You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by ta...@apache.org on 2001/07/06 10:44:21 UTC
cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security RolePermissionUpdateAction.java UserRoleUpdateAction.java RoleBrowserAction.java RoleUpdateAction.java SecurityConstants.java
taylor 01/07/06 01:44:21
Modified: src/java/org/apache/jetspeed/modules/actions/portlets/security
RoleBrowserAction.java RoleUpdateAction.java
SecurityConstants.java
Added: src/java/org/apache/jetspeed/modules/actions/portlets/security
RolePermissionUpdateAction.java
UserRoleUpdateAction.java
Log:
- added two new actions for listing and updating roles per user, and permissions per role
Revision Changes Path
1.3 +7 -6 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java
Index: RoleBrowserAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- RoleBrowserAction.java 2001/07/02 07:33:44 1.2
+++ RoleBrowserAction.java 2001/07/06 08:44:14 1.3
@@ -63,16 +63,16 @@
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.util.DynamicURI;
-import org.apache.turbine.util.security.RoleSet;
-import org.apache.turbine.util.db.Criteria;
-
// turbine om
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
+import org.apache.turbine.om.security.Group;
// turbine security
import org.apache.turbine.util.security.EntityExistsException;
-import org.apache.turbine.util.security.DataBackendException;
+import org.apache.turbine.util.security.UnknownEntityException;
+import org.apache.turbine.util.security.RoleSet;
+import org.apache.turbine.util.db.Criteria;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
@@ -132,12 +132,12 @@
RunData rundata )
{
try
- {
+ {
Criteria criteria = new Criteria();
RoleSet roles = JetspeedSecurity.getRoles(criteria);
context.put(SecurityConstants.CONTEXT_ROLES, roles.getRolesArray());
}
- catch (DataBackendException e)
+ catch (Exception e)
{
// log the error msg
Log.error(e);
@@ -147,5 +147,6 @@
rundata.setScreenTemplate("Error.vm");
}
}
+
}
1.3 +0 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
Index: RoleUpdateAction.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- RoleUpdateAction.java 2001/07/02 07:33:45 1.2
+++ RoleUpdateAction.java 2001/07/06 08:44:15 1.3
@@ -138,7 +138,6 @@
*/
String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
- //
// if we are updating or deleting - put the name in the context
//
if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
1.2 +10 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java
Index: SecurityConstants.java
===================================================================
RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- SecurityConstants.java 2001/07/02 07:33:45 1.1
+++ SecurityConstants.java 2001/07/06 08:44:16 1.2
@@ -68,6 +68,8 @@
static final String PARAM_MSG = "msg";
// unique entity id - parameter passed between browser forms and update forms
static final String PARAM_ENTITY_ID = "entityid";
+ // username parameter
+ static final String PARAM_USERNAME = "username";
// mode parameter
static final String PARAM_MODE = "mode";
@@ -89,6 +91,7 @@
static final String CONTEXT_PERMISSIONS = "permissions";
static final String CONTEXT_GROUP = "group";
static final String CONTEXT_GROUPS = "groups";
+ static final String CONTEXT_SELECTED = "selected";
// user browser pane id
static final String PANEID_USER_BROWSER = "User Browser";
@@ -106,6 +109,10 @@
static final String PANEID_GROUP_BROWSER = "Group Browser";
// group form pane id
static final String PANEID_GROUP_UPDATE = "Group";
+ // user role form pane id
+ static final String PANEID_USERROLE_UPDATE = "User Roles";
+ // role permission form pane id
+ static final String PANEID_ROLEPERMISSION_UPDATE = "Role Permissions";
//
// Informational and Error Messages for Security Forms
@@ -116,7 +123,8 @@
"Database Delete Failure. Please report this error to your Database Administrator.",
"Invalid Entity Name. Please enter a valid entity name.",
"Entity Name Already Exists. Please choose another unique, identifying name.",
- "Deletion not allowed. You are trying to delete the currently logged on user."
+ "Deletion not allowed. You are trying to delete the currently logged on user.",
+ "Missing Parameter. Cannot process Security form."
};
//
// indexes into messages
@@ -126,5 +134,6 @@
static final int MID_INVALID_ENTITY_NAME = 2;
static final int MID_ENTITY_ALREADY_EXISTS = 3;
static final int MID_CANT_DELETE_CURRENT = 4;
+ static final int MID_MISSING_PARAMETER = 5;
};
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java
Index: RolePermissionUpdateAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
// java util
import java.util.Vector;
// velocity
import org.apache.velocity.context.Context;
// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.util.DynamicURI;
// turbine om
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
import org.apache.turbine.om.security.Permission;
// turbine security
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.UnknownEntityException;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.resources.JetspeedResources;
// jetspeed velocity
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
/**
* This action sets up the template context for editing security permissions in the Turbine database
* for a given role.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class RolePermissionUpdateAction extends VelocityPortletAction
{
private static final String TEMP_ROLE = "tempRole";
/**
* Build the maximized state content for this portlet. (Same as normal state).
