@Override public boolean hasAssignment(String userId, String roleId) { boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return result; } String countSql = "SELECT COUNT(*) FROM " + User.AUX_USER_ROLE + " WHERE user_id = " + userId + " AND role_id = " + roleId + " "; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("hasAssignment:" + result); return result; }
/** * DOC * * @param username * @param pass * @return */ public Result login(String username, String pass) { Result r = new Result(); if (loggedIn) { log("Already logged in."); r.setMessage("Already logged in."); r.success(); // r.setNext("/ray/adminHome.jsp"); } else { log("config.ADMIN_LOGIN:"******"username:'******'"); log("config.ADMIN_PASSWORD:"******"pass:'******'"); boolean valid = config.ADMIN_LOGIN.equals(username) && config.ADMIN_PASSWORD.equals(pass); if (valid) { log("User found."); User user = new User(username, pass); r.success(); r.objectValue(user); loggedIn = true; } else { log("User not found."); r = r.notAuthorized(); } } return r; }
@Override public boolean hasBeenGranted(String roleId, String entityId, String priv) { // TODO validate priv. (roleId,entityId) boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return result; } String countSql = "SELECT COUNT(*) FROM " + Role.AUX_ROLE_PRIV + " WHERE role_id = " + roleId + " AND manager_id = " + entityId + " AND priv_id = " + priv + " "; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("hasBeenGranted:" + result); return result; }
@Override public boolean existsRole(String role) { boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return false; } String countSql = "SELECT COUNT(*) FROM " + Role.AUX_ROLE + " WHERE " + Role.ROLEFLD + " = '" + role + "'"; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("existsRole:" + result); return result; }
@Override public Result listRoles( User user, List<Role> roleList) { // TODO see if this style of just returning desired object is good or not // since most return result. log("listing roles."); Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } StringBuffer sb = new StringBuffer(); // TODO put this in sql translator sb.append("SELECT R.ID, R.").append(Role.ROLEFLD); sb.append(" FROM ").append(Role.AUX_ROLE).append(" R "); sb.append(" INNER JOIN ").append(User.AUX_USER_ROLE + " UR "); sb.append(" ON UR.").append(Role.ROLE_ID).append("=R.ID "); sb.append(" WHERE UR.").append(Role.USER_ID); sb.append(" = "); sb.append(user.getId()); sb.append(" "); String selectRolesSql = sb.toString(); logsql(selectRolesSql); r = db.executeSelectRoles(selectRolesSql, roleList); log("list size:" + roleList.size()); return r; }
@Override public Result createUser(String user, String pass) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } if (!existsUser(user)) { String sInsert = "INSERT INTO " + User.AUX_USER + " (" + User.USERFLD + "," + User.PASSFLD + ") values ('" + user + "', '" + pass + "')"; // TODO sql injection, used pstmt setString? String identitySql = "CALL IDENTITY();"; r = db.executeInsert(sInsert, identitySql); } else { r.noResult(); r.setMessage("User already exists."); } return r; }
@Override public Result listPrivileges(Role role) { log("listing privileges."); Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } StringBuffer sb = new StringBuffer(); // TODO put this in sql translator sb.append("SELECT R." + Role.MANAGER_ID + ", R.").append(Role.PRIV_ID); sb.append(" FROM ").append(Role.AUX_ROLE_PRIV).append(" R "); sb.append(" WHERE R.").append(Role.ROLE_ID); sb.append(" = "); sb.append(role.getId()); sb.append(" "); String selectRolesSql = sb.toString(); logsql(selectRolesSql); r = db.executeSelectRolePrivileges( application, selectRolesSql, role); // (selectRolesSql,entityPrivs); log("map size:" + role.getPrivileges().size()); return r; }
@Override public Result grant(String roleId, String entityId, String priv) { // TODO validate priv. (roleId,entityId) // List<Result> rlist = new ArrayList<Result>(); // TODO ensure it doesn't already exist. Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } List<String> entityIds = new ArrayList<String>(); if (Base.ALL.equals(entityId)) { String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " "; Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds); if (selectResult.notSuccessful()) { return selectResult; } } else { entityIds.add(entityId); } boolean found = false; for (String s : entityIds) { if (!found) { found = true; } if (!hasBeenGranted(roleId, s, priv)) { String sInsert = "INSERT INTO " + Role.AUX_ROLE_PRIV + " (role_id, manager_id, priv_id) values (" + roleId + "," + s + "," + priv + ")"; // TODO sql injection, used pstmt setString? String identitySql = "CALL IDENTITY();"; r = db.executeInsert(sInsert, identitySql); if (r.notSuccessful()) { return r; } } } if (!found) { r.noResult(); r.setMessage("All privileges were already granted."); } else { r.success(); ; // some privileges exist. } return r; }
