find module implementations by annotation
This commit is contained in:
parent
f5c673054e
commit
888b109f9e
@ -1,14 +1,14 @@
|
|||||||
package de.hsadmin.core.model;
|
package de.hsadmin.core.model;
|
||||||
|
|
||||||
|
import java.lang.reflect.Method;
|
||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.persistence.Entity;
|
||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
|
import javax.persistence.NonUniqueResultException;
|
||||||
import javax.persistence.Query;
|
import javax.persistence.Query;
|
||||||
|
|
||||||
import org.apache.commons.logging.Log;
|
|
||||||
import org.apache.commons.logging.LogFactory;
|
|
||||||
|
|
||||||
import de.hsadmin.core.qserv.EntityProcessorFactory;
|
import de.hsadmin.core.qserv.EntityProcessorFactory;
|
||||||
import de.hsadmin.core.qserv.Processor;
|
import de.hsadmin.core.qserv.Processor;
|
||||||
import de.hsadmin.core.qserv.QueueTask;
|
import de.hsadmin.core.qserv.QueueTask;
|
||||||
@ -21,21 +21,183 @@ import de.hsadmin.mods.user.UnixUser;
|
|||||||
*/
|
*/
|
||||||
public abstract class AbstractModuleImpl implements ModuleInterface {
|
public abstract class AbstractModuleImpl implements ModuleInterface {
|
||||||
|
|
||||||
private static Log log = LogFactory.getLog(AbstractModuleImpl.class);
|
|
||||||
|
|
||||||
private UnixUser loginUser;
|
|
||||||
private Transaction transaction;
|
private Transaction transaction;
|
||||||
|
|
||||||
public void construct(Transaction tx) {
|
public void construct(Transaction tx) {
|
||||||
transaction = tx;
|
transaction = tx;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Transaction getTransaction() {
|
||||||
|
return transaction;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AbstractEntity initialize(AbstractEntity newEntity)
|
||||||
|
throws AuthorisationException {
|
||||||
|
newEntity.initialize(transaction.getEntityManager(), transaction.getLoginUser());
|
||||||
|
return newEntity;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
|
newEntity.complete(entityManager, loginUser);
|
||||||
|
entityManager.persist(newEntity);
|
||||||
|
if (!newEntity.isWriteAllowedFor(loginUser)) {
|
||||||
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
|
}
|
||||||
|
EntityProcessorFactory procFact = createProcessorFactory(newEntity.getClass());
|
||||||
|
if (procFact != null) {
|
||||||
|
Processor proc = procFact.createCreateProcessor(entityManager, newEntity);
|
||||||
|
queueProcessor(proc, loginUser, newEntity, "hinzugefuegt");
|
||||||
|
}
|
||||||
|
return newEntity;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
||||||
|
AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
if (!entity.isReadAllowedFor(loginUser)) {
|
||||||
|
throw new AuthorisationException(loginUser, "add", entity);
|
||||||
|
}
|
||||||
|
return entity;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AbstractEntity findByString(Class<? extends AbstractEntity> entityClass, String key) throws HSAdminException {
|
||||||
|
Method method = null;
|
||||||
|
try {
|
||||||
|
method = entityClass.getDeclaredMethod("createQueryFromStringKey", String.class);
|
||||||
|
} catch (SecurityException e) {
|
||||||
|
throw new HSAdminException(e);
|
||||||
|
} catch (NoSuchMethodException e) {
|
||||||
|
method = null;
|
||||||
|
}
|
||||||
|
AbstractEntity entity = null;
|
||||||
|
if (method == null) {
|
||||||
|
entity = transaction.getEntityManager().find(entityClass, key);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
String query = null;
|
||||||
|
try {
|
||||||
|
query = (String) method.invoke(null, key);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new HSAdminException(e);
|
||||||
|
}
|
||||||
|
List<AbstractEntity> result = search(entityClass, query, null);
|
||||||
|
if (result.size() > 1) throw new NonUniqueResultException();
|
||||||
|
if (result.size() == 0) return null;
|
||||||
|
entity = result.get(0);
|
||||||
|
}
|
||||||
|
return entity;
|
||||||
|
}
|
||||||
|
|
||||||
|
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy) throws HSAdminException {
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
condition = restrict(entityClass, loginUser, condition);
|
||||||
|
Entity entityAnnot = entityClass.getAnnotation(Entity.class);
|
||||||
|
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
|
||||||
|
if (condition != null && condition.length() > 0) {
|
||||||
|
queryString += " WHERE " + condition;
|
||||||
|
}
|
||||||
|
if (condition != null && condition.contains("AND (FALSE)")) {
|
||||||
|
return new LinkedList<AbstractEntity>();
|
||||||
|
}
|
||||||
|
if (orderBy != null) {
|
||||||
|
queryString += " ";
|
||||||
|
queryString += orderBy;
|
||||||
|
}
|
||||||
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
|
entityManager.clear();
|
||||||
|
Query query = entityManager.createQuery(queryString);
|
||||||
|
query.setParameter("loginUser", loginUser);
|
||||||
|
query.setParameter("loginUserName", loginUser.getName());
|
||||||
|
query.setParameter("loginUserPac", loginUser.getPac());
|
||||||
|
try {
|
||||||
|
List<?> res = query.getResultList();
|
||||||
|
List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
|
||||||
|
// remove entities where login user has no access rights
|
||||||
|
for (Object entity : res) {
|
||||||
|
if (entity instanceof AbstractEntity) {
|
||||||
|
AbstractEntity returnedEntity = (AbstractEntity) entity;
|
||||||
|
if (returnedEntity.isReadAllowedFor(transaction.getLoginUser())) {
|
||||||
|
ret.add(returnedEntity);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return ret;
|
||||||
|
} catch (Exception ex) {
|
||||||
|
throw new HSAdminException(ex);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
|
||||||
|
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
||||||
|
throw new AuthorisationException(loginUser, "update", existingEntity);
|
||||||
|
}
|
||||||
|
EntityProcessorFactory procFact = createProcessorFactory(existingEntity.getClass());
|
||||||
|
if (procFact != null) {
|
||||||
|
Processor proc = procFact.createUpdateProcessor(transaction.getEntityManager(), existingEntity);
|
||||||
|
queueProcessor(proc, loginUser, existingEntity, "aktualisiert");
|
||||||
|
}
|
||||||
|
return existingEntity;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
|
existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id());
|
||||||
|
if (!existingEntity.isWriteAllowedFor(loginUser)) {
|
||||||
|
throw new AuthorisationException(loginUser, "add", existingEntity);
|
||||||
|
}
|
||||||
|
entityManager.remove(existingEntity);
|
||||||
|
EntityProcessorFactory procFact = createProcessorFactory(existingEntity.getClass());
|
||||||
|
if (procFact != null) {
|
||||||
|
Processor proc = procFact.createDeleteProcessor(entityManager, existingEntity);
|
||||||
|
queueProcessor(proc, loginUser, existingEntity, "geloescht");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
protected EntityProcessorFactory createProcessorFactory(Class<? extends AbstractEntity> entityClass)
|
||||||
|
throws HSAdminException {
|
||||||
|
String procFactName = entityClass.getCanonicalName() + "ProcessorFactory";
|
||||||
|
Class<?> procFactClass = null;
|
||||||
|
EntityProcessorFactory procFact = null;
|
||||||
|
try {
|
||||||
|
procFactClass = Class.forName(procFactName);
|
||||||
|
if (procFactClass != null) {
|
||||||
|
procFact = (EntityProcessorFactory) procFactClass.newInstance();
|
||||||
|
}
|
||||||
|
} catch (ClassNotFoundException e) {
|
||||||
|
// no processor defined
|
||||||
|
} catch (InstantiationException e) {
|
||||||
|
throw new HSAdminException(e);
|
||||||
|
} catch (IllegalAccessException e) {
|
||||||
|
throw new HSAdminException(e);
|
||||||
|
}
|
||||||
|
return procFact;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) {
|
||||||
|
EntityInfo entityInfo = entity.getClass().getAnnotation(EntityInfo.class);
|
||||||
|
String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
|
||||||
|
StringBuilder details = new StringBuilder();
|
||||||
|
String title = entityTypeName + " (" + entity.createStringKey() + ") " + action;
|
||||||
|
QueueTask task = new QueueTask(user, title, details.toString(), proc);
|
||||||
|
transaction.getEntityManager().persist(task);
|
||||||
|
transaction.enqueue(entity.getHiveName(), task);
|
||||||
|
}
|
||||||
|
|
||||||
|
public String toString(StackTraceElement[] stackTrace) {
|
||||||
|
StringBuilder stack = new StringBuilder();
|
||||||
|
for (StackTraceElement e : stackTrace) {
|
||||||
|
stack.append(e.getFileName() + ":" + e.getLineNumber() + "\n");
|
||||||
|
}
|
||||||
|
return stack.toString();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* apply access restriction to JPA-QL condition.
|
* apply access restriction to JPA-QL condition.
