1/*2 * Copyright 2000-2001,2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.modules.actions.portlets.security;
1819// velocity20import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
21import org.apache.jetspeed.om.security.JetspeedPermissionFactory;
22import org.apache.jetspeed.om.security.Permission;
23import org.apache.jetspeed.portal.portlets.VelocityPortlet;
24import org.apache.jetspeed.services.JetspeedSecurity;
25import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
26import org.apache.jetspeed.services.logging.JetspeedLogger;
27import org.apache.jetspeed.services.resources.JetspeedResources;
28import org.apache.jetspeed.services.security.JetspeedSecurityException;
29import org.apache.turbine.util.DynamicURI;
30import org.apache.turbine.util.RunData;
31import org.apache.turbine.util.StringUtils;
32import org.apache.velocity.context.Context;
333435/***36 * This action sets up the template context for editing security permissions in the Turbine database.37 *38 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>39 * @version $Id: PermissionUpdateAction.java,v 1.9 2004/03/31 04:49:10 morciuch Exp $40 */41publicclassPermissionUpdateActionextendsSecureVelocityPortletAction42 {
43privatestaticfinal String TEMP_PERMISSION = "tempPermission";
4445/***46 * Static initialization of the logger for this class47 */48privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(PermissionUpdateAction.class.getName());
4950/***51 * Build the maximized state content for this portlet. (Same as normal state).52 *53 * @param portlet The velocity-based portlet that is being built.54 * @param context The velocity context for this request.55 * @param rundata The turbine rundata context for this request.56 */57protectedvoid buildMaximizedContext( VelocityPortlet portlet,
58 Context context,
59 RunData rundata )
60 {
61 buildNormalContext( portlet, context, rundata);
62 }
6364/***65 * Build the configure state content for this portlet.66 * TODO: we could configure this portlet with configurable skins, etc..67 *68 * @param portlet The velocity-based portlet that is being built.69 * @param context The velocity context for this request.70 * @param rundata The turbine rundata context for this request.71 */72protectedvoid buildConfigureContext( VelocityPortlet portlet,
73 Context context,
74 RunData rundata )
75 {
7677 buildNormalContext( portlet, context, rundata);
78 }
7980/***81 * Build the normal state content for this portlet.82 *83 * @param portlet The velocity-based portlet that is being built.84 * @param context The velocity context for this request.85 * @param rundata The turbine rundata context for this request.86 */87protectedvoid buildNormalContext( VelocityPortlet portlet,
88 Context context,
89 RunData rundata )
90 {
91try92 {
93Permission permission = null;
9495/*96 * Grab the mode for the user form.97 */98 String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
99100//101// if we are updating or deleting - put the name in the context102//103if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) ||
104 mode.equals(SecurityConstants.PARAM_MODE_DELETE)))
105 {
106// get the primary key and put the object in the context107 String permissionname = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
108 permission = JetspeedSecurity.getPermission(permissionname);
109 context.put(SecurityConstants.CONTEXT_PERMISSION, permission);
110 }
111112//113// if there was an error, display the message114//115 String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
116if (msgid != null)
117 {
118int id = Integer.parseInt(msgid);
119if (id < SecurityConstants.MESSAGES.length)
120 context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
121122// get the bad entered data and put it back for convenient update123Permission tempPermission = (Permission)rundata.getUser().getTemp(TEMP_PERMISSION);
124if (tempPermission != null)
125 context.put(SecurityConstants.CONTEXT_PERMISSION, tempPermission);
126 }
127 context.put(SecurityConstants.PARAM_MODE, mode);
128129 }
130catch (Exception e)
131 {
132 logger.error("Error in Jetspeed User Security", e);
133 rundata.setMessage("Error in Jetspeed User Security: " + e.toString());
134 rundata.setStackTrace(StringUtils.stackTrace(e), e);
135 rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
136 }
137 }
