001: /*
002: * argun 1.0
003: * Web 2.0 delivery framework
004: * Copyright (C) 2007 Hammurapi Group
005: *
006: * This program is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2 of the License, or (at your option) any later version.
010: *
011: * This program is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
019: *
020: * URL: http://www.hammurapi.biz
021: * e-Mail: support@hammurapi.biz
022: */
023: package biz.hammurapi.web.security;
024:
025: import java.sql.SQLException;
026: import java.util.Collection;
027: import java.util.HashMap;
028: import java.util.Map;
029:
030: import javax.servlet.http.HttpServletRequest;
031: import javax.servlet.http.HttpServletResponse;
032:
033: import biz.hammurapi.config.ConfigurationException;
034: import biz.hammurapi.sql.SQLProcessor;
035: import biz.hammurapi.web.ActionServlet;
036: import biz.hammurapi.web.RequestParametersContext;
037: import biz.hammurapi.web.SimpleRedirect;
038: import biz.hammurapi.web.security.sql.SecurityEngine;
039: import biz.hammurapi.web.security.sql.UserRoleImpl;
040: import biz.hammurapi.web.security.sql.permission.PermissionEngine;
041: import biz.hammurapi.web.security.sql.role.RoleEngine;
042:
043: /**
044: * Web actions class for UserRole.
045: * @author Pavel Vlasov
046: * @version $Revision$
047: */
048: public class UserRoleActions extends ActionsBase {
049:
050: private static final String VIEW_PATH = "get/UserRole/view.html?id=";
051:
052: /**
053: * Retrieves list of UserRole
054: * @param request
055: * @param response
056: * @param servlet
057: * @return
058: */
059: public Collection list(HttpServletRequest request,
060: HttpServletResponse response, ActionServlet servlet) {
061: return getEngine(request).getUserRole();
062: }
063:
064: /**
065: * Retrieves UserRole information by 'id' parameter
066: * @param request
067: * @param response
068: * @param servlet
069: * @return
070: * @throws SQLException
071: * @throws ConfigurationException
072: */
073: public Object get(HttpServletRequest request,
074: HttpServletResponse response, ActionServlet servlet)
075: throws SQLException, ConfigurationException {
076: if ("yes".equals(request.getParameter("new"))) {
077: UserRoleImpl ret = new UserRoleImpl();
078: ret.configure(new RequestParametersContext(request),
079: converter);
080: ret.setAttribute("new", "yes");
081: setReferrer(request, ret);
082: return ret;
083: }
084:
085: String id = request.getParameter("id");
086: if (id == null) {
087: return "UserRole id parameter is missing";
088: }
089:
090: UserRoleImpl ret = (UserRoleImpl) getEngine(request)
091: .getUserRole(id);
092: if (ret == null) {
093: return "Invalid UserRole id: " + id;
094: }
095:
096: setReferrer(request, ret);
097:
098: RoleEngine roleEngine = new RoleEngine(
099: ((SQLProcessor) getGlobal(request, "sql-processor")));
100:
101: if (hasPermission(request, Group.class, "list")) {
102: ret.setAttribute("groups", roleEngine.getGroup(id));
103: }
104:
105: if (hasPermission(request, User.class, "list")) {
106: ret.setAttribute("users", roleEngine.getUser(id));
107: }
108:
109: if (hasPermission(request, Permission.class, "list")) {
110: ret.setAttribute("permissions", roleEngine
111: .getPermission(id));
112: }
113:
114: return ret;
115: }
116:
117: /**
118: * Updates UserRole.
119: * @param request
120: * @param response
121: * @param servlet
122: * @return
123: * @throws SQLException
124: * @throws ConfigurationException
125: */
126: public Object update(HttpServletRequest request,
127: HttpServletResponse response, ActionServlet servlet)
128: throws SQLException, ConfigurationException {
129: boolean isUpdate = !"yes".equals(request.getParameter("_new"));
130:
131: UserRoleImpl obj = new UserRoleImpl(isUpdate);
132: obj.configure(new RequestParametersContext(request), converter);
133: SecurityEngine engine = getEngine(request); // TODO replace XxxEngine with application engine class.
134:
135: // TODO - Add server side validations as column attributes.
136:
137: // if (hadErrors) {
138: // return obj;
139: // }
140:
141: if (isUpdate) {
142: int numRows = engine.updateUserRole(obj);
143: if (numRows != 1) {
144: return "Could not update UserRole";
145: }
146: } else {
147: int numRows = engine.insertUserRole(obj);
148: if (numRows != 1) {
149: return "Could not update UserRole";
150: }
151: }
152:
153: String referrer = getReferrer(request);
154: if (referrer == null) {
155: referrer = "list/UserRole/list.html";
156: }
157:
158: return new SimpleRedirect(referrer, "UserRole "
159: + (isUpdate ? "updated" : "inserted"));
160: }
161:
162: /**
163: * Deletes UserRole by "id" parameter.
164: * @param request
165: * @param response
166: * @param servlet
167: * @return
168: * @throws SQLException
169: * @throws ConfigurationException
170: */
171: public Object delete(HttpServletRequest request,
172: HttpServletResponse response, ActionServlet servlet)
173: throws SQLException {
174: String id = request.getParameter("id");
175: if (id == null) {
176: return "id parameter is missing";
177: }
178:
179: getEngine(request).deleteUserRole(id);
180:
181: String referrer = getReferrer(request);
182: // if (referrer == null) {
183: referrer = "list/UserRole/list.html";
184: // }
185:
186: return new SimpleRedirect(referrer, "UserRole deleted");
187: }
188:
189: /**
190: * Iterates over permissions parameter values and updates database.
