KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > blojsom > plugin > admin > EditBlogAuthorizationPlugin


1 /**
2  * Copyright (c) 2003-2006, David A. Czarnecki
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  * Redistributions of source code must retain the above copyright notice, this list of conditions and the
9  * following disclaimer.
10  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
11  * following disclaimer in the documentation and/or other materials provided with the distribution.
12  * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
13  * endorse or promote products derived from this software without specific prior written permission.
14  * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
15  * without prior written permission of David A. Czarnecki.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
18  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
19  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
21  * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */

31 package org.blojsom.plugin.admin;
32
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
35 import org.blojsom.blog.Blog;
36 import org.blojsom.blog.Entry;
37 import org.blojsom.blog.User;
38 import org.blojsom.blog.database.DatabaseUser;
39 import org.blojsom.event.EventBroadcaster;
40 import org.blojsom.fetcher.Fetcher;
41 import org.blojsom.fetcher.FetcherException;
42 import org.blojsom.plugin.PluginException;
43 import org.blojsom.plugin.admin.event.AuthorizationAddedEvent;
44 import org.blojsom.plugin.admin.event.AuthorizationDeletedEvent;
45 import org.blojsom.util.BlojsomConstants;
46 import org.blojsom.util.BlojsomUtils;
47
48 import javax.servlet.http.HttpServletRequest JavaDoc;
49 import javax.servlet.http.HttpServletResponse JavaDoc;
50 import java.util.Date JavaDoc;
51 import java.util.HashMap JavaDoc;
52 import java.util.Map JavaDoc;
53
54 /**
55  * EditBlogAuthorizationPlugin
56  *
57  * @author David Czarnecki
58  * @version $Id: EditBlogAuthorizationPlugin.java,v 1.9 2006/09/26 02:55:20 czarneckid Exp $
59  * @since blojsom 3.0
60  */

61 public class EditBlogAuthorizationPlugin extends BaseAdminPlugin {
62
63     private Log _logger = LogFactory.getLog(EditBlogAuthorizationPlugin.class);
64
65     // Localization constants
66
private static final String JavaDoc FAILED_AUTHORIZATION_PERMISSION_KEY = "failed.authorization.permission.text";
67     private static final String JavaDoc FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY = "failed.other.authorization.permission.text";
68     private static final String JavaDoc SUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "successful.authorization.update.key";
69     private static final String JavaDoc SUCCESSFUL_AUTHORIZATION_DELETE_KEY = "successful.authorization.delete.key";
70     private static final String JavaDoc UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY = "unsuccessful.authorization.update.key";
71     private static final String JavaDoc UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY = "unsuccessful.authorization.delete.key";
72     private static final String JavaDoc PASSWORD_CHECK_FAILED_KEY = "password.check.failed.text";
73     private static final String JavaDoc MISSING_PARAMETERS_KEY = "missing.parameters.text";
74     private static final String JavaDoc MISSING_BLOG_ID_KEY = "no.blog.id.delete.text";
75     private static final String JavaDoc USER_LOGIN_EXISTS_KEY = "user.login.exists.text";
76
77     // Pages
78
private static final String JavaDoc EDIT_BLOG_AUTHORIZATIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorizations";
79     private static final String JavaDoc EDIT_BLOG_AUTHORIZATION_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-authorization";
80
81     // Constants
82
private static final String JavaDoc BLOJSOM_PLUGIN_EDIT_BLOG_USERS = "BLOJSOM_PLUGIN_EDIT_BLOG_USERS";
83     private static final String JavaDoc BLOJSOM_PLUGIN_EDIT_BLOG_USER = "BLOJSOM_PLUGIN_EDIT_BLOG_USER";
84     private static final String JavaDoc NEW_USER_STATUS = "new";
85
86     // Actions
87
private static final String JavaDoc ADD_BLOG_AUTHORIZATION_ACTION = "add-blog-authorization";
88     private static final String JavaDoc MODIFY_BLOG_AUTHORIZATION_ACTION = "modify-blog-authorization";
89     private static final String JavaDoc DELETE_BLOG_AUTHORIZATION_ACTION = "delete-blog-authorization";
90     private static final String JavaDoc EDIT_BLOG_AUTHORIZATION = "edit-blog-authorization";
91
92     // Form elements
93
private static final String JavaDoc BLOG_USER_ID = "blog-user-id";
94     private static final String JavaDoc BLOG_LOGIN_ID = "blog-login-id";
95     private static final String JavaDoc BLOG_USER_NAME = "blog-user-name";
96     private static final String JavaDoc BLOG_USER_PASSWORD = "blog-user-password";
97     private static final String JavaDoc BLOG_USER_PASSWORD_CHECK = "blog-user-password-check";
98     private static final String JavaDoc BLOG_USER_EMAIL = "blog-user-email";
99     private static final String JavaDoc BLOG_PERMISSIONS = "blog-permissions";
100
101     // Permissions
102
private static final String JavaDoc ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION = "add_blog_authorization_permissions_permission";
103     private static final String JavaDoc EDIT_BLOG_AUTHORIZATION_PERMISSION = "edit_blog_authorization_permission";
104     private static final String JavaDoc EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION = "edit_other_users_authorization_permission";
105
106     private Fetcher _fetcher;
107     private EventBroadcaster _eventBroadcaster;
108
109     /**
110      * Default constructor
111      */

