@Override
  public void init() {
    log("Initializing.");
    application = config.loadApplication();
    application.initialize();
    db =
        new Database(
            "jdbc:hsqldb:file:./data/",
            "accounting",
            "SA",
            ""); // config.DBURL,config.DATABASE,config.ADMIN_LOGIN,config.ADMIN_PASSWORD//TODO
    // secure.
    boolean goodConnection = db.testConnection();
    if (!goodConnection) {
      throw new IllegalStateException("Database failure.");
    }
    Result r = createManagementTables();
    if (r.notSuccessful()) {
      log("CreateManagementTables:" + r.name());
      return;
    }
    log("Created Management Tables.");
    r = fillAuxManagementTable();

    if (r.notSuccessful()) {
      log("FillAuxManagementTable:" + r.name());
      return;
    }
    log("Filled Management Tables.");
  }
  @Override
  public Result listPrivileges(Role role) {
    log("listing privileges.");
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R." + Role.MANAGER_ID + ", R.").append(Role.PRIV_ID);
    sb.append(" FROM ").append(Role.AUX_ROLE_PRIV).append(" R ");
    sb.append(" WHERE R.").append(Role.ROLE_ID);
    sb.append(" = ");
    sb.append(role.getId());
    sb.append(" ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r =
        db.executeSelectRolePrivileges(
            application, selectRolesSql, role); // (selectRolesSql,entityPrivs);
    log("map size:" + role.getPrivileges().size());
    return r;
  }
  @Override
  public Result listRoles(
      User user,
      List<Role>
          roleList) { // TODO see if this style of just returning desired object is good or not
    // since most return result.
    log("listing roles.");
    Result r = new Result();

