portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject cvs commit: jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security PermissionBrowserAction.java PermissionUpdateAction.java SecurityConstants.java RoleBrowserAction.java RoleUpdateAction.java UserBrowserAction.java UserUpdateAction.java
Date Mon, 02 Jul 2001 07:33:50 GMT
taylor      01/07/02 00:33:49

  Modified:    src/java/org/apache/jetspeed/modules/actions
                        CreateNewUserAndConfirm.java
               src/java/org/apache/jetspeed/modules/actions/portlets
                        VelocityPortletAction.java
               src/java/org/apache/jetspeed/modules/actions/portlets/security
                        RoleBrowserAction.java RoleUpdateAction.java
                        UserBrowserAction.java UserUpdateAction.java
  Added:       src/java/org/apache/jetspeed/modules/actions/portlets/security
                        PermissionBrowserAction.java
                        PermissionUpdateAction.java SecurityConstants.java
  Log:
  - added security permission browser and update actions
  - completed work on security user and role browsers and update actions
  - fixed bug in CreateNewUserAndConfirm to go to default page after adding new user (with email option disabled)
  - put in checks for null into VelocityPortletAction, i was having some problems there
  
  Revision  Changes    Path
  1.19      +6 -1      jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java
  
  Index: CreateNewUserAndConfirm.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/CreateNewUserAndConfirm.java,v
  retrieving revision 1.18
  retrieving revision 1.19
  diff -u -r1.18 -r1.19
  --- CreateNewUserAndConfirm.java	2001/06/28 08:49:38	1.18
  +++ CreateNewUserAndConfirm.java	2001/07/02 07:33:38	1.19
  @@ -75,6 +75,7 @@
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.GenerateUniqueId;
   import org.apache.turbine.util.StringUtils;
  +import org.apache.turbine.util.DynamicURI;
   
   // turbine.om
   import org.apache.turbine.om.security.User;
  @@ -244,7 +245,11 @@
   
             // bring logged on user to homepage with internal redirect
             //data.setScreenTemplate(TurbineTemplate.getDefaultScreen());
  -          data.setScreenTemplate("Home.vm");
  +          //data.setScreenTemplate("Home.vm");
  +          DynamicURI duri = new DynamicURI (data);
  +          duri.addPathInfo(JetspeedResources.PATH_TEMPLATE_KEY, "Home.vm");
  +          data.getResponse().sendRedirect(duri.toString());
  +
           }
           catch ( Exception e )
           {
  
  
  
  1.3       +20 -15    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/VelocityPortletAction.java
  
  Index: VelocityPortletAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/VelocityPortletAction.java,v
  retrieving revision 1.2
  retrieving revision 1.3
  diff -u -r1.2 -r1.3
  --- VelocityPortletAction.java	2001/06/25 10:53:39	1.2
  +++ VelocityPortletAction.java	2001/07/02 07:33:42	1.3
  @@ -111,7 +111,7 @@
               catch (NoSuchMethodException e)
               {
                   // no event selected
  -                doPerform(rundata);
  +                doPerform(rundata, context);
               }
           }
       }
  @@ -143,22 +143,27 @@
   
       public void doPerform( RunData rundata, Context context )
       {
  -        VelocityPortlet portlet = (VelocityPortlet)context.get( "portlet" );
  -
  -        // we're bein configured
  -        if ( portlet.getName().equals( PortalState.getCustomized( rundata ) ) )
  -        {
  -            buildConfigureContext( portlet, context, rundata);
  -            return;
  -        }
  +        VelocityPortlet portlet = null;
           
  -        // we're maximized
  -        if ( portlet.getName().equals( PortalState.getMaximized( rundata ) ) )
  +        if (context != null)
  +            portlet = (VelocityPortlet)context.get( "portlet" );
  +
  +        if (portlet != null)
           {
  -            buildMaximizedContext( portlet, context, rundata);
  -            return;
  -        }
  -        
  +            // we're bein configured
  +            if ( portlet.getName().equals( PortalState.getCustomized( rundata ) ) )
  +            {
  +                buildConfigureContext( portlet, context, rundata);
  +                return;
  +            }
  +            
  +            // we're maximized
  +            if ( portlet.getName().equals( PortalState.getMaximized( rundata ) ) )
  +            {
  +                buildMaximizedContext( portlet, context, rundata);
  +                return;
  +            }
  +        }        
           buildNormalContext( portlet, context, rundata);
       }
   
  
  
  
  1.2       +38 -25    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java
  
  Index: RoleBrowserAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- RoleBrowserAction.java	2001/06/11 07:09:02	1.1
  +++ RoleBrowserAction.java	2001/07/02 07:33:44	1.2
  @@ -54,27 +54,34 @@
    
   package org.apache.jetspeed.modules.actions.portlets.security;
   
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  -import org.apache.jetspeed.services.Registry;
  -import org.apache.jetspeed.om.newregistry.RegistryEntry;
  +// velocity
  +import org.apache.velocity.context.Context;
   
  -// Turbine stuff
  +// turbine util
   import org.apache.turbine.util.Log;
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.StringUtils;
  +import org.apache.turbine.util.DynamicURI;
   
  -import org.apache.jetspeed.services.JetspeedSecurity;
  -import org.apache.turbine.om.security.Role;
   import org.apache.turbine.util.security.RoleSet;
   import org.apache.turbine.util.db.Criteria;
  +
  +// turbine om 
  +import org.apache.turbine.om.security.Role;
  +import org.apache.turbine.om.security.User;
  +
  +// turbine security
  +import org.apache.turbine.util.security.EntityExistsException;
   import org.apache.turbine.util.security.DataBackendException;
   
