示例#1
0
  /**
   * @param request
   * @param tableCategoryId
   * @paqram includeAction if true, will load webactions also
   * @return elements are Table or WebAction
   */
  public List getChildrenOfTableCategory(
      HttpServletRequest request, int tableCategoryId, boolean includeAction) {
    TableManager manager = TableManager.getInstance();

    WebAction action;
    ArrayList cats = new ArrayList();
    Connection conn = null;
    HashMap webActionEnv = null;
    Table table;
    UserWebImpl userWeb =
        ((UserWebImpl)
            WebUtils.getSessionContextManager(request.getSession())
                .getActor(nds.util.WebKeys.USER));

    TableCategory tc = manager.getTableCategory(tableCategoryId);
    List children = tc.children();
    ArrayList catschild = new ArrayList();
    try {
      if (includeAction) {
        conn = QueryEngine.getInstance().getConnection();
        webActionEnv = new HashMap();
        webActionEnv.put("connection", conn);
        webActionEnv.put("httpservletrequest", request);
        webActionEnv.put("userweb", userWeb);
      }
      for (int j = 0; j < children.size(); j++) {
        if (children.get(j) instanceof Table) {
          table = (Table) children.get(j);
          if (!table.isMenuObject()) {
            continue;
          }
          try {
            WebUtils.checkTableQueryPermission(table.getName(), request);
          } catch (NDSSecurityException e) {
            continue;
          }
          // table is ok for current user to list
          catschild.add(table);
        } else if (children.get(j) instanceof WebAction) {
          if (includeAction) {
            action = (WebAction) children.get(j);
            if (action.canDisplay(webActionEnv)) catschild.add(action);
          }
        } else {
          throw new NDSRuntimeException(
              "Unsupported element in TableCategory children:" + children.get(j).getClass());
        }
      }
    } catch (Throwable t) {
      logger.error("Fail to load subsystem tree", t);
    } finally {
      try {
        if (conn != null) conn.close();
      } catch (Throwable e) {
      }
    }
    return catschild;
  }
  private void handleSignupPost(Request request, HttpServletResponse httpServletResponse)
      throws Exception {
    String userId = request.getParameter(PARAM_USER_ID);
    String userName = request.getParameter(PARAM_USER_NAME);
    String email = request.getParameter(PARAM_EMAIL);
    String stringPassword = request.getParameter(PARAM_PASSWORD);
    String stringPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);

    if (!stringPassword.equals(stringPasswordConfirm)) {
      WebUtils.redirectToError(
          "Mismatch between password and password confirmation", request, httpServletResponse);
      return;
    }

    SecureRandom secureRandom = new SecureRandom();
    String salt = "" + secureRandom.nextLong();
    byte[] password = User.computeHashedPassword(stringPassword, salt);
    User user = userDb.get(userId);
    if (user != null) {
      WebUtils.redirectToError(
          "There already exists a user with the ID " + userId, request, httpServletResponse);
      return;
    }

    user =
        new User(
            userId,
            userName,
            password,
            salt,
            email,
            new ArrayList<String>(),
            Config.getConfig().activateAccountsAtCreation,
            false);
    // ttt2 add confirmation by email, captcha, ...
    List<String> fieldErrors = user.checkFields();
    if (!fieldErrors.isEmpty()) {
      StringBuilder bld =
          new StringBuilder("Invalid values when trying to create user with ID ")
              .append(userId)
              .append("<br/>");
      for (String s : fieldErrors) {
        bld.append(s).append("<br/>");
      }
      WebUtils.redirectToError(bld.toString(), request, httpServletResponse);
      return;
    }

