@Override
public boolean hasAssignment(String userId, String roleId) {
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return result;
}
String countSql =
"SELECT COUNT(*) FROM "
+ User.AUX_USER_ROLE
+ " WHERE user_id = "
+ userId
+ " AND role_id = "
+ roleId
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("hasAssignment:" + result);
return result;
}
/**
* DOC
*
* @param username
* @param pass
* @return
*/
public Result login(String username, String pass) {
Result r = new Result();
if (loggedIn) {
log("Already logged in.");
r.setMessage("Already logged in.");
r.success();
// r.setNext("/ray/adminHome.jsp");
} else {
log("config.ADMIN_LOGIN:"******"username:'******'");
log("config.ADMIN_PASSWORD:"******"pass:'******'");
boolean valid = config.ADMIN_LOGIN.equals(username) && config.ADMIN_PASSWORD.equals(pass);
if (valid) {
log("User found.");
User user = new User(username, pass);
r.success();
r.objectValue(user);
loggedIn = true;
} else {
log("User not found.");
r = r.notAuthorized();
}
}
return r;
}
@Override
public boolean hasBeenGranted(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return result;
}
String countSql =
"SELECT COUNT(*) FROM "
+ Role.AUX_ROLE_PRIV
+ " WHERE role_id = "
+ roleId
+ " AND manager_id = "
+ entityId
+ " AND priv_id = "
+ priv
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("hasBeenGranted:" + result);
return result;
}
@Override
public boolean existsRole(String role) {
boolean result = false;
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return false;
}
String countSql =
"SELECT COUNT(*) FROM "
+ Role.AUX_ROLE
+ " WHERE "
+ Role.ROLEFLD
+ " = '"
+ role
+ "'"; // TODO sql injection, used pstmt setString?
r = db.executeCountQuery(countSql);
if (r.hasValue()) {
Integer count = (Integer) r.objectValue();
if (count > 0) {
result = true;
}
}
log("existsRole:" + result);
return result;
}
@Override
public Result listRoles(
User user,
List<Role>
roleList) { // TODO see if this style of just returning desired object is good or not
// since most return result.
log("listing roles.");
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return r;
}
StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");
sb.append(" INNER JOIN ").append(User.AUX_USER_ROLE + " UR ");
sb.append(" ON UR.").append(Role.ROLE_ID).append("=R.ID ");
sb.append(" WHERE UR.").append(Role.USER_ID);
sb.append(" = ");
sb.append(user.getId());
sb.append(" ");
String selectRolesSql = sb.toString();
logsql(selectRolesSql);
r = db.executeSelectRoles(selectRolesSql, roleList);
log("list size:" + roleList.size());
return r;
}
@Override
public Result createUser(String user, String pass) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!existsUser(user)) {
String sInsert =
"INSERT INTO "
+ User.AUX_USER
+ " ("
+ User.USERFLD
+ ","
+ User.PASSFLD
+ ") values ('"
+ user
+ "', '"
+ pass
+ "')"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("User already exists.");
}
return r;
}
@Override
public Result listPrivileges(Role role) {
log("listing privileges.");
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return r;
}
StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
sb.append("SELECT R." + Role.MANAGER_ID + ", R.").append(Role.PRIV_ID);
sb.append(" FROM ").append(Role.AUX_ROLE_PRIV).append(" R ");
sb.append(" WHERE R.").append(Role.ROLE_ID);
sb.append(" = ");
sb.append(role.getId());
sb.append(" ");
String selectRolesSql = sb.toString();
logsql(selectRolesSql);
r =
db.executeSelectRolePrivileges(
application, selectRolesSql, role); // (selectRolesSql,entityPrivs);
log("map size:" + role.getPrivileges().size());
return r;
}
@Override
public Result grant(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
// List<Result> rlist = new ArrayList<Result>();
// TODO ensure it doesn't already exist.
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
List<String> entityIds = new ArrayList<String>();
if (Base.ALL.equals(entityId)) {
String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " ";
Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds);
if (selectResult.notSuccessful()) {
return selectResult;
}
} else {
entityIds.add(entityId);
}
boolean found = false;
for (String s : entityIds) {
if (!found) {
found = true;
}
if (!hasBeenGranted(roleId, s, priv)) {
String sInsert =
"INSERT INTO "
+ Role.AUX_ROLE_PRIV
+ " (role_id, manager_id, priv_id) values ("
+ roleId
+ ","
+ s
+ ","
+ priv
+ ")"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
if (r.notSuccessful()) {
return r;
}
}
}
if (!found) {
r.noResult();
r.setMessage("All privileges were already granted.");
} else {
r.success();
; // some privileges exist.
