From d63681a0ad40b0f65a954be899af32764107e417 Mon Sep 17 00:00:00 2001 From: "Eric J. Bowersox" Date: Mon, 16 Apr 2001 05:23:39 +0000 Subject: [PATCH] added Admin Modify User functionality --- setup/database.sql | 5 + .../venice/core/AdminOperations.java | 6 + .../venice/core/AdminUserContext.java | 66 ++ .../venice/core/impl/AdminOperationsImpl.java | 21 +- .../core/impl/AdminUserContextImpl.java | 650 ++++++++++++++++++ .../venice/core/impl/UserContextImpl.java | 4 +- .../silverwrist/venice/security/Audit.java | 5 + src/com/silverwrist/venice/security/Role.java | 126 +++- .../venice/servlets/SystemAdmin.java | 172 +++++ .../venice/servlets/format/AdminFindUser.java | 240 +++++++ .../format/AdminModifyUserDialog.java | 294 ++++++++ .../servlets/format/CDPickListFormField.java | 17 + .../venice/servlets/format/ContentDialog.java | 17 + .../venice/servlets/format/FindData.java | 2 +- .../servlets/format/SystemAdminTop.java | 2 +- web/format/admin_find.jsp | 147 ++++ 16 files changed, 1747 insertions(+), 27 deletions(-) create mode 100644 src/com/silverwrist/venice/core/AdminUserContext.java create mode 100644 src/com/silverwrist/venice/core/impl/AdminUserContextImpl.java create mode 100644 src/com/silverwrist/venice/servlets/format/AdminFindUser.java create mode 100644 src/com/silverwrist/venice/servlets/format/AdminModifyUserDialog.java create mode 100644 web/format/admin_find.jsp diff --git a/setup/database.sql b/setup/database.sql index 8acd443..107a851 100644 --- a/setup/database.sql +++ b/setup/database.sql @@ -436,6 +436,11 @@ INSERT INTO refaudit (type, descr) VALUES (106, 'Set User Contact Info'), (107, 'Resend Email Confirmation'), (108, 'Password Change'), + (109, 'Admin Set User Contact Info'), + (110, 'Admin Change User Password'), + (111, 'Admin Change User Account'), + (112, 'Admin Set Account Security'), + (113, 'Admin Lock/Unlock Account'), (201, 'Create New SIG'), (202, 'Set SIG Membership'), (203, 'Set SIG Contact Info'), diff --git a/src/com/silverwrist/venice/core/AdminOperations.java b/src/com/silverwrist/venice/core/AdminOperations.java index 5b57d3d..89038a1 100644 --- a/src/com/silverwrist/venice/core/AdminOperations.java +++ b/src/com/silverwrist/venice/core/AdminOperations.java @@ -21,8 +21,14 @@ import java.util.List; public interface AdminOperations { + public abstract boolean isGlobalAdmin(); + public abstract List getAuditRecords(int offset, int count) throws DataException; public abstract int getAuditRecordCount() throws DataException; + public abstract AdminUserContext getUserContext(int uid) throws DataException; + + public abstract AdminUserContext getUserContext(String username) throws DataException; + } // end interface AdminOperations diff --git a/src/com/silverwrist/venice/core/AdminUserContext.java b/src/com/silverwrist/venice/core/AdminUserContext.java new file mode 100644 index 0000000..2787261 --- /dev/null +++ b/src/com/silverwrist/venice/core/AdminUserContext.java @@ -0,0 +1,66 @@ +/* + * The contents of this file are subject to the Mozilla Public License Version 1.1 + * (the "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at . + * + * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTY OF ANY KIND, either express or implied. See the License for the specific + * language governing rights and limitations under the License. + * + * The Original Code is the Venice Web Communities System. + * + * The Initial Developer of the Original Code is Eric J. Bowersox , + * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + * Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + * + * Contributor(s): + */ +package com.silverwrist.venice.core; + +import java.util.Date; +import java.util.Locale; +import java.util.TimeZone; + +public interface AdminUserContext +{ + public abstract int getUID(); + + public abstract String getUserName(); + + public abstract int getContactID(); + + public abstract String getDescription(); + + public abstract void setDescription(String new_descr) throws DataException; + + public abstract int getBaseLevel(); + + public abstract void setBaseLevel(int new_level) throws DataException; + + public abstract boolean isEmailVerified(); + + public abstract void setEmailVerified(boolean flag) throws DataException; + + public abstract boolean isLockedOut(); + + public abstract void setLockedOut(boolean flag) throws DataException; + + public abstract ContactInfo getContactInfo() throws DataException; + + public abstract void putContactInfo(ContactInfo ci) throws DataException; + + public abstract void setPassword(String password, String reminder) throws DataException; + + public abstract Locale getLocale(); + + public abstract void setLocale(Locale locale) throws DataException; + + public abstract TimeZone getTimeZone(); + + public abstract void setTimeZone(TimeZone timezone) throws DataException; + + public abstract Date getCreationDate(); + + public abstract Date getLastAccessDate(); + +} // end interface AdminUserContext diff --git a/src/com/silverwrist/venice/core/impl/AdminOperationsImpl.java b/src/com/silverwrist/venice/core/impl/AdminOperationsImpl.java index 49756c2..02a6368 100644 --- a/src/com/silverwrist/venice/core/impl/AdminOperationsImpl.java +++ b/src/com/silverwrist/venice/core/impl/AdminOperationsImpl.java @@ -23,6 +23,7 @@ import org.apache.log4j.*; import com.silverwrist.venice.core.*; import com.silverwrist.venice.db.*; import com.silverwrist.venice.security.AuditRecord; +import com.silverwrist.venice.security.SecLevels; class AdminOperationsImpl implements AdminOperations { @@ -31,7 +32,7 @@ class AdminOperationsImpl implements AdminOperations *-------------------------------------------------------------------------------- */ - private static Category logger = Category.getInstance(AdminOperationsImpl.class.getName()); + private static Category logger = Category.getInstance(AdminOperationsImpl.class); /*-------------------------------------------------------------------------------- * Attributes @@ -60,6 +61,12 @@ class AdminOperationsImpl implements AdminOperations *-------------------------------------------------------------------------------- */ + public boolean isGlobalAdmin() + { + return (user.realBaseLevel()==SecLevels.GLOBAL_BOFH); + + } // end isGlobalAdmin + public List getAuditRecords(int offset, int count) throws DataException { Connection conn = null; @@ -116,4 +123,16 @@ class AdminOperationsImpl implements AdminOperations } // end getAuditRecordCount + public AdminUserContext getUserContext(int uid) throws DataException + { + return AdminUserContextImpl.getAdminUserContext(engine,user,datapool,uid); + + } // end getUserContext + + public AdminUserContext getUserContext(String username) throws DataException + { + return AdminUserContextImpl.getAdminUserContext(engine,user,datapool,username); + + } // end getUserContext + } // end class AdminOperationsImpl diff --git a/src/com/silverwrist/venice/core/impl/AdminUserContextImpl.java b/src/com/silverwrist/venice/core/impl/AdminUserContextImpl.java new file mode 100644 index 0000000..9b66b66 --- /dev/null +++ b/src/com/silverwrist/venice/core/impl/AdminUserContextImpl.java @@ -0,0 +1,650 @@ +/* + * The contents of this file are subject to the Mozilla Public License Version 1.1 + * (the "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at . + * + * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTY OF ANY KIND, either express or implied. See the License for the specific + * language governing rights and limitations under the License. + * + * The Original Code is the Venice Web Communities System. + * + * The Initial Developer of the Original Code is Eric J. Bowersox , + * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + * Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + * + * Contributor(s): + */ +package com.silverwrist.venice.core.impl; + +import java.sql.