Index: trunk/calendar3/calCore/resources/hbms/CalSuite.hbm.xml =================================================================== --- trunk/calendar3/calCore/resources/hbms/CalSuite.hbm.xml (revision 514) +++ trunk/calendar3/calCore/resources/hbms/CalSuite.hbm.xml (revision 520) @@ -17,9 +17,28 @@ + + + + + + + + + + + + + + @@ -39,4 +58,9 @@ where cal.name=:name ]]> + + Index: trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AdminGroupsDbImpl.java =================================================================== --- trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AdminGroupsDbImpl.java (revision 285) +++ trunk/calendar3/calCore/src/org/bedework/calcore/hibernate/AdminGroupsDbImpl.java (revision 520) @@ -212,9 +212,9 @@ } */ - - /* val must not already be present on any paths to the root. + + /* val must not already be present on any paths to the root. * We'll assume the possibility of more than one parent. */ - + if (!checkPathForSelf(group, val)) { throw new CalFacadeException(CalFacadeException.alreadyOnAdminGroupPath); @@ -357,13 +357,6 @@ return user; }*/ - - private boolean checkPathForSelf(BwGroup group, - BwPrincipal val) throws CalFacadeException { - if (group.equals(val)) { - return false; - } - - /* get all parents of group and try again */ - + + public Collection findGroupParents(BwGroup group) throws CalFacadeException { HibSession sess = getSess(); @@ -377,16 +370,26 @@ sess.setInt("grpid", group.getId()); - Collection parents = sess.getList(); - - Iterator it = parents.iterator(); - + return sess.getList(); + } + + private boolean checkPathForSelf(BwGroup group, + BwPrincipal val) throws CalFacadeException { + if (group.equals(val)) { + return false; + } + + /* get all parents of group and try again */ + + + Iterator it = findGroupParents(group).iterator(); + while (it.hasNext()) { BwAdminGroup g = (BwAdminGroup)it.next(); - + if (!checkPathForSelf(g, val)) { return false; } } - + return true; } Index: trunk/calendar3/calFacade/src/org/bedework/calfacade/svc/AdminGroups.java =================================================================== --- trunk/calendar3/calFacade/src/org/bedework/calfacade/svc/AdminGroups.java (revision 2) +++ trunk/calendar3/calFacade/src/org/bedework/calfacade/svc/AdminGroups.java (revision 520) @@ -54,7 +54,10 @@ package org.bedework.calfacade.svc; +import org.bedework.calfacade.BwGroup; import org.bedework.calfacade.BwUser; import org.bedework.calfacade.CalFacadeException; import org.bedework.calfacade.ifs.Groups; + +import java.util.Collection; /** An interface to handle calendar admin groups. @@ -88,3 +91,12 @@ public BwAdminGroup findGroupByEventOwner(BwUser owner) throws CalFacadeException; + + /** Find the parents of a given group. + * + * @param group BwGroup + * @return Collection empty for no parents + * @exception CalFacadeException If there's a problem + */ + public Collection findGroupParents(BwGroup group) + throws CalFacadeException; } Index: trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java =================================================================== --- trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java (revision 519) +++ trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvc.java (revision 520) @@ -86,4 +86,5 @@ import org.bedework.calfacade.ifs.Calintf; import org.bedework.calfacade.ifs.Groups; +import org.bedework.calfacade.svc.BwAdminGroup; import org.bedework.calfacade.svc.BwAuthUser; import org.bedework.calfacade.svc.BwCalSuite; @@ -644,4 +645,9 @@ } + public BwCalSuiteWrapper getCalSuite(BwAdminGroup group) + throws CalFacadeException { + return dbi.getCalSuite(group); + } + public Collection getCalSuites() throws CalFacadeException { return dbi.getCalSuites(); Index: trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvcDb.java =================================================================== --- trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvcDb.java (revision 519) +++ trunk/calendar3/calsvc/src/org/bedework/calsvc/CalSvcDb.java (revision 520) @@ -59,4 +59,5 @@ import org.bedework.calfacade.BwUser; import org.bedework.calfacade.base.BwShareableDbentity; +import org.bedework.calfacade.svc.BwAdminGroup; import org.bedework.calfacade.svc.BwCalSuite; import org.bedework.calfacade.svc.BwPreferences; @@ -211,4 +212,29 @@ } + /** Get a calendar suite given the 'owning' group + * + * @param group BwAdminGroup + * @return BwCalSuiteWrapper null for unknown calendar suite + * @throws CalFacadeException + */ + public BwCalSuiteWrapper getCalSuite(BwAdminGroup group) + throws CalFacadeException { + HibSession sess = (HibSession)getSess(); + + sess.namedQuery("getCalSuiteByGroup"); + sess.setEntity("group", group); + sess.cacheableQuery(); + + BwCalSuite cs = (BwCalSuite)sess.getUnique(); + + if (cs == null) { + return null; + } + + CurrentAccess ca = checkAccess(cs, PrivilegeDefs.privAny, false); + + return new BwCalSuiteWrapper(cs, ca); + } + /** Allows svc to retrieve the calSuite object used to configure a public * client. Index: trunk/calendar3/calsvci/src/org/bedework/calsvci/CalSvcI.java =================================================================== --- trunk/calendar3/calsvci/src/org/bedework/calsvci/CalSvcI.java (revision 519) +++ trunk/calendar3/calsvci/src/org/bedework/calsvci/CalSvcI.java (revision 520) @@ -76,4 +76,5 @@ import org.bedework.calfacade.ifs.CalTimezones; import org.bedework.calfacade.ifs.Groups; +import