@Override public boolean hasBeenGranted(String roleId, String entityId, String priv) { // TODO validate priv. (roleId,entityId) boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return result; } String countSql = "SELECT COUNT(*) FROM " + Role.AUX_ROLE_PRIV + " WHERE role_id = " + roleId + " AND manager_id = " + entityId + " AND priv_id = " + priv + " "; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("hasBeenGranted:" + result); return result; }
@Override public boolean existsRole(String role) { boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return false; } String countSql = "SELECT COUNT(*) FROM " + Role.AUX_ROLE + " WHERE " + Role.ROLEFLD + " = '" + role + "'"; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("existsRole:" + result); return result; }
@Override public boolean hasAssignment(String userId, String roleId) { boolean result = false; Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return result; } String countSql = "SELECT COUNT(*) FROM " + User.AUX_USER_ROLE + " WHERE user_id = " + userId + " AND role_id = " + roleId + " "; // TODO sql injection, used pstmt setString? r = db.executeCountQuery(countSql); if (r.hasValue()) { Integer count = (Integer) r.objectValue(); if (count > 0) { result = true; } } log("hasAssignment:" + result); return result; }
/** * DOC * * @param username * @param pass * @return */ public Result login(String username, String pass) { Result r = new Result(); if (loggedIn) { log("Already logged in."); r.setMessage("Already logged in."); r.success(); // r.setNext("/ray/adminHome.jsp"); } else { log("config.ADMIN_LOGIN:"******"username:'******'"); log("config.ADMIN_PASSWORD:"******"pass:'******'"); boolean valid = config.ADMIN_LOGIN.equals(username) && config.ADMIN_PASSWORD.equals(pass); if (valid) { log("User found."); User user = new User(username, pass); r.success(); r.objectValue(user); loggedIn = true; } else { log("User not found."); r = r.notAuthorized(); } } return r; }
@SuppressWarnings("rawtypes") private Result getEntityList(Screen.Button button) { Result result = new Result(); Screen next; List<Manager> entityList = application.getManagers(); next = new Screen(this, button.destination()); next.setValue(Screen.AVAILABLE_ENTITIES, entityList); result.objectValue(next); result.success(); return result; }
protected boolean haveRecords(String table) { boolean rv = false; String countQuery = "SELECT COUNT(*) FROM " + table; logsql(countQuery); Result dbr = db.executeCountQuery(countQuery); if (dbr.isSuccessful()) { rv = ((Integer) dbr.objectValue()) > 0; } else { log("haveRecords(" + table + ")" + dbr.name()); } return rv; }
private Result getRoleList(Screen.Button button) { Result result; Screen next; List<Role> roleList = new ArrayList<Role>(); result = listAllRoles(roleList); if (result.isSuccessful()) { next = new Screen(this, button.destination()); next.setValue(Screen.AVAILABLE_ROLES, roleList); result.objectValue(next); } else { log(result.getReason().name()); log(result.allMessages()); } return result; }
private Result getUserList(Screen.Button button) { Result result; Screen next; List<User> userList = new ArrayList<User>(); result = listUsers(userList); if (result.isSuccessful()) { next = new Screen(this, button.destination()); next.setValue(Screen.USERS_LIST, userList); result.objectValue(next); } else { log(result.getReason().name()); log(result.allMessages()); } return result; }
/** * DOC * * @param role * @param manager * @param privilege * @return */ @SuppressWarnings("rawtypes") public boolean denyAccess(Role role, Manager manager, Privilege privilege) { boolean rv = true; String countSql = "SELECT count(*) FROM " + Role.AUX_ROLE_PRIV + " WHERE role_id = ? and manager_id = ? and priv_id = ? "; Result r = db.executeCountQuery(countSql); if (r.isSuccessful()) { Integer count = (Integer) r.objectValue(); rv = (count == Base.ZERO); } else { log("Deny access query:" + countSql + " failed:" + r.name()); } return rv; }
private Result createViewRole(Button button, Role role, boolean redirect) { Result result = new Result(); Screen next; next = new Screen(this, button.destination()); if (redirect) { next.makeRedirect(); } // Integer usrId = user.getId(); result = listPrivileges(role); next.setValue(Screen.VIEW_ROLE, role); next.setValue(Screen.AVAILABLE_ENTITIES, application.getManagers()); next.setValue(Screen.AVAILABLE_PRIVILEGES, Privilege.values()); result.objectValue(next); result.success(); return result; }
