amy/venice-main-classic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added Admin Modify User functionality

Browse Source
This commit is contained in:
Eric J. Bowersox 2001-04-16 05:23:39 +00:00
parent acc7f06e66
commit d63681a0ad
16 changed files with 1747 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
setup/database.sql
View File

@ -436,6 +436,11 @@ INSERT INTO refaudit (type, descr) VALUES
(106, 'Set User Contact Info'), (106, 'Set User Contact Info'),
(107, 'Resend Email Confirmation'), (107, 'Resend Email Confirmation'),
(108, 'Password Change'), (108, 'Password Change'),
(109, 'Admin Set User Contact Info'),
(110, 'Admin Change User Password'),
(111, 'Admin Change User Account'),
(112, 'Admin Set Account Security'),
(113, 'Admin Lock/Unlock Account'),
(201, 'Create New SIG'), (201, 'Create New SIG'),
(202, 'Set SIG Membership'), (202, 'Set SIG Membership'),
(203, 'Set SIG Contact Info'), (203, 'Set SIG Contact Info'),

6
src/com/silverwrist/venice/core/AdminOperations.java
View File

@ -21,8 +21,14 @@ import java.util.List;
public interface AdminOperations public interface AdminOperations
{ {
public abstract boolean isGlobalAdmin();
public abstract List getAuditRecords(int offset, int count) throws DataException; public abstract List getAuditRecords(int offset, int count) throws DataException;
public abstract int getAuditRecordCount() throws DataException; public abstract int getAuditRecordCount() throws DataException;
public abstract AdminUserContext getUserContext(int uid) throws DataException;
public abstract AdminUserContext getUserContext(String username) throws DataException;
} // end interface AdminOperations } // end interface AdminOperations

66
src/com/silverwrist/venice/core/AdminUserContext.java Normal file
View File

@ -0,0 +1,66 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.core;
import java.util.Date;
import java.util.Locale;
import java.util.TimeZone;
public interface AdminUserContext
{
public abstract int getUID();
public abstract String getUserName();
public abstract int getContactID();
public abstract String getDescription();
public abstract void setDescription(String new_descr) throws DataException;
public abstract int getBaseLevel();
public abstract void setBaseLevel(int new_level) throws DataException;
public abstract boolean isEmailVerified();
public abstract void setEmailVerified(boolean flag) throws DataException;
public abstract boolean isLockedOut();
public abstract void setLockedOut(boolean flag) throws DataException;
public abstract ContactInfo getContactInfo() throws DataException;
public abstract void putContactInfo(ContactInfo ci) throws DataException;
public abstract void setPassword(String password, String reminder) throws DataException;
public abstract Locale getLocale();
public abstract void setLocale(Locale locale) throws DataException;
public abstract TimeZone getTimeZone();
public abstract void setTimeZone(TimeZone timezone) throws DataException;
public abstract Date getCreationDate();
public abstract Date getLastAccessDate();
} // end interface AdminUserContext

21
src/com/silverwrist/venice/core/impl/AdminOperationsImpl.java
View File

@ -23,6 +23,7 @@ import org.apache.log4j.*;
import com.silverwrist.venice.core.*; import com.silverwrist.venice.core.*;
import com.silverwrist.venice.db.*; import com.silverwrist.venice.db.*;
import com.silverwrist.venice.security.AuditRecord; import com.silverwrist.venice.security.AuditRecord;
import com.silverwrist.venice.security.SecLevels;
class AdminOperationsImpl implements AdminOperations class AdminOperationsImpl implements AdminOperations
{ {
@ -31,7 +32,7 @@ class AdminOperationsImpl implements AdminOperations
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
private static Category logger = Category.getInstance(AdminOperationsImpl.class.getName()); private static Category logger = Category.getInstance(AdminOperationsImpl.class);
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Attributes * Attributes
@ -60,6 +61,12 @@ class AdminOperationsImpl implements AdminOperations
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
public boolean isGlobalAdmin()
{
return (user.realBaseLevel()==SecLevels.GLOBAL_BOFH);
} // end isGlobalAdmin
public List getAuditRecords(int offset, int count) throws DataException public List getAuditRecords(int offset, int count) throws DataException
{ {
Connection conn = null; Connection conn = null;
@ -116,4 +123,16 @@ class AdminOperationsImpl implements AdminOperations
} // end getAuditRecordCount } // end getAuditRecordCount
public AdminUserContext getUserContext(int uid) throws DataException
{
return AdminUserContextImpl.getAdminUserContext(engine,user,datapool,uid);
} // end getUserContext
public AdminUserContext getUserContext(String username) throws DataException
{
return AdminUserContextImpl.getAdminUserContext(engine,user,datapool,username);
} // end getUserContext
} // end class AdminOperationsImpl } // end class AdminOperationsImpl

650
src/com/silverwrist/venice/core/impl/AdminUserContextImpl.java Normal file
View File

