Java tutorial
/** * Copyright (c) 2009 Juwi MacMillan Group GmbH * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ // license-header java merge-point /** * This is only generated once! It will never be overwritten. * You can (and have to!) safely modify it by hand. */ package de.juwimm.cms.remote; import java.util.ArrayList; import java.util.Collection; import java.util.Date; import java.util.HashSet; import java.util.Hashtable; import java.util.Iterator; import java.util.Set; import java.util.Vector; import javax.ejb.CreateException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.springframework.beans.factory.annotation.Autowired; import de.juwimm.cms.authorization.JbossFlushAuthCache; import de.juwimm.cms.authorization.model.GroupHbm; import de.juwimm.cms.authorization.model.GroupHbmImpl; import de.juwimm.cms.authorization.model.RoleHbm; import de.juwimm.cms.authorization.model.UserHbm; import de.juwimm.cms.authorization.model.UserHbmImpl; import de.juwimm.cms.authorization.vo.GroupValue; import de.juwimm.cms.authorization.vo.RoleValue; import de.juwimm.cms.authorization.vo.UserUnitsGroupsValue; import de.juwimm.cms.authorization.vo.UserValue; import de.juwimm.cms.common.Constants; import de.juwimm.cms.common.UserRights; import de.juwimm.cms.exceptions.UserException; import de.juwimm.cms.model.SequenceHbmDao; import de.juwimm.cms.model.SiteHbm; import de.juwimm.cms.model.TaskHbm; import de.juwimm.cms.model.TaskHbmImpl; import de.juwimm.cms.model.UnitHbm; import de.juwimm.cms.model.ViewComponentHbm; import de.juwimm.cms.remote.helper.AuthenticationHelper; import de.juwimm.cms.vo.SiteValue; import de.juwimm.cms.vo.TaskValue; import de.juwimm.cms.vo.UnitValue; /** * @see de.juwimm.cms.remote.UserServiceSpring * @author <a href="mailto:carsten.schalm@juwimm.com">Carsten Schalm</a> company * Juwi|MacMillan Group Gmbh, Walsrode, Germany * @version $Id: UserServiceSpringImpl.java 12 2009-07-31 09:01:25Z * rene.hertzfeldt $ */ public class UserServiceSpringImpl extends UserServiceSpringBase { private static Log log = LogFactory.getLog(UserServiceSpringImpl.class); private final JbossFlushAuthCache authCache = new JbossFlushAuthCache(); @Autowired private SequenceHbmDao sequenceHbmDao; /** * Creates a new user in the current site<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>createUser, * siteRoot</i> * * @todo Currently a User will be created inside the Database. Here we need * an abstraction layer for JAAS style of user creation. * @param userName * The username * @param passwd * The Password * @param firstName * The first name of the newly created user * @param lastName * The last name * @param email * The email address for sending informational emails * @throws CreateException * CreateException if the Username is already existent * * @see de.juwimm.cms.remote.UserServiceSpring#createUser(java.lang.String, * java.lang.String, java.lang.String, java.lang.String, * java.lang.String, java.lang.Integer) */ @SuppressWarnings("unchecked") @Override protected void handleCreateUser(String userName, String passwd, String firstName, String lastName, String email, Integer initialUnitId) throws Exception { if (log.isDebugEnabled()) log.debug("begin createUser"); ArrayList<String> assertFields = new ArrayList<String>(6); if (userName == null || userName.equalsIgnoreCase("")) assertFields.add("user.userName"); if (firstName == null || firstName.equalsIgnoreCase("")) assertFields.add("user.firstName"); if (lastName == null || lastName.equalsIgnoreCase("")) assertFields.add("user.lastName"); if (passwd == null || passwd.equalsIgnoreCase("")) assertFields.add("user.passwd"); // Bug 4078 if (email == null || email.equalsIgnoreCase("")) // assertFields.add("user.email"); if (assertFields.size() > 0) { StringBuffer list = new StringBuffer(); for (int i = 0; i < assertFields.size(); i++) { if (i != 0) { list.append(","); } list.append(assertFields.get(i)); } throw new UserException("NeededFieldsMissingException" + list.toString()); } try { UserHbm user = new UserHbmImpl(); user.setUserId(userName); user.setFirstName(firstName); user.setLastName(lastName); user.setEmail(email); user = super.getUserHbmDao().create(user); if (initialUnitId != null && initialUnitId.intValue() != 0) { try { UnitHbm unit = super.getUnitHbmDao().load(initialUnitId); user.addUnit(unit); } catch (Exception exe) { log.error("Can't attach User " + userName + " to Unit " + initialUnitId + " while creating the User because of: " + exe.getMessage()); log.error("Error occured", exe); } } // adding new user to site of called user UserHbm caller = getUserHbmDao().load(AuthenticationHelper.getUserName()); SiteHbm callerSite = caller.getActiveSite(); user.setActiveSite(callerSite); user.getSites().add(callerSite); this.changePassword4User(user.getUserId(), passwd, passwd); } catch (Exception e) { throw new UserException(e.getMessage(), e); } if (log.isDebugEnabled()) { log.debug("end createUser"); } } /** * Creates a new Task.