Ejemplo n.º 1
0
 @Override
 public boolean hasAssignment(String userId, String roleId) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + User.AUX_USER_ROLE
           + " WHERE user_id = "
           + userId
           + " AND role_id = "
           + roleId
           + " "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasAssignment:" + result);
   return result;
 }
Ejemplo n.º 2
0
 /**
  * DOC
  *
  * @param username
  * @param pass
  * @return
  */
 public Result login(String username, String pass) {
   Result r = new Result();
   if (loggedIn) {
     log("Already logged in.");
     r.setMessage("Already logged in.");
     r.success();
     // r.setNext("/ray/adminHome.jsp");
   } else {
     log("config.ADMIN_LOGIN:"******"username:'******'");
     log("config.ADMIN_PASSWORD:"******"pass:'******'");
     boolean valid = config.ADMIN_LOGIN.equals(username) && config.ADMIN_PASSWORD.equals(pass);
     if (valid) {
       log("User found.");
       User user = new User(username, pass);
       r.success();
       r.objectValue(user);
       loggedIn = true;
     } else {
       log("User not found.");
       r = r.notAuthorized();
     }
   }
   return r;
 }
Ejemplo n.º 3
0
 @Override
 public boolean hasBeenGranted(String roleId, String entityId, String priv) {
   // TODO validate priv. (roleId,entityId)
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = "
           + roleId
           + " AND manager_id = "
           + entityId
           + " AND priv_id = "
           + priv
           + "  "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasBeenGranted:" + result);
   return result;
 }
Ejemplo n.º 4
0
 @Override
 public boolean existsRole(String role) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return false;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE
           + " WHERE "
           + Role.ROLEFLD
           + " = '"
           + role
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("existsRole:" + result);
   return result;
 }
Ejemplo n.º 5
0
  @Override
  public Result listRoles(
      User user,
      List<Role>
          roleList) { // TODO see if this style of just returning desired object is good or not
    // since most return result.
    log("listing roles.");
    Result r = new Result();

    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
    sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");
    sb.append(" INNER JOIN ").append(User.AUX_USER_ROLE + " UR ");
    sb.append(" ON UR.").append(Role.ROLE_ID).append("=R.ID ");
    sb.append(" WHERE UR.").append(Role.USER_ID);
    sb.append(" = ");
    sb.append(user.getId());
    sb.append(" ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r = db.executeSelectRoles(selectRolesSql, roleList);
    log("list size:" + roleList.size());
    return r;
  }
Ejemplo n.º 6
0
 @Override
 public Result createUser(String user, String pass) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!existsUser(user)) {
     String sInsert =
         "INSERT INTO "
             + User.AUX_USER
             + " ("
             + User.USERFLD
             + ","
             + User.PASSFLD
             + ") values ('"
             + user
             + "', '"
             + pass
             + "')"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("User already exists.");
   }
   return r;
 }
Ejemplo n.º 7
0
  @Override
  public Result listPrivileges(Role role) {
    log("listing privileges.");
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R." + Role.MANAGER_ID + ", R.").append(Role.PRIV_ID);
    sb.append(" FROM ").append(Role.AUX_ROLE_PRIV).append(" R ");
    sb.append(" WHERE R.").append(Role.ROLE_ID);
    sb.append(" = ");
    sb.append(role.getId());
    sb.append(" ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r =
        db.executeSelectRolePrivileges(
            application, selectRolesSql, role); // (selectRolesSql,entityPrivs);
    log("map size:" + role.getPrivileges().size());
    return r;
  }
Ejemplo n.º 8
0
  @Override
  public Result grant(String roleId, String entityId, String priv) {
    // TODO validate priv. (roleId,entityId)
    // List<Result> rlist = new ArrayList<Result>();
    // TODO  ensure it doesn't already exist.
    Result r = new Result();
    if (!loggedIn) {
      return r.notAuthorized();
    }
    List<String> entityIds = new ArrayList<String>();
    if (Base.ALL.equals(entityId)) {
      String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " ";
      Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds);
      if (selectResult.notSuccessful()) {
        return selectResult;
      }
    } else {
      entityIds.add(entityId);
    }