112     public EditBlogAuthorizationPlugin() {
113     }
114
115     /**
116      * Set the {@link Fetcher}
117      *
118      * @param fetcher {@link Fetcher}
119      */

120     public void setFetcher(Fetcher fetcher) {
121         _fetcher = fetcher;
122     }
123
124     /**
125      * Set the {@link EventBroadcaster}
126      *
127      * @param eventBroadcaster {@link EventBroadcaster}
128      */

129     public void setEventBroadcaster(EventBroadcaster eventBroadcaster) {
130         _eventBroadcaster = eventBroadcaster;
131     }
132
133     /**
134      * Process the blog entries
135      *
136      * @param httpServletRequest Request
137      * @param httpServletResponse Response
138      * @param blog {@link Blog} instance
139      * @param context Context
140      * @param entries Blog entries retrieved for the particular request
141      * @return Modified set of blog entries
142      * @throws PluginException If there is an error processing the blog entries
143      */

144     public Entry[] process(HttpServletRequest JavaDoc httpServletRequest, HttpServletResponse JavaDoc httpServletResponse, Blog blog, Map JavaDoc context, Entry[] entries) throws PluginException {
145         if (!authenticateUser(httpServletRequest, httpServletResponse, context, blog)) {
146             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE);
147
148             return entries;
149         }
150
151         String JavaDoc username = getUsernameFromSession(httpServletRequest, blog);
152         if (!checkPermission(blog, null, username, EDIT_BLOG_AUTHORIZATION_PERMISSION)) {
153             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
154             addOperationResultMessage(context, getAdminResource(FAILED_AUTHORIZATION_PERMISSION_KEY, FAILED_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale()));
155
156             return entries;
157         }
158
159         String JavaDoc action = BlojsomUtils.getRequestValue(ACTION_PARAM, httpServletRequest);
160         if (BlojsomUtils.checkNullOrBlank(action)) {
161             _logger.debug("User did not request edit authorization action");
162             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
163         } else if (PAGE_ACTION.equals(action)) {
164             _logger.debug("User requested edit blog authorization page");
165
166             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
167         } else if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) || MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action)) {
168             if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) {
169                 _logger.debug("User requested add authorization action");
170             } else {
171                 _logger.debug("User requested modify authorization action");
172             }
173
174             String JavaDoc blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest);
175             String JavaDoc blogLoginID = BlojsomUtils.getRequestValue(BLOG_LOGIN_ID, httpServletRequest);
176             String JavaDoc blogUserName = BlojsomUtils.getRequestValue(BLOG_USER_NAME, httpServletRequest);
177             String JavaDoc blogUserPassword = BlojsomUtils.getRequestValue(BLOG_USER_PASSWORD, httpServletRequest);
178             String JavaDoc blogUserPasswordCheck = BlojsomUtils.getRequestValue(BLOG_USER_PASSWORD_CHECK, httpServletRequest);
179             String JavaDoc blogUserEmail = BlojsomUtils.getRequestValue(BLOG_USER_EMAIL, httpServletRequest);
180             String JavaDoc blogUserPermissions = BlojsomUtils.getRequestValue(BLOG_PERMISSIONS, httpServletRequest);
181
182             if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
183                 if (BlojsomUtils.checkNullOrBlank(blogUserEmail)) {
184                     blogUserEmail = "";
185                 }
186
187                 if (!checkPermission(blog, null, username, EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION)) {
188                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
189                     addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale()));
190
191                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
192
193                     return entries;
194                 }
195
196                 boolean modifyingPassword = true;
197
198                 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) && (BlojsomUtils.checkNullOrBlank(blogUserPassword) || BlojsomUtils.checkNullOrBlank(blogUserPasswordCheck)))
199                 {
200                     addOperationResultMessage(context, getAdminResource(MISSING_PARAMETERS_KEY, MISSING_PARAMETERS_KEY, blog.getBlogAdministrationLocale()));
201                     _logger.debug("Missing parameters from the request to complete add/modify authorization action");
202
203                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
204                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
205
206                     return entries;
207                 } else if (MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action) && BlojsomUtils.checkNullOrBlank(blogUserPassword) && BlojsomUtils.checkNullOrBlank(blogUserPasswordCheck)) {
208                     modifyingPassword = false;