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the configure state content for this portlet.
* TODO: we could configure this portlet with configurable skins, etc..
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the normal state content for this portlet.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Role role = null;
/*
* Grab the mode for the user form.
*/
String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
//
// check to see if we are adding a role for a single user
//
String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
if (entityid == null || entityid.trim().length() == 0)
{
return;
}
buildRolePermissionContext(portlet, context, rundata, entityid);
//
// if there was an error, display the message
//
String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
if (msgid != null)
{
int id = Integer.parseInt(msgid);
if (id < SecurityConstants.MESSAGES.length)
context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
}
}
catch (Exception e)
{
Log.error(e);
rundata.setMessage("Error in Jetspeed Role Permission Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
/**
* Database Update Action for Security Role Permissions. Performs updates into security database.
*
* @param rundata The turbine rundata context for this request.
* @param context The velocity context for this request.
*/
public void doUpdate(RunData rundata, Context context)
throws Exception
{
String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
if (entityid == null || entityid.trim().length() == 0)
{
Log.error("RolePermissionBrowser: Failed to get entity: " + entityid );
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
Role role = JetspeedSecurity.getRole(entityid);
if (null == role)
{
Log.error("RolePermissionBrowser: Failed to get role: " + entityid );
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
try
{
Permission[] permissions =
(Permission[])rundata.getUser().getTemp(SecurityConstants.CONTEXT_PERMISSIONS);
Vector selected = (Vector)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED);
if (permissions == null || selected == null)
{
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
//
// walk thru all the permissions, see if anything changed
// if changed, update the database
//
for (int ix = 0; ix < permissions.length; ix++)
{
boolean newValue = rundata.getParameters().getBoolean("box_" + permissions[ix].getName(), false);
boolean oldValue = ((Boolean)selected.elementAt(ix + 1)).booleanValue();
if (newValue != oldValue)
{
if (newValue == true)
{
// grant a permission to a role
JetspeedSecurity.grant( role, permissions[ix] );
}
else
{
// revoke a permission from a role
JetspeedSecurity.revoke( role, permissions[ix] );
}
}
}
// clear the temp values
rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, null);
rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, null);
//
// success -- bring user back to user browser
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
rundata.getResponse().sendRedirect(duri.toString());
}
catch (Exception e)
{
// log the error msg
Log.error("Failed update role+permission: " + e);
//
// error on update - display error message
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
if (role != null)
duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
rundata.getResponse().sendRedirect(duri.toString());
}
}
/**
* Build the context for a role browser for a specific user.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
* @param roleName The roleName of the role that we are building a role context for.
*/
private void buildRolePermissionContext(VelocityPortlet portlet,
Context context,
RunData rundata,
String roleName)
throws UnknownEntityException, DataBackendException
{
// get master list of roles
Criteria criteria = new Criteria();
PermissionSet master = JetspeedSecurity.getPermissions(criteria);
// get the user object
Role role = JetspeedSecurity.getRole(roleName);
if (null == role)
{
// no ACL found
Log.error("RolePermissionBrowser: Failed to get role: " + roleName);
return;
}
// get the permissions for this particular role
PermissionSet subset = JetspeedSecurity.getPermissions(role);
Permission[] permissions = master.getPermissionsArray();
Vector selected = new Vector(master.size()+1);
selected.add(0, new Boolean(false));
boolean sel = false;
for ( int ix = 0; ix < permissions.length; ix++ )
{
if (null != subset)
sel = subset.contains(permissions[ix].getName());
else
sel = false;
selected.add(ix + 1, new Boolean(sel));
}
rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions);
context.put(SecurityConstants.CONTEXT_SELECTED, selected);
context.put(SecurityConstants.CONTEXT_ROLE, role);
}
}
1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java
Index: UserRoleUpdateAction.java
===================================================================
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.modules.actions.portlets.security;
// java util
import java.util.Vector;
// velocity
import org.apache.velocity.context.Context;
// turbine util
import org.apache.turbine.util.Log;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.StringUtils;
import org.apache.turbine.util.DynamicURI;
// turbine om
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.User;
import org.apache.turbine.om.security.Group;
// turbine security
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.db.Criteria;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.UnknownEntityException;
// jetspeed services
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.resources.JetspeedResources;
// jetspeed velocity
import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
import org.apache.jetspeed.portal.portlets.VelocityPortlet;
/**
* This action sets up the template context for editing security roles in the Turbine database
* for a given user.
*
* @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
*/
public class UserRoleUpdateAction extends VelocityPortletAction
{
/**
* Build the maximized state content for this portlet. (Same as normal state).