  -// Velocity Stuff
  -import org.apache.velocity.context.Context;
  +// jetspeed services
  +import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.resources.JetspeedResources;
  +
  +// jetspeed velocity
  +import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   
  -import java.util.Vector;
  -import java.util.Iterator;
   
   /**
    * This action sets up the template context for browsing of security roles in the Turbine database. 
  @@ -84,9 +91,11 @@
   public class RoleBrowserAction extends VelocityPortletAction
   {
       /** 
  -     * Subclasses should override this method if they wish to
  -     * build specific content when maximized. Default behavior is
  -     * to do the same as normal content.
  +     * Build the maximized state content for this portlet. (Same as normal state).
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildMaximizedContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -96,9 +105,12 @@
       }
   
       /** 
  -     * Subclasses should override this method if they wish to
  -     * provide their own customization behavior.
  -     * Default is to use Portal base customizer action
  +     * Build the configure state content for this portlet.
  +     * TODO: we could configure this portlet with configurable skins, etc..
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildConfigureContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -106,12 +118,14 @@
       {
   
           buildNormalContext( portlet, context, rundata);        
  -        setTemplate(rundata, "role-browser.vm");        
       }
   
       /** 
  -     * Subclasses must override this method to provide default behavior 
  -     * for the portlet action
  +     * Build the normal state content for this portlet.
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildNormalContext( VelocityPortlet portlet, 
                                          Context context,
  @@ -121,18 +135,17 @@
           {
               Criteria criteria = new Criteria();
               RoleSet roles = JetspeedSecurity.getRoles(criteria);
  -            context.put("roles", roles.getRolesArray());
  +            context.put(SecurityConstants.CONTEXT_ROLES, roles.getRolesArray());
           }
           catch (DataBackendException e)
           {
  +           // log the error msg
  +            Log.error(e);
  +
               rundata.setMessage("Error in Jetspeed Role Security: " + e.toString());
               rundata.setStackTrace(StringUtils.stackTrace(e), e);
               rundata.setScreenTemplate("Error.vm");            
           }
  -    }
  -
  -    public void doUpdate(RunData data, Context context)
  -    {
       }
   
   }
  
  
  
  1.2       +195 -89   jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java
  
  Index: RoleUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- RoleUpdateAction.java	2001/06/11 07:09:02	1.1
  +++ RoleUpdateAction.java	2001/07/02 07:33:45	1.2
  @@ -54,32 +54,30 @@
    
   package org.apache.jetspeed.modules.actions.portlets.security;
   
  -import java.util.Vector;
  -import java.util.Iterator;
  -import java.util.Date;
  -
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  -import org.apache.jetspeed.services.Registry;
  -import org.apache.jetspeed.om.newregistry.RegistryEntry;
  +// velocity
  +import org.apache.velocity.context.Context;
   
  -// Turbine stuff
  +// turbine util
   import org.apache.turbine.util.Log;
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.modules.ActionLoader;
  +import org.apache.turbine.util.DynamicURI;
   
  -import org.apache.jetspeed.services.JetspeedSecurity;
  +// turbine om 
   import org.apache.turbine.om.security.Role;
   import org.apache.turbine.om.security.User;
  -import org.apache.turbine.util.db.Criteria;
  -import org.apache.turbine.util.security.DataBackendException;
  +
  +// turbine security
   import org.apache.turbine.util.security.EntityExistsException;
  -import org.apache.turbine.util.security.UnknownEntityException;
   
  +// jetspeed services
  +import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.resources.JetspeedResources;
   
  -// Velocity Stuff
  -import org.apache.velocity.context.Context;
  +// jetspeed velocity
  +import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  +
   
   /**
    * This action sets up the template context for editing security roles in the Turbine database. 
  @@ -88,10 +86,14 @@
    */
   public class RoleUpdateAction extends VelocityPortletAction
   {
  +    private static final String TEMP_ROLE = "tempRole";
  +
       /** 
  -     * Subclasses should override this method if they wish to
  -     * build specific content when maximized. Default behavior is
  -     * to do the same as normal content.
  +     * Build the maximized state content for this portlet. (Same as normal state).
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildMaximizedContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -101,9 +103,12 @@
       }
   
       /** 
  -     * Subclasses should override this method if they wish to
  -     * provide their own customization behavior.
  -     * Default is to use Portal base customizer action
  +     * Build the configure state content for this portlet.
  +     * TODO: we could configure this portlet with configurable skins, etc..
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildConfigureContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -111,12 +116,14 @@
       {
   
           buildNormalContext( portlet, context, rundata);        
  -        setTemplate(rundata, "role-form.vm");        
       }
   
       /** 
  -     * Subclasses must override this method to provide default behavior 
  -     * for the portlet action
  +     * Build the normal state content for this portlet.
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildNormalContext( VelocityPortlet portlet, 
                                          Context context,
  @@ -129,118 +136,217 @@
               /*
                * Grab the mode for the user form.
                */
  -            String mode = rundata.getParameters().getString("mode");
  -    
  -            if (mode.equals("modify") || mode.equals("delete"))
  +            String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
  +
  +            //
  +            // if we are updating or deleting - put the name in the context
  +            //
  +            if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) || 
  +                                 mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
               {
  -                String rolename = rundata.getParameters().getString("rolename");
  +                // get the primary key and put the object in the context
  +                String rolename = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
                   role = JetspeedSecurity.getRole(rolename);
  -                context.put("role", role);
  +                context.put(SecurityConstants.CONTEXT_ROLE, role);
               }
  -    
  -            context.put("mode", mode);
  +
  +            //
  +            // if there was an error, display the message
  +            //
  +            String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
  +            if (msgid != null)
  +            {
  +                int id = Integer.parseInt(msgid);
  +                if (id < SecurityConstants.MESSAGES.length)
  +                    context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
  +
  +                // get the bad entered data and put it back for convenient update
  +                Role tempRole = (Role)rundata.getUser().getTemp(TEMP_ROLE);
  +                if (tempRole != null)
  +                    context.put(SecurityConstants.CONTEXT_ROLE, tempRole);
  +            }
  +            context.put(SecurityConstants.PARAM_MODE, mode);
   