209                 } else if (MODIFY_BLOG_AUTHORIZATION_ACTION.equals(action) && !blogUserPassword.equals(blogUserPasswordCheck)) {
210                     addOperationResultMessage(context, getAdminResource(PASSWORD_CHECK_FAILED_KEY, PASSWORD_CHECK_FAILED_KEY, blog.getBlogAdministrationLocale()));
211                     _logger.debug("Password and password check not equal for add/modify authorization action");
212
213                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
214                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
215
216                     return entries;
217                 }
218
219                 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action) && (!blogUserPassword.equals(blogUserPasswordCheck))) {
220                     addOperationResultMessage(context, getAdminResource(PASSWORD_CHECK_FAILED_KEY, PASSWORD_CHECK_FAILED_KEY, blog.getBlogAdministrationLocale()));
221                     _logger.debug("Password and password check not equal for add/modify authorization action");
222
223                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
224                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
225
226                     return entries;
227                 }
228
229                 if (blog.getUseEncryptedPasswords().booleanValue()) {
230                     blogUserPassword = BlojsomUtils.digestString(blogUserPassword, blog.getDigestAlgorithm());
231                 }
232
233                 String JavaDoc[] permissions = null;
234                 if (!BlojsomUtils.checkNullOrBlank(blogUserPermissions)) {
235                     permissions = BlojsomUtils.parseOnlyCommaList(blogUserPermissions, true);
236                 }
237
238                 User user = null;
239                 if (ADD_BLOG_AUTHORIZATION_ACTION.equals(action)) {
240                     try {
241                         _fetcher.loadUser(blog, blogLoginID);
242
243                         addOperationResultMessage(context, formatAdminResource(USER_LOGIN_EXISTS_KEY, USER_LOGIN_EXISTS_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{blogLoginID}));
244                         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
245                         context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
246
247                         return entries;
248                     } catch (FetcherException e) {
249                     }
250
251                     user = new DatabaseUser();
252                     user.setBlogId(blog.getId());
253                     user.setUserEmail(blogUserEmail);
254                     user.setUserLogin(blogLoginID);
255                     user.setUserName(blogUserName);
256                     user.setUserPassword(blogUserPassword);
257                     user.setUserRegistered(new Date JavaDoc());
258                     user.setUserStatus(NEW_USER_STATUS);
259                     if (permissions != null) {
260                         Map JavaDoc userMetaData = new HashMap JavaDoc();
261                         for (int i = 0; i < permissions.length; i++) {
262                             String JavaDoc permission = permissions[i];
263                             if (permission.endsWith(BlojsomConstants.PERMISSION_SUFFIX) && checkPermission(blog, null, username, ADD_BLOG_AUTHORIZATION_PERMISSIONS_PERMISSION))
264                             {
265                                 userMetaData.put(permission, Boolean.TRUE.toString());
266                             }
267                         }
268
269                         user.setMetaData(userMetaData);
270                     }
271                 } else {
272                     try {
273                         user = _fetcher.loadUser(blog, Integer.valueOf(blogUserID));
274                         user.setUserEmail(blogUserEmail);
275                         if (modifyingPassword) {
276                             user.setUserPassword(blogUserPassword);
277                         }
278
279                         user.setUserName(blogUserName);
280                     } catch (FetcherException e) {
281                         if (_logger.isErrorEnabled()) {
282                             _logger.error(e);
283                         }
284                     }
285                 }
286
287                 try {
288                     _fetcher.saveUser(blog, user);
289
290                     addOperationResultMessage(context, formatAdminResource(SUCCESSFUL_AUTHORIZATION_UPDATE_KEY, SUCCESSFUL_AUTHORIZATION_UPDATE_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{user.getUserLogin()}));
291                     _eventBroadcaster.processEvent(new AuthorizationAddedEvent(this, new Date JavaDoc(), httpServletRequest, httpServletResponse, blog, context, user.getId()));
292                 } catch (FetcherException e) {
293                     if (_logger.isErrorEnabled()) {
294                         _logger.error(e);
295                     }
296
297                     addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY, UNSUCCESSFUL_AUTHORIZATION_UPDATE_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{blogLoginID}));
298                 }
299             } else {