@ -0,0 +1,650 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.core.impl;
import java.sql.*;
import java.util.*;
import org.apache.log4j.*;
import com.silverwrist.util.LocaleFactory;
import com.silverwrist.venice.core.*;
import com.silverwrist.venice.db.*;
import com.silverwrist.venice.security.PasswordHash;
import com.silverwrist.venice.security.AuditRecord;
class AdminUserContextImpl implements AdminUserContext
{
/*--------------------------------------------------------------------------------
* Static data members
*--------------------------------------------------------------------------------
*/
private static Category logger = Category.getInstance(AdminUserContextImpl.class);
/*--------------------------------------------------------------------------------
* Attributes
*--------------------------------------------------------------------------------
*/
private EngineBackend engine; // the back end of the engine
private UserBackend user; // the controlling administrative user
private DataPool datapool; // the data pool used by this object
private int uid; // the user ID of this user
private int contactid; // ID of associated contact information
private int level; // base security level for this user
private boolean email_verified; // has email address been verified?
private boolean lockout; // is this account locked out?
private String username; // the user name we're using
private java.util.Date created; // when was this user created? (GMT)
private java.util.Date last_access; // when did we last log in? (GMT)
private String description; // personal description
private Locale my_locale; // my default locale (cached)
private TimeZone my_tz; // my default timezone (cached)
/*--------------------------------------------------------------------------------
* Constructor
*--------------------------------------------------------------------------------
*/
protected AdminUserContextImpl(EngineBackend engine, UserBackend user, DataPool datapool, ResultSet rs)
throws SQLException
{
this.engine = engine;
this.user = user;
this.datapool = datapool;
this.uid = rs.getInt("uid");
this.contactid = rs.getInt("contactid");
this.level = rs.getInt("base_lvl");
this.email_verified = rs.getBoolean("verify_email");
this.lockout = rs.getBoolean("lockout");
this.username = rs.getString("username");
this.created = SQLUtil.getFullDateTime(rs,"created");
this.last_access = SQLUtil.getFullDateTime(rs,"lastaccess");
this.description = rs.getString("description");
this.my_locale = LocaleFactory.createLocale(rs.getString("localeid"));
this.my_tz = TimeZone.getTimeZone(rs.getString("tzid"));
} // end constructor
/*--------------------------------------------------------------------------------
* Implementations from interface AdminUserContext
*--------------------------------------------------------------------------------
*/
public int getUID()
{
return uid;
} // end getUID
public String getUserName()
{
return username;
} // end getUserName
public int getContactID()
{
return contactid;
} // end getContactID
public String getDescription()
{
return description;
} // end getDescription
public void setDescription(String new_descr) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
if (new_descr.equals(description))
return;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("UPDATE users SET description = '");
sql.append(SQLUtil.encodeString(new_descr)).append("' WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
description = new_descr; // change stored information
ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,"field=description");
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error changing description: " + e.getMessage(),e);
throw new DataException("Unable to set user description: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setDescription
public int getBaseLevel()
{
return level;
} // end getBaseLevel
public void setBaseLevel(int new_level) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
if (level==new_level)
return;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("UPDATE users SET base_lvl = ");
sql.append(new_level).append(" WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
level = new_level;
ar = new AuditRecord(AuditRecord.ADMIN_SET_SECURITY,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,"level=" + new_level);
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error changing base level: " + e.getMessage(),e);
throw new DataException("Unable to set user base level: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setBaseLevel
public boolean isEmailVerified()
{
return email_verified;
} // end isEmailVerified
public void setEmailVerified(boolean flag) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
if (flag==email_verified)
return;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("UPDATE users SET verify_email = ");
sql.append(flag ? '1' : '0').append(" WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
email_verified = flag;
ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,"field=verify_email");
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error changing verify flag: " + e.getMessage(),e);
throw new DataException("Unable to set user verify flag: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setEmailVerified
public boolean isLockedOut()
{
return lockout;
} // end isLockedOut
public void setLockedOut(boolean flag) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
if (flag==lockout)
return;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
StringBuffer sql = new StringBuffer("UPDATE users SET lockout = ");
sql.append(flag ? '1' : '0').append(" WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
lockout = flag;
ar = new AuditRecord(AuditRecord.ADMIN_LOCK_OUT,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,flag ? "locked" : "unlocked");
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error changing lockout flag: " + e.getMessage(),e);
throw new DataException("Unable to set user lockout flag: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setLockedOut
public ContactInfo getContactInfo() throws DataException
{
if (logger.isDebugEnabled())
logger.debug("getContactInfo() for UID " + uid);
ContactInfoImpl rc;
if (contactid>=0)
rc = new ContactInfoImpl(datapool,contactid);
else
rc = new ContactInfoImpl(uid);
return rc;
} // end getContactInfo
public void putContactInfo(ContactInfo ci) throws DataException
{
if (logger.isDebugEnabled())
logger.debug("putContactInfo() for UID " + uid);
if ((ci.getOwnerUID()!=uid) || (ci.getOwnerSIGID()>=0))
{ // the contact information is not owned correctly
logger.error("ContactInfo ownership wrong (it's " + ci.getOwnerUID() + ", " + ci.getOwnerSIGID()
+ "), should be (" + uid + ", -1)");
throw new DataException("invalid contact information record");
} // end if
Connection conn = null; // database connection
AuditRecord ar = null; // audit record
try
{ // get a database connection
conn = datapool.getConnection();
Stashable obj = (Stashable)ci;
// save the contact information
obj.stash(conn);
if (contactid<0)
{ // contact being established for the first time
contactid = ci.getContactID();
if (logger.isDebugEnabled())
logger.debug("...established initial contact (" + contactid + ") for user");
} // end if
ar = new AuditRecord(AuditRecord.ADMIN_USER_CONTACT_INFO,user.realUID(),user.userRemoteAddress(),
"uid=" + uid,"contactid=" + contactid);
} // end try
catch (ClassCastException cce)
{ // we need to be able to coerce the ContactInfo to a Stashable
logger.error("ContactInfo needs to be a Stashable for this to work");
throw new DataException("improper contact information record");
} // end catch
catch (SQLException e)
{ // database error - this is a DataException
logger.error("DB error updating contact info: " + e.getMessage(),e);
throw new DataException("unable to access user contact data: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end if
} // end putContactInfo
public void setPassword(String password, String reminder) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
PasswordHash phash = new PasswordHash(password);
StringBuffer sql = new StringBuffer("UPDATE users SET passhash = '");
sql.append(phash.toString()).append("', passreminder = '").append(SQLUtil.encodeString(reminder));
sql.append("', access_tries = 0 WHERE uid = ").append(uid).append(';');
stmt.executeUpdate(sql.toString());
// record an audit record for this user
ar = new AuditRecord(AuditRecord.ADMIN_PASSWORD_CHANGE,user.realUID(),user.userRemoteAddress(),
"uid=" + uid);
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error changing password: " + e.getMessage(),e);
throw new DataException("Unable to set user password: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setPassword
public Locale getLocale()
{
return my_locale;
} // end getLocale
public void setLocale(Locale locale) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
// create the update statement
StringBuffer sql = new StringBuffer("UPDATE userprefs SET localeid = '");
sql.append(SQLUtil.encodeString(locale.toString())).append("' WHERE uid = ").append(uid).append(';');
// execute the statement
stmt.executeUpdate(sql.toString());
// replace the locale here
my_locale = locale;
ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,"field=localeid");
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error setting user locale: " + e.getMessage(),e);
throw new DataException("unable to set user locale: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setLocale
public TimeZone getTimeZone()
{
return my_tz;
} // end getTimeZone
public void setTimeZone(TimeZone timezone) throws DataException
{
Connection conn = null;
AuditRecord ar = null;
try
{ // retrieve a connection from the data pool
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
// create the update statement
StringBuffer sql = new StringBuffer("UPDATE userprefs SET tzid = '");
sql.append(SQLUtil.encodeString(timezone.getID())).append("' WHERE uid = ").append(uid).append(';');
// execute the statement
stmt.executeUpdate(sql.toString());
// replace the locale here
my_tz = timezone;
ar = new AuditRecord(AuditRecord.ADMIN_ACCOUNT_CHANGE,user.realUID(),user.userRemoteAddress(),0,
"uid=" + uid,"field=tzid");
} // end try
catch (SQLException e)
{ // turn SQLException into data exception
logger.error("DB error setting user timezone: " + e.getMessage(),e);
throw new DataException("unable to set user timezone: " + e.getMessage(),e);
} // end catch
finally
{ // make sure the connection is released before we go
try
{ // save off the audit record before we go, though
if ((ar!=null) && (conn!=null))
ar.store(conn);
} // end try
catch (SQLException e)
{ // we couldn't store the audit record!
logger.error("DB error saving audit record: " + e.getMessage(),e);
} // end catch
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end setTimeZone
public java.util.Date getCreationDate()
{
return created;
} // end getCreationDate
public java.util.Date getLastAccessDate()
{
return last_access;
} // end getLastAccessDate
/*--------------------------------------------------------------------------------
* Package-level static operations
*--------------------------------------------------------------------------------
*/
static AdminUserContext getAdminUserContext(EngineBackend engine, UserBackend user, DataPool datapool,
int uid) throws DataException
{
Connection conn = null;
try
{ // get a database connection
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM users INNER JOIN userprefs "
+ "ON users.uid = userprefs.uid WHERE users.uid = " + uid + ";");
if (!(rs.next()))
throw new DataException("The user with UID #" + uid + " was not found.");
if (rs.getBoolean("is_anon"))
throw new DataException("Cannot modify the defaults for the anonymous user.");
return new AdminUserContextImpl(engine,user,datapool,rs);
} // end try
catch (SQLException e)
{ // we encountered an error!
logger.error("DB exception in getAdminUserContext: " + e.getMessage(),e);
throw new DataException("Unable to load context for user: " + e.getMessage());
} // end catch
finally
{ // release the connection where necessary
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end getAdminUserContext
static AdminUserContext getAdminUserContext(EngineBackend engine, UserBackend user, DataPool datapool,
String username) throws DataException
{
Connection conn = null;
try
{ // get a database connection
conn = datapool.getConnection();
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("SELECT * FROM users INNER JOIN userprefs "
+ "ON users.uid = userprefs.uid WHERE users.username = '"
+ SQLUtil.encodeString(username) + "';");
if (!(rs.next()))
throw new DataException("The user '" + username + "' was not found.");
if (rs.getBoolean("is_anon"))
throw new DataException("Cannot modify the defaults for the anonymous user.");
return new AdminUserContextImpl(engine,user,datapool,rs);
} // end try
catch (SQLException e)
{ // we encountered an error!
logger.error("DB exception in getAdminUserContext: " + e.getMessage(),e);
throw new DataException("Unable to load context for user: " + e.getMessage());
} // end catch
finally
{ // release the connection where necessary
if (conn!=null)
datapool.releaseConnection(conn);
} // end finally
} // end getAdminUserContext
} // end class AdminUserContextImpl