    // ttt2 2 clients can add the same userId simultaneously
    userDb.add(user);

    httpServletResponse.sendRedirect("/");
  }
示例#3
0
 /**
  * MU_FAVORITE
  *
  * @throws Exception cyl
  * @param request
  * @return elements are Table or WebAction and menu list
  * @paqram includeAction if true?not now
  */
 public List getSubSystemsOfmufavorite(HttpServletRequest request) throws Exception {
   ArrayList mufavorite = new ArrayList();
   TableManager manager = TableManager.getInstance();
   // Table table;
   try {
     UserWebImpl userWeb =
         ((UserWebImpl)
             WebUtils.getSessionContextManager(request.getSession())
                 .getActor(nds.util.WebKeys.USER));
     int userid = userWeb.getUserId();
     List al =
         QueryEngine.getInstance()
             .doQueryList(
                 "select t.ad_table_id,t.fa_menu,t.menu_re,t.IS_REPORT from MU_FAVORITE t where t.ownerid="
                     + String.valueOf(userid)
                     + " group by t.ad_table_id,t.menu_no,t.fa_menu,t.menu_re,t.IS_REPORT,t.creationdate order by t.menu_no,t.creationdate asc");
     logger.debug("MU_FAVORITE size is " + String.valueOf(al.size()));
     if (al.size() > 0) {
       for (int i = 0; i < al.size(); i++) {
         // ArrayList catschild= new ArrayList();
         List als = (List) al.get(i);
         String fa_menu = (String) als.get(1);
         String menu_re = (String) als.get(2);
         String isreport = (String) als.get(3);
         int table_id = Tools.getInt(als.get(0), -1);
         Table table = manager.getTable(table_id);
         logger.debug(table.getName());
         /*
         if(!table.isMenuObject()){
                     	continue;
                     	//because many table is webaction not ismenuobject
                     }*/
         try {
           WebUtils.checkTableQueryPermission(table.getName(), request);
         } catch (NDSSecurityException e) {
           continue;
         }
         logger.debug("add_table    ->" + table.getName());
         ArrayList row = new ArrayList();
         row.add(fa_menu);
         row.add(menu_re);
         row.add(isreport);
         row.add(table);
         mufavorite.add(row);
       }
     }
   } catch (Throwable t) {
     logger.error("Fail to load mufavorite", t);
   }
   return mufavorite;
 }
  private void handleChangePasswordPost(Request request, HttpServletResponse httpServletResponse)
      throws Exception {

    LoginInfo loginInfo = userHelpers.getLoginInfo(request);
    if (loginInfo == null) {
      WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
      return;
    }

    String userId = loginInfo.userId;
    String stringCrtPassword = request.getParameter(PARAM_CURRENT_PASSWORD);
    String stringNewPassword = request.getParameter(PARAM_PASSWORD);
    String stringNewPasswordConfirm = request.getParameter(PARAM_PASSWORD_CONFIRM);

    if (!stringNewPassword.equals(stringNewPasswordConfirm)) {
      showResult(
          "Mismatch between password and password confirmation",
          PATH_SETTINGS,
          request,
          httpServletResponse);
      return;
    }

    User user =
        userDb.get(
            userId); // ttt1 crashes for wrong ID; 2013.07.20 - no longer have an idea what this is
                     // about
    if (user == null) {
      WebUtils.redirectToError("Couldn't find the current user", request, httpServletResponse);
      return;
    }

    if (!user.checkPassword(stringCrtPassword)) {
      showResult("Incorrect current password", PATH_SETTINGS, request, httpServletResponse);
      return;
    }

    SecureRandom secureRandom = new SecureRandom();
    String salt = "" + secureRandom.nextLong();
    byte[] password = User.computeHashedPassword(stringNewPassword, salt);
    user.salt = salt;
    user.password = password;

    // ttt3 2 clients can change the password simultaneously
    userDb.add(user);