org.bedework.calfacade.svc.BwAdminGroup; import org.bedework.calfacade.svc.BwCalSuite; import org.bedework.calfacade.svc.BwPreferences; @@ -520,4 +521,13 @@ */ public abstract BwCalSuiteWrapper getCalSuite(String name) throws CalFacadeException; + + /** Get a calendar suite given the 'owning' group + * + * @param group BwAdminGroup + * @return BwCalSuiteWrapper null for unknown calendar suite + * @throws CalFacadeException + */ + public abstract BwCalSuiteWrapper getCalSuite(BwAdminGroup group) + throws CalFacadeException; /** Get calendar suites to which this user has access Index: trunk/calendar3/deployment/webadmin/webapp/resources/default/default/default.xsl =================================================================== --- trunk/calendar3/deployment/webadmin/webapp/resources/default/default/default.xsl (revision 518) +++ trunk/calendar3/deployment/webadmin/webapp/resources/default/default/default.xsl (revision 520) @@ -1225,12 +1225,12 @@ @@ -3088,4 +3088,11 @@ + + Calendar Suite: + + + +   + Logged in as: Index: trunk/calendar3/webadmin/src/org/bedework/webadmin/admingroup/PESwitchAGAction.java =================================================================== --- trunk/calendar3/webadmin/src/org/bedework/webadmin/admingroup/PESwitchAGAction.java (revision 24) +++ trunk/calendar3/webadmin/src/org/bedework/webadmin/admingroup/PESwitchAGAction.java (revision 520) @@ -88,6 +88,6 @@ // Back to main menu. Abstract action will do the rest. - String temp = checkGroup(request, form, false); - if (temp == null) { + int temp = checkGroup(request, form, false); + if (temp == forwardNoAction) { form.getErr().emit("org.bedework.client.error.choosegroupsuppressed"); return "error"; Index: trunk/calendar3/webadmin/war/docs/header.jsp =================================================================== --- trunk/calendar3/webadmin/war/docs/header.jsp (revision 519) +++ trunk/calendar3/webadmin/war/docs/header.jsp (revision 520) @@ -170,4 +170,8 @@ + + + + Index: trunk/calendar3/webcommon/src/org/bedework/webcommon/BwAbstractAction.java =================================================================== --- trunk/calendar3/webcommon/src/org/bedework/webcommon/BwAbstractAction.java (revision 519) +++ trunk/calendar3/webcommon/src/org/bedework/webcommon/BwAbstractAction.java (revision 520) @@ -71,4 +71,5 @@ import org.bedework.calfacade.CalFacadeUtil; import org.bedework.calfacade.ifs.Groups; +import org.bedework.calfacade.svc.AdminGroups; import org.bedework.calfacade.svc.BwAdminGroup; import org.bedework.calfacade.svc.BwAuthUser; @@ -78,4 +79,5 @@ import org.bedework.calfacade.svc.EventInfo; import org.bedework.calfacade.svc.UserAuth; +import org.bedework.calfacade.svc.wrappers.BwCalSuiteWrapper; import org.bedework.calsvc.CalSvc; import org.bedework.calsvci.CalSvcI; @@ -106,50 +108,8 @@ * @author Mike Douglass douglm@rpi.edu */ -public abstract class BwAbstractAction extends UtilAbstractAction { +public abstract class BwAbstractAction extends UtilAbstractAction + implements ForwardDefs { /** Name of the init parameter holding our name */ private static final String appNameInitParameter = "rpiappname"; - - /* These are all the possible forwards we take. Internal routines should - * return one of the following indices. - */ - // ENUM - protected int forwardSuccess = 0; - protected int forwardContinue = 1; - protected int forwardRetry = 2; - - protected int forwardError = 3; - protected int forwardNoAccess = 4; - - protected int forwardNotFound = 5; - - protected int forwardNoSuchView = 6; - - /* Set when an optional parameter is not found */ - protected int forwardNoParameter = 7; - - /* Set when no action was taken */ - protected int forwardNoAction = 8; - - /* Something is referenced and cannot be removed */ - protected int forwardReffed = 9; - - /* an object was added/updated */ - protected int forwardAdded = 10; - protected int forwardUpdated = 11; - - protected final String[] forwards = { - "success", - "continue", - "retry", - "error", - "noAccess", - "notFound", - "noSuchView", - "noParameter", - "noAction", - "reffed", - "added", - "updated", - }; /* @@ -160,4 +120,18 @@ return getClass().getName(); } + + /** This is the routine which does the work. + * + * @param request Needed to locate session + * @param response + * @param sess UWCalSession calendar session object + * @param frm Action form + * @return String forward name + * @throws Throwable + */ + public abstract String doAction(HttpServletRequest request, + HttpServletResponse response, + BwSession sess, + BwActionFormBase frm) throws Throwable; public String performAction(HttpServletRequest request, @@ -231,7 +205,7 @@ /* Set up ready for the action */ - String temp = actionSetup(request, response, form); - if (temp != null) { - return temp; + int temp = actionSetup(request, response, form); + if (temp != forwardNoAction) { + return forwards[temp]; } @@ -278,10 +252,10 @@ * @param response * @param form - * @return String forward for error or null + * @return int foward index * @throws Throwable */ - public String actionSetup(HttpServletRequest request, - HttpServletResponse response, - BwActionFormBase form) throws Throwable { + public int actionSetup(HttpServletRequest request, + HttpServletResponse response, + BwActionFormBase form) throws Throwable { if (getPublicAdmin(form)) { if (debug) { @@ -297,9 +271,9 @@ if (!form.getAuthorisedUser()) { - return "noAccess"; - } - - String temp = checkGroup(request, form, true); - if (temp != null) { + return forwardNoAccess; + } + + int temp = checkGroup(request, form, true); + if (temp != forwardNoAction) { if (debug) { logIt("form.getGroupSet()=" + form.getGroupSet()); @@ -312,5 +286,5 @@ setAuthUser(form); - return null; + return forwardNoAction; } @@ -335,5 +309,5 @@ } - return null; + return forwardNoAction; } @@ -905,5 +879,5 @@ } - /** Return null if group is chosen else return a forward name. + /** Return no action if group is chosen else return a forward index. * * @param request Needed to locate session @@ -911,12 +885,12 @@ * @param initCheck true if this is a check to see if we're initialised, * otherwise this is an explicit request to change group. - * @return String forward name + * @return int forward index * @throws Throwable */ - protected String checkGroup(HttpServletRequest request, - BwActionFormBase form, - boolean initCheck) throws Throwable { + protected int checkGroup(HttpServletRequest request, + BwActionFormBase form, + boolean initCheck) throws Throwable { if (form.getGroupSet()) { - return null; + return forwardNoAction; } @@ -936,8 +910,17 @@ // Make them do it again. - return "chooseGroup"; + return forwardChooseGroup; } - return setGroup(request, form, adgrps, reqpar); + BwAdminGroup adg = (BwAdminGroup)adgrps.findGroup(reqpar); + if (adg != null) { + if (debug) { + logIt("No user admin group with name " + reqpar); + } + // We require a group + return forwardChooseGroup; + } + + return setGroup(request, form, adgrps, adg); } @@ -950,9 +933,9 @@ BwUser user = svci.findUser(form.getCurrentUser()); if (user == null) { - return "noAccess"; + return forwardNoAccess; } if (initCheck || !form.getUserAuth().isSuperUser()) { - // Always restrict to groups we're a member of + // Always restrict to groups of which we are a member adgs = adgrps.getGroups(user); } else { @@ -969,8 +952,8 @@ if (form.getUserAuth().isSuperUser() || noGroupAllowed) { form.assignAdminGroup(null); - return null; + return forwardNoAction; } - return "noGroupAssigned"; + return forwardNoGroupAssigned; } @@ -980,13 +963,5 @@ BwAdminGroup adg = (BwAdminGroup)adgsit.next(); - form.assignAdminGroup(adg); - String s = setAdminUser(request, form, adg.getOwner().getAccount(), true); - - if (s != null) { - return s; - } - - form.setAdminUserId(svci.getUser().getAccount()); - return null; + return setGroup(request, form, adgrps, adg); } @@ -996,27 +971,9 @@ form.assignChoosingGroup(true); // reset - return "chooseGroup"; + return forwardChooseGroup; } catch (Throwable t) { form.getErr().emit(t); - return "error"; - } - } - - protected String setAdminUser(HttpServletRequest request, - BwActionFormBase form, - String user, - boolean isMember) throws Throwable { - int access = getAccess(request, getMessages()); - -// if (form.getCalSvcI() != null) { -// form.getCalSvcI().close(); -// } - - if (!checkSvci(request, form, form.getSession(), access, user, true, - isMember, debug)) { - return "accessError"; - } - - return null; + return forwardError; + } } @@ -1026,45 +983,4 @@ } - private String setGroup(HttpServletRequest request, - BwActionFormBase form, - Groups adgrps, - String groupName) throws Throwable { - if (groupName == null) { - // We require a name - return "chooseGroup"; - } - - BwAdminGroup ag = (BwAdminGroup)adgrps.findGroup(groupName); - if (ag != null) { - adgrps.getMembers(ag); - } - - if (debug) { - if (ag == null) { - logIt("No user admin group with name " + groupName); - } else { - logIt("Retrieved user admin group " + ag.getAccount()); - } - } - - form.assignAdminGroup(ag); - - String s = setAdminUser(request, form, ag.getOwner().getAccount(), - isMember(ag, form)); - - if (s != null) { - return s; - } - - form.setAdminUserId(form.fetchSvci().getUser().getAccount()); - - return null; - } - - private boolean isMember(BwAdminGroup ag, - BwActionFormBase form) throws Throwable { - return ag.isMember(String.valueOf(form.getCurrentUser()), false); - } - /** Override to return true if this is an admin client * @@ -1075,35 +991,4 @@ public boolean getPublicAdmin(BwActionFormBase frm) throws Throwable { return frm.getEnv().getAppBoolProperty("publicadmin"); - } - - /** get an env object initialised appropriately for our usage. - * - * @param request HttpServletRequest - * @param frm - * @return CalEnv object - also implanted in form. - * @throws Throwable - */ - private CalEnv getEnv(HttpServletRequest request, - BwActionFormBase frm) throws Throwable { - CalEnv env = frm.getEnv(); - if (env != null) { - return env; - } - - HttpSession session = request.getSession(); - ServletContext sc = session.getServletContext(); - - String appName = sc.getInitParameter("bwappname"); - - if ((appName == null) || (appName.length() == 0)) { - appName = "unknown-app-name"; - } - - String envPrefix = "org.bedework.app." + appName + "."; - - env = new CalEnv(envPrefix, debug); - frm.assignEnv(env); - - return env; } @@ -1153,152 +1038,4 @@ } - /** This is the routine which does the work. - * - * @param request Needed to locate session - * @param response - * @param sess UWCalSession calendar session object - * @param frm Action form - * @return String forward name - * @throws Throwable - */ - public abstract String doAction(HttpServletRequest request, - HttpServletResponse response, - BwSession sess, - BwActionFormBase frm) throws Throwable; - - /** Get the session state object for a web session. If we've already been - * here it's embedded in the current session. Otherwise create a new one. - * - *

