1 31 package org.blojsom.plugin.admin; 32 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 import org.blojsom.blog.Blog; 36 import org.blojsom.blog.Entry; 37 import org.blojsom.blog.User; 38 import org.blojsom.fetcher.Fetcher; 39 import org.blojsom.fetcher.FetcherException; 40 import org.blojsom.plugin.PluginException; 41 import org.blojsom.util.BlojsomConstants; 42 import org.blojsom.util.BlojsomUtils; 43 44 import javax.servlet.http.HttpServletRequest ; 45 import javax.servlet.http.HttpServletResponse ; 46 import java.util.Collections ; 47 import java.util.Iterator ; 48 import java.util.Map ; 49 import java.util.TreeMap ; 50 51 58 public class EditBlogPermissionsPlugin extends BaseAdminPlugin { 59 60 private Log _logger = LogFactory.getLog(EditBlogPermissionsPlugin.class); 61 62 private static final String EDIT_BLOG_PERMISSIONS_PAGE = "/org/blojsom/plugin/admin/templates/admin-edit-blog-permissions"; 64 65 private static final String BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP = "BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP"; 67 68 private static final String FAILED_PERMISSIONS_READ_KEY = "failed.read.permissions.text"; 70 private static final String FAILED_EDIT_PERMISSIONS_KEY = "failed.edit.permissions.text"; 71 private static final String PERMISSIONS_SAVED_KEY = "permissions.saved.text"; 72 private static final String ERROR_SAVING_PERMISSIONS_KEY = "error.saving.permissions.text"; 73 private static final String NO_PERMISSION_SPECIFIED_KEY = "no.permission.specified.text"; 74 private static final String NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY = "no.blog.user.id.specified.permission.text"; 75 private static final String PERMISSION_DELETED_KEY = "permission.deleted.text"; 76 77 private static final String ADD_BLOG_PERMISSION_ACTION = "add-blog-permission"; 79 private static final String DELETE_BLOG_PERMISSION_ACTION = "delete-blog-permission"; 80 81 private static final String BLOG_USER_ID = "blog-user-id"; 83 private static final String BLOG_PERMISSION = "blog-permission"; 84 85 private static final String EDIT_BLOG_PERMISSIONS_PERMISSION = "edit_blog_permissions_permission"; 87 88 private Fetcher _fetcher; 89 90 93 public EditBlogPermissionsPlugin() { 94 } 95 96 101 public void setFetcher(Fetcher fetcher) { 102 _fetcher = fetcher; 103 } 104 105 111 protected Map readPermissionsForUser(User user) { 112 Map permissions = new TreeMap (); 113 Iterator keyIterator = user.getMetaData().keySet().iterator(); 114 115 while (keyIterator.hasNext()) { 116 String property = (String ) keyIterator.next(); 117 if (property.endsWith(BlojsomConstants.PERMISSION_SUFFIX)) { 118 permissions.put(property, user.getMetaData().get(property)); 119 } 120 } 121 122 return permissions; 123 } 124 125 131 protected void setupPermissionsInContext(Map context, Blog blog) { 132 User[] users = _fetcher.getUsers(blog); 133 TreeMap userIDs = new TreeMap (); 134 for (int i = 0; i < users.length; i++) { 135 User userFromBlog = users[i]; 136 Map permissionsForUser = readPermissionsForUser(userFromBlog); 137 138 userIDs.put(userFromBlog.getUserLogin(), permissionsForUser); 139 } 140 141 context.put(BLOJSOM_PLUGIN_EDIT_BLOG_PERMISSIONS_USER_MAP, Collections.unmodifiableMap(userIDs)); 142 } 143 144 155 public Entry[] process(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Blog blog, Map context, Entry[] entries) throws PluginException { 156 if (!authenticateUser(httpServletRequest, httpServletResponse, context, blog)) { 157 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_LOGIN_PAGE); 158 159 return entries; 160 } 161 162 String username = getUsernameFromSession(httpServletRequest, blog); 163 if (!checkPermission(blog, null, username, EDIT_BLOG_PERMISSIONS_PERMISSION)) { 164 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 165 addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 166 167 return entries; 168 } 169 170 String action = BlojsomUtils.getRequestValue(ACTION_PARAM, httpServletRequest); 171 if (BlojsomUtils.checkNullOrBlank(action)) { 172 _logger.debug("User did not request edit permission action"); 173 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 174 } else if (PAGE_ACTION.equals(action)) { 175 _logger.debug("User requested edit blog permissions page"); 176 } else if (ADD_BLOG_PERMISSION_ACTION.equals(action)) { 177 _logger.debug("User