001: /*
002: * argun 1.0
003: * Web 2.0 delivery framework
004: * Copyright (C) 2007 Hammurapi Group
005: *
006: * This program is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2 of the License, or (at your option) any later version.
010: *
011: * This program is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
019: *
020: * URL: http://www.hammurapi.biz
021: * e-Mail: support@hammurapi.biz
022: */
023: package biz.hammurapi.web.security;
024:
025: import java.sql.SQLException;
026: import java.util.ArrayList;
027: import java.util.HashMap;
028: import java.util.HashSet;
029: import java.util.Map;
030: import java.util.Set;
031:
032: import javax.servlet.http.HttpServletRequest;
033: import javax.servlet.http.HttpServletResponse;
034:
035: import biz.hammurapi.config.ConfigurationException;
036: import biz.hammurapi.sql.SQLProcessor;
037: import biz.hammurapi.web.ActionServlet;
038: import biz.hammurapi.web.SimpleRedirect;
039: import biz.hammurapi.web.security.sql.ApplicationPermissionImpl;
040: import biz.hammurapi.web.security.sql.SecurityEngine;
041: import biz.hammurapi.web.security.sql.permission.PermissionEngine;
042:
043: /**
044: * Web actions class for ApplicationPermission.
045: * @author Pavel Vlasov
046: * @version $Revision$
047: */
048: public class ApplicationPermissionActions extends ActionsBase {
049: private static final String VIEW_PATH = "get/ApplicationPermission/view.html?id=";
050:
051: /**
052: * Retrieves list of ApplicationPermission
053: * @param request
054: * @param response
055: * @param servlet
056: * @return
057: */
058: public Object list(HttpServletRequest request,
059: HttpServletResponse response, ActionServlet servlet) {
060: Map ret = new HashMap();
061: ret.put("permissions", getEngine(request)
062: .getApplicationPermission());
063: ret.put("classes", new PermissionEngine(
064: (SQLProcessor) getGlobal(request, "sql-processor"))
065: .getClasses());
066: return ret;
067: }
068:
069: /**
070: * Retrieves ApplicationPermission information by 'id' parameter
071: * @param request
072: * @param response
073: * @param servlet
074: * @return
075: * @throws SQLException
076: */
077: public Object get(HttpServletRequest request,
078: HttpServletResponse response, ActionServlet servlet)
079: throws SQLException {
080: String id = request.getParameter("id");
081: if (id == null) {
082: return "ApplicationPermission id parameter is missing";
083: }
084:
085: int pid = Integer.parseInt(id);
086: ApplicationPermissionImpl ret = (ApplicationPermissionImpl) getEngine(
087: request).getApplicationPermission(pid);
088: if (ret == null) {
089: return "Invalid ApplicationPermission id: " + id;
090: }
091:
092: setReferrer(request, ret);
093:
094: PermissionEngine pe = new PermissionEngine(
095: (SQLProcessor) getGlobal(request, "sql-processor"));
096:
097: if (hasPermission(request, Role.class, "list")) {
098: ret.setAttribute("roles", pe.getRole(pid, new ArrayList()));
099: }
100:
101: if (hasPermission(request, Group.class, "list")) {
102: ret.setAttribute("groups", pe
103: .getGroup(pid, new ArrayList()));
104: }
105:
106: if (hasPermission(request, User.class, "list")) {
107: ret.setAttribute("users", pe.getUser(pid, new ArrayList()));
108: }
109:
110: ret.setAttribute("prerequisites", pe.getPrerequisite(pid,
111: new ArrayList()));
112: ret
113: .setAttribute("derived", pe.getDerived(pid,
114: new ArrayList()));
115:
116: return ret;
117: }
118:
119: /**
120: * Iterates over permissions parameter values and updates database.
121: * @param request
122: * @param response
123: * @param servlet
124: * @return
125: * @throws SQLException
126: * @throws ConfigurationException
127: */
128: public Object getRoles(HttpServletRequest request,
129: HttpServletResponse response, ActionServlet servlet)
130: throws SQLException, ConfigurationException {
131: Map ret = new HashMap();
132: SecurityEngine engine = getEngine(request);
133: int pid = Integer.parseInt(request.getParameter("id"));
134: ret.put("id", request.getParameter("id"));
135: ret.put("assigned-roles", new PermissionEngine(
136: ((SQLProcessor) getGlobal(request, "sql-processor")))
137: .getRole(pid));
138: ret.put("roles", engine.getUserRole());
139: return ret;
140: }
141:
142: /**
143: * Iterates over groups parameter values and updates database.