           }
           catch (Exception e)
           {
  +            Log.error(e);
               rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
               rundata.setStackTrace(StringUtils.stackTrace(e), e);
               rundata.setScreenTemplate("Error.vm");            
           }
       }
   
  +    /** 
  +     * Database Insert Action for Security Roles. Performs inserts into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
  +     */
       public void doInsert(RunData rundata, Context context)
           throws Exception
       {
  -        //Role role = new Role();
  -        Role role = JetspeedSecurity.getNewRole(null);
  -        rundata.getParameters().setProperties(role);
  -
  -        String name = rundata.getParameters().getString("rolename");
  -
  +        Role role = null;
           try
  -        {
  +        {    
  +            // 
  +            // validate that its not an 'blank' rolename -- not allowed
  +            //
  +            String name = rundata.getParameters().getString("name");        
  +            if (name == null || name.trim().length() == 0)
  +            {
  +                DynamicURI duri = new DynamicURI (rundata);
  +                duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
  +                duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
  +                rundata.getResponse().sendRedirect(duri.toString());
  +                rundata.getUser().setTemp(TEMP_ROLE, null);
  +                return;
  +            }
  +
  +            //
  +            // generate a new role
  +            //
  +            role = JetspeedSecurity.getNewRole(name);
  +
  +            //
  +            // add the role
  +            ///
               JetspeedSecurity.addRole(role);
  -            // bring user back to browser
  -            // FIXME: this doesn't work
  -            ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
  +
  +            //
  +            // success -- bring user back to role browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
   
           }
  -        catch (EntityExistsException eee)
  +        catch (EntityExistsException e)
           {
  -            context.put("rolename", name);
  -            // TODO: handle these errors
  -            context.put("errorTemplate", "/screens/role/FluxRoleAlreadyExists.vm");
  -            context.put("role", role);
  -            /*
  -             * We are still in insert mode. So keep this
  -             * value alive.
  -             */
  -            rundata.getParameters().add("mode", "insert");
  -            setTemplate(rundata, "/role/FluxRoleForm.vm");
  -        }
  +            // log the error msg
  +            Log.error(e);
   
  +            //
  +            // dup key found - display error message - bring back to same screen
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +            // save values that user just entered so they don't have to re-enter
  +           if (role != null)
  +               rundata.getUser().setTemp(TEMP_ROLE, role);
  +        }
       }
   
  -    /**
  -     * ActionEvent responsible updating a user
  -     * in the Tambora system. Must check the input
  -     * for integrity before allowing the user info
  -     * to be update in the database.
  +    /** 
  +     * Database Update Action for Security Roles. Performs updates into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
        */
       public void doUpdate(RunData rundata, Context context)
           throws Exception
       {
  -        Role role = JetspeedSecurity.getRole(
  -            rundata.getParameters().getString("rolename"));
  -        
  -        rundata.getParameters().setProperties(role);
  -        
  +        Role role = null;        
           try
           {
  +            // 
  +            // get the role object from the selected role entry in the browser
  +            //
  +            role = JetspeedSecurity.getRole( 
  +                     rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));        
  +
  +            //
  +            // update the role in the database
  +            //
               JetspeedSecurity.saveRole(role);
  +
  +            //
  +            // success -- bring user back to role browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
           }
  -        catch (UnknownEntityException uee)
  +        catch (Exception e)
           {
  -            /*
  -             * Should do something here but I still
  -             * think we should use the an id so that
  -             * this can't happen.
  -             */
  -        }
  +           // log the error msg
  +            Log.error(e);
   
  -        // bring user back to browser
  -        // FIXME: this doesn't work
  -        ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
  +            //
  +            // error on update - display error message
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
  +            if (role != null)
  +                duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
  +            duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +           // save values that user just entered so they don't have to re-enter
  +           if (role != null)
  +               rundata.getUser().setTemp(TEMP_ROLE, role);
   
  +        }
       }
   
  -    /**
  -     * ActionEvent responsible for removing a user
  -     * from the Tambora system.
  +    /** 
  +     * Database Delete Action for Security Roles. Performs deletes into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
        */
       public void doDelete(RunData rundata, Context context)
           throws Exception
       {
  -        Role role = JetspeedSecurity.getRole(
  -            rundata.getParameters().getString("rolename"));
  +        Role role = null;
   
           try
           {
  +            // 
  +            // get the role object from the selected role entry in the browser
  +            //
  +            role = JetspeedSecurity.getRole( 
  +                        rundata.getParameters().getString( SecurityConstants.PARAM_ENTITY_ID) );
  +
  +            //
  +            // remove the role
  +            //
               JetspeedSecurity.removeRole(role);
  +
  +            //
  +            // success -- bring user back to role browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
           }
  -        catch (UnknownEntityException uee)
  +        catch (Exception e)
           {
  -            /*
  -             * Should do something here but I still
  -             * think we should use the an id so that
  -             * this can't happen.
  -             */
  -        }
  +           // log the error msg
  +            Log.error(e);
  +
  +            //
  +            // error on delete - display error message
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
  +            if (role != null)
  +                duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName());
  +            duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +            // save values that user just entered so they don't have to re-enter
  +           if (role != null)
  +               rundata.getUser().setTemp(TEMP_ROLE, role);
   