|
||||||
* @param entityClass
|
|
||||||
* @param loginUser
|
|
||||||
* @param condition
|
|
||||||
* @return
|
|
||||||
*/
|
*/
|
||||||
private String restrict(Class<?> entityClass, UnixUser loginUser, String condition) {
|
private String restrict(Class<?> entityClass, UnixUser loginUser, String condition) {
|
||||||
String restriction = AbstractEntity.restriction(entityClass, loginUser);
|
String restriction = AbstractEntity.restriction(entityClass, loginUser);
|
||||||
@ -47,301 +209,4 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
|
|||||||
condition = restriction;
|
condition = restriction;
|
||||||
return condition;
|
return condition;
|
||||||
}
|
}
|
||||||
|
|
||||||
public Transaction getTransaction() {
|
|
||||||
return transaction;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractEntity initialize(AbstractEntity newEntity)
|
|
||||||
throws AuthorisationException {
|
|
||||||
newEntity.initialize(transaction.getEntityManager(), getLoginUser());
|
|
||||||
return newEntity;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
|
||||||
// get the user who is logged in
|
|
||||||
UnixUser loginUser = getLoginUser();
|
|
||||||
|
|
||||||
// create record in database
|
|
||||||
log.debug("merging?");
|
|
||||||
newEntity.complete(transaction.getEntityManager(), loginUser);
|
|
||||||
try {
|
|
||||||
transaction.getEntityManager().persist(newEntity);
|
|
||||||
} catch (Throwable exc) {
|
|
||||||
log.error("exception: " + exc);
|
|
||||||
} finally {
|
|
||||||
log.debug("finally");
|
|
||||||
}
|
|
||||||
log.debug("merged");
|
|
||||||
|
|
||||||
// check rights
|
|
||||||
if (!newEntity.isWriteAllowedFor(loginUser))
|
|
||||||
throw new AuthorisationException(loginUser, "add", newEntity);
|
|
||||||
|
|
||||||
// generically create the processor
|
|
||||||
EntityProcessorFactory procFact = createProcessorFactory(newEntity.getClass());
|
|
||||||
if (procFact == null) {
|
|
||||||
log.debug("no procFact found :-(");
|
|
||||||
return newEntity;
|
|
||||||
}
|
|
||||||
log.debug("procFact found :-)");
|
|
||||||
Processor proc = procFact.createCreateProcessor(transaction.getEntityManager(), newEntity);
|
|
||||||
|
|
||||||
// queue the processor
|
|
||||||
queueProcessor(proc, loginUser, newEntity, "hinzugefuegt");
|
|
||||||
|
|
||||||
// return the added entity
|
|
||||||
return newEntity;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
|
||||||
AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
|
|
||||||
|
|
||||||
// check rights
|
|
||||||
UnixUser loginUser = getLoginUser();
|
|
||||||
if (!entity.isReadAllowedFor(loginUser))
|
|
||||||
throw new AuthorisationException(loginUser, "add", entity);
|
|
||||||
|
|
||||||
return entity;
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractEntity findByString(Class<? extends AbstractEntity> entityClass, String key) throws HSAdminException {
|
|
||||||
// find a static method which creates the query
|
|
||||||
java.lang.reflect.Method method = null;
|
|
||||||
try {
|
|
||||||
method = entityClass.getDeclaredMethod("createQueryFromStringKey", String.class);
|
|
||||||
} catch (SecurityException e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
} catch (NoSuchMethodException e) {
|
|
||||||
method = null;
|
|
||||||
}
|
|
||||||
|
|
||||||
AbstractEntity entity;
|
|
||||||
if (method == null)
|
|
||||||
entity = transaction.getEntityManager().find(entityClass, key);
|
|
||||||
else {
|
|
||||||
// get the query expression from the static method (query part after
|
|
||||||
// WHERE)
|
|
||||||
String query;
|
|
||||||
try {
|
|
||||||
query = (String) method.invoke(null, key);
|
|
||||||
} catch (Exception e) {
|
|
||||||
throw new RuntimeException(e);
|
|
||||||
}
|
|
||||||
|
|
||||||
// perform the query
|
|
||||||
List<AbstractEntity> result = search(entityClass, query, null);
|
|
||||||
if (result.size() > 1)
|
|
||||||
throw new javax.persistence.NonUniqueResultException();
|
|
||||||
if (result.size() == 0)
|
|
||||||
return null;
|
|
||||||
entity = result.get(0);
|
|
||||||
|
|
||||||
// this was maybe thought as a fallback
|
|
||||||
// but is wrong when the above result is empty due to accessibility
|
|
||||||
// entity = em.find(entityClass, key);
|
|
||||||
}
|
|
||||||
|
|
||||||
// return (checking rights already done in search)
|
|
||||||
return entity;
|
|
||||||
}
|
|
||||||
|
|
||||||
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy) throws HSAdminException {
|
|
||||||
// restrict query
|
|
||||||
UnixUser loginUser = getLoginUser();
|
|
||||||
condition = restrict(entityClass, loginUser, condition);
|
|
||||||
|
|
||||||
// get the entities name (query part from FROM to WHERE)
|
|
||||||
// TODO: beware SQL injections!!!
|
|
||||||
javax.persistence.Entity entityAnnot = entityClass.getAnnotation(javax.persistence.Entity.class);
|
|
||||||
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
|
|
||||||
if (condition != null && condition.length() > 0)
|
|
||||||
queryString += " WHERE " + condition;
|
|
||||||
|
|
||||||
// Fix problem with queries WHERE .. AND (FALSE) -- pe
|
|
||||||
if (condition != null && condition.contains("AND (FALSE)")) {
|
|
||||||
return new LinkedList<AbstractEntity>();
|
|
||||||
}
|
|
||||||
|
|
||||||
if (orderBy != null) {
|
|
||||||
queryString += " ";
|
|
||||||
queryString += orderBy;
|
|
||||||
}
|
|
||||||
|
|
||||||
// set parameters
|
|
||||||
EntityManager entityManager = transaction.getEntityManager();
|
|
||||||
entityManager.clear();
|
|
||||||
|
|
||||||
Query query = entityManager.createQuery(queryString);
|
|
||||||
setQueryParameter(query, queryString, "loginUser", loginUser);
|
|
||||||
setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
|
||||||
setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
|
|
||||||
|
|
||||||
// do query
|
|
||||||
try {
|
|
||||||
List<?> res = query.getResultList();
|
|
||||||
List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
|
|
||||||
|
|
||||||
// remove entities where login user has no access rights
|
|
||||||
for (Object entity : res) {
|
|
||||||
if (entity instanceof AbstractEntity) {
|
|
||||||
AbstractEntity returnedEntity = (AbstractEntity) entity;
|
|
||||||
if (returnedEntity.isReadAllowedFor(getLoginUser())) {
|
|
||||||
ret.add(returnedEntity);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// return clean result
|
|
||||||
return ret;
|
|
||||||
} catch (Exception ex) {
|
|
||||||
throw new HSAdminException(ex);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
|
||||||
// get the user who is logged in
|
|
||||||
UnixUser loginUser = getLoginUser();
|
|
||||||
|
|
||||||
// update record in database
|
|
||||||
log.debug("merging:");
|
|
||||||
try {
|
|
||||||
existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
|
|
||||||
} catch (Throwable exc) {
|
|
||||||
log.error("exception: " + exc);
|
|
||||||
throw new RuntimeException(exc);
|
|
||||||
} finally {
|
|
||||||
log.debug("finally");
|
|
||||||
}
|
|
||||||
log.debug("merged!");
|
|
||||||
|
|
||||||
// check rights
|
|
||||||
if (!existingEntity.isWriteAllowedFor(loginUser))
|
|
||||||
throw new AuthorisationException(loginUser, "update",
|
|
||||||
existingEntity);
|
|
||||||
|
|
||||||
// generically create the processor
|
|
||||||
EntityProcessorFactory procFact =
|
|
||||||
createProcessorFactory(existingEntity.getClass());
|
|
||||||
if (procFact != null) {
|
|
||||||
log.debug("creating processor");
|
|
||||||
Processor proc = procFact.createUpdateProcessor(transaction.getEntityManager(), existingEntity);
|
|
||||||
|
|
||||||
// queue the processor
|
|
||||||
queueProcessor(proc, loginUser, existingEntity, "aktualisiert");
|
|
||||||
}
|
|
||||||
|
|
||||||
// return the merged entity
|
|
||||||
return existingEntity;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
|
||||||
// get the user who is logged in
|
|
||||||
UnixUser user = getLoginUser();
|
|
||||||
|
|
||||||
// re-attach the entity
|
|
||||||
log.debug("merging:");
|
|
||||||
try {
|
|
||||||
existingEntity = transaction.getEntityManager().find(existingEntity.getClass(), existingEntity.id());
|
|
||||||
} catch (Throwable exc) {
|
|
||||||
log.error("exception: " + exc);
|
|
||||||
throw new RuntimeException(exc);
|
|
||||||
} finally {
|
|
||||||
log.debug("finally");
|
|
||||||
}
|
|
||||||
log.debug("merged!");
|
|
||||||
|
|
||||||
// check rights
|
|
||||||
if (!existingEntity.isWriteAllowedFor(loginUser))
|
|
||||||
throw new AuthorisationException(loginUser, "add", existingEntity);
|
|
||||||
|
|
||||||
// delete record in database
|
|
||||||
log.debug("deleting:");
|
|
||||||
try {
|
|
||||||
transaction.getEntityManager().remove(existingEntity);
|
|
||||||
} catch (Throwable exc) {
|
|
||||||
log.error("exception: " + exc);
|
|
||||||
} finally {
|
|
||||||
log.debug("finally");
|
|
||||||
}
|
|
||||||
log.debug("deleted!");
|
|
||||||
|
|
||||||
// generically create the processor
|
|
||||||
EntityProcessorFactory procFact = createProcessorFactory(existingEntity.getClass());
|
|
||||||
if (procFact == null) {
|
|
||||||
log.debug("no procFact found :-(");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
log.debug("procFact found :-)");
|
|
||||||
Processor proc = procFact.createDeleteProcessor(transaction.getEntityManager(), existingEntity);
|
|
||||||
|
|
||||||
// queue the processor
|
|
||||||
queueProcessor(proc, user, existingEntity, "geloescht");
|
|
||||||
}
|
|
||||||
|
|
||||||
public EntityProcessorFactory createProcessorFactory(Class<? extends AbstractEntity> entityClass) {
|
|
||||||
try {
|
|
||||||
String procFactName = entityClass.getCanonicalName()
|
|
||||||
+ "ProcessorFactory";
|
|
||||||
Class<?> procFactClass = Class.forName(procFactName);
|
|
||||||
if (procFactClass == null)
|
|
||||||
return null;
|
|
||||||
Object procFact = procFactClass.newInstance();
|
|
||||||
return (EntityProcessorFactory) procFact;
|
|
||||||
} catch (Exception exc) {
|
|
||||||
log.error("exception creating instance: " + exc);
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* get current login user from session context.
