001: /*
002: * argun 1.0
003: * Web 2.0 delivery framework
004: * Copyright (C) 2007 Hammurapi Group
005: *
006: * This program is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2 of the License, or (at your option) any later version.
010: *
011: * This program is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
019: *
020: * URL: http://www.hammurapi.biz
021: * e-Mail: support@hammurapi.biz
022: */
023: package biz.hammurapi.web.security;
024:
025: import java.sql.SQLException;
026: import java.util.Collection;
027: import java.util.HashMap;
028: import java.util.Map;
029:
030: import javax.servlet.http.HttpServletRequest;
031: import javax.servlet.http.HttpServletResponse;
032:
033: import biz.hammurapi.config.ConfigurationException;
034: import biz.hammurapi.sql.SQLProcessor;
035: import biz.hammurapi.web.ActionServlet;
036: import biz.hammurapi.web.RequestParametersContext;
037: import biz.hammurapi.web.SimpleRedirect;
038: import biz.hammurapi.web.security.sql.SecurityEngine;
039: import biz.hammurapi.web.security.sql.UserRoleImpl;
040: import biz.hammurapi.web.security.sql.group.GroupEngine;
041: import biz.hammurapi.web.security.sql.permission.PermissionEngine;
042:
043: /**
044: * Web actions class for Group.
045: * @author Pavel Vlasov
046: * @version $Revision$
047: */
048: public class UserGroupActions extends ActionsBase {
049:
050: private static final String VIEW_PATH = "get/UserGroup/view.html?id=";
051:
052: /**
053: * Retrieves list of Group
054: * @param request
055: * @param response
056: * @param servlet
057: * @return
058: */
059: public Collection list(HttpServletRequest request,
060: HttpServletResponse response, ActionServlet servlet) {
061: return getEngine(request).getUserGroup();
062: }
063:
064: /**
065: * Retrieves Group information by 'id' parameter
066: * @param request
067: * @param response
068: * @param servlet
069: * @return
070: * @throws SQLException
071: * @throws ConfigurationException
072: */
073: public Object get(HttpServletRequest request,
074: HttpServletResponse response, ActionServlet servlet)
075: throws SQLException, ConfigurationException {
076: if ("yes".equals(request.getParameter("new"))) {
077: UserRoleImpl ret = new UserRoleImpl();
078: ret.configure(new RequestParametersContext(request),
079: converter); //
080: ret.setAttribute("new", "yes");
081: setReferrer(request, ret);
082: return ret;
083: }
084:
085: String id = request.getParameter("id");
086: if (id == null) {
087: return "Group id parameter is missing";
088: }
089:
090: UserRoleImpl ret = (UserRoleImpl) getEngine(request)
091: .getUserGroup(id);
092: if (ret == null) {
093: return "Invalid Group id: " + id;
094: }
095:
096: GroupEngine groupEngine = new GroupEngine(
097: ((SQLProcessor) getGlobal(request, "sql-processor")));
098: if (hasPermission(request, Role.class, "list")) {
099: ret.setAttribute("roles", groupEngine.getRole(id));
100: }
101:
102: if (hasPermission(request, User.class, "list")) {
103: ret.setAttribute("users", groupEngine.getUser(id));
104: }
105:
106: if (hasPermission(request, Permission.class, "list")) {
107: ret.setAttribute("permissions", groupEngine
108: .getPermission(id));
109: }
110: setReferrer(request, ret);
111: return ret;
112: }
113:
114: /**
115: * Updates Group.
116: * @param request
117: * @param response
118: * @param servlet
119: * @return
120: * @throws SQLException
121: * @throws ConfigurationException
122: */
123: public Object update(HttpServletRequest request,
124: HttpServletResponse response, ActionServlet servlet)
125: throws SQLException, ConfigurationException {
126: boolean isUpdate = !"yes".equals(request.getParameter("_new"));
127:
128: UserRoleImpl obj = new UserRoleImpl(isUpdate);
129: obj.configure(new RequestParametersContext(request), converter);
130: SecurityEngine engine = getEngine(request);
131:
132: // TODO - Add server side validations as column attributes.
133:
134: // if (hadErrors) {
135: // return obj;
136: // }
137:
138: if (isUpdate) {
139: int numRows = engine.updateUserGroup(obj);
140: if (numRows != 1) {
141: return "Could not update Group";
142: }
143: } else {
144: int numRows = engine.insertUserGroup(obj);
145: if (numRows != 1) {
146: return "Could not update Group";
147: }
148: }
149:
150: String referrer = getReferrer(request);
151: if (referrer == null) {
152: referrer = "list/UserGroup/list.html";
153: }
154:
155: return new SimpleRedirect(referrer, "User group "
156: + (isUpdate ? "updated" : "inserted"));
157: }
158:
159: /**
160: * Deletes Group by "id" parameter.
161: * @param request
162: * @param response
163: * @param servlet
164: * @return
165: * @throws SQLException
166: * @throws ConfigurationException
167: */
168: public Object delete(HttpServletRequest request,
169: HttpServletResponse response, ActionServlet servlet)
170: throws SQLException {
171: String id = request.getParameter("id");
172: if (id == null) {
173: return "id parameter is missing";
174: }
175:
176: getEngine(request).deleteUserGroup(id);
177:
178: String referrer = getReferrer(request);
179: // if (referrer == null) {
180: referrer = "list/Group/list.html";
181: // }
182:
183: return new SimpleRedirect(referrer, "Group deleted");
184: }
185:
186: /**
187: * Iterates over permissions parameter values and updates database.