  -       // bring user back to browser
  -        // FIXME: this doesn't work
  -        ActionLoader.getInstance().exec( rundata, "portlets.security.RoleBrowserAction" );
  +        }
   
       }
   
  
  
  
  1.2       +39 -27    jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserBrowserAction.java
  
  Index: UserBrowserAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserBrowserAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- UserBrowserAction.java	2001/06/11 07:09:03	1.1
  +++ UserBrowserAction.java	2001/07/02 07:33:45	1.2
  @@ -54,26 +54,32 @@
    
   package org.apache.jetspeed.modules.actions.portlets.security;
   
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  -import org.apache.jetspeed.services.Registry;
  -import org.apache.jetspeed.om.newregistry.RegistryEntry;
  +// velocity
  +import org.apache.velocity.context.Context;
   
  -// Turbine stuff
  +// turbine util
   import org.apache.turbine.util.Log;
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.StringUtils;
  +import org.apache.turbine.util.DynamicURI;
   
  -import org.apache.jetspeed.services.JetspeedSecurity;
  -import org.apache.turbine.om.security.User;
  +import org.apache.turbine.util.security.RoleSet;
   import org.apache.turbine.util.db.Criteria;
  +
  +// turbine om 
  +import org.apache.turbine.om.security.User;
  +
  +// turbine security
  +import org.apache.turbine.util.security.EntityExistsException;
   import org.apache.turbine.util.security.DataBackendException;
   
  -// Velocity Stuff
  -import org.apache.velocity.context.Context;
  +// jetspeed services
  +import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.resources.JetspeedResources;
   
  -import java.util.Vector;
  -import java.util.Iterator;
  +// jetspeed velocity
  +import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   
   /**
    * This action sets up the template context for browsing of users in the Turbine database. 
  @@ -83,9 +89,11 @@
   public class UserBrowserAction extends VelocityPortletAction
   {
       /** 
  -     * Subclasses should override this method if they wish to
  -     * build specific content when maximized. Default behavior is
  -     * to do the same as normal content.
  +     * Build the maximized state content for this portlet. (Same as normal state).
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildMaximizedContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -95,9 +103,12 @@
       }
   
       /** 
  -     * Subclasses should override this method if they wish to
  -     * provide their own customization behavior.
  -     * Default is to use Portal base customizer action
  +     * Build the configure state content for this portlet.
  +     * TODO: we could configure this portlet with configurable skins, etc..
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildConfigureContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -105,33 +116,34 @@
       {
   
           buildNormalContext( portlet, context, rundata);        
  -        setTemplate(rundata, "user-browser.vm");        
       }
   
       /** 
  -     * Subclasses must override this method to provide default behavior 
  -     * for the portlet action
  +     * Build the normal state content for this portlet.
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildNormalContext( VelocityPortlet portlet, 
                                          Context context,
                                          RunData rundata )
  -    {
  +    {    
           try
           {
               Criteria criteria = new Criteria();
               User[] users = JetspeedSecurity.getUsers(criteria);
  -            context.put("users", users);
  +            context.put(SecurityConstants.CONTEXT_USERS, users);
           }
           catch (DataBackendException e)
           {
  +          // log the error msg
  +            Log.error(e);
  +
               rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
               rundata.setStackTrace(StringUtils.stackTrace(e), e);
               rundata.setScreenTemplate("Error.vm");            
           }
       }
  -
  -    public void doUpdate(RunData data, Context context)
  -    {
  -    }
  -
  +     
   }
  
  
  
  1.2       +254 -108  jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java
  
  Index: UserUpdateAction.java
  ===================================================================
  RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserUpdateAction.java,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- UserUpdateAction.java	2001/06/11 07:09:03	1.1
  +++ UserUpdateAction.java	2001/07/02 07:33:46	1.2
  @@ -54,29 +54,32 @@
    
   package org.apache.jetspeed.modules.actions.portlets.security;
   
  -import java.util.Vector;
  -import java.util.Iterator;
  +// java util
   import java.util.Date;
   
  -import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  -import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  -import org.apache.jetspeed.services.Registry;
  -import org.apache.jetspeed.om.newregistry.RegistryEntry;
  +// velocity context
  +import org.apache.velocity.context.Context;
   
  -// Turbine stuff
  +// turbine util
   import org.apache.turbine.util.Log;
   import org.apache.turbine.util.RunData;
   import org.apache.turbine.util.StringUtils;
  -import org.apache.turbine.modules.ActionLoader;
  +import org.apache.turbine.util.DynamicURI;
   
  -import org.apache.jetspeed.services.JetspeedSecurity;
  +// turbine om security
   import org.apache.turbine.om.security.User;
   import org.apache.turbine.util.db.Criteria;
   import org.apache.turbine.util.security.DataBackendException;
  +import org.apache.turbine.util.security.EntityExistsException;
   
  -// Velocity Stuff
  -import org.apache.velocity.context.Context;
  +// jetspeed velocity
  +import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  +import org.apache.jetspeed.portal.portlets.VelocityPortlet;
   
  +// jetspeed security
  +import org.apache.jetspeed.services.JetspeedSecurity;
  +import org.apache.jetspeed.services.resources.JetspeedResources;
  +
   /**
    * This action sets up the template context for editing users in the Turbine database. 
    * 
  @@ -84,10 +87,13 @@
    */
   public class UserUpdateAction extends VelocityPortletAction
   {
  +    private static final String TEMP_USER = "tempUser";
       /** 
  -     * Subclasses should override this method if they wish to
  -     * build specific content when maximized. Default behavior is
  -     * to do the same as normal content.
  +     * Build the maximized state content for this portlet. (Same as normal state).
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildMaximizedContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -97,9 +103,12 @@
       }
   