<br> * You need to provide either the receiverGroup or the receiverUserId. * * @param receiverUserId * The UserName who should receive this Task * @param receiverRole * If there is no ReceiverUserId given, this Task has been * submitted to a Group of people. In this case this is a Group * of people with this specified Rights inside the specified * Unit. * @param unitId * The Unit this Task belongs to. In general the active unit the * user is actually in. * @param comment * An comment regarding this Task * @param taskType * The Tasktype as defined in * @see de.juwimm.cms.common.Constants#TASK_MESSAGE TASK_* * * @see de.juwimm.cms.remote.UserServiceSpring#createTask(java.lang.String, * java.lang.String, java.lang.Integer, java.lang.String, byte) */ @Override protected Integer handleCreateTask(String receiverUserId, String receiverRole, Integer unitId, String comment, byte taskType) throws Exception { TaskHbm task = new TaskHbmImpl(); TaskValue taskValue = new TaskValue(); taskValue.setComment(comment); taskValue.setTaskType(taskType); taskValue.setCreationDate(new Date().getTime()); task.setUnit(super.getUnitHbmDao().load(unitId)); try { task.setSender(super.getUserHbmDao().load(AuthenticationHelper.getUserName())); if (receiverUserId != null) { UserHbm receiver = super.getUserHbmDao().load(receiverUserId); task.setReceiver(receiver); task.setTaskValue(taskValue); task = super.getTaskHbmDao().create(task); } else { taskValue.setReceiverRole(receiverRole); task.setTaskValue(taskValue); task = super.getTaskHbmDao().create(task); } } catch (Exception e) { throw new UserException(e.getMessage()); } return task.getTaskId(); } /** * Relates some ViewComponents to this Task. * * @param taskId * TaskId of the related Task * @param vcIds * Integer Array of ViewComponents to relate. * * @see de.juwimm.cms.remote.UserServiceSpring#addViewComponentsToTask(java.lang.Integer, * java.lang.Integer[]) */ @Override protected void handleAddViewComponentsToTask(Integer taskId, Integer[] vcIds) throws Exception { UserHbm user = null; TaskHbm task = null; try { user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); task = super.getTaskHbmDao().load(taskId); if (task != null) { if (!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { throw new SecurityException("User is not responsible to change this Task. RECEIVER:" + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } Collection<ViewComponentHbm> coll = task.getViewComponents(); for (int i = 0; i < vcIds.length; i++) { ViewComponentHbm vc = super.getViewComponentHbmDao().load(vcIds[i]); coll.add(vc); } task.setViewComponents(coll); } else { log.warn("Task with Id " + taskId + " was not found"); } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Removes some ViewComponents from this Task. * * @param taskId * TaskId of the related Task * @param vcIds * Integer Array of ViewComponents to remove. * * @see de.juwimm.cms.remote.UserServiceSpring#removeViewComponentsFromTask(java.lang.Integer, * java.lang.Integer[]) */ @Override protected void handleRemoveViewComponentsFromTask(Integer taskId, Integer[] vcIds) throws Exception { UserHbm user = null; TaskHbm task = null; try { user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); task = super.getTaskHbmDao().load(taskId); if (task != null) { if (!!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !!getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { throw new SecurityException("User is not responsible to change this Task. RECEIVER:" + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } try { Collection<ViewComponentHbm> coll = task.getViewComponents(); for (int i = 0; i < vcIds.length; i++) { ViewComponentHbm vc = super.getViewComponentHbmDao().load(vcIds[i]); coll.remove(vc); } task.setViewComponents(coll); } catch (Exception exe) { log.error("Error occured", exe); } } else { log.warn("Task with Id " + taskId + " was not found"); } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all users regardings the active site the logged user is in or if * the logged in user is<br/> * only unitAdmin, all Users for all Units he is in.<br/> * The unitAdmin will not see SiteAdmins in his list, even they can see all * Units. <b>SECURITY INFORMATION:</b> Available only to: <i>siteRoot, * unitAdmin</i> * * @return Returns all UserValue Objects in an Array. Is empty if nobody was * found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllUser() */ @Override protected UserValue[] handleGetAllUser() throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllUser"); } UserValue[] itarr = null; try { UserHbm user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite())) { Collection coll = null; int siz = 0; coll = super.getUserHbmDao().findAll(user.getActiveSite().getSiteId()); siz = coll.size(); itarr = new UserValue[siz]; if (siz > 0) { Iterator it = coll.iterator(); for (int i = 0; i < siz; i++) { itarr[i] = ((UserHbm) it.next()).getUserValue(); } } } else { Hashtable<String, UserValue> userMap = new Hashtable<String, UserValue>(); Iterator unitsIt = user.getUnits().iterator(); while (unitsIt.hasNext()) { UnitHbm unit = (UnitHbm) unitsIt.next(); Collection users = unit.getUsers(); Iterator<UserHbm> userIt = users.iterator(); while (userIt.hasNext()) { UserValue current = userIt.next().getUserValue(); userMap.put(current.getUserName(), current); } } itarr = userMap.values().toArray(new UserValue[0]); } } catch (Exception e) { throw new UserException(e.getMessage()); } return itarr; } /** * Returns all groups regardings the active site the logged user is in.