001: /**
002: * Copyright (c) 2003-2007, David A. Czarnecki
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions are met:
007: *
008: * Redistributions of source code must retain the above copyright notice, this list of conditions and the
009: * following disclaimer.
010: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
011: * following disclaimer in the documentation and/or other materials provided with the distribution.
012: * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
013: * endorse or promote products derived from this software without specific prior written permission.
014: * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
015: * without prior written permission of David A. Czarnecki.
016: *
017: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
018: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
019: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
020: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
021: * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
022: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
023: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
024: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
025: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
026: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
027: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
028: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
029: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
030: */package org.blojsom.plugin.admin;
031:
032: import org.apache.commons.logging.Log;
033: import org.apache.commons.logging.LogFactory;
034: import org.blojsom.blog.Blog;
035: import org.blojsom.blog.Entry;
036: import org.blojsom.blog.User;
037: import org.blojsom.blog.database.DatabaseUser;
038: import org.blojsom.event.EventBroadcaster;
039: import org.blojsom.fetcher.Fetcher;
040: import org.blojsom.fetcher.FetcherException;
041: import org.blojsom.plugin.PluginException;
042: import org.blojsom.plugin.admin.event.AuthorizationAddedEvent;
043: import org.blojsom.plugin.admin.event.AuthorizationDeletedEvent;
044: import org.blojsom.util.BlojsomConstants;
045: import org.blojsom.util.BlojsomUtils;
046:
047: import javax.servlet.http.HttpServletRequest;
048: import javax.servlet.http.HttpServletResponse;
049: import java.util.Date;
050: import java.util.HashMap;
051: import java.util.Map;
052:
053: /**
054: * EditBlogAuthorizationPlugin
055: *
056: * @author David Czarnecki
057: * @version $Id: EditBlogAuthorizationPlugin.java,v 1.10 2007/01/17 02:35:04 czarneckid Exp $
058: * @since blojsom 3.0
059: */
060: public class EditBlogAuthorizationPlugin extends BaseAdminPlugin {
061:
062: private Log _logger = LogFactory
063: .getLog(EditBlogAuthorizationPlugin.class);
064:
065: // Localization constants
066: private static final String FAILED_AUTHORIZATION_PERMISSION_KEY = "failed.authorization.permission.text";
067: private static final String FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY = "failed.other.authorization.permission.text";
068: private static final String SUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "successful.authorization.update.key";
069: private static final String SUCCESSFUL_AUTHORIZATION_DELETE_KEY = "successful.authorization.delete.key";
070: private static final String UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "unsuccessful.authorization.update.key";
071: private static final String UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY = "unsuccessful.authorization.delete.key";
072: private static final String PASSWORD_CHECK_FAILED_KEY = "password.check.failed.text";
073: private static final String MISSING_PARAMETERS_KEY = "missing.parameters.text";
074: private static final String MISSING_BLOG_ID_KEY = "no.blog.id.delete.text";
075: private static final String USER_LOGIN_EXISTS_KEY = "user.login.exists.text";
076:
077: // Pages
078: private static final String EDIT_BLOG_AUTHORIZATIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorizations";