       /** 
  -     * Subclasses should override this method if they wish to
  -     * provide their own customization behavior.
  -     * Default is to use Portal base customizer action
  +     * Build the configure state content for this portlet.
  +     * TODO: we could configure this portlet with configurable skins, etc..
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildConfigureContext( VelocityPortlet portlet, 
                                             Context context,
  @@ -111,8 +120,11 @@
       }
   
       /** 
  -     * Subclasses must override this method to provide default behavior 
  -     * for the portlet action
  +     * Build the normal state content for this portlet.
  +     * 
  +     * @param portlet The velocity-based portlet that is being built.
  +     * @param context The velocity context for this request.
  +     * @param rundata The turbine rundata context for this request.
        */
       protected void buildNormalContext( VelocityPortlet portlet, 
                                          Context context,
  @@ -125,129 +137,263 @@
               /*
                * Grab the mode for the user form.
                */
  -            String mode = rundata.getParameters().getString("mode");
  -    
  -            if (mode.equals("modify") || mode.equals("delete"))
  +            String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
  +
  +            if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) || 
  +                                 mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
               {
  -                String username = rundata.getParameters().getString("username");
  +                // get the primary key and put the object in the context
  +                String username = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
                   user = JetspeedSecurity.getUser(username);
  -                context.put("user", user);
  +                context.put(SecurityConstants.CONTEXT_USER, user);
               }
       
  -            context.put("mode", mode);
  +            //
  +            // if there was an error, display the message
  +            //
  +            String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
  +            if (msgid != null)
  +            {
  +                int id = Integer.parseInt(msgid);
  +                if (id < SecurityConstants.MESSAGES.length)
  +                    context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
  +
  +                // get the bad entered data and put it back for convenient update
  +                User tempUser = (User)rundata.getUser().getTemp(TEMP_USER);
  +                if (tempUser != null)
  +                    context.put(SecurityConstants.CONTEXT_USER, tempUser);
  +
  +            }
  +
  +            context.put(SecurityConstants.PARAM_MODE, mode);    
   
           }
           catch (Exception e)
           {
  +            Log.error(e);
               rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
               rundata.setStackTrace(StringUtils.stackTrace(e), e);
               rundata.setScreenTemplate("Error.vm");            
           }
       }
   
  -    /**
  -     * ActionEvent responsible for inserting a new user
  -     * into the Turbine security system.
  +    /** 
  +     * Database Insert Action for Users. Performs inserts into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
        */
  -    public void doInsert(RunData data, Context context)
  +    public void doInsert(RunData rundata, Context context)
           throws Exception
       {
  -        /*
  -         * Create a TamboraUser object here, it will be
  -         * used even if there is an error. It will be
  -         * fed back into the context to give the user
  -         * the chance to correct any errors.
  -         */
  -        User user = JetspeedSecurity.getUserInstance();
  -        data.getParameters().setProperties(user);
  -
  -        /*
  -         * Grab the username entered in the form.
  -         */
  -        String username = data.getParameters().getString("username");
  -        String password = data.getParameters().getString("password");
  -
  -        if (password == null)
  -            password = "";
  -
  -        /*
  -         * Make sure this account doesn't already exist.
  -         * If the account already exists then alert
  -         * the user and make them change the username.
  -         */
  -        if (JetspeedSecurity.accountExists(username))
  -        {
  -            context.put("username", username);
  -            context.put("errorTemplate", "/screens/user/FluxUserAlreadyExists.vm");
  -            context.put("user", user);
  -            /*
  -             * We are still in insert mode. So keep this
  -             * value alive.
  -             */
  -            data.getParameters().add("mode", "insert");
  -            setTemplate(data, "/user/FluxUserForm.vm");
  -        }
  -        else
  +        User user = null;
  +        try
           {
  -            /*
  -             * Set some default date properties, this needs
  -             * to be more rigourous.
  -             */
  -            
  -            Date now = new Date();
  +            // 
  +            // validate that its not an 'blank' rolename -- not allowed
  +            //
  +            String name = rundata.getParameters().getString("username");        
  +            if (name == null || name.trim().length() == 0)
  +            {
  +                DynamicURI duri = new DynamicURI (rundata);
  +                duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +                duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
  +                rundata.getResponse().sendRedirect(duri.toString());
  +                // save values that user just entered so they don't have to re-enter
  +                if (user != null)
  +                   rundata.getUser().setTemp(TEMP_USER, user);
  +                return;
  +            }
  +
  +
  +            // 
  +            // create a new user
  +            //
  +            user = JetspeedSecurity.getUserInstance();
  +            rundata.getParameters().setProperties(user);
  +
  +            String password = rundata.getParameters().getString("password");    
  +            if (password == null)
  +                password = "";
               
  -            //user.setModifiedDate(now);
  +            Date now = new Date();            
               user.setCreateDate(now);
  -            user.setLastLogin(new Date(0));
  +            user.setLastLogin(now);
               
  -            JetspeedSecurity.addUser(user, password);
  +            //
  +            // add the user
  +            ///
  +            JetspeedSecurity.addUser(user, password, rundata);
  +
  +            //
  +            // success -- bring user back to browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +        }
  +        catch (EntityExistsException e)
  +        {
  +            // log the error msg
  +            Log.error(e);
   
  -            // bring user back to browser
  -            // FIXME: this doesn't work
  -            ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
  +            //
  +            // dup key found - display error message - bring back to same screen
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +            // save values that user just entered so they don't have to re-enter
  +            if (user != null)
  +               rundata.getUser().setTemp(TEMP_USER, user);
           }
  +
       }
   