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
public UnixUser getLoginUser() {
|
|
||||||
if (loginUser == null) {
|
|
||||||
loginUser = transaction.getLoginUser();
|
|
||||||
}
|
|
||||||
return loginUser;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) {
|
|
||||||
log.debug("queueing processor for user " + user.getId() + "/"
|
|
||||||
+ user.getUserId() + "/" + user.getName());
|
|
||||||
EntityInfo entityInfo =
|
|
||||||
entity.getClass().getAnnotation(EntityInfo.class);
|
|
||||||
String entityTypeName =
|
|
||||||
entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
|
|
||||||
StringBuilder details = new StringBuilder();
|
|
||||||
|
|
||||||
// TODO: add properties of entity to details
|
|
||||||
|
|
||||||
String title =
|
|
||||||
entityTypeName + " (" + entity.createStringKey() + ") " + action;
|
|
||||||
QueueTask task = new QueueTask(user, title, details.toString(), proc);
|
|
||||||
transaction.getEntityManager().persist(task);
|
|
||||||
transaction.enqueue(entity.getHiveName(), task);
|
|
||||||
log.debug("processor queued");
|
|
||||||
}
|
|
||||||
|
|
||||||
public String toString(StackTraceElement[] stackTrace) {
|
|
||||||
StringBuilder stack = new StringBuilder();
|
|
||||||
for (StackTraceElement e : stackTrace)
|
|
||||||
stack.append(e.getFileName() + ":" + e.getLineNumber() + "\n");
|
|
||||||
return stack.toString();
|
|
||||||
}
|
|
||||||
|
|
||||||
public static void setQueryParameter(Query query, String queryString,
|
|
||||||
String argName, Object argValue) {
|
|
||||||
int argLen = argName.length();
|
|
||||||
int iMax = queryString.length();
|
|
||||||
int i = 0;
|
|
||||||
while ((i = queryString.indexOf(argName, i)) >= 0) {
|
|
||||||
if ((i + argLen) >= iMax || queryString.charAt(i + argLen) < 'A') {
|
|
||||||
query.setParameter(argName, argValue);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
++i;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -17,17 +17,9 @@ public class EntitySessionHelper {
|
|||||||
// get in instance
|
// get in instance
|
||||||
AbstractModuleImpl impl = null;
|
AbstractModuleImpl impl = null;
|
||||||
try {
|
try {
|
||||||
// determine wrapper class
|
Class<?> wrapperClass = determineModuleImpl(entityClass);
|
||||||
ModuleImpl wrapperAnnot = entityClass.getAnnotation(ModuleImpl.class);
|
|
||||||
Class<?> wrapperClass = null;
|
|
||||||
if (wrapperAnnot != null) {
|
|
||||||
wrapperClass = wrapperAnnot.value();
|
|
||||||
} else {
|
|
||||||
wrapperClass = Class.forName(entityClass.getCanonicalName() + "ModuleImpl");
|
|
||||||
}
|
|
||||||
// instantiate wrapper
|
// instantiate wrapper
|
||||||
impl = (AbstractModuleImpl) wrapperClass.newInstance();
|
impl = instantiateModuleImpl(tx, wrapperClass);
|
||||||
impl.construct(tx);
|
|
||||||
} catch (ClassNotFoundException exc) {
|
} catch (ClassNotFoundException exc) {
|
||||||
log.info("entity class '"
|
log.info("entity class '"
|
||||||
+ entityClass.getCanonicalName()
|
+ entityClass.getCanonicalName()
|
||||||
@ -40,4 +32,24 @@ public class EntitySessionHelper {
|
|||||||
return impl;
|
return impl;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static AbstractModuleImpl instantiateModuleImpl(Transaction tx, Class<?> wrapperClass)
|
||||||
|
throws InstantiationException, IllegalAccessException {
|
||||||
|
AbstractModuleImpl impl;
|
||||||
|
impl = (AbstractModuleImpl) wrapperClass.newInstance();
|
||||||
|
impl.construct(tx);
|
||||||
|
return impl;
|
||||||
|
}
|
||||||
|
|
||||||
|
private static Class<?> determineModuleImpl(Class<? extends AbstractEntity> entityClass)
|
||||||
|
throws ClassNotFoundException {
|
||||||
|
ModuleImpl wrapperAnnot = entityClass.getAnnotation(ModuleImpl.class);
|
||||||
|
Class<?> wrapperClass = null;
|
||||||
|
if (wrapperAnnot != null) {
|
||||||
|
wrapperClass = wrapperAnnot.value();
|
||||||
|
} else {
|
||||||
|
wrapperClass = Class.forName(entityClass.getCanonicalName() + "ModuleImpl");
|
||||||
|
}
|
||||||
|
return wrapperClass;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -3,6 +3,10 @@ package de.hsadmin.core.model;
|
|||||||
import java.util.LinkedList;
|
import java.util.LinkedList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
|
import javax.persistence.EntityManager;
|
||||||
|
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* allows access only for hostmasters, used as fallback wrapper.
|
* allows access only for hostmasters, used as fallback wrapper.
|
||||||
*/
|
*/
|
||||||
@ -15,26 +19,29 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
AbstractEntity entity = super.find(entityClass, key);
|
AbstractEntity entity = super.find(entityClass, key);
|
||||||
if (entity != null && !entity.isReadAllowedFor(getLoginUser()))
|
if (entity != null && !entity.isReadAllowedFor(transaction.getLoginUser()))
|
||||||
throw new AuthorisationException(getLoginUser(), "find");
|
throw new AuthorisationException(transaction.getLoginUser(), "find");
|
||||||
return entity;
|
return entity;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity findByString(Class<? extends AbstractEntity> entityClass, String key) throws HSAdminException {
|
public AbstractEntity findByString(Class<? extends AbstractEntity> entityClass, String key) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
AbstractEntity entity = super.findByString(entityClass, key);
|
AbstractEntity entity = super.findByString(entityClass, key);
|
||||||
if (entity != null && !entity.isReadAllowedFor(getLoginUser()))
|
if (entity != null && !entity.isReadAllowedFor(transaction.getLoginUser()))
|
||||||
throw new AuthorisationException(getLoginUser(), "findByString");
|
throw new AuthorisationException(transaction.getLoginUser(), "findByString");
|
||||||
return entity;
|
return entity;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy)
|
public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy)
|
||||||
throws HSAdminException {
|
throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
// restrict query to entities where the loginUser could have rights on
|
// restrict query to entities where the loginUser could have rights on
|
||||||
SearchFilter filterAnnot;
|
SearchFilter filterAnnot;
|
||||||
if (!getLoginUser().hasHostmasterRole()
|
if (!transaction.getLoginUser().hasHostmasterRole()
|
||||||
&& (filterAnnot = getSecurityFilterAnnotation(entityClass)) != null) {
|
&& (filterAnnot = getSecurityFilterAnnotation(entityClass)) != null) {
|
||||||
String securityCondition = filterAnnot.value();
|
String securityCondition = filterAnnot.value();
|
||||||
if (condition != null && condition.length() > 0)
|
if (condition != null && condition.length() > 0)
|
||||||
@ -52,7 +59,7 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
|
|||||||
if (res != null) {
|
if (res != null) {
|
||||||
for (AbstractEntity entity : res) {
|
for (AbstractEntity entity : res) {
|
||||||
AbstractEntity returnedEntity = entity;
|
AbstractEntity returnedEntity = entity;
|
||||||
if (returnedEntity.isReadAllowedFor(getLoginUser()))
|
if (returnedEntity.isReadAllowedFor(transaction.getLoginUser()))
|
||||||
ret.add(returnedEntity);
|
ret.add(returnedEntity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -88,15 +95,13 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(AbstractEntity detachedEntity) throws HSAdminException {
|
public void delete(AbstractEntity detachedEntity) throws HSAdminException {
|
||||||
// get the entity from the database
|
Transaction transaction = getTransaction();
|
||||||
AbstractEntity attachedEntity = getTransaction().getEntityManager().find(detachedEntity.getClass(),
|
EntityManager entityManager = transaction.getEntityManager();
|
||||||
detachedEntity.id());
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id());
|
||||||
// does the login user have the right to delete?
|
if (!attachedEntity.isWriteAllowedFor(loginUser)) {
|
||||||
if (!attachedEntity.isWriteAllowedFor(getLoginUser()))
|
throw new AuthorisationException(loginUser, "delete", detachedEntity);
|
||||||
throw new AuthorisationException(getLoginUser(), "delete",
|
}
|
||||||
detachedEntity);
|
|
||||||
|
|
||||||
super.delete(attachedEntity);
|
super.delete(attachedEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -22,12 +22,15 @@ import javax.persistence.Table;
|
|||||||
import javax.persistence.Temporal;
|
import javax.persistence.Temporal;
|
||||||
import javax.persistence.Transient;
|
import javax.persistence.Transient;
|
||||||
|
|
||||||
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@Entity(name = "Customers")
|
@Entity(name = "Customers")
|
||||||
@Table(name = "business_partner")
|
@Table(name = "business_partner")
|
||||||
public class Customer extends de.hsadmin.core.model.AbstractEntity implements Serializable {
|
@ModuleImpl(de.hsadmin.mods.cust.CustomerModuleImpl.class)
|
||||||
|
public class Customer extends AbstractEntity implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = -7450594652238392616L;
|
private static final long serialVersionUID = -7450594652238392616L;
|
||||||
|
|
||||||
@ -253,17 +256,11 @@ public class Customer extends de.hsadmin.core.model.AbstractEntity implements Se
|
|||||||
return null; // TODO: no access yet
|
return null; // TODO: no access yet
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether the given user has full read access on all merged fields of this entity
|
|
||||||
*/
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isReadAllowedFor(UnixUser loginUser) {
|
public boolean isReadAllowedFor(UnixUser loginUser) {
|
||||||
return loginUser.hasCustomerRoleFor(this);
|
return loginUser.hasCustomerRoleFor(this);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether the given user has full write access on all merged fields of this entity
|
|
||||||
*/
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
||||||
return loginUser.hasCustomerRoleFor(this);
|
return loginUser.hasCustomerRoleFor(this);
|
||||||
|
@ -9,6 +9,7 @@ import de.hsadmin.core.model.AbstractModuleImpl;
|
|||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.GenericModuleImpl;
|
import de.hsadmin.core.model.GenericModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.core.util.TextUtil;
|
import de.hsadmin.core.util.TextUtil;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -17,8 +18,9 @@ public class CustomerModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
if (!getLoginUser().hasHostmasterRole()) {
|
Transaction transaction = getTransaction();
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
if (!transaction.getLoginUser().hasHostmasterRole()) {
|
||||||
|
throw new AuthorisationException(transaction.getLoginUser(), "add", newEntity);
|
||||||
}
|
}
|
||||||
Customer newCustomer = (Customer) newEntity;
|
Customer newCustomer = (Customer) newEntity;
|
||||||
assertNotNull("membercode", newCustomer.getName());
|
assertNotNull("membercode", newCustomer.getName());
|
||||||
@ -62,16 +64,18 @@ public class CustomerModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity)
|
public AbstractEntity update(AbstractEntity existingEntity)
|
||||||
throws HSAdminException {
|
throws HSAdminException {
|
||||||
if (!getLoginUser().hasHostmasterRole()) {
|
Transaction transaction = getTransaction();
|
||||||
throw new AuthorisationException(getLoginUser(), "update", existingEntity);
|
if (!transaction.getLoginUser().hasHostmasterRole()) {
|
||||||
|
throw new AuthorisationException(transaction.getLoginUser(), "update", existingEntity);
|
||||||
}
|
}
|
||||||
return super.update(existingEntity);
|
return super.update(existingEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
if (!getLoginUser().hasHostmasterRole()) {
|
Transaction transaction = getTransaction();
|
||||||
throw new AuthorisationException(getLoginUser(), "delete", existingEntity);
|
if (!transaction.getLoginUser().hasHostmasterRole()) {
|
||||||
|
throw new AuthorisationException(transaction.getLoginUser(), "delete", existingEntity);
|
||||||
}
|
}
|
||||||
Customer cust = (Customer) existingEntity;
|
Customer cust = (Customer) existingEntity;
|
||||||
|
|
||||||
@ -81,13 +85,13 @@ public class CustomerModuleImpl extends AbstractModuleImpl {
|
|||||||
Date memberUntil = cust.getMemberUntil();
|
Date memberUntil = cust.getMemberUntil();
|
||||||
if (memberSince != null) {
|
if (memberSince != null) {
|
||||||
if (memberUntil == null || memberUntil.after(new Date())) {
|
if (memberUntil == null || memberUntil.after(new Date())) {
|
||||||
throw new AuthorisationException(getLoginUser(), "delete", existingEntity);
|
throw new AuthorisationException(transaction.getLoginUser(), "delete", existingEntity);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// keine Pakete mehr!
|
// keine Pakete mehr!
|
||||||
Set<Pac> pacs = cust.getPacs();
|
Set<Pac> pacs = cust.getPacs();
|
||||||
if (pacs != null && pacs.size() > 0) {
|
if (pacs != null && pacs.size() > 0) {
|
||||||
throw new AuthorisationException(getLoginUser(), "delete", existingEntity);
|
throw new AuthorisationException(transaction.getLoginUser(), "delete", existingEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
GenericModuleImpl helper = new GenericModuleImpl(getTransaction());
|
GenericModuleImpl helper = new GenericModuleImpl(getTransaction());
|
||||||
|
@ -22,7 +22,6 @@ import javax.persistence.SequenceGenerator;
|
|||||||
import javax.persistence.Table;
|
import javax.persistence.Table;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
@ -84,29 +83,20 @@ public abstract class Database extends AbstractEntity implements Serializable {
|
|||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, UnixUser loginUser) {
|
||||||
if (pac == null && name != null && name.length() > 0) {
|
if (pac == null && name != null && name.length() > 0) {
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
throw new SecurityException("database name '" + name
|
throw new SecurityException("database name '" + name + "' not allowed");
|
||||||
+ "' not allowed");
|
|
||||||
}
|
}
|
||||||
// TODO: it's ugly having this code here, needs refactoring
|
|
||||||
String pacName = name.substring(0, 5);
|
String pacName = name.substring(0, 5);
|
||||||
try {
|
try {
|
||||||
// get the entities name (query part from FROM to WHERE)
|
|
||||||
Entity entityAnnot = Pac.class.getAnnotation(Entity.class);
|
Entity entityAnnot = Pac.class.getAnnotation(Entity.class);
|
||||||
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj WHERE "
|
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj WHERE "
|
||||||
+ Pac.createQueryFromStringKey(pacName);
|
+ Pac.createQueryFromStringKey(pacName);
|
||||||
|
|
||||||
// set parameters
|
|
||||||
Query query = em.createQuery(queryString);
|
Query query = em.createQuery(queryString);
|
||||||
AbstractModuleImpl.setQueryParameter(query,
|
query.setParameter("loginUser", loginUser);
|
||||||
queryString, "loginUser", loginUser);
|
query.setParameter("loginUserName", loginUser.getName());
|
||||||
AbstractModuleImpl.setQueryParameter(query,
|
query.setParameter("loginUserPac", loginUser.getPac());
|
||||||
queryString, "loginUserName", loginUser.getName());
|
|
||||||
AbstractModuleImpl.setQueryParameter(query,
|
|
||||||
queryString, "loginUserPac", loginUser.getPac());
|
|
||||||
pac = (Pac) query.getSingleResult();
|
pac = (Pac) query.getSingleResult();
|
||||||
} catch (NoResultException exc) {
|
} catch (NoResultException exc) {
|
||||||
throw new SecurityException("packet '" + pacName
|
throw new SecurityException("packet '" + pacName + "' not found or access denied");
|
||||||
+ "' not found or access denied");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -23,7 +23,6 @@ import javax.persistence.Table;
|
|||||||
import javax.persistence.Transient;
|
import javax.persistence.Transient;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -87,12 +86,9 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
|
|||||||
|
|
||||||
// set parameters
|
// set parameters
|
||||||
Query query = em.createQuery(queryString);
|
Query query = em.createQuery(queryString);
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString,
|
query.setParameter("loginUser", loginUser);
|
||||||
"loginUser", loginUser);
|
query.setParameter("loginUserName", loginUser.getName());
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString,
|
query.setParameter("loginUserPac", loginUser.getPac());
|
||||||
"loginUserName", loginUser.getName());
|
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString,
|
|
||||||
"loginUserPac", loginUser.getPac());
|
|
||||||
pac = (Pac) query.getSingleResult();
|
pac = (Pac) query.getSingleResult();
|
||||||
} catch (NoResultException exc) {
|
} catch (NoResultException exc) {
|
||||||
throw new SecurityException("packet '" + pacName
|
throw new SecurityException("packet '" + pacName
|
||||||
|
@ -6,6 +6,7 @@ import javax.persistence.DiscriminatorValue;
|
|||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
|
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@ -14,6 +15,7 @@ import de.hsadmin.mods.pac.Pac;
|
|||||||
@EntityInfo(name = "MySQL Datenbank")
|
@EntityInfo(name = "MySQL Datenbank")
|
||||||
@SearchFilter("obj.instance = 'mysql' AND (" + " obj.pac = :loginUserPac OR "
|
@SearchFilter("obj.instance = 'mysql' AND (" + " obj.pac = :loginUserPac OR "
|
||||||
+ " obj.pac.customer.memberCode = :loginUserName )")
|
+ " obj.pac.customer.memberCode = :loginUserName )")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.db.MySqlDatabaseModuleImpl.class)
|
||||||
public class MySqlDatabase extends Database implements Serializable {
|
public class MySqlDatabase extends Database implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 2862112440807946042L;
|
private static final long serialVersionUID = 2862112440807946042L;
|
||||||
|
@ -9,6 +9,7 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@ -25,26 +26,29 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
MySqlDatabase database = (MySqlDatabase) newEntity;
|
MySqlDatabase database = (MySqlDatabase) newEntity;
|
||||||
String name = database.getName();
|
String name = database.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||||