079: private static final String EDIT_BLOG_AUTHORIZATION_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorization";
080:
081: // Constants
082: private static final String BLOJSOM_PLUGIN_EDIT_BLOG_USERS = "BLOJSOM_PLUGIN_EDIT_BLOG_USERS";
083: private static final String BLOJSOM_PLUGIN_EDIT_BLOG_USER = "BLOJSOM_PLUGIN_EDIT_BLOG_USER";
084: private static final String NEW_USER_STATUS = "new";
085:
086: // Actions
087: private static final String ADD_BLOG_AUTHORIZATION_ACTION = "add-blog-authorization";
088: private static final String MODIFY_BLOG_AUTHORIZATION_ACTION = "modify-blog-authorization";
089: private static final String DELETE_BLOG_AUTHORIZATION_ACTION = "delete-blog-authorization";
090: private static final String EDIT_BLOG_AUTHORIZATION = "edit-blog-authorization";
091:
092: // Form elements
093: private static final String BLOG_USER_ID = "blog-user-id";
094: private static final String BLOG_LOGIN_ID = "blog-login-id";
095: private static final String BLOG_USER_NAME = "blog-user-name";
096: private static final String BLOG_USER_PASSWORD = "blog-user-password";
097: private static final String BLOG_USER_PASSWORD_CHECK = "blog-user-password-check";
098: private static final String BLOG_USER_EMAIL = "blog-user-email";
099: private static final String BLOG_PERMISSIONS = "blog-permissions";
100:
101: // Permissions
102: private static final String ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION = "add_blog_authorization_permissions_permission";
103: private static final String EDIT_BLOG_AUTHORIZATION_PERMISSION = "edit_blog_authorization_permission";
104: private static final String EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION = "edit_other_users_authorization_permission";
105:
106: private Fetcher _fetcher;
107: private EventBroadcaster _eventBroadcaster;
108:
109: /**
110: * Default constructor
111: */
112: public EditBlogAuthorizationPlugin() {
113: }
114:
115: /**
116: * Set the {@link Fetcher}
117: *
118: * @param fetcher {@link Fetcher}
119: */
120: public void setFetcher(Fetcher fetcher) {
121: _fetcher = fetcher;
122: }
123:
124: /**
125: * Set the {@link EventBroadcaster}
126: *
127: * @param eventBroadcaster {@link EventBroadcaster}
128: */
129: public void setEventBroadcaster(EventBroadcaster eventBroadcaster) {
130: _eventBroadcaster = eventBroadcaster;
131: }
132:
133: /**
134: * Process the blog entries
135: *
136: * @param httpServletRequest Request
137: * @param httpServletResponse Response
138: * @param blog {@link Blog} instance
139: * @param context Context
140: * @param entries Blog entries retrieved for the particular request
141: * @return Modified set of blog entries
142: * @throws PluginException If there is an error processing the blog entries
143: */
144: public Entry[] process(HttpServletRequest httpServletRequest,
145: HttpServletResponse httpServletResponse, Blog blog,
146: Map context, Entry[] entries) throws PluginException {
147: if (!authenticateUser(httpServletRequest, httpServletResponse,
148: context, blog)) {
149: httpServletRequest.setAttribute(
150: BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE);
151:
152: return entries;
153: }
154:
155: String username = getUsernameFromSession(httpServletRequest,
156: blog);
157: if (!checkPermission(blog, null, username,
158: EDIT_BLOG_AUTHORIZATION_PERMISSION)) {
159: httpServletRequest.setAttribute(
160: BlojsomConstants.PAGE_PARAM,
161: ADMIN_ADMINISTRATION_PAGE);
162: addOperationResultMessage(context, getAdminResource(
163: FAILED_AUTHORIZATION_PERMISSION_KEY,
164: FAILED_AUTHORIZATION_PERMISSION_KEY, blog
165: .getBlogAdministrationLocale()));
166:
167: return entries;
168: }
169:
170: String action = BlojsomUtils.getRequestValue(ACTION_PARAM,
171: httpServletRequest);
172: if (BlojsomUtils.checkNullOrBlank(action)) {
173: _logger
174: .debug("User did not request edit authorization action");
175: httpServletRequest.setAttribute(
176: BlojsomConstants.PAGE_PARAM,
177: ADMIN_ADMINISTRATION_PAGE);
178: } else if (PAGE_ACTION.equals(action)) {
179: _logger
180: .debug("User requested edit blog authorization page");
181:
182: httpServletRequest.setAttribute(
183: BlojsomConstants.PAGE_PARAM,
184: EDIT_BLOG_AUTHORIZATIONS_PAGE);
185: } else if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)
186: || MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action)) {
187: if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) {
188: _logger
189: .debug("User requested add authorization action");
190: } else {
191: _logger
192: .debug("User requested modify authorization action");
193: }
194:
195: String blogUserID = BlojsomUtils.getRequestValue(
196: BLOG_USER_ID, httpServletRequest);
197: String blogLoginID = BlojsomUtils.getRequestValue(
198: BLOG_LOGIN_ID, httpServletRequest);
199: String blogUserName = BlojsomUtils.getRequestValue(
200: BLOG_USER_NAME, httpServletRequest);
201: String blogUserPassword = BlojsomUtils.getRequestValue(
202: BLOG_USER_PASSWORD, httpServletRequest);
203: String blogUserPasswordCheck = BlojsomUtils
204: .getRequestValue(BLOG_USER_PASSWORD_CHECK,
205: httpServletRequest);
206: String blogUserEmail = BlojsomUtils.getRequestValue(
207: BLOG_USER_EMAIL, httpServletRequest);
208: String blogUserPermissions = BlojsomUtils.getRequestValue(
209: BLOG_PERMISSIONS, httpServletRequest);
210:
211: if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
212: if (BlojsomUtils.checkNullOrBlank(blogUserEmail)) {
213: blogUserEmail = "";
214: }
215:
216: if (!checkPermission(blog, null, username,
217: EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION)) {
218: httpServletRequest.setAttribute(
219: BlojsomConstants.PAGE_PARAM,
220: EDIT_BLOG_AUTHORIZATIONS_PAGE);
221: addOperationResultMessage(
222: context,
223: getAdminResource(
224: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY,
225: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY,
226: blog.getBlogAdministrationLocale()));
227:
228: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
229: _fetcher.getUsers(blog));
230:
231: return entries;
232: }
233:
234: boolean modifyingPassword = true;
235:
236: if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)
237: && (BlojsomUtils
238: .checkNullOrBlank(blogUserPassword) || BlojsomUtils
239: .checkNullOrBlank(blogUserPasswordCheck))) {
240: addOperationResultMessage(context,
241: getAdminResource(MISSING_PARAMETERS_KEY,
242: MISSING_PARAMETERS_KEY,
243: blog.getBlogAdministrationLocale()));
244: _logger
245: .debug("Missing parameters from the request to complete add/modify authorization action");
246:
247: httpServletRequest.setAttribute(
248: BlojsomConstants.PAGE_PARAM,
249: EDIT_BLOG_AUTHORIZATIONS_PAGE);
250: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
251: _fetcher.getUsers(blog));
252:
253: return entries;
254: } else if (MODIFY_BLOG_AUTHORIZATION_ACTION
255: .equals(action)
256: && BlojsomUtils
257: .checkNullOrBlank(blogUserPassword)
258: && BlojsomUtils
259: .checkNullOrBlank(blogUserPasswordCheck)) {
260: modifyingPassword = false;
261: } else if (MODIFY_BLOG_AUTHORIZATION_ACTION
262: .equals(action)
263: && !blogUserPassword
264: .equals(blogUserPasswordCheck)) {
265: addOperationResultMessage(context,
266: getAdminResource(PASSWORD_CHECK_FAILED_KEY,
267: PASSWORD_CHECK_FAILED_KEY,
268: blog.getBlogAdministrationLocale()));
269: _logger
270: .debug("Password and password check not equal for add/modify authorization action");
271:
272: httpServletRequest.setAttribute(
273: BlojsomConstants.PAGE_PARAM,
274: EDIT_BLOG_AUTHORIZATIONS_PAGE);
275: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
276: _fetcher.getUsers(blog));
277:
278: return entries;
279: }
280:
281: if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)
282: && (!blogUserPassword
283: .equals(blogUserPasswordCheck))) {
284: addOperationResultMessage(context,
285: getAdminResource(PASSWORD_CHECK_FAILED_KEY,
286: PASSWORD_CHECK_FAILED_KEY,
287: blog.getBlogAdministrationLocale()));
288: _logger
289: .debug("Password and password check not equal for add/modify authorization action");
290:
291: httpServletRequest.setAttribute(
292: BlojsomConstants.PAGE_PARAM,
293: EDIT_BLOG_AUTHORIZATIONS_PAGE);
