Source Code Cross Referenced for ManageUser.java in  » Issue-Tracking » scarab-0.21 » org » tigris » scarab » actions » admin » Java Source Code / Java DocumentationJava Source Code and Java Documentation

001:        package org.tigris.scarab.actions.admin;
002:
003:        /* ================================================================
004:         * Copyright (c) 2000-2003 CollabNet.  All rights reserved.
005:         *
006:         * Redistribution and use in source and binary forms, with or without
007:         * modification, are permitted provided that the following conditions are
008:         * met:
009:         *
010:         * 1. Redistributions of source code must retain the above copyright
011:         * notice, this list of conditions and the following disclaimer.
012:         *
013:         * 2. Redistributions in binary form must reproduce the above copyright
014:         * notice, this list of conditions and the following disclaimer in the
015:         * documentation and/or other materials provided with the distribution.
016:         *
017:         * 3. The end-user documentation included with the redistribution, if
018:         * any, must include the following acknowlegement: "This product includes
019:         * software developed by CollabNet <http://www.collab.net/>."
020:         * Alternately, this acknowlegement may appear in the software itself, if
021:         * and wherever such third-party acknowlegements normally appear.
022:         *
023:         * 4. The hosted project names must not be used to endorse or promote
024:         * products derived from this software without prior written
025:         * permission. For written permission, please contact info@collab.net.
026:         *
027:         * 5. Products derived from this software may not use the "Tigris" or
028:         * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without
029:         * prior written permission of CollabNet.
030:         *
031:         * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032:         * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033:         * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034:         * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035:         * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036:         * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037:         * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038:         * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039:         * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040:         * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041:         * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042:         *
043:         * ====================================================================
044:         *
045:         * This software consists of voluntary contributions made by many
046:         * individuals on behalf of CollabNet.
047:         */
048:
049:        // JDK classes
050:        import java.io.Serializable;
051:        import java.util.Calendar;
052:        import java.util.List;
053:
054:        import org.apache.fulcrum.intake.model.Group;
055:        import org.apache.fulcrum.security.TurbineSecurity;
056:        import org.apache.fulcrum.security.entity.Role;
057:        import org.apache.fulcrum.security.entity.User;
058:        import org.apache.fulcrum.security.util.AccessControlList;
059:        import org.apache.turbine.RunData;
060:        import org.apache.turbine.TemplateContext;
061:        import org.apache.turbine.tool.IntakeTool;
062:        import org.tigris.scarab.actions.ForgotPassword;
063:        import org.tigris.scarab.actions.base.RequireLoginFirstAction;
064:        import org.tigris.scarab.om.Module;
065:        import org.tigris.scarab.om.ScarabUser;
066:        import org.tigris.scarab.om.ScarabUserImpl;
067:        import org.tigris.scarab.om.ScarabUserImplPeer;
068:        import org.tigris.scarab.om.ScarabUserManager;
069:        import org.tigris.scarab.tools.ScarabRequestTool;
070:        import org.tigris.scarab.tools.localization.L10NKeySet;
071:        import org.tigris.scarab.tools.localization.L10NMessage;
072:        import org.tigris.scarab.tools.localization.Localizable;
073:        import org.tigris.scarab.util.AnonymousUserUtil;
074:        import org.tigris.scarab.util.Log;
075:        import org.tigris.scarab.util.PasswordGenerator;
076:        import org.tigris.scarab.util.ScarabConstants;
077:
078:        /**
079:         * This class is responsible for dealing with the user management
080:         * Action(s).
