001: /**
002: * Copyright (c) 2003-2007, David A. Czarnecki
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions are met:
007: *
008: * Redistributions of source code must retain the above copyright notice, this list of conditions and the
009: * following disclaimer.
010: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
011: * following disclaimer in the documentation and/or other materials provided with the distribution.
012: * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
013: * endorse or promote products derived from this software without specific prior written permission.
014: * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
015: * without prior written permission of David A. Czarnecki.
016: *
017: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
018: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
019: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
020: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
021: * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
022: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
023: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
024: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
025: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
026: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
027: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
028: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
029: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
030: */package org.blojsom.plugin.admin;
031:
032: import org.apache.commons.logging.Log;
033: import org.apache.commons.logging.LogFactory;
034: import org.blojsom.blog.Blog;
035: import org.blojsom.blog.Entry;
036: import org.blojsom.blog.User;
037: import org.blojsom.fetcher.Fetcher;
038: import org.blojsom.fetcher.FetcherException;
039: import org.blojsom.plugin.PluginException;
040: import org.blojsom.util.BlojsomConstants;
041: import org.blojsom.util.BlojsomUtils;
042:
043: import javax.servlet.http.HttpServletRequest;
044: import javax.servlet.http.HttpServletResponse;
045: import java.util.Collections;
046: import java.util.Iterator;
047: import java.util.Map;
048: import java.util.TreeMap;
049:
050: /**
051: * Edit Blog Permissions plugin handles the adding and deleting of permissions for users of a given blog.
052: *
053: * @author David Czarnecki
054: * @version $Id: EditBlogPermissionsPlugin.java,v 1.7 2007/01/17 02:35:05 czarneckid Exp $
055: * @since blojsom 3.0
056: */
057: public class EditBlogPermissionsPlugin extends BaseAdminPlugin {
058:
059: private Log _logger = LogFactory
060: .getLog(EditBlogPermissionsPlugin.class);
061:
062: // Pages
063: private static final String EDIT_BLOG_PERMISSIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-permissions";
064:
065: // Constants
066: private static final String BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP = "BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP";
067:
068: // Localization constants
069: private static final String FAILED_PERMISSIONS_READ_KEY = "failed.read.permissions.text";
070: private static final String FAILED_EDIT_PERMISSIONS_KEY = "failed.edit.permissions.text";
071: private static final String PERMISSIONS_SAVED_KEY = "permissions.saved.text";
072: private static final String ERROR_SAVING_PERMISSIONS_KEY = "error.saving.permissions.text";
073: private static final String NO_PERMISSION_SPECIFIED_KEY = "no.permission.specified.text";
074: private static final String NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY = "no.blog.user.id.specified.permission.text";
075: private static final String PERMISSION_DELETED_KEY = "permission.deleted.text";
076:
077: // Actions
078: private static final String ADD_BLOG_PERMISSION_ACTION = "add-blog-permission";
079: private static final String DELETE_BLOG_PERMISSION_ACTION = "delete-blog-permission";
080:
081: // Form elements
082: private static final String BLOG_USER_ID = "blog-user-id";
083: private static final String BLOG_PERMISSION = "blog-permission";
084:
085: // Permissions
086: private static final String EDIT_BLOG_PERMISSIONS_PERMISSION = "edit_blog_permissions_permission";
087:
088: private Fetcher _fetcher;
089:
090: /**
091: * Construct a new instance of the Edit Blog Permissions plugin
092: */
093: public EditBlogPermissionsPlugin() {
094: }
095:
