@Override
public void actionPerformed(FormEvent event) {
// the Role for which the rights are to be set
int roleId = -1;
// array of ints, ids of Layers (SecuredObjects) for which
// the Role has access rights
int[] layers = null;
// corresponding maps of key (PropertyName) / value-pairs that
// constitute access constraints
Map<String, Object>[] layerConstraints = null;
SecurityAccessManager manager = null;
SecurityTransaction transaction = null;
try {
RPCWebEvent ev = (RPCWebEvent) event;
RPCMethodCall rpcCall = ev.getRPCMethodCall();
RPCParameter[] params = rpcCall.getParameters();
// validates the incomming method call and extracts the roleID
roleId = validate(params);
RPCParameter[] layerParams = (RPCParameter[]) params[1].getValue();
layers = new int[layerParams.length];
layerConstraints = new Map[layerParams.length];
extractLayerValues(layers, layerConstraints, layerParams);
// extract FeatureType rights
if (!(params[2].getValue() instanceof RPCParameter[])) {
throw new RPCException(Messages.getMessage("IGEO_STD_STORERIGHTS_THIRD_PARAM"));
}
// array of ints, ids of FeatureTypes (SecuredObjects) for which
// the Role has access rights
FeatureTypeRight[] featureTypes = extractFeatureTypeValues(params);
transaction = SecurityHelper.acquireTransaction(this);
SecurityHelper.checkForAdminRole(transaction);
manager = SecurityAccessManager.getInstance();
User user = transaction.getUser();
Role role = transaction.getRoleById(roleId);
// perform access check
if (!user.hasRight(transaction, "update", role)) {
getRequest().setAttribute("SOURCE", this.getClass().getName());
String s = Messages.getMessage("IGEO_STD_STORERIGHTS_MISSING_RIGHTS", role.getName());
getRequest().setAttribute("MESSAGE", s);
setNextPage("error.jsp");
return;
}
// set/delete access rights for Layers
SecuredObject[] presentLayers = transaction.getAllSecuredObjects(ClientHelper.TYPE_LAYER);
setAccessRightsForLayers(layers, layerConstraints, transaction, role, presentLayers);
// set/delete access rights for FeatureTypes
SecuredObject[] presentFeatureTypes =
transaction.getAllSecuredObjects(ClientHelper.TYPE_FEATURETYPE);
setAccessRightsForFeatureTypes(featureTypes, transaction, role, presentFeatureTypes);
manager.commitTransaction(transaction);
transaction = null;
String s = Messages.getMessage("IGEO_STD_STORERIGHTS_SUCCESS", role.getID());
getRequest().setAttribute("MESSAGE", s);
} catch (RPCException e) {
getRequest().setAttribute("SOURCE", this.getClass().getName());
String s = Messages.getMessage("IGEO_STD_STORERIGHTS_INVALID_REQ", e.getMessage());
getRequest().setAttribute("MESSAGE", s);
setNextPage("error.jsp");
LOG.logDebug(e.getMessage(), e);
} catch (GeneralSecurityException e) {
getRequest().setAttribute("SOURCE", this.getClass().getName());
String s = Messages.getMessage("IGEO_STD_STORERIGHTS_ERROR", e.getMessage());
getRequest().setAttribute("MESSAGE", s);
setNextPage("error.jsp");
LOG.logDebug(e.getMessage(), e);
} finally {
if (manager != null && transaction != null) {
try {
manager.abortTransaction(transaction);
} catch (GeneralSecurityException e) {
LOG.logDebug(e.getMessage(), e);
}
}
}
}