qPac.setParameter("pacName", name.substring(0, 5));
|
qPac.setParameter("pacName", name.substring(0, 5));
|
||||||
Object singleResult = qPac.getSingleResult();
|
Object singleResult = qPac.getSingleResult();
|
||||||
Pac pac = (Pac) singleResult;
|
Pac pac = (Pac) singleResult;
|
||||||
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
|
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
return super.add(newEntity);
|
return super.add(newEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser unixUser = getLoginUser();
|
EntityManager em = transaction.getEntityManager();
|
||||||
|
UnixUser unixUser = transaction.getLoginUser();
|
||||||
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
||||||
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
||||||
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
||||||
|
@ -6,6 +6,7 @@ import javax.persistence.DiscriminatorValue;
|
|||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
|
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@ -15,6 +16,7 @@ import de.hsadmin.mods.pac.Pac;
|
|||||||
@SearchFilter("obj.instance = 'mysql' AND ("
|
@SearchFilter("obj.instance = 'mysql' AND ("
|
||||||
+ " obj.pac = :loginUserPac OR "
|
+ " obj.pac = :loginUserPac OR "
|
||||||
+ " obj.pac.customer.memberCode = :loginUserName )")
|
+ " obj.pac.customer.memberCode = :loginUserName )")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.db.MySqlUserModuleImpl.class)
|
||||||
public class MySqlUser extends DatabaseUser implements Serializable {
|
public class MySqlUser extends DatabaseUser implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 6218494776881999478L;
|
private static final long serialVersionUID = 6218494776881999478L;
|
||||||
|
@ -9,16 +9,20 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
public class MySqlUserModuleImpl extends AbstractModuleImpl {
|
public class MySqlUserModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
MySqlUser user = (MySqlUser) newEntity;
|
MySqlUser user = (MySqlUser) newEntity;
|
||||||
String name = user.getName();
|
String name = user.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
if (name.length() > 16) {
|
if (name.length() > 16) {
|
||||||
throw new HSAdminException("mysql database name max. length is 16 characters");
|
throw new HSAdminException("mysql database name max. length is 16 characters");
|
||||||
@ -28,8 +32,8 @@ public class MySqlUserModuleImpl extends AbstractModuleImpl {
|
|||||||
qPac.setParameter("pacName", name.substring(0, 5));
|
qPac.setParameter("pacName", name.substring(0, 5));
|
||||||
Object singleResult = qPac.getSingleResult();
|
Object singleResult = qPac.getSingleResult();
|
||||||
Pac pac = (Pac) singleResult;
|
Pac pac = (Pac) singleResult;
|
||||||
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
|
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
return super.add(newEntity);
|
return super.add(newEntity);
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ import javax.persistence.DiscriminatorValue;
|
|||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
|
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@ -15,6 +16,7 @@ import de.hsadmin.mods.pac.Pac;
|
|||||||
@SearchFilter("obj.instance = 'pgsql' AND ("
|
@SearchFilter("obj.instance = 'pgsql' AND ("
|
||||||
+ " obj.pac = :loginUserPac OR "
|
+ " obj.pac = :loginUserPac OR "
|
||||||
+ " obj.pac.customer.memberCode = :loginUserName )")
|
+ " obj.pac.customer.memberCode = :loginUserName )")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.db.PgSqlDatabaseModuleImpl.class)
|
||||||
public class PgSqlDatabase extends Database implements Serializable {
|
public class PgSqlDatabase extends Database implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 6688358817554938015L;
|
private static final long serialVersionUID = 6688358817554938015L;
|
||||||
|
@ -9,6 +9,7 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@ -24,26 +25,28 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
PgSqlDatabase database = (PgSqlDatabase) newEntity;
|
PgSqlDatabase database = (PgSqlDatabase) newEntity;
|
||||||
String name = database.getName();
|
String name = database.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||||
qPac.setParameter("pacName", name.substring(0, 5));
|
qPac.setParameter("pacName", name.substring(0, 5));
|
||||||
Object singleResult = qPac.getSingleResult();
|
Object singleResult = qPac.getSingleResult();
|
||||||
Pac pac = (Pac) singleResult;
|
Pac pac = (Pac) singleResult;
|
||||||
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
|
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
return super.add(newEntity);
|
return super.add(newEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
Transaction transaction = getTransaction();
|
||||||
UnixUser unixUser = getLoginUser();
|
EntityManager em = transaction.getEntityManager();
|
||||||
|
UnixUser unixUser = transaction.getLoginUser();
|
||||||
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
|
||||||
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
|
||||||
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
if (!attachedDB.getName().equals(detachtedDB.getName())) {
|
||||||
|
@ -6,6 +6,7 @@ import javax.persistence.DiscriminatorValue;
|
|||||||
import javax.persistence.Entity;
|
import javax.persistence.Entity;
|
||||||
|
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@ -14,6 +15,7 @@ import de.hsadmin.mods.pac.Pac;
|
|||||||
@EntityInfo(name = "PostgreSQL Konto")
|
@EntityInfo(name = "PostgreSQL Konto")
|
||||||
@SearchFilter("obj.instance = 'pgsql' AND (" + " obj.pac = :loginUserPac OR "
|
@SearchFilter("obj.instance = 'pgsql' AND (" + " obj.pac = :loginUserPac OR "
|
||||||
+ " obj.pac.customer.memberCode = :loginUserName )")
|
+ " obj.pac.customer.memberCode = :loginUserName )")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.db.PgSqlUserModuleImpl.class)
|
||||||
public class PgSqlUser extends DatabaseUser implements Serializable {
|
public class PgSqlUser extends DatabaseUser implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = -1097602753310286629L;
|
private static final long serialVersionUID = -1097602753310286629L;
|
||||||
|
@ -10,23 +10,25 @@ import de.hsadmin.core.model.AbstractModuleImpl;
|
|||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
public class PgSqlUserModuleImpl extends AbstractModuleImpl {
|
public class PgSqlUserModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
PgSqlUser user = (PgSqlUser) newEntity;
|
PgSqlUser user = (PgSqlUser) newEntity;
|
||||||
String name = user.getName();
|
String name = user.getName();
|
||||||
if (name.length() < 7 || name.charAt(5) != '_') {
|
if (name.length() < 7 || name.charAt(5) != '_') {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||||
qPac.setParameter("pacName", name.substring(0, 5));
|
qPac.setParameter("pacName", name.substring(0, 5));
|
||||||
Object singleResult = qPac.getSingleResult();
|
Object singleResult = qPac.getSingleResult();
|
||||||
Pac pac = (Pac) singleResult;
|
Pac pac = (Pac) singleResult;
|
||||||
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
|
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
return super.add(newEntity);
|
return super.add(newEntity);
|
||||||
}
|
}
|
||||||
|
@ -18,11 +18,13 @@ import javax.persistence.Temporal;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@Entity(name = "Domains")
|
@Entity(name = "Domains")
|
||||||
@Table(name = "domain")
|
@Table(name = "domain")
|
||||||
@SequenceGenerator(name = "DomainsSeqGen", sequenceName = "domain_domain_id_seq")
|
@SequenceGenerator(name = "DomainsSeqGen", sequenceName = "domain_domain_id_seq")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.dom.DomainModuleImpl.class)
|
||||||
public class Domain extends AbstractEntity {
|
public class Domain extends AbstractEntity {
|
||||||
|
|
||||||
@Id
|
@Id
|
||||||
|
@ -7,9 +7,9 @@ import java.util.List;
|
|||||||
import javax.persistence.EntityManager;
|
import javax.persistence.EntityManager;
|
||||||
import javax.persistence.Query;
|
import javax.persistence.Query;
|
||||||
|
|
||||||
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
import de.hsadmin.core.util.DNSCheck;
|
import de.hsadmin.core.util.DNSCheck;
|
||||||
import de.hsadmin.mods.dom.Domain.Status;
|
import de.hsadmin.mods.dom.Domain.Status;
|
||||||
@ -23,7 +23,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
||||||
AbstractEntity newDom = super.initialize(newEntity);
|
AbstractEntity newDom = super.initialize(newEntity);
|
||||||
if (newDom instanceof Domain) {
|
if (newDom instanceof Domain) {
|
||||||
((Domain) newDom).setUser(getLoginUser());
|
((Domain) newDom).setUser(getTransaction().getLoginUser());
|
||||||
return newDom;
|
return newDom;
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
@ -94,7 +94,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
}
|
}
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
|
|
||||||
UnixUser loginUser = getLoginUser();
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
if (!loginUser.hasHostmasterRole()) {
|
if (!loginUser.hasHostmasterRole()) {
|
||||||
// search for domains superior to dom
|
// search for domains superior to dom
|
||||||
Query domainQuery = em.createQuery("SELECT d FROM Domains d WHERE d.name = :domainName");
|
Query domainQuery = em.createQuery("SELECT d FROM Domains d WHERE d.name = :domainName");
|
||||||
@ -158,7 +158,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
dom.setUser((UnixUser) query.getSingleResult());
|
dom.setUser((UnixUser) query.getSingleResult());
|
||||||
}
|
}
|
||||||
needsWriteAccessOn(existingEntity, "update");
|
needsWriteAccessOn(existingEntity, "update");
|
||||||
throw new AuthorisationException(getLoginUser(), "update", existingEntity);
|
throw new AuthorisationException(getTransaction().getLoginUser(), "update", existingEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -177,25 +177,26 @@ public class DomainModuleImpl extends AbstractModuleImpl {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
||||||
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
if (ent instanceof Domain) {
|
if (ent instanceof Domain) {
|
||||||
Domain dom = (Domain) ent;
|
Domain dom = (Domain) ent;
|
||||||
String aLoginUserName = getLoginUser().getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
UnixUser domUser = dom.getUser();