096: /**
097: * Set the {@link Fetcher}
098: *
099: * @param fetcher {@link Fetcher}
100: */
101: public void setFetcher(Fetcher fetcher) {
102: _fetcher = fetcher;
103: }
104:
105: /**
106: * Read the permissions file for a given blog
107: *
108: * @param user User
109: * @return Permissions for the given blog
110: */
111: protected Map readPermissionsForUser(User user) {
112: Map permissions = new TreeMap();
113: Iterator keyIterator = user.getMetaData().keySet().iterator();
114:
115: while (keyIterator.hasNext()) {
116: String property = (String) keyIterator.next();
117: if (property.endsWith(BlojsomConstants.PERMISSION_SUFFIX)) {
118: permissions.put(property, user.getMetaData().get(
119: property));
120: }
121: }
122:
123: return permissions;
124: }
125:
126: /**
127: * Add the permissions for the users in a blog to the context
128: *
129: * @param context Context
130: * @param blog {@link Blog}
131: */
132: protected void setupPermissionsInContext(Map context, Blog blog) {
133: User[] users = _fetcher.getUsers(blog);
134: TreeMap userIDs = new TreeMap();
135: for (int i = 0; i < users.length; i++) {
136: User userFromBlog = users[i];
137: Map permissionsForUser = readPermissionsForUser(userFromBlog);
138:
139: userIDs
140: .put(userFromBlog.getUserLogin(),
141: permissionsForUser);
142: }
143:
144: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP,
145: Collections.unmodifiableMap(userIDs));
146: }
147:
148: /**
149: * Process the blog entries
150: *
151: * @param httpServletRequest Request
152: * @param httpServletResponse Response
153: * @param blog {@link Blog} instance
154: * @param context Context
155: * @param entries Blog entries retrieved for the particular request
156: * @return Modified set of blog entries
157: * @throws PluginException If there is an error processing the blog entries
158: */
159: public Entry[] process(HttpServletRequest httpServletRequest,
160: HttpServletResponse httpServletResponse, Blog blog,
161: Map context, Entry[] entries) throws PluginException {
162: if (!authenticateUser(httpServletRequest, httpServletResponse,
163: context, blog)) {
164: httpServletRequest.setAttribute(
165: BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE);
166:
167: return entries;
168: }
169:
170: String username = getUsernameFromSession(httpServletRequest,
171: blog);
172: if (!checkPermission(blog, null, username,
173: EDIT_BLOG_PERMISSIONS_PERMISSION)) {
174: httpServletRequest.setAttribute(
175: BlojsomConstants.PAGE_PARAM,
176: ADMIN_ADMINISTRATION_PAGE);
177: addOperationResultMessage(context, getAdminResource(
178: FAILED_EDIT_PERMISSIONS_KEY,
179: FAILED_EDIT_PERMISSIONS_KEY, blog
180: .getBlogAdministrationLocale()));
181:
182: return entries;
183: }
184:
185: String action = BlojsomUtils.getRequestValue(ACTION_PARAM,
186: httpServletRequest);
187: if (BlojsomUtils.checkNullOrBlank(action)) {
188: _logger
189: .debug("User did not request edit permission action");
190: httpServletRequest.setAttribute(
191: BlojsomConstants.PAGE_PARAM,
192: ADMIN_ADMINISTRATION_PAGE);
193: } else if (PAGE_ACTION.equals(action)) {
194: _logger.debug("User requested edit blog permissions page");
195: } else if (ADD_BLOG_PERMISSION_ACTION.equals(action)) {
196: _logger.debug("User requested add permission action");
197:
198: String blogUserID = BlojsomUtils.getRequestValue(
199: BLOG_USER_ID, httpServletRequest);
200: if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
201: String permissionToAdd = BlojsomUtils.getRequestValue(
202: BLOG_PERMISSION, httpServletRequest);
203: if (!BlojsomUtils.checkNullOrBlank(permissionToAdd)
204: && (permissionToAdd
205: .endsWith(BlojsomConstants.PERMISSION_SUFFIX))) {
206: User user;
207: try {
208: user = _fetcher.loadUser(blog, blogUserID);
209: } catch (FetcherException e) {
210: if (_logger.isErrorEnabled()) {
211: _logger.error(e);
212: }
213:
214: httpServletRequest.setAttribute(
215: BlojsomConstants.PAGE_PARAM,
216: ADMIN_ADMINISTRATION_PAGE);
217: addOperationResultMessage(
218: context,
219: getAdminResource(
220: FAILED_EDIT_PERMISSIONS_KEY,
221: FAILED_EDIT_PERMISSIONS_KEY,
222: blog
223: .getBlogAdministrationLocale()));
224:
225: return entries;
226: } catch (NumberFormatException e) {
227: if (_logger.isErrorEnabled()) {
228: _logger.error(e);
229: }
230:
231: httpServletRequest.setAttribute(
