View Javadoc

1   package org.paneris.user.model;
2   
3   import java.sql.Connection;
4   import java.sql.ResultSet;
5   import java.sql.Statement;
6   import java.util.Enumeration;
7   
8   import javax.servlet.http.HttpServletRequest;
9   import javax.servlet.http.HttpSession;
10  
11  import org.paneris.jal.model.DBConnectionManager;
12  import org.paneris.jal.model.DDField;
13  import org.paneris.jal.model.DDRecord;
14  import org.paneris.jal.model.RecordSet;
15  import org.paneris.jal.model.SystemProperties;
16  import org.paneris.messageboard.model.Message;
17  import org.paneris.util.StringUtils;
18  import org.webmacro.servlet.WebContext;
19  
20  
21  /**
22   * A User.
23   *
24   */
25  public class User extends DDRecord {
26  
27    private static final long serialVersionUID = 1L;
28      private boolean loggedOn = false;
29      private Boolean administrator = null;
30  
31  
32  /**
33   * Constructor
34   */
35      public User(String db, ResultSet rs) throws Exception {
36          super(db,"users",rs);
37      }
38  
39  /**
40   * Constructor
41   */
42      public User(String db) throws Exception {
43          super(db,"users");
44      }
45  
46  /**
47   * Constructor
48   */
49      public User(String db, Integer record) throws Exception {
50          super(db,"users",record);
51      }
52  
53      public static synchronized User getInstance(WebContext context) 
54          throws Exception {
55        String db = context.getForm("db");
56        if (db == null) db = (String)context.get("db");
57        return getInstance(context,db);
58      }
59  
60      public static synchronized User getInstance(WebContext context, String db) 
61          throws Exception {
62        HttpSession session = context.getSession();
63        User user = (User) session.getAttribute(db+"user");
64        if (user == null) {
65          // return an empty user - will have loggedOn flag = false
66          user = new User(db);
67        }
68        return user;
69      }
70  
71  
72      public User refresh(WebContext context) throws Exception {
73        String db = context.getForm("db");
74        if (db == null) db = (String)context.get("db");
75        User user = new User(database,new Integer(getFieldValue("id")));
76        user.setLoggedOn(true);
77        HttpSession s = context.getSession();
78        System.err.println("in refresh putting " + user + " into " + db +"user");
79        s.setAttribute(db+"user",user);
80        System.err.println("in refresh get back " + s.getAttribute(db+"user"));
81        // force the next page to check for a new style
82        s.removeAttribute(db+"stylepath");
83        return user;
84      }
85  
86      public static String getLoginPage(WebContext context, String message) 
87          throws Exception {
88        String db = context.getForm("db");
89        if (db == null) db = (String)context.get("db");
90        return getLoginPage(context, db, message, null);
91      }
92  
93      public static String getLoginPage(WebContext context, String db, String message) throws Exception {
94          return getLoginPage(context, db, message, null);
95      }
96  
97      public static String getLoginPage(WebContext context, String db, 
98                                        String message, String wmtemplate)
99          throws Exception {
100       String adminSqlString = "SELECT users.id FROM users, usersgroups, usergroups " +
101                               "WHERE usersgroups.username = users.id " +
102                               "AND usersgroups.groupname = usergroups.id " + 
103                               "AND usergroups.groupname = 'Administrators'";
104         context.put("admins",RecordSet.getInstance(context, db, "users", 
105                                                    adminSqlString, new Integer(0)));
106         context.put("user",new User(db));
107         context.put("db",db);
108         context.put("message",message);
109         String loginTemplate = wmtemplate;
110         if (loginTemplate == null) {
111             try {
112                 SystemProperties sp = new SystemProperties(db);
113                 loginTemplate = sp.getProperty("logintemplate");
114             } catch (Exception e) {
115                 loginTemplate = "user/view/UserLogin.wm";
116             }
117         }
118         return loginTemplate;
119     }
120 
121 
122 /**
123  * Check if we are logged in for the table and record we are trying to edit,
124  * this is done by looking at the record for fields that lookup directly
125  * to a this users user record.
126  */
127     public static String checkLoggedInForParentRecord(DDRecord record, 
128                                                       WebContext context, 
129                                                       String message) 
130         throws Exception {
131       String db = context.getForm("db");
132       if (db == null) db = (String)context.get("db");
133 // are we logged on?
134       boolean loggedin = false;
135       for (Enumeration en = record.elements() ; en.hasMoreElements() ;) {
136             DDField field = (DDField) en.nextElement();
137             if (field.getMetaData().getType().equals("lookup")) {
138                 if (field.getMetaData().getRelationshipTable().equals("users")) {
139                     if (checkLoggedInForRecord(field.getLookup(), context, message) == null) {
140                         loggedin = true;
141                     }
142                 }
143             }
144       }
145       if (!loggedin) {
146         // need to log in
147             setReturnURL(context);
148             return getLoginPage(context,db,message);
149       } else {
150             return null;
151       }
152     }
153 
154 
155 /**
156  * Check if we are logged in by the table and record we are trying to edit.
157  */
158     public static String checkLoggedInForRecord(DDRecord record, 
159                                                 WebContext context, 
160                                                 String message)
161         throws Exception {
162       String db = context.getForm("db");
163       if (db == null) db = (String)context.get("db");
164      // are we editing the user table, 
165      // if so, check we are the user that we are editing
166         if (record.getMetaData().getTableName().equals("users")) {
167      // anybody is allowed to insert a new user record
168           if (record.getFieldValue("id").equals("0")) {
169             return null;
170           }
171      // so go and get the user
172           HttpSession session = context.getSession();
173           User user = (User) session.getAttribute(db+"user");
174           if (user != null) {
175             if (record.getFieldValue("id").equals(user.getFieldValue("id"))) {
176             // he he, it's us
177               return null;
178             }
179           }
180         }
181         // need to log in
182         setReturnURL(context);
183         return getLoginPage(context,db,message);
184     }
185 
186 /**
187  * check if we are logged in,
188  */
189   public static String checkLoggedIn(String resourceType, String resource, 
190                                        WebContext context, String message) 
191      throws Exception {
192     String db = context.getForm("db");
193     if (db == null) db = (String)context.get("db");
194     return checkLoggedIn(resourceType, resource, db, context, message, false);
195   }
196 
197   public static String checkLoggedIn(String resourceType, String resource, 
198                                      String db, WebContext context, 
199                                      String message) 
200       throws Exception {
201     return checkLoggedIn(resourceType, resource, db, context, message, false);
202   }
203 
204   public static String checkLoggedIn(String resourceType, String resource, 
205                                      WebContext context, String message, 
206                                      boolean force) 
207       throws Exception {
208     String db = context.getForm("db");
209     if (db == null) db = (String)context.get("db");
210     return checkLoggedIn(resourceType, resource, db, context, message, force);
211   }
212 
213   public static String checkLoggedIn(String resourceType, String resource, 
214                                      String db, WebContext context, 
215                                      String message, boolean force) 
216       throws Exception {
217     return checkLoggedIn(resourceType, resource, db, context, message, force, null);
218   }
219 
220     /**
221      * Checks whether a user has access rights for a particular resource.
222      * <P>
223      * @return the template to use for a login page, if the user needs to
224      *         log on; null if the user is logged on, or there are no entries
225      *         for the resource in the database (or anything goes wrong, such
226      *         as not giving a valid db name!)