    // httpServletResponse.sendRedirect(PATH_SETTINGS);
    showResult("Password changed", PATH_SETTINGS, request, httpServletResponse);
  }
示例#5
0
  /**
   * @param request
   * @param subSystemId
   * @return
   */
  private boolean containsViewableActions(HttpServletRequest request, SubSystem ss) {
    List<WebAction> list = ss.getWebActions();
    Connection conn = null;
    try {
      UserWebImpl userWeb =
          ((UserWebImpl)
              WebUtils.getSessionContextManager(request.getSession())
                  .getActor(nds.util.WebKeys.USER));
      conn = QueryEngine.getInstance().getConnection();
      HashMap webActionEnv = new HashMap();
      webActionEnv.put("connection", conn);
      webActionEnv.put("httpservletrequest", request);
      webActionEnv.put("userweb", userWeb);

      for (int i = 0; i < list.size(); i++) {
        WebAction wa = list.get(i);
        if (wa.canDisplay(webActionEnv)) {
          return true;
        }
      }
    } catch (Throwable t) {
      logger.error("Fail to load subsystem webaction", t);
    } finally {
      try {
        if (conn != null) conn.close();
      } catch (Throwable te) {
      }
    }
    return false;
  }
  private void handleChangeSettingsPost(Request request, HttpServletResponse httpServletResponse)
      throws Exception {

    LoginInfo loginInfo = userHelpers.getLoginInfo(request);
    if (loginInfo == null) {
      WebUtils.redirectToError("Couldn't determine the current user", request, httpServletResponse);
      return;
    }

    String stringItemsPerPage = request.getParameter(PARAM_ITEMS_PER_PAGE);
    try {
      loginInfo.itemsPerPage = Integer.parseInt(stringItemsPerPage);
    } catch (Exception e) {
      showResult(
          "Error trying to set the items per page. Expected integer value but got "
              + stringItemsPerPage,
          PATH_SETTINGS,
          request,
          httpServletResponse);
      return;
    }
    loginInfo.style = request.getParameter(PARAM_STYLE);
    loginInfo.feedDateFormat =
        request.getParameter(PARAM_FEED_DATE_FORMAT); // ttt2 validate, better in JSP

    loginInfoDb.add(loginInfo);

    // httpServletResponse.sendRedirect(PATH_SETTINGS);
    showResult("Settings changed", "/", request, httpServletResponse);
  }
 private void handleOpenArticle(
     Request request, HttpServletResponse httpServletResponse, String target) throws Exception {
   try {
     int k1 = target.indexOf('/', 1);
     int k2 = target.indexOf('/', k1 + 1);
     String feedId = target.substring(k1 + 1, k2);
     String strSeq = target.substring(k2 + 1);
     int seq = Integer.parseInt(strSeq);
     Article article = articleDb.get(feedId, seq);
     LoginInfo loginInfo = userHelpers.getLoginInfo(request);
     // ttt2 using the link from a non-authenticated browser causes a NPE; maybe do something
     // better, e.g. sign up
     ReadArticlesColl readArticlesColl = readArticlesCollDb.get(loginInfo.userId, feedId);
     if (readArticlesColl == null) {
       readArticlesColl = new ReadArticlesColl(loginInfo.userId, feedId);
     }
     if (!readArticlesColl.isRead(seq)) {
       readArticlesColl.markRead(seq, Config.getConfig().maxSizeForReadArticles);
       readArticlesCollDb.add(readArticlesColl);
     }
     String s =
         URIUtil.encodePath(article.url)
             .replace("%3F", "?")
             .replace("%23", "#"); // ttt2 see how to do this right
     httpServletResponse.sendRedirect(s);
   } catch (Exception e) {
     WebUtils.showResult(
         String.format("Failed to get article for path %s. %s", target, e),
         "/",
         request,
         httpServletResponse);
   }
 }
示例#8
0
  /**
   * Get viewable subsystem list
   *
   * @param request
   * @return never null, elements are nds.schema.SubSystem
   */
  public List getSubSystems(HttpServletRequest request) {
    UserWebImpl userWeb =
        ((UserWebImpl)
            WebUtils.getSessionContextManager(request.getSession())
                .getActor(nds.util.WebKeys.USER));
    ArrayList subs = new ArrayList();
    if (userWeb.getUserId() == userWeb.GUEST_ID) {
      return subs;
    }
    List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id
    TableManager manager = TableManager.getInstance();
    if (al != null) {

