Java > Open Source Codes > org > blojsom > plugin > admin > EditBlogPermissionsPlugin


1 /**
2  * Copyright (c) 2003-2006, David A. Czarnecki
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions are met:
7  *
8  * Redistributions of source code must retain the above copyright notice, this list of conditions and the
9  * following disclaimer.
10  * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
11  * following disclaimer in the documentation and/or other materials provided with the distribution.
12  * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
13  * endorse or promote products derived from this software without specific prior written permission.
14  * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
15  * without prior written permission of David A. Czarnecki.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
18  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
19  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20  * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
21  * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30  */
31 package org.blojsom.plugin.admin;
32
33 import org.apache.commons.logging.Log;
34 import org.apache.commons.logging.LogFactory;
35 import org.blojsom.blog.Blog;
36 import org.blojsom.blog.Entry;
37 import org.blojsom.blog.User;
38 import org.blojsom.fetcher.Fetcher;
39 import org.blojsom.fetcher.FetcherException;
40 import org.blojsom.plugin.PluginException;
41 import org.blojsom.util.BlojsomConstants;
42 import org.blojsom.util.BlojsomUtils;
43
44 import javax.servlet.http.HttpServletRequest ;
45 import javax.servlet.http.HttpServletResponse ;
46 import java.util.Collections ;
47 import java.util.Iterator ;
48 import java.util.Map ;
49 import java.util.TreeMap ;
50
51 /**
52  * Edit Blog Permissions plugin handles the adding and deleting of permissions for users of a given blog.
53  *
54  * @author David Czarnecki
55  * @version $Id: EditBlogPermissionsPlugin.java,v 1.6 2006/07/12 16:32:43 czarneckid Exp $
56  * @since blojsom 3.0
57  */
58 public class EditBlogPermissionsPlugin extends BaseAdminPlugin {
59
60     private Log _logger = LogFactory.getLog(EditBlogPermissionsPlugin.class);
61
62     // Pages
63 private static final String EDIT_BLOG_PERMISSIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-permissions";
64
65     // Constants
66 private static final String BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP = "BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP";
67
68     // Localization constants
69 private static final String FAILED_PERMISSIONS_READ_KEY = "failed.read.permissions.text";
70     private static final String FAILED_EDIT_PERMISSIONS_KEY = "failed.edit.permissions.text";
71     private static final String PERMISSIONS_SAVED_KEY = "permissions.saved.text";
72     private static final String ERROR_SAVING_PERMISSIONS_KEY = "error.saving.permissions.text";
73     private static final String NO_PERMISSION_SPECIFIED_KEY = "no.permission.specified.text";
74     private static final String NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY = "no.blog.user.id.specified.permission.text";
75     private static final String PERMISSION_DELETED_KEY = "permission.deleted.text";
76
77     // Actions
78 private static final String ADD_BLOG_PERMISSION_ACTION = "add-blog-permission";
79     private static final String DELETE_BLOG_PERMISSION_ACTION = "delete-blog-permission";
80
81     // Form elements
82 private static final String BLOG_USER_ID = "blog-user-id";
83     private static final String BLOG_PERMISSION = "blog-permission";
84
85     // Permissions
86 private static final String EDIT_BLOG_PERMISSIONS_PERMISSION = "edit_blog_permissions_permission";
87
88     private Fetcher _fetcher;
89
90     /**
91      * Construct a new instance of the Edit Blog Permissions plugin
92      */
93     public EditBlogPermissionsPlugin() {
94     }
95
96     /**
97      * Set the {@link Fetcher}
98      *
99      * @param fetcher {@link Fetcher}
100      */
101     public void setFetcher(Fetcher fetcher) {
102         _fetcher = fetcher;
103     }
104
105     /**
106      * Read the permissions file for a given blog
107      *
108      * @param user User
109      * @return Permissions for the given blog
110      */
111     protected Map readPermissionsForUser(User user) {
112         Map permissions = new TreeMap ();
113         Iterator keyIterator = user.getMetaData().keySet().iterator();
114
115         while (keyIterator.hasNext()) {
116             String property = (String ) keyIterator.next();
117             if (property.endsWith(BlojsomConstants.PERMISSION_SUFFIX)) {
118                 permissions.put(property, user.getMetaData().get(property));
119             }
120         }
121
122         return permissions;
123     }
124
125     /**
126      * Add the permissions for the users in a blog to the context
127      *
128      * @param context Context
129      * @param blog {@link Blog}
130      */
131     protected void setupPermissionsInContext(Map context, Blog blog) {
132         User[] users = _fetcher.getUsers(blog);
133         TreeMap userIDs = new TreeMap ();
134         for (int i = 0; i < users.length; i++) {
135             User userFromBlog = users[i];
136             Map permissionsForUser = readPermissionsForUser(userFromBlog);
137
138             userIDs.put(userFromBlog.getUserLogin(), permissionsForUser);
139         }
140
141         context.put(BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP, Collections.unmodifiableMap(userIDs));
142     }
143
144     /**
145      * Process the blog entries
146      *
147      * @param httpServletRequest Request
148      * @param httpServletResponse Response
149      * @param blog {@link Blog} instance
150      * @param context Context
151      * @param entries Blog entries retrieved for the particular request
152      * @return Modified set of blog entries
153      * @throws PluginException If there is an error processing the blog entries
154      */
155     public Entry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Blog blog, Map context, Entry[] entries) throws PluginException {
156         if (!authenticateUser(httpServletRequest, httpServletResponse, context, blog)) {
157             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE);
158
159             return entries;
160         }
161
162         String username = getUsernameFromSession(httpServletRequest, blog);
163         if (!checkPermission(blog, null, username, EDIT_BLOG_PERMISSIONS_PERMISSION)) {
164             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