@Override public Result unassign(String userId, String roleId) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } String deleteSql = "DELETE FROM " + User.AUX_USER_ROLE + " WHERE user_id = " + userId + " AND role_id = " + roleId + " "; // TODO sql injection, used pstmt setString? r = db.executeDelete(deleteSql); return r; }
@Override public Result deleteRole(String role) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } String deleteSql = "DELETE FROM " + Role.AUX_ROLE + " WHERE " + Role.ROLEFLD + " = '" + role + "'"; // TODO sql injection, used pstmt setString? r = db.executeDelete(deleteSql); return r; }
@Override public Result deleteUser(String user) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } String deleteSql = "DELETE FROM " + User.AUX_USER + " WHERE " + User.USERFLD + " = '" + user + "'"; // TODO sql injection, used pstmt setString? r = db.executeDelete(deleteSql); return r; }
public Result findRole(String roleId) { Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } Role role = new Role(); String selectRoleSql = "SELECT * FROM " + Role.AUX_ROLE + " WHERE " + "ID = " + roleId + " "; r = db.executeSingleSelectQuery(selectRoleSql, role); if (!role.isValid()) { r.error("User object not valid."); } else { if (r.isSuccessful()) { r.objectValue(role); } } return r; }
@Override public Result listAllRoles(List<Role> roleList) { log("listing roles."); Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } StringBuffer sb = new StringBuffer(); // TODO put this in sql translator sb.append("SELECT R.ID, R.").append(Role.ROLEFLD); sb.append(" FROM ").append(Role.AUX_ROLE).append(" R "); String selectRolesSql = sb.toString(); logsql(selectRolesSql); r = db.executeSelectRoles(selectRolesSql, roleList); log("list size:" + roleList.size()); return r; }
@Override public Result findUser(String userId) { Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } User user = new User(); String selectUserSql = "SELECT * FROM " + User.AUX_USER + " WHERE " + "ID = " + userId + " "; r = db.executeSingleSelectQuery(selectUserSql, user); if (!user.isValid()) { r.error("User object not valid."); } else { if (r.isSuccessful()) { r.objectValue(user); } } return r; }
@Override public Result ungrant(String roleId, String entityId, String priv) { // TODO validate priv. (roleId,entityId) Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } String deleteSql = "DELETE FROM " + Role.AUX_ROLE_PRIV + " WHERE role_id = " + roleId + " AND manager_id = " + entityId + " AND priv_id = " + priv + " "; // TODO sql injection, used pstmt setString? r = db.executeDelete(deleteSql); return r; }
@Override public Result createRole(String role) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } if (!existsRole(role)) { String sInsert = "INSERT INTO " + Role.AUX_ROLE + " (role) values ('" + role + "')"; // TODO sql injection, used pstmt setString? String identitySql = "CALL IDENTITY();"; r = db.executeInsert(sInsert, identitySql); } else { r.noResult(); r.setMessage("Role already exists."); } return r; }
@Override public Result assign(String userId, String roleId) { Result r = new Result(); if (!loggedIn) { return r.notAuthorized(); } if (!hasAssignment(userId, roleId)) { String sInsert = "INSERT INTO " + User.AUX_USER_ROLE + " (user_id, role_id) values (" + userId + "," + roleId + ")"; // TODO sql injection, used pstmt setString? String identitySql = "CALL IDENTITY();"; r = db.executeInsert(sInsert, identitySql); } else { r.noResult(); r.setMessage("Assignment already exists."); } return r; }
/* * RESUME create something that will create a screen based on code and results. * * (non-Javadoc) * @see jhg.appman.ApplicationManager#service(jhg.appman.Screen.Button, java.util.Map) */ @Override public Result service( Screen.Button button, Map<String, String[]> parameterMap) { // , Map<String,Object> valuesMap) { log("service(String,Map)"); Result result = new Result(); Screen next = null; if (!loggedIn) { return result.notAuthorized(); } /* TODO: finish the remaining cases/commands > BACK(null), x LOGIN(Code.ADMINHOME), x LOGOUT(Code.AUTHENTICATE), x GOHOME(Code.ADMINHOME), x MANAGEUSERS(Code.USERTABLE), x GOVIEWUSER(Code.VIEWUSER), x GOCREATEUSER(Code.CREATEUSER), x CREATEUSER(Code.VIEWUSER), x GOEDITUSER(Code.EDITUSER), EDITUSER(Code.VIEWUSER), > DELETEUSER(Code.USERTABLE), x MANAGEROLES(Code.ROLETABLE), x VIEWROLE(Code.VIEWROLE), x GOCREATEROLE(Code.CREATEROLE), x