KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > nemesis > forum > webapp > admin > action > BaseAction


1 package org.nemesis.forum.webapp.admin.action;
2
3 import java.util.Date JavaDoc;
4 import java.util.Locale JavaDoc;
5
6 import javax.servlet.http.HttpServletRequest JavaDoc;
7 import javax.servlet.http.HttpServletResponse JavaDoc;
8
9 import org.apache.commons.logging.Log;
10 import org.apache.commons.logging.LogFactory;
11 import org.apache.struts.action.Action;
12 import org.nemesis.forum.Authorization;
13 import org.nemesis.forum.AuthorizationFactory;
14 import org.nemesis.forum.Forum;
15 import org.nemesis.forum.Group;
16 import org.nemesis.forum.util.SecurityTools;
17 import org.nemesis.forum.webapp.admin.Constants;
18 import org.nemesis.forum.webapp.exception.UnauthorizedException;
19 import org.nemesis.forum.webapp.exception.UserNotLoggedException;
20
21 /**
22  * Controller de base contenant les mthodes communes a tous les controlleurs
23  * <br> les actions heriteront de celui-ci
24  * @author dlaurent
25  * 14:56:31
26  *
27  */

28 abstract class BaseAction extends Action {
29
30     static private Log log = LogFactory.getLog("user.connection");
31
32     protected void authenticate(HttpServletRequest JavaDoc request, String JavaDoc login, String JavaDoc pass) throws UserNotLoggedException {
33
34         try {
35
36             Authorization token = AuthorizationFactory.getAuthorization(login, pass);
37
38             boolean isBOUser =
39                 SecurityTools.isSystemAdmin(token)
40                     || SecurityTools.isForumAdmin(token)
41                     || SecurityTools.isGroupAdmin(token)
42                     || SecurityTools.isForumModerator(token);
43
44             if (!isBOUser) {
45                 //log.info("\nlogin:"+login+"\nsessionID:"+request.getSession().getId()+"\ndate:"+new Date()) ;
46
throw new Exception JavaDoc("invalid user");
47             }
48
49             setUser(request, login);
50             setAuthToken(request, token);
51
52             log.info("\nlogin:" + login + "\nsessionID:" + request.getSession().getId() + "\ndate:" + new Date JavaDoc());
53
54         } catch (Exception JavaDoc er) {
55
56             throw new UserNotLoggedException("invalid user");
57
58         }
59     }
60
61     protected boolean isUserLogged(HttpServletRequest JavaDoc request) {
62
63         if (request.getSession().getAttribute(Constants.USER_KEY) == null)
64             return false;
65
66         return true;
67
68     }
69
70     protected void checkUser(HttpServletRequest JavaDoc request) throws UserNotLoggedException {
71         if (request.getSession().getAttribute(Constants.USER_KEY) == null)
72             throw new UserNotLoggedException();
73     }
74
75     protected String JavaDoc getUser(HttpServletRequest JavaDoc request) {
76         return "" + request.getSession().getAttribute(Constants.USER_KEY);
77     }
78
79     protected void invalidateUser(HttpServletRequest JavaDoc request) throws UserNotLoggedException {
80         request.getSession().setAttribute(Constants.USER_KEY, null);
81         request.getSession().invalidate(); //????? ::FIXME::
82
}
83
84     private final void setUser(HttpServletRequest JavaDoc request, String JavaDoc user) {
85         request.getSession().setAttribute(Constants.USER_KEY, user);
86
87     }
88
89     private final void setAuthToken(HttpServletRequest JavaDoc request, Authorization auth) {
90         request.getSession().setAttribute(Constants.AUTH_TOKEN, auth);
91
92     }
93
94     protected Authorization getAuthToken(HttpServletRequest JavaDoc request) {
95         return (Authorization) request.getSession().getAttribute(Constants.AUTH_TOKEN);
96     }
97     protected void setLangage(HttpServletRequest JavaDoc request, HttpServletResponse JavaDoc response, Locale JavaDoc locale) {
98         //Locale locale=getLocale(request);
99
setLocale(request, locale);
100     }
101
102     //----------------------------------------------------------------------------------
103
//permissions
104
/**
105          * //temporary code...
106          */

107     protected void checkPermission(HttpServletRequest JavaDoc request, int operationConstant) throws UnauthorizedException {
108         /*
109         systemadmin
110         -----------
111         ADD_FORUM
112         DELETE_FORUM
113         ADD_GROUP
114         EDIT_GROUP
115         DELETE_GROUP
116         ADD_USER
117         DELETE_USER
118         MANAGE_CACHE
119         VIEW_SGBD_INFO
120         ADD_GROUP_ADMIN
121         DELETE_GROUP_ADMIN
122         EDIT_USER
123         LIST_USER
124         ** LIST_FORUM
125         
126         
127         groupadmin
128         ----------
129         LIST_GROUP
130         
131         
132         forumadmin
133         ----------
134         LIST_FORUM
135         
136         forummoderator
137         --------------
138         LIST_FORUM
139         
140          */