227      */
228 
229     public static String checkLoggedIn(String resourceType, String resource, 
230                                        String db, WebContext context, 
231                                        String message, boolean force, 
232                                        String wmtemplate) 
233         throws Exception {
234     User t = (User) context.getSession().getAttribute("panerisuser");
235     System.err.println("User1: user = " + t);
236 //    check system.properties
237       String ac = "false";
238       String sqlString = "";
239       String sqlString2 = "";
240       try {
241         SystemProperties sp = new SystemProperties(db);
242         ac = sp.getProperty("accesscontrol");
243       } catch (Exception e) {
244         ; // ignore error
245       }
246       if (!ac.equals("true")) {
247         return null;
248       }
249       DBConnectionManager connMgr = DBConnectionManager.getInstance();
250       Connection conn = null;
251       try {
252       // check to see if we need to logon for this resource
253         conn = connMgr.getConnection("User",db);
254         Statement s = conn.createStatement();
255         sqlString = "SELECT userpermissions.groupname FROM userpermissions, userresources, userresourcetypes \n";
256         sqlString += "WHERE userpermissions.resource = userresources.id \n";
257         sqlString += "  AND userresources.resource = '" + resource + "' \n";
258         sqlString += "  AND userresources.type = userresourcetypes.id \n";
259         sqlString += "  AND userresourcetypes.type = '" + resourceType + "'";
260 
261         ResultSet rs = s.executeQuery(sqlString);
262         if (!force) {
263           if (!rs.next()) {
264             connMgr.freeConnection(db, conn);
265             return null;
266           }
267         }
268       } catch (Exception e) {
269         throw new Exception("Can't find user group: " + e.toString() + " sqlString: " + sqlString);
270       } finally {
271         connMgr.freeConnection(db, conn);
272       }
273 
274       try {
275         // here we know we need to log in
276         // so go and get the user
277             HttpSession session = context.getSession();
278             conn = connMgr.getConnection("User",db);
279             User user = (User) session.getAttribute(db+"user");
280             if (user != null) {
281                 Statement s = conn.createStatement();
282                 Integer id = new Integer(user.getFieldValue("id"));
283                 // see if we can find our user
284                 if (connMgr.getDatabaseEngineType(db) == DBConnectionManager.MYSQL) {
285                    sqlString2  = "SELECT usersgroups.id FROM usersgroups, userpermissions, userresources, userresourcetypes \n";
286                    sqlString2 += "WHERE usersgroups.username = " + id + "\n";
287                    sqlString2 += "  AND userpermissions.resource = userresources.id \n";
288                    sqlString2 += "  AND userresources.resource = '" + resource + "' \n";
289                    sqlString2 += "  AND userresources.type = userresourcetypes.id \n";
290                    sqlString2 += "  AND userresourcetypes.type = '" + resourceType + "'\n";
291                    sqlString2 += "  AND usersgroups.groupname = userpermissions.groupname";
292                 } else {
293                   sqlString2 = "SELECT id FROM usersgroups WHERE ";
294                   sqlString2 += "username = " + id + " AND groupname IN (" + sqlString + ")";
295                 }
296 
297                 ResultSet rs = s.executeQuery(sqlString2);
298                 if (rs.next()) {
299                     // got him
300                     connMgr.freeConnection(db, conn);
301                     System.err.println("Found user: " + id);
302                     return null;
303                 } else   System.err.println("In User could not find user: " + id);
304             } else   System.err.println("In User " +db+"user is null");
305             // need to log in
306             setReturnURL(context);
307             connMgr.freeConnection(db, conn);
308             return getLoginPage(context,db,message,wmtemplate);
309       } catch (Exception e) {
310         throw new Exception("Can't find user: " + e.toString() + " sqlString2: " + sqlString2);
311       } finally {
312         connMgr.freeConnection(db, conn);
313       }
314     }
315 
316     public static void setReturnURL(WebContext context) {
317         HttpSession session = context.getSession();
318         HttpServletRequest request = context.getRequest();
319         String url = request.getRequestURI() + "?" + request.getQueryString();
320         session.setAttribute("LoginUserReturnURL",url);
321         context.put("LoginUserReturnURL", url);
322     }
323 
324     public void setLoggedOn(boolean value) {
325         loggedOn = value;
326     }
327 
328     public boolean isLoggedOn() {
329         return loggedOn;
330     }
331 
332     public boolean isAdministrator() {
333       if (administrator == null) {
334         administrator = new Boolean(false);
335         try {
336           RecordSet groups = getChildren("usersgroups", "username");
337           for (Enumeration en = groups.getRows().elements() ; en.hasMoreElements() ;) {
338             DDRecord usergroup = (DDRecord) en.nextElement();
339             DDRecord group = new DDRecord(database,"usergroups",
340                                           new Integer(usergroup.getFieldValue("groupname")));
341             if (group.getFieldValue("groupname").trim().equals("Administrators")) {
342                         administrator = new Boolean(true);
343             }
344           }
345         } catch (Exception e) {
346           throw new RuntimeException(e.toString());
347         }
348       }
349       return administrator.booleanValue();
350     }
351 
352     public Integer getId() {
353       return (Integer) ((DDField)get("id")).getValue();
354     }
355 
356     public boolean checkPassword(String c) throws Exception {
357         if (c==null) c="";
358         String check = c.trim();
359         DDField passwordField = (DDField) get("password");
360         if (passwordField == null)
361             throw new Exception ("No password field found in user table");
362         String password = ((String) passwordField.getValue());
363         password = (password != null) ? password.trim() : "";
364         // blank password is never valid!