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildMaximizedContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the configure state content for this portlet.
* TODO: we could configure this portlet with configurable skins, etc..
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildConfigureContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
buildNormalContext( portlet, context, rundata);
}
/**
* Build the normal state content for this portlet.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
*/
protected void buildNormalContext( VelocityPortlet portlet,
Context context,
RunData rundata )
{
try
{
Role role = null;
/*
* Grab the mode for the user form.
*/
String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
//
// check to see if we are adding a role for a single user
//
String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
if (entityid == null || entityid.trim().length() == 0)
{
return;
}
buildUserRoleContext(portlet, context, rundata, entityid);
//
// if there was an error, display the message
//
String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
if (msgid != null)
{
int id = Integer.parseInt(msgid);
if (id < SecurityConstants.MESSAGES.length)
context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
}
}
catch (Exception e)
{
Log.error(e);
rundata.setMessage("Error in Jetspeed User Role Security: " + e.toString());
rundata.setStackTrace(StringUtils.stackTrace(e), e);
rundata.setScreenTemplate("Error.vm");
}
}
/**
* Database Update Action for Security Roles. Performs updates into security database.
*
* @param rundata The turbine rundata context for this request.
* @param context The velocity context for this request.
*/
public void doUpdate(RunData rundata, Context context)
throws Exception
{
// TODO: if the user is the current user, we will need to refresh the
// rundata's ACL list as described in the constructor for AccessControlList.java
String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
if (entityid == null || entityid.trim().length() == 0)
{
Log.error("UserRoleBrowser: Failed to get entity: " + entityid );
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
User user = JetspeedSecurity.getUser(entityid);
if (null == user)
{
Log.error("UserRoleBrowser: Failed to get user: " + entityid );
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
try
{
Role[] roles = (Role[])rundata.getUser().getTemp(SecurityConstants.CONTEXT_ROLES);
Vector selected = (Vector)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED);
if (roles == null || selected == null)
{
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER);
rundata.getResponse().sendRedirect(duri.toString());
return;
}
//
// walk thru all the roles, see if anything changed
// if changed, update the database
//
for (int ix = 0; ix < roles.length; ix++)
{
boolean newValue = rundata.getParameters().getBoolean("box_" + roles[ix].getName(), false);
boolean oldValue = ((Boolean)selected.elementAt(ix + 1)).booleanValue();
if (newValue != oldValue)
{
if (newValue == true)
{
// grant a role to a user
JetspeedSecurity.grant( user,
JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP),
roles[ix] );
}
else
{
// revoke a role from a user
JetspeedSecurity.revoke( user,
JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP),
roles[ix] );
}
}
}
// clear the temp values
rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, null);
rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, null);
//
// success -- bring user back to user browser
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
rundata.getResponse().sendRedirect(duri.toString());
}
catch (Exception e)
{
// log the error msg
Log.error("Failed update role+permission: " + e);
//
// error on update - display error message
//
DynamicURI duri = new DynamicURI (rundata);
duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE);
duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
if (user != null)
duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
rundata.getResponse().sendRedirect(duri.toString());
}
}
/**
* Build the context for a role browser for a specific user.
*
* @param portlet The velocity-based portlet that is being built.
* @param context The velocity context for this request.
* @param rundata The turbine rundata context for this request.
* @param userid The userid of the user that we are building a role context for.
*/
private void buildUserRoleContext(VelocityPortlet portlet,
Context context,
RunData rundata,
String userid)
throws UnknownEntityException, DataBackendException
{
// get master list of roles
Criteria criteria = new Criteria();
RoleSet master = JetspeedSecurity.getRoles(criteria);
// get the user object
User user = JetspeedSecurity.getUser(userid);
if (null == user)
{
// no ACL found
Log.error("UserRoleBrowser: Failed to get user: " + userid );
return;
}
// get the access control list for the given user
AccessControlList acl = JetspeedSecurity.getACL(user);
if (null == acl)
{
// no ACL found
Log.error("RoleBrowser: NO ACL found for user: " + user.getUserName() );
return;
}
// get all the roles for this user in the Jetspeed Group
Group jetGroup = JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP);
RoleSet userRoles = acl.getRoles( jetGroup );
Role[] roles = master.getRolesArray();
Vector selected = new Vector(master.size()+1);
selected.add(0, new Boolean(false));
boolean sel = false;
for ( int ix = 0; ix < roles.length; ix++ )
{
if (null != userRoles)
sel = userRoles.contains(roles[ix].getName());
else
sel = false;
selected.add(ix + 1, new Boolean(sel));
}
rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, roles);
rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
context.put(SecurityConstants.CONTEXT_USER, user);
context.put(SecurityConstants.CONTEXT_ROLES, roles);
context.put(SecurityConstants.CONTEXT_SELECTED, selected);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org