  -    /**
  -     * ActionEvent responsible updating a user
  -     * in the Tambora system. Must check the input
  -     * for integrity before allowing the user info
  -     * to be update in the database.
  +    /** 
  +     * Database Update Action for Users. Performs updates into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
        */
  -    public void doUpdate(RunData data, Context context)
  +    public void doUpdate(RunData rundata, Context context)
           throws Exception
       {
  -        User user = JetspeedSecurity.getUser(data.getParameters().getString("username"));
  -        data.getParameters().setProperties(user);
  +        User user = null;
  +        try
  +        {
  +            // 
  +            // get the user object from the selected entry in the browser
  +            //
  +            user = JetspeedSecurity.getUser(
  +                            rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
  +
  +            String name = rundata.getParameters().getString("username");        
  +            if (name == null || name.trim().length() == 0) 
  +            {
  +                DynamicURI duri = new DynamicURI (rundata);
  +                duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +                duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
  +                if (user != null)
  +                    duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
  +                duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
  +                rundata.getResponse().sendRedirect(duri.toString());
  +                // save values that user just entered so they don't have to re-enter
  +                if (user != null)
  +                   rundata.getUser().setTemp(TEMP_USER, user);
  +                return;
  +            }
   
  -        Date now = new Date();
  +            //
  +            // pull the values off the form and into the user object
  +            //
  +            rundata.getParameters().setProperties(user);    
  +            user.setLastAccessDate();
  +
  +            //
  +            // update the user in the database
  +            //
  +            JetspeedSecurity.saveUser(user);
  +
  +            //
  +            // success -- bring user back to user browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
   
  -        //user.setModifiedDate(now);
  -        user.setCreateDate(now);
  -        user.setLastLogin(new Date(0));
  -        
  -        JetspeedSecurity.saveUser(user);
  -
  -        // bring user back to browser
  -        // FIXME: this doesn't work
  -        ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
  +        }
  +        catch (Exception e)
  +        {
  +           // log the error msg
  +            Log.error(e);
  +
  +            //
  +            // error on update - display error message
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
  +            if (user != null)
  +                duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
  +            duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +            // save values that user just entered so they don't have to re-enter
  +            if (user != null)
  +               rundata.getUser().setTemp(TEMP_USER, user);
  +        }
  +
       }
   
  -    /**
  -     * ActionEvent responsible for removing a user
  -     * from the Tambora system.
  +    /** 
  +     * Database Delete Action for Users. Performs deletes into security database.
  +     * 
  +     * @param rundata The turbine rundata context for this request.
  +     * @param context The velocity context for this request.
        */
  -    public void doDelete(RunData data, Context context)
  +    public void doDelete(RunData rundata, Context context)
           throws Exception
  -    {
  -        User user = JetspeedSecurity.getUser(
  -            data.getParameters().getString("username"));
  -        
  -        JetspeedSecurity.removeUser(user);
  -
  -        // bring user back to browser
  -        // FIXME: this doesn't work
  -        ActionLoader.getInstance().exec( data, "portlets.security.UserBrowserAction" );
  +    {        
  +        User user = null;
  +        try
  +        {
  +            // 
  +            // get the user object from the selected entry in the browser
  +            //
  +            user = JetspeedSecurity.getUser(
  +                       rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
  +
  +            if (rundata.getUser().getUserName().equals(user.getUserName())) 
  +            {
  +                DynamicURI duri = new DynamicURI (rundata);
  +                duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +                duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_CANT_DELETE_CURRENT);
  +                if (user != null)
  +                    duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
  +                duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
  +                rundata.getResponse().sendRedirect(duri.toString());
  +                // save values that user just entered so they don't have to re-enter
  +                if (user != null)
  +                   rundata.getUser().setTemp(TEMP_USER, user);
  +                return;
  +            }
  +
  +            //
  +            // remove the user
  +            //    
  +            JetspeedSecurity.removeUser(user, rundata);
  +
  +            //
  +            // success -- bring user back to user browser
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +        }
  +        catch (Exception e)
  +        {
  +           // log the error msg
  +            Log.error(e);
  +
  +            //
  +            // error on delete - display error message
  +            //
  +            DynamicURI duri = new DynamicURI (rundata);
  +            duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_UPDATE);
  +            duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
  +            if (user != null)
  +                duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName());
  +            duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
  +            rundata.getResponse().sendRedirect(duri.toString());
  +
  +            // save values that user just entered so they don't have to re-enter
  +           if (user != null)
  +               rundata.getUser().setTemp(TEMP_USER, user);
  +
  +        }
       }
   
   }
  
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionBrowserAction.java
  
  Index: PermissionBrowserAction.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
   
  package org.apache.jetspeed.modules.actions.portlets.security;
  
  // velocity
  import org.apache.velocity.context.Context;
  
  // turbine util
  import org.apache.turbine.util.Log;
  import org.apache.turbine.util.RunData;
  import org.apache.turbine.util.StringUtils;
  import org.apache.turbine.util.DynamicURI;
  
  import org.apache.turbine.util.security.PermissionSet;
  import org.apache.turbine.util.db.Criteria;
  
  // turbine om 
  import org.apache.turbine.om.security.Permission;
  import org.apache.turbine.om.security.User;
  
  // turbine security
  import org.apache.turbine.util.security.EntityExistsException;
  import org.apache.turbine.util.security.DataBackendException;
  
  // jetspeed services
  import org.apache.jetspeed.services.JetspeedSecurity;
  import org.apache.jetspeed.services.resources.JetspeedResources;
  
  // jetspeed velocity
  import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  
  