      for (int i = 0; i < al.size(); i++) {
        int sid = ((Integer) al.get(i)).intValue();
        SubSystem ss = manager.getSubSystem(sid);
        if (ss != null) subs.add(ss);
      }
    } else {
      // search all tablecategoris for subsystem
      // add users subsystems param
      al = new ArrayList();
      String[] sub_list;
      try {
        String subsystems =
            (String)
                QueryEngine.getInstance()
                    .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId());
        if (Validator.isNotNull(subsystems)) {
          sub_list = subsystems.split(",");
          for (int m = 0; m < sub_list.length; m++) {
            SubSystem usersub = manager.getSubSystem(sub_list[m].trim());

            if (usersub != null) {
              if (usersub.getId() == 10) continue;
              al.add(new Integer(usersub.getId()));
              subs.add(usersub);
            }
          }
          userWeb.setProperty("subsystems", al);
          return subs;
        }
      } catch (QueryException e) {
        logger.error("Fail to load subsystems from users", e);
      }

      for (int i = 0; i < manager.getSubSystems().size(); i++) {
        SubSystem ss = (SubSystem) manager.getSubSystems().get(i);
        if (containsViewableChildren(request, ss)) {
          al.add(new Integer(ss.getId()));
          subs.add(ss);
        }
      }
      userWeb.setProperty("subsystems", al);
    }
    return subs;
  }
示例#9
0
  /**
   * Return table categories and table that user has view permission
   *
   * @param request
   * @param subSystemId
   * @return never null, elements are List, containing 2 elements: 1)when first element is
   *     nds.schema.TableCategory, then second will be java.util.List (nds.schema.Table or
   *     nds.schema.WebAction) 2) when first element is nds.schema.WebAction, then second is null
   */
  public List getTableCategories(
      HttpServletRequest request, int subSystemId, boolean includeActions) {
    // Create categories and their tables in hashtable
    TableManager manager = TableManager.getInstance();
    // Iterator tables = manager.getAllTables().iterator();
    // Hashtable categories = new Hashtable(50,20); // key:Integer(category id), values :List of
    // table
    SubSystem ss;
    Integer tableCategoryId;
    Table table;
    WebAction action;
    ArrayList cats = new ArrayList();
    Connection conn = null;
    HashMap webActionEnv = null;
    try {
      UserWebImpl userWeb =
          ((UserWebImpl)
              WebUtils.getSessionContextManager(request.getSession())
                  .getActor(nds.util.WebKeys.USER));
      if (includeActions) {
        conn = QueryEngine.getInstance().getConnection();
        webActionEnv = new HashMap();
        webActionEnv.put("connection", conn);
        webActionEnv.put("httpservletrequest", request);
        webActionEnv.put("userweb", userWeb);
      }
      List categories = manager.getSubSystem(subSystemId).children();
      for (int i = 0; i < categories.size(); i++) {
        Object o = categories.get(i); // TableCategory or WebAction
        if (o instanceof TableCategory) {
          TableCategory tc = (TableCategory) o;
          List children = tc.children();
          ArrayList catschild = new ArrayList();
          for (int j = 0; j < children.size(); j++) {
            if (children.get(j) instanceof Table) {
              table = (Table) children.get(j);
              if (!table.isMenuObject()) {
                continue;
              }
              try {
                WebUtils.checkTableQueryPermission(table.getName(), request);
              } catch (NDSSecurityException e) {
                continue;
              }
              // table is ok for current user to list
              catschild.add(table);
            } else if (children.get(j) instanceof WebAction) {
              if (includeActions) {
                action = (WebAction) children.get(j);
                if (action.canDisplay(webActionEnv)) catschild.add(action);
              }
            } else {
              throw new NDSRuntimeException(
                  "Unsupported element in TableCategory children:" + children.get(j).getClass());
            }
          }
          if (catschild.size() > 0) {
            // show this category
            ArrayList row = new ArrayList();
            row.add(tc);
            row.add(catschild);
            cats.add(row);
          }
        } else if (o instanceof WebAction) {
          if (includeActions && ((WebAction) o).canDisplay(webActionEnv)) {
            ArrayList row = new ArrayList();
            row.add(o);
            row.add(Collections.EMPTY_LIST);
            cats.add(row);
          }
        } else {
          throw new NDSException(
              "Unexpected class in subsystem (id=" + subSystemId + "), class is " + o.getClass());
        }
      }
    } catch (Throwable t) {
      logger.error("Fail to load subsystem tree", t);
    } finally {
      try {
        if (conn != null) conn.close();
      } catch (Throwable e) {
      }
    }

