001: /*
002: * Copyright (c) JForum Team
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms,
006: * with or without modification, are permitted provided
007: * that the following conditions are met:
008: *
009: * 1) Redistributions of source code must retain the above
010: * copyright notice, this list of conditions and the
011: * following disclaimer.
012: * 2) Redistributions in binary form must reproduce the
013: * above copyright notice, this list of conditions and
014: * the following disclaimer in the documentation and/or
015: * other materials provided with the distribution.
016: * 3) Neither the name of "Rafael Steil" nor
017: * the names of its contributors may be used to endorse
018: * or promote products derived from this software without
019: * specific prior written permission.
020: *
021: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
022: * HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
023: * EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
024: * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
025: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR
026: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
027: * THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
028: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
029: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES
030: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
031: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
032: * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
033: * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
034: * IN CONTRACT, STRICT LIABILITY, OR TORT
035: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
036: * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
037: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
038: *
039: * This file creation date: 19/03/2004 - 18:45:54
040: * The JForum Project
041: * http://www.jforum.net
042: */
043: package net.jforum.dao.generic.security;
044:
045: import java.sql.PreparedStatement;
046: import java.sql.ResultSet;
047: import java.sql.SQLException;
048: import java.sql.Statement;
049: import java.util.Iterator;
050:
051: import net.jforum.JForumExecutionContext;
052: import net.jforum.exceptions.DatabaseException;
053: import net.jforum.security.PermissionControl;
054: import net.jforum.security.Role;
055: import net.jforum.security.RoleCollection;
056: import net.jforum.security.RoleValue;
057: import net.jforum.security.RoleValueCollection;
058: import net.jforum.util.DbUtils;
059: import net.jforum.util.preferences.SystemGlobals;
060:
061: import org.apache.commons.lang.StringUtils;
062:
063: /**
064: * @author Rafael Steil
065: * @version $Id: SecurityCommon.java,v 1.13 2007/08/16 13:07:34 rafaelsteil Exp $
066: */
067: public class SecurityCommon {
068: /**
069: * Execute the <i>add role</i> thing. As the SQL statement to insert user and group roles are
070: * diferent, they cannot be manipuled with a 'generic' statement, and is for this reason that
071: * <code>addRole</code> method is marked abstract. <br>
072: * The only job the <code>addRole</code> method should do is to get the correct SQL statement
073: * for each case - user or group - and the repass it to this method, who then do the job for us.
074: *
075: * @param sql The SQL statement to be executed.
076: * @param id The ID do insert. May be user's or group's id, depending of the situation ( the caller )
077: * @param role The role name to insert
078: * @param roleValues A <code>RoleValueCollection</code> collection containing the role values to
079: * insert. If none is wanted, just pass null as argument.
080: * @param supportAutoGeneratedKeys Set to <code>true</code> if <i>Statement.RETURN_GENERATED_KEYS</i> is supported
081: * by the Driver, or <code>false</code> if not.
082: * @param autoKeysQuery String
083: */
084: public static void executeAddRole(String sql, int id, Role role,
085: RoleValueCollection roleValues,
086: boolean supportAutoGeneratedKeys, String autoKeysQuery) {
087: PreparedStatement p = null;
088: ResultSet rs = null;
089:
090: try {
091: if (supportAutoGeneratedKeys) {
092: p = JForumExecutionContext.getConnection()
093: .prepareStatement(sql,
094: Statement.RETURN_GENERATED_KEYS);
095: } else {
096: p = JForumExecutionContext.getConnection()
097: .prepareStatement(sql);
098: }
099:
100: p.setInt(1, id);
101: p.setString(2, role.getName());
102:
103: p.executeUpdate();
104:
105: if (roleValues != null) {
106: int roleId = -1;
107:
108: if (supportAutoGeneratedKeys) {
109: rs = p.getGeneratedKeys();
110: rs.next();
111: roleId = rs.getInt(1);
112: } else {
113: p = JForumExecutionContext.getConnection()
114: .prepareStatement(autoKeysQuery);
115: rs = p.executeQuery();
116: if (rs.next()) {
117: roleId = rs.getInt(1);
118: }
119: }
120: rs.close();
121: rs = null;
122: p.close();
123: p = null;
124:
125: if (roleId == -1) {
126: throw new SQLException(
127: "Could not obtain the latest role id");
128: }
129:
130: p = JForumExecutionContext
131: .getConnection()
132: .prepareStatement(
133: SystemGlobals
134: .getSql("PermissionControl.addRoleValues"));
135:
136: for (Iterator iter = roleValues.iterator(); iter
137: .hasNext();) {
138: RoleValue rv = (RoleValue) iter.next();
139:
140: p.setInt(1, roleId);
141: p.setString(2, rv.getValue());
142:
143: p.executeUpdate();
144: }
145: }
146: } catch (SQLException e) {
147: throw new DatabaseException(e);
148: } finally {
149: DbUtils.close(rs, p);
150: }
151: }
152:
153: /**
154: * See {@link PermissionControl#executeAddRole(String, int, String, RoleValueCollection)} for
155: * explanation about this method. The working way is the same.
156: *
157: * @param rs The ResultSet containing the data to be fetched. This method does not
158: * free the resultset after it finished using it, so it's responsability of the
159: * caller to do such task.
160: * @return A <code>RoleCollection</code> collection with the roles processed.
161: */
162: public static RoleCollection loadRoles(ResultSet rs) {
163: RoleCollection rc = new RoleCollection();
164:
165: try {
166: Role r = null;
167: String lastName = null;
168:
169: while (rs.next()) {
170: String currentName = rs.getString("name");
171:
172: if (!currentName.equals(lastName)) {
173: if (r != null) {
174: rc.add(r);
175: }
176:
177: r = new Role();
178: r.setName(rs.getString("name"));
179:
180: lastName = currentName;
181: }
182:
183: String roleValue = rs.getString("role_value");
184:
185: if (!rs.wasNull() && StringUtils.isNotBlank(roleValue)) {
186: r.getValues().add(new RoleValue(roleValue));
187: }
188: }
189:
190: if (r != null) {
191: rc.add(r);
192: }
193:
194: return rc;
195: } catch (SQLException e) {
196: throw new DatabaseException(e);
197: }
198: }
199:
200: public static String groupIdAsString(int[] ids) {
201: StringBuffer sb = new StringBuffer();
202:
203: for (int i = 0; i < ids.length - 1; i++) {
204: sb.append(ids[i]).append(',');
205: }
206:
207: if (ids.length > 0) {
208: sb.append(ids[ids.length - 1]);
209: }
210:
211: return sb.toString();
212: }
213: }
|