165             addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
166
167             return entries;
168         }
169
170         String action = BlojsomUtils.getRequestValue(ACTION_PARAM, httpServletRequest);
171         if (BlojsomUtils.checkNullOrBlank(action)) {
172             _logger.debug("User did not request edit permission action");
173             httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
174         } else if (PAGE_ACTION.equals(action)) {
175             _logger.debug("User requested edit blog permissions page");
176         } else if (ADD_BLOG_PERMISSION_ACTION.equals(action)) {
177             _logger.debug("User requested add permission action");
178
179             String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest);
180             if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
181                 String permissionToAdd = BlojsomUtils.getRequestValue(BLOG_PERMISSION, httpServletRequest);
182                 if (!BlojsomUtils.checkNullOrBlank(permissionToAdd) && (permissionToAdd.endsWith(BlojsomConstants.PERMISSION_SUFFIX))) {
183                     User user;
184                     try {
185                         user = _fetcher.loadUser(blog, blogUserID);
186                     } catch (FetcherException e) {
187                         if (_logger.isErrorEnabled()) {
188                             _logger.error(e);
189                         }
190
191                         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
192                         addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
193
194                         return entries;
195                     } catch (NumberFormatException e) {
196                         if (_logger.isErrorEnabled()) {
197                             _logger.error(e);
198                         }
199
200                         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
201                         addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
202
203                         return entries;
204                     }
205
206                     String [] permissions = BlojsomUtils.parseOnlyCommaList(permissionToAdd, true);
207                     for (int i = 0; i < permissions.length; i++) {
208                         String permission = permissions[i];
209                         if (permission.endsWith(BlojsomConstants.PERMISSION_SUFFIX)) {
210                             user.getMetaData().put(permission, Boolean.TRUE.toString());
211                         }
212                     }
213
214                     try {
215                         _fetcher.saveUser(blog, user);
216
217                         addOperationResultMessage(context, getAdminResource(PERMISSIONS_SAVED_KEY, PERMISSIONS_SAVED_KEY, blog.getBlogAdministrationLocale()));
218                     } catch (FetcherException e) {
219                         _logger.error(e);
220
221                         addOperationResultMessage(context, getAdminResource(ERROR_SAVING_PERMISSIONS_KEY, ERROR_SAVING_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
222                     }
223                 } else {
224                     addOperationResultMessage(context, getAdminResource(NO_PERMISSION_SPECIFIED_KEY, NO_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale()));
225                 }
226             } else {
227                 addOperationResultMessage(context, getAdminResource(NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale()));
228                 _logger.debug("No blog user id specified");
229             }
230         } else if (DELETE_BLOG_PERMISSION_ACTION.equals(action)) {
231             _logger.debug("User requested delete permission action");
232
233             String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest);
234             if (!BlojsomUtils.checkNullOrBlank(blogUserID)) {
235                 String permissionToDelete = BlojsomUtils.getRequestValue(BLOG_PERMISSION, httpServletRequest);
236                 if (!BlojsomUtils.checkNullOrBlank(permissionToDelete) && (permissionToDelete.endsWith(BlojsomConstants.PERMISSION_SUFFIX))) {
237                     User user;
238                     try {
239                         user = _fetcher.loadUser(blog, blogUserID);
240                     } catch (FetcherException e) {
241                         if (_logger.isErrorEnabled()) {
242                             _logger.error(e);
243                         }
244
245                         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
246                         addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
247
248                         return entries;
249                     } catch (NumberFormatException e) {
250                         if (_logger.isErrorEnabled()) {
251                             _logger.error(e);
252                         }
253
254                         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE);
255                         addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
256
257                         return entries;
258                     }
259
260                     user.getMetaData().remove(permissionToDelete);
261
262                     try {
263                         _fetcher.saveUser(blog, user);
264
265                         addOperationResultMessage(context, getAdminResource(PERMISSIONS_SAVED_KEY, PERMISSIONS_SAVED_KEY, blog.getBlogAdministrationLocale()));
266                     } catch (FetcherException e) {
267                         _logger.error(e);
268
269                         addOperationResultMessage(context, getAdminResource(ERROR_SAVING_PERMISSIONS_KEY, ERROR_SAVING_PERMISSIONS_KEY, blog.getBlogAdministrationLocale()));
270                     }
271                 } else {
272                     addOperationResultMessage(context, getAdminResource(NO_PERMISSION_SPECIFIED_KEY, NO_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale()));
273                 }
274             } else {
275                 addOperationResultMessage(context, getAdminResource(NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale()));
276                 _logger.debug("No blog user ID to delete from permissions");
277             }
278         }
279
280         setupPermissionsInContext(context, blog);
281         httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_PERMISSIONS_PAGE);
282
283         return entries;
284     }
285 }

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags