1/*2 * Copyright 2000-2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.modules.actions.portlets.security;
1819// java util20import java.util.Iterator;
21import java.util.Vector;
2223import org.apache.jetspeed.modules.actions.portlets.SecureVelocityPortletAction;
24import org.apache.jetspeed.om.profile.Portlets;
25import org.apache.jetspeed.om.profile.Profile;
26import org.apache.jetspeed.om.profile.ProfileLocator;
27import org.apache.jetspeed.om.security.Group;
28import org.apache.jetspeed.om.security.GroupRole;
29import org.apache.jetspeed.om.security.JetspeedUser;
30import org.apache.jetspeed.om.security.Role;
31import org.apache.jetspeed.portal.portlets.VelocityPortlet;
32import org.apache.jetspeed.services.JetspeedSecurity;
33import org.apache.jetspeed.services.Profiler;
34import org.apache.jetspeed.services.PsmlManager;
35import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
36import org.apache.jetspeed.services.logging.JetspeedLogger;
37import org.apache.jetspeed.services.resources.JetspeedResources;
38import org.apache.jetspeed.services.rundata.JetspeedRunData;
39import org.apache.jetspeed.util.PortletUtils;
40import org.apache.turbine.util.RunData;
41import org.apache.turbine.util.StringUtils;
42import org.apache.velocity.context.Context;
434445/***46 * This action sets up the template context for editing security group roles47 * for a given user.48 *49 * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>50 * @version $Id: UserGroupRoleUpdateAction.java,v 1.3 2004/03/31 04:49:10 morciuch Exp $51 */52publicclassUserGroupRoleUpdateActionextendsSecureVelocityPortletAction53 {
5455/***56 * Static initialization of the logger for this class57 */58privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(UserRoleUpdateAction.class.getName());
5960/***61 * Build the maximized state content for this portlet. (Same as normal state).62 *63 * @param portlet The velocity-based portlet that is being built.64 * @param context The velocity context for this request.65 * @param rundata The turbine rundata context for this request.66 */67protectedvoid buildMaximizedContext( VelocityPortlet portlet,
68 Context context,
69 RunData rundata )
70 {
71 buildNormalContext( portlet, context, rundata);
72 }
7374/***75 * Build the configure state content for this portlet.76 *77 * @param portlet The velocity-based portlet that is being built.78 * @param context The velocity context for this request.79 * @param rundata The turbine rundata context for this request.80 */81protectedvoid buildConfigureContext( VelocityPortlet portlet,
82 Context context,
83 RunData rundata )
84 {
8586 buildNormalContext( portlet, context, rundata);
87 }
8889/***90 * Build the normal state content for this portlet.91 *92 * @param portlet The velocity-based portlet that is being built.93 * @param context The velocity context for this request.94 * @param rundata The turbine rundata context for this request.95 */96protectedvoid buildNormalContext( VelocityPortlet portlet,
97 Context context,
98 RunData rundata )
99 {
100try101 {
102103//104// check to see if we are adding a role for a single user105//106 String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID);
107if (entityid == null || entityid.trim().length() == 0)
108 {
109return;
110 }
111112 buildUserGroupRoleContext(portlet, context, rundata, entityid);
113114//115// if there was an error, display the message116//117 String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
118if (msgid != null)
119 {
120int id = Integer.parseInt(msgid);
121if (id < SecurityConstants.MESSAGES.length)
122 context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]);
123 }
124125 }
126catch (Exception e)
127 {
128 logger.error("Error in Jetspeed User Group Role Security", e);
129 rundata.setMessage("Error in Jetspeed User Group Role Security: " + e.toString());
130 rundata.setStackTrace(StringUtils.stackTrace(e), e);
131 rundata.setScreenTemplate(JetspeedResources.getString("template.error","Error"));
132 }
133 }
134135136/***137 * Appends profile for specified role to the end of profile for specified user138 * 139 * @param user User to append to140 * @param role Role to append from141 * @exception Exception142 */143privatevoid appendNewRoleProfile(JetspeedRunData jdata, JetspeedUser user, Role role)
144 throws Exception
145 {
146// Retrieve the role profile147ProfileLocator roleLocator = Profiler.createLocator();
148 roleLocator.setRole(role);
149 roleLocator.setMediaType(jdata.getCapability().getPreferredMediaType());
150 roleLocator.setName("default.psml");
151Profile roleProfile = Profiler.getProfile(roleLocator);
152if (roleProfile != null)
153 {
154if (logger.isDebugEnabled())
155 {
156 logger.debug("UserGroupRoleUpdateAction: retrieved profile for role: " + roleProfile.getPath());
157 }
158 }
159160// Retrieve the user profile161ProfileLocator userLocator = Profiler.createLocator();
162 userLocator.setUser(user);
163 userLocator.setMediaType(jdata.getCapability().getPreferredMediaType());
164 userLocator.setName("default.psml");
165Profile userProfile = Profiler.getProfile(userLocator);
166if (userProfile != null)
167 {
