0001: /**********************************************************************************
0002: * $URL: https://source.sakaiproject.org/svn/authz/tags/sakai_2-4-1/authz-tool/tool/src/java/org/sakaiproject/authz/tool/RealmsAction.java $
0003: * $Id: RealmsAction.java 21432 2007-02-14 17:00:23Z jholtzman@berkeley.edu $
0004: ***********************************************************************************
0005: *
0006: * Copyright (c) 2003, 2004, 2005, 2006 The Sakai Foundation.
0007: *
0008: * Licensed under the Educational Community License, Version 1.0 (the "License");
0009: * you may not use this file except in compliance with the License.
0010: * You may obtain a copy of the License at
0011: *
0012: * http://www.opensource.org/licenses/ecl1.php
0013: *
0014: * Unless required by applicable law or agreed to in writing, software
0015: * distributed under the License is distributed on an "AS IS" BASIS,
0016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0017: * See the License for the specific language governing permissions and
0018: * limitations under the License.
0019: *
0020: **********************************************************************************/package org.sakaiproject.authz.tool;
0021:
0022: import java.util.Collections;
0023: import java.util.List;
0024: import java.util.Vector;
0025:
0026: import org.sakaiproject.authz.api.AuthzGroup;
0027: import org.sakaiproject.authz.api.AuthzPermissionException;
0028: import org.sakaiproject.authz.api.GroupAlreadyDefinedException;
0029: import org.sakaiproject.authz.api.GroupIdInvalidException;
0030: import org.sakaiproject.authz.api.GroupNotDefinedException;
0031: import org.sakaiproject.authz.api.Member;
0032: import org.sakaiproject.authz.api.Role;
0033: import org.sakaiproject.authz.api.RoleAlreadyDefinedException;
0034: import org.sakaiproject.authz.cover.AuthzGroupService;
0035: import org.sakaiproject.authz.cover.FunctionManager;
0036: import org.sakaiproject.authz.cover.SecurityService;
0037: import org.sakaiproject.cheftool.Context;
0038: import org.sakaiproject.cheftool.JetspeedRunData;
0039: import org.sakaiproject.cheftool.PagedResourceActionII;
0040: import org.sakaiproject.cheftool.RunData;
0041: import org.sakaiproject.cheftool.VelocityPortlet;
0042: import org.sakaiproject.cheftool.api.Menu;
0043: import org.sakaiproject.cheftool.api.MenuItem;
0044: import org.sakaiproject.cheftool.menu.MenuEntry;
0045: import org.sakaiproject.cheftool.menu.MenuImpl;
0046: import org.sakaiproject.event.api.SessionState;
0047: import org.sakaiproject.javax.PagingPosition;
0048: import org.sakaiproject.user.api.User;
0049: import org.sakaiproject.user.api.UserNotDefinedException;
0050: import org.sakaiproject.user.cover.UserDirectoryService;
0051: import org.sakaiproject.util.ResourceLoader;
0052: import org.sakaiproject.util.StringUtil;
0053:
0054: /**
0055: * <p>
0056: * RealmsAction is the Sakai Admin realms editor.
0057: * </p>
0058: */
0059: public class RealmsAction extends PagedResourceActionII {
0060:
0061: /** Resource bundle using current language locale */
0062: private static ResourceLoader rb = new ResourceLoader("authz-tool");
0063:
0064: /**
0065: * {@inheritDoc}
0066: */
0067: protected List readResourcesPage(SessionState state, int first,
0068: int last) {
0069: // search?
0070: String search = StringUtil.trimToNull((String) state
0071: .getAttribute(STATE_SEARCH));
0072:
0073: return AuthzGroupService.getAuthzGroups(search,
0074: new PagingPosition(first, last));
0075: }
0076:
0077: /**
0078: * {@inheritDoc}
0079: */
0080: protected int sizeResources(SessionState state) {
0081: // search?
0082: String search = StringUtil.trimToNull((String) state
0083: .getAttribute(STATE_SEARCH));
0084:
0085: return AuthzGroupService.countAuthzGroups(search);
0086: }
0087:
0088: /**
0089: * Populate the state object, if needed.