365         if (!check.equals("") && password.equals(check)) {
366             return true;
367         } else {
368             return false;
369         }
370     }
371     
372     /**
373      * generates a unique login id and a random password for this user
374      * also set the username to the password if it is blank
375      */
376     public void generateDetails() {
377         // set the username value
378         if (getFieldValue("username").equals("")) setFieldValue("username",getFieldValue("email"));
379         // set the loginid value
380         if (getFieldValue("loginid").equals("")) setFieldValue("loginid",getFieldValue("email"));
381         // set the password
382         if (getFieldValue("password").equals("")) setFieldValue("password", StringUtils.getRandomString(6));
383     }
384     
385     //  not used at present except for zedzed
386     public void generateId() throws Exception {
387         String username = getFieldValue("username").toLowerCase();
388         String loginid = username;
389         int space = username.indexOf(' ');
390         if (space > 0) {
391             loginid = username.substring(0,space);
392             space ++;
393             if (space < username.length()) {
394                 loginid += username.charAt(space);
395             }
396         }
397         // check to see if we already have this login id
398         Connection conn = connMgr.getConnection("User",database);
399         Statement s = conn.createStatement();
400         ResultSet rs = s.executeQuery("SELECT id FROM users WHERE loginid = '" + loginid + "'");
401         boolean found = false;
402         int count = 0;
403         if (rs.next()) {
404             found = true;
405         }
406         String testId = new String(loginid);
407         while (found) {
408             count++;
409             testId = new String(loginid);
410             String testIdString = "" + count;
411             for (int i=0; i < (2 - testIdString.length()); i++) {
412                 testId += "0";
413             }
414             testId += count;
415             rs = s.executeQuery("SELECT id FROM users WHERE loginid = '" + testId + "'");
416             if (!rs.next()) {
417                 found = false;
418             }
419         }
420         loginid = testId.trim();
421         setFieldValue("loginid", testId);
422         connMgr.freeConnection(database, conn);
423     }
424     
425     public static User getSystemUser(String db) {
426         User user = null; 
427         String sysuser = "";
428         try {
429             SystemProperties sp = new SystemProperties(db);
430             sysuser = sp.getProperty("systemuser");
431         } catch (Exception e) {
432           ; // ignore error
433         }
434         if (!sysuser.equals("")) {
435             try {
436                  user = new User(db, new Integer(sysuser));
437             } catch (Exception e) {
438              ; // ignore error
439             }
440         }
441         return user;
442     }        
443 
444     /**
445      * Announce this user to a messageboard.
446      */
447     public void announce(int boardid, String mess) throws Exception {
448         Message m = new Message(database);
449         String message = "A new user has registered on the system, here are their details:\n\n";
450         message += getField("id").getMetaData().getDisplayName() + ": " + getFieldValue("id") + "\n";
451         message += getField("username").getMetaData().getDisplayName() + ": " + getFieldValue("username") + "\n";
452         message += getField("email").getMetaData().getDisplayName() + ": " + getFieldValue("email") + "\n";
453         message += "\n" + mess;
454         m.setFieldValue("message", message);
455         m.setFieldValue("parent", "0");
456         m.setFieldValue("subject", "New User");
457         m.setFieldValue("board", new Integer(boardid));
458         m.setFieldValue("author", new Integer(getFieldValue("id")));
459         m.write();
460         m.distribute();
461     }
462 
463 
464 
465 }