CREATEROLE(Code.VIEWROLE), > DELETEROLE(Code.ROLETABLE), > MANAGEENTITIES(Code.ENTITYTABLE), > VIEWENTITY(Code.VIEWENTITY), x ASSIGNROLE(Code.VIEWUSER), x UNASSIGNROLE(Code.VIEWUSER), x GRANTPRIV(Code.VIEWROLE), x UNGRANTPRIV(Code.VIEWROLE), */ // don't have to cover login or logout switch (button) { case MANAGEUSERS: log("Manage Users."); result = getUserList(button); break; case MANAGEROLES: log("Manage Roles."); result = getRoleList(button); break; case MANAGEENTITIES: // TODO check: is this necessary right now? finish role create, grant, // ungrant, assign, unassign log("Manage Entities."); result = getEntityList(button); break; case GOCREATEUSER: log("Create User Form: " + button.destination().getPage()); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case CREATEUSER: log("Create User."); String username = parameterMap.get(User.USERFLD)[0]; // TODO validate presence String password = parameterMap.get(User.PASSFLD)[0]; result = createUser(username, password); String createdUserId = ((Integer) result.objectValue()).toString(); result = findUser(createdUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), true); break; case GOVIEWUSER: log("View User."); String viewUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence result = findUser(viewUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); break; case GOEDITUSER: log("Edit this User."); String editUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence // right now it is just change password. // password, email // result = editUser(editUserId,...); result = findUser(editUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), true); break; // RESUME finish edit case EDITUSER: log("Edit User."); /* copied from create String username = parameterMap.get(User.USERFLD)[0];//TODO validate presence String password = parameterMap.get(User.PASSFLD)[0]; result = createUser(username,password); String createdUserId = ((Integer)result.objectValue()).toString(); result = findUser(createdUserId);//TODO check success result = createViewUser(button, (User)result.objectValue(),true); */ break; case ASSIGNROLE: log("Assign Role."); String userId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String roleId = parameterMap.get(ApplicationManager.ID2)[0]; result = assign(userId, roleId); // TODO check success result = findUser(userId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); case UNASSIGNROLE: log("Unassign Role."); String unassignUserId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String unassignRoleId = parameterMap.get(ApplicationManager.ID2)[0]; result = unassign(unassignUserId, unassignRoleId); // TODO check success result = findUser(unassignUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); break; case DELETEUSER: log("Delete User."); String deleteUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence // result = findUser(deleteUserId);//TODO check success result = deleteUser(deleteUserId); next = new Screen(this, button.destination()); result = getUserList(button); result.success(); break; case VIEWROLE: log("View Role."); String viewRoleId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence result = findRole(viewRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; case GOCREATEROLE: log("Create Role Form: " + button.destination().getPage()); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case CREATEROLE: log("Create a Role."); String rolename = parameterMap.get(Role.ROLEFLD)[0]; // TODO validate presence result = createRole(rolename); String createdRoleId = ((Integer) result.objectValue()).toString(); result = findRole(createdRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), true); break; case GRANTPRIV: log("Grant privilege"); String grantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String entityId = parameterMap.get(ApplicationManager.ID2)[0]; String privId = parameterMap.get(ApplicationManager.ID3)[0]; result = grant(grantRoleId, entityId, privId); // TODO check success result = findRole(grantRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; case UNGRANTPRIV: log("Ungrant privilege"); String ungrantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String ungrantEentityId = parameterMap.get(ApplicationManager.ID2)[0]; String ungrantPrivId = parameterMap.get(ApplicationManager.ID3)[0]; result = ungrant(ungrantRoleId, ungrantEentityId, ungrantPrivId); // TODO check success result = findRole(ungrantRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; // NOTE broken below case BACK: log("Go Back."); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case GOHOME: log("Go Home."); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; default: result.invalidInput("Command not found."); break; } // valuesMap.put(USERLIST,userList); return result; }