*; +import java.util.*; +import org.apache.log4j.*; +import com.silverwrist.util.LocaleFactory; +import com.silverwrist.venice.core.*; +import com.silverwrist.venice.db.*; +import com.silverwrist.venice.security.PasswordHash; +import com.silverwrist.venice.security.AuditRecord; + +class AdminUserContextImpl implements AdminUserContext +{ + /*-------------------------------------------------------------------------------- + * Static data members + *-------------------------------------------------------------------------------- + */ + + private static Category logger = Category.getInstance(AdminUserContextImpl.class); + + /*-------------------------------------------------------------------------------- + * Attributes + *-------------------------------------------------------------------------------- + */ + + private EngineBackend engine; // the back end of the engine + private UserBackend user; // the controlling administrative user + private DataPool datapool; // the data pool used by this object + private int uid; // the user ID of this user + private int contactid; // ID of associated contact information + private int level; // base security level for this user + private boolean email_verified; // has email address been verified? + private boolean lockout; // is this account locked out? + private String username; // the user name we're using + private java.util.Date created; // when was this user created? (GMT) + private java.util.Date last_access; // when did we last log in? (GMT) + private String description; // personal description + private Locale my_locale; // my default locale (cached) + private TimeZone my_tz; // my default timezone (cached) + + /*-------------------------------------------------------------------------------- + * Constructor + *-------------------------------------------------------------------------------- + */ + + protected AdminUserContextImpl(EngineBackend engine, UserBackend user, DataPool datapool, ResultSet rs) + throws SQLException + { + this.engine = engine; + this.user = user; + this.datapool = datapool; + this.uid = rs.getInt("uid"); + this.contactid = rs.getInt("contactid"); + this.level = rs.getInt("base_lvl"); + this.email_verified = rs.getBoolean("verify_email"); + this.lockout = rs.getBoolean("lockout"); + this.username = rs.getString("username"); + this.created = SQLUtil.getFullDateTime(rs,"created"); + this.last_access = SQLUtil.getFullDateTime(rs,"lastaccess"); + this.description = rs.getString("description"); + this.my_locale = LocaleFactory.createLocale(rs.getString("localeid")); + this.my_tz = TimeZone.getTimeZone(rs.getString("tzid")); + + } // end constructor + + /*-------------------------------------------------------------------------------- + * Implementations from interface AdminUserContext + *-------------------------------------------------------------------------------- + */ + + public int getUID() + { + return uid; + + } // end getUID + + public String getUserName() + { + return username; + + } // end getUserName + + public int getContactID() + { + return contactid; + + } // end getContactID + + public String getDescription() + { + return description; + + } // end getDescription + + public void setDescription(String new_descr) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + if (new_descr.equals(description)) + return; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + StringBuffer sql = new StringBuffer("UPDATE users SET description = '"); + sql.append(SQLUtil.encodeString(new_descr)).append("' WHERE uid = ").append(uid).append(';'); + stmt.executeUpdate(sql.toString()); + + description = new_descr; // change stored information + ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,"field=description"); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error changing description: " + e.getMessage(),e); + throw new DataException("Unable to set user description: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setDescription + + public int getBaseLevel() + { + return level; + + } // end getBaseLevel + + public void setBaseLevel(int new_level) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + if (level==new_level) + return; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + StringBuffer sql = new StringBuffer("UPDATE users SET base_lvl = "); + sql.append(new_level).append(" WHERE uid = ").append(uid).append(';'); + stmt.executeUpdate(sql.toString()); + + level = new_level; + ar = new AuditRecord(AuditRecord.ADMIN_SET_SECURITY,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,"level=" + new_level); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error changing base level: " + e.getMessage(),e); + throw new DataException("Unable to set user base level: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setBaseLevel + + public boolean isEmailVerified() + { + return email_verified; + + } // end isEmailVerified + + public void setEmailVerified(boolean flag) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + if (flag==email_verified) + return; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + StringBuffer sql = new StringBuffer("UPDATE users SET verify_email = "); + sql.append(flag ? '1' : '0').append(" WHERE uid = ").append(uid).append(';'); + stmt.executeUpdate(sql.toString()); + + email_verified = flag; + ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,"field=verify_email"); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error changing verify flag: " + e.getMessage(),e); + throw new DataException("Unable to set user verify flag: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setEmailVerified + + public boolean isLockedOut() + { + return lockout; + + } // end isLockedOut + + public void setLockedOut(boolean flag) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + if (flag==lockout) + return; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + StringBuffer sql = new StringBuffer("UPDATE users SET lockout = "); + sql.append(flag ? '1' : '0').append(" WHERE uid = ").append(uid).append(';'); + stmt.executeUpdate(sql.toString()); + + lockout = flag; + ar = new AuditRecord(AuditRecord.ADMIN_LOCK_OUT,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,flag ? "locked" : "unlocked"); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error changing lockout flag: " + e.getMessage(),e); + throw new DataException("Unable to set user lockout flag: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setLockedOut + + public ContactInfo getContactInfo() throws DataException + { + if (logger.isDebugEnabled()) + logger.debug("getContactInfo() for UID " + uid); + + ContactInfoImpl rc; + if (contactid>=0) + rc = new ContactInfoImpl(datapool,contactid); + else + rc = new ContactInfoImpl(uid); + return rc; + + } // end getContactInfo + + public void putContactInfo(ContactInfo ci) throws DataException + { + if (logger.isDebugEnabled()) + logger.debug("putContactInfo() for UID " + uid); + + if ((ci.getOwnerUID()!