Database Namen pruefen

This commit is contained in:
Peter Hormanns 2011-05-20 14:57:10 +00:00
parent 2cdb8a77ff
commit 835dbfaaab
4 changed files with 43 additions and 15 deletions

View File

@ -3,11 +3,13 @@ package de.hsadmin.mods.db;
import java.util.List; import java.util.List;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.HSAdminException; import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
public class MySqlDatabaseModuleImpl extends AbstractModuleImpl { public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
@ -25,11 +27,15 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
MySqlDatabase database = (MySqlDatabase) newEntity; MySqlDatabase database = (MySqlDatabase) newEntity;
String name = database.getName(); String name = database.getName();
String pacname = database.getPac().getName(); if (name.length() < 7 || name.charAt(5) != '_') {
if (!name.startsWith(pacname) || name.length() < 7) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
if (name.charAt(5) != '_') { EntityManager em = getTransaction().getEntityManager();
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
qPac.setParameter("pacName", name.substring(0, 5));
Object singleResult = qPac.getSingleResult();
Pac pac = (Pac) singleResult;
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
return super.add(newEntity); return super.add(newEntity);

View File

@ -2,10 +2,14 @@ package de.hsadmin.mods.db;
import java.util.List; import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.HSAdminException; import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.mods.pac.Pac;
public class MySqlUserModuleImpl extends AbstractModuleImpl { public class MySqlUserModuleImpl extends AbstractModuleImpl {
@ -13,14 +17,18 @@ public class MySqlUserModuleImpl extends AbstractModuleImpl {
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
MySqlUser user = (MySqlUser) newEntity; MySqlUser user = (MySqlUser) newEntity;
String name = user.getName(); String name = user.getName();
if (name.length() < 7 || name.charAt(5) != '_') {
throw new AuthorisationException(getLoginUser(), "add", newEntity);
}
if (name.length() > 16) { if (name.length() > 16) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new HSAdminException("mysql database name max. length is 16 characters");
} }
String pacname = user.getPac().getName(); EntityManager em = getTransaction().getEntityManager();
if (!name.startsWith(pacname) || name.length() < 7) { Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
throw new AuthorisationException(getLoginUser(), "add", newEntity); qPac.setParameter("pacName", name.substring(0, 5));
} Object singleResult = qPac.getSingleResult();
if (name.charAt(5) != '_') { Pac pac = (Pac) singleResult;
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
return super.add(newEntity); return super.add(newEntity);

View File

@ -3,11 +3,13 @@ package de.hsadmin.mods.db;
import java.util.List; import java.util.List;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.HSAdminException; import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.mods.pac.Pac;
import de.hsadmin.mods.user.UnixUser; import de.hsadmin.mods.user.UnixUser;
public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl { public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
@ -24,11 +26,15 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
PgSqlDatabase database = (PgSqlDatabase) newEntity; PgSqlDatabase database = (PgSqlDatabase) newEntity;
String name = database.getName(); String name = database.getName();
String pacname = database.getPac().getName(); if (name.length() < 7 || name.charAt(5) != '_') {
if (!name.startsWith(pacname) || name.length() < 7) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
if (name.charAt(5) != '_') { EntityManager em = getTransaction().getEntityManager();
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
qPac.setParameter("pacName", name.substring(0, 5));
Object singleResult = qPac.getSingleResult();
Pac pac = (Pac) singleResult;
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
return super.add(newEntity); return super.add(newEntity);

View File

@ -2,10 +2,14 @@ package de.hsadmin.mods.db;
import java.util.List; import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import de.hsadmin.core.model.AbstractEntity; import de.hsadmin.core.model.AbstractEntity;
import de.hsadmin.core.model.AbstractModuleImpl; import de.hsadmin.core.model.AbstractModuleImpl;
import de.hsadmin.core.model.AuthorisationException; import de.hsadmin.core.model.AuthorisationException;
import de.hsadmin.core.model.HSAdminException; import de.hsadmin.core.model.HSAdminException;
import de.hsadmin.mods.pac.Pac;
public class PgSqlUserModuleImpl extends AbstractModuleImpl { public class PgSqlUserModuleImpl extends AbstractModuleImpl {
@ -13,11 +17,15 @@ public class PgSqlUserModuleImpl extends AbstractModuleImpl {
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException { public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
PgSqlUser user = (PgSqlUser) newEntity; PgSqlUser user = (PgSqlUser) newEntity;
String name = user.getName(); String name = user.getName();
String pacname = user.getPac().getName(); if (name.length() < 7 || name.charAt(5) != '_') {
if (!name.startsWith(pacname) || name.length() < 7) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
if (name.charAt(5) != '_') { EntityManager em = getTransaction().getEntityManager();
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
qPac.setParameter("pacName", name.substring(0, 5));
Object singleResult = qPac.getSingleResult();
Pac pac = (Pac) singleResult;
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
throw new AuthorisationException(getLoginUser(), "add", newEntity); throw new AuthorisationException(getLoginUser(), "add", newEntity);
} }
return super.add(newEntity); return super.add(newEntity);