2 * Copyright (C) 2001, 2002 The Mir-coders group
4 * This file is part of Mir.
6 * Mir is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * Mir is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with Mir; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20 * In addition, as a special exception, The Mir-coders gives permission to link
21 * the code of this program with any library licensed under the Apache Software License,
22 * The Sun (tm) Java Advanced Imaging library (JAI), The Sun JIMI library
23 * (or with modified versions of the above that use the same license as the above),
24 * and distribute linked combinations including the two. You must obey the
25 * GNU General Public License in all respects for all of the code used other than
26 * the above mentioned libraries. If you modify this file, you may extend this
27 * exception to your version of the file, but you are not obligated to do so.
28 * If you do not wish to do so, delete this exception statement from your version.
31 package mircoders.servlet;
33 import mir.entity.adapter.EntityAdapterEngine;
34 import mir.entity.adapter.EntityAdapterModel;
35 import mir.log.LoggerWrapper;
36 import mir.servlet.ServletModule;
37 import mir.servlet.ServletModuleExc;
38 import mir.servlet.ServletModuleFailure;
39 import mir.servlet.ServletModuleUserExc;
40 import mir.util.HTTPRequestParser;
41 import mir.util.URLBuilder;
42 import mircoders.entity.EntityUsers;
43 import mircoders.global.MirGlobal;
44 import mircoders.module.ModuleUsers;
45 import mircoders.storage.DatabaseUsers;
47 import javax.servlet.http.HttpServletRequest;
48 import javax.servlet.http.HttpServletResponse;
55 public class ServletModuleUsers extends ServletModule
57 private static ServletModuleUsers instance = new ServletModuleUsers();
58 public static ServletModule getInstance() { return instance; }
59 protected ModuleUsers usersModule;
61 private ServletModuleUsers() {
63 logger = new LoggerWrapper("ServletModule.Users");
67 usersModule = new ModuleUsers();
68 mainModule = usersModule;
71 logger.debug("initialization of ServletModuleUsers failed!: " + e.getMessage());
75 public void edit(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
77 String idParam = aRequest.getParameter("id");
80 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
83 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
84 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
86 showUser(idParam, false, aRequest, aResponse);
89 throw new ServletModuleFailure(e);
93 public void add(HttpServletRequest aRequest, HttpServletResponse aResponse)
94 throws ServletModuleExc
97 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
99 showUser(null, false, aRequest, aResponse);
101 catch (Throwable e) {
102 throw new ServletModuleFailure(e);
106 public String validatePassword(EntityUsers aUser, HTTPRequestParser aRequestParser) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
108 if ( (aRequestParser.getParameter("newpassword") != null &&
109 aRequestParser.getParameter("newpassword").length() > 0) ||
110 (aRequestParser.getParameter("newpassword2") != null &&
111 aRequestParser.getParameter("newpassword2").length() > 0)
113 String newPassword = aRequestParser.getParameterWithDefault("newpassword", "");
114 String newPassword2 = aRequestParser.getParameterWithDefault("newpassword2", "");
115 String oldPassword = aRequestParser.getParameterWithDefault("oldpassword", "");
118 if (!usersModule.checkUserPassword(aUser, oldPassword)) {
119 throw new ServletModuleUserExc("user.error.incorrectpassword", new String[] {});
122 catch (Throwable t) {
123 throw new ServletModuleFailure(t);
127 if (newPassword.length() == 0 || newPassword2.length() == 0) {
128 throw new ServletModuleUserExc("user.error.missingpasswords", new String[] {});
131 if (!newPassword.equals(newPassword2)) {
132 throw new ServletModuleUserExc("user.error.passwordmismatch", new String[] {});
140 public void insert(HttpServletRequest aRequest, HttpServletResponse aResponse)
141 throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
144 MirGlobal.accessControl().user().assertMayAddUsers(ServletHelper.getUser(aRequest));
146 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
147 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
149 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
150 if (newPassword!=null)
151 withValues.put("password", newPassword);
153 throw new ServletModuleUserExc("user.error.missingpassword", new String[] {});
155 String id = mainModule.add(withValues);
157 logAdminUsage(aRequest, id, "object added");
159 if (requestParser.hasParameter("returnurl"))
160 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
162 list(aRequest, aResponse);
164 catch (Throwable e) {
165 throw new ServletModuleFailure(e);
169 public void update(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
172 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
173 String id = requestParser.getParameter("id");
174 EntityUsers user = (EntityUsers) mainModule.getById(id);
175 MirGlobal.accessControl().user().assertMayEditUser(ServletHelper.getUser(aRequest), user);
177 Map withValues = getIntersectingValues(aRequest, mainModule.getStorageObject());
178 if (!withValues.containsKey("is_admin"))
179 withValues.put("is_admin","0");
180 if (!withValues.containsKey("is_disabled"))
181 withValues.put("is_disabled","0");
183 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
184 if (newPassword!=null)
185 withValues.put("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
187 mainModule.set(withValues);
189 logAdminUsage(aRequest, id, "object modified");
191 if (requestParser.hasParameter("returnurl"))