We also carry out a number of web related operations. - * - * @param request HttpServletRequest Needed to locate session - * @param form Action form - * @param messages MessageResources needed for the resources - * @param adminUserId id we want to administer - * @param admin Get this for the admin client - * @return UWCalSession null on failure - * @throws Throwable - */ - private synchronized BwSession getState(HttpServletRequest request, - BwActionFormBase form, - MessageResources messages, - String adminUserId, - boolean admin) throws Throwable { - BwSession s = BwWebUtil.getState(request); - HttpSession sess = request.getSession(false); - String appName = getAppName(sess); - - if (s != null) { - if (debug) { - debugMsg("getState-- obtainedfrom session"); - debugMsg("getState-- timeout interval = " + - sess.getMaxInactiveInterval()); - } - - form.assignNewSession(false); - } else { - if (debug) { - debugMsg("getState-- get new object"); - } - - form.assignNewSession(true); - - CalEnv env = getEnv(request, form); - String appRoot = env.getAppProperty("root"); - - /** The actual session class used is possibly site dependent - */ - s = new BwSessionImpl(form.getCurrentUser(), appRoot, appName, - form.getPresentationState(), messages, - form.getSchemeHostPort(), debug); - - BwWebUtil.setState(request, s); - - setSessionAttr(request, "cal.pubevents.client.uri", - messages.getMessage("org.bedework.public.calendar.uri")); - - setSessionAttr(request, "cal.personal.client.uri", - messages.getMessage("org.bedework.personal.calendar.uri")); - - setSessionAttr(request, "cal.admin.client.uri", - messages.getMessage("org.bedework.public.admin.uri")); - - String temp = messages.getMessage("org.bedework.host"); - if (temp == null) { - temp = form.getSchemeHostPort(); - } - - setSessionAttr(request, "cal.server.host", temp); - - String raddr = request.getRemoteAddr(); - String rhost = request.getRemoteHost(); - info("===============" + appName + ": New session (" + - s.getSessionNum() + ") from " + - rhost + "(" + raddr + ")"); - - if (!admin) { - /** Ensure the session timeout interval is longer than our refresh period - */ - // Should come from db -- int refInt = s.getRefreshInterval(); - int refInt = 60; // 1 min refresh? - - if (refInt > 0) { - int timeout = sess.getMaxInactiveInterval(); - - if (timeout <= refInt) { - // An extra minute should do it. - debugMsg("@+@+@+@+@+ set timeout to " + (refInt + 60)); - sess.setMaxInactiveInterval(refInt + 60); - } - } - } - } - - int access = getAccess(request, messages); - if (debug) { - debugMsg("Container says that current user has the type: " + access); - } - - /** Ensure we have a CalAdminSvcI object - */ - checkSvci(request, form, s, access, adminUserId, - getPublicAdmin(form), false, debug); - - /* - UserAuth ua = null; - UserAuthPar par = new UserAuthPar(); - par.svlt = servlet; - par.req = request; - - try { - ua = form.fetchSvci().getUserAuth(s.getUser(), par); - - form.assignAuthorisedUser(ua.getUsertype() != UserAuth.noPrivileges); - - if (debug) { - debugMsg("UserAuth says that current user has the type: " + - ua.getUsertype()); - } - } catch (Throwable t) { - form.getErr().emit("org.bedework.client.error.exc", t.getMessage()); - form.getErr().emit(t); - return null; - } - */ - - return s; - } - - private String getAppName(HttpSession sess) { - ServletContext sc = sess.getServletContext(); - - String appname = sc.getInitParameter(appNameInitParameter); - if (appname == null) { - appname = "?"; - } - - return appname; - } - /* We should probably return false for a portlet * (non-Javadoc) @@ -1328,226 +1065,4 @@ return true; - } - - /** Ensure we have a CalAdminSvcI object for the given user. - * - *

For an admin client with a super user we may switch to a different - * user to administer their events. - * - * @param request Needed to locate session - * @param form Action form - * @param sess Session object for global parameters - * @param access int unadjusted access - * @param user String user we want to be - * @param publicAdmin true if this is an administrative client - * @param canSwitch true if we should definitely allow user to switch - * this allows a user to switch between and into - * groups of which they are a member - * @param debug true for all that debugging stuff - * @return boolean false for problems. - * @throws CalFacadeException - */ - private boolean checkSvci(HttpServletRequest request, - BwActionFormBase form, - BwSession sess, - int access, - String user, - boolean publicAdmin, - boolean canSwitch, - boolean debug) throws CalFacadeException { - /** Do some checks first - */ - String authUser = String.valueOf(form.getCurrentUser()); - - if (!publicAdmin) { - /* We're never allowed to switch identity as a user client. - */ - if (!authUser.equals(String.valueOf(user))) { - return false; - } - } else if (user == null) { - throw new CalFacadeException("Null user parameter for public admin."); - } - - CalSvcI svci = BwWebUtil.getCalSvcI(request); - - /** Make some checks to see if this is an old - restarted session. - If so discard the svc interface - */ - if (svci != null) { - if (!svci.isOpen()) { - svci = null; - info(".Svci interface discarded from old session"); - } - } - - if (svci != null) { - /* Already there and already opened */ - if (debug) { - debugMsg("CalSvcI-- Obtained from session for user " + - svci.getUser()); - } - - // XXX