<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>siteRoot</i> * * @return Returns all GroupValue Objects in an Array. Is empty if nobody * was found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllGroups() */ @Override protected GroupValue[] handleGetAllGroups() throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllGroups"); } Collection coll = null; int siz = 0; try { UserHbm user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); coll = super.getGroupHbmDao().findAll(user.getActiveSite().getSiteId()); siz = coll.size(); GroupValue[] itarr = new GroupValue[siz]; if (siz > 0) { Iterator it = coll.iterator(); for (int i = 0; i < siz; i++) { itarr[i] = ((GroupHbm) it.next()).getGroupValue(); } } return itarr; } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all groups users of this unit are member of.<br> * * @return Returns all GroupValue Objects in an Array. Is empty if nobody * was found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllGroupsUsedInUnit(java.lang.Integer) */ @Override protected GroupValue[] handleGetAllGroupsUsedInUnit(Integer unitId) throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllGroupsUsedInUnit"); } Hashtable<Integer, GroupValue> groupsTable = new Hashtable<Integer, GroupValue>(); try { UnitHbm unit = super.getUnitHbmDao().load(unitId); Iterator<UserHbm> usIt = unit.getUsers().iterator(); UserHbm principal = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (log.isDebugEnabled()) { log.debug("Principal: " + principal); } UserHbm user = null; while (usIt.hasNext()) { user = usIt.next(); Iterator<GroupHbm> grpIt = super.getUserHbmDao().getGroups4ActiveSite(user).iterator(); GroupHbm grp = null; GroupValue gv = null; while (grpIt.hasNext()) { grp = grpIt.next(); gv = grp.getGroupValue(); if (gv != null) { groupsTable.put(gv.getGroupId(), gv); } } } } catch (Exception e) { log.error("Error while getting groups for unit", e); throw new UserException(e.getMessage()); } return groupsTable.values().toArray(new GroupValue[groupsTable.size()]); } /** * Creates a new Group<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>siteRoot</i> * * @param groupName * The name of the new Group * @return Returns the new created GroupValue * * @see de.juwimm.cms.remote.UserServiceSpring#createGroup(java.lang.String) */ @Override protected GroupValue handleCreateGroup(String groupName) throws Exception { try { UserHbm caller = getUserHbmDao().load(AuthenticationHelper.getUserName()); GroupHbm temp = new GroupHbmImpl(); temp.setGroupName(groupName); temp.setGroupId(sequenceHbmDao.getNextSequenceNumber("group.group_id")); temp.setSite(caller.getActiveSite()); return super.getGroupHbmDao().create(temp).getGroupValue(); } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Removes a Group<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>siteRoot</i> * * @param groupId * The Id of the Group * * @see de.juwimm.cms.remote.UserServiceSpring#removeGroup(java.lang.Integer) */ @Override protected void handleRemoveGroup(Integer groupId) throws Exception { try { super.getGroupHbmDao().remove(groupId); this.authCache.flushAuthCache(); } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Updates a Group<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>siteRoot</i> * * @param gv * The GroupValue * * @see de.juwimm.cms.remote.UserServiceSpring#updateGroup(de.juwimm.cms.authorization.vo.GroupValue) */ @Override protected void handleUpdateGroup(GroupValue gv) throws Exception { try { GroupHbm gl = super.getGroupHbmDao().load(gv.getGroupId()); gl.setGroupValue(gv); Set<RoleHbm> vec = new HashSet<RoleHbm>(); try { for (int i = 0; i < gv.getRoles().length; i++) { vec.add(super.getRoleHbmDao().load(gv.getRoles()[i].getRoleId())); } } catch (Exception e) { log.info("No Roles to set"); } gl.setRoles(vec); this.authCache.flushAuthCache(); } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all roles.<br> * * @return Returns all RoleValue Objects in an Array. Is empty if nobody was * found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllRoles() */ @Override protected RoleValue[] handleGetAllRoles() throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllRoles"); } Collection coll = null; int siz = 0; try { coll = super.getRoleHbmDao().findAll(); siz = coll.size(); RoleValue[] itarr = new RoleValue[siz]; if (siz > 0) { Iterator it = coll.iterator(); for (int i = 0; i < siz; i++) { itarr[i] = ((RoleHbm) it.next()).getRoleValue(); } } return itarr; } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all users regardings the active site and the given Group.