}
return r;
}
@Override
public Result unassign(String userId, String roleId) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
String deleteSql =
"DELETE FROM "
+ User.AUX_USER_ROLE
+ " WHERE user_id = "
+ userId
+ " AND role_id = "
+ roleId
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeDelete(deleteSql);
return r;
}
@Override
public Result deleteRole(String role) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
String deleteSql =
"DELETE FROM "
+ Role.AUX_ROLE
+ " WHERE "
+ Role.ROLEFLD
+ " = '"
+ role
+ "'"; // TODO sql injection, used pstmt setString?
r = db.executeDelete(deleteSql);
return r;
}
@Override
public Result deleteUser(String user) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
String deleteSql =
"DELETE FROM "
+ User.AUX_USER
+ " WHERE "
+ User.USERFLD
+ " = '"
+ user
+ "'"; // TODO sql injection, used pstmt setString?
r = db.executeDelete(deleteSql);
return r;
}
public Result findRole(String roleId) {
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return r;
}
Role role = new Role();
String selectRoleSql = "SELECT * FROM " + Role.AUX_ROLE + " WHERE " + "ID = " + roleId + " ";
r = db.executeSingleSelectQuery(selectRoleSql, role);
if (!role.isValid()) {
r.error("User object not valid.");
} else {
if (r.isSuccessful()) {
r.objectValue(role);
}
}
return r;
}
@Override
public Result listAllRoles(List<Role> roleList) {
log("listing roles.");
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return r;
}
StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");
String selectRolesSql = sb.toString();
logsql(selectRolesSql);
r = db.executeSelectRoles(selectRolesSql, roleList);
log("list size:" + roleList.size());
return r;
}
@Override
public Result findUser(String userId) {
Result r = new Result();
if (!loggedIn) {
r = r.notAuthorized();
return r;
}
User user = new User();
String selectUserSql = "SELECT * FROM " + User.AUX_USER + " WHERE " + "ID = " + userId + " ";
r = db.executeSingleSelectQuery(selectUserSql, user);
if (!user.isValid()) {
r.error("User object not valid.");
} else {
if (r.isSuccessful()) {
r.objectValue(user);
}
}
return r;
}
@Override
public Result ungrant(String roleId, String entityId, String priv) {
// TODO validate priv. (roleId,entityId)
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
String deleteSql =
"DELETE FROM "
+ Role.AUX_ROLE_PRIV
+ " WHERE role_id = "
+ roleId
+ " AND manager_id = "
+ entityId
+ " AND priv_id = "
+ priv
+ " "; // TODO sql injection, used pstmt setString?
r = db.executeDelete(deleteSql);
return r;
}
@Override
public Result createRole(String role) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!existsRole(role)) {
String sInsert =
"INSERT INTO "
+ Role.AUX_ROLE
+ " (role) values ('"
+ role
+ "')"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("Role already exists.");
}
return r;
}
@Override
public Result assign(String userId, String roleId) {
Result r = new Result();
if (!loggedIn) {
return r.notAuthorized();
}
if (!hasAssignment(userId, roleId)) {
String sInsert =
"INSERT INTO "
+ User.AUX_USER_ROLE
+ " (user_id, role_id) values ("
+ userId
+ ","
+ roleId
+ ")"; // TODO sql injection, used pstmt setString?
String identitySql = "CALL IDENTITY();";
r = db.executeInsert(sInsert, identitySql);
} else {
r.noResult();
r.setMessage("Assignment already exists.");
}
return r;
}
/*
* RESUME create something that will create a screen based on code and results.
*
* (non-Javadoc)
* @see jhg.appman.ApplicationManager#service(jhg.appman.Screen.Button, java.util.Map)
*/
@Override
public Result service(
Screen.Button button,
Map<String, String[]> parameterMap) { // , Map<String,Object> valuesMap) {
log("service(String,Map)");
Result result = new Result();
Screen next = null;
if (!loggedIn) {
return result.notAuthorized();
}
/* TODO: finish the remaining cases/commands
> BACK(null),
x LOGIN(Code.ADMINHOME),
x LOGOUT(Code.AUTHENTICATE),
x GOHOME(Code.ADMINHOME),
x MANAGEUSERS(Code.USERTABLE),
x GOVIEWUSER(Code.VIEWUSER),
x GOCREATEUSER(Code.CREATEUSER),
x CREATEUSER(Code.VIEWUSER),
x GOEDITUSER(Code.EDITUSER),
EDITUSER(Code.VIEWUSER),
> DELETEUSER(Code.USERTABLE),
x MANAGEROLES(Code.ROLETABLE),
x VIEWROLE(Code.VIEWROLE),
x GOCREATEROLE(Code.CREATEROLE),
x CREATEROLE(Code.VIEWROLE),
> DELETEROLE(Code.ROLETABLE),
> MANAGEENTITIES(Code.ENTITYTABLE),
> VIEWENTITY(Code.VIEWENTITY),
x ASSIGNROLE(Code.VIEWUSER),
x UNASSIGNROLE(Code.VIEWUSER),
x GRANTPRIV(Code.VIEWROLE),
x UNGRANTPRIV(Code.VIEWROLE),
*/
// don't have to cover login or logout
switch (button) {
case MANAGEUSERS:
log("Manage Users.");
result = getUserList(button);
break;
case MANAGEROLES:
log("Manage Roles.");
result = getRoleList(button);
break;
case MANAGEENTITIES: // TODO check: is this necessary right now? finish role create, grant,
// ungrant, assign, unassign
log("Manage Entities.");
result = getEntityList(button);
break;
case GOCREATEUSER:
log("Create User Form: " + button.destination().getPage());
next = new Screen(this, button.destination());
result.objectValue(next);
result.success();
break;
case CREATEUSER:
log("Create User.");
String username = parameterMap.get(User.USERFLD)[0]; // TODO validate presence
String password = parameterMap.get(User.PASSFLD)[0];
result = createUser(username, password);
String createdUserId = ((Integer) result.objectValue()).toString();
result = findUser(createdUserId); // TODO check success
result = createViewUser(button, (User) result.objectValue(), true);
break;
case GOVIEWUSER:
log("View User.");
String viewUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
result = findUser(viewUserId); // TODO check success
result = createViewUser(button, (User) result.objectValue(), false);
break;
case GOEDITUSER:
log("Edit this User.");
String editUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
// right now it is just change password.