|
UnixUser domUser = dom.getUser();
|
||||||
Pac domPac = domUser.getPac();
|
Pac domPac = domUser.getPac();
|
||||||
boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
|
boolean isDomAdmin = aLoginUserName.equals(domUser.getName());
|
||||||
boolean isPacAdmin = aLoginUserName.equals(domPac.getName());
|
boolean isPacAdmin = aLoginUserName.equals(domPac.getName());
|
||||||
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
|
boolean isCustomer = aLoginUserName.equals(domPac.getCustomer().getName());
|
||||||
boolean isHostmaster = getLoginUser().hasHostmasterRole();
|
boolean isHostmaster = loginUser.hasHostmasterRole();
|
||||||
if (!isDomAdmin && !isPacAdmin && !isCustomer && !isHostmaster) {
|
if (!isDomAdmin && !isPacAdmin && !isCustomer && !isHostmaster) {
|
||||||
throw new AuthorisationException(getLoginUser(), method, dom);
|
throw new AuthorisationException(loginUser, method, dom);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
throw new AuthorisationException(getLoginUser(), method, ent);
|
throw new AuthorisationException(loginUser, method, ent);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void needsWriteAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
private void needsWriteAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
|
||||||
UnixUser loginUser = getLoginUser();
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
if (ent instanceof Domain) {
|
if (ent instanceof Domain) {
|
||||||
Domain dom = (Domain) ent;
|
Domain dom = (Domain) ent;
|
||||||
String aLoginUserName = loginUser.getName();
|
String aLoginUserName = loginUser.getName();
|
||||||
|
@ -20,6 +20,7 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.dom.Domain;
|
import de.hsadmin.mods.dom.Domain;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -34,6 +35,7 @@ import de.hsadmin.mods.user.UnixUser;
|
|||||||
@SearchFilter("domain.user = :loginUser OR "
|
@SearchFilter("domain.user = :loginUser OR "
|
||||||
+ "domain.user.pac = :loginUserPac OR "
|
+ "domain.user.pac = :loginUserPac OR "
|
||||||
+ "domain.user.pac.customer.name = :loginUserName")
|
+ "domain.user.pac.customer.name = :loginUserName")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.email.EMailAddressModuleImpl.class)
|
||||||
public class EMailAddress extends AbstractEntity implements Serializable {
|
public class EMailAddress extends AbstractEntity implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = -2265500181746604429L;
|
private static final long serialVersionUID = -2265500181746604429L;
|
||||||
|
@ -9,7 +9,9 @@ import de.hsadmin.core.model.AbstractModuleImpl;
|
|||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.dom.Domain;
|
import de.hsadmin.mods.dom.Domain;
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -46,23 +48,25 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
EMailAddress detachedAddr = (EMailAddress) existingEntity;
|
EMailAddress detachedAddr = (EMailAddress) existingEntity;
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = transaction.getEntityManager();
|
||||||
EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());
|
EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());
|
||||||
String domain = detachedAddr.getDomain().getName();
|
String domain = detachedAddr.getDomain().getName();
|
||||||
if (domain != null && !domain.equals(attachedAddr.getDomain().getName())) {
|
if (domain != null && !domain.equals(attachedAddr.getDomain().getName())) {
|
||||||
detachedAddr.setDomain(attachedAddr.getDomain());
|
detachedAddr.setDomain(attachedAddr.getDomain());
|
||||||
throw new AuthorisationException(getLoginUser(), "update", detachedAddr, "domain");
|
throw new AuthorisationException(loginUser, "update", detachedAddr, "domain");
|
||||||
}
|
}
|
||||||
String subdomain = detachedAddr.getSubdomain();
|
String subdomain = detachedAddr.getSubdomain();
|
||||||
if (subdomain != null && !subdomain.equals(attachedAddr.getSubdomain())) {
|
if (subdomain != null && !subdomain.equals(attachedAddr.getSubdomain())) {
|
||||||
detachedAddr.setSubdomain(attachedAddr.getSubdomain());
|
detachedAddr.setSubdomain(attachedAddr.getSubdomain());
|
||||||
throw new AuthorisationException(getLoginUser(), "update", detachedAddr, "subdomain");
|
throw new AuthorisationException(loginUser, "update", detachedAddr, "subdomain");
|
||||||
}
|
}
|
||||||
String localPart = detachedAddr.getLocalpart();
|
String localPart = detachedAddr.getLocalpart();
|
||||||
if (localPart != null && !localPart.equals(attachedAddr.getLocalpart())) {
|
if (localPart != null && !localPart.equals(attachedAddr.getLocalpart())) {
|
||||||
detachedAddr.setLocalpart(attachedAddr.getLocalpart());
|
detachedAddr.setLocalpart(attachedAddr.getLocalpart());
|
||||||
throw new AuthorisationException(getLoginUser(), "update", detachedAddr, "localpart");
|
throw new AuthorisationException(loginUser, "update", detachedAddr, "localpart");
|
||||||
}
|
}
|
||||||
String target = detachedAddr.getTarget();
|
String target = detachedAddr.getTarget();
|
||||||
if (target == null) {
|
if (target == null) {
|
||||||
|
@ -17,9 +17,9 @@ import javax.persistence.SequenceGenerator;
|
|||||||
import javax.persistence.Table;
|
import javax.persistence.Table;
|
||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.model.SearchFilter;
|
import de.hsadmin.core.model.SearchFilter;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
@ -33,6 +33,7 @@ import de.hsadmin.mods.user.UnixUser;
|
|||||||
@SequenceGenerator(name = "EMailAliasesSeqGen", sequenceName = "emailalias_emailalias_id_seq")
|
@SequenceGenerator(name = "EMailAliasesSeqGen", sequenceName = "emailalias_emailalias_id_seq")
|
||||||
@EntityInfo(name = "E-Mail-Alias")
|
@EntityInfo(name = "E-Mail-Alias")
|
||||||
@SearchFilter("obj.pac = :loginUserPac OR obj.pac.customer.name = :loginUserName")
|
@SearchFilter("obj.pac = :loginUserPac OR obj.pac.customer.name = :loginUserName")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.email.EMailAliasModuleImpl.class)
|
||||||
public class EMailAlias extends AbstractEntity implements Serializable {
|
public class EMailAlias extends AbstractEntity implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = -4711415079723587161L;
|
private static final long serialVersionUID = -4711415079723587161L;
|
||||||
@ -73,18 +74,14 @@ public class EMailAlias extends AbstractEntity implements Serializable {
|
|||||||
@Override
|
@Override
|
||||||
public void complete(EntityManager em, UnixUser loginUser) {
|
public void complete(EntityManager em, UnixUser loginUser) {
|
||||||
if (pac == null && name != null && name.length() > 0) {
|
if (pac == null && name != null && name.length() > 0) {
|
||||||
// TODO: it's ugly having this code here, needs refactoring
|
|
||||||
String pacName = name.substring(0, 5);
|
String pacName = name.substring(0, 5);
|
||||||
try {
|
try {
|
||||||
// get the entities name (query part from FROM to WHERE)
|
|
||||||
Entity entityAnnot = Pac.class.getAnnotation(Entity.class);
|
Entity entityAnnot = Pac.class.getAnnotation(Entity.class);
|
||||||
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj WHERE " + Pac.createQueryFromStringKey(pacName);
|
String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj WHERE " + Pac.createQueryFromStringKey(pacName);
|
||||||
|
|
||||||
// set parameters
|
|
||||||
Query query = em.createQuery(queryString);
|
Query query = em.createQuery(queryString);
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser);
|
query.setParameter("loginUser", loginUser);
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
|
query.setParameter("loginUserName", loginUser.getName());
|
||||||
AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
|
query.setParameter("loginUserPac", loginUser.getPac());
|
||||||
pac = (Pac) query.getSingleResult();
|
pac = (Pac) query.getSingleResult();
|
||||||
} catch (NoResultException exc) {
|
} catch (NoResultException exc) {
|
||||||
throw new SecurityException("packet '" + pacName + "' not found or access denied");
|
throw new SecurityException("packet '" + pacName + "' not found or access denied");
|
||||||
|
@ -9,7 +9,9 @@ import de.hsadmin.core.model.AbstractEntity;
|
|||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.AuthorisationException;
|
import de.hsadmin.core.model.AuthorisationException;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
||||||
|
|
||||||
@ -24,18 +26,20 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
|
Transaction transaction = getTransaction();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
EMailAlias alias = (EMailAlias) newEntity;
|
EMailAlias alias = (EMailAlias) newEntity;
|
||||||
String name = alias.getName();
|
String name = alias.getName();
|
||||||
if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
|
if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
EntityManager em = getTransaction().getEntityManager();
|
EntityManager em = getTransaction().getEntityManager();
|
||||||
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
Query qPac = em.createQuery("SELECT obj FROM Pacs obj WHERE obj.name = :pacName");
|
||||||
qPac.setParameter("pacName", name.substring(0, 5));
|
qPac.setParameter("pacName", name.substring(0, 5));
|
||||||
Object singleResult = qPac.getSingleResult();
|
Object singleResult = qPac.getSingleResult();
|
||||||
Pac pac = (Pac) singleResult;
|
Pac pac = (Pac) singleResult;
|
||||||
if (pac == null || !pac.isReadAllowedFor(getLoginUser())) {
|
if (pac == null || !pac.isReadAllowedFor(loginUser)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newEntity);
|
throw new AuthorisationException(loginUser, "add", newEntity);
|
||||||
}
|
}
|
||||||
return super.add(newEntity);
|
return super.add(newEntity);
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,7 @@ import javax.persistence.Transient;
|
|||||||
|
|
||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.mods.cust.Customer;
|
import de.hsadmin.mods.cust.Customer;
|
||||||
import de.hsadmin.mods.user.UnixUser;
|
import de.hsadmin.mods.user.UnixUser;
|
||||||
|
|
||||||
@ -33,6 +34,7 @@ import de.hsadmin.mods.user.UnixUser;
|
|||||||
@Table(name = "packet")
|
@Table(name = "packet")
|
||||||
@SequenceGenerator(name = "PacsSeqGen", sequenceName = "packet_packet_id_seq")
|
@SequenceGenerator(name = "PacsSeqGen", sequenceName = "packet_packet_id_seq")