<br> * If the Group will be <b>null</b>, it will return all users. <b>SECURITY * INFORMATION:</b> Available only to: <i>siteRoot</i> * * @param groupId * The Group * @return Returns all UserValue Objects in an Array. Is empty if nobody was * found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllUser4Group(java.lang.Integer) */ @Override protected UserValue[] handleGetAllUser4Group(Integer groupId) throws Exception { if (groupId == null) { return getAllUser(); } try { GroupHbm group = super.getGroupHbmDao().load(groupId); Collection coll = group.getUsers(); int siz = coll.size(); UserValue[] itarr = new UserValue[siz]; if (siz > 0) { Iterator it = coll.iterator(); for (int i = 0; i < siz; i++) { itarr[i] = ((UserHbm) it.next()).getUserValue(); } } return itarr; } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all users regardings the active site, the given Group and the * given unit.<br> * * @param groupId * The Group * @param unitId * The Unit * @return Returns all UserValue Objects in an Array. Is empty if nobody was * found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllUser4GroupAndUnit(java.lang.Integer, * java.lang.Integer) */ @Override protected UserValue[] handleGetAllUser4GroupAndUnit(Integer groupId, Integer unitId) throws Exception { Vector<UserValue> vec = new Vector<UserValue>(); try { UserHbm userMe = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (getUserHbmDao().isInUnit(unitId, userMe)) { UnitHbm unit = super.getUnitHbmDao().load(unitId); Iterator it = unit.getUsers().iterator(); while (it.hasNext()) { UserHbm user = (UserHbm) it.next(); if (user.isInGroup(groupId) && !!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite())) { vec.addElement(user.getUserValue()); } } } } catch (Exception e) { throw new UserException(e.getMessage()); } return vec.toArray(new UserValue[0]); } /** * Returns all Groups for a related user in the actual site <b>SECURITY * INFORMATION:</b> Available only to: <i>siteRoot, unitAdmin</i> * * @param userName * The related username * @return An Array of GroupValue Objects * * @see de.juwimm.cms.remote.UserServiceSpring#getGroups4User(java.lang.String) */ @Override protected GroupValue[] handleGetGroups4User(String userName) throws Exception { try { UserHbm user = super.getUserHbmDao().load(userName); Collection coll = null; if (user.isMasterRoot()) { coll = super.getGroupHbmDao().findAll(user.getActiveSite().getSiteId()); } else { coll = super.getUserHbmDao().getGroups4ActiveSite(user); } GroupValue[] gvarr = new GroupValue[coll.size()]; Iterator it = coll.iterator(); for (int i = 0; i < coll.size(); i++) { GroupHbm gl = (GroupHbm) it.next(); gvarr[i] = gl.getGroupValue(); } return gvarr; } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns all Groups for a related user in the actual site <b>SECURITY * INFORMATION:</b> Available only to: <i>siteRoot, unitAdmin</i> * * @param userName * The related username * @return An Array of GroupValue Objects * * @see de.juwimm.cms.remote.UserServiceSpring#getUnits4User(java.lang.String) */ @Override protected UnitValue[] handleGetUnits4User(String userName) throws Exception { UserHbm user = super.getUserHbmDao().load(userName); Collection coll = null; if (user.isMasterRoot() && user.getActiveSite() != null) { coll = super.getUnitHbmDao().findAll(user.getActiveSite().getSiteId()); } else { coll = super.getUserHbmDao().getUnits4ActiveSite(user); } UnitValue[] uarr = new UnitValue[coll.size()]; Iterator it = coll.iterator(); UnitHbm unit = null; for (int i = 0; i < coll.size(); i++) { unit = (UnitHbm) it.next(); uarr[i] = getUnitHbmDao().getDao(unit); } return uarr; } /** * Returns all users regardings the active site and the given unit.<br> * If the Group will be <b>null</b>, it will return all users for this unit.<br> * PLEASE NOTE: DOES NOT RETURN SITEROOTS! <b>SECURITY INFORMATION:</b> * Available only to: <i>siteRoot, unitAdmin</i> * * @param unitId * The Unit * @return Returns all UserValue Objects in an Array. Is empty if nobody was * found. * * @see de.juwimm.cms.remote.UserServiceSpring#getAllUser4Unit(java.lang.Integer) */ @Override protected UserValue[] handleGetAllUser4Unit(Integer unitId) throws Exception { if (unitId == null) { return new UserValue[0]; } Vector<UserValue> userValues = new Vector<UserValue>(); try { UserHbm userMe = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (getUserHbmDao().isInUnit(unitId, userMe)) { UnitHbm unit = super.getUnitHbmDao().load(unitId); userValues.addAll(this.getUsers4Unit(userMe, unit)); } } catch (Exception e) { throw new UserException(e.getMessage()); } return userValues.toArray(new UserValue[0]); } private Collection getUsers4Unit(UserHbm user, UnitHbm unit) { ArrayList<UserValue> usersList = new ArrayList<UserValue>(); if (getUserHbmDao().isInUnit(unit.getUnitId(), user)) { Collection connectedUsers = unit.getSite().getUsers(); Iterator<UserHbm> it = unit.getUsers().iterator(); UserHbm currentUser = null; UserHbm principal = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); while (it.hasNext()) { currentUser = it.next(); if (connectedUsers.contains(currentUser)) { if (super.getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, principal.getActiveSite())) { usersList.add(currentUser.getUserValue()); } } } } return usersList; } /** * Get all Tasks for the actual User.