KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > mckoi > database > interpret > UserManager


1 /**
2  * com.mckoi.database.interpret.UserManager 16 Aug 2002
3  *
4  * Mckoi SQL Database ( http://www.mckoi.com/database )
5  * Copyright (C) 2000, 2001, 2002 Diehl and Associates, Inc.
6  *
7  * This program is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU General Public License
9  * Version 2 as published by the Free Software Foundation.
10  *
11  * This program is distributed in the hope that it will be useful,
12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14  * GNU General Public License Version 2 for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * Version 2 along with this program; if not, write to the Free Software
18  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19  *
20  * Change Log:
21  *
22  *
23  */
24
25 package com.mckoi.database.interpret;
26
27 import com.mckoi.database.*;
28 import java.util.List JavaDoc;
29
30 /**
31  * Handler for User commands for creating, altering and dropping user accounts
32  * in the database.
33  *
34  * @author Tobias Downer
35  */
36
37 public class UserManager extends Statement {
38
39
40   /**
41    * Private method that sets the user groups and lock status.
42    */
43   private void internalSetUserGroupsAndLock(
44           DatabaseQueryContext context, String JavaDoc username,
45           Expression[] groups_list, String JavaDoc lock_status)
46                                                     throws DatabaseException {
47
48     Database db = context.getDatabase();
49
50     // Add the user to any groups
51 if (groups_list != null) {
52       // Delete all the groups the user currently belongs to
53 db.deleteAllUserGroups(context, username);
54       for (int i = 0; i < groups_list.length; ++i) {
55         TObject group_tob = groups_list[i].evaluate(null, null, context);
56         String JavaDoc group_str = group_tob.getObject().toString();
57         db.addUserToGroup(context, username, group_str);
58       }
59     }
60
61     // Do we lock this user?
62 if (lock_status != null) {
63       if (lock_status.equals("LOCK")) {
64         db.setUserLock(context, user, true);
65       }
66       else {
67         db.setUserLock(context, user, false);
68       }
69     }
70
71   }
72   
73   /**
74    * Private method that creates a new user.
75    */
76   private void internalCreateUser(
77           DatabaseQueryContext context, String JavaDoc username, String JavaDoc password_str,
78           Expression[] groups_list, String JavaDoc lock_status)
79                                                     throws DatabaseException {
80
81     // Create the user
82 Database db = context.getDatabase();
83     db.createUser(context, username, password_str);
84
85     internalSetUserGroupsAndLock(context, username, groups_list, lock_status);
86     
87     // Allow all localhost TCP connections.
88 // NOTE: Permissive initial security!
89 db.grantHostAccessToUser(context, username, "TCP", "%");
90     // Allow all Local connections (from within JVM).
91 db.grantHostAccessToUser(context, username, "Local", "%");
92     
93   }
94   
95   // ---------- Implemented from Statement ----------
96
97   public void prepare() throws DatabaseException {
98     // Nothing to do here
99 }
100
101   public Table evaluate() throws DatabaseException {
102     
103     DatabaseQueryContext context = new DatabaseQueryContext(database);
104
105     String JavaDoc command_type = (String JavaDoc) cmd.getObject("type");
106     String JavaDoc username = (String JavaDoc) cmd.getObject("username");
107
108     // True if current user is altering their own user record.
109 boolean modify_own_record = command_type.equals("ALTER USER") &&
110                                 user.getUserName().equals(username);
111     // True if current user is allowed to create and drop users.
112 boolean secure_access_privs =
113                 context.getDatabase().canUserCreateAndDropUsers(context, user);
114     
115     // Does the user have permissions to do this? They must be part of the
116 // 'secure access' priv group or they are modifying there own record.
117 if (!(modify_own_record || secure_access_privs)) {
118       throw new DatabaseException(
119                      "User is not permitted to create, alter or drop user.");
120     }
121     
122     if (username.equalsIgnoreCase("public")) {
123       throw new DatabaseException("Username 'public' is reserved.");
124     }
125
126     // Are we creating a new user?
127 if (command_type.equals("CREATE USER") ||
128         command_type.equals("ALTER USER")) {
129
130       Expression password = (Expression) cmd.getObject("password_expression");
131       Expression[] groups_list = (Expression[]) cmd.getObject("groups_list");
132       String JavaDoc lock_status = (String JavaDoc) cmd.getObject("lock_status");
133
134       String JavaDoc password_str = null;
135       if (password != null) {
136         TObject passwd_tob = password.evaluate(null, null, context);
137         password_str = passwd_tob.getObject().toString();
138       }
139       
140       if (command_type.equals("CREATE USER")) {
141         // -- Creating a new user ---
142
143         // First try and create the new user,
144 Database db = context.getDatabase();
145         if (!db.userExists(context, username)) {
146           internalCreateUser(context, username, password_str,
147                              groups_list, lock_status);
148         }
149         else {
150           throw new DatabaseException(
151                                     "User '" + username + "' already exists.");
152         }
153       
154       }
155       else if (command_type.equals("ALTER USER")) {
156         // -- Altering a user --
157
158         // If we don't have secure access privs then we need to check that the
159 // user is permitted to change the groups_list and lock_status.
160 // Altering your own password is allowed, but you can't change the
161 // groups you belong to, etc.
162 if (!secure_access_privs) {
163           if (groups_list != null) {
164             throw new DatabaseException(
165                                 "User is not permitted to alter user groups.");
166           }
167           if (lock_status != null) {
168             throw new DatabaseException(
169                            "User is not permitted to alter user lock status.");
170           }
171         }
172
173         Database db = context.getDatabase();
174         if (db.userExists(context, username)) {
175           if (password_str != null) {
176             db.alterUserPassword(context, username, password_str);
177           }
178           internalSetUserGroupsAndLock(context, username,
179                                        groups_list, lock_status);
180         }
181         else {
182           throw new DatabaseException("User '" + username + "' doesn't exist.");
183         }
184       }
185       
186     }
187     else if (command_type.equals("DROP USER")) {
188       Database db = context.getDatabase();
189       if (db.userExists(context, username)) {
190         // Delete the user
191 db.deleteUser(context, username);
192       }
193       else {
194         throw new DatabaseException("User '" + username + "' doesn't exist.");
195       }
196     }
197     else {
198       throw new DatabaseException("Unknown user manager command: " +
199                                   command_type);
200     }
201
202     return FunctionTable.resultTable(context, 0);
203   }
204
205   
206 }
207
208
Popular Tags