adapterModel(); + + Object userList = + new CachingRewindableIterator( + new EntityIteratorAdapter( "", "login", nrUsersPerPage, + MirGlobal.localizer().dataModel().adapterModel(), "user", nrUsersPerPage, anOffset) + ); + + responseData.put("nexturl", null); + responseData.put("prevurl", null); + + count=mainModule.getSize(""); + + urlBuilder.setValue("module", "Users"); + urlBuilder.setValue("do", "list"); + + urlBuilder.setValue("offset", anOffset); + responseData.put("offset" , new Integer(anOffset).toString()); + responseData.put("thisurl" , urlBuilder.getQuery()); + + if (count>=anOffset+nrUsersPerPage) { + urlBuilder.setValue("offset", (anOffset + nrUsersPerPage)); + responseData.put("nexturl" , urlBuilder.getQuery()); + } + + if (anOffset>0) { + urlBuilder.setValue("offset", Math.max(anOffset - nrUsersPerPage, 0)); + responseData.put("prevurl" , urlBuilder.getQuery()); + } + + responseData.put("users", userList); + responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest)))); + responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest)))); + responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest)))); + + responseData.put("from" , Integer.toString(anOffset+1)); + responseData.put("count", Integer.toString(count)); + responseData.put("to", Integer.toString(Math.min(anOffset+nrUsersPerPage, count))); + responseData.put("offset" , Integer.toString(anOffset)); + + ServletHelper.generateResponse(aResponse.getWriter(), responseData, listTemplate); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse) + throws ServletModuleExc { + try { + HTTPRequestParser requestParser = new HTTPRequestParser(aRequest); + Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)}); + EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel(); + Map user; + URLBuilder urlBuilder = new URLBuilder(); + + urlBuilder.setValue("module", "Users"); + if (anOnlyPassword) + urlBuilder.setValue("do", "changepassword"); + else + urlBuilder.setValue("do", "edit"); + urlBuilder.setValue("id", anId); + urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl")); + + if (anId!=null) { + responseData.put("new", Boolean.FALSE); + user = model.makeEntityAdapter("user", mainModule.getById(anId)); + } + else { + List fields = DatabaseUsers.getInstance().getFields(); + responseData.put("new", Boolean.TRUE); + user = new HashMap(); + Iterator i = fields.iterator(); + while (i.hasNext()) { + user.put(i.next(), null); + } + + MirGlobal.localizer().adminInterface().initializeArticle(user); + } + responseData.put("user", user); + responseData.put("passwordonly", new Boolean(anOnlyPassword)); + + responseData.put("returnurl", requestParser.getParameter("returnurl")); + responseData.put("thisurl", urlBuilder.getQuery()); + + ServletHelper.generateResponse(aResponse.getWriter(), responseData, editTemplate); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } + + public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure { + try { + EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id")); + + MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user); + + super.delete(aRequest, aResponse); + } + catch (Throwable t) { + throw new ServletModuleFailure(t); + } + } + + public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc + { + String idParam = aRequest.getParameter("id"); + + if (idParam == null) + throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified"); + + try { + EntityUsers user = (EntityUsers) mainModule.getById(idParam); + MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user); + + showUser(idParam, true, aRequest, aResponse); + } + catch (Throwable e) { + throw new ServletModuleFailure(e); + } + } } + diff --git a/templates/admin/FUNCTIONS.template b/templates/admin/FUNCTIONS.template index 4befc083..ee14c06e 100755 --- a/templates/admin/FUNCTIONS.template +++ b/templates/admin/FUNCTIONS.template @@ -13,28 +13,28 @@ - + - - - - - - - - - - + + + + + + + + + + + + ${entry[indexVariable]} + + - ${entry[indexVariable]} + ${lang("delete")} + | ${lang("edit")} + - - ${lang("delete")} - | ${lang("edit")} - - - @@ -46,6 +46,68 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ ${i} +	+ +
+ ${entry[i]} +	+ + ${lang("delete")} + + + \| + + + ${lang("edit")} + +
+ ${aCount} ${lang("records")} / ${lang("show_from_to", aFrom, aTo)} +

+ + + creates browse links, only called if necessary

@@ -77,6 +139,16 @@

+ +

+ + [+] ${lang("add")} + + [<] ${lang("back")} + [<<<] ${lang("head.start")} +

+ + @@ -109,6 +181,18 @@ + + + + ${label}: + + + + ${utility.encodeHTML(fieldcontent)} + + + + diff --git a/templates/admin/contentlist.template b/templates/admin/contentlist.template index 5143fa96..8b7078a3 100755 --- a/templates/admin/contentlist.template +++ b/templates/admin/contentlist.template @@ -129,11 +129,8 @@ - - -

${lang("no_matches_found")}

diff --git a/templates/admin/head.template b/templates/admin/head.template index a2cf60d8..e06abda9 100755 --- a/templates/admin/head.template +++ b/templates/admin/head.template @@ -7,6 +7,7 @@ ${config["Mir.Name"]} + ${lang("head.changepassword")} [ < ] ${lang("back")} | diff --git a/templates/admin/user.template b/templates/admin/user.template index a4df4892..53c8a8a2 100755 --- a/templates/admin/user.template +++ b/templates/admin/user.template @@ -11,29 +11,36 @@

- - - + + + - + + + + + - + + + + + + + - - - - + + + + +

- ${lang("user.admin")}: -	- checked> -
- + diff --git a/templates/admin/userlist.template b/templates/admin/userlist.template index 567dddfa..c97ebfb1 100755 --- a/templates/admin/userlist.template +++ b/templates/admin/userlist.template @@ -9,30 +9,16 @@ - - - - - - - - - - - - - - - - + - - - - + + + + + + ${lang("no_matches_found")} - -- 2.11.0