<br> * If a <i>siteRoot</i> is currently logged in, he will get all Tasks. * * @return An Array of TaskValue Objects * * @see de.juwimm.cms.remote.UserServiceSpring#getAllTasks() */ @Override protected TaskValue[] handleGetAllTasks() throws Exception { UserHbm user = null; try { user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); int siz = 0; Iterator it = null; if (!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite())) { if (log.isDebugEnabled()) log.debug("SiteRoot requested All Tasks"); Collection coll = super.getTaskHbmDao().findAll(user.getActiveSite().getSiteId()); siz = coll.size(); it = coll.iterator(); TaskValue[] itarr = new TaskValue[siz]; if (siz > 0) { for (int i = 0; i < siz; i++) { itarr[i] = ((TaskHbm) it.next()).getTaskValue(); } } return itarr; } if (log.isDebugEnabled()) log.debug("User requested Tasks"); Vector<TaskValue> vec = new Vector<TaskValue>(); Collection coll = super.getTaskHbmDao().findAll(user.getActiveSite().getSiteId()); it = coll.iterator(); while (it.hasNext()) { TaskHbm task = (TaskHbm) it.next(); if (user.equals(task.getReceiver()) || (!getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite()) && (task.getUnit() == null || getUserHbmDao().isInUnit(task.getUnit().getUnitId(), user)))) { vec.add(task.getTaskValue()); } } return vec.toArray(new TaskValue[vec.size()]); } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Remove a Task from the TaskQueue<br> * <b>SECURITY INFORMATION:</b> You only can remove Tasks, if you're the * sender, the receiver, <i>siteRoot</i> or in the receiver group. * * @param taskId * The TaskId to remove * * @see de.juwimm.cms.remote.UserServiceSpring#removeTask(java.lang.Integer) */ @Override protected void handleRemoveTask(Integer taskId) throws Exception { TaskHbm task = null; task = super.getTaskHbmDao().load(taskId); if (task != null) { UserHbm user = null; try { user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); } catch (Exception exe) { log.error("Error thrown while returning logged in user: " + exe.getMessage()); // context.setRollbackOnly(); throw new UserException("Can't find the actual logged in user. Check the logs and retry"); } if (!!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !!getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { // context.setRollbackOnly(); throw new SecurityException("User is not responsible to delete this Task. RECEIVER:" + task.getReceiver().getUserId() + " SENDER:" + task.getSender().getUserId() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } try { super.getTaskHbmDao().remove(task); } catch (Exception e) { throw new UserException(e.getMessage()); } } } /** * Sets the given task as viewed, if the user has the required permissions * therefor. * * @param taskId * The TaskId, from which task the Status should be changed to * Constants.TASK_STATUS_VIEWED * * @see de.juwimm.cms.remote.UserServiceSpring#setTaskViewed(java.lang.Integer) */ @Override protected void handleSetTaskViewed(Integer taskId) throws Exception { try { UserHbm user = null; TaskHbm task = null; user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); task = super.getTaskHbmDao().load(taskId); if (task != null) { if (!!getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite()) && !user.equals(task.getReceiver()) && !user.equals(task.getSender()) && !!getUserHbmDao().isInRole(user, task.getReceiverRole(), user.getActiveSite())) { throw new SecurityException("User is not responsible to change this Task. RECEIVER:" + task.getReceiver() + " SENDER:" + task.getSender() + " RECEIVERROLE:" + task.getReceiverRole() + " THIS USER:" + user.getUserId()); } task.setStatus(Constants.TASK_STATUS_VIEWED); } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Returns true, if there is any new Task for this User.<br> * This will also return true, if the User is <i>siteRoot</i> and anybody * has got a new Task. * * @return An Boolean Object containing true/false if the active user has a * new task. * * @see de.juwimm.cms.remote.UserServiceSpring#isNewTask4User() */ @Override protected boolean handleIsNewTask4User(String userId) throws Exception { try { TaskValue[] td = this.getAllTasks(); for (int i = 0; i < td.length; i++) { if (td[i].getStatus() == Constants.TASK_STATUS_NEW && !td[i].getSender().getUserName().matches(userId)) { return true; } } } catch (Exception e) { throw new UserException(e.getMessage()); } return false; } /** * Updates a User.