    return cats;
  }
示例#10
0
  /**
   * menu action
   *
   * @throws Exception cyl
   * @param request
   * @param tableCategoryId desgin menu list
   * @paqram includeAction if true, will load webactions also
   * @return elements are Table or WebAction and menu list
   */
  public List getChildrenOfTableCategorybymenu(
      HttpServletRequest request, int tableCategoryId, boolean includeAction) throws Exception {
    TableManager manager = TableManager.getInstance();

    WebAction action;
    ArrayList cats = new ArrayList();
    List children = new ArrayList();
    Connection conn = null;
    HashMap webActionEnv = null;
    Table table;
    List al =
        QueryEngine.getInstance()
            .doQueryList(
                "select e.id,e.name from ad_table g,AD_ACCORDION e where g.AD_ACCORDION_id=e.id and g.ad_tablecategory_id="
                    + tableCategoryId
                    + " group by e.id,e.name,e.orderno order by e.orderno asc");
    UserWebImpl userWeb =
        ((UserWebImpl)
            WebUtils.getSessionContextManager(request.getSession())
                .getActor(nds.util.WebKeys.USER));
    TableCategory tc = manager.getTableCategory(tableCategoryId);
    if (tc != null) children = tc.children();

    // ArrayList prow= new ArrayList();
    if (al.size() > 0) {
      for (int i = 0; i < al.size(); i++) {
        List als = (List) al.get(i);
        int ACCORDION = Tools.getInt(als.get(0), -1);
        logger.debug("ACCORDION~~~~~~~~~~" + String.valueOf(ACCORDION));
        ArrayList catschild = new ArrayList();
        String ACCORDION_name = (String) als.get(1);
        try {
          if (includeAction) {
            conn = QueryEngine.getInstance().getConnection();
            webActionEnv = new HashMap();
            webActionEnv.put("connection", conn);
            webActionEnv.put("httpservletrequest", request);
            webActionEnv.put("userweb", userWeb);
          }
          for (int j = 0; j < children.size(); j++) {
            if (children.get(j) instanceof Table) {
              table = (Table) children.get(j);
              // logger.debug("getAccordid~~~~~~~~~~"+String.valueOf(table.getAccordid()));
              if (!table.isMenuObject()) {
                continue;
              } else if (ACCORDION != table.getAccordid()) {
                // logger.debug(String.valueOf(ACCORDION)+"!="+String.valueOf(table.getAccordid()));
                continue;
              }
              try {
                WebUtils.checkTableQueryPermission(table.getName(), request);
              } catch (NDSSecurityException e) {
                continue;
              }
              // table is ok for current user to list
              logger.debug(String.valueOf(ACCORDION) + "&&" + String.valueOf(table.getAccordid()));
              catschild.add(table);
            } else if (children.get(j) instanceof WebAction) {
              if (includeAction) {
                action = (WebAction) children.get(j);
                if (action.canDisplay(webActionEnv) && (action.getAcordionId() == ACCORDION)) {
                  logger.debug("add action" + String.valueOf(ACCORDION));
                  //				        			System.out.print("add action"+String.valueOf(ACCORDION));
                  //				        			System.out.print("action name"+String.valueOf(action.getName()));
                  //				        			System.out.print("ACCORDION name"+String.valueOf(ACCORDION));
                  //				        			System.out.print("action
                  // name"+String.valueOf(action.getAcordionId()));
                  catschild.add(action);
                }
              }
            } else {
              throw new NDSRuntimeException(
                  "Unsupported element in TableCategory children:" + children.get(j).getClass());
            }
          }
        } catch (Throwable t) {
          logger.error("Fail to load subsystem tree", t);
        } finally {
          try {
            if (conn != null) conn.close();
          } catch (Throwable e) {
          }
        }
        if (catschild.size() > 0) {
          // show this category
          ArrayList row = new ArrayList();
          row.add(ACCORDION_name);
          row.add(catschild);