    boolean found = false;
    for (String s : entityIds) {
      if (!found) {
        found = true;
      }
      if (!hasBeenGranted(roleId, s, priv)) {
        String sInsert =
            "INSERT INTO "
                + Role.AUX_ROLE_PRIV
                + " (role_id, manager_id, priv_id) values ("
                + roleId
                + ","
                + s
                + ","
                + priv
                + ")"; // TODO sql injection, used pstmt setString?
        String identitySql = "CALL IDENTITY();";
        r = db.executeInsert(sInsert, identitySql);
        if (r.notSuccessful()) {
          return r;
        }
      }
    }
    if (!found) {
      r.noResult();
      r.setMessage("All privileges were already granted.");
    } else {
      r.success();
      ; // some privileges exist.
    }

    return r;
  }
Ejemplo n.º 9
0
 @Override
 public Result unassign(String userId, String roleId) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + User.AUX_USER_ROLE
           + " WHERE user_id = "
           + userId
           + " AND role_id = "
           + roleId
           + " "; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Ejemplo n.º 10
0
 @Override
 public Result deleteRole(String role) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + Role.AUX_ROLE
           + " WHERE "
           + Role.ROLEFLD
           + " = '"
           + role
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Ejemplo n.º 11
0
 @Override
 public Result deleteUser(String user) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + User.AUX_USER
           + " WHERE "
           + User.USERFLD
           + " = '"
           + user
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Ejemplo n.º 12
0
  public Result findRole(String roleId) {
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    Role role = new Role();
    String selectRoleSql = "SELECT * FROM " + Role.AUX_ROLE + " WHERE " + "ID = " + roleId + "  ";

    r = db.executeSingleSelectQuery(selectRoleSql, role);
    if (!role.isValid()) {
      r.error("User object not valid.");
    } else {
      if (r.isSuccessful()) {
        r.objectValue(role);
      }
    }
    return r;
  }
Ejemplo n.º 13
0
  @Override
  public Result listAllRoles(List<Role> roleList) {
    log("listing roles.");
    Result r = new Result();

    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
    sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r = db.executeSelectRoles(selectRolesSql, roleList);
    log("list size:" + roleList.size());
    return r;
  }
Ejemplo n.º 14
0
  @Override
  public Result findUser(String userId) {
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    User user = new User();
    String selectUserSql = "SELECT * FROM " + User.AUX_USER + " WHERE " + "ID = " + userId + "  ";