=uid) || (ci.getOwnerSIGID()>=0)) + { // the contact information is not owned correctly + logger.error("ContactInfo ownership wrong (it's " + ci.getOwnerUID() + ", " + ci.getOwnerSIGID() + + "), should be (" + uid + ", -1)"); + throw new DataException("invalid contact information record"); + + } // end if + + Connection conn = null; // database connection + AuditRecord ar = null; // audit record + + try + { // get a database connection + conn = datapool.getConnection(); + Stashable obj = (Stashable)ci; + + // save the contact information + obj.stash(conn); + + if (contactid<0) + { // contact being established for the first time + contactid = ci.getContactID(); + if (logger.isDebugEnabled()) + logger.debug("...established initial contact (" + contactid + ") for user"); + + } // end if + + ar = new AuditRecord(AuditRecord.ADMIN_USER_CONTACT_INFO,user.realUID(),user.userRemoteAddress(), + "uid=" + uid,"contactid=" + contactid); + + } // end try + catch (ClassCastException cce) + { // we need to be able to coerce the ContactInfo to a Stashable + logger.error("ContactInfo needs to be a Stashable for this to work"); + throw new DataException("improper contact information record"); + + } // end catch + catch (SQLException e) + { // database error - this is a DataException + logger.error("DB error updating contact info: " + e.getMessage(),e); + throw new DataException("unable to access user contact data: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end if + + } // end putContactInfo + + public void setPassword(String password, String reminder) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + PasswordHash phash = new PasswordHash(password); + StringBuffer sql = new StringBuffer("UPDATE users SET passhash = '"); + sql.append(phash.toString()).append("', passreminder = '").append(SQLUtil.encodeString(reminder)); + sql.append("', access_tries = 0 WHERE uid = ").append(uid).append(';'); + stmt.executeUpdate(sql.toString()); + + // record an audit record for this user + ar = new AuditRecord(AuditRecord.ADMIN_PASSWORD_CHANGE,user.realUID(),user.userRemoteAddress(), + "uid=" + uid); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error changing password: " + e.getMessage(),e); + throw new DataException("Unable to set user password: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setPassword + + public Locale getLocale() + { + return my_locale; + + } // end getLocale + + public void setLocale(Locale locale) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + + // create the update statement + StringBuffer sql = new StringBuffer("UPDATE userprefs SET localeid = '"); + sql.append(SQLUtil.encodeString(locale.toString())).append("' WHERE uid = ").append(uid).append(';'); + + // execute the statement + stmt.executeUpdate(sql.toString()); + + // replace the locale here + my_locale = locale; + ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,"field=localeid"); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error setting user locale: " + e.getMessage(),e); + throw new DataException("unable to set user locale: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setLocale + + public TimeZone getTimeZone() + { + return my_tz; + + } // end getTimeZone + + public void setTimeZone(TimeZone timezone) throws DataException + { + Connection conn = null; + AuditRecord ar = null; + + try + { // retrieve a connection from the data pool + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + + // create the update statement + StringBuffer sql = new StringBuffer("UPDATE userprefs SET tzid = '"); + sql.append(SQLUtil.encodeString(timezone.getID())).append("' WHERE uid = ").append(uid).append(';'); + + // execute the statement + stmt.executeUpdate(sql.toString()); + + // replace the locale here + my_tz = timezone; + ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0, + "uid=" + uid,"field=tzid"); + + } // end try + catch (SQLException e) + { // turn SQLException into data exception + logger.error("DB error setting user timezone: " + e.getMessage(),e); + throw new DataException("unable to set user timezone: " + e.getMessage(),e); + + } // end catch + finally + { // make sure the connection is released before we go + try + { // save off the audit record before we go, though + if ((ar!=null) && (conn!=null)) + ar.store(conn); + + } // end try + catch (SQLException e) + { // we couldn't store the audit record! + logger.error("DB error saving audit record: " + e.getMessage(),e); + + } // end catch + + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end setTimeZone + + public java.util.Date getCreationDate() + { + return created; + + } // end getCreationDate + + public java.util.Date getLastAccessDate() + { + return last_access; + + } // end getLastAccessDate + + /*-------------------------------------------------------------------------------- + * Package-level static operations + *-------------------------------------------------------------------------------- + */ + + static AdminUserContext getAdminUserContext(EngineBackend engine, UserBackend user, DataPool datapool, + int uid) throws DataException + { + Connection conn = null; + + try + { // get a database connection + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + ResultSet rs = stmt.executeQuery("SELECT * FROM users INNER JOIN userprefs " + + "ON users.uid = userprefs.uid WHERE users.uid = " + uid + ";"); + if (!(rs.next())) + throw new DataException("The user with UID #" + uid + " was not found."); + if (rs.getBoolean("is_anon")) + throw new DataException("Cannot modify the defaults for the anonymous user."); + + return new AdminUserContextImpl(engine,user,datapool,rs); + + } // end try + catch (SQLException e) + { // we encountered an error! + logger.error("DB exception in getAdminUserContext: " + e.getMessage(),e); + throw new DataException("Unable to load context for user: " + e.getMessage()); + + } // end catch + finally + { // release the connection where necessary + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end getAdminUserContext + + static AdminUserContext getAdminUserContext(EngineBackend engine, UserBackend user, DataPool datapool, + String username) throws DataException + { + Connection conn = null; + + try + { // get a database connection + conn = datapool.getConnection(); + Statement stmt = conn.createStatement(); + ResultSet rs = stmt.executeQuery("SELECT * FROM users INNER JOIN userprefs " + + "ON users.uid = userprefs.uid WHERE users.username = '" + + SQLUtil.encodeString(username) + "';"); + if (!(rs.next())) + throw new DataException("The user '" + username + "' was not found."); + if (rs.getBoolean("is_anon")) + throw new DataException("Cannot modify the defaults for the anonymous user."); + + return new AdminUserContextImpl(engine,user,datapool,rs); + + } // end try + catch (SQLException e) + { // we encountered an error! + logger.error("DB exception in getAdminUserContext: " + e.getMessage(),e); + throw new DataException("Unable to load context for user: " + e.getMessage()); + + } // end catch + finally + { // release the connection where necessary + if (conn!=null) + datapool.releaseConnection(conn); + + } // end finally + + } // end getAdminUserContext + +} // end class AdminUserContextImpl diff --git a/src/com/silverwrist/venice/core/impl/UserContextImpl.java b/src/com/silverwrist/venice/core/impl/UserContextImpl.java index d01639e..6da5cc3 100644 --- a/src/com/silverwrist/venice/core/impl/UserContextImpl.java +++ b/src/com/silverwrist/venice/core/impl/UserContextImpl.java @@ -38,7 +38,7 @@ class UserContextImpl implements UserContext, UserBackend *-------------------------------------------------------------------------------- */ - private static Category logger = Category.getInstance(UserContextImpl.class.getName()); + private static Category logger = Category.getInstance(UserContextImpl.class); private static final String AUTH_TOKEN_PREFIX = "VQAT:"; private static final char AUTH_TOKEN_SEP = '|'; @@ -66,7 +66,7 @@ class UserContextImpl implements UserContext, UserBackend private String full_name = null; // my full name (cached) private Locale my_locale = null; // my default locale (cached) private TimeZone my_tz = null; // my default timezone (cached) - private Hashtable mru_cache = new Hashtable(); // MRU cache for ReferencedData objects + private HashMap mru_cache = new HashMap(); // MRU cache for ReferencedData objects /*-------------------------------------------------------------------------------- * Constructor diff --git a/src/com/silverwrist/venice/security/Audit.java b/src/com/silverwrist/venice/security/Audit.java index a8ac24b..56792cd 100644 --- a/src/com/silverwrist/venice/security/Audit.java +++ b/src/com/silverwrist/venice/security/Audit.java @@ -31,6 +31,11 @@ public interface Audit public