access - disable use of roles - access = svci.getUserAuth().getUsertype(); - } else { - if (debug) { - debugMsg(".CalSvcI-- get new object for user " + user); - } - - /* create a call back object so the filter can open the service - interface */ - BwCallback cb = new Callback(form); - HttpSession hsess = request.getSession(); - hsess.setAttribute(BwCallback.cbAttrName, cb); - - String runAsUser = user; - String calSuite = form.retrieveConfig().getCalSuite(); - - try { - svci = new CalSvc(); - if (publicAdmin || (user == null)) { - if (calSuite == null) { - runAsUser = form.getEnv().getAppProperty("run.as.user"); - } - } - - CalSvcIPars pars = new CalSvcIPars(user, //access, - runAsUser, - calSuite, - form.getEnv().getAppPrefix(), - publicAdmin, - false, // caldav - null, // synchId - debug); - svci.init(pars); - - BwWebUtil.setCalSvcI(request, svci); - - form.setCalSvcI(svci); - - cb.in(true); - - UserAuth ua = null; - UserAuthPar par = new UserAuthPar(); - par.svlt = servlet; - par.req = request; - - if (publicAdmin) { - try { - ua = svci.getUserAuth(user, par); - - form.assignAuthorisedUser(ua.getUsertype() != UserAuth.noPrivileges); - svci.setSuperUser((ua.getUsertype() & UserAuth.superUser) != 0); - - // XXX access - disable use of roles - access = ua.getUsertype(); - - if (debug) { - debugMsg("UserAuth says that current user has the type: " + - ua.getUsertype()); - } - } catch (Throwable t) { - form.getErr().emit("org.bedework.client.error.exc", t.getMessage()); - form.getErr().emit(t); - return false; - } - } - } catch (CalFacadeException cfe) { - throw cfe; - } catch (Throwable t) { - throw new CalFacadeException(t); - } - } - - form.assignUserVO((BwUser)svci.getUser().clone()); - - if (publicAdmin) { - canSwitch = canSwitch || ((access & UserAuth.contentAdminUser) != 0) || - ((access & UserAuth.superUser) != 0); - - BwUser u = svci.getUser(); - if (u == null) { - throw new CalFacadeException("Null user for public admin."); - } - - String curUser = u.getAccount(); - - if (!canSwitch && !user.equals(curUser)) { - /** Trying to switch but not allowed */ - return false; - } - - if (!user.equals(curUser)) { - /** Switching user */ - svci.setUser(user); - curUser = user; - } - - form.assignCurrentAdminUser(curUser); - } - - return true; - } - - /** This method determines the access rights of the current user based on - * their assigned roles. There are two sections to this which appear to do - * the same thing. - * - *

They are there because some servlet containers (jetty for one) - * appeared to be broken. Role mapping does not appear to work reliably. - * This seems to have something to do with jetty doing internal redirects - * to handle login. In the process it seems to lose the appropriate servlet - * context and with it the mapping of roles. - * - * @param req HttpServletRequest - * @param messages MessageResources - * @return int access - * @throws CalFacadeException - */ - private int getAccess(HttpServletRequest req, - MessageResources messages) throws CalFacadeException { - int access = 0; - - /** This form works with broken containers. - */ - if (req.isUserInRole( - getMessages().getMessage("org.bedework.role.admin"))) { - access += UserAuth.superUser; - } - - if (req.isUserInRole( - getMessages().getMessage("org.bedework.role.contentadmin"))) { - access += UserAuth.contentAdminUser; - } - - if (req.isUserInRole( - getMessages().getMessage("org.bedework.role.alert"))) { - access += UserAuth.alertUser; - } - - if (req.isUserInRole( - getMessages().getMessage("org.bedework.role.owner"))) { - access += UserAuth.publicEventUser; - } - - /** This is how it ought to look - if (req.isUserInRole("admin")) { - access += UserAuth.superUser; - } - - if (req.isUserInRole("contentadmin")) { - access += UserAuth.contentAdminUser; - } - - if (req.isUserInRole("alert")) { - access += UserAuth.alertUser; - } - - if (req.isUserInRole("owner")) { - access += UserAuth.publicEventUser; - } */ - - return access; } @@ -1733,4 +1248,437 @@ ******************************************************************** */ + /** Get the session state object for a web session. If we've already been + * here it's embedded in the current session. Otherwise create a new one. + * + *

We also carry out a number of web related operations. + * + * @param request HttpServletRequest Needed to locate session + * @param form Action form + * @param messages MessageResources needed for the resources + * @param adminUserId id we want to administer + * @param admin Get this for the admin client + * @return UWCalSession null on failure + * @throws Throwable + */ + private synchronized BwSession getState(HttpServletRequest request, + BwActionFormBase form, + MessageResources messages, + String adminUserId, + boolean admin) throws Throwable { + BwSession s = BwWebUtil.getState(request); + HttpSession sess = request.getSession(false); + String appName = getAppName(sess); + + if (s != null) { + if (debug) { + debugMsg("getState-- obtainedfrom session"); + debugMsg("getState-- timeout interval = " + + sess.getMaxInactiveInterval()); + } + + form.assignNewSession(false); + } else { + if (debug) { + debugMsg("getState-- get new object"); + } + + form.assignNewSession(true); + + CalEnv env = getEnv(request, form); + String appRoot = env.getAppProperty("root"); + + /** The actual session class used is possibly site dependent + */ + s = new