232: BlojsomConstants.PAGE_PARAM,
233: ADMIN_ADMINISTRATION_PAGE);
234: addOperationResultMessage(
235: context,
236: getAdminResource(
237: FAILED_EDIT_PERMISSIONS_KEY,
238: FAILED_EDIT_PERMISSIONS_KEY,
239: blog
240: .getBlogAdministrationLocale()));
241:
242: return entries;
243: }
244:
245: String[] permissions = BlojsomUtils
246: .parseOnlyCommaList(permissionToAdd, true);
247: for (int i = 0; i < permissions.length; i++) {
248: String permission = permissions[i];
249: if (permission
250: .endsWith(BlojsomConstants.PERMISSION_SUFFIX)) {
251: user.getMetaData().put(permission,
252: Boolean.TRUE.toString());
253: }
254: }
255:
256: try {
257: _fetcher.saveUser(blog, user);
258:
259: addOperationResultMessage(
260: context,
261: getAdminResource(
262: PERMISSIONS_SAVED_KEY,
263: PERMISSIONS_SAVED_KEY,
264: blog
265: .getBlogAdministrationLocale()));
266: } catch (FetcherException e) {
267: _logger.error(e);
268:
269: addOperationResultMessage(
270: context,
271: getAdminResource(
272: ERROR_SAVING_PERMISSIONS_KEY,
273: ERROR_SAVING_PERMISSIONS_KEY,
274: blog
275: .getBlogAdministrationLocale()));
276: }
277: } else {
278: addOperationResultMessage(context,
279: getAdminResource(
280: NO_PERMISSION_SPECIFIED_KEY,
281: NO_PERMISSION_SPECIFIED_KEY,
282: blog.getBlogAdministrationLocale()));
283: }
284: } else {
285: addOperationResultMessage(context, getAdminResource(
286: NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY,
287: NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog
288: .getBlogAdministrationLocale()));
289: _logger.debug("No blog user id specified");
290: }
291: } else if (DELETE_BLOG_PERMISSION_ACTION.equals(action)) {
292: _logger.debug("User requested delete permission action");
293:
294: String blogUserID = BlojsomUtils.getRequestValue(
295: BLOG_USER_ID, httpServletRequest);
296: if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
297: String permissionToDelete = BlojsomUtils
298: .getRequestValue(BLOG_PERMISSION,
299: httpServletRequest);
300: if (!BlojsomUtils.checkNullOrBlank(permissionToDelete)
301: && (permissionToDelete
302: .endsWith(BlojsomConstants.PERMISSION_SUFFIX))) {
303: User user;
304: try {
305: user = _fetcher.loadUser(blog, blogUserID);
306: } catch (FetcherException e) {
307: if (_logger.isErrorEnabled()) {
308: _logger.error(e);
309: }
310:
311: httpServletRequest.setAttribute(
312: BlojsomConstants.PAGE_PARAM,
313: ADMIN_ADMINISTRATION_PAGE);
314: addOperationResultMessage(
315: context,
316: getAdminResource(
317: FAILED_EDIT_PERMISSIONS_KEY,
318: FAILED_EDIT_PERMISSIONS_KEY,
319: blog
320: .getBlogAdministrationLocale()));
321:
322: return entries;
323: } catch (NumberFormatException e) {
324: if (_logger.isErrorEnabled()) {
325: _logger.error(e);
326: }
327:
328: httpServletRequest.setAttribute(
329: BlojsomConstants.PAGE_PARAM,
330: ADMIN_ADMINISTRATION_PAGE);
331: addOperationResultMessage(
332: context,
333: getAdminResource(
334: FAILED_EDIT_PERMISSIONS_KEY,
335: FAILED_EDIT_PERMISSIONS_KEY,
336: blog
337: .getBlogAdministrationLocale()));
338:
339: return entries;
340: }
341:
342: user.getMetaData().remove(permissionToDelete);
343:
344: try {
345: _fetcher.saveUser(blog, user);
346:
347: addOperationResultMessage(
348: context,
349: getAdminResource(
350: PERMISSIONS_SAVED_KEY,
351: PERMISSIONS_SAVED_KEY,
352: blog
353: .getBlogAdministrationLocale()));
354: } catch (FetcherException e) {
355: _logger.error(e);
356:
357: addOperationResultMessage(
358: context,
359: getAdminResource(
360: ERROR_SAVING_PERMISSIONS_KEY,
361: ERROR_SAVING_PERMISSIONS_KEY,
362: blog
363: .getBlogAdministrationLocale()));
364: }
365: } else {
366: addOperationResultMessage(context,
367: getAdminResource(
368: NO_PERMISSION_SPECIFIED_KEY,
369: NO_PERMISSION_SPECIFIED_KEY,
370: blog.getBlogAdministrationLocale()));
371: }
372: } else {
373: addOperationResultMessage(context, getAdminResource(
374: NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY,
375: NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog
376: .getBlogAdministrationLocale()));
377: _logger
378: .debug("No blog user ID to delete from permissions");
379: }
380: }
381:
382: setupPermissionsInContext(context, blog);
383: httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM,
384: EDIT_BLOG_PERMISSIONS_PAGE);
385:
386: return entries;
387: }
388: }
|