<br> * For security reasons, only the following fields are updated: * <ul> * <li>FirstName</li> * <li>LastName</li> * <li>EMail</li> * <li>ConfigXML (only if parameter is not null and not empty)</li> * </ul> * <b>SECURITY INFORMATION:</b> Available only to: <i>changeUser, * siteRoot</i> * * @param userValue * UserValue Object representing the user * * @see de.juwimm.cms.remote.UserServiceSpring#updateUser(de.juwimm.cms.authorization.vo.UserValue) */ @Override protected void handleUpdateUser(UserValue userValue) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userValue.getUserName()); if (user != null) { if (this.hasRightsForChangeUser(user)) { user.setFirstName(userValue.getFirstName()); user.setLastName(userValue.getLastName()); user.setEmail(userValue.getEmail()); if (userValue.getConfigXML() != null && !userValue.getConfigXML().equals("")) { user.setConfigXML(userValue.getConfigXML()); } this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userValue.getUserName() + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Internal Function for returning the rights a user has to change another * users data.<br> * Returns true if: * <ul> * <li>Authenticated User is <i>siteRoot</i></li> * <li>Authenticated User is <i>masterRoot</i></li> * <li>Authenticated User is in the same unit as the given user</li> * <li>Authenticated User has at least the same rights level. F.e. a * <i>siteRoot</i> can only be edited by a user with <i>masterRoot-</i> or * <i>siteRoot-</i>Permissions</li> * * @param userGiven * The user to change * @return Returns true, if the authenticated user has the rights to change * this user */ private boolean hasRightsForChangeUser(UserHbm userGiven) { UserHbm userMe = null; try { userMe = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); } catch (Exception exe) { log.error("Unknown error while resolving myown user: " + AuthenticationHelper.getUserName()); } boolean hasRights = false; if ((getUserHbmDao().isInRole(userMe, UserRights.SITE_ROOT, userMe.getActiveSite()) && !userGiven.isMasterRoot()) || userMe.isMasterRoot()) { hasRights = true; } if (!hasRights) { if (userGiven.isMasterRoot() && !userMe.isMasterRoot()) { return false; } if (!getUserHbmDao().isInRole(userGiven, UserRights.SITE_ROOT, userGiven.getActiveSite())) { return false; // don't edit a user with higher rights } } if (!hasRights) { // Only change user, if the given user is in one of the same units // as the authenticated user Iterator it = userGiven.getUnits().iterator(); while (it.hasNext()) { UnitHbm unit = (UnitHbm) it.next(); if (userMe.getUnits().contains(unit)) { hasRights = true; break; } } } if (log.isDebugEnabled()) log.debug("User " + userMe.getUserId() + " has right: " + hasRights + " for changing " + userGiven.getUserId()); return hasRights; } /** * Adds a User to a specific Group. <b>SECURITY INFORMATION:</b> Available * only to: <i>changeUser, siteRoot</i> * * @param groupValue * The Group * @param userName * The Use * * @see de.juwimm.cms.remote.UserServiceSpring#addUserToGroup(de.juwimm.cms.authorization.vo.GroupValue, * java.lang.String) */ @Override protected void handleAddUserToGroup(GroupValue groupValue, String userName) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userName); if (user != null) { if (this.hasRightsForChangeUser(user)) { GroupHbm group = super.getGroupHbmDao().load(groupValue.getGroupId()); getUserHbmDao().addGroup(group, AuthenticationHelper.getUserName(), userName); this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userName + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Removes a User from a specific Group. <b>SECURITY INFORMATION:</b> * Available only to: <i>changeUser, siteRoot</i> * * @param gv * The Group * @param userName * The User * * @see de.juwimm.cms.remote.UserServiceSpring#removeUserFromGroup(de.juwimm.cms.authorization.vo.GroupValue, * java.lang.String) */ @Override protected void handleRemoveUserFromGroup(GroupValue gv, String userName) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userName); if (user != null) { if (this.hasRightsForChangeUser(user)) { GroupHbm gl = super.getGroupHbmDao().load(gv.getGroupId()); user.dropGroup(gl); this.authCache.flushAuthCache(); } else { throw new SecurityException("Not enough permissions to change the user:" + userName + " with credential:" + AuthenticationHelper.getUserName()); } } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Deletes an useraccount. * * @param userId * The UserId of the user that should be deleted. * * @see de.juwimm.cms.remote.UserServiceSpring#deleteUser(java.lang.String) */ @Override protected void handleDeleteUser(String userId) throws Exception { try { UserHbm user = null; user = super.getUserHbmDao().load(userId); if (user != null && this.hasRightsForChangeUser(user)) { //remove all locks held by this user getContentServiceSpring().removeLocks(userId); //remove all existing tasks from or to this user Collection tasks = getTaskHbmDao().findByReceiver(userId); if (tasks != null && !tasks.isEmpty()) getTaskHbmDao().remove(tasks); tasks = getTaskHbmDao().findBySender(userId); if (tasks != null && !tasks.isEmpty()) getTaskHbmDao().remove(tasks); super.getUserHbmDao().remove(user); } } catch (Exception e) { throw new UserException(e.getMessage()); } } /** * Changes the Password of a given useraccount.