191: * @param request
192: * @param response
193: * @param servlet
194: * @return
195: * @throws SQLException
196: * @throws ConfigurationException
197: */
198: public Object getPermissions(HttpServletRequest request,
199: HttpServletResponse response, ActionServlet servlet)
200: throws SQLException, ConfigurationException {
201: Map ret = new HashMap();
202: SecurityEngine engine = getEngine(request);
203: String roleName = request.getParameter("id");
204: ret.put("id", roleName);
205: SQLProcessor sqlProcessor = (SQLProcessor) getGlobal(request,
206: "sql-processor");
207: ret.put("assigned-permissions", new RoleEngine(sqlProcessor)
208: .getPermission(roleName));
209: ret.put("permissions", engine.getApplicationPermission());
210: ret.put("classes", new PermissionEngine(sqlProcessor)
211: .getClasses());
212: return ret;
213: }
214:
215: /**
216: * Iterates over permissions parameter values and updates database.
217: * @param request
218: * @param response
219: * @param servlet
220: * @return
221: * @throws SQLException
222: * @throws ConfigurationException
223: */
224: public Object updatePermissions(HttpServletRequest request,
225: HttpServletResponse response, ActionServlet servlet)
226: throws SQLException, ConfigurationException {
227: SecurityEngine engine = getEngine(request);
228: String roleName = request.getParameter("id");
229: engine.deleteRolePermissionByRole(roleName);
230: java.util.Set idSet = new java.util.HashSet();
231: String[] values = request.getParameterValues("Denied");
232: if (values != null) {
233: for (int i = 0; i < values.length; i++) {
234: if (idSet.add(values[i])) {
235: int pid = Integer.parseInt(values[i]);
236: engine.insertRolePermission(pid, roleName, true);
237: }
238: }
239: }
240:
241: values = request.getParameterValues("Allowed");
242: if (values != null) {
243: for (int i = 0; i < values.length; i++) {
244: if (idSet.add(values[i])) {
245: int pid = Integer.parseInt(values[i]);
246: engine.insertRolePermission(pid, roleName, false);
247: }
248: }
249: }
250: return new SimpleRedirect("../../" + VIEW_PATH + roleName,
251: "Permissions updated");
252: }
253:
254: /**
255: * Iterates over permissions parameter values and updates database.
256: * @param request
257: * @param response
258: * @param servlet
259: * @return
260: * @throws SQLException
261: * @throws ConfigurationException
262: */
263: public Object getGroups(HttpServletRequest request,
264: HttpServletResponse response, ActionServlet servlet)
265: throws SQLException, ConfigurationException {
266: Map ret = new HashMap();
267: SecurityEngine engine = getEngine(request);
268: String roleName = request.getParameter("id");
269: ret.put("id", roleName);
270: ret.put("assigned-groups", new RoleEngine(
271: ((SQLProcessor) getGlobal(request, "sql-processor")))
272: .getGroup(roleName));
273: ret.put("groups", engine.getUserGroup());
274: return ret;
275: }
276:
277: /**
278: * Iterates over groups parameter values and updates database.
279: * @param request
280: * @param response
281: * @param servlet
282: * @return
283: * @throws SQLException
284: * @throws ConfigurationException
285: */
286: public Object updateGroups(HttpServletRequest request,
287: HttpServletResponse response, ActionServlet servlet)
288: throws SQLException, ConfigurationException {
289: SecurityEngine engine = getEngine(request);
290: String roleName = request.getParameter("id");
291: engine.deleteGroupInRoleByRole(roleName);
292: String[] values = request.getParameterValues("group");
293: if (values != null) {
294: for (int i = 0; i < values.length; i++) {
295: engine.insertGroupInRole(values[i], roleName);
296: }
297: }
298: return new SimpleRedirect(VIEW_PATH + roleName,
299: "Groups updated");
300: }
301:
302: /**
303: * Iterates over permissions parameter values and updates database.
304: * @param request
305: * @param response
306: * @param servlet
307: * @return
308: * @throws SQLException
309: * @throws ConfigurationException
310: */
311: public Object getUsers(HttpServletRequest request,
312: HttpServletResponse response, ActionServlet servlet)
313: throws SQLException, ConfigurationException {
314: Map ret = new HashMap();
315: SecurityEngine engine = getEngine(request);
316: String roleName = request.getParameter("id");
317: ret.put("id", roleName);
318: ret.put("assigned-users", new RoleEngine(
319: ((SQLProcessor) getGlobal(request, "sql-processor")))
320: .getUser(roleName));
321: ret.put("users", engine.getApplicationUser());
322: return ret;
323: }
324:
325: /**
326: * Iterates over roles parameter values and updates database.
327: * @param request
328: * @param response
329: * @param servlet
330: * @return
331: * @throws SQLException
332: * @throws ConfigurationException
333: */
334: public Object updateUsers(HttpServletRequest request,
335: HttpServletResponse response, ActionServlet servlet)
336: throws SQLException, ConfigurationException {
337: SecurityEngine engine = getEngine(request);
338: String roleName = request.getParameter("id");
339: engine.deleteUserInRoleByRole(roleName);
340: String[] values = request.getParameterValues("user");
341: if (values != null) {
342: for (int i = 0; i < values.length; i++) {
343: engine.insertUserInRole(values[i], roleName);
344: }
345: }
346: return new SimpleRedirect(VIEW_PATH + roleName, "Users updated");
347: }
348:
349: }
|