294: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
295: _fetcher.getUsers(blog));
296:
297: return entries;
298: }
299:
300: if (blog.getUseEncryptedPasswords().booleanValue()) {
301: blogUserPassword = BlojsomUtils
302: .digestString(blogUserPassword, blog
303: .getDigestAlgorithm());
304: }
305:
306: String[] permissions = null;
307: if (!BlojsomUtils.checkNullOrBlank(blogUserPermissions)) {
308: permissions = BlojsomUtils.parseOnlyCommaList(
309: blogUserPermissions, true);
310: }
311:
312: User user = null;
313: if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) {
314: try {
315: _fetcher.loadUser(blog, blogLoginID);
316:
317: addOperationResultMessage(
318: context,
319: formatAdminResource(
320: USER_LOGIN_EXISTS_KEY,
321: USER_LOGIN_EXISTS_KEY,
322: blog
323: .getBlogAdministrationLocale(),
324: new Object[] { blogLoginID }));
325: httpServletRequest.setAttribute(
326: BlojsomConstants.PAGE_PARAM,
327: EDIT_BLOG_AUTHORIZATIONS_PAGE);
328: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
329: _fetcher.getUsers(blog));
330:
331: return entries;
332: } catch (FetcherException e) {
333: }
334:
335: user = new DatabaseUser();
336: user.setBlogId(blog.getId());
337: user.setUserEmail(blogUserEmail);
338: user.setUserLogin(blogLoginID);
339: user.setUserName(blogUserName);
340: user.setUserPassword(blogUserPassword);
341: user.setUserRegistered(new Date());
342: user.setUserStatus(NEW_USER_STATUS);
343: if (permissions != null) {
344: Map userMetaData = new HashMap();
345: for (int i = 0; i < permissions.length; i++) {
346: String permission = permissions[i];
347: if (permission
348: .endsWith(BlojsomConstants.PERMISSION_SUFFIX)
349: && checkPermission(blog, null,
350: username,
351: ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION)) {
352: userMetaData.put(permission,
353: Boolean.TRUE.toString());
354: }
355: }
356:
357: user.setMetaData(userMetaData);
358: }
359: } else {
360: try {
361: user = _fetcher.loadUser(blog, Integer
362: .valueOf(blogUserID));
363: user.setUserEmail(blogUserEmail);
364: if (modifyingPassword) {
365: user.setUserPassword(blogUserPassword);
366: }
367:
368: user.setUserName(blogUserName);
369: } catch (FetcherException e) {
370: if (_logger.isErrorEnabled()) {
371: _logger.error(e);
372: }
373: }
374: }
375:
376: try {
377: _fetcher.saveUser(blog, user);
378:
379: addOperationResultMessage(
380: context,
381: formatAdminResource(
382: SUCCESSFUL_AUTHORIZATION_UPDATE_KEY,
383: SUCCESSFUL_AUTHORIZATION_UPDATE_KEY,
384: blog.getBlogAdministrationLocale(),
385: new Object[] { user.getUserLogin() }));
386: _eventBroadcaster
387: .processEvent(new AuthorizationAddedEvent(
388: this , new Date(),
389: httpServletRequest,
390: httpServletResponse, blog, context,
391: user.getId()));
392: } catch (FetcherException e) {
393: if (_logger.isErrorEnabled()) {
394: _logger.error(e);
395: }
396:
397: addOperationResultMessage(
398: context,
399: formatAdminResource(
400: UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY,
401: UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY,
402: blog.getBlogAdministrationLocale(),
403: new Object[] { blogLoginID }));
404: }
405: } else {
406: addOperationResultMessage(context, getAdminResource(
407: MISSING_PARAMETERS_KEY, MISSING_PARAMETERS_KEY,
408: blog.getBlogAdministrationLocale()));
409: _logger
410: .debug("Missing parameters from the request to complete add/modify authorization action");
411: }
412:
413: httpServletRequest.setAttribute(
414: BlojsomConstants.PAGE_PARAM,
415: EDIT_BLOG_AUTHORIZATIONS_PAGE);
416: } else if (DELETE_BLOG_AUTHORIZATION_ACTION.equals(action)) {
417: _logger.debug("User requested delete authorization action");
418:
419: // Load the current authorized user's ID for checking against the incoming blog user ID
420: String authorizedUserID;
421: try {
422: User currentAuthorizedUser = _fetcher.loadUser(blog,
423: username);
424: authorizedUserID = currentAuthorizedUser.getId()
425: .toString();
426:
427: if (_logger.isDebugEnabled()) {
428: _logger
429: .debug("Edit blog authorization authenticated user ID: "
