001: /*
002: * Copyright (c) JForum Team
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms,
006: * with or without modification, are permitted provided
007: * that the following conditions are met:
008: *
009: * 1) Redistributions of source code must retain the above
010: * copyright notice, this list of conditions and the
011: * following disclaimer.
012: * 2) Redistributions in binary form must reproduce the
013: * above copyright notice, this list of conditions and
014: * the following disclaimer in the documentation and/or
015: * other materials provided with the distribution.
016: * 3) Neither the name of "Rafael Steil" nor
017: * the names of its contributors may be used to endorse
018: * or promote products derived from this software without
019: * specific prior written permission.
020: *
021: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
022: * HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
023: * EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
024: * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
025: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR
026: * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
027: * THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
028: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
029: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES
030: * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
031: * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
032: * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
033: * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
034: * IN CONTRACT, STRICT LIABILITY, OR TORT
035: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
036: * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
037: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
038: *
039: * This file creation date: 21/09/2003 / 16:36:44
040: * The JForum Project
041: * http://www.jforum.net
042: */
043: package net.jforum.security;
044:
045: import java.io.File;
046: import java.sql.PreparedStatement;
047: import java.sql.ResultSet;
048: import java.util.ArrayList;
049: import java.util.HashMap;
050: import java.util.Iterator;
051: import java.util.List;
052: import java.util.Map;
053:
054: import javax.xml.parsers.SAXParser;
055: import javax.xml.parsers.SAXParserFactory;
056:
057: import net.jforum.JForumExecutionContext;
058: import net.jforum.exceptions.DatabaseException;
059: import net.jforum.exceptions.ForumException;
060: import net.jforum.util.DbUtils;
061: import net.jforum.util.FormSelectedData;
062: import net.jforum.util.I18n;
063: import net.jforum.util.preferences.SystemGlobals;
064:
065: import org.xml.sax.Attributes;
066: import org.xml.sax.InputSource;
067: import org.xml.sax.SAXException;
068: import org.xml.sax.SAXParseException;
069: import org.xml.sax.helpers.DefaultHandler;
070:
071: /**
072: * Manipulates XML permission control file definition
073: *
074: * @author Rafael Steil
075: * @version $Id: XMLPermissionControl.java,v 1.18 2007/09/21 03:47:41 rafaelsteil Exp $
076: */
077: public class XMLPermissionControl extends DefaultHandler {
078: private PermissionSection section;
079: private PermissionControl pc;
080: private List listSections;
081: private List permissionData;
082: private Map queries;
083: private String permissionName;
084: private String permissionId;
085: private String permissionType;
086:
087: private boolean alreadySelected;
088:
089: private static class SelectData {
090: private int id;
091: private String name;
092:
093: public SelectData(int id, String name) {
094: this .id = id;
095: this .name = name;
096: }
097:
098: public int getId() {
099: return this .id;
100: }
101:
102: public String getName() {
103: return this .name;
104: }
105: }
106:
107: public XMLPermissionControl(PermissionControl pc) {
108: this .listSections = new ArrayList();
109: this .permissionData = new ArrayList();
110: this .queries = new HashMap();
111: this .pc = pc;
112: }
113:
114: /**
115: * @return <code>List</code> object containing <code>Section</code> objects. Each
116: * <code>Section</code> contains many <code>PermissionItem</code> objects,
117: * which represent the permission elements of some section. For its turn, the
118: * <code>PermissionItem</code> objects have many <code>FormSelectedData</code>
119: * objects, which are the ones responsible to store field values, and which values
120: * are checked and which not.
