You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2016/02/25 11:42:02 UTC
svn commit: r1732280 - in /openmeetings/application:
branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/
branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/
branches/3.1.x/openmeetings-web/src/...
Author: solomax
Date: Thu Feb 25 10:42:02 2016
New Revision: 1732280
URL: http://svn.apache.org/viewvc?rev=1732280&view=rev
Log:
[OPENMEETINGS-1334] invitation hash is being generated for internal users with no rights for the room
Modified:
openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
Modified: openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java Thu Feb 25 10:42:02 2016
@@ -152,58 +152,61 @@ public class MainService implements IPen
return -1L;
}
- public User loginWicket(String SID, String wicketSID, Long wicketroomid) {
- log.debug("[loginWicket] SID: '{}'; wicketSID: '{}'; wicketroomid: '{}'", SID, wicketSID, wicketroomid);
- Long userId = sessiondataDao.checkSession(wicketSID);
- User u = userId == null ? null : userDao.get(userId);
- if (u != null && wicketroomid != null) {
- log.debug("[loginWicket] user and roomid are not empty: " + userId + ", " + wicketroomid);
- boolean allowed = false;
- Room r = roomDao.get(wicketroomid);
- if (r != null) {
- if (r.isAppointment()) {
- Appointment a = appointmentDao.getByRoom(wicketroomid);
- if (a != null && !a.isDeleted()) {
- allowed = a.getOwner().getId().equals(userId);
- log.debug("[loginWicket] appointed room, isOwner ? " + allowed);
- if (!allowed) {
- for (MeetingMember mm : a.getMeetingMembers()) {
- if (mm.getUser().getId().equals(userId)) {
- allowed = true;
- break;
- }
+ public boolean isRoomAllowedToUser(Room r, User u) {
+ boolean allowed = false;
+ if (r != null) {
+ if (r.isAppointment()) {
+ Appointment a = appointmentDao.getByRoom(r.getId());
+ if (a != null && !a.isDeleted()) {
+ allowed = a.getOwner().getId().equals(u.getId());
+ log.debug("[loginWicket] appointed room, isOwner ? " + allowed);
+ if (!allowed) {
+ for (MeetingMember mm : a.getMeetingMembers()) {
+ if (mm.getUser().getId().equals(u.getId())) {
+ allowed = true;
+ break;
}
}
- /*
- TODO need to be reviewed
- Calendar c = WebSession.getCalendar();
- if (c.getTime().after(a.getStart()) && c.getTime().before(a.getEnd())) {
- allowed = true;
- } else {
- SimpleDateFormat sdf = new SimpleDateFormat("yyyy/MM/dd HH:mm"); //FIXME format
- deniedMessage = Application.getString(1271) + String.format(" %s - %s", sdf.format(a.getStart()), sdf.format(a.getEnd()));
- }
- */
}
- } else {
- allowed = r.getIspublic() || (r.getOwnerId() != null && r.getOwnerId().equals(userId));
- log.debug("[loginWicket] public ? " + r.getIspublic() + ", ownedId ? " + r.getOwnerId() + " " + allowed);
- if (!allowed && null != r.getRoomGroups()) {
- for (RoomGroup ro : r.getRoomGroups()) {
- for (GroupUser ou : u.getGroupUsers()) {
- if (ro.getGroup().getId().equals(ou.getGroup().getId())) {
- allowed = true;
- break;
- }
- }
- if (allowed) {
+ /*
+ TODO need to be reviewed
+ Calendar c = WebSession.getCalendar();
+ if (c.getTime().after(a.getStart()) && c.getTime().before(a.getEnd())) {
+ allowed = true;
+ } else {
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyy/MM/dd HH:mm"); //FIXME format
+ deniedMessage = Application.getString(1271) + String.format(" %s - %s", sdf.format(a.getStart()), sdf.format(a.getEnd()));
+ }
+ */
+ }
+ } else {
+ allowed = r.getIspublic() || (r.getOwnerId() != null && r.getOwnerId().equals(u.getId()));
+ log.debug("[loginWicket] public ? " + r.getIspublic() + ", ownedId ? " + r.getOwnerId() + " " + allowed);
+ if (!allowed && null != r.getRoomGroups()) {
+ for (RoomGroup ro : r.getRoomGroups()) {
+ for (GroupUser ou : u.getGroupUsers()) {
+ if (ro.getGroup().getId().equals(ou.getGroup().getId())) {
+ allowed = true;
break;
}
}
+ if (allowed) {
+ break;
+ }
}
}
}
- if (allowed) {
+ }
+ return allowed;
+ }
+
+ public User loginWicket(String SID, String wicketSID, Long wicketroomid) {
+ log.debug("[loginWicket] SID: '{}'; wicketSID: '{}'; wicketroomid: '{}'", SID, wicketSID, wicketroomid);
+ Long userId = sessiondataDao.checkSession(wicketSID);
+ User u = userId == null ? null : userDao.get(userId);
+ if (u != null && wicketroomid != null) {
+ log.debug("[loginWicket] user and roomid are not empty: " + userId + ", " + wicketroomid);
+ if (isRoomAllowedToUser(roomDao.get(wicketroomid), u)) {
IConnection current = Red5.getConnectionLocal();
String streamId = current.getClient().getId();
Client currentClient = sessionManager.getClientByStreamId(streamId, null);
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java Thu Feb 25 10:42:02 2016
@@ -44,10 +44,13 @@ import org.apache.commons.collections4.M
import org.apache.commons.collections4.keyvalue.MultiKey;
import org.apache.commons.collections4.map.MultiKeyMap;
import org.apache.openmeetings.IApplication;
+import org.apache.openmeetings.core.remote.MainService;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.label.LabelDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.room.Invitation;
+import org.apache.openmeetings.db.entity.room.Room;
+import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.db.entity.user.User.Type;
import org.apache.openmeetings.util.InitializationContainer;
import org.apache.openmeetings.web.pages.ActivatePage;
@@ -470,15 +473,21 @@ public class Application extends Authent
if (link == null) {
return null;
}
- if (i.getRoom() != null) {
- if (i.getInvitee().getType() == Type.contact) {
+ Room r = i.getRoom();
+ User u = i.getInvitee();
+ if (r != null) {
+ boolean allowed = u.getType() != Type.contact;
+ if (allowed) {
+ allowed = getBean(MainService.class).isRoomAllowedToUser(r, u);
+ }
+ if (!allowed) {
link += "?invitationHash=" + i.getHash();
- if (i.getInvitee().getLanguageId() > 0) {
- link += "&language=" + i.getInvitee().getLanguageId().toString();
+ if (u.getLanguageId() > 0) {
+ link += "&language=" + u.getLanguageId().toString();
}
} else {
- link = getRoomUrlFragment(i.getRoom().getId()).getLink();
+ link = getRoomUrlFragment(r.getId()).getLink();
}
}
return link;
Modified: openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java (original)
+++ openmeetings/application/branches/3.1.x/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java Thu Feb 25 10:42:02 2016
@@ -278,10 +278,10 @@ public class InvitationDialog extends Ab
i.setValidFrom(d.getTime());
i.setInvitee(u);
+ i.setHash(UUID.randomUUID().toString());
if (Type.contact == u.getType()) {
//TODO not sure it is right
u.setLanguageId(lang);
- i.setHash(UUID.randomUUID().toString());
}
return getBean(InvitationDao.class).update(i);
}
Modified: openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java (original)
+++ openmeetings/application/trunk/openmeetings-core/src/main/java/org/apache/openmeetings/core/remote/MainService.java Thu Feb 25 10:42:02 2016
@@ -28,6 +28,7 @@ import java.util.Set;
import org.apache.openmeetings.core.remote.red5.ScopeApplicationAdapter;
import org.apache.openmeetings.core.remote.util.SessionVariablesUtil;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
+import org.apache.openmeetings.db.dao.calendar.AppointmentDao;
import org.apache.openmeetings.db.dao.log.ConferenceLogDao;
import org.apache.openmeetings.db.dao.server.ISessionManager;
import org.apache.openmeetings.db.dao.server.SOAPLoginDao;
@@ -35,12 +36,17 @@ import org.apache.openmeetings.db.dao.se
import org.apache.openmeetings.db.dao.user.IUserManager;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.basic.Configuration;
+import org.apache.openmeetings.db.entity.calendar.Appointment;
+import org.apache.openmeetings.db.entity.calendar.MeetingMember;
import org.apache.openmeetings.db.entity.log.ConferenceLog;
import org.apache.openmeetings.db.entity.room.Client;
+import org.apache.openmeetings.db.entity.room.Room;
+import org.apache.openmeetings.db.entity.room.RoomGroup;
import org.apache.openmeetings.db.entity.server.RemoteSessionObject;
import org.apache.openmeetings.db.entity.server.SOAPLogin;
import org.apache.openmeetings.db.entity.server.Sessiondata;
import org.apache.openmeetings.db.entity.user.Address;
+import org.apache.openmeetings.db.entity.user.GroupUser;
import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.db.entity.user.User.Right;
import org.apache.openmeetings.db.entity.user.Userdata;
@@ -79,6 +85,8 @@ public class MainService implements IPen
@Autowired
private UserDao userDao;
@Autowired
+ private AppointmentDao appointmentDao;
+ @Autowired