    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
    sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");
    sb.append(" INNER JOIN ").append(User.AUX_USER_ROLE + " UR ");
    sb.append(" ON UR.").append(Role.ROLE_ID).append("=R.ID ");
    sb.append(" WHERE UR.").append(Role.USER_ID);
    sb.append(" = ");
    sb.append(user.getId());
    sb.append(" ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r = db.executeSelectRoles(selectRolesSql, roleList);
    log("list size:" + roleList.size());
    return r;
  }
 @Override
 public boolean hasAssignment(String userId, String roleId) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + User.AUX_USER_ROLE
           + " WHERE user_id = "
           + userId
           + " AND role_id = "
           + roleId
           + " "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasAssignment:" + result);
   return result;
 }
 @Override
 public boolean hasBeenGranted(String roleId, String entityId, String priv) {
   // TODO validate priv. (roleId,entityId)
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return result;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = "
           + roleId
           + " AND manager_id = "
           + entityId
           + " AND priv_id = "
           + priv
           + "  "; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("hasBeenGranted:" + result);
   return result;
 }
 @Override
 public Result createUser(String user, String pass) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!existsUser(user)) {
     String sInsert =
         "INSERT INTO "
             + User.AUX_USER
             + " ("
             + User.USERFLD
             + ","
             + User.PASSFLD
             + ") values ('"
             + user
             + "', '"
             + pass
             + "')"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("User already exists.");
   }
   return r;
 }
 @Override
 public boolean existsRole(String role) {
   boolean result = false;
   Result r = new Result();
   if (!loggedIn) {
     r = r.notAuthorized();
     return false;
   }
   String countSql =
       "SELECT COUNT(*) FROM "
           + Role.AUX_ROLE
           + " WHERE "
           + Role.ROLEFLD
           + " = '"
           + role
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeCountQuery(countSql);
   if (r.hasValue()) {
     Integer count = (Integer) r.objectValue();
     if (count > 0) {
       result = true;
     }
   }
   log("existsRole:" + result);
   return result;
 }
 @SuppressWarnings("rawtypes")
 private Result getEntityList(Screen.Button button) {
   Result result = new Result();
   Screen next;
   List<Manager> entityList = application.getManagers();
   next = new Screen(this, button.destination());
   next.setValue(Screen.AVAILABLE_ENTITIES, entityList);
   result.objectValue(next);
   result.success();
   return result;
 }
 /** DOC */
 public Result logout() {
   Result r = new Result();
   if (!loggedIn) {
     r.noResult();
     r.setMessage("Already logged out.");
   }
   loggedIn = false;
   r.success();
   ;
   return r;
 }
Exemplo n.º 10
0
 protected boolean haveRecords(String table) {
   boolean rv = false;
   String countQuery = "SELECT COUNT(*) FROM " + table;
   logsql(countQuery);
   Result dbr = db.executeCountQuery(countQuery);
   if (dbr.isSuccessful()) {
     rv = ((Integer) dbr.objectValue()) > 0;
   } else {
     log("haveRecords(" + table + ")" + dbr.name());
   }
   return rv;
 }
Exemplo n.º 11
0
 private Result getUserList(Screen.Button button) {
   Result result;
   Screen next;
   List<User> userList = new ArrayList<User>();
   result = listUsers(userList);
   if (result.isSuccessful()) {
     next = new Screen(this, button.destination());
     next.setValue(Screen.USERS_LIST, userList);
     result.objectValue(next);
   } else {
     log(result.getReason().name());
     log(result.allMessages());
   }
   return result;
 }
Exemplo n.º 12
0
 private Result getRoleList(Screen.Button button) {
   Result result;
   Screen next;
   List<Role> roleList = new ArrayList<Role>();
   result = listAllRoles(roleList);
   if (result.isSuccessful()) {
     next = new Screen(this, button.destination());
     next.setValue(Screen.AVAILABLE_ROLES, roleList);
     result.objectValue(next);
   } else {
     log(result.getReason().name());
     log(result.allMessages());
   }
   return result;
 }
Exemplo n.º 13
0
 /**
  * DOC
  *
  * @param role
  * @param manager
  * @param privilege
  * @return
  */
 @SuppressWarnings("rawtypes")
 public boolean denyAccess(Role role, Manager manager, Privilege privilege) {
   boolean rv = true;
   String countSql =
       "SELECT count(*) FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = ? and manager_id = ? and priv_id = ? ";
   Result r = db.executeCountQuery(countSql);
   if (r.isSuccessful()) {
     Integer count = (Integer) r.objectValue();
     rv = (count == Base.ZERO);
   } else {
     log("Deny access query:" + countSql + " failed:" + r.name());
   }
   return rv;
 }
Exemplo n.º 14
0
 @Override
 public Result deleteUser(String user) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + User.AUX_USER
           + " WHERE "
           + User.USERFLD
           + " = '"
           + user
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Exemplo n.º 15
0
 @Override
 public Result deleteRole(String role) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + Role.AUX_ROLE
           + " WHERE "
           + Role.ROLEFLD
           + " = '"
           + role
           + "'"; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Exemplo n.º 16
0
 @Override
 public Result unassign(String userId, String roleId) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + User.AUX_USER_ROLE
           + " WHERE user_id = "
           + userId
           + " AND role_id = "
           + roleId
           + " "; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Exemplo n.º 17
0
  private Result createViewRole(Button button, Role role, boolean redirect) {
    Result result = new Result();
    Screen next;
    next = new Screen(this, button.destination());
    if (redirect) {
      next.makeRedirect();
    }
    // Integer usrId = user.getId();
    result = listPrivileges(role);
    next.setValue(Screen.VIEW_ROLE, role);
    next.setValue(Screen.AVAILABLE_ENTITIES, application.getManagers());
    next.setValue(Screen.AVAILABLE_PRIVILEGES, Privilege.values());

    result.objectValue(next);

    result.success();
    return result;
  }
Exemplo n.º 18
0
  @SuppressWarnings("rawtypes")
  protected Result fillAuxManagementTable() {
    Result r = new Result();
    if (!haveRecords(Manager.AUX_MANAGER)) {
      List<Manager> managers = application.getManagers();
      int i = 0;
      for (Manager m : managers) {
        i++;
        String sInsert =
            "INSERT INTO "
                + Manager.AUX_MANAGER
                + " (id,manager) values ("
                + i
                + ",'"
                + m.getName()
                + "')";
        String identitySql = "CALL IDENTITY();";
        logsql(sInsert);
        r = db.executeInsert(sInsert, identitySql);
        Integer managerId = (Integer) r.objectValue(); // TODO safeguards
        m.setManagerId(managerId);
      }
    }
    String countQuery = "SELECT COUNT(*) FROM " + Manager.AUX_MANAGER + " ";
    logsql(countQuery);
    Result c = db.executeCountQuery(countQuery);
    if (hasCount(c)) {
      db.debugSelectAll("SELECT * FROM " + Manager.AUX_MANAGER + " ");

      List<Manager> managers = application.getManagers();
      int i = 0;
      for (Manager m : managers) {
        i++;
        String sSelect =
            "SELECT ID FROM " + Manager.AUX_MANAGER + " WHERE manager='" + m.getName() + "' ";
        logsql(sSelect);
        r = db.executeSelect(sSelect, m);
      }
    }
    r.success();
    ;
    return r;
  }
Exemplo n.º 19
0
  public Result findRole(String roleId) {
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    Role role = new Role();
    String selectRoleSql = "SELECT * FROM " + Role.AUX_ROLE + " WHERE " + "ID = " + roleId + "  ";

    r = db.executeSingleSelectQuery(selectRoleSql, role);
    if (!role.isValid()) {
      r.error("User object not valid.");
    } else {
      if (r.isSuccessful()) {
        r.objectValue(role);
      }
    }
    return r;
  }
Exemplo n.º 20
0
  @Override
  public Result grant(String roleId, String entityId, String priv) {
    // TODO validate priv. (roleId,entityId)
    // List<Result> rlist = new ArrayList<Result>();
    // TODO  ensure it doesn't already exist.
    Result r = new Result();
    if (!loggedIn) {
      return r.notAuthorized();
    }
    List<String> entityIds = new ArrayList<String>();
    if (Base.ALL.equals(entityId)) {
      String sSelectIds = "SELECT ID FROM " + Manager.AUX_MANAGER + " ";
      Result selectResult = db.executeSelectAllIds(sSelectIds, entityIds);
      if (selectResult.notSuccessful()) {
        return selectResult;
      }
    } else {
      entityIds.add(entityId);
    }

    boolean found = false;
    for (String s : entityIds) {
      if (!found) {
        found = true;
      }
      if (!hasBeenGranted(roleId, s, priv)) {
        String sInsert =
            "INSERT INTO "
                + Role.AUX_ROLE_PRIV
                + " (role_id, manager_id, priv_id) values ("
                + roleId
                + ","
                + s
                + ","
                + priv
                + ")"; // TODO sql injection, used pstmt setString?
        String identitySql = "CALL IDENTITY();";
        r = db.executeInsert(sInsert, identitySql);
        if (r.notSuccessful()) {
          return r;
        }
      }
    }
    if (!found) {
      r.noResult();
      r.setMessage("All privileges were already granted.");
    } else {
      r.success();
      ; // some privileges exist.
    }

    return r;
  }
Exemplo n.º 21
0
  @Override
  public Result findUser(String userId) {
    Result r = new Result();
    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    User user = new User();
    String selectUserSql = "SELECT * FROM " + User.AUX_USER + " WHERE " + "ID = " + userId + "  ";

    r = db.executeSingleSelectQuery(selectUserSql, user);
    if (!user.isValid()) {
      r.error("User object not valid.");
    } else {
      if (r.isSuccessful()) {
        r.objectValue(user);
      }
    }
    return r;
  }
Exemplo n.º 22
0
  @Override
  public Result listAllRoles(List<Role> roleList) {
    log("listing roles.");
    Result r = new Result();

    if (!loggedIn) {
      r = r.notAuthorized();
      return r;
    }
    StringBuffer sb = new StringBuffer(); // TODO put this in sql translator
    sb.append("SELECT R.ID, R.").append(Role.ROLEFLD);
    sb.append(" FROM ").append(Role.AUX_ROLE).append(" R ");

    String selectRolesSql = sb.toString();
    logsql(selectRolesSql);