0090: */
0091: protected void initState(SessionState state,
0092: VelocityPortlet portlet, JetspeedRunData rundata) {
0093: super .initState(state, portlet, rundata);
0094:
0095: // // setup the observer to notify our main panel
0096: // if (state.getAttribute(STATE_OBSERVER) == null)
0097: // {
0098: // // the delivery location for this tool
0099: // String deliveryId = clientWindowId(state, portlet.getID());
0100: //
0101: // // the html element to update on delivery
0102: // String elementId = mainPanelUpdateId(portlet.getID());
0103: //
0104: // // the event resource reference pattern to watch for
0105: // String pattern = AuthzGroupService.realmReference("");
0106: //
0107: // state.setAttribute(STATE_OBSERVER, new EventObservingCourier(deliveryId, elementId, pattern));
0108: // }
0109:
0110: } // initState
0111:
0112: /**
0113: * build the context
0114: */
0115: public String buildMainPanelContext(VelocityPortlet portlet,
0116: Context context, RunData rundata, SessionState state) {
0117: context.put("tlang", rb);
0118:
0119: // if not logged in as the super user, we won't do anything
0120: if (!SecurityService.isSuperUser()) {
0121: return (String) getContext(rundata).get("template")
0122: + "_noaccess";
0123: }
0124:
0125: String template = null;
0126:
0127: // check mode and dispatch
0128: String mode = (String) state.getAttribute("mode");
0129: if (mode == null) {
0130: template = buildListContext(state, context);
0131: } else if (mode.equals("new")) {
0132: template = buildNewContext(state, context);
0133: } else if (mode.equals("edit")) {
0134: template = buildEditContext(state, context);
0135: } else if (mode.equals("confirm")) {
0136: template = buildConfirmRemoveContext(state, context);
0137: } else if (mode.equals("saveas")) {
0138: template = buildSaveasContext(state, context);
0139: }
0140:
0141: else if (mode.equals("newRole")) {
0142: template = buildNewRoleContext(state, context);
0143: } else if (mode.equals("editRole")) {
0144: template = buildEditRoleContext(state, context);
0145: } else if (mode.equals("saveasRole")) {
0146: template = buildSaveasRoleContext(state, context);
0147: }
0148:
0149: else if (mode.equals("newUser")) {
0150: template = buildNewUserContext(state, context);
0151: } else if (mode.equals("editUser")) {
0152: template = buildEditUserContext(state, context);
0153: }
0154:
0155: else {
0156: Log.warn("chef", "RealmsAction: mode: " + mode);
0157: template = buildListContext(state, context);
0158: }
0159:
0160: String prefix = (String) getContext(rundata).get("template");
0161: return prefix + template;
0162:
0163: } // buildMainPanelContext
0164:
0165: /**
0166: * Build the context for the main list mode.
0167: */
0168: private String buildListContext(SessionState state, Context context) {
0169: // prepare the paging of realms
0170: List realms = prepPage(state);
0171:
0172: // put the service in the context (used for allow update calls on each realm)
0173: context.put("service", AuthzGroupService.getInstance());
0174:
0175: // put all realms into the context
0176: context.put("realms", realms);
0177:
0178: int pageSize = Integer.valueOf(
0179: state.getAttribute(STATE_PAGESIZE).toString())
0180: .intValue();
0181: int currentPageNubmer = Integer.valueOf(
0182: state.getAttribute(STATE_CURRENT_PAGE).toString())
0183: .intValue();
0184: int startNumber = pageSize * (currentPageNubmer - 1) + 1;
0185: int endNumber = pageSize * currentPageNubmer;
0186:
0187: int totalNumber = 0;
0188: try {
0189: totalNumber = Integer.valueOf(
0190: state.getAttribute(STATE_NUM_MESSAGES).toString())
0191: .intValue();
0192: } catch (java.lang.NullPointerException ignore) {
0193: } catch (java.lang.NumberFormatException ignore) {
0194: }
0195:
0196: if (totalNumber < endNumber)
0197: endNumber = totalNumber;
0198:
0199: context.put("startNumber", new Integer(startNumber));
0200: context.put("endNumber", new Integer(endNumber));
0201: context.put("totalNumber", new Integer(totalNumber));
0202:
0203: // build the menu
0204: Menu bar = new MenuImpl();
0205: if (AuthzGroupService.allowAdd("")) {
0206: bar.add(new MenuEntry(rb.getString("realm.new"), "doNew"));
0207: }
0208:
0209: // add the paging commands
0210: addListPagingMenus(bar, state);
0211:
0212: // add the search commands
0213: addSearchMenus(bar, state);
0214:
0215: // add the refresh commands
0216: addRefreshMenus(bar, state);
0217:
0218: if (bar.size() > 0) {
0219: context.put(Menu.CONTEXT_MENU, bar);
0220: }
0221:
0222: // inform the observing courier that we just updated the page...
0223: // if there are pending requests to do so they can be cleared
0224: justDelivered(state);
0225:
0226: return "_list";
0227:
0228: } // buildListContext
0229:
0230: /**
0231: * Build the context for the new realm mode.
0232: */
0233: private String buildNewContext(SessionState state, Context context) {
0234: // name the html form for user edit fields
0235: context.put("form-name", "realm-form");
0236:
0237: return "_edit";
0238:
0239: } // buildNewContext
0240:
0241: /**
0242: * Build the context for the edit realm mode.
0243: */
0244: private String buildEditContext(SessionState state, Context context) {
0245: // get the realm to edit
0246: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0247: context.put("realm", realm);
0248:
0249: // get the roles defined in the realm
0250: List roles = new Vector();
0251: roles.addAll(realm.getRoles());
0252: Collections.sort(roles);
0253: context.put("roles", roles);
0254:
0255: // get a list of the users who have individual grants in the realm
0256: List grants = new Vector();
0257: grants.addAll(realm.getMembers());
0258: Collections.sort(grants);
0259: context.put("grants", grants);
0260:
0261: // name the html form for user edit fields
0262: context.put("form-name", "realm-form");
0263:
0264: // build the menu
0265: // we need the form fields for the remove...