<br> * <b>SECURITY INFORMATION:</b> Available only to: <i>changeUser, * siteRoot</i> * * @param userName * The UserName of the user which should get a new Password * @param oldPassword * The old password * @param newPassword * The new password * @return True, if it was possible to change the password. * * @see de.juwimm.cms.remote.UserServiceSpring#changePassword4User(java.lang.String, * java.lang.String, java.lang.String) */ @Override protected boolean handleChangePassword4User(String userName, String oldPassword, String newPassword) throws Exception { if (log.isDebugEnabled()) log.debug("begin changePassword for anotherone"); UserHbm userGiven = super.getUserHbmDao().load(userName); String newPasswdEncoded = userGiven.encrypt(newPassword); if (hasRightsForChangeUser(userGiven)) { userGiven.setPasswd(newPasswdEncoded); if (log.isDebugEnabled()) log.debug("end changePassword succ"); return true; } if (log.isDebugEnabled()) log.debug("end changePassword nosucc"); return false; } /** * @see de.juwimm.cms.remote.UserServiceSpring#getAllSites4CurrentUser() */ @Override protected SiteValue[] handleGetAllSites4CurrentUser() throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllSites4CurrentUser"); } SiteValue[] itarr = null; try { UserHbm user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (super.getUserHbmDao().isInRole(user, UserRights.SITE_ROOT, user.getActiveSite())) { Collection coll = null; Collection<SiteValue> sites = new ArrayList<SiteValue>(); try { coll = user.getSites(); // coll = getSiteHbmDao().findAll4User(user.getUserId()); } catch (Exception exe) { log.warn("Error while executing the finder \"findAll4User\" in getAllSites4CurrentUser: " + exe.getMessage()); } Iterator it = coll.iterator(); while (it.hasNext()) { SiteHbm currentSite = (SiteHbm) it.next(); if (this.isUserInRole(user.getUserId(), currentSite.getSiteId(), "siteRoot")) { sites.add((currentSite).getSiteValue()); } } itarr = sites.toArray(new SiteValue[0]); } } catch (Exception exe) { log.error("Error occured", exe); } return itarr; } private boolean isUserInRole(String userName, Integer siteId, String role) throws Exception { if (userName == null) { return false; } UserHbm user = super.getUserHbmDao().load(userName); if (user.isMasterRoot()) { return true; } try { GroupValue[] gv = this.getGroups4UserInSite(userName, siteId); for (int i = 0; i < gv.length; i++) { for (int j = 0; j < gv[i].getRoles().length; j++) { if (gv[i].getRoles()[j].getRoleId().equalsIgnoreCase(role)) { return true; } } } } catch (Exception exe) { log.error(exe); } return false; } /** * @see de.juwimm.cms.remote.UserServiceSpring#getAllUsers4OwnSites() */ @Override protected UserValue[] handleGetAllUsers4OwnSites() throws Exception { UserValue[] itarr = null; SiteValue[] mySites = this.getAllSites4CurrentUser(); HashSet<UserValue> userSet = new HashSet<UserValue>(); try { for (int i = (mySites.length - 1); i >= 0; i--) { Collection users = super.getUserHbmDao().findAll(mySites[i].getSiteId()); Iterator it = users.iterator(); while (it.hasNext()) { UserHbm user = (UserHbm) it.next(); if (!user.isMasterRoot()) { userSet.add(user.getUserValue()); } } } } catch (Exception e) { log.error("Error occured", e); } itarr = userSet.toArray(new UserValue[0]); return itarr; } /** * @see de.juwimm.cms.remote.UserServiceSpring#getGroups4UserInSite(java.lang.String, * java.lang.Integer) */ @Override protected GroupValue[] handleGetGroups4UserInSite(String userName, Integer siteId) throws Exception { GroupValue[] gvarr = null; try { UserHbm user = super.getUserHbmDao().load(userName); Collection coll = null; if (user.isMasterRoot()) { coll = super.getGroupHbmDao().findAll(siteId); } else { coll = super.getGroupHbmDao().findByUserAndSite(userName, siteId); } gvarr = new GroupValue[coll.size()]; Iterator it = coll.iterator(); for (int i = 0; i < coll.size(); i++) { GroupHbm group = (GroupHbm) it.next(); gvarr[i] = group.getGroupValue(); } } catch (Exception e) { throw new UserException(e.getMessage()); } return gvarr; } /** * @see de.juwimm.cms.remote.UserServiceSpring#getConnectedUsers4Site(java.lang.Integer) */ @Override protected String[] handleGetConnectedUsers4Site(Integer siteId) throws Exception { Collection coll = null; int siz = 0; try { SiteHbm site = super.getSiteHbmDao().load(siteId); coll = site.getUsers(); siz = coll.size(); } catch (Exception exe) { log.warn("Error while executing the finder \"findAll\" in getConnectedUsersForSite: " + exe.getMessage()); } ArrayList<String> al = new ArrayList<String>(siz); if (siz > 0) { Iterator it = coll.iterator(); for (int i = 0; i < siz; i++) { UserHbm user = (UserHbm) it.next(); if (!user.isMasterRoot()) { al.add(user.getUserId()); } } } return al.toArray(new String[0]); } /** * @see de.juwimm.cms.remote.UserServiceSpring#setConnectedUsers4Site(java.lang.Integer, * java.lang.String[]) */ @Override protected void handleSetConnectedUsers4Site(Integer siteId, String[] userIds) throws Exception { Collection<UserHbm> usersIn = null; Collection<String> usersRemove = new ArrayList<String>(); Collection<String> users = new