1 31 package org.blojsom.plugin.admin; 32 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 import org.blojsom.blog.Blog; 36 import org.blojsom.blog.Entry; 37 import org.blojsom.blog.User; 38 import org.blojsom.blog.database.DatabaseUser; 39 import org.blojsom.event.EventBroadcaster; 40 import org.blojsom.fetcher.Fetcher; 41 import org.blojsom.fetcher.FetcherException; 42 import org.blojsom.plugin.PluginException; 43 import org.blojsom.plugin.admin.event.AuthorizationAddedEvent; 44 import org.blojsom.plugin.admin.event.AuthorizationDeletedEvent; 45 import org.blojsom.util.BlojsomConstants; 46 import org.blojsom.util.BlojsomUtils; 47 48 import javax.servlet.http.HttpServletRequest ; 49 import javax.servlet.http.HttpServletResponse ; 50 import java.util.Date ; 51 import java.util.HashMap ; 52 import java.util.Map ; 53 54 61 public class EditBlogAuthorizationPlugin extends BaseAdminPlugin { 62 63 private Log _logger = LogFactory.getLog(EditBlogAuthorizationPlugin.class); 64 65 private static final String FAILED_AUTHORIZATION_PERMISSION_KEY = "failed.authorization.permission.text"; 67 private static final String FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY = "failed.other.authorization.permission.text"; 68 private static final String SUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "successful.authorization.update.key"; 69 private static final String SUCCESSFUL_AUTHORIZATION_DELETE_KEY = "successful.authorization.delete.key"; 70 private static final String UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "unsuccessful.authorization.update.key"; 71 private static final String UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY = "unsuccessful.authorization.delete.key"; 72 private static final String PASSWORD_CHECK_FAILED_KEY = "password.check.failed.text"; 73 private static final String MISSING_PARAMETERS_KEY = "missing.parameters.text"; 74 private static final String MISSING_BLOG_ID_KEY = "no.blog.id.delete.text"; 75 private static final String USER_LOGIN_EXISTS_KEY = "user.login.exists.text"; 76 77 private static final String EDIT_BLOG_AUTHORIZATIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorizations"; 79 private static final String EDIT_BLOG_AUTHORIZATION_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorization"; 80 81 private static final String BLOJSOM_PLUGIN_EDIT_BLOG_USERS = "BLOJSOM_PLUGIN_EDIT_BLOG_USERS"; 83 private static final String BLOJSOM_PLUGIN_EDIT_BLOG_USER = "BLOJSOM_PLUGIN_EDIT_BLOG_USER"; 84 private static final String NEW_USER_STATUS = "new"; 85 86 private static final String ADD_BLOG_AUTHORIZATION_ACTION = "add-blog-authorization"; 88 private static final String MODIFY_BLOG_AUTHORIZATION_ACTION = "modify-blog-authorization"; 89 private static final String DELETE_BLOG_AUTHORIZATION_ACTION = "delete-blog-authorization"; 90 private static final String EDIT_BLOG_AUTHORIZATION = "edit-blog-authorization"; 91 92 private static final String BLOG_USER_ID = "blog-user-id"; 94 private static final String BLOG_LOGIN_ID = "blog-login-id"; 95 private static final String BLOG_USER_NAME = "blog-user-name"; 96 private static final String BLOG_USER_PASSWORD = "blog-user-password"; 97 private static final String BLOG_USER_PASSWORD_CHECK = "blog-user-password-check"; 98 private static final String BLOG_USER_EMAIL = "blog-user-email"; 99 private static final String BLOG_PERMISSIONS = "blog-permissions"; 100 101 private static final String ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION = "add_blog_authorization_permissions_permission"; 103 private static final String EDIT_BLOG_AUTHORIZATION_PERMISSION = "edit_blog_authorization_permission"; 104 private static final String EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION = "edit_other_users_authorization_permission"; 105 106 private Fetcher _fetcher; 107 private EventBroadcaster _eventBroadcaster; 108 109 112 public EditBlogAuthorizationPlugin() { 113 } 114 115 120 public void setFetcher(Fetcher fetcher) { 121 _fetcher = fetcher; 122 } 123 124 129 public void setEventBroadcaster(EventBroadcaster eventBroadcaster) { 130 _eventBroadcaster = eventBroadcaster; 131 } 132 133 144 public Entry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Blog blog, Map context, Entry[] entries) throws PluginException { 145 if (!authenticateUser(httpServletRequest, httpServletResponse, context, blog)) { 146 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE); 147 148 return entries; 149 } 150 151 String username = getUsernameFromSession(httpServletRequest, blog); 152 if (!checkPermission(blog, null, username, EDIT_BLOG_AUTHORIZATION_PERMISSION)) { 153 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 154 addOperationResultMessage(context, getAdminResource(FAILED_AUTHORIZATION_PERMISSION_KEY, FAILED_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale())); 155 156 return entries; 157 } 158 159 String action = BlojsomUtils.getRequestValue(ACTION_PARAM, httpServletRequest); 160 if (BlojsomUtils.checkNullOrBlank(action)) { 161 _logger.debug("User did not request edit authorization action"); 162 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 163 } else if (PAGE_ACTION.equals(action)) { 164 _logger.debug("User requested edit blog authorization page"); 165 166 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 167 } else if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) || MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action)) { 168 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) { 169 _logger.debug("User requested add authorization action"); 170 } else { 171 _logger.debug("User requested modify authorization action"); 172 } 173 174 String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest); 175 String blogLoginID = BlojsomUtils.getRequestValue(BLOG_LOGIN_ID, httpServletRequest); 176 String blogUserName = BlojsomUtils.getRequestValue(BLOG_USER_NAME, httpServletRequest); 177 String blogUserPassword = BlojsomUtils.getRequestValue(BLOG_USER_PASSWORD, httpServletRequest); 178 String blogUserPasswordCheck = BlojsomUtils.getRequestValue(BLOG_USER_PASSWORD_CHECK, httpServletRequest); 179 String blogUserEmail = BlojsomUtils.getRequestValue(BLOG_USER_EMAIL, httpServletRequest); 180 String blogUserPermissions = BlojsomUtils.getRequestValue(BLOG_PERMISSIONS, httpServletRequest); 181 182 if (!BlojsomUtils.checkNullOrBlank(blogUserID)) { 183 if (BlojsomUtils.checkNullOrBlank(blogUserEmail)) { 184 blogUserEmail = ""; 185 } 186 187 if (!checkPermission(blog, null, username, EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION)) { 188 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 189 addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale())); 190 191 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 192 193 return entries; 194 } 195 196 boolean modifyingPassword = true; 197 198 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) && (BlojsomUtils.checkNullOrBlank(blogUserPassword) || BlojsomUtils.checkNullOrBlank(blogUserPasswordCheck))) 199 { 200 addOperationResultMessage(context, getAdminResource(MISSING_PARAMETERS_KEY, MISSING_PARAMETERS_KEY, blog.getBlogAdministrationLocale())); 201 _logger.debug("Missing parameters from the request to complete add/modify authorization action"); 202 203 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 204 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 205 206 return entries; 207 } else if (MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action) && BlojsomUtils.checkNullOrBlank(blogUserPassword) && BlojsomUtils.checkNullOrBlank(blogUserPasswordCheck)) { 208 modifyingPassword = false; 209 } else if (MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action) && !blogUserPassword.equals(blogUserPasswordCheck)) { 210 addOperationResultMessage(context, getAdminResource(PASSWORD_CHECK_FAILED_KEY, PASSWORD_CHECK_FAILED_KEY, blog.getBlogAdministrationLocale())); 211 _logger.debug("Password and password check not equal for add/modify authorization action"); 212 213 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 214 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 215 216 return entries; 217 } 218 219 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) && (!blogUserPassword.equals(blogUserPasswordCheck))) { 220 addOperationResultMessage(context, getAdminResource(PASSWORD_CHECK_FAILED_KEY, PASSWORD_CHECK_FAILED_KEY, blog.getBlogAdministrationLocale())); 221 _logger.debug("Password and password check not equal for add/modify authorization action"); 222 223 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 224 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 225 226 return entries; 227 } 228 229 if (blog.getUseEncryptedPasswords().booleanValue()) { 230 blogUserPassword = BlojsomUtils.digestString(blogUserPassword, blog.getDigestAlgorithm()); 231 } 232 233 String [] permissions = null; 234 if (!BlojsomUtils.checkNullOrBlank(blogUserPermissions)) { 235 permissions = BlojsomUtils.parseOnlyCommaList(blogUserPermissions, true); 236 } 237 238 User user = null; 239 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) { 240 try { 241 _fetcher.loadUser(blog, blogLoginID); 242 243 addOperationResultMessage(context, formatAdminResource(USER_LOGIN_EXISTS_KEY, USER_LOGIN_EXISTS_KEY, blog.getBlogAdministrationLocale(), new Object []{blogLoginID})); 244 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 245 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 246 247 return entries; 248 } catch (FetcherException e) { 249 } 250 251 user = new DatabaseUser(); 252 user.setBlogId(blog.getId()); 253 user.setUserEmail(blogUserEmail); 254 user.setUserLogin(blogLoginID); 255 user.setUserName(blogUserName); 256 user.setUserPassword(blogUserPassword); 257 user.setUserRegistered(new Date ()); 258 user.setUserStatus(NEW_USER_STATUS); 259 if (permissions != null) { 260 Map userMetaData = new HashMap (); 261 for (int i = 0; i < permissions.length; i++) { 262 String permission = permissions[i]; 263 if (permission.endsWith(BlojsomConstants.PERMISSION_SUFFIX) && checkPermission(blog, null, username, ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION)) 264 { 265 userMetaData.put(permission, Boolean.TRUE.toString()); 266 } 267 } 268 269 user.setMetaData(userMetaData); 270 } 271 } else { 272 try { 273 user = _fetcher.loadUser(blog, Integer.valueOf(blogUserID)); 274 user.setUserEmail(blogUserEmail); 275 if (modifyingPassword) { 276 user.setUserPassword(blogUserPassword); 277 } 278 279 user.setUserName(blogUserName); 280 } catch (FetcherException e) { 281 if (_logger.isErrorEnabled()) { 282 _logger.error(e); 283 } 284 } 285 } 286 287 try { 288 _fetcher.saveUser(blog, user); 289 290 addOperationResultMessage(context, formatAdminResource(SUCCESSFUL_AUTHORIZATION_UPDATE_KEY, SUCCESSFUL_AUTHORIZATION_UPDATE_KEY, blog.getBlogAdministrationLocale(), new Object []{user.getUserLogin()})); 291 _eventBroadcaster.processEvent(new AuthorizationAddedEvent(this, new Date (), httpServletRequest, httpServletResponse, blog, context, user.getId())); 292 } catch (FetcherException e) { 293 if (_logger.isErrorEnabled()) { 294 _logger.error(e); 295 } 296 297 addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY, UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY, blog.getBlogAdministrationLocale(), new Object []{blogLoginID})); 298 } 299 } else { 300 addOperationResultMessage(context, getAdminResource(MISSING_PARAMETERS_KEY, MISSING_PARAMETERS_KEY, blog.getBlogAdministrationLocale())); 301 _logger.debug("Missing parameters from the request to complete add/modify authorization action"); 302 } 303 304 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 305 } else if (DELETE_BLOG_AUTHORIZATION_ACTION.equals(action)) { 306 _logger.debug("User requested delete authorization action"); 307 308 String authorizedUserID; 310 try { 311 User currentAuthorizedUser = _fetcher.loadUser(blog, username); 312 authorizedUserID = currentAuthorizedUser.getId().toString(); 313 314 if (_logger.isDebugEnabled()) { 315 _logger.debug("Edit blog authorization authenticated user ID: " + authorizedUserID); 316 } 317 } catch (FetcherException e) { 318 if (_logger.isErrorEnabled()) { 319 _logger.error(e); 320 } 321 322 addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale())); 323 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 324 325 return entries; 326 } 327 328 String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest); 329 if (!BlojsomUtils.checkNullOrBlank(blogUserID)) { 330 if ((authorizedUserID.equals(blogUserID)) || !checkPermission(blog, null, username, EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION)) 331 { 332 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 333 addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale())); 334 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 335 336 return entries; 337 } 338 339 try { 340 Integer userID = Integer.valueOf(blogUserID); 341 try { 342 User user = _fetcher.loadUser(blog, userID); 343 _fetcher.deleteUser(blog, userID); 344 345 if (_logger.isDebugEnabled()) { 346 _logger.debug("Removed user: " + blogUserID + " from blog: " + blog.getBlogId()); 347 } 348 349 addOperationResultMessage(context, formatAdminResource(SUCCESSFUL_AUTHORIZATION_DELETE_KEY, SUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object []{user.getUserLogin()})); 350 _eventBroadcaster.processEvent(new AuthorizationDeletedEvent(this, new Date (), httpServletRequest, httpServletResponse, blog, context, userID)); 351 } catch (FetcherException e) { 352 addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object []{blogUserID})); 353 354 if (_logger.isErrorEnabled()) { 355 _logger.error(e); 356 } 357 } 358 } catch (NumberFormatException e) { 359 if (_logger.isErrorEnabled()) { 360 _logger.error(e); 361 } 362 363 addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object []{blogUserID})); 364 } 365 } else { 366 addOperationResultMessage(context, getAdminResource(MISSING_BLOG_ID_KEY, MISSING_BLOG_ID_KEY, blog.getBlogAdministrationLocale())); 367 _logger.debug("No blog user id to delete from authorization"); 368 } 369 370 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 371 } else if (EDIT_BLOG_AUTHORIZATION.equals(action)) { 372 _logger.debug("User requested edit authorization action"); 373 374 String userID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest); 375 if (!BlojsomUtils.checkNullOrBlank(userID)) { 376 try { 377 User user = _fetcher.loadUser(blog, Integer.valueOf(userID)); 378 379 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USER, user); 380 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATION_PAGE); 381 } catch (FetcherException e) { 382 if (_logger.isErrorEnabled()) { 383 _logger.error(e); 384 } 385 } 386 } else { 387 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE); 388 } 389 } 390 391 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog)); 392 393 return entries; 394 } 395 } 396 | Popular Tags |