static final int USER_CONTACT_INFO = 106; public static final int RESEND_CONFIRM = 107; public static final int PASSWORD_CHANGE = 108; + public static final int ADMIN_USER_CONTACT_INFO = 109; + public static final int ADMIN_PASSWORD_CHANGE = 110; + public static final int ADMIN_ACCOUNT_CHANGE = 111; + public static final int ADMIN_SET_SECURITY = 112; + public static final int ADMIN_LOCK_OUT = 113; // Codes 201-300 - SIG events public static final int CREATE_SIG = 201; diff --git a/src/com/silverwrist/venice/security/Role.java b/src/com/silverwrist/venice/security/Role.java index db683e4..d6ec8a3 100644 --- a/src/com/silverwrist/venice/security/Role.java +++ b/src/com/silverwrist/venice/security/Role.java @@ -26,17 +26,21 @@ public class Role implements Comparable, SecLevels *-------------------------------------------------------------------------------- */ - private static Role not_in_list = null; - private static Role no_access = null; - private static Role unrestricted_user = null; - private static Role sig_host = null; - private static ArrayList global_low = null; - private static ArrayList global_high = null; - private static ArrayList sig_low = null; - private static ArrayList sig_high = null; - private static ArrayList conf_low = null; - private static ArrayList conf_high = null; + private static Role not_in_list; + private static Role no_access; + private static Role unrestricted_user; + private static Role global_admin; + private static Role sig_host; + private static ArrayList global_low; + private static ArrayList global_high; + private static ArrayList sig_low; + private static ArrayList sig_high; + private static ArrayList conf_low; + private static ArrayList conf_high; + private static HashMap all_roles; + private static List base_levels = null; + private static List base_levels_2 = null; private static List sigreadlist_rc = null; private static List sigwritelist_rc = null; private static List sigcreatelist_rc = null; @@ -131,6 +135,53 @@ public class Role implements Comparable, SecLevels *-------------------------------------------------------------------------------- */ + public static Role getRoleForLevel(int level) + { + Role rc = (Role)(all_roles.get(new Integer(level))); + if (rc!=null) + return rc; + return new Role(level,"(Level " + level + ")"); + + } // end getRoleForLevel + + public static List getBaseLevelChoices() + { + if (base_levels==null) + { // create the returned list + ArrayList rc = new ArrayList(); + rc.addAll(global_low); + rc.add(unrestricted_user); + rc.addAll(global_high); + rc.remove(rc.size()-1); + base_levels = Collections.unmodifiableList(rc); + + } // end if + + return base_levels; + + } // end getBaseLevelChoices + + public static List getBaseLevelChoices2() + { + if (base_levels_2==null) + { // create the returned list + ArrayList rc = new ArrayList(); + rc.addAll(global_low); + rc.add(unrestricted_user); + base_levels_2 = Collections.unmodifiableList(rc); + + } // end if + + return base_levels_2; + + } // end getBaseLevelChoices2 + + public static Role getGlobalAdmin() + { + return global_admin; + + } // end getGlobalAdmin + public static List getSIGReadList() { if (sigreadlist_rc==null) @@ -342,46 +393,77 @@ public class Role implements Comparable, SecLevels static { + all_roles = new HashMap(); not_in_list = new Role(0,"(not in list)"); + all_roles.put(new Integer(0),not_in_list); no_access = new Role(NO_ACCESS,"No Access"); + all_roles.put(new Integer(NO_ACCESS),no_access); unrestricted_user = new Role(UNRESTRICTED_USER,"'Unrestricted' User"); + all_roles.put(new Integer(UNRESTRICTED_USER),unrestricted_user); + + Role tmp; // initialize the "global lowband" vector global_low = new ArrayList(3); - global_low.add(new Role(GLOBAL_ANONYMOUS,"Anonymous User")); - global_low.add(new Role(GLOBAL_UNVERIFIED,"Unauthenticated User")); - global_low.add(new Role(GLOBAL_NORMAL,"Normal User")); + tmp = new Role(GLOBAL_ANONYMOUS,"Anonymous User"); + global_low.add(tmp); + all_roles.put(new Integer(GLOBAL_ANONYMOUS),tmp); + tmp = new Role(GLOBAL_UNVERIFIED,"Unauthenticated User"); + global_low.add(tmp); + all_roles.put(new Integer(GLOBAL_UNVERIFIED),tmp); + tmp = new Role(GLOBAL_NORMAL,"Normal User"); + global_low.add(tmp); + all_roles.put(new Integer(GLOBAL_NORMAL),tmp); global_low.trimToSize(); // initialize the "global highband" vector global_high = new ArrayList(3); - global_high.add(new Role(GLOBAL_ANYADMIN,"Any System Administrator")); - global_high.add(new Role(GLOBAL_PFY,"System Assistant Administrator")); - global_high.add(new Role(GLOBAL_BOFH,"Global System Administrator")); + tmp = new Role(GLOBAL_ANYADMIN,"Any System Administrator"); + global_high.add(tmp); + all_roles.put(new Integer(GLOBAL_ANYADMIN),tmp); + tmp = new Role(GLOBAL_PFY,"System Assistant Administrator"); + global_high.add(tmp); + all_roles.put(new Integer(GLOBAL_PFY),tmp); + global_admin = new Role(GLOBAL_BOFH,"Global System Administrator"); + global_high.add(global_admin); + all_roles.put(new Integer(GLOBAL_BOFH),global_admin); global_high.trimToSize(); // initialize the "SIG lowband" vector sig_low = new ArrayList(1); - sig_low.add(new Role(SIG_MEMBER,"SIG Member")); + tmp = new Role(SIG_MEMBER,"SIG Member"); + sig_low.add(tmp); + all_roles.put(new Integer(SIG_MEMBER),tmp); sig_low.trimToSize(); // initialize the "SIG highband" vector sig_high = new ArrayList(3); - sig_high.add(new Role(SIG_ANYADMIN,"Any SIG Administrator")); - sig_high.add(new Role(SIG_COHOST,"SIG Co-Host")); + tmp = new Role(SIG_ANYADMIN,"Any SIG Administrator"); + sig_high.add(tmp); + all_roles.put(new Integer(SIG_ANYADMIN),tmp); + tmp = new Role(SIG_COHOST,"SIG Co-Host"); + sig_high.add(tmp); + all_roles.put(new Integer(SIG_COHOST),tmp); sig_host = new Role(SIG_HOST,"SIG Host"); sig_high.add(sig_host); + all_roles.put(new Integer(SIG_HOST),sig_host); sig_high.trimToSize(); // initialize the "conference lowband" vector conf_low = new ArrayList(1); - conf_low.add(new Role(CONFERENCE_MEMBER,"Conference Member")); + tmp = new Role(CONFERENCE_MEMBER,"Conference Member"); + conf_low.add(tmp); + all_roles.put(new Integer(CONFERENCE_MEMBER),tmp); conf_low.trimToSize(); // initialize the "conference highband" vector conf_high = new ArrayList(2); - conf_high.add(new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator")); - conf_high.add(new Role(CONFERENCE_HOST,"Conference Host")); + tmp = new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator"); + conf_high.add(tmp); + all_roles.put(new Integer(CONFERENCE_ANYADMIN),tmp); + tmp = new Role(CONFERENCE_HOST,"Conference Host"); + conf_high.add(tmp); + all_roles.put(new Integer(CONFERENCE_HOST),tmp); conf_high.trimToSize(); } // end static initializer diff --git a/src/com/silverwrist/venice/servlets/SystemAdmin.java b/src/com/silverwrist/venice/servlets/SystemAdmin.java index 3766288..9266a87 100644 --- a/src/com/silverwrist/venice/servlets/SystemAdmin.java +++ b/src/com/silverwrist/venice/servlets/SystemAdmin.java @@ -23,6 +23,7 @@ import javax.servlet.*; import javax.servlet.http.*; import org.apache.log4j.*; import com.silverwrist.util.StringUtil; +import com.silverwrist.venice.ValidationException; import com.silverwrist.venice.core.*; import com.silverwrist.venice.servlets.format.*; @@ -57,6 +58,23 @@ public class SystemAdmin extends VeniceServlet } // end makeSystemAdminTop + private AdminModifyUserDialog makeAdminModifyUserDialog() throws ServletException + { + final String desired_name = "AdminModifyUserDialog"; + DialogCache cache = DialogCache.getDialogCache(getServletContext()); + + if (!