4
src/com/silverwrist/venice/core/impl/UserContextImpl.java
View File

@ -38,7 +38,7 @@ class UserContextImpl implements UserContext, UserBackend
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
private static Category logger = Category.getInstance(UserContextImpl.class.getName()); private static Category logger = Category.getInstance(UserContextImpl.class);
private static final String AUTH_TOKEN_PREFIX = "VQAT:"; private static final String AUTH_TOKEN_PREFIX = "VQAT:";
private static final char AUTH_TOKEN_SEP = '|'; private static final char AUTH_TOKEN_SEP = '|';
@ -66,7 +66,7 @@ class UserContextImpl implements UserContext, UserBackend
private String full_name = null; // my full name (cached) private String full_name = null; // my full name (cached)
private Locale my_locale = null; // my default locale (cached) private Locale my_locale = null; // my default locale (cached)
private TimeZone my_tz = null; // my default timezone (cached) private TimeZone my_tz = null; // my default timezone (cached)
private Hashtable mru_cache = new Hashtable(); // MRU cache for ReferencedData objects private HashMap mru_cache = new HashMap(); // MRU cache for ReferencedData objects
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Constructor * Constructor

5
src/com/silverwrist/venice/security/Audit.java
View File

@ -31,6 +31,11 @@ public interface Audit
public static final int USER_CONTACT_INFO = 106; public static final int USER_CONTACT_INFO = 106;
public static final int RESEND_CONFIRM = 107; public static final int RESEND_CONFIRM = 107;
public static final int PASSWORD_CHANGE = 108; public static final int PASSWORD_CHANGE = 108;
public static final int ADMIN_USER_CONTACT_INFO = 109;
public static final int ADMIN_PASSWORD_CHANGE = 110;
public static final int ADMIN_ACCOUNT_CHANGE = 111;
public static final int ADMIN_SET_SECURITY = 112;
public static final int ADMIN_LOCK_OUT = 113;
// Codes 201-300 - SIG events // Codes 201-300 - SIG events
public static final int CREATE_SIG = 201; public static final int CREATE_SIG = 201;