081:         *
082:         * @author <a href="mailto:dr@bitonic.com">Douglas B. Robertson</a>
083:         * @author <a href="mailto:mpoeschl@martmot.at">Martin Poeschl</a>
084:         * @version $Id: ManageUser.java 10087 2006-05-02 13:58:26Z jorgeuriarte $
085:         */
086:        public class ManageUser extends RequireLoginFirstAction {
087:            /**
088:             * This manages clicking the Add User button
089:             */
090:            public void doAdduser(RunData data, TemplateContext context)
091:                    throws Exception {
092:                ScarabRequestTool scarabR = getScarabRequestTool(context);
093:                String template = getCurrentTemplate(data, null);
094:                String nextTemplate = getNextTemplate(data, template);
095:                ScarabUser su = null;
096:
097:                IntakeTool intake = getIntakeTool(context);
098:                if (intake.isAllValid()) {
099:                    Object user = data.getUser().getTemp(
100:                            ScarabConstants.SESSION_REGISTER);
101:                    Group register = null;
102:                    if (user != null && user instanceof  ScarabUser) {
103:                        register = intake.get("Register", ((ScarabUser) user)
104:                                .getQueryKey(), false);
105:                    } else {
106:                        register = intake.get("Register",
107:                                IntakeTool.DEFAULT_KEY, false);
108:                    }
109:
110:                    su = (ScarabUser) AnonymousUserUtil.getAnonymousUser();
111:                    su.setUserName(register.get("UserName").toString());
112:                    su.setFirstName(register.get("FirstName").toString());
113:                    su.setLastName(register.get("LastName").toString());
114:                    su.setEmail(register.get("Email").toString());
115:                    su.setPassword(register.get("Password").toString().trim());
116:
117:                    try {
118:                        if (ScarabUserImplPeer.checkExists(su)) {
119:                            su = ScarabUserManager.reactivateUserIfDeleted(su);
120:                            if (su == null) {
121:                                setTarget(data, template);
122:                                scarabR
123:                                        .setAlertMessage(L10NKeySet.UsernameExistsAlready);
124:                                data.getParameters().setString("errorLast",
125:                                        "true");
126:                                data.getParameters().setString("state",
127:                                        "showadduser");
128:                                return;
129:                            }
130:                        } else {
131:                            su.createNewUser();
132:                        }
133:
134:                        // if we got here, then all must be good...
135:
136:                        ScarabUserImpl.confirmUser(register.get("UserName")
137:                                .toString());
138:                        // force the user to change their password the first time they login
139:                        su.setPasswordExpire(Calendar.getInstance());
140:                        Localizable msg = new L10NMessage(
141:                                L10NKeySet.UserCreated, register
142:                                        .get("UserName").toString());
143:                        scarabR.setConfirmMessage(msg);
144:                        data.getParameters().setString("state", "showadduser");
145:                        data.getParameters().setString("lastAction",
146:                                "addeduser");
147:
148:                        setTarget(data, nextTemplate);
149:                        return;
150:                    } catch (Exception e) {
151:                        setTarget(data, template);
152:                        data.getParameters().setString("lastAction", "");
153:                        Localizable msg = new L10NMessage(
154:                                L10NKeySet.ExceptionGeneric, e);
155:                        scarabR.setAlertMessage(msg);
156:                        Log.get().error(e);
157:                        data.getParameters().setString("state", "showadduser");
158:                        return;
159:                    }
160:                } else {
161:                    data.getParameters().setString("state", "showadduser");
162:                    data.getParameters().setString("lastAction", "");
163:                }
164:            }
165:
166:            public void doEdituser(RunData data, TemplateContext context)
167:                    throws Exception {
168:                ScarabRequestTool scarabR = getScarabRequestTool(context);
169:                String template = getCurrentTemplate(data, null);
170:                String nextTemplate = getNextTemplate(data, template);
171:                ScarabUser su = null;
172:
173:                IntakeTool intake = getIntakeTool(context);
174:                if (intake.isAllValid()) {
175:                    Object user = data.getUser().getTemp(
176:                            ScarabConstants.SESSION_REGISTER);
177:                    Group register = null;
178:                    if (user != null && user instanceof  ScarabUser) {
179:                        register = intake.get("Register", ((ScarabUser) user)
180:                                .getQueryKey(), false);
181:                    } else {
182:                        register = intake.get("Register",
183:                                IntakeTool.DEFAULT_KEY, false);
184:                    }
185:
186:                    // if we got here, then all must be good...