    r = db.executeSelectRoles(selectRolesSql, roleList);
    log("list size:" + roleList.size());
    return r;
  }
Exemplo n.º 23
0
 @Override
 public Result ungrant(String roleId, String entityId, String priv) {
   // TODO validate priv. (roleId,entityId)
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   String deleteSql =
       "DELETE FROM "
           + Role.AUX_ROLE_PRIV
           + " WHERE role_id = "
           + roleId
           + " AND manager_id = "
           + entityId
           + " AND priv_id = "
           + priv
           + "  "; // TODO sql injection, used pstmt setString?
   r = db.executeDelete(deleteSql);
   return r;
 }
Exemplo n.º 24
0
 /**
  * DOC
  *
  * @return
  */
 protected Result destroyManagementTables() {
   Result r = new Result();
   String[] dropTables =
       new String[] {
         Role.AUX_ROLE_PRIV,
         User.AUX_USER_ROLE,
         User.AUX_USER,
         Role.AUX_ROLE,
         Model.AUX_MODEL,
         Manager.AUX_MANAGER
       };
   String dropSql = "";
   for (String s : dropTables) {
     dropSql = "DROP TABLE " + s;
     db.executeDDL(dropSql);
   }
   r.success();
   ;
   return r;
 }
Exemplo n.º 25
0
 @Override
 public Result createRole(String role) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!existsRole(role)) {
     String sInsert =
         "INSERT INTO "
             + Role.AUX_ROLE
             + " (role) values ('"
             + role
             + "')"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("Role already exists.");
   }
   return r;
 }
Exemplo n.º 26
0
 /**
  * DOC
  *
  * @param username
  * @param pass
  * @return
  */
 public Result login(String username, String pass) {
   Result r = new Result();
   if (loggedIn) {
     log("Already logged in.");
     r.setMessage("Already logged in.");
     r.success();
     // r.setNext("/ray/adminHome.jsp");
   } else {
     log("config.ADMIN_LOGIN:"******"username:'******'");
     log("config.ADMIN_PASSWORD:"******"pass:'******'");
     boolean valid = config.ADMIN_LOGIN.equals(username) && config.ADMIN_PASSWORD.equals(pass);
     if (valid) {
       log("User found.");
       User user = new User(username, pass);
       r.success();
       r.objectValue(user);
       loggedIn = true;
     } else {
       log("User not found.");
       r = r.notAuthorized();
     }
   }
   return r;
 }
Exemplo n.º 27
0
 @Override
 public Result assign(String userId, String roleId) {
   Result r = new Result();
   if (!loggedIn) {
     return r.notAuthorized();
   }
   if (!hasAssignment(userId, roleId)) {
     String sInsert =
         "INSERT INTO "
             + User.AUX_USER_ROLE
             + " (user_id, role_id) values ("
             + userId
             + ","
             + roleId
             + ")"; // TODO sql injection, used pstmt setString?
     String identitySql = "CALL IDENTITY();";
     r = db.executeInsert(sInsert, identitySql);
   } else {
     r.noResult();
     r.setMessage("Assignment already exists.");
   }
   return r;
 }
Exemplo n.º 28
0
  private Result createViewUser(Screen.Button button, User user, boolean redirect) {
    Result result = new Result();
    Screen next;
    next = new Screen(this, button.destination());
    if (redirect) {
      next.makeRedirect();
    }
    // Integer usrId = user.getId();

    next.setValue(Screen.VIEW_USER, user);
    List<Role> roleList = new ArrayList<Role>();
    result = listRoles(user, roleList); // TODO check if successful

    List<Role> allRoles = new ArrayList<Role>();
    result = listAllRoles(allRoles);

    subtractRolesNotAssigned(allRoles, roleList);

    next.setValue(Screen.USER_ROLES, roleList);
    next.setValue(Screen.AVAILABLE_ROLES, allRoles);
    result.objectValue(next);
    result.success();
    return result;
  }
Exemplo n.º 29
0
  /**
   * DOC
   *
   * @return
   */
  protected Result createManagementTables() {
    Result r = new Result();
    if (!db.exists(Manager.AUX_MANAGER)) {
      // TODO move some of this to SqlTranslator.
      String createAuxSql =
          "CREATE TABLE "
              + Manager.AUX_MANAGER
              + " ("
              + SqlTranslator.PLAIN_PK
              + ", manager VARCHAR(50) )";
      r = db.executeDDL(createAuxSql);
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + Manager.AUX_MANAGER + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        String selectAllManagers = "SELECT * FROM " + Manager.AUX_MANAGER + " ";
        db.debugSelectAll(selectAllManagers);
      }
    }

    if (!db.exists(Model.AUX_MODEL)) {
      StringBuffer sb = new StringBuffer();
      sb.append("CREATE TABLE " + Model.AUX_MODEL + " (" + SqlTranslator.AUTO_PK + ", ");
      sb.append("MANAGER_ID INTEGER, ");
      sb.append("MODEL_ID INTEGER, ");
      sb.append("CHANGE_ID INTEGER, ");
      sb.append("EVENT_ID INTEGER, ");
      sb.append("EVENT_STAMP TIMESTAMP, ");
      sb.append("USER_ID INTEGER, ");
      sb.append("TXFR_USER_ID INTEGER, ");
      sb.append("CLIENT VARCHAR(200), ");
      sb.append("ROLE_ID INTEGER, ");
      sb.append("SIGNATURE VARCHAR(500), ");
      // sb.append("CHANGES VARCHAR(8000), ");
      sb.append("COMMENTS VARCHAR(500) ");
      sb.append(")");
      r = db.executeDDL(sb.toString());
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + Model.AUX_MODEL + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        db.debugSelectAll("SELECT * FROM " + Model.AUX_MODEL + " ");
      }
    }