ArrayList<String>(); // Collections are nicer to handle for (int i = 0; i < userIds.length; i++) { users.add(userIds[i]); } SiteHbm site = null; try { site = super.getSiteHbmDao().load(siteId); usersIn = site.getUsers(); } catch (Exception exe) { log.warn("Error while executing the finder \"findAll\" in getConnectedUsersForSite: " + exe.getMessage()); } // compare old user list with new one -> element in both means stay, // just in old means del for (UserHbm user : usersIn) { if (users.contains(user.getUserId())) { users.remove(user.getUserId()); } else { usersRemove.add(user.getUserId()); } } // users still in list are the really new ones - create them for (String userId : users) { UserHbm user = super.getUserHbmDao().load(userId); user.getSites().add(site); } // remove the users deleted users for (String userId : usersRemove) { UserHbm user = super.getUserHbmDao().load(userId); user.getSites().remove(site); } } @Override protected SiteValue[] handleGetAllSites4CurrentUserWithRole(String requestedRole) throws Exception { if (log.isDebugEnabled()) { log.debug("begin getAllSites4CurrentUserWithRole: " + requestedRole); } SiteValue[] itarr = null; try { UserHbm user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (super.getUserHbmDao().isInRole(user, requestedRole, user.getActiveSite())) { Collection<SiteHbm> coll = null; Collection<SiteValue> sites = new ArrayList<SiteValue>(); try { if (user.isMasterRoot()) { coll = super.getSiteHbmDao().findAll(); } else { coll = super.getSiteHbmDao().findAll4User(user.getUserId()); } } catch (Exception exe) { log.warn( "Error while executing the finder \"findAll4User\" in getAllSites4CurrentUserWithRole: " + exe.getMessage()); } Iterator it = coll.iterator(); while (it.hasNext()) { SiteHbm currentSite = (SiteHbm) it.next(); if (this.isUserInRole(user.getUserId(), currentSite.getSiteId(), requestedRole)) { sites.add((currentSite).getSiteValue()); } } itarr = sites.toArray(new SiteValue[0]); } else { // at least add current site itarr = new SiteValue[] { user.getActiveSite().getSiteValue() }; } } catch (Exception exe) { log.error("Error occured", exe); } return itarr; } private Integer getActiveSiteId() throws UserException { try { UserHbm user = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); return user.getActiveSite().getSiteId(); } catch (Exception e) { if (log.isErrorEnabled()) { log.error("Could not get id of active site", e); throw new UserException(e.getMessage()); } } return null; } @Override protected UserUnitsGroupsValue[] handleGetUserUnitsGroups4UnitAndGroup(Integer unitId, Integer groupId) throws Exception { Vector<UserUnitsGroupsValue> vec = new Vector<UserUnitsGroupsValue>(); try { ArrayList<UserHbm> userList = new ArrayList<UserHbm>(); UserHbm userLogged = super.getUserHbmDao().load(AuthenticationHelper.getUserName()); if (!isUserInRole(userLogged.getUserId(), this.getActiveSiteId(), UserRights.SITE_ROOT)) { if (isUserInRole(userLogged.getUserId(), this.getActiveSiteId(), UserRights.UNIT_ADMIN)) { Iterator unitsIt = userLogged.getUnits().iterator(); while (unitsIt.hasNext()) { UnitHbm unit = (UnitHbm) unitsIt.next(); Collection users = unit.getUsers(); Iterator<UserHbm> userIt = users.iterator(); while (userIt.hasNext()) { UserHbm current = userIt.next(); //not allowed to see user in higher roles than himself if (!isUserInRole(current.getUserId(), this.getActiveSiteId(), UserRights.SITE_ROOT)) { userList.add(current); } } } } } else { if (unitId != null && unitId.intValue() > 0 && groupId != null && groupId.intValue() > 0) { userList.addAll(super.getUserHbmDao().findAll4UnitAndGroup(unitId, groupId)); } else if (unitId != null && unitId.intValue() > 0) { userList.addAll(super.getUserHbmDao().findAll4Unit(unitId)); } else if (groupId != null && groupId.intValue() > 0) { userList.addAll(super.getUserHbmDao().findAll4Group(groupId)); } else { userList.addAll(super.getUserHbmDao().findAll(this.getActiveSiteId())); } } Iterator<UserHbm> it = userList.iterator(); while (it.hasNext()) { UserHbm user = it.next(); vec.add(getUserHbmDao().getUserUnitsGroupsValue(user)); // vec.add(user.getUserUnitsGroupsValue()); } } catch (Exception e) { throw new UserException(e.getMessage(), e); } return vec.toArray(new UserUnitsGroupsValue[0]); } @Override protected TaskValue handleGetTaskForId(Integer taskId) throws Exception { TaskHbm tvHbm = getTaskHbmDao().load(taskId); if (tvHbm != null) { return tvHbm.getTaskValue(); } return null; } /* (non-Javadoc) * @see de.juwimm.cms.remote.UserServiceSpringBase#handleIsUserInUnit(java.lang.String, java.lang.Integer) */ @Override protected Boolean handleIsUserInUnit(String userId, Integer unitId) throws Exception { return getUserHbmDao().load(userId).isInUnit(unitId); } /* (non-Javadoc) * @see de.juwimm.cms.remote.UserServiceSpringBase#handleRemoveUserFromSite(java.lang.String, java.lang.Integer) */ @Override protected void handleRemoveUserFromSite(String userId, Integer siteId) throws Exception { getUserHbmDao().load(userId).dropSite(getSiteHbmDao().load(siteId)); } }