192 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
194 list(aRequest, aResponse);
196 catch (Throwable e) {
197 throw new ServletModuleFailure(e);
201 public void updatepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc, ServletModuleUserExc, ServletModuleFailure
204 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
205 String id = requestParser.getParameter("id");
206 EntityUsers user = (EntityUsers) mainModule.getById(id);
207 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
209 String newPassword=validatePassword(ServletHelper.getUser(aRequest), requestParser);
210 if (newPassword!=null) {
211 user.setFieldValue("password", MirGlobal.localizer().adminInterface().makePasswordDigest(newPassword));
214 logAdminUsage(aRequest, id, "password changed");
216 // hackish: to make sure the cached logged in user is up-to-date:
217 ServletHelper.setUser(aRequest, (EntityUsers) mainModule.getById(ServletHelper.getUser(aRequest).getId()));
220 if (requestParser.hasParameter("returnurl"))
221 ServletHelper.redirect(aResponse, requestParser.getParameter("returnurl"));
223 ServletHelper.redirect(aResponse, "");
225 catch (Throwable e) {
226 throw new ServletModuleFailure(e);
230 public void list(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
232 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
234 int offset = requestParser.getIntegerWithDefault("offset", 0);
236 returnUserList(aRequest, aResponse, offset);
239 public void returnUserList(
240 HttpServletRequest aRequest,
241 HttpServletResponse aResponse,
242 int anOffset) throws ServletModuleExc {
244 URLBuilder urlBuilder = new URLBuilder();
247 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
250 EntityAdapterEngine.retrieveAdapterList(model, definition, "", "login", nrEntitiesPerListPage, anOffset);
252 responseData.put("nexturl", null);
253 responseData.put("prevurl", null);
255 urlBuilder.setValue("module", "Users");
256 urlBuilder.setValue("do", "list");
258 urlBuilder.setValue("offset", anOffset);
259 responseData.put("offset" , new Integer(anOffset).toString());
260 responseData.put("thisurl" , urlBuilder.getQuery());
262 if (list.size()>=nrEntitiesPerListPage) {
263 urlBuilder.setValue("offset", (anOffset + nrEntitiesPerListPage));
264 responseData.put("nexturl" , urlBuilder.getQuery());
268 urlBuilder.setValue("offset", Math.max(anOffset - nrEntitiesPerListPage, 0));
269 responseData.put("prevurl" , urlBuilder.getQuery());
272 responseData.put("users", list);
273 responseData.put("mayDeleteUsers", new Boolean(MirGlobal.accessControl().user().mayDeleteUsers(ServletHelper.getUser(aRequest))));
274 responseData.put("mayAddUsers", new Boolean(MirGlobal.accessControl().user().mayAddUsers(ServletHelper.getUser(aRequest))));
275 responseData.put("mayEditUsers", new Boolean(MirGlobal.accessControl().user().mayEditUsers(ServletHelper.getUser(aRequest))));
277 responseData.put("from" , Integer.toString(anOffset+1));
278 responseData.put("to", Integer.toString(anOffset+list.size()));
279 responseData.put("offset" , Integer.toString(anOffset));
281 ServletHelper.generateResponse(aResponse.getWriter(), responseData, listGenerator);
283 catch (Throwable e) {
284 throw new ServletModuleFailure(e);
288 public void showUser(String anId, boolean anOnlyPassword, HttpServletRequest aRequest, HttpServletResponse aResponse)
289 throws ServletModuleExc {
291 HTTPRequestParser requestParser = new HTTPRequestParser(aRequest);
292 Map responseData = ServletHelper.makeGenerationData(aRequest, aResponse, new Locale[] { getLocale(aRequest), getFallbackLocale(aRequest)});
293 EntityAdapterModel model = MirGlobal.localizer().dataModel().adapterModel();
295 URLBuilder urlBuilder = new URLBuilder();
297 urlBuilder.setValue("module", "Users");
299 urlBuilder.setValue("do", "changepassword");
301 urlBuilder.setValue("do", "edit");
302 urlBuilder.setValue("id", anId);
303 urlBuilder.setValue("returnurl", requestParser.getParameter("returnurl"));
306 responseData.put("new", Boolean.FALSE);
307 user = model.makeEntityAdapter("user", mainModule.getById(anId));
310 List fields = DatabaseUsers.getInstance().getFieldNames();
311 responseData.put("new", Boolean.TRUE);
312 user = new HashMap();
313 Iterator i = fields.iterator();
314 while (i.hasNext()) {
315 user.put(i.next(), null);
318 MirGlobal.localizer().adminInterface().initializeArticle(user);
320 responseData.put("user", user);
321 responseData.put("passwordonly", new Boolean(anOnlyPassword));
323 responseData.put("returnurl", requestParser.getParameter("returnurl"));
324 responseData.put("thisurl", urlBuilder.getQuery());
326 ServletHelper.generateResponse(aResponse.getWriter(), responseData, editGenerator);
328 catch (Throwable e) {
329 throw new ServletModuleFailure(e);
333 public void delete(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleUserExc, ServletModuleExc, ServletModuleFailure {
335 EntityUsers user = (EntityUsers) mainModule.getById(aRequest.getParameter("id"));
337 MirGlobal.accessControl().user().assertMayDeleteUser(ServletHelper.getUser(aRequest), user);
339 super.delete(aRequest, aResponse);
341 catch (Throwable t) {
342 throw new ServletModuleFailure(t);
346 public void changepassword(HttpServletRequest aRequest, HttpServletResponse aResponse) throws ServletModuleExc
348 String idParam = aRequest.getParameter("id");
351 throw new ServletModuleExc("ServletModuleUser.edit: invalid call: (id) not specified");
354 EntityUsers user = (EntityUsers) mainModule.getById(idParam);
355 MirGlobal.accessControl().user().assertMayChangeUserPassword(ServletHelper.getUser(aRequest), user);
357 showUser(idParam, true, aRequest, aResponse);
359 catch (Throwable e) {
360 throw new ServletModuleFailure(e);