requested add permission action"); 178 179 String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest); 180 if (!BlojsomUtils.checkNullOrBlank(blogUserID)) { 181 String permissionToAdd = BlojsomUtils.getRequestValue(BLOG_PERMISSION, httpServletRequest); 182 if (!BlojsomUtils.checkNullOrBlank(permissionToAdd) && (permissionToAdd.endsWith(BlojsomConstants.PERMISSION_SUFFIX))) { 183 User user; 184 try { 185 user = _fetcher.loadUser(blog, blogUserID); 186 } catch (FetcherException e) { 187 if (_logger.isErrorEnabled()) { 188 _logger.error(e); 189 } 190 191 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 192 addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 193 194 return entries; 195 } catch (NumberFormatException e) { 196 if (_logger.isErrorEnabled()) { 197 _logger.error(e); 198 } 199 200 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 201 addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 202 203 return entries; 204 } 205 206 String [] permissions = BlojsomUtils.parseOnlyCommaList(permissionToAdd, true); 207 for (int i = 0; i < permissions.length; i++) { 208 String permission = permissions[i]; 209 if (permission.endsWith(BlojsomConstants.PERMISSION_SUFFIX)) { 210 user.getMetaData().put(permission, Boolean.TRUE.toString()); 211 } 212 } 213 214 try { 215 _fetcher.saveUser(blog, user); 216 217 addOperationResultMessage(context, getAdminResource(PERMISSIONS_SAVED_KEY, PERMISSIONS_SAVED_KEY, blog.getBlogAdministrationLocale())); 218 } catch (FetcherException e) { 219 _logger.error(e); 220 221 addOperationResultMessage(context, getAdminResource(ERROR_SAVING_PERMISSIONS_KEY, ERROR_SAVING_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 222 } 223 } else { 224 addOperationResultMessage(context, getAdminResource(NO_PERMISSION_SPECIFIED_KEY, NO_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale())); 225 } 226 } else { 227 addOperationResultMessage(context, getAdminResource(NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale())); 228 _logger.debug("No blog user id specified"); 229 } 230 } else if (DELETE_BLOG_PERMISSION_ACTION.equals(action)) { 231 _logger.debug("User requested delete permission action"); 232 233 String blogUserID = BlojsomUtils.getRequestValue(BLOG_USER_ID, httpServletRequest); 234 if (!BlojsomUtils.checkNullOrBlank(blogUserID)) { 235 String permissionToDelete = BlojsomUtils.getRequestValue(BLOG_PERMISSION, httpServletRequest); 236 if (!BlojsomUtils.checkNullOrBlank(permissionToDelete) && (permissionToDelete.endsWith(BlojsomConstants.PERMISSION_SUFFIX))) { 237 User user; 238 try { 239 user = _fetcher.loadUser(blog, blogUserID); 240 } catch (FetcherException e) { 241 if (_logger.isErrorEnabled()) { 242 _logger.error(e); 243 } 244 245 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 246 addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 247 248 return entries; 249 } catch (NumberFormatException e) { 250 if (_logger.isErrorEnabled()) { 251 _logger.error(e); 252 } 253 254 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, ADMIN_ADMINISTRATION_PAGE); 255 addOperationResultMessage(context, getAdminResource(FAILED_EDIT_PERMISSIONS_KEY, FAILED_EDIT_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 256 257 return entries; 258 } 259 260 user.getMetaData().remove(permissionToDelete); 261 262 try { 263 _fetcher.saveUser(blog, user); 264 265 addOperationResultMessage(context, getAdminResource(PERMISSIONS_SAVED_KEY, PERMISSIONS_SAVED_KEY, blog.getBlogAdministrationLocale())); 266 } catch (FetcherException e) { 267 _logger.error(e); 268 269 addOperationResultMessage(context, getAdminResource(ERROR_SAVING_PERMISSIONS_KEY, ERROR_SAVING_PERMISSIONS_KEY, blog.getBlogAdministrationLocale())); 270 } 271 } else { 272 addOperationResultMessage(context, getAdminResource(NO_PERMISSION_SPECIFIED_KEY, NO_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale())); 273 } 274 } else { 275 addOperationResultMessage(context, getAdminResource(NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, NO_BLOG_USER_ID_PERMISSION_SPECIFIED_KEY, blog.getBlogAdministrationLocale())); 276 _logger.debug("No blog user ID to delete from permissions"); 277 } 278 } 279 280 setupPermissionsInContext(context, blog); 281 httpServletRequest.setAttribute(BlojsomConstants.PAGE_PARAM, EDIT_BLOG_PERMISSIONS_PAGE); 282 283 return entries; 284 } 285 } | Popular Tags |