126
src/com/silverwrist/venice/security/Role.java
View File

@ -26,17 +26,21 @@ public class Role implements Comparable, SecLevels
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
private static Role not_in_list = null; private static Role not_in_list;
private static Role no_access = null; private static Role no_access;
private static Role unrestricted_user = null; private static Role unrestricted_user;
private static Role sig_host = null; private static Role global_admin;
private static ArrayList global_low = null; private static Role sig_host;
private static ArrayList global_high = null; private static ArrayList global_low;
private static ArrayList sig_low = null; private static ArrayList global_high;
private static ArrayList sig_high = null; private static ArrayList sig_low;
private static ArrayList conf_low = null; private static ArrayList sig_high;
private static ArrayList conf_high = null; private static ArrayList conf_low;
private static ArrayList conf_high;
private static HashMap all_roles;
private static List base_levels = null;
private static List base_levels_2 = null;
private static List sigreadlist_rc = null; private static List sigreadlist_rc = null;
private static List sigwritelist_rc = null; private static List sigwritelist_rc = null;
private static List sigcreatelist_rc = null; private static List sigcreatelist_rc = null;
@ -131,6 +135,53 @@ public class Role implements Comparable, SecLevels
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
*/ */
public static Role getRoleForLevel(int level)
{
Role rc = (Role)(all_roles.get(new Integer(level)));
if (rc!=null)
return rc;
return new Role(level,"(Level " + level + ")");
} // end getRoleForLevel
public static List getBaseLevelChoices()
{
if (base_levels==null)
{ // create the returned list
ArrayList rc = new ArrayList();
rc.addAll(global_low);
rc.add(unrestricted_user);
rc.addAll(global_high);
rc.remove(rc.size()-1);
base_levels = Collections.unmodifiableList(rc);
} // end if
return base_levels;
} // end getBaseLevelChoices
public static List getBaseLevelChoices2()
{
if (base_levels_2==null)
{ // create the returned list
ArrayList rc = new ArrayList();
rc.addAll(global_low);
rc.add(unrestricted_user);
base_levels_2 = Collections.unmodifiableList(rc);
} // end if
return base_levels_2;
} // end getBaseLevelChoices2
public static Role getGlobalAdmin()
{
return global_admin;
} // end getGlobalAdmin
public static List getSIGReadList() public static List getSIGReadList()
{ {
if (sigreadlist_rc==null) if (sigreadlist_rc==null)
@ -342,46 +393,77 @@ public class Role implements Comparable, SecLevels
static static
{ {
all_roles = new HashMap();
not_in_list = new Role(0,"(not in list)"); not_in_list = new Role(0,"(not in list)");
all_roles.put(new Integer(0),not_in_list);
no_access = new Role(NO_ACCESS,"No Access"); no_access = new Role(NO_ACCESS,"No Access");
all_roles.put(new Integer(NO_ACCESS),no_access);
unrestricted_user = new Role(UNRESTRICTED_USER,"'Unrestricted' User"); unrestricted_user = new Role(UNRESTRICTED_USER,"'Unrestricted' User");
all_roles.put(new Integer(UNRESTRICTED_USER),unrestricted_user);
Role tmp;
// initialize the "global lowband" vector // initialize the "global lowband" vector
global_low = new ArrayList(3); global_low = new ArrayList(3);
global_low.add(new Role(GLOBAL_ANONYMOUS,"Anonymous User")); tmp = new Role(GLOBAL_ANONYMOUS,"Anonymous User");
global_low.add(new Role(GLOBAL_UNVERIFIED,"Unauthenticated User")); global_low.add(tmp);
global_low.add(new Role(GLOBAL_NORMAL,"Normal User")); all_roles.put(new Integer(GLOBAL_ANONYMOUS),tmp);
tmp = new Role(GLOBAL_UNVERIFIED,"Unauthenticated User");
global_low.add(tmp);
all_roles.put(new Integer(GLOBAL_UNVERIFIED),tmp);
tmp = new Role(GLOBAL_NORMAL,"Normal User");
global_low.add(tmp);
all_roles.put(new Integer(GLOBAL_NORMAL),tmp);
global_low.trimToSize(); global_low.trimToSize();
// initialize the "global highband" vector // initialize the "global highband" vector
global_high = new ArrayList(3); global_high = new ArrayList(3);
global_high.add(new Role(GLOBAL_ANYADMIN,"Any System Administrator")); tmp = new Role(GLOBAL_ANYADMIN,"Any System Administrator");
global_high.add(new Role(GLOBAL_PFY,"System Assistant Administrator")); global_high.add(tmp);
global_high.add(new Role(GLOBAL_BOFH,"Global System Administrator")); all_roles.put(new Integer(GLOBAL_ANYADMIN),tmp);
tmp = new Role(GLOBAL_PFY,"System Assistant Administrator");
global_high.add(tmp);
all_roles.put(new Integer(GLOBAL_PFY),tmp);
global_admin = new Role(GLOBAL_BOFH,"Global System Administrator");
global_high.add(global_admin);
all_roles.put(new Integer(GLOBAL_BOFH),global_admin);
global_high.trimToSize(); global_high.trimToSize();
// initialize the "SIG lowband" vector // initialize the "SIG lowband" vector
sig_low = new ArrayList(1); sig_low = new ArrayList(1);
sig_low.add(new Role(SIG_MEMBER,"SIG Member")); tmp = new Role(SIG_MEMBER,"SIG Member");
sig_low.add(tmp);
all_roles.put(new Integer(SIG_MEMBER),tmp);
sig_low.trimToSize(); sig_low.trimToSize();
// initialize the "SIG highband" vector // initialize the "SIG highband" vector
sig_high = new ArrayList(3); sig_high = new ArrayList(3);
sig_high.add(new Role(SIG_ANYADMIN,"Any SIG Administrator")); tmp = new Role(SIG_ANYADMIN,"Any SIG Administrator");
sig_high.add(new Role(SIG_COHOST,"SIG Co-Host")); sig_high.add(tmp);
all_roles.put(new Integer(SIG_ANYADMIN),tmp);
tmp = new Role(SIG_COHOST,"SIG Co-Host");
sig_high.add(tmp);
all_roles.put(new Integer(SIG_COHOST),tmp);
sig_host = new Role(SIG_HOST,"SIG Host"); sig_host = new Role(SIG_HOST,"SIG Host");
sig_high.add(sig_host); sig_high.add(sig_host);
all_roles.put(new Integer(SIG_HOST),sig_host);
sig_high.trimToSize(); sig_high.trimToSize();
// initialize the "conference lowband" vector // initialize the "conference lowband" vector
conf_low = new ArrayList(1); conf_low = new ArrayList(1);
conf_low.add(new Role(CONFERENCE_MEMBER,"Conference Member")); tmp = new Role(CONFERENCE_MEMBER,"Conference Member");
conf_low.add(tmp);
all_roles.put(new Integer(CONFERENCE_MEMBER),tmp);
conf_low.trimToSize(); conf_low.trimToSize();
// initialize the "conference highband" vector // initialize the "conference highband" vector
conf_high = new ArrayList(2); conf_high = new ArrayList(2);
conf_high.add(new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator")); tmp = new Role(CONFERENCE_ANYADMIN,"Any Conference Administrator");
conf_high.add(new Role(CONFERENCE_HOST,"Conference Host")); conf_high.add(tmp);
all_roles.put(new Integer(CONFERENCE_ANYADMIN),tmp);
tmp = new Role(CONFERENCE_HOST,"Conference Host");
conf_high.add(tmp);
all_roles.put(new Integer(CONFERENCE_HOST),tmp);
conf_high.trimToSize(); conf_high.trimToSize();
} // end static initializer } // end static initializer

