View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.modules.actions.portlets.security;
18  
19  // java util
20  import java.util.Iterator;
21  import java.util.Vector;
22  
23  import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
24  import org.apache.jetspeed.om.profile.Portlets;
25  import org.apache.jetspeed.om.profile.Profile;
26  import org.apache.jetspeed.om.profile.ProfileLocator;
27  import org.apache.jetspeed.om.security.Group;
28  import org.apache.jetspeed.om.security.GroupRole;
29  import org.apache.jetspeed.om.security.JetspeedUser;
30  import org.apache.jetspeed.om.security.Role;
31  import org.apache.jetspeed.portal.portlets.VelocityPortlet;
32  import org.apache.jetspeed.services.JetspeedSecurity;
33  import org.apache.jetspeed.services.Profiler;
34  import org.apache.jetspeed.services.PsmlManager;
35  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
36  import org.apache.jetspeed.services.logging.JetspeedLogger;
37  import org.apache.jetspeed.services.resources.JetspeedResources;
38  import org.apache.jetspeed.services.rundata.JetspeedRunData;
39  import org.apache.jetspeed.util.PortletUtils;
40  import org.apache.turbine.util.RunData;
41  import org.apache.turbine.util.StringUtils;
42  import org.apache.velocity.context.Context;
43  
44  
45  /***
46   * This action sets up the template context for editing security group roles
47   * for a given user.
48   *
49   * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
50   * @version $Id: UserGroupRoleUpdateAction.java,v 1.3 2004/03/31 04:49:10 morciuch Exp $
51   */
52  public class UserGroupRoleUpdateAction extends SecureVelocityPortletAction
53  {
54  
55      /***
56       * Static initialization of the logger for this class
57       */    
58      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(UserRoleUpdateAction.class.getName());     
59  
60      /***
61       * Build the maximized state content for this portlet. (Same as normal state).
62       *
63       * @param portlet The velocity-based portlet that is being built.
64       * @param context The velocity context for this request.
65       * @param rundata The turbine rundata context for this request.
66       */
67      protected void buildMaximizedContext( VelocityPortlet portlet,
68                                            Context context,
69                                            RunData rundata )
70      {
71          buildNormalContext( portlet, context, rundata);
72      }
73  
74      /***
75       * Build the configure state content for this portlet.
76       *
77       * @param portlet The velocity-based portlet that is being built.
78       * @param context The velocity context for this request.
79       * @param rundata The turbine rundata context for this request.
80       */
81      protected void buildConfigureContext( VelocityPortlet portlet,
82                                            Context context,
83                                            RunData rundata )
84      {
85  
86          buildNormalContext( portlet, context, rundata);
87      }
88  
89      /***
90       * Build the normal state content for this portlet.
91       *
92       * @param portlet The velocity-based portlet that is being built.
93       * @param context The velocity context for this request.
94       * @param rundata The turbine rundata context for this request.
95       */
96      protected void buildNormalContext( VelocityPortlet portlet,
97                                         Context context,
98                                         RunData rundata )
99      {
100         try
101         {
102 
103             //
104             // check to see if we are adding a role for a single user
105             //
106             String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
107             if (entityid == null || entityid.trim().length() == 0)
108             {
109                 return;
110             }
111 
112             buildUserGroupRoleContext(portlet, context, rundata, entityid);
113 
114             //
115             // if there was an error, display the message
116             //
117             String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
118             if (msgid != null)
119             {
120                 int id = Integer.parseInt(msgid);
121                 if (id < SecurityConstants.MESSAGES.length)
122                     context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
123             }
124 
125         }
126         catch (Exception e)
127         {
128             logger.error("Error in Jetspeed User Group Role Security", e);
129             rundata.setMessage("Error in Jetspeed User Group Role Security: " + e.toString());
130             rundata.setStackTrace(StringUtils.stackTrace(e), e);
131             rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
132         }
133     }
134 
135 
136     /***
137      * Appends profile for specified role to the end of profile for specified user
138      * 
139      * @param user   User to append to
140      * @param role   Role to append from
141      * @exception Exception
142      */
143     private void appendNewRoleProfile(JetspeedRunData jdata, JetspeedUser user, Role role)
144     throws Exception
145     {
146         // Retrieve the role profile
147         ProfileLocator roleLocator = Profiler.createLocator();
148         roleLocator.setRole(role);
149         roleLocator.setMediaType(jdata.getCapability().getPreferredMediaType());
150         roleLocator.setName("default.psml");
151         Profile roleProfile = Profiler.getProfile(roleLocator);
152         if (roleProfile != null)
153         {
154             if (logger.isDebugEnabled())
155             {
156                 logger.debug("UserGroupRoleUpdateAction: retrieved profile for role: " + roleProfile.getPath());
157             }
158         }
159 
160         // Retrieve the user profile
161         ProfileLocator userLocator = Profiler.createLocator();
162         userLocator.setUser(user);
163         userLocator.setMediaType(jdata.getCapability().getPreferredMediaType());
164         userLocator.setName("default.psml");
165         Profile userProfile = Profiler.getProfile(userLocator);
166         if (userProfile != null)
167         {
168             if (logger.isDebugEnabled())
169             {
170                 logger.debug("UserGroupRoleUpdateAction: retrieved profile for user: " + userProfile.getPath());
171             }
172         }
173 
174         // Append role profile to user profile
175         if (roleProfile != null && 
176             roleProfile.getDocument() != null && 
177             userProfile != null && 
178             userProfile.getDocument() != null)
179         {
180             Profile tmpProfile = (Profile) roleProfile.clone();
181             Portlets rolePortlets = tmpProfile.getDocument().getPortlets();
182             Portlets userPortlets = userProfile.getDocument().getPortlets();
183 
184             // Handle pane based profile
185             if (rolePortlets.getPortletsCount() > 0)
186             {
187                 for (int i = 0; i < rolePortlets.getPortletsCount(); i++)
188                 {
189                     Portlets pane = rolePortlets.getPortlets(i);
190                     pane.setLayout(null);                            
191                     userPortlets.addPortlets(pane);
192                     if (logger.isDebugEnabled())
193                     {
194                         logger.debug("UserRoleUpdateAction: appended pane: " + pane.getId() + " to user: " + user.getUserName());
195                     }
196                 }
197             }
198             // Handle profile with no panes
199             else
200             {
201                 if (rolePortlets.getTitle() == null)
202                 {
203                     String title = org.apache.turbine.util.StringUtils.firstLetterCaps(roleProfile.getRoleName());
204                     rolePortlets.setTitle(title + " Home");
205                 }
206                 rolePortlets.setLayout(null);
207                 userPortlets.addPortlets(rolePortlets);
208             }
209 
210             // Regenerate ids
211             PortletUtils.regenerateIds(userPortlets);
212 
213             // Save the user profile
214             PsmlManager.store(userProfile);
215         }
216     }
217 
218     /***
219      * Build the context for a role browser for a specific user.
