• Home
• com.github.corydoras
• base
• 1.3.2
• source code
• GroupRolesServlet.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

base.jee.servlet.GroupRolesServlet Maven / Gradle / Ivy

/**
 * Creative commons Attribution-NonCommercial license.
 *
 * http://creativecommons.org/licenses/by-nc/2.5/au/deed.en_GB
 *
 * NO WARRANTY IS GIVEN OR IMPLIED, USE AT YOUR OWN RISK.
 */
package base.jee.servlet;

import base.KeyValue;
import base.jee.Breadcrumb;
import base.jee.Constants;
import base.jee.JeeBase;
import base.security.Group;
import base.security.Role;
import base.security.User;
import base.text.StringHelper;
import org.stringtemplate.v4.ST;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Hashtable;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;

public class GroupRolesServlet extends BaseServlet {

	private static final long serialVersionUID = 1L;

	public GroupRolesServlet(JeeBase jee) throws IOException {
		super(jee);
	}

	@SuppressWarnings("unchecked")
	public void doGet(String token, User u, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

		UUID uuid = UUID.fromString(request.getParameter("uuid"));
		String error = null;

		String a = request.getParameter("a");
		if(a != null && !a.equals(u.getFormAuthToken())) {
			throw new IllegalArgumentException("Invalid authentication token.");
		}

		if(request.getParameter("add_role") != null && request.getParameter("role_resource") != null) {
			if(a == null) {
				throw new IllegalArgumentException("Invalid authentication token.");
			}
			jee.getAPI().upsertGroupResourceRole(u, uuid,
					request.getParameter("add_role"),
					jee.getRoles().getRole(request.getParameter("add_role")).getResourceType(),
					request.getParameter("role_resource"));
			response.setHeader("Location", settings.get("base.url", "") + "/group.roles?uuid=" + uuid + "&saved=ok");
			response.setStatus(302);
		}

		if(request.getParameter("delete_role") != null && request.getParameter("resource") != null) {
			if(a == null) {
				throw new IllegalArgumentException("Invalid authentication token.");
			}
			jee.getAPI().deleteGroupResourceRole(u,
					jee.getRoles().getRole(request.getParameter("delete_role")).getResourceType(),
					request.getParameter("resource"),
					uuid,
					request.getParameter("delete_role")
					);
			response.setHeader("Location", settings.get("base.url", "") + "/group.roles?uuid=" + uuid + "&saved=ok");
			response.setStatus(302);
		}

		if(request.getParameter("admin_roles") != null) {
			if(a == null) {
				throw new IllegalArgumentException("Invalid authentication token.");
			}

			// Update the (non resource based) roles.
			for(Role r : jee.getRoles().nonResourceBasedRoles) {
				if(request.getParameter("role_" + r.getRole()) != null && request.getParameter("role_" + r.getRole()).equals("true")) {
					jee.getAPI().upsertGroupRole(u, uuid, r.getRole());
				} else {
					jee.getAPI().deleteGroupRole(u, uuid, r.getRole());
				}
			}

			response.setHeader("Location", settings.get("base.url", "") + "/group.roles?uuid=" + uuid + "&saved=ok");
			response.setStatus(302);
		}

		Group g = jee.getAPI().getGroup(u, uuid).get(0);

		List currentRoles = jee.getAPI().getGroupRoles(u, uuid);

		String roleToAdd = null;
		String roleToAddName = null;
		List possibleResourceBasedRoles = null;
		if(request.getParameter("add_role") != null && request.getParameter("role_resource") == null) {
			roleToAdd = request.getParameter("add_role");
			Role role = jee.getRoles().getRole(roleToAdd);
			roleToAddName = role.getName();
			possibleResourceBasedRoles = jee.getRoles().getResourceLookup(role.getResourceType()).list();
		}

		ST page = jee.getPage(u, "group_roles");
		page.add("uuid", g.getUuid());

		// Used in the person editing form
		page.add("g", g);

		List> adminRoles = buildNonResourceBasedRoleList(jee, u, uuid, currentRoles, request);
		if(uuid.equals(Constants.ALL_USERS_GROUP) || uuid.equals(Constants.AUTHENTICATED_USERS_GROUP)) {
			for(Map ar : adminRoles) {
				if(!((Role)ar.get("role")).isInternal()) {
					page.add("roles", ar);
				}
				page.add("roles", null);
			}
		} else {
			page.add("roles", adminRoles);
			page.add("roles", null);
		}
		page.add("has_custom_role", adminRoles.size() > 0 && !(((Role)adminRoles.get(0).get("role")).isInternal()));
		page.add("error", error);

		// Used in the role management form
		if(jee.getRoles().getResourceBasedRoles().size() == 0) {
			page.add("role_manager", false);
		} else {
			page.add("role_manager", true);
			page.add("rr", jee.getRoles().getResourceBasedRoles());
			page.add("possible_resource_based_roles", possibleResourceBasedRoles);
			page.add("role_to_add", roleToAdd);
			page.add("role_to_add_name", roleToAddName);
			page.add("current_resource_based_roles", buildResourceRoleList(currentRoles));
		}

		if(request.getParameter("saved") != null) {
			page.add("success", "
Saved changes to " + StringHelper.escapeHtml(g.getName()) + " roles.
");
		} else {
			page.add("success", null);
		}
		page.add("ldap_enabled", jee.getSettings().get("ldap.enabled", "false").equals("true"));
		page.add("breadcrumbs", new Breadcrumb("People", "/people"));
		page.add("breadcrumbs", new Breadcrumb("Groups", "/groups"));
		page.add("breadcrumbs", new Breadcrumb(g.getName() + " Roles", null));
		page.add("auth", u.getFormAuthToken());

		response.getWriter().write(page.render());
	}

	/**
	 * User roles filtered by ones that are resource restricted.
	 */
	public List> buildResourceRoleList(List currentRoles) throws IOException {
		List> currentResourceBasedRoles = new LinkedList<>();
		for(base.security.PersonRole r : currentRoles) {
			if(r.getUid() != null) {
				Map info = new Hashtable<>();
				info.put("role", r.getRole());
				info.put("uid", r.getUid());
				Role role = jee.getRoles().getRole(r.getRole());
				if(role == null) {
					continue;
				}
				info.put("name", role.getName());
				KeyValue rs = jee.getRoles().getResourceLookup(r.getResource()).lookup(r.getUid());
				if(rs != null) {
					info.put("resource", rs.getValue());
				} else {
					info.put("resource", "Unknown/missing record: " + r.getUid());
				}
				currentResourceBasedRoles.add(info);
			}
		}
		return currentResourceBasedRoles;
	}

	/**
	 * Build the list of available roles, associated with a "selected" indicator for this person
	 */
	public static List> buildNonResourceBasedRoleList(JeeBase jee, User user, UUID uuid, List curerntRoles, HttpServletRequest request) throws IOException {
		List> roles = new LinkedList<>();

		//TODO: What is the use rand uuid used for?!?

		for(Role role : jee.getRoles().nonResourceBasedRoles) {
			Map i = new Hashtable<>();
			i.put("role", role);
			if(request.getParameter("first_name") != null) {
				i.put("selected", request.getParameter("role_" + role.getRole()) != null && request.getParameter("role_" + role.getRole()).equals("true"));
			} else {
				for(base.security.PersonRole rl : curerntRoles) {
					if(rl.getRole().equals(role.getRole())) {
						i.put("selected", true);
						break;
					}
				}
			}
			if(!i.containsKey("selected")) {
				i.put("selected", false);
			}
			roles.add(i);
		}

		return roles;
	}

}