172
src/com/silverwrist/venice/servlets/SystemAdmin.java
View File

@ -23,6 +23,7 @@ import javax.servlet.*;
import javax.servlet.http.*; import javax.servlet.http.*;
import org.apache.log4j.*; import org.apache.log4j.*;
import com.silverwrist.util.StringUtil; import com.silverwrist.util.StringUtil;
import com.silverwrist.venice.ValidationException;
import com.silverwrist.venice.core.*; import com.silverwrist.venice.core.*;
import com.silverwrist.venice.servlets.format.*; import com.silverwrist.venice.servlets.format.*;
@ -57,6 +58,23 @@ public class SystemAdmin extends VeniceServlet
} // end makeSystemAdminTop } // end makeSystemAdminTop
private AdminModifyUserDialog makeAdminModifyUserDialog() throws ServletException
{
final String desired_name = "AdminModifyUserDialog";
DialogCache cache = DialogCache.getDialogCache(getServletContext());
if (!(cache.isCached(desired_name)))
{ // create a template and save it off
AdminModifyUserDialog template = new AdminModifyUserDialog(getCountryList());
cache.saveTemplate(template);
} // end if
// return a new copy
return (AdminModifyUserDialog)(cache.getNewDialog(desired_name));
} // end makeAdminModifyUserDialog
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* Overrides from class HttpServlet * Overrides from class HttpServlet
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
@ -127,6 +145,54 @@ public class SystemAdmin extends VeniceServlet
} // end if ("A" command) } // end if ("A" command)
if (cmd.equals("UF"))
{ // "UF" = "User Find" - the initial screen of User Account Management
if (!(user.hasAdminAccess()))
return new ErrorBox("Access Error","You do not have permission to administer the system.",null);
// prepare and load the display
AdminFindUser afu = new AdminFindUser(engine);
afu.loadGet();
setMyLocation(request,"sysadmin?cmd=UF");
return afu;
} // end if ("UF" command)
if (cmd.equals("UM"))
{ // "UM" = "User Modify" - the second screen of user account management
try
{ // get the user to be modified
AdminOperations adm = user.getAdminInterface();
String s_uid = request.getParameter("uid");
if (s_uid==null)
throw new ErrorBox(null,"User ID parameter not found.","sysadmin?cmd=UF");
AdminUserContext admuser = adm.getUserContext(Integer.parseInt(s_uid));
AdminModifyUserDialog dlg = makeAdminModifyUserDialog();
dlg.setupDialog(adm.isGlobalAdmin(),admuser);
setMyLocation(request,"sysadmin?cmd=UM");
return dlg;
} // end try
catch (AccessError ae)
{ // an access error generally means we're not an administrator
return new ErrorBox("Access Error","You do not have permission to administer the system.",null);
} // end catch
catch (DataException de)
{ // error pulling the audit records
return new ErrorBox("Database Error","Unable to retrieve user information: " + de.getMessage(),
"sysadmin?cmd=UF");
} // end catch
catch (NumberFormatException nfe)
{ // this is if we get a bogus UID
return new ErrorBox(null,"Invalid user ID parameter.","sysadmin?cmd=UF");
} // end catch
} // end if ("UM" command)
// TODO: other command handling // TODO: other command handling
if (!(user.hasAdminAccess())) if (!(user.hasAdminAccess()))
@ -137,4 +203,110 @@ public class SystemAdmin extends VeniceServlet
} // end doVeniceGet } // end doVeniceGet
protected VeniceContent doVenicePost(HttpServletRequest request, VeniceEngine engine,
UserContext user, RenderData rdat)
throws ServletException, IOException, VeniceServletResult
{
// decide what to do based on the "cmd" parameter
String cmd = getStandardCommandParam(request);
if (logger.isDebugEnabled())
logger.debug("SystemAdmin/doPost command value = " + cmd);
if (cmd.equals("UF"))
{ // "UF" = "User Find" - the initial screen of User Account Management
if (!(user.hasAdminAccess()))
return new ErrorBox("Access Error","You do not have permission to administer the system.",null);
try
{ // prepare and load the display
AdminFindUser afu = new AdminFindUser(engine);
afu.loadPost(request);
setMyLocation(request,"sysadmin?cmd=UF");
return afu;
} // end try
catch (DataException de)
{ // catch a database error and return it
return new ErrorBox("Database Error","Database error on find: " + de.getMessage(),"sysadmin?cmd=UF");
} // end catch
catch (ValidationException ve)
{ // there was a validation error
return new ErrorBox("Find Error",ve.getMessage(),"sysadmin?cmd=UF");
} // end catch
} // end if ("UF" command)
if (cmd.equals("UM"))
{ // "UM" = "User Modify" - the second screen of user account management
try
{ // get the dialog box
AdminModifyUserDialog dlg = makeAdminModifyUserDialog();
if (dlg.isButtonClicked(request,"cancel"))
throw new RedirectResult("sysadmin?cmd=UF"); // we decided not to bother - go back
if (dlg.isButtonClicked(request,"update"))
{ // get the user to be modified
AdminOperations adm = user.getAdminInterface();
String s_uid = request.getParameter("uid");
if (s_uid==null)
throw new ErrorBox(null,"User ID parameter not found.","sysadmin?cmd=UF");
AdminUserContext admuser = adm.getUserContext(Integer.parseInt(s_uid));
dlg.loadValues(request); // load field values
try
{ // execute the dialog!
dlg.doDialog(admuser);
throw new RedirectResult("sysadmin?cmd=UF");
} // end try
catch (ValidationException ve)
{ // this is a simple error
dlg.resetOnError(adm.isGlobalAdmin(),admuser,ve.getMessage() + " Please try again.");
setMyLocation(request,"sysadmin?cmd=UM");
return dlg;
} // end catch
} // end if
else
{ // the button must be wrong!
logger.error("no known button click on Account.doPost, cmd=P");
return new ErrorBox("Internal Error","Unknown command button pressed","sysadmin?cmd=UF");
} // end else
} // end try
catch (AccessError ae)
{ // an access error generally means we're not an administrator
return new ErrorBox("Access Error","You do not have permission to administer the system.",null);
} // end catch
catch (DataException de)
{ // error pulling the audit records
return new ErrorBox("Database Error","Unable to retrieve user information: " + de.getMessage(),
"sysadmin?cmd=UF");
} // end catch
catch (NumberFormatException nfe)
{ // this is if we get a bogus UID
return new ErrorBox(null,"Invalid user ID parameter.","sysadmin?cmd=UF");
} // end catch
} // end if ("UM" command)
// TODO: other command handling
if (!(user.hasAdminAccess()))
return new ErrorBox("Access Error","You do not have permission to administer the system.",null);
setMyLocation(request,"sysadmin");
return makeSystemAdminTop();
} // end doVenicePost
} // end class SystemAdmin } // end class SystemAdmin

240
src/com/silverwrist/venice/servlets/format/AdminFindUser.java Normal file
View File