141         if (SecurityTools.isSystemAdmin(getAuthToken(request)))
142             return;
143
144         if (SecurityTools.isGroupAdmin(getAuthToken(request)) && OperationConstants.LIST_GROUP == operationConstant)
145             return;
146         if (OperationConstants.LIST_FORUM == operationConstant
147             && (SecurityTools.isForumAdmin(getAuthToken(request)) || SecurityTools.isForumModerator(getAuthToken(request))))
148             return;
149
150         throw new UnauthorizedException();
151
152     }
153
154     /**
155      * //temporary code...
156      */

157     protected void checkPermission(HttpServletRequest JavaDoc request, int operationConstant, Object JavaDoc o) throws UnauthorizedException {
158         /*
159         systemadmin
160         -----------
161         ****all****
162         
163         
164         groupadmin
165         ----------
166         LIST_GROUP_USERS
167         ADD_GROUP_MEMBER
168         DELETE_GROUP_MEMBER
169         
170         
171         forumadmin
172         ----------
173         ADD_FORUM_FILTER
174         ADD_GROUP_PERMISSION
175         ADD_USER_PERMISSION
176         DELETE_FORUM_FILTER
177         DELETE_GROUP_PERMISSION
178         DELETE_USER_PERMISSION
179         EDIT_FORUM
180         EDIT_FORUM_FILTER
181         LIST_FORUM_FILTER
182         LIST_FORUM_PERMISSION
183         
184         ** DELETE_MESSAGE
185         ** DELETE_THREAD
186         ** EDIT_MESSAGE
187         ** LIST_FORUM_CONTENT
188         
189         forummoderator
190         --------------
191         LIST_FORUM_CONTENT
192         DELETE_MESSAGE
193         DELETE_THREAD
194         EDIT_MESSAGE
195         
196          */

197
198         if (SecurityTools.isSystemAdmin(getAuthToken(request)))
199             return;
200         else if(groupPermsContain(operationConstant)
201                 && SecurityTools.isGroupAdmin(getAuthToken(request),(Group )o))
202             return;
203         else if(adminPermsContain(operationConstant)
204                 && SecurityTools.isForumAdmin(getAuthToken(request),(Forum )o))
205             return;
206         else if(moderatorPermsContain(operationConstant)
207                 && (SecurityTools.isForumAdmin(getAuthToken(request),(Forum )o)
208                     || SecurityTools.isForumModerator(getAuthToken(request),(Forum )o))
209                 )
210             return;
211         
212         
213             
214         throw new UnauthorizedException();
215
216     }
217
218     private static int[] groupperms = { OperationConstants.LIST_GROUP_USERS, OperationConstants.ADD_GROUP_MEMBER, OperationConstants.DELETE_GROUP_MEMBER };
219
220     private boolean groupPermsContain(int op) {
221         for (int i = 0; i < groupperms.length; i++) {
222             if (groupperms[i] == op)
223                 return true;
224         }
225         return false;
226     }
227
228     private static int[] adminperms =
229         {
230             OperationConstants.ADD_FORUM_FILTER,
231             OperationConstants.ADD_GROUP_PERMISSION,
232             OperationConstants.ADD_USER_PERMISSION,
233             OperationConstants.DELETE_FORUM_FILTER,
234             OperationConstants.DELETE_GROUP_PERMISSION,
235             OperationConstants.DELETE_USER_PERMISSION,
236             OperationConstants.EDIT_FORUM,
237             OperationConstants.EDIT_FORUM_FILTER,
238             OperationConstants.LIST_FORUM_FILTER,
239             OperationConstants.LIST_FORUM_PERMISSION };
240     
241     private boolean adminPermsContain(int op) {
242         for (int i = 0; i < adminperms.length; i++) {
243             if (adminperms[i] == op)
244                 return true;
245         }
246         return false;
247     }
248     
249     private static int[] moderatorperms =
250         { OperationConstants.LIST_FORUM_CONTENT, OperationConstants.DELETE_MESSAGE, OperationConstants.DELETE_THREAD, OperationConstants.EDIT_MESSAGE };
251     
252     private boolean moderatorPermsContain(int op) {
253         for (int i = 0; i < moderatorperms.length; i++) {
254             if (moderatorperms[i] == op)
255                 return true;
256         }
257         return false;
258     }
259
260 }
261
Popular Tags