187:
188:                    String username = data.getParameters()
189:                            .getString("username");
190:                    su = (ScarabUser) TurbineSecurity.getUser(username);
191:                    try {
192:                        if ((su != null) && (register != null)) {
193:                            // update the first name, last name, email
194:                            // Turbine's security service does not allow
195:                            // changing the username, this is considered the
196:                            // defining info of a particular user.  SCB197 is
197:                            // a request to make this information modifiable.
198:                            su.setFirstName(register.get("FirstName")
199:                                    .toString());
200:                            su.setLastName(register.get("LastName").toString());
201:                            su.setEmail(register.get("Email").toString());
202:                            su.setConfirmed(data.getParameters().getString(
203:                                    "accountStatus"));
204:                            ScarabUserManager.putInstance((ScarabUserImpl) su);
205:                            TurbineSecurity.saveUser(su);
206:
207:                            //
208:                            // Fix: SCB1065
209:                            // I think this fix really belongs in Turbine, but
210:                            // I'm not going to touch that code. So here's a 
211:                            // workaround.
212:                            //
213:                            User userInSession = data.getUser();
214:                            if (userInSession.getUserName().equals(username)) {
215:                                //
216:                                // The current user is trying to modify their
217:                                // own details. Update the user object in the
218:                                // session with the new values otherwise the
219:                                // old ones will be saved back to the database
220:                                // when the user logs out, or the session times
221:                                // out.
222:                                //
223:                                userInSession.setFirstName(su.getFirstName());
224:                                userInSession.setLastName(su.getLastName());
225:                                userInSession.setEmail(su.getEmail());
226:                                userInSession.setConfirmed(su.getConfirmed());
227:                            }
228:
229:                            String password;
230:                            String passwordConfirm;
231:
232:                            String generatePassword = data.getParameters()
233:                                    .getString("generate-password");
234:                            if (generatePassword != null
235:                                    && generatePassword.equalsIgnoreCase("on")) {
236:                                password = passwordConfirm = PasswordGenerator
237:                                        .generate();
238:                            } else {
239:                                password = register.get("NPassword").toString();
240:                                passwordConfirm = register.get(
241:                                        "NPasswordConfirm").toString();
242:                            }
243:
244:                            if (!password.equals("")) {
245:                                if (password.equals(passwordConfirm)) {
246:                                    TurbineSecurity.forcePassword(su, password);
247:                                    su
248:                                            .setPasswordExpire(Calendar
249:                                                    .getInstance());
250:                                    TurbineSecurity.saveUser(su);
251:                                    User me = data.getUser();
252:                                    try {
253:                                        data.setUser(su);
254:                                        ForgotPassword.sendNotificationEmail(
255:                                                context, su, password);
256:                                    } catch (Exception e) {
257:                                        Localizable msg = new L10NMessage(
258:                                                L10NKeySet.ExceptionEmailFailure,
259:                                                e);
260:                                        scarabR.setAlertMessage(msg);
261:                                    }
262:                                    data.setUser(me);
263:                                } else
264:                                /* !password.equals(passwordConfirm) */
265:                                {
266:                                    scarabR
267:                                            .setAlertMessage(L10NKeySet.PasswordsDoNotMatch);
268:                                    return;
269:                                }
270:                            }
271:
272:                            Localizable msg = new L10NMessage(
273:                                    L10NKeySet.UserChangesSaved, username);