0266: Menu bar = new MenuImpl();
0267: if (AuthzGroupService.allowRemove(realm.getId())) {
0268: bar
0269: .add(new MenuEntry(rb.getString("realm.remove"),
0270: null, true, MenuItem.CHECKED_NA,
0271: "doRemove", "realm-form"));
0272: }
0273:
0274: bar.add(new MenuEntry(rb.getString("realm.add"), null, true,
0275: MenuItem.CHECKED_NA, "doNew_role", "realm-form"));
0276: bar.add(new MenuEntry(rb.getString("realm.grant"), null, true,
0277: MenuItem.CHECKED_NA, "doNew_user", "realm-form"));
0278:
0279: bar.add(new MenuEntry(rb.getString("realm.save"), null, true,
0280: MenuItem.CHECKED_NA, "doSaveas_request", "realm-form"));
0281:
0282: context.put(Menu.CONTEXT_MENU, bar);
0283:
0284: return "_edit";
0285:
0286: } // buildEditContext
0287:
0288: /**
0289: * Build the context for the new realm mode.
0290: */
0291: private String buildConfirmRemoveContext(SessionState state,
0292: Context context) {
0293: // get the realm to edit
0294: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0295: context.put("realm", realm);
0296:
0297: return "_confirm_remove";
0298:
0299: } // buildConfirmRemoveContext
0300:
0301: /**
0302: * Build the context for the role save as
0303: */
0304: private String buildSaveasRoleContext(SessionState state,
0305: Context context) {
0306: // get the realm to edit
0307: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0308: context.put("realm", realm);
0309:
0310: // get the role
0311: Role role = (Role) state.getAttribute("role");
0312: context.put("role", role);
0313:
0314: return "_saveas_role";
0315:
0316: } // buildSaveasRoleContext
0317:
0318: /**
0319: * Build the context for the new role mode.
0320: */
0321: private String buildNewRoleContext(SessionState state,
0322: Context context) {
0323: // name the html form for user edit fields
0324: context.put("form-name", "role-form");
0325:
0326: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0327: context.put("realm", realm);
0328:
0329: // get all functions
0330: List allFunctions = FunctionManager.getRegisteredFunctions();
0331: Collections.sort(allFunctions);
0332: context.put("allLocks", allFunctions);
0333:
0334: // get all roles
0335: List allRoles = new Vector();
0336: allRoles.addAll(realm.getRoles());
0337: Collections.sort(allRoles);
0338: context.put("allRoles", allRoles);
0339:
0340: return "_edit_role";
0341:
0342: } // buildNewRoleContext
0343:
0344: /**
0345: * Build the context for the edit role mode.
0346: */
0347: private String buildEditRoleContext(SessionState state,
0348: Context context) {
0349: // name the html form for user edit fields
0350: context.put("form-name", "role-form");
0351:
0352: // get the realm
0353: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0354: context.put("realm", realm);
0355:
0356: // get the role
0357: Role role = (Role) state.getAttribute("role");
0358: context.put("role", role);
0359:
0360: // get all functions
0361: List allFunctions = FunctionManager.getRegisteredFunctions();
0362: Collections.sort(allFunctions);
0363: context.put("allLocks", allFunctions);
0364:
0365: // get all roles
0366: List allRoles = new Vector();
0367: allRoles.addAll(realm.getRoles());
0368: Collections.sort(allRoles);
0369: context.put("allRoles", allRoles);
0370:
0371: // build the menu
0372: Menu bar = new MenuImpl();
0373: bar.add(new MenuEntry(rb.getString("realm.removerol"), null,
0374: true, MenuItem.CHECKED_NA, "doRemove_role"));
0375: bar
0376: .add(new MenuEntry(rb.getString("realm.copyrol"), null,
0377: true, MenuItem.CHECKED_NA, "doSaveas_role",
0378: "role-form"));
0379: context.put(Menu.CONTEXT_MENU, bar);
0380:
0381: return "_edit_role";
0382:
0383: } // buildEditRoleContext
0384:
0385: /**
0386: * Build the context for the new user grant mode.
0387: */
0388: private String buildNewUserContext(SessionState state,
0389: Context context) {
0390: // name the html form for user edit fields
0391: context.put("form-name", "user-form");
0392:
0393: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0394:
0395: context.put("realm", realm);
0396:
0397: // get all roles
0398: List allRoles = new Vector();
0399: allRoles.addAll(realm.getRoles());
0400: Collections.sort(allRoles);
0401: context.put("allRoles", allRoles);
0402:
0403: return "_edit_user";
0404:
0405: } // buildNewUserContext
0406:
0407: /**
0408: * Build the context for the edit user grant mode.