@ -0,0 +1,240 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.servlets.format;
import java.util.*;
import javax.servlet.*;
import com.silverwrist.util.StringUtil;
import com.silverwrist.venice.ValidationException;
import com.silverwrist.venice.core.*;
public class AdminFindUser implements JSPRender, SearchMode
{
/*--------------------------------------------------------------------------------
* Static data members
*--------------------------------------------------------------------------------
*/
// Attribute name for request attribute
protected static final String ATTR_NAME = "com.silverwrist.venice.content.AdminFindUser";
/*--------------------------------------------------------------------------------
* Attributes
*--------------------------------------------------------------------------------
*/
private VeniceEngine engine;
private int field = -1;
private int mode = -1;
private String term = null;
private int offset = 0;
private List results = null;
private int find_count = -1;
/*--------------------------------------------------------------------------------
* Constructor
*--------------------------------------------------------------------------------
*/
public AdminFindUser(VeniceEngine engine)
{
this.engine = engine;
} // end constructor
/*--------------------------------------------------------------------------------
* Internal functions
*--------------------------------------------------------------------------------
*/
private static int getParamInt(ServletRequest request, String name, int default_val)
{
String str = request.getParameter(name);
if (str==null)
return -1;
try
{ // parse the integer value
return Integer.parseInt(str);
} // end try
catch (NumberFormatException nfe)
{ // in case of conversion error, return default
return default_val;
} // end catch
} // end getParamInt
private static boolean isImageButtonClicked(ServletRequest request, String name)
{
String val = request.getParameter(name + ".x");
return (val!=null);
} // end isImageButtonClicked
/*--------------------------------------------------------------------------------
* External static functions
*--------------------------------------------------------------------------------
*/
public static AdminFindUser retrieve(ServletRequest request)
{
return (AdminFindUser)(request.getAttribute(ATTR_NAME));
} // end retrieve
/*--------------------------------------------------------------------------------
* Implementations from interface VeniceContent
*--------------------------------------------------------------------------------
*/
public String getPageTitle(RenderData rdat)
{
return "User Account Management";
} // end getPageTitle
/*--------------------------------------------------------------------------------
* Implementations from interface JSPRender
*--------------------------------------------------------------------------------
*/
public void store(ServletRequest request)
{
request.setAttribute(ATTR_NAME,this);
} // end store
public String getTargetJSPName()
{
return "admin_find.jsp";
} // end getTargetJSPName
/*--------------------------------------------------------------------------------
* External operations
*--------------------------------------------------------------------------------
*/
public int getSearchField()
{
return field;
} // end getSearchField
public boolean searchFieldIs(int value)
{
return (value==field);
} // end searchFieldIs
public int getSearchMode()
{
return mode;
} // end getSearchMode
public boolean searchModeIs(int value)
{
return (value==mode);
} // end searchModeIs
public String getSearchTerm()
{
return term;
} // end getSearchTerm
public List getResultsList()
{
return results;
} // end getResultsList
public int getNumResultsDisplayed()
{
return engine.getStdNumSearchResults();
} // end getNumResultsDisplayed
public int getFindCount()
{
return find_count;
} // end getFindCount
public int getOffset()
{
return offset;
} // end getOffset
public void loadGet()
{
field = FIELD_USER_NAME;
mode = SEARCH_PREFIX;
term = "";
} // end loadGet
public void loadPost(ServletRequest request) throws ValidationException, DataException
{
int catid = -1;
// Retrieve all the posted parameters from the form and validate them.
field = getParamInt(request,"field",FIELD_USER_NAME);
if ( (field!=FIELD_USER_NAME) && (field!=FIELD_USER_DESCRIPTION) && (field!=FIELD_USER_GIVEN_NAME)
&& (field!=FIELD_USER_FAMILY_NAME))
throw new ValidationException("The field search parameter is not valid.");
mode = getParamInt(request,"mode",SEARCH_PREFIX);
if ((mode!=SEARCH_PREFIX) && (mode!=SEARCH_SUBSTRING) && (mode!=SEARCH_REGEXP))
throw new ValidationException("The search mode parameter is not valid.");
term = request.getParameter("term");
if (term==null)
term = "";
// Retrieve the offset and find count parameters.
offset = getParamInt(request,"ofs",0);
find_count = getParamInt(request,"fcount",-1);
// Adjust the search return offset based on the command button click.
int count = getNumResultsDisplayed();
if (isImageButtonClicked(request,"search"))
offset = 0;
else if (isImageButtonClicked(request,"previous"))
{ // adjust the offset in the reverse direction
offset -= count;
if (offset<0)
offset = 0;
} // end else if
else if (isImageButtonClicked(request,"next"))
offset += count; // go forwards instead
else
throw new ValidationException("Unable to determine what action triggered the form.");
// Run the actual search.
results = engine.searchForUsers(field,mode,term,offset,count);
if (find_count<0)
find_count = engine.getSearchUserCount(field,mode,term);
} // end loadPost
} // end class AdminFindUser

294
src/com/silverwrist/venice/servlets/format/AdminModifyUserDialog.java Normal file
View File

