1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package info.magnolia.module.admininterface.dialogs;
35
36 import info.magnolia.cms.core.Content;
37 import info.magnolia.cms.core.HierarchyManager;
38 import info.magnolia.cms.core.NodeData;
39 import info.magnolia.cms.gui.dialog.Dialog;
40 import info.magnolia.cms.gui.dialog.DialogControlImpl;
41 import info.magnolia.cms.security.AccessDeniedException;
42 import info.magnolia.context.MgnlContext;
43 import info.magnolia.module.admininterface.SaveHandler;
44 import info.magnolia.repository.RepositoryConstants;
45 import info.magnolia.util.EscapeUtil;
46
47 import java.util.ArrayList;
48 import java.util.Iterator;
49 import java.util.List;
50
51 import javax.jcr.ItemNotFoundException;
52 import javax.jcr.PathNotFoundException;
53 import javax.jcr.RepositoryException;
54 import javax.servlet.http.HttpServletRequest;
55 import javax.servlet.http.HttpServletResponse;
56
57 import org.apache.commons.lang.StringUtils;
58 import org.slf4j.Logger;
59 import org.slf4j.LoggerFactory;
60
61
62
63
64
65
66 public class UserEditDialog extends ConfiguredDialog {
67
68
69
70
71 private static final long serialVersionUID = 222L;
72
73
74
75
76 protected static Logger log = LoggerFactory.getLogger(UserEditDialog.class);
77
78 protected static final String NODE_ACLUSERS = "acl_users";
79
80 protected static final String NODE_ACLROLES = "acl_userroles";
81
82 protected static final String NODE_ACLCONFIG = "acl_config";
83
84
85
86
87
88 @Override
89 public String getRepository() {
90 String repository = super.getRepository();
91 if (repository == null) {
92 repository = RepositoryConstants.USERS;
93 }
94 return repository;
95 }
96
97
98
99
100
101
102
103 public UserEditDialog(String name, HttpServletRequest request, HttpServletResponse response, Content configNode) {
104 super(name, request, response, configNode);
105 }
106
107
108
109
110 @Override
111 protected void configureSaveHandler(SaveHandler save) {
112 super.configureSaveHandler(save);
113 save.setPath(path);
114 }
115
116
117
118
119
120
121
122 @Override
123 protected Dialog createDialog(Content configNode, Content storageNode) throws RepositoryException {
124 Dialog dialog = super.createDialog(configNode, storageNode);
125
126 if (this.getCommand().equalsIgnoreCase(COMMAND_SAVE)) {
127 return dialog;
128 }
129
130
131 DialogControlImpl control = dialog.getSub("groups");
132
133 HierarchyManager groupsHM = MgnlContext.getSystemContext().getHierarchyManager(RepositoryConstants.USER_GROUPS);
134
135 replaceUUIDsWithNames(control, groupsHM);
136
137 control = dialog.getSub("roles");
138
139 HierarchyManager rolesHM = MgnlContext.getSystemContext().getHierarchyManager(RepositoryConstants.USER_ROLES);
140
141 replaceUUIDsWithNames(control, rolesHM);
142
143 return dialog;
144 }
145
146 private void replaceUUIDsWithNames(DialogControlImpl control, HierarchyManager hm) throws RepositoryException {
147 List values = new ArrayList<String>();
148 Iterator it = control.getValues().iterator();
149 while(it.hasNext()){
150 String uuid = (String) it.next();
151 if (StringUtils.isEmpty(uuid)) {
152 continue;
153 }
154 try {
155 values.add(hm.getContentByUUID(uuid).getHandle());
156 }
157 catch (ItemNotFoundException e) {
158
159 }
160 }
161 control.getValues().clear();
162 control.getValues().addAll(values);
163 }
164
165
166
167
168
169 protected void writeACL(Content node) throws RepositoryException {
170
171
172
173 }
174
175 private boolean escapeFormParam(String name) {
176 String[] oldValue = this.form.getParameterValues(name);
177 if (oldValue == null) {
178 return false;
179 }
180
181 String[] newValue = EscapeUtil.escapeXss(EscapeUtil.unescapeXss(oldValue));
182 this.form.addparameterValues(name, newValue);
183 return true;
184 }
185
186 @Override
187 protected boolean onPreSave(SaveHandler control) {
188
189 escapeFormParam("groups");
190 escapeFormParam("roles");
191 return true;
192 }
193
194 @Override
195 protected boolean onPostSave(SaveHandler saveControl) {
196
197 Content node = this.getStorageNode();
198
199 HierarchyManager groupsHM = MgnlContext.getHierarchyManager(
200 RepositoryConstants.USER_GROUPS);
201 HierarchyManager rolesHM = MgnlContext.getHierarchyManager(
202 RepositoryConstants.USER_ROLES);
203
204 try {
205 this.writeRolesOrGroups(groupsHM, node, "groups");
206 this.writeRolesOrGroups(rolesHM, node, "roles");
207 this.writeACL(node);
208 node.save();
209 return true;
210 } catch (RepositoryException re) {
211 log.error("Failed to update user, reverting all transient modifications made for this node", re);
212 try {
213 node.refresh(false);
214 } catch (RepositoryException e) {
215 log.error("Failed to revert transient modifications", re);
216 }
217 }
218 return false;
219 }
220
221 private void writeRolesOrGroups(HierarchyManager hm, Content parentNode, String nodeName)
222 throws RepositoryException {
223 try {
224 Content groupOrRoleNode = parentNode.getContent(nodeName);
225
226 Iterator existingNodes = groupOrRoleNode.getNodeDataCollection().iterator();
227 while (existingNodes.hasNext()) {
228 ((NodeData) existingNodes.next()).delete();
229 }
230 List values = getDialog().getSub(nodeName).getValues();
231 String path = null;
232 for (int index = 0; index < values.size(); index++) {
233 try {
234 path = (String) values.get(index);
235 if (StringUtils.isNotEmpty(path)) {
236 groupOrRoleNode.createNodeData(Integer.toString(index)).setValue(hm.getContent(path).getUUID());
237 }
238 } catch(AccessDeniedException e) {
239 String user = MgnlContext.getUser().getName();
240 log.warn("User {} tried to assign {} {} to {} without having privileges to do so.", new Object[] {user, nodeName.substring(0, nodeName.length() - 1), path, (parentNode.getName() == user ? "self" : parentNode.getName())});
241 }
242 }
243 } catch (PathNotFoundException e) {
244
245 }
246 }
247 }