    r = db.executeSingleSelectQuery(selectUserSql, user);
    if (!user.isValid()) {
      r.error("User object not valid.");
    } else {
      if (r.isSuccessful()) {
        r.objectValue(user);
      }
    }
    return r;
  }
Ejemplo n.º 15
0
 @Override
 public Result ungrant(String roleId, String entityId, String priv) {
   // TODO validate priv. (roleId,entityId)
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = "
           + roleId
           + " AND manager_id = "
           + entityId
           + " AND priv_id = "
           + priv
           + "  "; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Ejemplo n.º 16
0
 @Override
 public Result createRole(String role) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!existsRole(role)) {
     String sInsert =
         "INSERT INTO "
             + Role.AUX_ROLE
             + " (role) values ('"
             + role
             + "')"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("Role already exists.");
   }
   return r;
 }
Ejemplo n.º 17
0
 @Override
 public Result assign(String userId, String roleId) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!hasAssignment(userId, roleId)) {
     String sInsert =
         "INSERT INTO "
             + User.AUX_USER_ROLE
             + " (user_id, role_id) values ("
             + userId
             + ","
             + roleId
             + ")"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("Assignment already exists.");
   }
   return r;
 }
Ejemplo n.º 18
0
  /*
   * RESUME create something that will create a screen based on code and results.
   *
   * (non-Javadoc)
   * @see jhg.appman.ApplicationManager#service(jhg.appman.Screen.Button, java.util.Map)
   */
  @Override
  public Result service(
      Screen.Button button,
      Map<String, String[]> parameterMap) { // , Map<String,Object> valuesMap) {
    log("service(String,Map)");
    Result result = new Result();
    Screen next = null;
    if (!loggedIn) {
      return result.notAuthorized();
    }
    /*   TODO: finish the remaining cases/commands
    > BACK(null),
    x LOGIN(Code.ADMINHOME),
    x LOGOUT(Code.AUTHENTICATE),
    x GOHOME(Code.ADMINHOME),
    x MANAGEUSERS(Code.USERTABLE),
    x GOVIEWUSER(Code.VIEWUSER),
    x GOCREATEUSER(Code.CREATEUSER),
    x CREATEUSER(Code.VIEWUSER),
    x GOEDITUSER(Code.EDITUSER),
    EDITUSER(Code.VIEWUSER),
    > DELETEUSER(Code.USERTABLE),
    x MANAGEROLES(Code.ROLETABLE),
    x VIEWROLE(Code.VIEWROLE),
    x GOCREATEROLE(Code.CREATEROLE),
    x CREATEROLE(Code.VIEWROLE),
    > DELETEROLE(Code.ROLETABLE),
    > MANAGEENTITIES(Code.ENTITYTABLE),
    > VIEWENTITY(Code.VIEWENTITY),
    x ASSIGNROLE(Code.VIEWUSER),
    x UNASSIGNROLE(Code.VIEWUSER),
    x GRANTPRIV(Code.VIEWROLE),
    x UNGRANTPRIV(Code.VIEWROLE),
     */
    // don't have to cover login or logout
    switch (button) {
      case MANAGEUSERS:
        log("Manage Users.");
        result = getUserList(button);
        break;
      case MANAGEROLES:
        log("Manage Roles.");
        result = getRoleList(button);
        break;
      case MANAGEENTITIES: // TODO check: is this necessary right now? finish role create, grant,
        // ungrant, assign, unassign
        log("Manage Entities.");
        result = getEntityList(button);
        break;
      case GOCREATEUSER:
        log("Create User Form: " + button.destination().getPage());
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case CREATEUSER:
        log("Create User.");
        String username = parameterMap.get(User.USERFLD)[0]; // TODO validate presence
        String password = parameterMap.get(User.PASSFLD)[0];
        result = createUser(username, password);
        String createdUserId = ((Integer) result.objectValue()).toString();
        result = findUser(createdUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), true);
        break;
      case GOVIEWUSER:
        log("View User.");
        String viewUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        result = findUser(viewUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
        break;
      case GOEDITUSER:
        log("Edit this User.");
        String editUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        // right now it is just change password.
        // password, email
        // result = editUser(editUserId,...);
        result = findUser(editUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), true);
        break; // RESUME finish edit
      case EDITUSER:
        log("Edit User.");
        /* copied from create
        String username = parameterMap.get(User.USERFLD)[0];//TODO validate presence
        String password = parameterMap.get(User.PASSFLD)[0];
        result = createUser(username,password);
        String createdUserId = ((Integer)result.objectValue()).toString();
        result = findUser(createdUserId);//TODO check success
        result = createViewUser(button, (User)result.objectValue(),true);
         */
        break;
      case ASSIGNROLE:
        log("Assign Role.");
        String userId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String roleId = parameterMap.get(ApplicationManager.ID2)[0];
        result = assign(userId, roleId); // TODO check success
        result = findUser(userId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
      case UNASSIGNROLE:
        log("Unassign Role.");
        String unassignUserId =
            parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String unassignRoleId = parameterMap.get(ApplicationManager.ID2)[0];
        result = unassign(unassignUserId, unassignRoleId); // TODO check success
        result = findUser(unassignUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
        break;
      case DELETEUSER:
        log("Delete User.");
        String deleteUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        // result = findUser(deleteUserId);//TODO check success
        result = deleteUser(deleteUserId);
        next = new Screen(this, button.destination());
        result = getUserList(button);
        result.success();
        break;
      case VIEWROLE:
        log("View Role.");
        String viewRoleId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        result = findRole(viewRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
      case GOCREATEROLE:
        log("Create Role Form: " + button.destination().getPage());
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case CREATEROLE:
        log("Create a Role.");
        String rolename = parameterMap.get(Role.ROLEFLD)[0]; // TODO validate presence
        result = createRole(rolename);
        String createdRoleId = ((Integer) result.objectValue()).toString();
        result = findRole(createdRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), true);
        break;
      case GRANTPRIV:
        log("Grant privilege");
        String grantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String entityId = parameterMap.get(ApplicationManager.ID2)[0];
        String privId = parameterMap.get(ApplicationManager.ID3)[0];
        result = grant(grantRoleId, entityId, privId); // TODO check success
        result = findRole(grantRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
      case UNGRANTPRIV:
        log("Ungrant privilege");
        String ungrantRoleId =
            parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String ungrantEentityId = parameterMap.get(ApplicationManager.ID2)[0];
        String ungrantPrivId = parameterMap.get(ApplicationManager.ID3)[0];
        result = ungrant(ungrantRoleId, ungrantEentityId, ungrantPrivId); // TODO check success
        result = findRole(ungrantRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
        // NOTE broken below
      case BACK:
        log("Go Back.");
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case GOHOME:
        log("Go Home.");
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      default:
        result.invalidInput("Command not found.");
        break;
    }
    // valuesMap.put(USERLIST,userList);

    return result;
  }