220      *
221      * @param portlet The velocity-based portlet that is being built.
222      * @param context The velocity context for this request.
223      * @param rundata The turbine rundata context for this request.
224      * @param userid The userid of the user that we are building a role context for.
225      */
226     private void buildUserGroupRoleContext(VelocityPortlet portlet,
227                                            Context context,
228                                            RunData rundata,
229                                            String userid)
230     throws Exception
231     {
232         // get the user object
233         JetspeedUser user = JetspeedSecurity.getUser(userid);
234         if (null == user)
235         {
236             // no User found
237             logger.error("UserGroupRoleBrowser: Failed to get user: " + userid );
238             return;
239         }
240         // get master list of roles
241         Iterator roles = JetspeedSecurity.getRoles();
242 		Vector masterRoles = new Vector();
243 		while (roles.hasNext())
244 		{
245 			Role role = (Role) roles.next();
246 			masterRoles.add(role);
247 		}
248 
249         Iterator groups = JetspeedSecurity.getGroups();
250         Vector masterGroups = new Vector();
251 		while (groups.hasNext())
252 		{
253 			Group group = (Group) groups.next();
254 			masterGroups.add(group);
255 		}
256                 
257         Vector selected = new Vector();
258         Iterator groupRoles = JetspeedSecurity.getRoles(userid);
259 		while (groupRoles.hasNext())
260 		{
261 			GroupRole gr = (GroupRole) groupRoles.next();
262 			selected.add(gr.getGroup().getName() + gr.getRole().getName());
263 		}
264 
265         rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, masterRoles);
266 		rundata.getUser().setTemp(SecurityConstants.CONTEXT_GROUPS, masterGroups);        
267         rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
268         
269         context.put(SecurityConstants.CONTEXT_USER, user);
270         context.put(SecurityConstants.CONTEXT_ROLES, masterRoles);
271 		context.put(SecurityConstants.CONTEXT_GROUPS, masterGroups);
272         context.put(SecurityConstants.CONTEXT_SELECTED, selected);
273 
274     }
275 
276     /***
277      * Update the roles that are to assigned to a user
278      * for a project.
279      */
280     public void doRoles(RunData data, Context context)
281     throws Exception
282     {
283         /*
284          * Get the user we are trying to update. The username
285          * has been hidden in the form so we will grab the
286          * hidden username and use that to retrieve the
287          * user.
288          */
289         String username = data.getParameters().getString("username");
290         JetspeedUser user = JetspeedSecurity.getUser(username);
291 
292         /*
293          * Grab all the Groups and Roles in the system.
294          */
295         for (Iterator groups = JetspeedSecurity.getGroups(); groups.hasNext();)
296         {
297             String groupName = ((Group) groups.next()).getName();
298 
299             for (Iterator roles = JetspeedSecurity.getRoles(); roles.hasNext();)
300             {
301                 /*
302                  * In the UserRoleForm.vm we made a checkbox
303                  * for every possible Group/Role combination
304                  * so we will compare every possible combination
305                  * with the values that were checked off in
306                  * the form. If we have a match then we will
307                  * grant the user the role in the group.
308                  */
309                 Role role = (Role) roles.next();
310                 String roleName = role.getName();
311                 String groupRole = groupName + roleName;
312 
313                 String formGroupRole = data.getParameters().getString(groupRole);
314 
315                 if (formGroupRole != null && JetspeedSecurity.hasRole(username, roleName, groupName) == false)
316                 {
317                     JetspeedSecurity.grantRole(username, roleName, groupName);
318                     
319 					// If role profile merging is active, append profile for the new role
320 					if (Profiler.useRoleProfileMerging())
321 					{
322 						appendNewRoleProfile((JetspeedRunData) data, user, role);
323 					}                    
324                 }
325                 else if (formGroupRole == null && JetspeedSecurity.hasRole(username, roleName, groupName))
326                 {
327                     JetspeedSecurity.revokeRole(username, roleName, groupName);
328                 }
329             }
330         }
331     }
332 
333 
334 }