0409: */
0410: private String buildEditUserContext(SessionState state,
0411: Context context) {
0412: // name the html form for user edit fields
0413: context.put("form-name", "user-form");
0414:
0415: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0416: User user = (User) state.getAttribute("user");
0417:
0418: context.put("realm", realm);
0419: context.put("user", user);
0420:
0421: // get this user's role - only if not provided
0422: Member grant = realm.getMember(user.getId());
0423: if ((grant != null) && (!grant.isProvided())
0424: && (grant.getRole() != null)) {
0425: context.put("roles", grant.getRole());
0426: }
0427:
0428: // get all roles
0429: List allRoles = new Vector();
0430: allRoles.addAll(realm.getRoles());
0431: Collections.sort(allRoles);
0432: context.put("allRoles", allRoles);
0433:
0434: // build the menu
0435: Menu bar = new MenuImpl();
0436: bar.add(new MenuEntry(rb.getString("realm.removeall"), null,
0437: true, MenuItem.CHECKED_NA, "doRemove_user"));
0438: context.put(Menu.CONTEXT_MENU, bar);
0439:
0440: return "_edit_user";
0441:
0442: } // buildEditUserContext
0443:
0444: /**
0445: * Build the context for the save-as mode.
0446: */
0447: private String buildSaveasContext(SessionState state,
0448: Context context) {
0449: // get the realm being edited
0450: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0451: context.put("realm", realm);
0452:
0453: return "_saveas";
0454:
0455: } // buildSaveasContext
0456:
0457: /**
0458: * Handle a request to save-as the realm as a new realm.
0459: */
0460: public void doSaveas(RunData data, Context context) {
0461: SessionState state = ((JetspeedRunData) data)
0462: .getPortletSessionState(((JetspeedRunData) data)
0463: .getJs_peid());
0464:
0465: // read the form
0466: String id = data.getParameters().getString("id");
0467:
0468: // get the realm to copy from
0469: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0470:
0471: try {
0472: // make a new site with this id and as a structural copy of site
0473: AuthzGroup newRealm = AuthzGroupService.addAuthzGroup(id,
0474: realm, UserDirectoryService.getCurrentUser()
0475: .getId());
0476: } catch (GroupAlreadyDefinedException e) {
0477: addAlert(state, rb.getString("realm.iduse"));
0478: return;
0479: } catch (GroupIdInvalidException e) {
0480: addAlert(state, rb.getString("realm.idinvalid"));
0481: return;
0482: } catch (AuthzPermissionException e) {
0483: addAlert(state, rb.getString("realm.notpermis"));
0484: return;
0485: }
0486:
0487: doCancel(data, context);
0488:
0489: // TODO: hard coding this frame id is fragile, portal dependent, and needs to be fixed -ggolden
0490: schedulePeerFrameRefresh("sitenav");
0491:
0492: } // doSaveas
0493:
0494: /**
0495: * cancel the saveas request, return to edit
0496: */
0497: public void doCancel_saveas(RunData data, Context context) {
0498: SessionState state = ((JetspeedRunData) data)
0499: .getPortletSessionState(((JetspeedRunData) data)
0500: .getJs_peid());
0501:
0502: // return to main mode
0503: state.setAttribute("mode", "edit");
0504:
0505: } // doCancel_saveas
0506:
0507: /**
0508: * Go into saveas mode
0509: */
0510: public void doSaveas_request(RunData data, Context context) {
0511: SessionState state = ((JetspeedRunData) data)
0512: .getPortletSessionState(((JetspeedRunData) data)
0513: .getJs_peid());
0514:
0515: // read the form - if rejected, leave things as they are
0516: if (!readRealmForm(data, state))
0517: return;
0518:
0519: // go to saveas mode
0520: state.setAttribute("mode", "saveas");
0521:
0522: } // doSaveas_request
0523:
0524: /**
0525: * Handle a request for a new realm.
0526: */
0527: public void doNew(RunData data, Context context) {
0528: SessionState state = ((JetspeedRunData) data)
0529: .getPortletSessionState(((JetspeedRunData) data)
0530: .getJs_peid());
0531: state.setAttribute("mode", "new");
0532:
0533: // mark the realm as new, so on cancel it can be deleted
0534: state.setAttribute("new", "true");
0535:
0536: // disable auto-updates while in view mode
0537: disableObservers(state);
0538:
0539: } // doNew
0540:
0541: /**
0542: * Handle a request to edit a realm.
0543: */
0544: public void doEdit(RunData data, Context context) {
0545: SessionState state = ((JetspeedRunData) data)
0546: .getPortletSessionState(((JetspeedRunData) data)
0547: .getJs_peid());
0548: String id = data.getParameters().getString("id");
0549:
0550: // get the realm
0551: try {
0552: AuthzGroup realm = AuthzGroupService.getAuthzGroup(id);
0553: state.setAttribute("realm", realm);
0554:
0555: state.setAttribute("mode", "edit");
0556:
0557: // disable auto-updates while in view mode
0558: disableObservers(state);
0559: } catch (GroupNotDefinedException e) {
0560: Log.warn("chef", "RealmsAction.doEdit: realm not found: "
0561: + id);
0562:
0563: addAlert(state, rb.getString("realm.realm") + " " + id
0564: + " " + rb.getString("realm.notfound"));
0565: state.removeAttribute("mode");
0566:
0567: // make sure auto-updates are enabled
0568: enableObserver(state);
0569: }
0570: // catch (AuthzPermissionException e)
0571: // {
0572: // addAlert(state, rb.getString("realm.notpermis1") + " " + id);
0573: // state.removeAttribute("mode");
0574: //
0575: // // make sure auto-updates are enabled
0576: // enableObserver(state);
0577: // }
0578:
0579: } // doEdit
0580:
0581: /**
0582: * Handle a request to save the realm edit (from the realm edit form).