  /**
   * This action sets up the template context for browsing of permissions in the Turbine database. 
   * 
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   */
  public class PermissionBrowserAction extends VelocityPortletAction
  {
      /** 
       * Build the maximized state content for this portlet. (Same as normal state).
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildMaximizedContext( VelocityPortlet portlet, 
                                            Context context,
                                            RunData rundata )
      {
          buildNormalContext( portlet, context, rundata);        
      }
  
      /** 
       * Build the configure state content for this portlet.
       * TODO: we could configure this portlet with configurable skins, etc..
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildConfigureContext( VelocityPortlet portlet, 
                                            Context context,
                                            RunData rundata )
      {
  
          buildNormalContext( portlet, context, rundata);        
      }
  
      /** 
       * Build the normal state content for this portlet.
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildNormalContext( VelocityPortlet portlet, 
                                         Context context,
                                         RunData rundata )
      {
          try
          {
              Criteria criteria = new Criteria();
              PermissionSet permissions = JetspeedSecurity.getPermissions(criteria);
              context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions.getPermissionsArray());
          }
          catch (DataBackendException e)
          {
             // log the error msg
              Log.error(e);
  
              rundata.setMessage("Error in Jetspeed Permission Security: " + e.toString());
              rundata.setStackTrace(StringUtils.stackTrace(e), e);
              rundata.setScreenTemplate("Error.vm");            
          }
      }
  
  }
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/PermissionUpdateAction.java
  
  Index: PermissionUpdateAction.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
   
  package org.apache.jetspeed.modules.actions.portlets.security;
  
  // velocity
  import org.apache.velocity.context.Context;
  
  // turbine util
  import org.apache.turbine.util.Log;
  import org.apache.turbine.util.RunData;
  import org.apache.turbine.util.StringUtils;
  import org.apache.turbine.util.DynamicURI;
  
  // turbine om 
  import org.apache.turbine.om.security.Permission;
  import org.apache.turbine.om.security.User;
  
  // turbine security
  import org.apache.turbine.util.security.EntityExistsException;
  
  // jetspeed services
  import org.apache.jetspeed.services.JetspeedSecurity;
  import org.apache.jetspeed.services.resources.JetspeedResources;
  
  // jetspeed velocity
  import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction;
  import org.apache.jetspeed.portal.portlets.VelocityPortlet;
  
  
  /**
   * This action sets up the template context for editing security permissions in the Turbine database. 
   * 
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   */
  public class PermissionUpdateAction extends VelocityPortletAction
  {
      private static final String TEMP_PERMISSION = "tempPermission";
  
      /** 
       * Build the maximized state content for this portlet. (Same as normal state).
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildMaximizedContext( VelocityPortlet portlet, 
                                            Context context,
                                            RunData rundata )
      {
          buildNormalContext( portlet, context, rundata);        
      }
  
      /** 
       * Build the configure state content for this portlet.
       * TODO: we could configure this portlet with configurable skins, etc..
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildConfigureContext( VelocityPortlet portlet, 
                                            Context context,
                                            RunData rundata )
      {
  
          buildNormalContext( portlet, context, rundata);        
      }
  
      /** 
       * Build the normal state content for this portlet.
       * 
       * @param portlet The velocity-based portlet that is being built.
       * @param context The velocity context for this request.
       * @param rundata The turbine rundata context for this request.
       */
      protected void buildNormalContext( VelocityPortlet portlet, 
                                         Context context,
                                         RunData rundata )
      {
          try
          {
              Permission permission = null;
      
              /*
               * Grab the mode for the user form.
               */
              String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
  
              //
              // if we are updating or deleting - put the name in the context
              //
              if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) || 
                                   mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
              {
                  // get the primary key and put the object in the context
                  String permissionname = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
                  permission = JetspeedSecurity.getPermission(permissionname);
                  context.put(SecurityConstants.CONTEXT_PERMISSION, permission);
              }
  
              //
              // if there was an error, display the message
              //
              String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
              if (msgid != null)
              {
                  int id = Integer.parseInt(msgid);
                  if (id < SecurityConstants.MESSAGES.length)
                      context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
  
                  // get the bad entered data and put it back for convenient update
                  Permission tempPermission = (Permission)rundata.getUser().getTemp(TEMP_PERMISSION);
                  if (tempPermission != null)
                      context.put(SecurityConstants.CONTEXT_PERMISSION, tempPermission);
              }
              context.put(SecurityConstants.PARAM_MODE, mode);
  
          }
          catch (Exception e)
          {
              Log.error(e);
              rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
              rundata.setStackTrace(StringUtils.stackTrace(e), e);
              rundata.setScreenTemplate("Error.vm");            
          }
      }
  
      /** 
       * Database Insert Action for Security Permissions. Performs inserts into security database.
       * 
       * @param rundata The turbine rundata context for this request.
       * @param context The velocity context for this request.
       */
      public void doInsert(RunData rundata, Context context)
          throws Exception
      {
          Permission permission = null;
          try
          {    
              // 
              // validate that its not an 'blank' permissionname -- not allowed
              //
              String name = rundata.getParameters().getString("name");        
              if (name == null || name.trim().length() == 0)
              {
                  DynamicURI duri = new DynamicURI (rundata);
                  duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
                  duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
                  rundata.getResponse().sendRedirect(duri.toString());
                  rundata.getUser().setTemp(TEMP_PERMISSION, null);
                  return;
              }
  
              //
              // generate a new permission
              //
              permission = JetspeedSecurity.getNewPermission(name);
  
              //
              // add the permission
              ///
              JetspeedSecurity.addPermission(permission);
  
              //
              // success -- bring user back to permission browser
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
              rundata.getResponse().sendRedirect(duri.toString());
  