          cats.add(row);
        }
      }
      return cats;
    } else {
      ArrayList catschild1 = new ArrayList();
      try {
        if (includeAction) {
          conn = QueryEngine.getInstance().getConnection();
          webActionEnv = new HashMap();
          webActionEnv.put("connection", conn);
          webActionEnv.put("httpservletrequest", request);
          webActionEnv.put("userweb", userWeb);
        }
        for (int j = 0; j < children.size(); j++) {
          if (children.get(j) instanceof Table) {
            table = (Table) children.get(j);
            if (!table.isMenuObject()) {
              continue;
            }
            try {
              WebUtils.checkTableQueryPermission(table.getName(), request);
            } catch (NDSSecurityException e) {
              continue;
            }
            // table is ok for current user to list
            catschild1.add(table);
          } else if (children.get(j) instanceof WebAction) {
            if (includeAction) {
              action = (WebAction) children.get(j);
              if (action.canDisplay(webActionEnv)) catschild1.add(action);
            }
          } else {
            throw new NDSRuntimeException(
                "Unsupported element in TableCategory children:" + children.get(j).getClass());
          }
        }
      } catch (Throwable t) {
        logger.error("Fail to load subsystem tree", t);
      } finally {
        try {
          if (conn != null) conn.close();
        } catch (Throwable e) {
        }
      }
      if (catschild1.size() > 0) {
        // show this category
        ArrayList row = new ArrayList();
        row.add(tc.getName());
        row.add(catschild1);
        cats.add(row);
      }
    }
    return cats;
  }
示例#11
0
  /**
   * @param request
   * @param permissionType PERMISSION_VIEWABLE, PERMISSION_NO_PERM or PERMISSION_NO_LICENSE
   * @return never null, elements are nds.schema.SubSystem
   */
  public List<SubSystem> getSubSystems(HttpServletRequest request, int permissionType)
      throws Exception {
    if (permissionType == PERMISSION_VIEWABLE) return getSubSystems(request);

    UserWebImpl userWeb =
        ((UserWebImpl)
            WebUtils.getSessionContextManager(request.getSession())
                .getActor(nds.util.WebKeys.USER));

    String subsystems =
        (String)
            QueryEngine.getInstance()
                .doQueryOne("SELECT subsystems from users where id=" + userWeb.getUserId());
    if (Validator.isNotNull(subsystems)) {
      return Collections.EMPTY_LIST;
    }
    TableManager manager = TableManager.getInstance();

    if (permissionType == PERMISSION_NO_PERM) {
      ArrayList subs = new ArrayList();
      List al = (List) userWeb.getProperty("subsystems"); // elements are subystem.id
      if (al == null) {
        getSubSystems(request);
        al = (List) userWeb.getProperty("subsystems");
      }
      //			 no perm
      List ss = manager.getSubSystems();
      for (int i = 0; i < ss.size(); i++) {
        SubSystem sa = (SubSystem) ss.get(i);
        boolean found = false;
        for (int j = 0; j < al.size(); j++) {
          if (((Integer) al.get(j)).intValue() == sa.getId()) {
            found = true;
            break;
          }
        }
        if (!found) subs.add(sa);
      }
      return subs;
    } // else{
    // no license
    if (subSystemNoLicense == null) {
      subSystemNoLicense = new ArrayList<SubSystem>();
      List al =
          QueryEngine.getInstance()
              .doQueryList(
                  "select id, name, orderno, iconurl,url from ad_subsystem s where exists(select 1 from ad_tablecategory c where c.ad_subsystem_id=s.id) order by orderno asc");
      for (int i = 0; i < al.size(); i++) {
        List als = (List) al.get(i);
        if (manager.getSubSystem(Tools.getInt(als.get(0), -1)) == null) {
          SubSystem ss = new SubSystem();
          ss.setId(Tools.getInt(als.get(0), -1));
          ss.setName((String) als.get(1));
          ss.setOrderno(Tools.getInt(als.get(2), -1));
          ss.setIconURL((String) als.get(3));
          ss.setPageURL((String) als.get(4));
          subSystemNoLicense.add(ss);
        }
      }
    }
    return subSystemNoLicense;
    // }