168if (logger.isDebugEnabled())
169 {
170 logger.debug("UserGroupRoleUpdateAction: retrieved profile for user: " + userProfile.getPath());
171 }
172 }
173174// Append role profile to user profile175if (roleProfile != null &&
176 roleProfile.getDocument() != null &&
177 userProfile != null &&
178 userProfile.getDocument() != null)
179 {
180Profile tmpProfile = (Profile) roleProfile.clone();
181Portlets rolePortlets = tmpProfile.getDocument().getPortlets();
182Portlets userPortlets = userProfile.getDocument().getPortlets();
183184// Handle pane based profile185if (rolePortlets.getPortletsCount() > 0)
186 {
187for (int i = 0; i < rolePortlets.getPortletsCount(); i++)
188 {
189Portlets pane = rolePortlets.getPortlets(i);
190 pane.setLayout(null);
191 userPortlets.addPortlets(pane);
192if (logger.isDebugEnabled())
193 {
194 logger.debug("UserRoleUpdateAction: appended pane: " + pane.getId() + " to user: " + user.getUserName());
195 }
196 }
197 }
198// Handle profile with no panes199else200 {
201if (rolePortlets.getTitle() == null)
202 {
203 String title = org.apache.turbine.util.StringUtils.firstLetterCaps(roleProfile.getRoleName());
204 rolePortlets.setTitle(title + " Home");
205 }
206 rolePortlets.setLayout(null);
207 userPortlets.addPortlets(rolePortlets);
208 }
209210// Regenerate ids211 PortletUtils.regenerateIds(userPortlets);
212213// Save the user profile214 PsmlManager.store(userProfile);
215 }
216 }
217218/***219 * Build the context for a role browser for a specific user.220 *221 * @param portlet The velocity-based portlet that is being built.222 * @param context The velocity context for this request.223 * @param rundata The turbine rundata context for this request.224 * @param userid The userid of the user that we are building a role context for.225 */226privatevoid buildUserGroupRoleContext(VelocityPortlet portlet,
227 Context context,
228 RunData rundata,
229 String userid)
230 throws Exception
231 {
232// get the user object233JetspeedUser user = JetspeedSecurity.getUser(userid);
234if (null == user)
235 {
236// no User found237 logger.error("UserGroupRoleBrowser: Failed to get user: " + userid );
238return;
239 }
240// get master list of roles241 Iterator roles = JetspeedSecurity.getRoles();
242 Vector masterRoles = new Vector();
243while (roles.hasNext())
244 {
245 Role role = (Role) roles.next();
246 masterRoles.add(role);
247 }
248249 Iterator groups = JetspeedSecurity.getGroups();
250 Vector masterGroups = new Vector();
251while (groups.hasNext())
252 {
253 Group group = (Group) groups.next();
254 masterGroups.add(group);
255 }
256257 Vector selected = new Vector();
258 Iterator groupRoles = JetspeedSecurity.getRoles(userid);
259while (groupRoles.hasNext())
260 {
261 GroupRole gr = (GroupRole) groupRoles.next();
262 selected.add(gr.getGroup().getName() + gr.getRole().getName());
263 }
264265 rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, masterRoles);
266 rundata.getUser().setTemp(SecurityConstants.CONTEXT_GROUPS, masterGroups);
267 rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected);
268269 context.put(SecurityConstants.CONTEXT_USER, user);
270 context.put(SecurityConstants.CONTEXT_ROLES, masterRoles);
271 context.put(SecurityConstants.CONTEXT_GROUPS, masterGroups);
272 context.put(SecurityConstants.CONTEXT_SELECTED, selected);
273274 }
275276/***277 * Update the roles that are to assigned to a user278 * for a project.279 */280publicvoid doRoles(RunData data, Context context)
281 throws Exception
282 {
283/*284 * Get the user we are trying to update. The username285 * has been hidden in the form so we will grab the286 * hidden username and use that to retrieve the287 * user.288 */289 String username = data.getParameters().getString("username");
290JetspeedUser user = JetspeedSecurity.getUser(username);
291292/*293 * Grab all the Groups and Roles in the system.294 */295for (Iterator groups = JetspeedSecurity.getGroups(); groups.hasNext();)
296 {
297 String groupName = ((Group) groups.next()).getName();
298299for (Iterator roles = JetspeedSecurity.getRoles(); roles.hasNext();)
300 {
301/*302 * In the UserRoleForm.vm we made a checkbox303 * for every possible Group/Role combination304 * so we will compare every possible combination305 * with the values that were checked off in306 * the form. If we have a match then we will307 * grant the user the role in the group.308 */309Role role = (Role) roles.next();
310 String roleName = role.getName();
311 String groupRole = groupName + roleName;
312313 String formGroupRole = data.getParameters().getString(groupRole);
314315if (formGroupRole != null && JetspeedSecurity.hasRole(username, roleName, groupName) == false)
316 {
317 JetspeedSecurity.grantRole(username, roleName, groupName);
318319// If role profile merging is active, append profile for the new role320if (Profiler.useRoleProfileMerging())
321 {
322 appendNewRoleProfile((JetspeedRunData) data, user, role);
323 }
324 }
325elseif (formGroupRole == null && JetspeedSecurity.hasRole(username, roleName, groupName))
326 {
327 JetspeedSecurity.revokeRole(username, roleName, groupName);
328 }
329 }
330 }
331 }
332333334 }