138139/***140 * Database Insert Action for Security Permissions. Performs inserts into security database.141 *142 * @param rundata The turbine rundata context for this request.143 * @param context The velocity context for this request.144 */145publicvoid doInsert(RunData rundata, Context context)
146 throws Exception
147 {
148Permission permission = null;
149try150 {
151//152// validate that its not an 'blank' permissionname -- not allowed153//154 String name = rundata.getParameters().getString("name");
155if (name == null || name.trim().length() == 0)
156 {
157 DynamicURI duri = new DynamicURI (rundata);
158 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_PERMISSION_UPDATE);
159 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_INVALID_ENTITY_NAME);
160 rundata.setRedirectURI(duri.toString());
161 rundata.getUser().setTemp(TEMP_PERMISSION, null);
162return;
163 }
164165//166// generate a new permission167//168 permission = JetspeedPermissionFactory.getInstance();
169 permission.setName(name);
170171//172// add the permission173///174 JetspeedSecurity.addPermission(permission);
175176 }
177catch (JetspeedSecurityException e)
178 {
179// log the error msg180 logger.error("Exception", e);
181182//183// dup key found - display error message - bring back to same screen184//185 DynamicURI duri = new DynamicURI (rundata);
186 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_PERMISSION_UPDATE);
187 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_ENTITY_ALREADY_EXISTS);
188 rundata.setRedirectURI(duri.toString());
189190// save values that user just entered so they don't have to re-enter191if (permission != null)
192 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
193 }
194 }
195196/***197 * Database Update Action for Security Permissions. Performs updates into security database.198 *199 * @param rundata The turbine rundata context for this request.200 * @param context The velocity context for this request.201 */202publicvoid doUpdate(RunData rundata, Context context)
203 throws Exception
204 {
205Permission permission = null;
206try207 {
208//209// get the permission object from the selected permission entry in the browser210//211 permission = JetspeedSecurity.getPermission(
212 rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID));
213214//215// update the permission in the database216//217 JetspeedSecurity.savePermission(permission);
218219 }
220catch (Exception e)
221 {
222// log the error msg223 logger.error("Exception", e);
224225//226// error on update - display error message227//228 DynamicURI duri = new DynamicURI (rundata);
229 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_PERMISSION_UPDATE);
230 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED);
231if (permission != null)
232 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
233 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_UPDATE);
234 rundata.setRedirectURI(duri.toString());
235236// save values that user just entered so they don't have to re-enter237if (permission != null)
238 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
239240 }
241 }
242243/***244 * Database Delete Action for Security Permissions. Performs deletes into security database.245 *246 * @param rundata The turbine rundata context for this request.247 * @param context The velocity context for this request.248 */249publicvoid doDelete(RunData rundata, Context context)
250 throws Exception
251 {
252Permission permission = null;
253254try255 {
256//257// get the permission object from the selected permission entry in the browser258//259 permission = JetspeedSecurity.getPermission(
260 rundata.getParameters().getString( SecurityConstants.PARAM_ENTITY_ID) );
261262//263// remove the permission264//265 JetspeedSecurity.removePermission(permission.getName());
266 }
267catch (Exception e)
268 {
269// log the error msg270 logger.error("Exception", e);
271272//273// error on delete - display error message274//275 DynamicURI duri = new DynamicURI (rundata);
276 duri.addPathInfo(SecurityConstants.PANE_NAME, SecurityConstants.PANEID_PERMISSION_UPDATE);
277 duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_DELETE_FAILED);
278if (permission != null)
279 duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, permission.getName());
280 duri.addQueryData(SecurityConstants.PARAM_MODE, SecurityConstants.PARAM_MODE_DELETE);
281 rundata.setRedirectURI(duri.toString());
282283// save values that user just entered so they don't have to re-enter284if (permission != null)
285 rundata.getUser().setTemp(TEMP_PERMISSION, permission);
286287 }
288289 }
290291292 }