public Result findRole(String roleId) { Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } Role role = new Role(); String selectRoleSql = "SELECT * FROM " + Role.AUX_ROLE + " WHERE " + "ID = " + roleId + " "; r = db.executeSingleSelectQuery(selectRoleSql, role); if (!role.isValid()) { r.error("User object not valid."); } else { if (r.isSuccessful()) { r.objectValue(role); } } return r; }
@SuppressWarnings("rawtypes") protected Result fillAuxManagementTable() { Result r = new Result(); if (!haveRecords(Manager.AUX_MANAGER)) { List<Manager> managers = application.getManagers(); int i = 0; for (Manager m : managers) { i++; String sInsert = "INSERT INTO " + Manager.AUX_MANAGER + " (id,manager) values (" + i + ",'" + m.getName() + "')"; String identitySql = "CALL IDENTITY();"; logsql(sInsert); r = db.executeInsert(sInsert, identitySql); Integer managerId = (Integer) r.objectValue(); // TODO safeguards m.setManagerId(managerId); } } String countQuery = "SELECT COUNT(*) FROM " + Manager.AUX_MANAGER + " "; logsql(countQuery); Result c = db.executeCountQuery(countQuery); if (hasCount(c)) { db.debugSelectAll("SELECT * FROM " + Manager.AUX_MANAGER + " "); List<Manager> managers = application.getManagers(); int i = 0; for (Manager m : managers) { i++; String sSelect = "SELECT ID FROM " + Manager.AUX_MANAGER + " WHERE manager='" + m.getName() + "' "; logsql(sSelect); r = db.executeSelect(sSelect, m); } } r.success(); ; return r; }
@Override public Result findUser(String userId) { Result r = new Result(); if (!loggedIn) { r = r.notAuthorized(); return r; } User user = new User(); String selectUserSql = "SELECT * FROM " + User.AUX_USER + " WHERE " + "ID = " + userId + " "; r = db.executeSingleSelectQuery(selectUserSql, user); if (!user.isValid()) { r.error("User object not valid."); } else { if (r.isSuccessful()) { r.objectValue(user); } } return r; }
private Result createViewUser(Screen.Button button, User user, boolean redirect) { Result result = new Result(); Screen next; next = new Screen(this, button.destination()); if (redirect) { next.makeRedirect(); } // Integer usrId = user.getId(); next.setValue(Screen.VIEW_USER, user); List<Role> roleList = new ArrayList<Role>(); result = listRoles(user, roleList); // TODO check if successful List<Role> allRoles = new ArrayList<Role>(); result = listAllRoles(allRoles); subtractRolesNotAssigned(allRoles, roleList); next.setValue(Screen.USER_ROLES, roleList); next.setValue(Screen.AVAILABLE_ROLES, allRoles); result.objectValue(next); result.success(); return result; }
/* * RESUME create something that will create a screen based on code and results. * * (non-Javadoc) * @see jhg.appman.ApplicationManager#service(jhg.appman.Screen.Button, java.util.Map) */ @Override public Result service( Screen.Button button, Map<String, String[]> parameterMap) { // , Map<String,Object> valuesMap) { log("service(String,Map)"); Result result = new Result(); Screen next = null; if (!loggedIn) { return result.notAuthorized(); } /* TODO: finish the remaining cases/commands > BACK(null), x LOGIN(Code.ADMINHOME), x LOGOUT(Code.AUTHENTICATE), x GOHOME(Code.ADMINHOME), x MANAGEUSERS(Code.USERTABLE), x GOVIEWUSER(Code.VIEWUSER), x GOCREATEUSER(Code.CREATEUSER), x CREATEUSER(Code.VIEWUSER), x GOEDITUSER(Code.EDITUSER), EDITUSER(Code.VIEWUSER), > DELETEUSER(Code.USERTABLE), x MANAGEROLES(Code.ROLETABLE), x VIEWROLE(Code.VIEWROLE), x GOCREATEROLE(Code.CREATEROLE), x CREATEROLE(Code.VIEWROLE), > DELETEROLE(Code.ROLETABLE), > MANAGEENTITIES(Code.ENTITYTABLE), > VIEWENTITY(Code.VIEWENTITY), x ASSIGNROLE(Code.VIEWUSER), x UNASSIGNROLE(Code.VIEWUSER), x GRANTPRIV(Code.VIEWROLE), x UNGRANTPRIV(Code.VIEWROLE), */ // don't have to cover login or logout switch (button) { case MANAGEUSERS: log("Manage Users."); result = getUserList(button); break; case MANAGEROLES: log("Manage Roles."); result = getRoleList(button); break; case MANAGEENTITIES: // TODO check: is this necessary right now? finish role create, grant, // ungrant, assign, unassign log("Manage Entities."); result = getEntityList(button); break; case GOCREATEUSER: log("Create User Form: " + button.destination().getPage()); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case