0583: */
0584: public void doSave(RunData data, Context context) {
0585: SessionState state = ((JetspeedRunData) data)
0586: .getPortletSessionState(((JetspeedRunData) data)
0587: .getJs_peid());
0588:
0589: // read the form - if rejected, leave things as they are
0590: if (!readRealmForm(data, state))
0591: return;
0592:
0593: doSave_edit(data, context);
0594:
0595: } // doSave
0596:
0597: /**
0598: * Handle a request to save the edit from either page or tools list mode - no form to read in.
0599: */
0600: public void doSave_edit(RunData data, Context context) {
0601: SessionState state = ((JetspeedRunData) data)
0602: .getPortletSessionState(((JetspeedRunData) data)
0603: .getJs_peid());
0604:
0605: // commit the change
0606: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0607: if (realm != null) {
0608: try {
0609: AuthzGroupService.save(realm);
0610: } catch (GroupNotDefinedException e) {
0611: // TODO: GroupNotDefinedException
0612: } catch (AuthzPermissionException e) {
0613: // TODO: AuthzPermissionException
0614: }
0615: }
0616:
0617: // cleanup
0618: cleanState(state);
0619:
0620: // return to main mode
0621: state.removeAttribute("mode");
0622:
0623: // make sure auto-updates are enabled
0624: enableObserver(state);
0625:
0626: // TODO: hard coding this frame id is fragile, portal dependent, and needs to be fixed -ggolden
0627: schedulePeerFrameRefresh("sitenav");
0628:
0629: } // doSave_edit
0630:
0631: /**
0632: * doCancel called when "eventSubmit_doCancel" is in the request parameters to cancel realm edits
0633: */
0634: public void doCancel(RunData data, Context context) {
0635: SessionState state = ((JetspeedRunData) data)
0636: .getPortletSessionState(((JetspeedRunData) data)
0637: .getJs_peid());
0638:
0639: // get the realm
0640: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0641: if (realm != null) {
0642: // if this was a new, delete the realm
0643: if ("true".equals(state.getAttribute("new"))) {
0644: // remove the realm
0645: try {
0646: AuthzGroupService.removeAuthzGroup(realm);
0647: } catch (AuthzPermissionException e) {
0648: addAlert(state, rb.getString("realm.notpermis2")
0649: + " " + realm.getId());
0650: }
0651: }
0652: }
0653:
0654: // cleanup
0655: cleanState(state);
0656:
0657: // return to main mode
0658: state.removeAttribute("mode");
0659:
0660: // make sure auto-updates are enabled
0661: enableObserver(state);
0662:
0663: } // doCancel
0664:
0665: /**
0666: * doRemove called when "eventSubmit_doRemove" is in the request parameters to confirm removal of the realm
0667: */
0668: public void doRemove(RunData data, Context context) {
0669: SessionState state = ((JetspeedRunData) data)
0670: .getPortletSessionState(((JetspeedRunData) data)
0671: .getJs_peid());
0672:
0673: // read the form - if rejected, leave things as they are
0674: if (!readRealmForm(data, state))
0675: return;
0676:
0677: // go to remove confirm mode
0678: state.setAttribute("mode", "confirm");
0679:
0680: // disable auto-updates while in view mode
0681: disableObservers(state);
0682:
0683: } // doRemove
0684:
0685: /**
0686: * doRemove_confirmed called when "eventSubmit_doRemove_confirmed" is in the request parameters to remove the realm
0687: */
0688: public void doRemove_confirmed(RunData data, Context context) {
0689: SessionState state = ((JetspeedRunData) data)
0690: .getPortletSessionState(((JetspeedRunData) data)
0691: .getJs_peid());
0692:
0693: // get the realm
0694: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0695:
0696: // remove the realm
0697: try {
0698: AuthzGroupService.removeAuthzGroup(realm);
0699: } catch (AuthzPermissionException e) {
0700: addAlert(state, rb.getString("realm.notpermis2") + " "
0701: + realm.getId());
0702: }
0703:
0704: // cleanup
0705: cleanState(state);
0706:
0707: // go to main mode
0708: state.removeAttribute("mode");
0709:
0710: // make sure auto-updates are enabled
0711: enableObserver(state);
0712:
0713: } // doRemove_confirmed
0714:
0715: /**
0716: * doCancel_remove called when "eventSubmit_doCancel_remove" is in the request parameters to cancel realm removal
0717: */
0718: public void doCancel_remove(RunData data, Context context) {
0719: SessionState state = ((JetspeedRunData) data)
0720: .getPortletSessionState(((JetspeedRunData) data)
0721: .getJs_peid());
0722:
0723: // return to edit mode
0724: state.setAttribute("mode", "edit");
0725:
0726: } // doCancel_remove
0727:
0728: /**
0729: * Read the realm form and update the realm in state.