300                 addOperationResultMessage(context, getAdminResource(MISSING_PARAMETERS_KEY, MISSING_PARAMETERS_KEY, blog.getBlogAdministrationLocale()));
301                 _logger.debug("Missing parameters from the request to complete add/modify authorization action");
302             }
303
304             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
305         } else if (DELETE_BLOG_AUTHORIZATION_ACTION.equals(action)) {
306             _logger.debug("User requested delete authorization action");
307
308             // Load the current authorized user's ID for checking against the incoming blog user ID
309
String JavaDoc authorizedUserID;
310             try {
311                 User currentAuthorizedUser = _fetcher.loadUser(blog, username);
312                 authorizedUserID = currentAuthorizedUser.getId().toString();
313
314                 if (_logger.isDebugEnabled()) {
315                     _logger.debug("Edit blog authorization authenticated user ID: " + authorizedUserID);
316                 }
317             } catch (FetcherException e) {
318                 if (_logger.isErrorEnabled()) {
319                     _logger.error(e);
320                 }
321
322                 addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale()));
323                 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
324
325                 return entries;
326             }
327
328             String JavaDoc blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest);
329             if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
330                 if ((authorizedUserID.equals(blogUserID)) || !checkPermission(blog, null, username, EDIT_OTHER_USERS_AUTHORIZATION_PERMISSION))
331                 {
332                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
333                     addOperationResultMessage(context, getAdminResource(FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, FAILED_OTHER_AUTHORIZATION_PERMISSION_KEY, blog.getBlogAdministrationLocale()));
334                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
335
336                     return entries;
337                 }
338
339                 try {
340                     Integer JavaDoc userID = Integer.valueOf(blogUserID);
341                     try {
342                         User user = _fetcher.loadUser(blog, userID);
343                         _fetcher.deleteUser(blog, userID);
344
345                         if (_logger.isDebugEnabled()) {
346                             _logger.debug("Removed user: " + blogUserID + " from blog: " + blog.getBlogId());
347                         }
348
349                         addOperationResultMessage(context, formatAdminResource(SUCCESSFUL_AUTHORIZATION_DELETE_KEY, SUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{user.getUserLogin()}));
350                         _eventBroadcaster.processEvent(new AuthorizationDeletedEvent(this, new Date JavaDoc(), httpServletRequest, httpServletResponse, blog, context, userID));
351                     } catch (FetcherException e) {
352                         addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{blogUserID}));
353
354                         if (_logger.isErrorEnabled()) {
355                             _logger.error(e);
356                         }
357                     }
358                 } catch (NumberFormatException JavaDoc e) {
359                     if (_logger.isErrorEnabled()) {
360                         _logger.error(e);
361                     }
362
363                     addOperationResultMessage(context, formatAdminResource(UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, UNSUCCESSFUL_AUTHORIZATION_DELETE_KEY, blog.getBlogAdministrationLocale(), new Object JavaDoc[]{blogUserID}));
364                 }
365             } else {
366                 addOperationResultMessage(context, getAdminResource(MISSING_BLOG_ID_KEY, MISSING_BLOG_ID_KEY, blog.getBlogAdministrationLocale()));
367                 _logger.debug("No blog user id to delete from authorization");
368             }
369
370             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
371         } else if (EDIT_BLOG_AUTHORIZATION.equals(action)) {
372             _logger.debug("User requested edit authorization action");
373
374             String JavaDoc userID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest);
375             if (!BlojsomUtils.checkNullOrBlank(userID)) {
376                 try {
377                     User user = _fetcher.loadUser(blog, Integer.valueOf(userID));
378
379                     context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USER, user);
380                     httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATION_PAGE);
381                 } catch (FetcherException e) {
382                     if (_logger.isErrorEnabled()) {
383                         _logger.error(e);
384                     }
385                 }
386             } else {
387                 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_AUTHORIZATIONS_PAGE);
388             }
389         }
390
391         context.put(BLOJSOM_PLUGIN_EDIT_BLOG_USERS, _fetcher.getUsers(blog));
392
393         return entries;
394     }
395 }
396
Popular Tags