// password, email
// result = editUser(editUserId,...);
result = findUser(editUserId); // TODO check success
result = createViewUser(button, (User) result.objectValue(), true);
break; // RESUME finish edit
case EDITUSER:
log("Edit User.");
/* copied from create
String username = parameterMap.get(User.USERFLD)[0];//TODO validate presence
String password = parameterMap.get(User.PASSFLD)[0];
result = createUser(username,password);
String createdUserId = ((Integer)result.objectValue()).toString();
result = findUser(createdUserId);//TODO check success
result = createViewUser(button, (User)result.objectValue(),true);
*/
break;
case ASSIGNROLE:
log("Assign Role.");
String userId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
String roleId = parameterMap.get(ApplicationManager.ID2)[0];
result = assign(userId, roleId); // TODO check success
result = findUser(userId); // TODO check success
result = createViewUser(button, (User) result.objectValue(), false);
case UNASSIGNROLE:
log("Unassign Role.");
String unassignUserId =
parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
String unassignRoleId = parameterMap.get(ApplicationManager.ID2)[0];
result = unassign(unassignUserId, unassignRoleId); // TODO check success
result = findUser(unassignUserId); // TODO check success
result = createViewUser(button, (User) result.objectValue(), false);
break;
case DELETEUSER:
log("Delete User.");
String deleteUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
// result = findUser(deleteUserId);//TODO check success
result = deleteUser(deleteUserId);
next = new Screen(this, button.destination());
result = getUserList(button);
result.success();
break;
case VIEWROLE:
log("View Role.");
String viewRoleId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
result = findRole(viewRoleId); // TODO check success
result = createViewRole(button, (Role) result.objectValue(), false);
break;
case GOCREATEROLE:
log("Create Role Form: " + button.destination().getPage());
next = new Screen(this, button.destination());
result.objectValue(next);
result.success();
break;
case CREATEROLE:
log("Create a Role.");
String rolename = parameterMap.get(Role.ROLEFLD)[0]; // TODO validate presence
result = createRole(rolename);
String createdRoleId = ((Integer) result.objectValue()).toString();
result = findRole(createdRoleId); // TODO check success
result = createViewRole(button, (Role) result.objectValue(), true);
break;
case GRANTPRIV:
log("Grant privilege");
String grantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
String entityId = parameterMap.get(ApplicationManager.ID2)[0];
String privId = parameterMap.get(ApplicationManager.ID3)[0];
result = grant(grantRoleId, entityId, privId); // TODO check success
result = findRole(grantRoleId); // TODO check success
result = createViewRole(button, (Role) result.objectValue(), false);
break;
case UNGRANTPRIV:
log("Ungrant privilege");
String ungrantRoleId =
parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
String ungrantEentityId = parameterMap.get(ApplicationManager.ID2)[0];
String ungrantPrivId = parameterMap.get(ApplicationManager.ID3)[0];
result = ungrant(ungrantRoleId, ungrantEentityId, ungrantPrivId); // TODO check success
result = findRole(ungrantRoleId); // TODO check success
result = createViewRole(button, (Role) result.objectValue(), false);
break;
// NOTE broken below
case BACK:
log("Go Back.");
next = new Screen(this, button.destination());
result.objectValue(next);
result.success();
break;
case GOHOME:
log("Go Home.");
next = new Screen(this, button.destination());
result.objectValue(next);
result.success();
break;
default:
result.invalidInput("Command not found.");
break;
}
// valuesMap.put(USERLIST,userList);
return result;
}