0730: *
0731: * @return true if the form is accepted, false if there's a validation error (an alertMessage will be set)
0732: */
0733: private boolean readRealmForm(RunData data, SessionState state) {
0734: // read the form
0735: String id = data.getParameters().getString("id");
0736: String provider = data.getParameters().getString("provider");
0737: String maintain = data.getParameters().getString("maintain");
0738:
0739: // get the realm
0740: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0741:
0742: // add if needed
0743: if (realm == null) {
0744: try {
0745: realm = AuthzGroupService.addAuthzGroup(id);
0746:
0747: // put the realm in the state
0748: state.setAttribute("realm", realm);
0749: } catch (GroupAlreadyDefinedException e) {
0750: addAlert(state, rb.getString("realm.iduse"));
0751: return false;
0752: } catch (GroupIdInvalidException e) {
0753: addAlert(state, rb.getString("realm.idinvalid"));
0754: return false;
0755: } catch (AuthzPermissionException e) {
0756: addAlert(state, rb.getString("realm.notpermis3"));
0757: return false;
0758: }
0759: }
0760:
0761: // update
0762: if (realm != null) {
0763: realm.setProviderGroupId(provider);
0764: realm.setMaintainRole(maintain);
0765: }
0766:
0767: return true;
0768:
0769: } // readRealmForm
0770:
0771: /**
0772: * Handle a request to create a new role in the realm edit.
0773: */
0774: public void doNew_role(RunData data, Context context) {
0775: SessionState state = ((JetspeedRunData) data)
0776: .getPortletSessionState(((JetspeedRunData) data)
0777: .getJs_peid());
0778: state.setAttribute("mode", "newRole");
0779:
0780: // read the form - if rejected, leave things as they are
0781: if (!readRealmForm(data, state))
0782: return;
0783:
0784: // mark the realm as new, so on cancel it can be deleted
0785: state.setAttribute("newRole", "true");
0786:
0787: } // doNew_role
0788:
0789: /**
0790: * Edit an existing page.
0791: */
0792: public void doEdit_role(RunData data, Context context) {
0793: SessionState state = ((JetspeedRunData) data)
0794: .getPortletSessionState(((JetspeedRunData) data)
0795: .getJs_peid());
0796:
0797: // read the form - if rejected, leave things as they are
0798: if (!readRealmForm(data, state))
0799: return;
0800:
0801: state.setAttribute("mode", "editRole");
0802:
0803: String id = data.getParameters().getString("target");
0804:
0805: // get the role
0806: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0807: Role role = realm.getRole(id);
0808: state.setAttribute("role", role);
0809:
0810: } // doEdit_role
0811:
0812: /**
0813: * Handle a request to remove the role being edited.
0814: */
0815: public void doRemove_role(RunData data, Context context) {
0816: SessionState state = ((JetspeedRunData) data)
0817: .getPortletSessionState(((JetspeedRunData) data)
0818: .getJs_peid());
0819:
0820: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0821: Role role = (Role) state.getAttribute("role");
0822:
0823: // remove the role (no confirm)
0824: realm.removeRole(role.getId());
0825:
0826: // done with the role
0827: state.removeAttribute("role");
0828:
0829: // return to edit mode
0830: state.setAttribute("mode", "edit");
0831:
0832: } // doRemove_role
0833:
0834: /**
0835: * Handle a request to remove the role being edited.
0836: */
0837: public void doSaveas_role(RunData data, Context context) {
0838: SessionState state = ((JetspeedRunData) data)
0839: .getPortletSessionState(((JetspeedRunData) data)
0840: .getJs_peid());
0841:
0842: // read the form - if rejected, leave things as they are
0843: if (!readRoleForm(data, state))
0844: return;
0845:
0846: // go to saveas_role mode
0847: state.setAttribute("mode", "saveasRole");
0848:
0849: } // doSaveas_role
0850:
0851: /**
0852: * Handle a request to saveas with this name.
0853: */
0854: public void doSave_role_as(RunData data, Context context) {
0855: SessionState state = ((JetspeedRunData) data)
0856: .getPortletSessionState(((JetspeedRunData) data)
0857: .getJs_peid());
0858:
0859: // read the form
0860: if (!readRoleSaveAsForm(data, state))
0861: return;
0862:
0863: // cleanup
0864: state.removeAttribute("role");
0865:
0866: // go back to edit mode
0867: state.setAttribute("mode", "edit");
0868:
0869: } // doSave_role_as
0870:
0871: /**
0872: * Handle a request to cancel role saveas.
0873: */
0874: public void doCancel_role_saveas(RunData data, Context context) {
0875: SessionState state = ((JetspeedRunData) data)
0876: .getPortletSessionState(((JetspeedRunData) data)
0877: .getJs_peid());
0878:
0879: // cleanup
0880: state.removeAttribute("role");
0881:
0882: // go back to edit mode
0883: state.setAttribute("mode", "edit");
0884:
0885: } // doCancel_role_saveas
0886:
0887: /**
0888: * Handle a request to save the realm edit (from the role edit form).