|
||||||
@EntityInfo(name = "Paket")
|
@EntityInfo(name = "Paket")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.pac.PacModuleImpl.class)
|
||||||
public class Pac extends AbstractEntity implements Serializable {
|
public class Pac extends AbstractEntity implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
|
@ -112,7 +112,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity)
|
public AbstractEntity update(AbstractEntity existingEntity)
|
||||||
throws HSAdminException {
|
throws HSAdminException {
|
||||||
throw new AuthorisationException(getLoginUser(), "update", existingEntity);
|
throw new AuthorisationException(getTransaction().getLoginUser(), "update", existingEntity);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
@ -122,7 +122,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
|
|||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
Date dateCancelled = pac.getCancelled();
|
Date dateCancelled = pac.getCancelled();
|
||||||
if (dateCancelled == null || dateCancelled.getTime() > System.currentTimeMillis()) {
|
if (dateCancelled == null || dateCancelled.getTime() > System.currentTimeMillis()) {
|
||||||
throw new AuthorisationException(getLoginUser(), "delete", existingEntity);
|
throw new AuthorisationException(getTransaction().getLoginUser(), "delete", existingEntity);
|
||||||
}
|
}
|
||||||
GenericModuleImpl helperModule = new GenericModuleImpl(getTransaction());
|
GenericModuleImpl helperModule = new GenericModuleImpl(getTransaction());
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ import javax.persistence.Transient;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.EntityInfo;
|
import de.hsadmin.core.model.EntityInfo;
|
||||||
import de.hsadmin.core.model.FieldValidation;
|
import de.hsadmin.core.model.FieldValidation;
|
||||||
|
import de.hsadmin.core.model.ModuleImpl;
|
||||||
import de.hsadmin.core.util.Config;
|
import de.hsadmin.core.util.Config;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
@ -26,6 +27,7 @@ import de.hsadmin.mods.pac.Pac;
|
|||||||
@Table(name = "unixuser")
|
@Table(name = "unixuser")
|
||||||
@SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
|
@SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
|
||||||
@EntityInfo(name = "UNIX-Zugang/Mailbox")
|
@EntityInfo(name = "UNIX-Zugang/Mailbox")
|
||||||
|
@ModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class)
|
||||||
public class UnixUser extends AbstractEntity implements Serializable {
|
public class UnixUser extends AbstractEntity implements Serializable {
|
||||||
|
|
||||||
private static final long serialVersionUID = 7823071611805642906L;
|
private static final long serialVersionUID = 7823071611805642906L;
|
||||||
@ -187,23 +189,16 @@ public class UnixUser extends AbstractEntity implements Serializable {
|
|||||||
this.homedir = homedir;
|
this.homedir = homedir;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* returns true if the user has the default homedir path
|
|
||||||
*/
|
|
||||||
public boolean isDefaultHomedir() {
|
public boolean isDefaultHomedir() {
|
||||||
return getHomedir().equals(getDefaultHomedir());
|
return getHomedir().equals(getDefaultHomedir());
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* returns the default homedir path
|
|
||||||
*/
|
|
||||||
private String getDefaultHomedir() {
|
private String getDefaultHomedir() {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
if (name.equals(pacName))
|
if (name.equals(pacName))
|
||||||
return "/home/pacs/" + pacName;
|
return "/home/pacs/" + pacName;
|
||||||
else
|
else
|
||||||
return "/home/pacs/" + pacName + "/users/"
|
return "/home/pacs/" + pacName + "/users/" + name.substring(pacName.length() + 1);
|
||||||
+ name.substring(pacName.length() + 1);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean isLocked() {
|
public boolean isLocked() {
|
||||||
@ -266,41 +261,23 @@ public class UnixUser extends AbstractEntity implements Serializable {
|
|||||||
return getPac().getAdminUser(em);
|
return getPac().getAdminUser(em);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether this user account is a hostmaster account
|
|
||||||
*/
|
|
||||||
public boolean hasHostmasterRole() {
|
public boolean hasHostmasterRole() {
|
||||||
// TODO: hardcoded Hostsharing conventions
|
// TODO: hardcoded Hostsharing conventions
|
||||||
String login = getName();
|
String login = getName();
|
||||||
return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
|
return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether this user account has rights on the given customer
|
|
||||||
*/
|
|
||||||
public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) {
|
public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) {
|
||||||
// TODO: hardcoded Hostsharing conventions
|
// TODO: hardcoded Hostsharing conventions
|
||||||
return getName().equals(cust.getName()) || hasHostmasterRole();
|
return getName().equals(cust.getName()) || hasHostmasterRole();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether this user account has admin rights on the given pac
|
|
||||||
*/
|
|
||||||
public boolean hasPacAdminRoleFor(de.hsadmin.mods.pac.Pac pac) {
|
public boolean hasPacAdminRoleFor(de.hsadmin.mods.pac.Pac pac) {
|
||||||
return pac != null &&
|
return pac != null &&
|
||||||
(pac.getName().equals(getName())
|
(pac.getName().equals(getName())
|
||||||
|| hasCustomerRoleFor(pac.getCustomer()) );
|
|| hasCustomerRoleFor(pac.getCustomer()) );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* determines whether this user account has admin rights on the given dom
|
|
||||||
*/
|
|
||||||
// public boolean hasDomAdminRoleFor(de.hsadmin.mods.dom.Domain dom) {
|
|
||||||
// // TODO: hardcoded Hostsharing conventions
|
|
||||||
// return this.getId() == dom.getUser().getId()
|
|
||||||
// || hasPacAdminRoleFor(dom.getUser().getPac());
|
|
||||||
// }
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
public boolean isWriteAllowedFor(UnixUser loginUser) {
|
||||||
String pacName = pac.getName();
|
String pacName = pac.getName();
|
||||||
|
@ -10,6 +10,7 @@ import de.hsadmin.core.model.AuthorisationException;
|
|||||||
import de.hsadmin.core.model.AbstractEntity;
|
import de.hsadmin.core.model.AbstractEntity;
|
||||||
import de.hsadmin.core.model.AbstractModuleImpl;
|
import de.hsadmin.core.model.AbstractModuleImpl;
|
||||||
import de.hsadmin.core.model.HSAdminException;
|
import de.hsadmin.core.model.HSAdminException;
|
||||||
|
import de.hsadmin.core.model.Transaction;
|
||||||
import de.hsadmin.mods.pac.Pac;
|
import de.hsadmin.mods.pac.Pac;
|
||||||
|
|
||||||
public class UnixUserModuleImpl extends AbstractModuleImpl {
|
public class UnixUserModuleImpl extends AbstractModuleImpl {
|
||||||
@ -20,19 +21,14 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
@Override
|
@Override
|
||||||
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
|
||||||
UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
|
UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
|
||||||
newUnixUser.setName(getLoginUser().getPac().getName() + '-');
|
newUnixUser.setName(getTransaction().getLoginUser().getPac().getName() + '-');
|
||||||
return newUnixUser;
|
return newUnixUser;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
|
||||||
// do query
|
|
||||||
UnixUser res = (UnixUser) super.find(entityClass, key);
|
UnixUser res = (UnixUser) super.find(entityClass, key);
|
||||||
|
|
||||||
// check access rights
|
|
||||||
needsPartialAccessOnPacOf(res, "find");
|
needsPartialAccessOnPacOf(res, "find");
|
||||||
|
|
||||||
// return clean result
|
|
||||||
return res;
|
return res;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -73,7 +69,9 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
|
||||||
EntityManager em = getEntityManager();
|
Transaction transaction = getTransaction();
|
||||||
|
EntityManager em = transaction.getEntityManager();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
// only allow pac which matches the username (TODO: hard coded
|
// only allow pac which matches the username (TODO: hard coded
|
||||||
// Hostsharing convention)
|
// Hostsharing convention)
|
||||||
UnixUser newUnixUser = (UnixUser) newEntity;
|
UnixUser newUnixUser = (UnixUser) newEntity;
|
||||||
@ -85,18 +83,18 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
String userName = name.toLowerCase().trim();
|
String userName = name.toLowerCase().trim();
|
||||||
for (char c : userName.toCharArray()) {
|
for (char c : userName.toCharArray()) {
|
||||||
if (!(Character.isLetterOrDigit(c) || c == '.' || c == '-' || c == '_')) {
|
if (!(Character.isLetterOrDigit(c) || c == '.' || c == '-' || c == '_')) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newUnixUser, "userId");
|
throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (userName.length() < 7 || userName.charAt(5) != '-' || userName.lastIndexOf('-') > 5) {
|
if (userName.length() < 7 || userName.charAt(5) != '-' || userName.lastIndexOf('-') > 5) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newUnixUser, "userId");
|
throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
|
||||||
}
|
}
|
||||||
String passWord = newUnixUser.getPassword();
|
String passWord = newUnixUser.getPassword();
|
||||||
if (passWord == null || passWord.length() == 0) {
|
if (passWord == null || passWord.length() == 0) {
|
||||||
throw new HSAdminException("password is required");
|
throw new HSAdminException("password is required");
|
||||||
}
|
}
|
||||||
if (passWord.indexOf(':') >= 0) {
|
if (passWord.indexOf(':') >= 0) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newUnixUser, "userId");
|
throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
|
||||||
}
|
}
|
||||||
if (newUnixUser.getPac() == null || newUnixUser.getPac().getNew()) {
|
if (newUnixUser.getPac() == null || newUnixUser.getPac().getNew()) {
|
||||||
|
|
||||||
@ -124,7 +122,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
q.setParameter("pac", pac);
|
q.setParameter("pac", pac);
|
||||||
List<?> idOfSamePac = q.getResultList();
|
List<?> idOfSamePac = q.getResultList();
|
||||||
if (idOfSamePac.size() == 0) {
|
if (idOfSamePac.size() == 0) {
|
||||||
throw new AuthorisationException(getLoginUser(), "add", newUnixUser, "userId");
|
throw new AuthorisationException(loginUser, "add", newUnixUser, "userId");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -142,43 +140,41 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
// get the entity from the database
|
Transaction transaction = getTransaction();
|
||||||
|
UnixUser loginUser = transaction.getLoginUser();
|
||||||
|
EntityManager em = transaction.getEntityManager();
|
||||||
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
||||||
UnixUser attachedUnixUser = getEntityManager().find(detachedUnixUser.getClass(),
|
UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId());
|
||||||
detachedUnixUser.getId());
|
|
||||||
|
|
||||||
// authorisation check
|
|
||||||
needsFullAccessOnUser(attachedUnixUser, "update");
|
needsFullAccessOnUser(attachedUnixUser, "update");
|
||||||
|
if (attachedUnixUser.getUserId() != detachedUnixUser.getUserId()) {
|
||||||
// update fields where the login user has write access
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "id");
|
||||||
if (attachedUnixUser.getUserId() != detachedUnixUser.getUserId())
|
}
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
if (!attachedUnixUser.getName().equals(detachedUnixUser.getName())) {
|
||||||
detachedUnixUser, "id");
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "name");
|
||||||
attachedUnixUser.setName(detachedUnixUser.getName());
|
}
|
||||||
attachedUnixUser.setPassword(detachedUnixUser.getPassword());
|
attachedUnixUser.setPassword(detachedUnixUser.getPassword());
|
||||||
if (hasFullAccessOnPacOf(attachedUnixUser))
|
if (hasFullAccessOnPacOf(attachedUnixUser)) {
|
||||||
attachedUnixUser.setComment(detachedUnixUser.getComment());
|
attachedUnixUser.setComment(detachedUnixUser.getComment());
|
||||||
else if (!attachedUnixUser.getComment().equals(
|
|
||||||
detachedUnixUser.getComment()))
|
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
|
||||||
detachedUnixUser, "comment");
|
|
||||||
if (hasFullAccessOnPacOf(attachedUnixUser))
|
|
||||||
attachedUnixUser.setHomedir(detachedUnixUser.getHomedir());
|
attachedUnixUser.setHomedir(detachedUnixUser.getHomedir());
|
||||||
else if (!attachedUnixUser.getHomedir().equals(
|
} else {
|
||||||
detachedUnixUser.getHomedir()))
|
if (!attachedUnixUser.getComment().equals(detachedUnixUser.getComment())) {
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "comment");
|
||||||
detachedUnixUser, "homedir");
|
}
|
||||||
|
if (!attachedUnixUser.getHomedir().equals(detachedUnixUser.getHomedir())) {
|
||||||
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "homedir");
|
||||||
|
}
|
||||||
|
}
|
||||||
if (!attachedUnixUser.getShell().equals(detachedUnixUser.getShell()))
|
if (!attachedUnixUser.getShell().equals(detachedUnixUser.getShell()))
|
||||||
if (hasFullAccessOnPacOf(attachedUnixUser)
|
if (hasFullAccessOnPacOf(attachedUnixUser)
|
||||||
|| isLoginShell(attachedUnixUser.getShell())
|
|| isLoginShell(attachedUnixUser.getShell())
|
||||||
|| !isLoginShell(detachedUnixUser.getShell()))
|
|| !isLoginShell(detachedUnixUser.getShell()))
|
||||||
attachedUnixUser.setShell(detachedUnixUser.getShell());
|
attachedUnixUser.setShell(detachedUnixUser.getShell());
|
||||||
else
|
else
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
throw new AuthorisationException(loginUser, "update",
|
||||||
detachedUnixUser, "shell");
|
detachedUnixUser, "shell");
|
||||||
if (attachedUnixUser.isLocked() != detachedUnixUser.isLocked())
|
if (attachedUnixUser.isLocked() != detachedUnixUser.isLocked()) {
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "locked");
|
||||||
detachedUnixUser, "locked");
|
}
|
||||||
if (detachedUnixUser.getQuotaSoftlimit() != null) {
|
if (detachedUnixUser.getQuotaSoftlimit() != null) {
|
||||||
if (hasFullAccessOnPacOf(attachedUnixUser)) {
|
if (hasFullAccessOnPacOf(attachedUnixUser)) {
|
||||||
attachedUnixUser.setQuotaSoftlimit(detachedUnixUser.getQuotaSoftlimit());
|
attachedUnixUser.setQuotaSoftlimit(detachedUnixUser.getQuotaSoftlimit());
|
||||||
@ -189,21 +185,20 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
else {
|
else {
|
||||||
Integer oldQuota = attachedUnixUser.getQuotaSoftlimit();
|
Integer oldQuota = attachedUnixUser.getQuotaSoftlimit();
|
||||||
Integer newQuota = detachedUnixUser.getQuotaSoftlimit();
|
Integer newQuota = detachedUnixUser.getQuotaSoftlimit();
|
||||||
if (oldQuota != newQuota && !oldQuota.equals(newQuota))
|
if (oldQuota != newQuota && !oldQuota.equals(newQuota)) {
|
||||||
throw new AuthorisationException(getLoginUser(), "update",
|
throw new AuthorisationException(loginUser, "update", detachedUnixUser, "quota");
|
||||||
detachedUnixUser, "quota");
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// update entity
|
|
||||||
return super.update(attachedUnixUser);
|
return super.update(attachedUnixUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
public void delete(AbstractEntity existingEntity) throws HSAdminException {
|
||||||
// get the entity from the database
|
// get the entity from the database
|
||||||
|
EntityManager entityManager = getTransaction().getEntityManager();
|
||||||
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
UnixUser detachedUnixUser = (UnixUser) existingEntity;
|
||||||
UnixUser attachedUnixUser = getEntityManager().find(detachedUnixUser.getClass(),
|
UnixUser attachedUnixUser = entityManager.find(detachedUnixUser.getClass(),
|
||||||
detachedUnixUser.getId());
|
detachedUnixUser.getId());
|
||||||
|
|
||||||
// authorisation check
|
// authorisation check
|
||||||
@ -216,16 +211,14 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
super.delete(attachedUnixUser);
|
super.delete(attachedUnixUser);
|
||||||
}
|
}
|
||||||
|
|
||||||
private EntityManager getEntityManager() {
|
|
||||||
return getTransaction().getEntityManager();
|
|
||||||
}
|
|
||||||
|
|
||||||
// throws an AuthorisationException if the login user has no write acess
|
// throws an AuthorisationException if the login user has no write acess
|
||||||
// on the pac of the given UnixUser
|
// on the pac of the given UnixUser
|
||||||
private boolean hasFullAccessOnPacOf(UnixUser user) {
|
private boolean hasFullAccessOnPacOf(UnixUser user) {
|
||||||
return getLoginUser().hasHostmasterRole()
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
|| getLoginUser().getName().equals(user.getPac().getName())
|
String loginUserName = loginUser.getName();
|
||||||
|| getLoginUser().getName().equals(user.getPac().getCustomer().getName());
|
return loginUser.hasHostmasterRole()
|
||||||
|
|| loginUserName.equals(user.getPac().getName())
|
||||||
|
|| loginUserName.equals(user.getPac().getCustomer().getName());
|
||||||
}
|
}
|
||||||
|
|
||||||
// throws an AuthorisationException if the login user has no write acess
|
// throws an AuthorisationException if the login user has no write acess
|
||||||
@ -233,31 +226,24 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
|
|||||||
private void needsFullAccessOnPacOf(UnixUser user, String method)
|
private void needsFullAccessOnPacOf(UnixUser user, String method)
|
||||||
throws AuthorisationException {
|
throws AuthorisationException {
|
||||||
if (!hasFullAccessOnPacOf(user))
|
if (!hasFullAccessOnPacOf(user))
|
||||||
throw new AuthorisationException(getLoginUser(), method, user);
|
throw new AuthorisationException(getTransaction().getLoginUser(), method, user);
|
||||||
}
|
}
|
||||||
|
|
||||||
// throws an AuthorisationException if the login user has no read acess on
|
private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
|
||||||
// the pac of the given UnixUser
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
private void needsPartialAccessOnPacOf(UnixUser user, String method)
|
if (!hasFullAccessOnPacOf(user) && loginUser.getPac().id() != user.getPac().id()) {
|
||||||
throws AuthorisationException {
|
throw new AuthorisationException(loginUser, method, user);
|
||||||
if (!hasFullAccessOnPacOf(user)
|
}
|
||||||
&& getLoginUser().getPac().id() != user.getPac().id())
|
|
||||||
throw new AuthorisationException(getLoginUser(), method, user);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// throws an AuthorisationException if the login user has not even partial
|
private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException {
|
||||||
// write access on the given UnixUser
|
UnixUser loginUser = getTransaction().getLoginUser();
|
||||||
private void needsFullAccessOnUser(UnixUser user, String method)
|
if (!hasFullAccessOnPacOf(user) && !loginUser.sameIdAs(user)) {
|
||||||
throws AuthorisationException {
|
throw new AuthorisationException(loginUser, method, user);
|
||||||
// neither pac admin (same name as pac), pac owner (customer) nor the
|
}
|
||||||
// user itself?
|
|
||||||
if (!hasFullAccessOnPacOf(user) && !getLoginUser().sameIdAs(user))
|
|
||||||
throw new AuthorisationException(getLoginUser(), method, user);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// returns true if the given shell is a login shell
|
|
||||||
private static boolean isLoginShell(String shell) {
|
private static boolean isLoginShell(String shell) {
|
||||||
// TODO: list of login shells should not be hardcoded
|
|
||||||
if (shell.equals("/bin/sh"))
|
if (shell.equals("/bin/sh"))
|
||||||
return true;
|
return true;
|
||||||
if (shell.equals("/bin/bash"))
|
if (shell.equals("/bin/bash"))
|
||||||
|
@ -6,18 +6,18 @@ import org.junit.runners.Suite;
|
|||||||
@RunWith(Suite.class)
|
@RunWith(Suite.class)
|
||||||
@Suite.SuiteClasses({
|
@Suite.SuiteClasses({
|
||||||
InitDataTest.class,
|
InitDataTest.class,
|
||||||
// PacTest.class,
|
PacTest.class,
|
||||||
// UnixUserTest.class,
|
UnixUserTest.class,
|
||||||
// MysqlUserTest.class,
|
MysqlUserTest.class,
|
||||||
// MysqlDbTest.class,
|
MysqlDbTest.class,
|
||||||
// PgsqlUserTest.class,
|
PgsqlUserTest.class,
|
||||||
// PgsqlDbTest.class,
|
PgsqlDbTest.class,
|
||||||
// EMailAliasTest.class,
|
EMailAliasTest.class,
|
||||||
// DomainTest.class,
|
DomainTest.class,
|
||||||
// EMailAddressTest.class,
|
EMailAddressTest.class,
|
||||||
// CustomerTest.class
|
CustomerTest.class,
|
||||||
// HostmasterTest.class,
|
// HostmasterTest.class,
|
||||||
// QueueTaskTest.class
|
QueueTaskTest.class
|
||||||
})
|
})
|
||||||
|
|
||||||
public class RemoteTest {
|
public class RemoteTest {
|
||||||
|
Loading…
Reference in New Issue
Block a user