274:                            scarabR.setConfirmMessage(msg);
275:                            data.getParameters().setString("state",
276:                                    "showedituser");
277:                            data.getParameters().setString("lastAction",
278:                                    "editeduser");
279:
280:                            setTarget(data, nextTemplate);
281:                            return;
282:                        } else {
283:                            Localizable msg = new L10NMessage(
284:                                    L10NKeySet.UserNotRetrieved, username);
285:                            scarabR.setAlertMessage(msg);
286:                            data.getParameters().setString("state",
287:                                    "showedituser");
288:                        }
289:                    } catch (Exception e) {
290:                        setTarget(data, template);
291:                        data.getParameters().setString("lastAction", "");
292:                        Localizable msg = new L10NMessage(
293:                                L10NKeySet.ExceptionGeneric, e);
294:                        scarabR.setAlertMessage(msg);
295:                        Log.get().error(e);
296:                        data.getParameters().setString("state", "showedituser");
297:                        return;
298:                    }
299:                } else {
300:                    data.getParameters().setString("state", "showedituser");
301:                    data.getParameters().setString("lastAction", "");
302:                }
303:            }
304:
305:            public void doDeleteuser(RunData data, TemplateContext context)
306:                    throws Exception {
307:                ScarabRequestTool scarabR = getScarabRequestTool(context);
308:                String template = getCurrentTemplate(data, null);
309:                String nextTemplate = getNextTemplate(data, template);
310:                User user = null;
311:                String username = data.getParameters().getString("username");
312:                User userInSession = data.getUser();
313:                if (userInSession.getUserName().equals(username)) {
314:                    scarabR.setAlertMessage(L10NKeySet.UserCanNotDeleteSelf);
315:                    return;
316:                }
317:                try {
318:
319:                    user = TurbineSecurity.getUser(username);
320:                    user.setConfirmed(ScarabUser.DELETED);
321:                    TurbineSecurity.saveUser(user);
322:                    List lista = (List) data.getUser().getTemp("userList");
323:                    if (lista != null)
324:                        lista.set(lista.indexOf(user), user);
325:
326:                    Localizable msg = new L10NMessage(L10NKeySet.UserDeleted,
327:                            username);
328:                    scarabR.setConfirmMessage(msg);
329:                    data.getParameters().setString("state", "showedituser");
330:                    data.getParameters().setString("lastAction", "editeduser");
331:
332:                    setTarget(data, nextTemplate);
333:                    return;
334:
335:                } catch (Exception e) {
336:                    setTarget(data, template);
337:                    data.getParameters().setString("lastAction", "");
338:                    Localizable msg = new L10NMessage(
339:                            L10NKeySet.ExceptionGeneric, e);
340:                    scarabR.setAlertMessage(msg);
341:                    Log.get().error(e);
342:                    data.getParameters().setString("state", "showedituser");
343:                    return;
344:                }
345:
346:            }
347:
348:            /**
349:             * This manages clicking the 'Update Roles' button
350:             */
351:            public void doRoles(RunData data, TemplateContext context)
352:                    throws Exception {
353:                String username = data.getParameters().getString("username");
354:                User user = TurbineSecurity.getUser(username);
355:
356:                AccessControlList acl = ((ScarabUser) user).getACL();
357:
358:                // Grab all the Groups and Roles in the system.
359:                org.apache.fulcrum.security.entity.Group[] groups = TurbineSecurity
360:                        .getAllGroups().getGroupsArray();
361:                Role[] roles = TurbineSecurity.getAllRoles().getRolesArray();
362:
363:                for (int i = 0; i < groups.length; i++) {
364:                    String groupName = groups[i].getName();
365:
366:                    for (int j = 0; j < roles.length; j++) {
367:                        String roleName = roles[j].getName();
368:                        String groupRole = groupName + roleName;
369:
370:                        String formGroupRole = data.getParameters().getString(
371:                                groupRole);
372:
373:                        if (formGroupRole != null
374:                                && !acl.hasRole(roles[j], groups[i])) {
375:                            TurbineSecurity.grant(user, groups[i], roles[j]);
376:                            // TODO: Needs to be refactored into the Users system?