CREATEUSER: log("Create User."); String username = parameterMap.get(User.USERFLD)[0]; // TODO validate presence String password = parameterMap.get(User.PASSFLD)[0]; result = createUser(username, password); String createdUserId = ((Integer) result.objectValue()).toString(); result = findUser(createdUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), true); break; case GOVIEWUSER: log("View User."); String viewUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence result = findUser(viewUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); break; case GOEDITUSER: log("Edit this User."); String editUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence // right now it is just change password. // password, email // result = editUser(editUserId,...); result = findUser(editUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), true); break; // RESUME finish edit case EDITUSER: log("Edit User."); /* copied from create String username = parameterMap.get(User.USERFLD)[0];//TODO validate presence String password = parameterMap.get(User.PASSFLD)[0]; result = createUser(username,password); String createdUserId = ((Integer)result.objectValue()).toString(); result = findUser(createdUserId);//TODO check success result = createViewUser(button, (User)result.objectValue(),true); */ break; case ASSIGNROLE: log("Assign Role."); String userId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String roleId = parameterMap.get(ApplicationManager.ID2)[0]; result = assign(userId, roleId); // TODO check success result = findUser(userId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); case UNASSIGNROLE: log("Unassign Role."); String unassignUserId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String unassignRoleId = parameterMap.get(ApplicationManager.ID2)[0]; result = unassign(unassignUserId, unassignRoleId); // TODO check success result = findUser(unassignUserId); // TODO check success result = createViewUser(button, (User) result.objectValue(), false); break; case DELETEUSER: log("Delete User."); String deleteUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence // result = findUser(deleteUserId);//TODO check success result = deleteUser(deleteUserId); next = new Screen(this, button.destination()); result = getUserList(button); result.success(); break; case VIEWROLE: log("View Role."); String viewRoleId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence result = findRole(viewRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; case GOCREATEROLE: log("Create Role Form: " + button.destination().getPage()); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case CREATEROLE: log("Create a Role."); String rolename = parameterMap.get(Role.ROLEFLD)[0]; // TODO validate presence result = createRole(rolename); String createdRoleId = ((Integer) result.objectValue()).toString(); result = findRole(createdRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), true); break; case GRANTPRIV: log("Grant privilege"); String grantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String entityId = parameterMap.get(ApplicationManager.ID2)[0]; String privId = parameterMap.get(ApplicationManager.ID3)[0]; result = grant(grantRoleId, entityId, privId); // TODO check success result = findRole(grantRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; case UNGRANTPRIV: log("Ungrant privilege"); String ungrantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence String ungrantEentityId = parameterMap.get(ApplicationManager.ID2)[0]; String ungrantPrivId = parameterMap.get(ApplicationManager.ID3)[0]; result = ungrant(ungrantRoleId, ungrantEentityId, ungrantPrivId); // TODO check success result = findRole(ungrantRoleId); // TODO check success result = createViewRole(button, (Role) result.objectValue(), false); break; // NOTE broken below case BACK: log("Go Back."); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; case GOHOME: log("Go Home."); next = new Screen(this, button.destination()); result.objectValue(next); result.success(); break; default: result.invalidInput("Command not found."); break; } // valuesMap.put(USERLIST,userList); return result; }
protected boolean hasCount(Result executeCount) { Integer count = (Integer) executeCount.objectValue(); // TODO use guard code. log("Count:" + count); return count > 0; }