(cache.isCached(desired_name))) + { // create a template and save it off + AdminModifyUserDialog template = new AdminModifyUserDialog(getCountryList()); + cache.saveTemplate(template); + + } // end if + + // return a new copy + return (AdminModifyUserDialog)(cache.getNewDialog(desired_name)); + + } // end makeAdminModifyUserDialog + /*-------------------------------------------------------------------------------- * Overrides from class HttpServlet *-------------------------------------------------------------------------------- @@ -127,6 +145,54 @@ public class SystemAdmin extends VeniceServlet } // end if ("A" command) + if (cmd.equals("UF")) + { // "UF" = "User Find" - the initial screen of User Account Management + if (!(user.hasAdminAccess())) + return new ErrorBox("Access Error","You do not have permission to administer the system.",null); + + // prepare and load the display + AdminFindUser afu = new AdminFindUser(engine); + afu.loadGet(); + setMyLocation(request,"sysadmin?cmd=UF"); + return afu; + + } // end if ("UF" command) + + if (cmd.equals("UM")) + { // "UM" = "User Modify" - the second screen of user account management + try + { // get the user to be modified + AdminOperations adm = user.getAdminInterface(); + String s_uid = request.getParameter("uid"); + if (s_uid==null) + throw new ErrorBox(null,"User ID parameter not found.","sysadmin?cmd=UF"); + AdminUserContext admuser = adm.getUserContext(Integer.parseInt(s_uid)); + + AdminModifyUserDialog dlg = makeAdminModifyUserDialog(); + dlg.setupDialog(adm.isGlobalAdmin(),admuser); + setMyLocation(request,"sysadmin?cmd=UM"); + return dlg; + + } // end try + catch (AccessError ae) + { // an access error generally means we're not an administrator + return new ErrorBox("Access Error","You do not have permission to administer the system.",null); + + } // end catch + catch (DataException de) + { // error pulling the audit records + return new ErrorBox("Database Error","Unable to retrieve user information: " + de.getMessage(), + "sysadmin?cmd=UF"); + + } // end catch + catch (NumberFormatException nfe) + { // this is if we get a bogus UID + return new ErrorBox(null,"Invalid user ID parameter.","sysadmin?cmd=UF"); + + } // end catch + + } // end if ("UM" command) + // TODO: other command handling if (!(user.hasAdminAccess())) @@ -137,4 +203,110 @@ public class SystemAdmin extends VeniceServlet } // end doVeniceGet + protected VeniceContent doVenicePost(HttpServletRequest request, VeniceEngine engine, + UserContext user, RenderData rdat) + throws ServletException, IOException, VeniceServletResult + { + // decide what to do based on the "cmd" parameter + String cmd = getStandardCommandParam(request); + if (logger.isDebugEnabled()) + logger.debug("SystemAdmin/doPost command value = " + cmd); + + if (cmd.equals("UF")) + { // "UF" = "User Find" - the initial screen of User Account Management + if (!(user.hasAdminAccess())) + return new ErrorBox("Access Error","You do not have permission to administer the system.",null); + + try + { // prepare and load the display + AdminFindUser afu = new AdminFindUser(engine); + afu.loadPost(request); + setMyLocation(request,"sysadmin?cmd=UF"); + return afu; + + } // end try + catch (DataException de) + { // catch a database error and return it + return new ErrorBox("Database Error","Database error on find: " + de.getMessage(),"sysadmin?cmd=UF"); + + } // end catch + catch (ValidationException ve) + { // there was a validation error + return new ErrorBox("Find Error",ve.getMessage(),"sysadmin?cmd=UF"); + + } // end catch + + } // end if ("UF" command) + + if (cmd.equals("UM")) + { // "UM" = "User Modify" - the second screen of user account management + try + { // get the dialog box + AdminModifyUserDialog dlg = makeAdminModifyUserDialog(); + + if (dlg.isButtonClicked(request,"cancel")) + throw new RedirectResult("sysadmin?cmd=UF"); // we decided not to bother - go back + + if (dlg.isButtonClicked(request,"update")) + { // get the user to be modified + AdminOperations adm = user.getAdminInterface(); + String s_uid = request.getParameter("uid"); + if (s_uid==null) + throw new ErrorBox(null,"User ID parameter not found.","sysadmin?cmd=UF"); + AdminUserContext admuser = adm.getUserContext(Integer.parseInt(s_uid)); + + dlg.loadValues(request); // load field values + + try + { // execute the dialog! + dlg.doDialog(admuser); + throw new RedirectResult("sysadmin?cmd=UF"); + + } // end try + catch (ValidationException ve) + { // this is a simple error + dlg.resetOnError(adm.isGlobalAdmin(),admuser,ve.getMessage() + " Please try again."); + setMyLocation(request,"sysadmin?cmd=UM"); + return dlg; + + } // end catch + + } // end if + else + { // the button must be wrong! + logger.error("no known button click on Account.doPost, cmd=P"); + return new ErrorBox("Internal Error","Unknown command button pressed","sysadmin?cmd=UF"); + + } // end else + + } // end try + catch (AccessError ae) + { // an access error generally means we're not an administrator + return new ErrorBox("Access Error","You do not have permission to administer the system.",null); + + } // end catch + catch (DataException de) + { // error pulling the audit records + return new ErrorBox("Database Error","Unable to retrieve user information: " + de.getMessage(), + "sysadmin?cmd=UF"); + + } // end catch + catch (NumberFormatException nfe) + { // this is if we get a bogus UID + return new ErrorBox(null,"Invalid user ID parameter.","sysadmin?cmd=UF"); + + } // end catch + + } // end if ("UM" command) + + // TODO: other command handling + + if (!(user.hasAdminAccess())) + return new ErrorBox("Access Error","You do not have permission to administer the system.",null); + + setMyLocation(request,"sysadmin"); + return makeSystemAdminTop(); + + } // end doVenicePost + } // end class SystemAdmin diff --git a/src/com/silverwrist/venice/servlets/format/AdminFindUser.java b/src/com/silverwrist/venice/servlets/format/AdminFindUser.java new file mode 100644 index 0000000..59e7f1b --- /dev/null +++ b/src/com/silverwrist/venice/servlets/format/AdminFindUser.java @@ -0,0 +1,240 @@ +/* + * The contents of this file are subject to the Mozilla Public License Version 1.1 + * (the "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at . + * + * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTY OF ANY KIND, either express or implied. See the License for the specific + * language governing rights and limitations under the License. + * + * The Original Code is the Venice Web Communities System. + * + * The Initial Developer of the Original Code is Eric J. Bowersox , + * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + * Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + * + * Contributor(s): + */ +package com.silverwrist.venice.servlets.format; + +import java.util.*; +import javax.servlet.*; +import com.silverwrist.util.StringUtil; +import com.silverwrist.venice.ValidationException; +import com.silverwrist.venice.core.*; + +public class AdminFindUser implements JSPRender, SearchMode +{ + /*-------------------------------------------------------------------------------- + * Static data members + *-------------------------------------------------------------------------------- + */ + + // Attribute name for request attribute + protected static final String ATTR_NAME = "com.silverwrist.venice.content.AdminFindUser"; + + /*-------------------------------------------------------------------------------- + * Attributes + *-------------------------------------------------------------------------------- + */ + + private VeniceEngine engine; + private int field = -1; + private int mode = -1; + private String term = null; + private int offset = 0; + private List results = null; + private int find_count = -1; + + /*-------------------------------------------------------------------------------- + * Constructor + *-------------------------------------------------------------------------------- + */ + + public AdminFindUser(VeniceEngine engine) + { + this.engine = engine; + + } // end constructor + + /*-------------------------------------------------------------------------------- + * Internal functions + *-------------------------------------------------------------------------------- + */ + + private static int getParamInt(ServletRequest request, String name, int default_val) + { + String str = request.getParameter(name); + if (str==null) + return -1; + + try + { // parse the integer value + return Integer.parseInt(str); + + } // end try + catch (NumberFormatException nfe) + { // in case of conversion error, return default + return default_val; + + } // end catch + + } // end getParamInt + + private static boolean isImageButtonClicked(ServletRequest request, String name) + { + String val = request.getParameter(name + ".x"); + return (val!