  }
示例#12
0
  /**
   * 事实表和关联报表属于当前传入数组的交叉报表
   *
   * @param request
   * @param tables elements are table.id
   * @return elements are ArrayList, first is cxtab id, second is cxtab name
   */
  public List getCxtabs(HttpServletRequest request, List<Integer> tables) {
    TableManager manager = TableManager.getInstance();
    UserWebImpl userWeb =
        ((UserWebImpl)
            WebUtils.getSessionContextManager(request.getSession())
                .getActor(nds.util.WebKeys.USER));
    StringBuffer sb = new StringBuffer();
    for (int i = 0; i < tables.size(); i++) {
      // Table t= tables.get(i);
      if (i > 0) sb.append(",");
      sb.append(tables.get(i));
    }
    String ts = sb.toString();
    try {
      Table cxtabTable = manager.getTable("AD_CXTAB");
      QueryRequestImpl queryData;
      // only pk,dk will be selected, order by ak asc
      queryData = QueryEngine.getInstance().createRequest(userWeb.getSession());
      queryData.setMainTable(cxtabTable.getId());

      queryData.addSelection(cxtabTable.getPrimaryKey().getId());
      queryData.addSelection(cxtabTable.getDisplayKey().getId());

      Column colOrderNo = cxtabTable.getColumn("orderno");
      queryData.setOrderBy(new int[] {colOrderNo.getId()}, true);
      queryData.setRange(0, Integer.MAX_VALUE);

      Expression expr =
          new Expression(
              null,
              "(AD_CXTAB.AD_TABLE_ID in ("
                  + ts
                  + ") or exists (select 1 from ad_cxtab_reftable r where r.ad_cxtab_id=AD_CXTAB.id and r.ad_table_id in ("
                  + ts
                  + ")))",
              null);

      // set reporttype to "S"
      expr =
          expr.combine(
              new Expression(new ColumnLink("AD_CXTAB.REPORTTYPE"), "=S", null),
              SQLCombination.SQL_AND,
              null);
      expr =
          expr.combine(
              new Expression(new ColumnLink("AD_CXTAB.ISACTIVE"), "=Y", null),
              SQLCombination.SQL_AND,
              null);
      expr =
          expr.combine(
              new Expression(new ColumnLink("AD_CXTAB.ISPUBLIC"), "=Y", null),
              SQLCombination.SQL_AND,
              null);
      expr =
          expr.combine(
              userWeb.getSecurityFilter(cxtabTable.getName(), 1), SQLCombination.SQL_AND, null);
      queryData.addParam(expr); // read permission

      return QueryEngine.getInstance().doQueryList(queryData.toSQL());
    } catch (Throwable t) {
      logger.error(
          "Fail to load reports for user " + userWeb.getUserId() + " with table ids: " + ts, t);
    }
    return Collections.EMPTY_LIST;
  }
  private void handleLoginPost(
      Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception {
    String userId = request.getParameter(PARAM_USER_ID);
    String password = request.getParameter(PARAM_PASSWORD);
    String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT);
    boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr);
    LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);

    logOut(sessionInfo.browserId);

    User user = userDb.get(userId);
    if (user == null) {
      WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse);
      return;
    }

    if (!user.checkPassword(password)) {
      WebUtils.redirectToError("Invalid password", request, httpServletResponse);
      return;
    }

    if (!user.active) {
      WebUtils.redirectToError(
          "Account for User " + userId + " needs to be activated", request, httpServletResponse);
      return;
    }