121: * @param xmlFile String
122: */
123: public List loadConfigurations(String xmlFile) {
124: try {
125: SAXParserFactory factory = SAXParserFactory.newInstance();
126: factory.setValidating(false);
127:
128: SAXParser parser = factory.newSAXParser();
129: File fileInput = new File(xmlFile);
130:
131: if (fileInput.exists()) {
132: parser.parse(fileInput, this );
133: } else {
134: InputSource inputSource = new InputSource(xmlFile);
135: parser.parse(inputSource, this );
136: }
137:
138: return this .listSections;
139: } catch (Exception e) {
140: throw new ForumException(e);
141: }
142: }
143:
144: /**
145: * @see org.xml.sax.ContentHandler#endElement(String, String, String)
146: */
147: public void endElement(String namespaceURI, String localName,
148: String tag) throws SAXException {
149: if (tag.equals("section")) {
150: this .listSections.add(this .section);
151: } else if (tag.equals("permission")) {
152: this .section.addPermission(new PermissionItem(
153: this .permissionName, this .permissionId,
154: this .permissionType, this .permissionData));
155:
156: this .permissionData = new ArrayList();
157: }
158: }
159:
160: /**
161: * @see org.xml.sax.ErrorHandler#error(SAXParseException)
162: */
163: public void error(SAXParseException exception) throws SAXException {
164: throw exception;
165: }
166:
167: /**
168: * @see org.xml.sax.ContentHandler#startElement(String, String, String, Attributes)
169: */
170: public void startElement(String namespaceURI, String localName,
171: String tag, Attributes atts) throws SAXException {
172: if (tag.equals("section")) {
173: String title = I18n.getMessage(atts.getValue("title"));
174: this .section = new PermissionSection(title, atts
175: .getValue("id"));
176: } else if (tag.equals("permission")) {
177: String title = I18n.getMessage(atts.getValue("title"));
178:
179: this .permissionName = title;
180: this .permissionId = atts.getValue("id");
181: this .permissionType = atts.getValue("type");
182: this .alreadySelected = false;
183: } else if (tag.equals("sql")) {
184: String refName = atts.getValue("refName");
185:
186: // If refName is present, then we have a template query
187: if (refName != null) {
188: ResultSet rs = null;
189: PreparedStatement p = null;
190:
191: try {
192: p = JForumExecutionContext.getConnection()
193: .prepareStatement(
194: SystemGlobals.getSql(atts
195: .getValue("queryName")));
196: rs = p.executeQuery();
197:
198: String valueField = atts.getValue("valueField");
199: String captionField = atts.getValue("captionField");
200:
201: List l = new ArrayList();
202:
203: while (rs.next()) {
204: l.add(new SelectData(rs.getInt(valueField), rs
205: .getString(captionField)));
206: }
207:
208: this .queries.put(refName, l);
209: } catch (Exception e) {
210: throw new DatabaseException(e);
211: } finally {
212: DbUtils.close(rs, p);
213: }
214: } else {
215: // If it gets here, then it should be a <sql ref="xxxx"> section
216: RoleValueCollection roleValues = new RoleValueCollection();
217: Role role = this .pc.getRole(this .permissionId);
218:
219: if (role != null) {
220: roleValues = role.getValues();
221: }
222:
223: List l = (List) this .queries.get(atts.getValue("ref"));
224:
225: for (Iterator iter = l.iterator(); iter.hasNext();) {
226: SelectData data = (SelectData) iter.next();
227:
228: String id = Integer.toString(data.getId());
229: RoleValue rv = roleValues.get(id);
230:
231: this .permissionData.add(new FormSelectedData(data
232: .getName(), id, rv == null));
233: }
234: }
235: } else if (tag.equals("option")) {
236: boolean selected = false;
237:
238: if (this .permissionType.equals("single")) {
239: if (this .pc.canAccess(this .permissionId)
240: && atts.getValue("value").equals("allow")
241: && !this .alreadySelected) {
242: selected = true;
243: this .alreadySelected = true;
244: }
245: } else {
246: throw new UnsupportedOperationException(
247: "'option' tag with 'multiple' attribute support not yet implemented");
248: }
249:
250: this .permissionData.add(new FormSelectedData(I18n
251: .getMessage(atts.getValue("description")), atts
252: .getValue("value"), selected));
253: }
254: }
255: }
|