@ -0,0 +1,294 @@
/*
* The contents of this file are subject to the Mozilla Public License Version 1.1
* (the "License"); you may not use this file except in compliance with the License.
* You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
*
* Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License.
*
* The Original Code is the Venice Web Communities System.
*
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
* Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
*
* Contributor(s):
*/
package com.silverwrist.venice.servlets.format;
import java.util.*;
import com.silverwrist.util.LocaleFactory;
import com.silverwrist.util.StringUtil;
import com.silverwrist.venice.ValidationException;
import com.silverwrist.venice.core.*;
import com.silverwrist.venice.security.Role;
public class AdminModifyUserDialog extends ContentDialog
{
/*--------------------------------------------------------------------------------
* Constructors
*--------------------------------------------------------------------------------
*/
public AdminModifyUserDialog(List country_list)
{
super("Modify User Account",null,"moduserform","sysadmin");
setHiddenField("cmd","UM");
setHiddenField("uid","");
addFormField(new CDFormCategoryHeader("Security Information","To change the user's password, enter a new "
+ "password into the fields below."));
addFormField(new CDPasswordFormField("pass1","Password",null,false,32,128));
addFormField(new CDPasswordFormField("pass2","Password","(retype)",false,32,128));
addFormField(new CDTextFormField("remind","Password reminder phrase",null,false,32,255));
addFormField(new CDRoleListFormField("base_lvl","Base security level",null,true,
Role.getBaseLevelChoices()));
addFormField(new CDCheckBoxFormField("verify_email","E-mail address verified",null,"Y"));
addFormField(new CDCheckBoxFormField("lockout","Account locked out",null,"Y"));
addFormField(new CDFormCategoryHeader("Name"));
addFormField(new CDTextFormField("prefix","Prefix","(Mr., Ms., etc.)",false,8,8));
addFormField(new CDTextFormField("first","First name",null,true,32,64));
addFormField(new CDTextFormField("mid","Middle initial",null,false,1,1));
addFormField(new CDTextFormField("last","Last name",null,true,32,64));
addFormField(new CDTextFormField("suffix","Suffix","(Jr., III, etc.)",false,16,16));
addFormField(new CDFormCategoryHeader("Location"));
addFormField(new CDTextFormField("company","Company",null,false,32,255));
addFormField(new CDTextFormField("addr1","Address",null,false,32,255));
addFormField(new CDTextFormField("addr2","Address","(line 2)",false,32,255));
addFormField(new CDCheckBoxFormField("pvt_addr","Hide address in profile",null,"Y"));
addFormField(new CDTextFormField("loc","City",null,true,32,64));
addFormField(new CDTextFormField("reg","State/Province",null,true,32,64));
addFormField(new CDTextFormField("pcode","Zip/Postal Code",null,true,32,64));
addFormField(new CDCountryListFormField("country","Country",null,true,country_list));
addFormField(new CDFormCategoryHeader("Phone Numbers"));
addFormField(new CDTextFormField("phone","Telephone",null,false,32,32));
addFormField(new CDTextFormField("mobile","Mobile/cellphone",null,false,32,32));
addFormField(new CDCheckBoxFormField("pvt_phone","Hide phone/mobile numbers in profile",null,"Y"));
addFormField(new CDTextFormField("fax","Fax",null,false,32,32));
addFormField(new CDCheckBoxFormField("pvt_fax","Hide fax number in profile",null,"Y"));
addFormField(new CDFormCategoryHeader("Internet"));
addFormField(new CDEmailAddressFormField("email","E-mail address",null,true,32,255));
addFormField(new CDCheckBoxFormField("pvt_email","Hide e-mail address in profile",null,"Y"));
addFormField(new CDTextFormField("url","Home page","(URL)",false,32,255));
addFormField(new CDFormCategoryHeader("Personal"));
addFormField(new CDTextFormField("descr","Personal description",null,false,32,255));
addFormField(new CDFormCategoryHeader("User Preferences"));
addFormField(new CDLocaleListFormField("locale","Default locale","(for formatting dates/times)",true));
addFormField(new CDTimeZoneListFormField("tz","Default time zone",null,true));
addCommandButton(new CDImageButton("update","bn_update.gif","Update",80,24));
addCommandButton(new CDImageButton("cancel","bn_cancel.gif","Cancel",80,24));
} // end constructor
protected AdminModifyUserDialog(AdminModifyUserDialog other)
{
super(other);
} // end AdminModifyUserDialog
/*--------------------------------------------------------------------------------
* Internal functions
*--------------------------------------------------------------------------------
*/
private void coreSetup(boolean is_global_admin, AdminUserContext admuser)
{
setSubtitle("User: " + admuser.getUserName());
setHiddenField("uid",String.valueOf(admuser.getUID()));
CDPickListFormField level_field = (CDPickListFormField)modifyField("base_lvl");
List role_list;
if (is_global_admin)
role_list = level_field.getChoicesList();
else
{ // not a global admin - deny user the right to select assistant admin choices
role_list = Role.getBaseLevelChoices2();
level_field.setChoicesList(role_list);
} // end else
// See if this level was found on the list.
boolean found = false;
Iterator it = role_list.iterator();
while (it.hasNext())
{ // seek each role in turn
Role r = (Role)(it.next());
if (r.getLevel()==admuser.getBaseLevel())
{ // found it!
found = true;
break;
} // end if
} // end while
if (!found)
{ // not in the list - set the defined "role list" to be a singleton of our current level
role_list = Collections.singletonList(Role.getRoleForLevel(admuser.getBaseLevel()));
level_field.setChoicesList(role_list);
} // end if
} // end coreSetup
/*--------------------------------------------------------------------------------
* Overrides from class Object
*--------------------------------------------------------------------------------
*/
public Object clone()
{
return new AdminModifyUserDialog(this);
} // end clone
/*--------------------------------------------------------------------------------
* Overrides from class ContentDialog
*--------------------------------------------------------------------------------
*/
protected void validateWholeForm() throws ValidationException
{
String pass1 = getFieldValue("pass1");
String pass2 = getFieldValue("pass2");
if (StringUtil.isStringEmpty(pass1))
{ // empty must match empty
if (!StringUtil.isStringEmpty(pass2))
throw new ValidationException("The typed passwords do not match.");
} // end if
else
{ // the two passwords must match
if (!(pass1.equals(pass2)))
throw new ValidationException("The typed passwords do not match.");
} // end if
} // end validateWholeForm
/*--------------------------------------------------------------------------------
* External operations
*--------------------------------------------------------------------------------
*/
public void setupDialog(boolean is_global_admin, AdminUserContext admuser) throws DataException
{
coreSetup(is_global_admin,admuser);
setFieldValue("base_lvl",String.valueOf(admuser.getBaseLevel()));
if (admuser.isEmailVerified())
setFieldValue("verify_email","Y");
if (admuser.isLockedOut())
setFieldValue("lockout","Y");
ContactInfo ci = admuser.getContactInfo(); // get the main contact info
setFieldValue("prefix",ci.getNamePrefix());
setFieldValue("first",ci.getGivenName());
char init = ci.getMiddleInitial();
if (init!=' ')
setFieldValue("mid",String.valueOf(init));
setFieldValue("last",ci.getFamilyName());
setFieldValue("suffix",ci.getNameSuffix());
setFieldValue("company",ci.getCompany());
setFieldValue("addr1",ci.getAddressLine1());
setFieldValue("addr2",ci.getAddressLine2());
if (ci.getPrivateAddress())
setFieldValue("pvt_addr","Y");
setFieldValue("loc",ci.getLocality());
setFieldValue("reg",ci.getRegion());
setFieldValue("pcode",ci.getPostalCode());
setFieldValue("country",ci.getCountry());
setFieldValue("phone",ci.getPhone());
setFieldValue("mobile",ci.getMobile());
if (ci.getPrivatePhone())
setFieldValue("pvt_phone","Y");
setFieldValue("fax",ci.getFax());
if (ci.getPrivateFax())
setFieldValue("pvt_fax","Y");
setFieldValue("email",ci.getEmail());
if (ci.getPrivateEmail())
setFieldValue("pvt_email","Y");
setFieldValue("url",ci.getURL());
setFieldValue("descr",admuser.getDescription());
setFieldValue("locale",admuser.getLocale().toString());
setFieldValue("tz",admuser.getTimeZone().getID());
} // end setupDialog
public void doDialog(AdminUserContext admuser) throws ValidationException, DataException
{
validate(); // validate the dialog
final String yes = "Y"; // the "yes" string
try
{ // reset the base level
admuser.setBaseLevel(Integer.parseInt(getFieldValue("base_lvl")));
} // end try
catch (NumberFormatException nfe)
{ // this shouldn't happen
throw new InternalStateError("new_level should be an integer - form screwup");
} // end catch
// Change the password if applicable.
String foo = getFieldValue("pass1");
if (!StringUtil.isStringEmpty(foo))
admuser.setPassword(foo,getFieldValue("remind"));
admuser.setEmailVerified(yes.equals(getFieldValue("verify_email")));
admuser.setLockedOut(yes.equals(getFieldValue("lockout")));
ContactInfo ci = admuser.getContactInfo(); // get the main contact info
// Reset all the contact info fields.
ci.setNamePrefix(getFieldValue("prefix"));
ci.setGivenName(getFieldValue("first"));
foo = getFieldValue("mid");
if ((foo==null) || (foo.length()<1))
ci.setMiddleInitial(' ');
else
ci.setMiddleInitial(foo.charAt(0));
ci.setFamilyName(getFieldValue("last"));
ci.setNameSuffix(getFieldValue("suffix"));
ci.setCompany(getFieldValue("company"));
ci.setAddressLine1(getFieldValue("addr1"));
ci.setAddressLine2(getFieldValue("addr2"));
ci.setPrivateAddress(yes.equals(getFieldValue("pvt_addr")));
ci.setLocality(getFieldValue("loc"));
ci.setRegion(getFieldValue("reg"));
ci.setPostalCode(getFieldValue("pcode"));
ci.setCountry(getFieldValue("country"));
ci.setPhone(getFieldValue("phone"));
ci.setMobile(getFieldValue("mobile"));
ci.setPrivatePhone(yes.equals(getFieldValue("pvt_phone")));
ci.setFax(getFieldValue("fax"));
ci.setPrivateFax(yes.equals(getFieldValue("pvt_fax")));
ci.setEmail(getFieldValue("email"));
ci.setPrivateEmail(yes.equals(getFieldValue("pvt_email")));
ci.setURL(getFieldValue("url"));
// Store the completed contact info.
admuser.putContactInfo(ci);
// Save off the user's description and preferences.
admuser.setDescription(getFieldValue("descr"));
admuser.setLocale(LocaleFactory.createLocale(getFieldValue("locale")));
admuser.setTimeZone(TimeZone.getTimeZone(getFieldValue("tz")));
} // end doDialog
public void resetOnError(boolean is_global_admin, AdminUserContext admuser, String message)
{
coreSetup(is_global_admin,admuser);
setErrorMessage(message);
setFieldValue("pass1",null);
setFieldValue("pass2",null);
} // end resetOnError
} // end class AdminModifyUserDialog