=null); + + } // end isImageButtonClicked + + /*-------------------------------------------------------------------------------- + * External static functions + *-------------------------------------------------------------------------------- + */ + + public static AdminFindUser retrieve(ServletRequest request) + { + return (AdminFindUser)(request.getAttribute(ATTR_NAME)); + + } // end retrieve + + /*-------------------------------------------------------------------------------- + * Implementations from interface VeniceContent + *-------------------------------------------------------------------------------- + */ + + public String getPageTitle(RenderData rdat) + { + return "User Account Management"; + + } // end getPageTitle + + /*-------------------------------------------------------------------------------- + * Implementations from interface JSPRender + *-------------------------------------------------------------------------------- + */ + + public void store(ServletRequest request) + { + request.setAttribute(ATTR_NAME,this); + + } // end store + + public String getTargetJSPName() + { + return "admin_find.jsp"; + + } // end getTargetJSPName + + /*-------------------------------------------------------------------------------- + * External operations + *-------------------------------------------------------------------------------- + */ + + public int getSearchField() + { + return field; + + } // end getSearchField + + public boolean searchFieldIs(int value) + { + return (value==field); + + } // end searchFieldIs + + public int getSearchMode() + { + return mode; + + } // end getSearchMode + + public boolean searchModeIs(int value) + { + return (value==mode); + + } // end searchModeIs + + public String getSearchTerm() + { + return term; + + } // end getSearchTerm + + public List getResultsList() + { + return results; + + } // end getResultsList + + public int getNumResultsDisplayed() + { + return engine.getStdNumSearchResults(); + + } // end getNumResultsDisplayed + + public int getFindCount() + { + return find_count; + + } // end getFindCount + + public int getOffset() + { + return offset; + + } // end getOffset + + public void loadGet() + { + field = FIELD_USER_NAME; + mode = SEARCH_PREFIX; + term = ""; + + } // end loadGet + + public void loadPost(ServletRequest request) throws ValidationException, DataException + { + int catid = -1; + + // Retrieve all the posted parameters from the form and validate them. + field = getParamInt(request,"field",FIELD_USER_NAME); + if ( (field!=FIELD_USER_NAME) && (field!=FIELD_USER_DESCRIPTION) && (field!=FIELD_USER_GIVEN_NAME) + && (field!=FIELD_USER_FAMILY_NAME)) + throw new ValidationException("The field search parameter is not valid."); + mode = getParamInt(request,"mode",SEARCH_PREFIX); + if ((mode!=SEARCH_PREFIX) && (mode!=SEARCH_SUBSTRING) && (mode!=SEARCH_REGEXP)) + throw new ValidationException("The search mode parameter is not valid."); + term = request.getParameter("term"); + if (term==null) + term = ""; + + // Retrieve the offset and find count parameters. + offset = getParamInt(request,"ofs",0); + find_count = getParamInt(request,"fcount",-1); + + // Adjust the search return offset based on the command button click. + int count = getNumResultsDisplayed(); + if (isImageButtonClicked(request,"search")) + offset = 0; + else if (isImageButtonClicked(request,"previous")) + { // adjust the offset in the reverse direction + offset -= count; + if (offset<0) + offset = 0; + + } // end else if + else if (isImageButtonClicked(request,"next")) + offset += count; // go forwards instead + else + throw new ValidationException("Unable to determine what action triggered the form."); + + // Run the actual search. + results = engine.searchForUsers(field,mode,term,offset,count); + if (find_count<0) + find_count = engine.getSearchUserCount(field,mode,term); + + } // end loadPost + +} // end class AdminFindUser diff --git a/src/com/silverwrist/venice/servlets/format/AdminModifyUserDialog.java b/src/com/silverwrist/venice/servlets/format/AdminModifyUserDialog.java new file mode 100644 index 0000000..b88ee3e --- /dev/null +++ b/src/com/silverwrist/venice/servlets/format/AdminModifyUserDialog.java @@ -0,0 +1,294 @@ +/* + * The contents of this file are subject to the Mozilla Public License Version 1.1 + * (the "License"); you may not use this file except in compliance with the License. + * You may obtain a copy of the License at . + * + * Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + * WARRANTY OF ANY KIND, either express or implied. See the License for the specific + * language governing rights and limitations under the License. + * + * The Original Code is the Venice Web Communities System. + * + * The Initial Developer of the Original Code is Eric J. Bowersox , + * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + * Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + * + * Contributor(s): + */ +package com.silverwrist.venice.servlets.format; + +import java.util.*; +import com.silverwrist.util.LocaleFactory; +import com.silverwrist.util.StringUtil; +import com.silverwrist.venice.ValidationException; +import com.silverwrist.venice.core.*; +import com.silverwrist.venice.security.Role; + +public class AdminModifyUserDialog extends ContentDialog +{ + /*-------------------------------------------------------------------------------- + * Constructors + *-------------------------------------------------------------------------------- + */ + + public AdminModifyUserDialog(List country_list) + { + super("Modify User Account",null,"moduserform","sysadmin"); + setHiddenField("cmd","UM"); + setHiddenField("uid",""); + + addFormField(new CDFormCategoryHeader("Security Information","To change the user's password, enter a new " + + "password into the fields below.")); + addFormField(new CDPasswordFormField("pass1","Password",null,false,32,128)); + addFormField(new CDPasswordFormField("pass2","Password","(retype)",false,32,128)); + addFormField(new CDTextFormField("remind","Password reminder phrase",null,false,32,255)); + addFormField(new CDRoleListFormField("base_lvl","Base security level",null,true, + Role.getBaseLevelChoices())); + addFormField(new CDCheckBoxFormField("verify_email","E-mail address verified",null,"Y")); + addFormField(new CDCheckBoxFormField("lockout","Account locked out",null,"Y")); + addFormField(new CDFormCategoryHeader("Name")); + addFormField(new CDTextFormField("prefix","Prefix","(Mr., Ms., etc.)",false,8,8)); + addFormField(new CDTextFormField("first","First name",null,true,32,64)); + addFormField(new CDTextFormField("mid","Middle initial",null,false,1,1)); + addFormField(new CDTextFormField("last","Last name",null,true,32,64)); + addFormField(new CDTextFormField("suffix","Suffix","(Jr., III, etc.)",false,16,16)); + addFormField(new CDFormCategoryHeader("Location")); + addFormField(new CDTextFormField("company","Company",null,false,32,255)); + addFormField(new CDTextFormField("addr1","Address",null,false,32,255)); + addFormField(new CDTextFormField("addr2","Address","(line 2)",false,32,255)); + addFormField(new CDCheckBoxFormField("pvt_addr","Hide address in profile",null,"Y")); + addFormField(new