144: * @param request
145: * @param response
146: * @param servlet
147: * @return
148: * @throws SQLException
149: * @throws ConfigurationException
150: */
151: public Object updateRoles(HttpServletRequest request,
152: HttpServletResponse response, ActionServlet servlet)
153: throws SQLException, ConfigurationException {
154: SecurityEngine engine = getEngine(request);
155: int pid = Integer.parseInt(request.getParameter("id"));
156: engine.deleteRolePermissionByPermission(pid);
157: Set roles = new HashSet();
158: String[] values = request.getParameterValues("Denied");
159: if (values != null) {
160: for (int i = 0; i < values.length; i++) {
161: if (roles.add(values[i])) {
162: engine.insertRolePermission(pid, values[i], true);
163: }
164: }
165: }
166: values = request.getParameterValues("Allowed");
167: if (values != null) {
168: for (int i = 0; i < values.length; i++) {
169: if (roles.add(values[i])) {
170: engine.insertRolePermission(pid, values[i], false);
171: }
172: }
173: }
174: return new SimpleRedirect(VIEW_PATH + pid, "Roles updated");
175: }
176:
177: /**
178: * Iterates over permissions parameter values and updates database.
179: * @param request
180: * @param response
181: * @param servlet
182: * @return
183: * @throws SQLException
184: * @throws ConfigurationException
185: */
186: public Object getGroups(HttpServletRequest request,
187: HttpServletResponse response, ActionServlet servlet)
188: throws SQLException, ConfigurationException {
189: Map ret = new HashMap();
190: SecurityEngine engine = getEngine(request);
191: int pid = Integer.parseInt(request.getParameter("id"));
192: ret.put("id", request.getParameter("id"));
193: ret.put("assigned-groups", new PermissionEngine(
194: ((SQLProcessor) getGlobal(request, "sql-processor")))
195: .getGroup(pid));
196: ret.put("groups", engine.getUserGroup());
197: return ret;
198: }
199:
200: /**
201: * Iterates over groups parameter values and updates database.
202: * @param request
203: * @param response
204: * @param servlet
205: * @return
206: * @throws SQLException
207: * @throws ConfigurationException
208: */
209: public Object updateGroups(HttpServletRequest request,
210: HttpServletResponse response, ActionServlet servlet)
211: throws SQLException, ConfigurationException {
212: SecurityEngine engine = getEngine(request);
213: int pid = Integer.parseInt(request.getParameter("id"));
214: engine.deleteGroupPermissionByPermission(pid);
215: Set groups = new HashSet();
216: String[] values = request.getParameterValues("Denied");
217: if (values != null) {
218: for (int i = 0; i < values.length; i++) {
219: if (groups.add(values[i])) {
220: engine.insertGroupPermission(pid, values[i], true);
221: }
222: }
223: }
224: values = request.getParameterValues("Allowed");
225: if (values != null) {
226: for (int i = 0; i < values.length; i++) {
227: if (groups.add(values[i])) {
228: engine.insertGroupPermission(pid, values[i], false);
229: }
230: }
231: }
232: return new SimpleRedirect(VIEW_PATH + pid, "Groups updated");
233: }
234:
235: /**
236: * Iterates over permissions parameter values and updates database.
237: * @param request
238: * @param response
239: * @param servlet
240: * @return
241: * @throws SQLException
242: * @throws ConfigurationException
243: */
244: public Object getUsers(HttpServletRequest request,
245: HttpServletResponse response, ActionServlet servlet)
246: throws SQLException, ConfigurationException {
247: Map ret = new HashMap();
248: SecurityEngine engine = getEngine(request);
249: int pid = Integer.parseInt(request.getParameter("id"));
250: ret.put("id", request.getParameter("id"));
251: ret.put("assigned-users", new PermissionEngine(
252: ((SQLProcessor) getGlobal(request, "sql-processor")))
253: .getUser(pid));
254: ret.put("users", engine.getApplicationUser());
255: return ret;
256: }
257:
258: /**
259: * Iterates over roles parameter values and updates database.
260: * @param request
261: * @param response
262: * @param servlet
263: * @return
264: * @throws SQLException
265: * @throws ConfigurationException
266: */
267: public Object updateUsers(HttpServletRequest request,
268: HttpServletResponse response, ActionServlet servlet)
269: throws SQLException, ConfigurationException {
270: SecurityEngine engine = getEngine(request);
271: int pid = Integer.parseInt(request.getParameter("id"));
272: engine.deleteUserPermissionByPermission(pid);
273: Set users = new HashSet();
274: String[] values = request.getParameterValues("Denied");
275: if (values != null) {
276: for (int i = 0; i < values.length; i++) {
277: if (users.add(values[i])) {
278: engine.insertUserPermission(pid, values[i], true);
279: }
280: }
281: }
282: values = request.getParameterValues("Allowed");
283: if (values != null) {
284: for (int i = 0; i < values.length; i++) {
285: if (users.add(values[i])) {
286: engine.insertUserPermission(pid, values[i], false);
287: }
288: }
289: }
290: return new SimpleRedirect(VIEW_PATH + pid, "Users updated");
291: }
292:
293: }
|