0889: */
0890: public void doSave_role(RunData data, Context context) {
0891: SessionState state = ((JetspeedRunData) data)
0892: .getPortletSessionState(((JetspeedRunData) data)
0893: .getJs_peid());
0894:
0895: // read the form - if rejected, leave things as they are
0896: if (!readRoleForm(data, state))
0897: return;
0898:
0899: doSave_edit(data, context);
0900:
0901: } // doSave_role
0902:
0903: /**
0904: * Handle a request to be done role editing - return to the edit mode.
0905: */
0906: public void doDone_role(RunData data, Context context) {
0907: SessionState state = ((JetspeedRunData) data)
0908: .getPortletSessionState(((JetspeedRunData) data)
0909: .getJs_peid());
0910:
0911: // read the form - if rejected, leave things as they are
0912: if (!readRoleForm(data, state))
0913: return;
0914:
0915: // cleanup
0916: state.removeAttribute("role");
0917:
0918: // go back to edit mode
0919: state.setAttribute("mode", "edit");
0920:
0921: } // doDone_role
0922:
0923: /**
0924: * Read the user form and update the realm in state.
0925: *
0926: * @return true if the form is accepted, false if there's a validation error (an alertMessage will be set)
0927: */
0928: private boolean readRoleForm(RunData data, SessionState state) {
0929: // get the realm
0930: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0931:
0932: // get the locks
0933: String[] locks = data.getParameters().getStrings("locks");
0934:
0935: // we are setting for either a new role or this role
0936: Role role = (Role) state.getAttribute("role");
0937: if (role == null) {
0938: // read the form
0939: String id = StringUtil.trimToNull(data.getParameters()
0940: .getString("id"));
0941:
0942: // if the field is missing, and there are no locks, just be done with no change
0943: if ((id == null) && (locks == null))
0944: return true;
0945:
0946: if (id == null) {
0947: addAlert(state, rb.getString("realm.please"));
0948: return false;
0949: // TODO: would be nice to read the locks, and restore them when the form returns -ggolden
0950: }
0951:
0952: // create the role
0953: try {
0954: role = realm.addRole(id);
0955: } catch (RoleAlreadyDefinedException e) {
0956: addAlert(state, rb.getString("realm.arole") + id
0957: + rb.getString("realm.defined"));
0958: return false;
0959: // TODO: would be nice to read the locks, and restore them when the form returns -ggolden
0960: }
0961: }
0962:
0963: // clear out the role
0964: role.disallowAll();
0965:
0966: // description
0967: role.setDescription(StringUtil.trimToNull(data.getParameters()
0968: .getString("description")));
0969:
0970: // providerOnly
0971: String providerOnlyString = (StringUtil.trimToNull(data
0972: .getParameters().getString("providerOnly")));
0973: role.setProviderOnly("true".equals(providerOnlyString));
0974:
0975: // for each lock set, give it to the role
0976: if (locks != null) {
0977: for (int i = 0; i < locks.length; i++) {
0978: role.allowFunction(locks[i]);
0979: }
0980: }
0981:
0982: return true;
0983:
0984: } // readRoleForm
0985:
0986: /**
0987: * Read the role save as form and make the new role in the realm in edit.
0988: *
0989: * @return true if the form is accepted, false if there's a validation error (an alertMessage will be set)
0990: */
0991: private boolean readRoleSaveAsForm(RunData data, SessionState state) {
0992: // get the realm
0993: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
0994:
0995: // we will copy this role
0996: Role role = (Role) state.getAttribute("role");
0997:
0998: // read the form
0999: String id = StringUtil.trimToNull(data.getParameters()
1000: .getString("id"));
1001:
1002: if (id == null) {
1003: addAlert(state, rb.getString("realm.please"));
1004: return false;
1005: }
1006:
1007: // create the role
1008: try {
1009: Role newRole = realm.addRole(id, role);
1010: } catch (RoleAlreadyDefinedException e) {
1011: addAlert(state, rb.getString("realm.arole") + id
1012: + rb.getString("realm.defined"));
1013: return false;
1014: }
1015:
1016: return true;
1017:
1018: } // readRoleSaveAsForm
1019:
1020: /**
1021: * create a new user ability grant in the realm edit.
1022: */
1023: public void doNew_user(RunData data, Context context) {
1024: SessionState state = ((JetspeedRunData) data)
1025: .getPortletSessionState(((JetspeedRunData) data)
1026: .getJs_peid());
1027:
1028: // read the form - if rejected, leave things as they are
1029: if (!readRealmForm(data, state))
1030: return;
1031:
1032: state.setAttribute("mode", "newUser");
1033:
1034: // mark the realm as new, so on cancel it can be deleted
1035: state.setAttribute("newUser", "true");
1036:
1037: } // doNew_user
1038:
1039: /**
1040: * Edit an existing user ability grant.