188: * @param request
189: * @param response
190: * @param servlet
191: * @return
192: * @throws SQLException
193: * @throws ConfigurationException
194: */
195: public Object getPermissions(HttpServletRequest request,
196: HttpServletResponse response, ActionServlet servlet)
197: throws SQLException, ConfigurationException {
198: Map ret = new HashMap();
199: SecurityEngine engine = getEngine(request);
200: String groupName = request.getParameter("id");
201: ret.put("id", groupName);
202: SQLProcessor sqlProcessor = (SQLProcessor) getGlobal(request,
203: "sql-processor");
204: ret.put("assigned-permissions", new GroupEngine(sqlProcessor)
205: .getPermission(groupName));
206: ret.put("permissions", engine.getApplicationPermission());
207: ret.put("classes", new PermissionEngine(sqlProcessor)
208: .getClasses());
209: return ret;
210: }
211:
212: /**
213: * Iterates over permissions parameter values and updates database.
214: * @param request
215: * @param response
216: * @param servlet
217: * @return
218: * @throws SQLException
219: * @throws ConfigurationException
220: */
221: public Object updatePermissions(HttpServletRequest request,
222: HttpServletResponse response, ActionServlet servlet)
223: throws SQLException, ConfigurationException {
224: SecurityEngine engine = getEngine(request);
225: String groupName = request.getParameter("id");
226: engine.deleteGroupPermissionByGroup(groupName);
227: java.util.Set idSet = new java.util.HashSet();
228: String[] values = request.getParameterValues("Denied");
229: if (values != null) {
230: for (int i = 0; i < values.length; i++) {
231: if (idSet.add(values[i])) {
232: int pid = Integer.parseInt(values[i]);
233: engine.insertGroupPermission(pid, groupName, true);
234: }
235: }
236: }
237:
238: values = request.getParameterValues("Allowed");
239: if (values != null) {
240: for (int i = 0; i < values.length; i++) {
241: if (idSet.add(values[i])) {
242: int pid = Integer.parseInt(values[i]);
243: engine.insertGroupPermission(pid, groupName, false);
244: }
245: }
246: }
247: return new SimpleRedirect("../../" + VIEW_PATH + groupName,
248: "Permissions updated");
249: }
250:
251: /**
252: * Iterates over permissions parameter values and updates database.
253: * @param request
254: * @param response
255: * @param servlet
256: * @return
257: * @throws SQLException
258: * @throws ConfigurationException
259: */
260: public Object getRoles(HttpServletRequest request,
261: HttpServletResponse response, ActionServlet servlet)
262: throws SQLException, ConfigurationException {
263: Map ret = new HashMap();
264: SecurityEngine engine = getEngine(request);
265: String groupName = request.getParameter("id");
266: ret.put("id", groupName);
267: ret.put("assigned-roles", new GroupEngine(
268: ((SQLProcessor) getGlobal(request, "sql-processor")))
269: .getRole(groupName));
270: ret.put("roles", engine.getUserRole());
271: return ret;
272: }
273:
274: /**
275: * Iterates over groups parameter values and updates database.
276: * @param request
277: * @param response
278: * @param servlet
279: * @return
280: * @throws SQLException
281: * @throws ConfigurationException
282: */
283: public Object updateRoles(HttpServletRequest request,
284: HttpServletResponse response, ActionServlet servlet)
285: throws SQLException, ConfigurationException {
286: SecurityEngine engine = getEngine(request);
287: String groupName = request.getParameter("id");
288: engine.deleteGroupInRoleByGroup(groupName);
289: String[] values = request.getParameterValues("role");
290: if (values != null) {
291: for (int i = 0; i < values.length; i++) {
292: engine.insertGroupInRole(groupName, values[i]);
293: }
294: }
295: return new SimpleRedirect(VIEW_PATH + groupName,
296: "Groups updated");
297: }
298:
299: /**
300: * Iterates over permissions parameter values and updates database.
301: * @param request
302: * @param response
303: * @param servlet
304: * @return
305: * @throws SQLException
306: * @throws ConfigurationException
307: */
308: public Object getUsers(HttpServletRequest request,
309: HttpServletResponse response, ActionServlet servlet)
310: throws SQLException, ConfigurationException {
311: Map ret = new HashMap();
312: SecurityEngine engine = getEngine(request);
313: String groupName = request.getParameter("id");
314: ret.put("id", groupName);
315: ret.put("assigned-users", new GroupEngine(
316: ((SQLProcessor) getGlobal(request, "sql-processor")))
317: .getUser(groupName));
318: ret.put("users", engine.getApplicationUser());
319: return ret;
320: }
321:
322: /**
323: * Iterates over roles parameter values and updates database.
324: * @param request
325: * @param response
326: * @param servlet
327: * @return
328: * @throws SQLException
329: * @throws ConfigurationException
330: */
331: public Object updateUsers(HttpServletRequest request,
332: HttpServletResponse response, ActionServlet servlet)
333: throws SQLException, ConfigurationException {
334: SecurityEngine engine = getEngine(request);
335: String groupName = request.getParameter("id");
336: engine.deleteUserInGroupByGroup(groupName);
337: String[] values = request.getParameterValues("user");
338: if (values != null) {
339: for (int i = 0; i < values.length; i++) {
340: engine.insertUserInGroup(values[i], groupName);
341: }
342: }
343: return new SimpleRedirect(VIEW_PATH + groupName,
344: "Users updated");
345: }
346:
347: }
|