430: + authorizedUserID);
431: }
432: } catch (FetcherException e) {
433: if (_logger.isErrorEnabled()) {
434: _logger.error(e);
435: }
436:
437: addOperationResultMessage(context, getAdminResource(
438: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY,
439: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog
440: .getBlogAdministrationLocale()));
441: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher
442: .getUsers(blog));
443:
444: return entries;
445: }
446:
447: String blogUserID = BlojsomUtils.getRequestValue(
448: BLOG_USER_ID, httpServletRequest);
449: if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
450: if ((authorizedUserID.equals(blogUserID))
451: || !checkPermission(blog, null, username,
452: EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION)) {
453: httpServletRequest.setAttribute(
454: BlojsomConstants.PAGE_PARAM,
455: EDIT_BLOG_AUTHORIZATIONS_PAGE);
456: addOperationResultMessage(
457: context,
458: getAdminResource(
459: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY,
460: FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY,
461: blog.getBlogAdministrationLocale()));
462: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS,
463: _fetcher.getUsers(blog));
464:
465: return entries;
466: }
467:
468: try {
469: Integer userID = Integer.valueOf(blogUserID);
470: try {
471: User user = _fetcher.loadUser(blog, userID);
472: _fetcher.deleteUser(blog, userID);
473:
474: if (_logger.isDebugEnabled()) {
475: _logger
476: .debug("Removed user: "
477: + blogUserID
478: + " from blog: "
479: + blog.getBlogId());
480: }
481:
482: addOperationResultMessage(
483: context,
484: formatAdminResource(
485: SUCCESSFUL_AUTHORIZATION_DELETE_KEY,
486: SUCCESSFUL_AUTHORIZATION_DELETE_KEY,
487: blog
488: .getBlogAdministrationLocale(),
489: new Object[] { user
490: .getUserLogin() }));
491: _eventBroadcaster
492: .processEvent(new AuthorizationDeletedEvent(
493: this , new Date(),
494: httpServletRequest,
495: httpServletResponse, blog,
496: context, userID));
497: } catch (FetcherException e) {
498: addOperationResultMessage(
499: context,
500: formatAdminResource(
501: UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY,
502: UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY,
503: blog
504: .getBlogAdministrationLocale(),
505: new Object[] { blogUserID }));
506:
507: if (_logger.isErrorEnabled()) {
508: _logger.error(e);
509: }
510: }
511: } catch (NumberFormatException e) {
512: if (_logger.isErrorEnabled()) {
513: _logger.error(e);
514: }
515:
516: addOperationResultMessage(
517: context,
518: formatAdminResource(
519: UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY,
520: UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY,
521: blog.getBlogAdministrationLocale(),
522: new Object[] { blogUserID }));
523: }
524: } else {
525: addOperationResultMessage(context, getAdminResource(
526: MISSING_BLOG_ID_KEY, MISSING_BLOG_ID_KEY, blog
527: .getBlogAdministrationLocale()));
528: _logger
529: .debug("No blog user id to delete from authorization");
530: }
531:
532: httpServletRequest.setAttribute(
533: BlojsomConstants.PAGE_PARAM,
534: EDIT_BLOG_AUTHORIZATIONS_PAGE);
535: } else if (EDIT_BLOG_AUTHORIZATION.equals(action)) {
536: _logger.debug("User requested edit authorization action");
537:
538: String userID = BlojsomUtils.getRequestValue(BLOG_USER_ID,
539: httpServletRequest);
540: if (!BlojsomUtils.checkNullOrBlank(userID)) {
541: try {
542: User user = _fetcher.loadUser(blog, Integer
543: .valueOf(userID));
544:
545: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USER, user);
546: httpServletRequest.setAttribute(
547: BlojsomConstants.PAGE_PARAM,
548: EDIT_BLOG_AUTHORIZATION_PAGE);
549: } catch (FetcherException e) {
550: if (_logger.isErrorEnabled()) {
551: _logger.error(e);
552: }
553: }
554: } else {
555: httpServletRequest.setAttribute(
556: BlojsomConstants.PAGE_PARAM,
557: EDIT_BLOG_AUTHORIZATIONS_PAGE);
558: }
559: }
560:
561: context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher
562: .getUsers(blog));
563:
564: return entries;
565: }
566: }
|