BwSessionImpl(form.getCurrentUser(), appRoot, appName, + form.getPresentationState(), messages, + form.getSchemeHostPort(), debug); + + BwWebUtil.setState(request, s); + + setSessionAttr(request, "cal.pubevents.client.uri", + messages.getMessage("org.bedework.public.calendar.uri")); + + setSessionAttr(request, "cal.personal.client.uri", + messages.getMessage("org.bedework.personal.calendar.uri")); + + setSessionAttr(request, "cal.admin.client.uri", + messages.getMessage("org.bedework.public.admin.uri")); + + String temp = messages.getMessage("org.bedework.host"); + if (temp == null) { + temp = form.getSchemeHostPort(); + } + + setSessionAttr(request, "cal.server.host", temp); + + String raddr = request.getRemoteAddr(); + String rhost = request.getRemoteHost(); + info("===============" + appName + ": New session (" + + s.getSessionNum() + ") from " + + rhost + "(" + raddr + ")"); + + if (!admin) { + /** Ensure the session timeout interval is longer than our refresh period + */ + // Should come from db -- int refInt = s.getRefreshInterval(); + int refInt = 60; // 1 min refresh? + + if (refInt > 0) { + int timeout = sess.getMaxInactiveInterval(); + + if (timeout <= refInt) { + // An extra minute should do it. + debugMsg("@+@+@+@+@+ set timeout to " + (refInt + 60)); + sess.setMaxInactiveInterval(refInt + 60); + } + } + } + } + + int access = getAccess(request, messages); + if (debug) { + debugMsg("Container says that current user has the type: " + access); + } + + /** Ensure we have a CalAdminSvcI object + */ + String calSuite = form.retrieveConfig().getCalSuite(); + checkSvci(request, form, s, access, adminUserId, calSuite, + getPublicAdmin(form), false, debug); + + /* + UserAuth ua = null; + UserAuthPar par = new UserAuthPar(); + par.svlt = servlet; + par.req = request; + + try { + ua = form.fetchSvci().getUserAuth(s.getUser(), par); + + form.assignAuthorisedUser(ua.getUsertype() != UserAuth.noPrivileges); + + if (debug) { + debugMsg("UserAuth says that current user has the type: " + + ua.getUsertype()); + } + } catch (Throwable t) { + form.getErr().emit("org.bedework.client.error.exc", t.getMessage()); + form.getErr().emit(t); + return null; + } + */ + + return s; + } + + private String getAppName(HttpSession sess) { + ServletContext sc = sess.getServletContext(); + + String appname = sc.getInitParameter(appNameInitParameter); + if (appname == null) { + appname = "?"; + } + + return appname; + } + + private int setGroup(HttpServletRequest request, + BwActionFormBase form, + Groups adgrps, + BwAdminGroup adg) throws Throwable { + CalSvcI svci = form.fetchSvci(); + + adgrps.getMembers(adg); + + if (debug) { + logIt("Set admin group to " + adg); + } + + /* Determine which calsuites they are administering */ + + Collection css = findAllCalSuites(svci, adg, adgrps); + + if (css.size() > 1) { + form.getErr().emit("org.bedework.error.cannot.handle.this.yet"); + return forwardError; + } + + BwCalSuiteWrapper cs = null; + String calSuiteName = null; + + if (css.size() == 1) { + cs = (BwCalSuiteWrapper)css.iterator().next(); + calSuiteName = cs.getName(); + } + + if (debug) { + debugMsg("Found calSuite " + cs); + } else { + debugMsg("No calsuite found"); + } + + form.setCurrentCalSuite(cs); + form.assignAdminGroup(adg); + + int access = getAccess(request, getMessages()); + + if (!checkSvci(request, form, form.getSession(), access, + adg.getOwner().getAccount(), + calSuiteName, true, isMember(adg, form), debug)) { + return forwardNoAccess; + } + + form.setAdminUserId(form.fetchSvci().getUser().getAccount()); + + return forwardNoAction; + } + + private boolean isMember(BwAdminGroup ag, + BwActionFormBase form) throws Throwable { + return ag.isMember(String.valueOf(form.getCurrentUser()), false); + } + + /** Ensure we have a CalAdminSvcI object for the given user. + * + *

For an admin client with a super user we may switch to a different + * user to administer their events. + * + * @param request Needed to locate session + * @param form Action form + * @param sess Session object for global parameters + * @param access int unadjusted access + * @param user String user we want to be + * @param calSuite Name of calendar suite we are administering + * @param publicAdmin true if this is an administrative client + * @param canSwitch true if we should definitely allow user to switch + * this allows a user to switch between and into + * groups of which they are a member + * @param debug true for all that debugging stuff + * @return boolean false for problems. + * @throws CalFacadeException + */ + private boolean checkSvci(HttpServletRequest request, + BwActionFormBase form, + BwSession sess, + int access, + String user, + String calSuite, + boolean publicAdmin, + boolean canSwitch, + boolean debug) throws CalFacadeException { + /** Do some checks first + */ + String authUser = String.valueOf(form.getCurrentUser()); + + if (!publicAdmin) { + /* We're never allowed to switch identity as a user client. + */ + if (!authUser.equals(String.valueOf(user))) { + return false; + } + } else if (user == null) { + throw new CalFacadeException("Null user parameter for public admin."); + } + + CalSvcI svci = BwWebUtil.getCalSvcI(request); + + /** Make some checks to see if this is an old - restarted session. + If so discard the svc interface + */ + if (svci != null) { + if (!svci.isOpen()) { + svci = null; + info(".Svci interface discarded from old session"); + } + } + + if (svci != null) { + /* Already there and already opened */ + if (debug) { + debugMsg("CalSvcI-- Obtained from session for user " + + svci.getUser()); + } + + // XXX access - disable use of roles + access = svci.getUserAuth().getUsertype(); + } else { + if (debug) { + debugMsg(".CalSvcI-- get new object for user " + user); + } + + /* create a call back object so the filter can open the service + interface */ + BwCallback cb = new Callback(form); + HttpSession hsess = request.getSession(); + hsess.setAttribute(BwCallback.cbAttrName, cb); + + String runAsUser = user; + + try { + svci = new CalSvc(); + if (publicAdmin || (user == null)) { + if (calSuite == null) { + runAsUser = form.getEnv().getAppProperty("run.as.user"); + } + } + + CalSvcIPars pars = new CalSvcIPars(user, //access, + runAsUser, + calSuite, + form.getEnv().getAppPrefix(), + publicAdmin, + false, // caldav + null, // synchId + debug); + svci.init(pars); + + BwWebUtil.setCalSvcI(request, svci); + + form.setCalSvcI(svci); + + cb.in(true); + + UserAuth ua = null; + UserAuthPar par = new UserAuthPar(); + par.svlt = servlet; + par.req = request; + + if (publicAdmin) { + try { + ua = svci.getUserAuth(user, par); + + form.assignAuthorisedUser(ua.getUsertype() != UserAuth.noPrivileges); + svci.setSuperUser((ua.getUsertype() & UserAuth.superUser) != 0); + + // XXX access - disable use of roles + access = ua.getUsertype(); + + if (debug) { + debugMsg("UserAuth says that current user has the type: " + + ua.getUsertype()); + } + } catch (Throwable t) { + form.getErr().emit("org.bedework.client.error.exc", t.getMessage()); + form.getErr().emit(t); + return false; + } + } + } catch (CalFacadeException cfe) { + throw cfe; + } catch (Throwable t) { + throw new CalFacadeException(t); + } + } + + form.assignUserVO((BwUser)svci.getUser().clone()); + + if (publicAdmin) { + canSwitch = canSwitch || ((access & UserAuth.contentAdminUser) != 0) || + ((access & UserAuth.superUser) != 0); + + BwUser u = svci.getUser(); + if (u == null) { + throw new CalFacadeException("Null user for public admin."); + } + + String curUser = u.getAccount(); + + if (!canSwitch && !user.equals(curUser)) { + /** Trying to switch but not allowed */ + return false; + } + + if (!user.equals(curUser)) { + /** Switching user */ + svci.setUser(user); + curUser = user; + } + + form.assignCurrentAdminUser(curUser); + } + + return true; + } + + /** This method determines the access rights of the current user based on + * their assigned roles. There are two sections to this which appear to do + * the same thing. + * + *

They are there because some servlet containers (jetty for one) + * appeared to be broken. Role mapping does not appear to work reliably. + * This seems to have something to do with jetty doing internal redirects + * to handle login. In the process it seems to lose the appropriate servlet + * context and with it the mapping of roles. + * + * @param req HttpServletRequest + * @param messages MessageResources + * @return int access + * @throws CalFacadeException + */ + private int getAccess(HttpServletRequest req, + MessageResources messages) throws CalFacadeException { + int access = 0; + + /** This form works with broken containers. + */ + if (req.isUserInRole( + getMessages().getMessage("org.bedework.role.admin"))) { + access += UserAuth.superUser; + } + + if (req.isUserInRole( + getMessages().getMessage("org.bedework.role.contentadmin"))) { + access += UserAuth.contentAdminUser; + } + + if (req.isUserInRole( + getMessages().getMessage("org.bedework.role.alert"))) { + access += UserAuth.alertUser; + } + + if (req.isUserInRole( + getMessages().getMessage("org.bedework.role.owner"))) { + access += UserAuth.publicEventUser; + } + + /** This is how it ought to look + if (req.isUserInRole("admin")) { + access += UserAuth.superUser; + } + + if (req.isUserInRole("contentadmin")) { + access += UserAuth.contentAdminUser; + } + + if (req.isUserInRole("alert")) { + access += UserAuth.alertUser; + } + + if (req.isUserInRole("owner")) { + access += UserAuth.publicEventUser; + } */ + + return access; + } + + private Collection findAllCalSuites(CalSvcI svc, + BwAdminGroup adg, + Groups adgrps) throws Throwable { + ArrayList al = new ArrayList(); + + BwCalSuiteWrapper cs = svc.getCalSuite(adg); + if (cs != null) { + al.add(cs); + } + + Iterator parents = ((AdminGroups)adgrps).findGroupParents(adg).iterator(); + + while (parents.hasNext()) { + al.addAll(findAllCalSuites(svc, (BwAdminGroup)parents.next(), adgrps)); + } + + return al; + } + /* Set information associated with the current auth user. * Set the prefs on each request to reflect other session changes @@ -1768,3 +1716,34 @@ form.setRefreshNeeded(false); } + + /** get an env object initialised appropriately for our usage. + * + * @param request HttpServletRequest + * @param frm + * @return CalEnv object - also implanted in form. + * @throws Throwable + */ + private CalEnv getEnv(HttpServletRequest request, + BwActionFormBase frm) throws Throwable { + CalEnv env = frm.getEnv(); + if (env != null) { + return env; + } + + HttpSession session = request.getSession(); + ServletContext sc = session.getServletContext(); + + String appName = sc.getInitParameter("bwappname"); + + if ((appName == null) || (appName.length() == 0)) { + appName = "unknown-app-name"; + } + + String envPrefix = "org.bedework.app." + appName + "."; + + env = new CalEnv(envPrefix, debug); + frm.assignEnv(env); + + return env; + } } Index: trunk/calendar3/webcommon/src/org/bedework/webcommon/BwActionFormBase.java =================================================================== --- trunk/calendar3/webcommon/src/org/bedework/webcommon/BwActionFormBase.java (revision 519) +++ trunk/calendar3/webcommon/src/org/bedework/webcommon/BwActionFormBase.java (revision 520) @@ -182,4 +182,6 @@ * .................................................................... */ + private BwCalSuiteWrapper currentCalSuite; + private BwCalSuiteWrapper calSuite; @@ -562,5 +564,21 @@ * ==================================================================== */ - /** + /** Current calSuite for the application + * + * @param val + */ + public void setCurrentCalSuite(BwCalSuiteWrapper val) { + currentCalSuite = val; + } + + /** + * @return BwCalSuiteWrapper + */ + public BwCalSuiteWrapper getCurrentCalSuite() { + return currentCalSuite; + } + + /** CalSuite we are editing or creating. + * * @param val */ @@ -569,5 +587,6 @@ } - /** + /** CalSuite we are editing or creating. + * * @return BwCalSuiteWrapper */ @@ -580,5 +599,5 @@ * @param val */ - public void assignCalSuite(boolean val) { + public void assignAddingCalSuite(boolean val) { addingCalSuite = val; } Index: trunk/calendar3/webcommon/src/org/bedework/webcommon/ForwardDefs.java =================================================================== --- (revision ) +++ trunk/calendar3/webcommon/src/org/bedework/webcommon/ForwardDefs.java (revision 520) @@ -1,0 +1,117 @@ +/* + Copyright (c) 2000-2005 University of Washington. All rights reserved. + + Redistribution and use of this distribution in source and binary forms, + with or without modification, are permitted provided that: + + The above copyright notice and this permission notice appear in + all copies and supporting documentation; + + The name, identifiers, and trademarks of the University of Washington + are not used in advertising or publicity without the express prior + written permission of the University of Washington; + + Recipients acknowledge that this distribution is made available as a + research courtesy, "as is", potentially with defects, without + any obligation on the part of the University of Washington to + provide support, services, or repair; + + THE UNIVERSITY OF WASHINGTON DISCLAIMS ALL WARRANTIES, EXPRESS OR + IMPLIED, WITH REGARD TO THIS SOFTWARE, INCLUDING WITHOUT LIMITATION + ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + PARTICULAR PURPOSE, AND IN NO EVENT SHALL THE UNIVERSITY OF + WASHINGTON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL + DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + PROFITS, WHETHER IN AN ACTION OF CONTRACT, TORT (INCLUDING + NEGLIGENCE) OR STRICT LIABILITY, ARISING OUT OF OR IN CONNECTION WITH + THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +/* ********************************************************************** + Copyright 2005 Rensselaer Polytechnic Institute. All worldwide rights reserved. + + Redistribution and use of this distribution in source and binary forms, + with or without modification, are permitted provided that: + The above copyright notice and this permission notice appear in all + copies and supporting documentation; + + The name, identifiers, and trademarks of Rensselaer Polytechnic + Institute are not used in advertising or publicity without the + express prior written permission of Rensselaer Polytechnic Institute; + + DISCLAIMER: The software is distributed" AS IS" without any express or + implied warranty, including but not limited to, any implied warranties + of merchantability or fitness for a particular purpose or any warrant)' + of non-infringement of any current or pending patent rights. The authors + of the software make no representations about the suitability of this + software for any particular purpose. The entire risk as to the quality + and performance of the software is with the user. Should the software + prove defective, the user assumes the cost of all necessary servicing, + repair or correction. In particular, neither Rensselaer Polytechnic + Institute, nor the authors of the software are liable for any indirect, + special, consequential, or incidental damages related to the software, + to the maximum extent the law permits. +*/ +package org.bedework.webcommon; + +/** Define all possible forwards. Internal routines should + * return one of the following indices. + * + * @author Mike Douglass douglm@rpi.edu + */ +public interface ForwardDefs { + // ENUM + /** */ + public int forwardSuccess = 0; + /** */ + public int forwardContinue = 1; + /** */ + public int forwardRetry = 2; + + /** */ + public int forwardError = 3; + /** */ + public int forwardNoAccess = 4; + + /** */ + public int forwardNotFound = 5; + + /** */ + public int forwardNoSuchView = 6; + + /** Set when an optional parameter is not found */ + public int forwardNoParameter = 7; + + /** Set when no action was taken */ + public int forwardNoAction = 8; + + /** Something is referenced and cannot be removed */ + public int forwardReffed = 9; + + /** an object was added/updated */ + public int forwardAdded = 10; + /** */ + public int forwardUpdated = 11; + + /** */ + public int forwardChooseGroup = 12; + /** */ + public int forwardNoGroupAssigned = 13; + + /** */ + public final String[] forwards = { + "success", + "continue", + "retry", + "error", + "noAccess", + "notFound", + "noSuchView", + "noParameter", + "noAction", + "reffed", + "added", + "updated", + "chooseGroup", + "noGroupAssigned", + }; +}