    if (!db.exists(Role.AUX_ROLE)) {
      String createAuxSql =
          "CREATE TABLE "
              + Role.AUX_ROLE
              + " ("
              + SqlTranslator.AUTO_PK
              + ",  "
              + Role.ROLEFLD
              + " VARCHAR(50) )";
      r = db.executeDDL(createAuxSql);
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + Role.AUX_ROLE + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        db.debugSelectAll("SELECT * FROM " + Role.AUX_ROLE + " ");
      }
    }

    if (!db.exists(User.AUX_USER)) {
      String createAuxSql =
          "CREATE TABLE "
              + User.AUX_USER
              + " ("
              + SqlTranslator.AUTO_PK
              + ", "
              + User.USERFLD
              + " VARCHAR(50), "
              + User.PASSFLD
              + " VARCHAR(50) )"; // TODO security
      r = db.executeDDL(createAuxSql);
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + User.AUX_USER + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        db.debugSelectAll("SELECT * FROM " + User.AUX_USER + " ");
      }
    }
    // one role at a time in session.
    if (!db.exists(User.AUX_USER_ROLE)) {
      String createAuxSql =
          "CREATE TABLE "
              + User.AUX_USER_ROLE
              + " ("
              + SqlTranslator.AUTO_PK
              + ", "
              + Role.USER_ID
              + " INTEGER, "
              + Role.ROLE_ID
              + " INTEGER )";
      r = db.executeDDL(createAuxSql);
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + User.AUX_USER_ROLE + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        db.debugSelectAll("SELECT * FROM " + User.AUX_USER_ROLE + " ");
      }
    }