    LOG.info("Logged in user " + userId);

    sessionInfo.sessionId = null;
    if (sessionInfo.browserId == null) {
      sessionInfo.browserId = getRandomId();
    } else {
      for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) {
        if (userId.equals(loginInfo.userId)) {
          sessionInfo.sessionId = loginInfo.sessionId;
          break;
        }
      }
    }

    long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval;
    if (sessionInfo.sessionId == null) {
      sessionInfo.sessionId = getRandomId();
      Config config = Config.getConfig();
      loginInfoDb.add(
          new LoginInfo(
              sessionInfo.browserId,
              sessionInfo.sessionId,
              userId,
              expireOn,
              rememberAccount,
              config.defaultStyle,
              config.defaultItemsPerPage,
              config.defaultFeedDateFormat));
      LOG.info(String.format("Logging in in a new session. User: %s", user));
    } else {
      loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn);
      LOG.info(String.format("Logging in in an existing session. User: %s", user));
    }

    WebUtils.saveCookies(
        httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId);

    httpServletResponse.sendRedirect("/");
  }
  /**
   * Normally sets the path and a few attributes that the JSPs are likely to need. Also verifies the
   * login information. If necessary, just redirects to the login page.
   *
   * @param target
   * @param request
   * @param httpServletResponse
   * @param secured
   * @return true if the request is already handled so the .jsp shouldn't get called
   * @throws Exception
   */
  private boolean prepareForJspGet(
      String target, Request request, HttpServletResponse httpServletResponse, boolean secured)
      throws Exception {

    LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);

    LOG.info(
        String.format(
            "hndl - %s ; %s; %s ; %s",
            target,
            request.getPathInfo(),
            request.getMethod(),
            secured ? "secured" : "not secured"));

    String path = request.getUri().getDecodedPath();

    boolean redirectToLogin = path.equals(PATH_LOGOUT);
    LoginInfo loginInfo = null;
    if (sessionInfo.isNull()) {
      redirectToLogin = true;
      LOG.info("Null session info. Logging in again.");
    } else {
      loginInfo =
          loginInfoDb.get(
              sessionInfo.browserId,
              sessionInfo.sessionId); // ttt2 use a cache, to avoid going to DB
      if (loginInfo == null || loginInfo.expiresOn < System.currentTimeMillis()) {
        LOG.info("Session has expired. Logging in again. Info: " + loginInfo);
        redirectToLogin = true;
      }
    }

    if (!path.equals(PATH_LOGIN) && !path.equals(PATH_SIGNUP) && !path.equals(PATH_ERROR)) {

      if (redirectToLogin) {
        // ttt2 perhaps store URI, to return to it after login
        logOut(sessionInfo.browserId);
        addLoginParams(request, loginInfo);
        httpServletResponse.sendRedirect(PATH_LOGIN);
        return true;
      }

      User user = userDb.get(loginInfo.userId);
      if (user == null) {
        WebUtils.redirectToError("Unknown user", request, httpServletResponse);
        return true;
      }
      if (!user.active) {
        WebUtils.redirectToError("Account is not active", request, httpServletResponse);
        return true;
      }
      request.setAttribute(VAR_FEED_DB, feedDb);
      request.setAttribute(VAR_USER_DB, userDb);
      request.setAttribute(VAR_ARTICLE_DB, articleDb);
      request.setAttribute(VAR_READ_ARTICLES_COLL_DB, readArticlesCollDb);

      request.setAttribute(VAR_USER, user);
      request.setAttribute(VAR_LOGIN_INFO, loginInfo);

      MultiMap<String> params = new MultiMap<>();
      params.put(PARAM_PATH, path);
      request.setParameters(params);
    }

    if (path.equals(PATH_LOGIN)) {
      addLoginParams(request, loginInfo);
    }
    return false;
  }