          }
          catch (EntityExistsException e)
          {
              // log the error msg
              Log.error(e);
  
              //
              // dup key found - display error message - bring back to same screen
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
              duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
              rundata.getResponse().sendRedirect(duri.toString());
  
              // save values that user just entered so they don't have to re-enter
             if (permission != null)
                 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
          }
      }
  
      /** 
       * Database Update Action for Security Permissions. Performs updates into security database.
       * 
       * @param rundata The turbine rundata context for this request.
       * @param context The velocity context for this request.
       */
      public void doUpdate(RunData rundata, Context context)
          throws Exception
      {
          Permission permission = null;        
          try
          {
              // 
              // get the permission object from the selected permission entry in the browser
              //
              permission = JetspeedSecurity.getPermission( 
                       rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));        
  
              //
              // update the permission in the database
              //
              JetspeedSecurity.savePermission(permission);
  
              //
              // success -- bring user back to permission browser
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
              rundata.getResponse().sendRedirect(duri.toString());
  
          }
          catch (Exception e)
          {
             // log the error msg
              Log.error(e);
  
              //
              // error on update - display error message
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
              duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
              if (permission != null)
                  duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
              duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
              rundata.getResponse().sendRedirect(duri.toString());
  
             // save values that user just entered so they don't have to re-enter
             if (permission != null)
                 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
  
          }
      }
  
      /** 
       * Database Delete Action for Security Permissions. Performs deletes into security database.
       * 
       * @param rundata The turbine rundata context for this request.
       * @param context The velocity context for this request.
       */
      public void doDelete(RunData rundata, Context context)
          throws Exception
      {
          Permission permission = null;
  
          try
          {
              // 
              // get the permission object from the selected permission entry in the browser
              //
              permission = JetspeedSecurity.getPermission( 
                          rundata.getParameters().getString( SecurityConstants.PARAM_ENTITY_ID) );
  
              //
              // remove the permission
              //
              JetspeedSecurity.removePermission(permission);
  
              //
              // success -- bring user back to permission browser
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_BROWSER);
              rundata.getResponse().sendRedirect(duri.toString());
  
          }
          catch (Exception e)
          {
             // log the error msg
              Log.error(e);
  
              //
              // error on delete - display error message
              //
              DynamicURI duri = new DynamicURI (rundata);
              duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_PERMISSION_UPDATE);
              duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
              if (permission != null)
                  duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
              duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
              rundata.getResponse().sendRedirect(duri.toString());
  
              // save values that user just entered so they don't have to re-enter
             if (permission != null)
                 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
  
          }
  
      }
  
  
  }
  
  
  1.1                  jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java
  
  Index: SecurityConstants.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2000-2001 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *     "Apache Jetspeed" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache" or
   *    "Apache Jetspeed", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   */
   
  package org.apache.jetspeed.modules.actions.portlets.security;
  
  
  /**
   * This class contains all the common constants used between data entry forms and browsers and actions
   * 
   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
   */
  public class SecurityConstants
  {
      // msg id - for error or information messages on data entry forms
      static final String PARAM_MSGID = "msgid";
      // msg - the informational or form message in a form
      static final String PARAM_MSG = "msg";
      // unique entity id - parameter passed between browser forms and update forms
      static final String PARAM_ENTITY_ID = "entityid";
  
      // mode parameter
      static final String PARAM_MODE = "mode";
      // update mode parameter
      static final String PARAM_MODE_UPDATE = "update";
      // delete mode parameter
      static final String PARAM_MODE_DELETE = "delete";
      // insert mode parameter
      static final String PARAM_MODE_INSERT = "insert";
  
      //
      // Context Constants
      //
      static final String CONTEXT_USER = "user";
      static final String CONTEXT_USERS = "users";
      static final String CONTEXT_ROLE = "role";
      static final String CONTEXT_ROLES = "roles";
      static final String CONTEXT_PERMISSION = "permission";
      static final String CONTEXT_PERMISSIONS = "permissions";
      static final String CONTEXT_GROUP = "group";
      static final String CONTEXT_GROUPS = "groups";
  
      // user browser pane id
      static final String PANEID_USER_BROWSER = "User Browser";
      // user form pane id
      static final String PANEID_USER_UPDATE = "User";
      // role browser pane id
      static final String PANEID_ROLE_BROWSER = "Security Role Browser";
      // role form pane id
      static final String PANEID_ROLE_UPDATE = "Role";
      // permission browser pane id
      static final String PANEID_PERMISSION_BROWSER = "Permission Browser";
      // permission form pane id
      static final String PANEID_PERMISSION_UPDATE = "Permission";
      // group browser pane id
      static final String PANEID_GROUP_BROWSER = "Group Browser";
      // group form pane id
      static final String PANEID_GROUP_UPDATE = "Group";
  
      // 
      // Informational and Error Messages for Security Forms
      ///      
      static final String MESSAGES[] = 
      {        
          "Database Update Failure. Please report this error to your Database Administrator.",
          "Database Delete Failure. Please report this error to your Database Administrator.",
          "Invalid Entity Name. Please enter a valid entity name.",
          "Entity Name Already Exists. Please choose another unique, identifying name.",
          "Deletion not allowed. You are trying to delete the currently logged on user."
      };
      //
      // indexes into messages
      //
      static final int MID_UPDATE_FAILED = 0;
      static final int MID_DELETE_FAILED = 1;
      static final int MID_INVALID_ENTITY_NAME = 2;
      static final int MID_ENTITY_ALREADY_EXISTS = 3;
      static final int MID_CANT_DELETE_CURRENT = 4;
  
  };
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org


Mime
View raw message