    if (!db.exists(Role.AUX_ROLE_PRIV)) {
      String createAuxSql =
          "CREATE TABLE "
              + Role.AUX_ROLE_PRIV
              + " ("
              + SqlTranslator.AUTO_PK
              + ", "
              + Role.ROLE_ID
              + " INTEGER, "
              + Role.MANAGER_ID
              + " INTEGER, "
              + Role.PRIV_ID
              + " INTEGER )";
      r = db.executeDDL(createAuxSql);
    } else {
      String countQuery = "SELECT COUNT(*) FROM " + Role.AUX_ROLE_PRIV + " ";
      logsql(countQuery);
      Result c = db.executeCountQuery(countQuery);
      if (hasCount(c)) {
        db.debugSelectAll("SELECT * FROM " + Role.AUX_ROLE_PRIV + " ");
      }
    }
    /*
    final String AUX_PRIV = "aux_priv";
    if(!db.exists(AUX_PRIV)){
    	String createAuxSql = "CREATE TABLE "+AUX_PRIV+" ("+AUTO_PK+", priv_name VARCHAR(50) )";
    	check(db.executeDDL(createAuxSql));
    }
    */
    r.success();
    ;
    return r;
  }
Exemplo n.º 30
0
  /*
   * RESUME create something that will create a screen based on code and results.
   *
   * (non-Javadoc)
   * @see jhg.appman.ApplicationManager#service(jhg.appman.Screen.Button, java.util.Map)
   */
  @Override
  public Result service(
      Screen.Button button,
      Map<String, String[]> parameterMap) { // , Map<String,Object> valuesMap) {
    log("service(String,Map)");
    Result result = new Result();
    Screen next = null;
    if (!loggedIn) {
      return result.notAuthorized();
    }
    /*   TODO: finish the remaining cases/commands
    > BACK(null),
    x LOGIN(Code.ADMINHOME),
    x LOGOUT(Code.AUTHENTICATE),
    x GOHOME(Code.ADMINHOME),
    x MANAGEUSERS(Code.USERTABLE),
    x GOVIEWUSER(Code.VIEWUSER),
    x GOCREATEUSER(Code.CREATEUSER),
    x CREATEUSER(Code.VIEWUSER),
    x GOEDITUSER(Code.EDITUSER),
    EDITUSER(Code.VIEWUSER),
    > DELETEUSER(Code.USERTABLE),
    x MANAGEROLES(Code.ROLETABLE),
    x VIEWROLE(Code.VIEWROLE),
    x GOCREATEROLE(Code.CREATEROLE),
    x CREATEROLE(Code.VIEWROLE),
    > DELETEROLE(Code.ROLETABLE),
    > MANAGEENTITIES(Code.ENTITYTABLE),
    > VIEWENTITY(Code.VIEWENTITY),
    x ASSIGNROLE(Code.VIEWUSER),
    x UNASSIGNROLE(Code.VIEWUSER),
    x GRANTPRIV(Code.VIEWROLE),
    x UNGRANTPRIV(Code.VIEWROLE),
     */
    // don't have to cover login or logout
    switch (button) {
      case MANAGEUSERS:
        log("Manage Users.");
        result = getUserList(button);
        break;
      case MANAGEROLES:
        log("Manage Roles.");
        result = getRoleList(button);
        break;
      case MANAGEENTITIES: // TODO check: is this necessary right now? finish role create, grant,
        // ungrant, assign, unassign
        log("Manage Entities.");
        result = getEntityList(button);
        break;
      case GOCREATEUSER:
        log("Create User Form: " + button.destination().getPage());
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case CREATEUSER:
        log("Create User.");
        String username = parameterMap.get(User.USERFLD)[0]; // TODO validate presence
        String password = parameterMap.get(User.PASSFLD)[0];
        result = createUser(username, password);
        String createdUserId = ((Integer) result.objectValue()).toString();
        result = findUser(createdUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), true);
        break;
      case GOVIEWUSER:
        log("View User.");
        String viewUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        result = findUser(viewUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
        break;
      case GOEDITUSER:
        log("Edit this User.");
        String editUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        // right now it is just change password.
        // password, email
        // result = editUser(editUserId,...);
        result = findUser(editUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), true);
        break; // RESUME finish edit
      case EDITUSER:
        log("Edit User.");
        /* copied from create
        String username = parameterMap.get(User.USERFLD)[0];//TODO validate presence
        String password = parameterMap.get(User.PASSFLD)[0];
        result = createUser(username,password);
        String createdUserId = ((Integer)result.objectValue()).toString();
        result = findUser(createdUserId);//TODO check success
        result = createViewUser(button, (User)result.objectValue(),true);
         */
        break;
      case ASSIGNROLE:
        log("Assign Role.");
        String userId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String roleId = parameterMap.get(ApplicationManager.ID2)[0];
        result = assign(userId, roleId); // TODO check success
        result = findUser(userId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
      case UNASSIGNROLE:
        log("Unassign Role.");
        String unassignUserId =
            parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String unassignRoleId = parameterMap.get(ApplicationManager.ID2)[0];
        result = unassign(unassignUserId, unassignRoleId); // TODO check success
        result = findUser(unassignUserId); // TODO check success
        result = createViewUser(button, (User) result.objectValue(), false);
        break;
      case DELETEUSER:
        log("Delete User.");
        String deleteUserId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        // result = findUser(deleteUserId);//TODO check success
        result = deleteUser(deleteUserId);
        next = new Screen(this, button.destination());
        result = getUserList(button);
        result.success();
        break;
      case VIEWROLE:
        log("View Role.");
        String viewRoleId = parameterMap.get(ApplicationManager.ID)[0]; // TODO validate presence
        result = findRole(viewRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
      case GOCREATEROLE:
        log("Create Role Form: " + button.destination().getPage());
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case CREATEROLE:
        log("Create a Role.");
        String rolename = parameterMap.get(Role.ROLEFLD)[0]; // TODO validate presence
        result = createRole(rolename);
        String createdRoleId = ((Integer) result.objectValue()).toString();
        result = findRole(createdRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), true);
        break;
      case GRANTPRIV:
        log("Grant privilege");
        String grantRoleId = parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String entityId = parameterMap.get(ApplicationManager.ID2)[0];
        String privId = parameterMap.get(ApplicationManager.ID3)[0];
        result = grant(grantRoleId, entityId, privId); // TODO check success
        result = findRole(grantRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
      case UNGRANTPRIV:
        log("Ungrant privilege");
        String ungrantRoleId =
            parameterMap.get(ApplicationManager.ID1)[0]; // TODO validate presence
        String ungrantEentityId = parameterMap.get(ApplicationManager.ID2)[0];
        String ungrantPrivId = parameterMap.get(ApplicationManager.ID3)[0];
        result = ungrant(ungrantRoleId, ungrantEentityId, ungrantPrivId); // TODO check success
        result = findRole(ungrantRoleId); // TODO check success
        result = createViewRole(button, (Role) result.objectValue(), false);
        break;
        // NOTE broken below
      case BACK:
        log("Go Back.");
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      case GOHOME:
        log("Go Home.");
        next = new Screen(this, button.destination());
        result.objectValue(next);
        result.success();
        break;
      default:
        result.invalidInput("Command not found.");
        break;
    }
    // valuesMap.put(USERLIST,userList);

    return result;
  }