1041: */
1042: public void doEdit_user(RunData data, Context context) {
1043: SessionState state = ((JetspeedRunData) data)
1044: .getPortletSessionState(((JetspeedRunData) data)
1045: .getJs_peid());
1046:
1047: // read the form - if rejected, leave things as they are
1048: if (!readRealmForm(data, state))
1049: return;
1050:
1051: String id = data.getParameters().getString("target");
1052: try {
1053: User user = UserDirectoryService.getUser(id);
1054: state.setAttribute("user", user);
1055: state.setAttribute("mode", "editUser");
1056: } catch (UserNotDefinedException e) {
1057: Log.warn("chef", this + "doEdit_user(): user not found: "
1058: + id);
1059: state.setAttribute("message",
1060: "internal error: user not found.");
1061: }
1062:
1063: } // doEdit_user
1064:
1065: /**
1066: * Handle a request to remove all grants to the user.
1067: */
1068: public void doRemove_user(RunData data, Context context) {
1069: SessionState state = ((JetspeedRunData) data)
1070: .getPortletSessionState(((JetspeedRunData) data)
1071: .getJs_peid());
1072:
1073: // the user we are editing
1074: User user = (User) state.getAttribute("user");
1075:
1076: // get the realm
1077: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
1078:
1079: // clear out this user's settings
1080: realm.removeMember(user.getId());
1081:
1082: // done with the user
1083: state.removeAttribute("user");
1084:
1085: // return to edit mode
1086: state.setAttribute("mode", "edit");
1087:
1088: } // doRemove_user
1089:
1090: /**
1091: * Handle a request to save the realm edit (from the user edit form).
1092: */
1093: public void doSave_user(RunData data, Context context) {
1094: SessionState state = ((JetspeedRunData) data)
1095: .getPortletSessionState(((JetspeedRunData) data)
1096: .getJs_peid());
1097:
1098: // read the form - if rejected, leave things as they are
1099: if (!readUserForm(data, state))
1100: return;
1101:
1102: doSave_edit(data, context);
1103:
1104: } // doSave_user
1105:
1106: /**
1107: * Handle a request to be done user editing - return to the edit mode.
1108: */
1109: public void doDone_user(RunData data, Context context) {
1110: SessionState state = ((JetspeedRunData) data)
1111: .getPortletSessionState(((JetspeedRunData) data)
1112: .getJs_peid());
1113:
1114: // read the form - if rejected, leave things as they are
1115: if (!readUserForm(data, state))
1116: return;
1117:
1118: // cleanup
1119: state.removeAttribute("user");
1120:
1121: // go back to edit mode
1122: state.setAttribute("mode", "edit");
1123:
1124: } // doDone_user
1125:
1126: /**
1127: * Read the user form and update the realm in state.
1128: *
1129: * @return true if the form is accepted, false if there's a validation error (an alertMessage will be set)
1130: */
1131: private boolean readUserForm(RunData data, SessionState state) {
1132: // get the role
1133: String roles = StringUtil.trimToNull(data.getParameters()
1134: .getString("roles"));
1135:
1136: // we are setting for either a new user or this user
1137: User user = (User) state.getAttribute("user");
1138: if (user == null) {
1139: // read the form
1140: String eid = StringUtil.trimToNull(data.getParameters()
1141: .getString("eid"));
1142:
1143: // if the field is missing, and there are no roles, just be done with no change
1144: if ((eid == null) && (roles == null))
1145: return true;
1146:
1147: try {
1148: user = UserDirectoryService.getUserByEid(eid);
1149: } catch (UserNotDefinedException e) {
1150: addAlert(state, rb.getString("realm.user"));
1151: return false;
1152: // TODO: would be nice to read the roles, and restore them when the form returns -ggolden
1153: }
1154: }
1155:
1156: // get the realm
1157: AuthzGroup realm = (AuthzGroup) state.getAttribute("realm");
1158:
1159: // if the user is set to have the same role the user already has, do nothing
1160: Member grant = realm.getMember(user.getId());
1161:
1162: // if no change, change nothing
1163: if ((roles == null)
1164: && ((grant == null) || (grant.isProvided())))
1165: return true;
1166: if ((roles != null) && (grant != null)
1167: && (grant.getRole().getId().equals(roles))
1168: && !grant.isProvided())
1169: return true;
1170:
1171: // clear out this user's settings
1172: realm.removeMember(user.getId());
1173:
1174: // if there's a role, give it
1175: if (roles != null) {
1176: // TODO: active, provided
1177: realm.addMember(user.getId(), roles, true, false);
1178: }
1179:
1180: return true;
1181:
1182: } // readUserForm
1183:
1184: /**
1185: * Clean up all possible state value when done an edit.
1186: */
1187: private void cleanState(SessionState state) {
1188: state.removeAttribute("realm");
1189: state.removeAttribute("role");
1190: state.removeAttribute("user");
1191: state.removeAttribute("new");
1192: state.removeAttribute("newRole");
1193: state.removeAttribute("newUser");
1194: state.removeAttribute("allRoles");
1195: state.removeAttribute("allLocks");
1196: state.removeAttribute("roles");
1197: state.removeAttribute("locks");
1198:
1199: } // cleanState
1200:
1201: } // RealmsAction
|