377:                            ScarabUserManager.getMethodResult().remove(
378:                                    user.getUserName(),
379:                                    ScarabUserManager.HAS_ROLE_IN_MODULE,
380:                                    roles[j].getName(),
381:                                    ((Module) groups[i]).getModuleId());
382:
383:                        } else if (formGroupRole == null
384:                                && acl.hasRole(roles[j], groups[i])) {
385:                            TurbineSecurity.revoke(user, groups[i], roles[j]);
386:                            // TODO: Needs to be refactored into the Users system?
387:                            ScarabUserManager.getMethodResult().remove(
388:                                    user.getUserName(),
389:                                    ScarabUserManager.HAS_ROLE_IN_MODULE,
390:                                    roles[j].getName(),
391:                                    ((Module) groups[i]).getModuleId());
392:                        }
393:                    }
394:                }
395:                // TODO: Needs to be refactored into the Users system?
396:                ScarabUserManager.getMethodResult().remove(user.getUserName(),
397:                        ScarabUserManager.GET_ACL);
398:            }
399:
400:            // all the goto's (button redirects) are here
401:
402:            /**
403:             * 
404:             */
405:            public void doGotoedituser(RunData data, TemplateContext context)
406:                    throws Exception {
407:                String userName = data.getParameters().getString("username");
408:                if ((userName != null) && (userName.length() > 0)) {
409:                    data.getParameters().setString("state", "showedituser");
410:                    setTarget(data, "admin,EditUser.vm");
411:                } else {
412:                    getScarabRequestTool(context).setAlertMessage(
413:                            L10NKeySet.UserSelect);
414:                }
415:            }
416:
417:            /**
418:             * 
419:             */
420:            public void doGotoeditroles(RunData data, TemplateContext context)
421:                    throws Exception {
422:                String userName = data.getParameters().getString("username");
423:                if ((userName != null) && (userName.length() > 0)) {
424:                    setTarget(data, "admin,EditUserRoles.vm");
425:                } else {
426:                    getScarabRequestTool(context).setAlertMessage(
427:                            L10NKeySet.UserSelect);
428:                }
429:            }
430:
431:            /**
432:             * 
433:             */
434:            public void doGotodeleteuser(RunData data, TemplateContext context)
435:                    throws Exception {
436:                setTarget(data, "admin,DeleteUser.vm");
437:            }
438:
439:            /**
440:             * 
441:             */
442:            public void doGotoadduser(RunData data, TemplateContext context)
443:                    throws Exception {
444:                setTarget(data, "admin,AddUser.vm");
445:            }
446:
447:            /**
448:             * This manages clicking the 'Search' button. Sets some data in context and delegates
449:             * to the page (that will make the real search).
450:             */
451:            public void doSearch(RunData data, TemplateContext context)
452:                    throws Exception {
453:                String searchField = data.getParameters().getString(
454:                        "searchField");
455:                String searchCriteria = data.getParameters().getString(
456:                        "searchCriteria");
457:                String orderByField = data.getParameters().getString(
458:                        "orderByField");
459:                String ascOrDesc = data.getParameters().getString("ascOrDesc");
460:                String resultsPerPage = data.getParameters().getString(
461:                        "resultsPerPage");
462:                ScarabRequestTool scarabR = getScarabRequestTool(context);
463:
464:                scarabR.setGlobalUserSearchParam("searchField", searchField);
465:                scarabR.setGlobalUserSearchParam("searchCriteria",
466:                        searchCriteria);
467:                scarabR.setGlobalUserSearchParam("orderByField", orderByField);
468:                scarabR.setGlobalUserSearchParam("ascOrDesc", ascOrDesc);
469:                scarabR.setGlobalUserSearchParam("resultsPerPage",
470:                        resultsPerPage);
471:
472:                setTarget(data, "admin,ManageUserSearch.vm");
473:            }
474:
475:            /**
476:             * calls doSearch()
477:             */
478:            public void doPerform(RunData data, TemplateContext context)
479:                    throws Exception {
480:                doSearch(data, context);
481:            }
482:        }