private SOAPLoginDao soapLoginDao;
@Autowired
private TimezoneUtil timezoneUtil;
@@ -132,6 +140,54 @@ public class MainService implements IPen
return -1L;
}
+ public boolean isRoomAllowedToUser(Room r, User u) {
+ boolean allowed = false;
+ if (r != null) {
+ if (r.isAppointment()) {
+ Appointment a = appointmentDao.getByRoom(r.getId());
+ if (a != null && !a.isDeleted()) {
+ allowed = a.getOwner().getId().equals(u.getId());
+ log.debug("[loginWicket] appointed room, isOwner ? " + allowed);
+ if (!allowed) {
+ for (MeetingMember mm : a.getMeetingMembers()) {
+ if (mm.getUser().getId().equals(u.getId())) {
+ allowed = true;
+ break;
+ }
+ }
+ }
+ /*
+ TODO need to be reviewed
+ Calendar c = WebSession.getCalendar();
+ if (c.getTime().after(a.getStart()) && c.getTime().before(a.getEnd())) {
+ allowed = true;
+ } else {
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyy/MM/dd HH:mm"); //FIXME format
+ deniedMessage = Application.getString(1271) + String.format(" %s - %s", sdf.format(a.getStart()), sdf.format(a.getEnd()));
+ }
+ */
+ }
+ } else {
+ allowed = r.getIspublic() || (r.getOwnerId() != null && r.getOwnerId().equals(u.getId()));
+ log.debug("[loginWicket] public ? " + r.getIspublic() + ", ownedId ? " + r.getOwnerId() + " " + allowed);
+ if (!allowed && null != r.getRoomGroups()) {
+ for (RoomGroup ro : r.getRoomGroups()) {
+ for (GroupUser ou : u.getGroupUsers()) {
+ if (ro.getGroup().getId().equals(ou.getGroup().getId())) {
+ allowed = true;
+ break;
+ }
+ }
+ if (allowed) {
+ break;
+ }
+ }
+ }
+ }
+ }
+ return allowed;
+ }
+
public Object secureLoginByRemote(String SID, String secureHash) {
try {
log.debug("############### secureLoginByRemote " + secureHash);
Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java (original)
+++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/app/Application.java Thu Feb 25 10:42:02 2016
@@ -44,10 +44,13 @@ import org.apache.commons.collections4.M
import org.apache.commons.collections4.keyvalue.MultiKey;
import org.apache.commons.collections4.map.MultiKeyMap;
import org.apache.openmeetings.IApplication;
+import org.apache.openmeetings.core.remote.MainService;
import org.apache.openmeetings.db.dao.basic.ConfigurationDao;
import org.apache.openmeetings.db.dao.label.LabelDao;
import org.apache.openmeetings.db.dao.user.UserDao;
import org.apache.openmeetings.db.entity.room.Invitation;
+import org.apache.openmeetings.db.entity.room.Room;
+import org.apache.openmeetings.db.entity.user.User;
import org.apache.openmeetings.db.entity.user.User.Type;
import org.apache.openmeetings.util.InitializationContainer;
import org.apache.openmeetings.web.pages.ActivatePage;
@@ -470,15 +473,21 @@ public class Application extends Authent
if (link == null) {
return null;
}
- if (i.getRoom() != null) {
- if (i.getInvitee().getType() == Type.contact) {
+ Room r = i.getRoom();
+ User u = i.getInvitee();
+ if (r != null) {
+ boolean allowed = u.getType() != Type.contact;
+ if (allowed) {
+ allowed = getBean(MainService.class).isRoomAllowedToUser(r, u);
+ }
+ if (!allowed) {
link += "?invitationHash=" + i.getHash();
- if (i.getInvitee().getLanguageId() > 0) {
- link += "&language=" + i.getInvitee().getLanguageId().toString();
+ if (u.getLanguageId() > 0) {
+ link += "&language=" + u.getLanguageId().toString();
}
} else {
- link = getRoomUrlFragment(i.getRoom().getId()).getLink();
+ link = getRoomUrlFragment(r.getId()).getLink();
}
}
return link;
Modified: openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java
URL: http://svn.apache.org/viewvc/openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java?rev=1732280&r1=1732279&r2=1732280&view=diff
==============================================================================
--- openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java (original)
+++ openmeetings/application/trunk/openmeetings-web/src/main/java/org/apache/openmeetings/web/room/InvitationDialog.java Thu Feb 25 10:42:02 2016
@@ -278,10 +278,10 @@ public class InvitationDialog extends Ab
i.setValidFrom(d.getTime());
i.setInvitee(u);
+ i.setHash(UUID.randomUUID().toString());
if (Type.contact == u.getType()) {
//TODO not sure it is right
u.setLanguageId(lang);
- i.setHash(UUID.randomUUID().toString());
}
return getBean(InvitationDao.class).update(i);
}