CDTextFormField("loc","City",null,true,32,64)); + addFormField(new CDTextFormField("reg","State/Province",null,true,32,64)); + addFormField(new CDTextFormField("pcode","Zip/Postal Code",null,true,32,64)); + addFormField(new CDCountryListFormField("country","Country",null,true,country_list)); + addFormField(new CDFormCategoryHeader("Phone Numbers")); + addFormField(new CDTextFormField("phone","Telephone",null,false,32,32)); + addFormField(new CDTextFormField("mobile","Mobile/cellphone",null,false,32,32)); + addFormField(new CDCheckBoxFormField("pvt_phone","Hide phone/mobile numbers in profile",null,"Y")); + addFormField(new CDTextFormField("fax","Fax",null,false,32,32)); + addFormField(new CDCheckBoxFormField("pvt_fax","Hide fax number in profile",null,"Y")); + addFormField(new CDFormCategoryHeader("Internet")); + addFormField(new CDEmailAddressFormField("email","E-mail address",null,true,32,255)); + addFormField(new CDCheckBoxFormField("pvt_email","Hide e-mail address in profile",null,"Y")); + addFormField(new CDTextFormField("url","Home page","(URL)",false,32,255)); + addFormField(new CDFormCategoryHeader("Personal")); + addFormField(new CDTextFormField("descr","Personal description",null,false,32,255)); + addFormField(new CDFormCategoryHeader("User Preferences")); + addFormField(new CDLocaleListFormField("locale","Default locale","(for formatting dates/times)",true)); + addFormField(new CDTimeZoneListFormField("tz","Default time zone",null,true)); + addCommandButton(new CDImageButton("update","bn_update.gif","Update",80,24)); + addCommandButton(new CDImageButton("cancel","bn_cancel.gif","Cancel",80,24)); + + } // end constructor + + protected AdminModifyUserDialog(AdminModifyUserDialog other) + { + super(other); + + } // end AdminModifyUserDialog + + /*-------------------------------------------------------------------------------- + * Internal functions + *-------------------------------------------------------------------------------- + */ + + private void coreSetup(boolean is_global_admin, AdminUserContext admuser) + { + setSubtitle("User: " + admuser.getUserName()); + setHiddenField("uid",String.valueOf(admuser.getUID())); + + CDPickListFormField level_field = (CDPickListFormField)modifyField("base_lvl"); + List role_list; + if (is_global_admin) + role_list = level_field.getChoicesList(); + else + { // not a global admin - deny user the right to select assistant admin choices + role_list = Role.getBaseLevelChoices2(); + level_field.setChoicesList(role_list); + + } // end else + + // See if this level was found on the list. + boolean found = false; + Iterator it = role_list.iterator(); + while (it.hasNext()) + { // seek each role in turn + Role r = (Role)(it.next()); + if (r.getLevel()==admuser.getBaseLevel()) + { // found it! + found = true; + break; + + } // end if + + } // end while + + if (!found) + { // not in the list - set the defined "role list" to be a singleton of our current level + role_list = Collections.singletonList(Role.getRoleForLevel(admuser.getBaseLevel())); + level_field.setChoicesList(role_list); + + } // end if + + } // end coreSetup + + /*-------------------------------------------------------------------------------- + * Overrides from class Object + *-------------------------------------------------------------------------------- + */ + + public Object clone() + { + return new AdminModifyUserDialog(this); + + } // end clone + + /*-------------------------------------------------------------------------------- + * Overrides from class ContentDialog + *-------------------------------------------------------------------------------- + */ + + protected void validateWholeForm() throws ValidationException + { + String pass1 = getFieldValue("pass1"); + String pass2 = getFieldValue("pass2"); + + if (StringUtil.isStringEmpty(pass1)) + { // empty must match empty + if (!StringUtil.isStringEmpty(pass2)) + throw new ValidationException("The typed passwords do not match."); + + } // end if + else + { // the two passwords must match + if (!(pass1.equals(pass2))) + throw new ValidationException("The typed passwords do not match."); + + } // end if + + } // end validateWholeForm + + /*-------------------------------------------------------------------------------- + * External operations + *-------------------------------------------------------------------------------- + */ + + public void setupDialog(boolean is_global_admin, AdminUserContext admuser) throws DataException + { + coreSetup(is_global_admin,admuser); + + setFieldValue("base_lvl",String.valueOf(admuser.getBaseLevel())); + if (admuser.isEmailVerified()) + setFieldValue("verify_email","Y"); + if (admuser.isLockedOut()) + setFieldValue("lockout","Y"); + + ContactInfo ci = admuser.getContactInfo(); // get the main contact info + + setFieldValue("prefix",ci.getNamePrefix()); + setFieldValue("first",ci.getGivenName()); + char init = ci.getMiddleInitial(); + if (init!=' ') + setFieldValue("mid",String.valueOf(init)); + setFieldValue("last",ci.getFamilyName()); + setFieldValue("suffix",ci.getNameSuffix()); + setFieldValue("company",ci.getCompany()); + setFieldValue("addr1",ci.getAddressLine1()); + setFieldValue("addr2",ci.getAddressLine2()); + if (ci.getPrivateAddress()) + setFieldValue("pvt_addr","Y"); + setFieldValue("loc",ci.getLocality()); + setFieldValue("reg",ci.getRegion()); + setFieldValue("pcode",ci.getPostalCode()); + setFieldValue("country",ci.getCountry()); + setFieldValue("phone",ci.getPhone()); + setFieldValue("mobile",ci.getMobile()); + if (ci.getPrivatePhone()) + setFieldValue("pvt_phone","Y"); + setFieldValue("fax",ci.getFax()); + if (ci.getPrivateFax()) + setFieldValue("pvt_fax","Y"); + setFieldValue("email",ci.getEmail()); + if (ci.getPrivateEmail()) + setFieldValue("pvt_email","Y"); + setFieldValue("url",ci.getURL()); + setFieldValue("descr",admuser.getDescription()); + setFieldValue("locale",admuser.getLocale().toString()); + setFieldValue("tz",admuser.getTimeZone().getID()); + + } // end setupDialog + + public void doDialog(AdminUserContext admuser) throws ValidationException, DataException + { + validate(); // validate the dialog + + final String yes = "Y"; // the "yes" string + + try + { // reset the base level + admuser.setBaseLevel(Integer.parseInt(getFieldValue("base_lvl"))); + + } // end try + catch (NumberFormatException nfe) + { // this shouldn't happen + throw new InternalStateError("new_level should be an integer - form screwup"); + + } // end catch + + // Change the password if applicable. + String foo = getFieldValue("pass1"); + if (!StringUtil.isStringEmpty(foo)) + admuser.setPassword(foo,getFieldValue("remind")); + + admuser.setEmailVerified(yes.equals(getFieldValue("verify_email"))); + admuser.setLockedOut(yes.equals(getFieldValue("lockout"))); + + ContactInfo ci = admuser.getContactInfo(); // get the main contact info + + // Reset all the contact info fields. + ci.setNamePrefix(getFieldValue("prefix")); + ci.setGivenName(getFieldValue("first")); + foo = getFieldValue("mid"); + if ((foo==null) || (foo.length()<1)) + ci.setMiddleInitial(' '); + else + ci.setMiddleInitial(foo.charAt(0)); + ci.setFamilyName(getFieldValue("last")); + ci.setNameSuffix(getFieldValue("suffix")); + ci.setCompany(getFieldValue("company")); + ci.setAddressLine1(getFieldValue("addr1")); + ci.setAddressLine2(getFieldValue("addr2")); + ci.setPrivateAddress(yes.equals(getFieldValue("pvt_addr"))); + ci.setLocality(getFieldValue("loc")); + ci.setRegion(getFieldValue("reg")); + ci.setPostalCode(getFieldValue("pcode")); + ci.setCountry(getFieldValue("country")); + ci.setPhone(getFieldValue("phone")); + ci.setMobile(getFieldValue("mobile")); + ci.setPrivatePhone(yes.equals(getFieldValue("pvt_phone"))); + ci.setFax(getFieldValue("fax")); + ci.setPrivateFax(yes.equals(getFieldValue("pvt_fax"))); + ci.setEmail(getFieldValue("email")); + ci.setPrivateEmail(yes.equals(getFieldValue("pvt_email"))); + ci.setURL(getFieldValue("url")); + + // Store