1 package org.nemesis.forum.webapp.admin.action; 2 3 import java.util.Date ; 4 import java.util.Locale ; 5 6 import javax.servlet.http.HttpServletRequest ; 7 import javax.servlet.http.HttpServletResponse ; 8 9 import org.apache.commons.logging.Log; 10 import org.apache.commons.logging.LogFactory; 11 import org.apache.struts.action.Action; 12 import org.nemesis.forum.Authorization; 13 import org.nemesis.forum.AuthorizationFactory; 14 import org.nemesis.forum.Forum; 15 import org.nemesis.forum.Group; 16 import org.nemesis.forum.util.SecurityTools; 17 import org.nemesis.forum.webapp.admin.Constants; 18 import org.nemesis.forum.webapp.exception.UnauthorizedException; 19 import org.nemesis.forum.webapp.exception.UserNotLoggedException; 20 21 28 abstract class BaseAction extends Action { 29 30 static private Log log = LogFactory.getLog("user.connection"); 31 32 protected void authenticate(HttpServletRequest request, String login, String pass) throws UserNotLoggedException { 33 34 try { 35 36 Authorization token = AuthorizationFactory.getAuthorization(login, pass); 37 38 boolean isBOUser = 39 SecurityTools.isSystemAdmin(token) 40 || SecurityTools.isForumAdmin(token) 41 || SecurityTools.isGroupAdmin(token) 42 || SecurityTools.isForumModerator(token); 43 44 if (!isBOUser) { 45 throw new Exception ("invalid user"); 47 } 48 49 setUser(request, login); 50 setAuthToken(request, token); 51 52 log.info("\nlogin:" + login + "\nsessionID:" + request.getSession().getId() + "\ndate:" + new Date ()); 53 54 } catch (Exception er) { 55 56 throw new UserNotLoggedException("invalid user"); 57 58 } 59 } 60 61 protected boolean isUserLogged(HttpServletRequest request) { 62 63 if (request.getSession().getAttribute(Constants.USER_KEY) == null) 64 return false; 65 66 return true; 67 68 } 69 70 protected void checkUser(HttpServletRequest request) throws UserNotLoggedException { 71 if (request.getSession().getAttribute(Constants.USER_KEY) == null) 72 throw new UserNotLoggedException(); 73 } 74 75 protected String getUser(HttpServletRequest request) { 76 return "" + request.getSession().getAttribute(Constants.USER_KEY); 77 } 78 79 protected void invalidateUser(HttpServletRequest request) throws UserNotLoggedException { 80 request.getSession().setAttribute(Constants.USER_KEY, null); 81 request.getSession().invalidate(); } 83 84 private final void setUser(HttpServletRequest request, String user) { 85 request.getSession().setAttribute(Constants.USER_KEY, user); 86 87 } 88 89 private final void setAuthToken(HttpServletRequest request, Authorization auth) { 90 request.getSession().setAttribute(Constants.AUTH_TOKEN, auth); 91 92 } 93 94 protected Authorization getAuthToken(HttpServletRequest request) { 95 return (Authorization) request.getSession().getAttribute(Constants.AUTH_TOKEN); 96 } 97 protected void setLangage(HttpServletRequest request, HttpServletResponse response, Locale locale) { 98 setLocale(request, locale); 100 } 101 102 107 protected void checkPermission(HttpServletRequest request, int operationConstant) throws UnauthorizedException { 108 141 if (SecurityTools.isSystemAdmin(getAuthToken(request))) 142 return; 143 144 if (SecurityTools.isGroupAdmin(getAuthToken(request)) && OperationConstants.LIST_GROUP == operationConstant) 145 return; 146 if (OperationConstants.LIST_FORUM == operationConstant 147 && (SecurityTools.isForumAdmin(getAuthToken(request)) || SecurityTools.isForumModerator(getAuthToken(request)))) 148 return; 149 150 throw new UnauthorizedException(); 151 152 } 153 154 157 protected void checkPermission(HttpServletRequest request, int operationConstant, Object o) throws UnauthorizedException { 158 197 198 if (SecurityTools.isSystemAdmin(getAuthToken(request))) 199 return; 200 else if(groupPermsContain(operationConstant) 201 && SecurityTools.isGroupAdmin(getAuthToken(request),(Group )o)) 202 return; 203 else if(adminPermsContain(operationConstant) 204 && SecurityTools.isForumAdmin(getAuthToken(request),(Forum )o)) 205 return; 206 else if(moderatorPermsContain(operationConstant) 207 && (SecurityTools.isForumAdmin(getAuthToken(request),(Forum )o) 208 || SecurityTools.isForumModerator(getAuthToken(request),(Forum )o)) 209 ) 210 return; 211 212 213 214 throw new UnauthorizedException(); 215 216 } 217 218 private static int[] groupperms = { OperationConstants.LIST_GROUP_USERS, OperationConstants.ADD_GROUP_MEMBER, OperationConstants.DELETE_GROUP_MEMBER }; 219 220 private boolean groupPermsContain(int op) { 221 for (int i = 0; i < groupperms.length; i++) { 222 if (groupperms[i] == op) 223 return true; 224 } 225 return false; 226 } 227 228 private static int[] adminperms = 229 { 230 OperationConstants.ADD_FORUM_FILTER, 231 OperationConstants.ADD_GROUP_PERMISSION, 232 OperationConstants.ADD_USER_PERMISSION, 233 OperationConstants.DELETE_FORUM_FILTER, 234 OperationConstants.DELETE_GROUP_PERMISSION, 235 OperationConstants.DELETE_USER_PERMISSION, 236 OperationConstants.EDIT_FORUM, 237 OperationConstants.EDIT_FORUM_FILTER, 238 OperationConstants.LIST_FORUM_FILTER, 239 OperationConstants.LIST_FORUM_PERMISSION }; 240 241 private boolean adminPermsContain(int op) { 242 for (int i = 0; i < adminperms.length; i++) { 243 if (adminperms[i] == op) 244 return true; 245 } 246 return false; 247 } 248 249 private static int[] moderatorperms = 250 { OperationConstants.LIST_FORUM_CONTENT, OperationConstants.DELETE_MESSAGE, OperationConstants.DELETE_THREAD, OperationConstants.EDIT_MESSAGE }; 251 252 private boolean moderatorPermsContain(int op) { 253 for (int i = 0; i < moderatorperms.length; i++) { 254 if (moderatorperms[i] == op) 255 return true; 256 } 257 return false; 258 } 259 260 } 261 | Popular Tags |