the completed contact info. + admuser.putContactInfo(ci); + + // Save off the user's description and preferences. + admuser.setDescription(getFieldValue("descr")); + admuser.setLocale(LocaleFactory.createLocale(getFieldValue("locale"))); + admuser.setTimeZone(TimeZone.getTimeZone(getFieldValue("tz"))); + + } // end doDialog + + public void resetOnError(boolean is_global_admin, AdminUserContext admuser, String message) + { + coreSetup(is_global_admin,admuser); + setErrorMessage(message); + setFieldValue("pass1",null); + setFieldValue("pass2",null); + + } // end resetOnError + +} // end class AdminModifyUserDialog diff --git a/src/com/silverwrist/venice/servlets/format/CDPickListFormField.java b/src/com/silverwrist/venice/servlets/format/CDPickListFormField.java index 0590f56..377766e 100644 --- a/src/com/silverwrist/venice/servlets/format/CDPickListFormField.java +++ b/src/com/silverwrist/venice/servlets/format/CDPickListFormField.java @@ -83,4 +83,21 @@ public abstract class CDPickListFormField extends CDBaseFormField } // end renderActualField + /*-------------------------------------------------------------------------------- + * External operations + *-------------------------------------------------------------------------------- + */ + + public List getChoicesList() + { + return choices; + + } // end getChoicesList + + public void setChoicesList(List list) + { + this.choices = list; + + } // end setChoicesList + } // end class CDPickListFormField diff --git a/src/com/silverwrist/venice/servlets/format/ContentDialog.java b/src/com/silverwrist/venice/servlets/format/ContentDialog.java index 81e30b8..158aa6b 100644 --- a/src/com/silverwrist/venice/servlets/format/ContentDialog.java +++ b/src/com/silverwrist/venice/servlets/format/ContentDialog.java @@ -219,6 +219,17 @@ public class ContentDialog implements Cloneable, ContentRender } // end renderHere + /*-------------------------------------------------------------------------------- + * Operations usable only from derived classes + *-------------------------------------------------------------------------------- + */ + + protected CDFormField modifyField(String name) + { + return (CDFormField)(form_fields.get(name)); + + } // end modifyField + /*-------------------------------------------------------------------------------- * External operations *-------------------------------------------------------------------------------- @@ -230,6 +241,12 @@ public class ContentDialog implements Cloneable, ContentRender } // end setTitle + public void setSubtitle(String subtitle) + { + this.subtitle = subtitle; + + } // end setSubtitle + public void setErrorMessage(String message) { this.error_message = message; diff --git a/src/com/silverwrist/venice/servlets/format/FindData.java b/src/com/silverwrist/venice/servlets/format/FindData.java index 007a761..bcc40b3 100644 --- a/src/com/silverwrist/venice/servlets/format/FindData.java +++ b/src/com/silverwrist/venice/servlets/format/FindData.java @@ -7,7 +7,7 @@ * WARRANTY OF ANY KIND, either express or implied. See the License for the specific * language governing rights and limitations under the License. * - * The Original Code is the Venice Web Community System. + * The Original Code is the Venice Web Communities System. * * The Initial Developer of the Original Code is Eric J. Bowersox , * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are diff --git a/src/com/silverwrist/venice/servlets/format/SystemAdminTop.java b/src/com/silverwrist/venice/servlets/format/SystemAdminTop.java index 057fd13..ac0f577 100644 --- a/src/com/silverwrist/venice/servlets/format/SystemAdminTop.java +++ b/src/com/silverwrist/venice/servlets/format/SystemAdminTop.java @@ -33,7 +33,7 @@ public class SystemAdminTop extends ContentMenuPanel super("System Administration",null); addChoice("Set Global Parameters","TODO"); addChoice("View/Edit Banned Users","TODO"); - addChoice("User Account Management","TODO"); + addChoice("User Account Management","sysadmin?cmd=UF"); addChoice("System Audit Logs","sysadmin?cmd=A"); } // end constructor diff --git a/web/format/admin_find.jsp b/web/format/admin_find.jsp new file mode 100644 index 0000000..a4e16b5 --- /dev/null +++ b/web/format/admin_find.jsp @@ -0,0 +1,147 @@ +<%-- + The contents of this file are subject to the Mozilla Public License Version 1.1 + (the "License"); you may not use this file except in compliance with the License. + You may obtain a copy of the License at . + + Software distributed under the License is distributed on an "AS IS" basis, WITHOUT + WARRANTY OF ANY KIND, either express or implied. See the License for the specific + language governing rights and limitations under the License. + + The Original Code is the Venice Web Communities System. + + The Initial Developer of the Original Code is Eric J. Bowersox , + for Silverwrist Design Studios. Portions created by Eric J. Bowersox are + Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved. + + Contributor(s): +--%> +<%@ page import = "java.util.*" %> +<%@ page import = "com.silverwrist.util.StringUtil" %> +<%@ page import = "com.silverwrist.venice.core.*" %> +<%@ page import = "com.silverwrist.venice.servlets.Variables" %> +<%@ page import = "com.silverwrist.venice.servlets.format.*" %> +<% + AdminFindUser data = AdminFindUser.retrieve(request); + Variables.failIfNull(data); + RenderData rdat = RenderConfig.createRenderData(application,request,response); + String stdfont = rdat.getStdFontTag(null,2); +%> +<% rdat.writeContentHeader(out,"User Account Management",null); %> +<%= stdfont %>">Return to +System Administration Menu

+ +<%-- Display the search form --%> +<% if (rdat.useHTMLComments()) { %><% } %> +

"> + + + <%= rdat.getStdFontTag(null,4) %>Find Users:
+ <%= stdfont %> + Display all users whose   +
+ + +    +
+ " + ALT="Search" WIDTH=80 HEIGHT=24 BORDER=0>
+ +
+ +<% List results = data.getResultsList(); %> +<% if (results!=null) { %> + <% if (rdat.useHTMLComments()) { %><% } %> + <% + // Determine the number of results to display and whether to display a "next" button + int dcount = results.size(); + boolean go_next = false; + if (dcount>data.getNumResultsDisplayed()) + { // there's a "next" + dcount = data.getNumResultsDisplayed(); + go_next = true; + + } // end if + %> +
+ + + + +
<%= rdat.getStdFontTag(null,3) %> + <%-- The initial search results --%> + Search Results + <% if (data.getFindCount()>0) { %> + (Displaying <%= data.getOffset() + 1 %>-<%= data.getOffset() + dcount %> of + <%= data.getFindCount() %>) + <% } else { %>(None)<% } %> + + <% if (go_next || (data.getOffset()>0)) { %> + <%-- The navigational form that allows us to page through the results --%> + <% if (rdat.useHTMLComments()) { %><% } %> +
"> + + + + + + + <% if (data.getOffset()>0) { %> + " + ALT="Previous" WIDTH=80 HEIGHT=24 BORDER=0> + <% } else { %> + " WIDTH=80 HEIGHT=24 BORDER=0> + <% } // end if %> +    + <% if (go_next) { %> + " + ALT="Next" WIDTH=80 HEIGHT=24 BORDER=0> + <% } else { %> + " WIDTH=80 HEIGHT=24 BORDER=0> + <% } // end if %> + +
+ <% } else { %> <% } %> +

+ + <%-- Display the results of the search --%> + + <% for (int i=0; i + + + + + <% } // end for %> + +
+ " ALT="*" WIDTH=14 HEIGHT=14 BORDER=0> + <%= stdfont %> + <% UserFound uf = (UserFound)(results.get(i)); %> + "><%= uf.getName() %>
+ <%= StringUtil.encodeHTML(uf.getGivenName()) %> <%= StringUtil.encodeHTML(uf.getFamilyName()) %>, + from <%= StringUtil.encodeHTML(uf.getLocality()) %>, <%= StringUtil.encodeHTML(uf.getRegion()) %> + <%= uf.getCountry() %> + <% if (!StringUtil.isStringEmpty(uf.getDescription())) { %> +
<%= StringUtil.encodeHTML(uf.getDescription()) %> + <% } // end if %> +
+ ">[Modify User] +

+<% } // end if (results found) %> +