17
src/com/silverwrist/venice/servlets/format/CDPickListFormField.java
View File

@ -83,4 +83,21 @@ public abstract class CDPickListFormField extends CDBaseFormField
} // end renderActualField } // end renderActualField
/*--------------------------------------------------------------------------------
* External operations
*--------------------------------------------------------------------------------
*/
public List getChoicesList()
{
return choices;
} // end getChoicesList
public void setChoicesList(List list)
{
this.choices = list;
} // end setChoicesList
} // end class CDPickListFormField } // end class CDPickListFormField

17
src/com/silverwrist/venice/servlets/format/ContentDialog.java
View File

@ -219,6 +219,17 @@ public class ContentDialog implements Cloneable, ContentRender
} // end renderHere } // end renderHere
/*--------------------------------------------------------------------------------
* Operations usable only from derived classes
*--------------------------------------------------------------------------------
*/
protected CDFormField modifyField(String name)
{
return (CDFormField)(form_fields.get(name));
} // end modifyField
/*-------------------------------------------------------------------------------- /*--------------------------------------------------------------------------------
* External operations * External operations
*-------------------------------------------------------------------------------- *--------------------------------------------------------------------------------
@ -230,6 +241,12 @@ public class ContentDialog implements Cloneable, ContentRender
} // end setTitle } // end setTitle
public void setSubtitle(String subtitle)
{
this.subtitle = subtitle;
} // end setSubtitle
public void setErrorMessage(String message) public void setErrorMessage(String message)
{ {
this.error_message = message; this.error_message = message;

2
src/com/silverwrist/venice/servlets/format/FindData.java
View File

@ -7,7 +7,7 @@
* WARRANTY OF ANY KIND, either express or implied. See the License for the specific * WARRANTY OF ANY KIND, either express or implied. See the License for the specific
* language governing rights and limitations under the License. * language governing rights and limitations under the License.
* *
* The Original Code is the Venice Web Community System. * The Original Code is the Venice Web Communities System.
* *
* The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>, * The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
* for Silverwrist Design Studios. Portions created by Eric J. Bowersox are * for Silverwrist Design Studios. Portions created by Eric J. Bowersox are

2
src/com/silverwrist/venice/servlets/format/SystemAdminTop.java
View File

@ -33,7 +33,7 @@ public class SystemAdminTop extends ContentMenuPanel
super("System Administration",null); super("System Administration",null);
addChoice("Set Global Parameters","TODO"); addChoice("Set Global Parameters","TODO");
addChoice("View/Edit Banned Users","TODO"); addChoice("View/Edit Banned Users","TODO");
addChoice("User Account Management","TODO"); addChoice("User Account Management","sysadmin?cmd=UF");
addChoice("System Audit Logs","sysadmin?cmd=A"); addChoice("System Audit Logs","sysadmin?cmd=A");
} // end constructor } // end constructor

147
web/format/admin_find.jsp Normal file
View File

@ -0,0 +1,147 @@
<%--
The contents of this file are subject to the Mozilla Public License Version 1.1
(the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at <http://www.mozilla.org/MPL/>.
Software distributed under the License is distributed on an "AS IS" basis, WITHOUT
WARRANTY OF ANY KIND, either express or implied. See the License for the specific
language governing rights and limitations under the License.
The Original Code is the Venice Web Communities System.
The Initial Developer of the Original Code is Eric J. Bowersox <erbo@silcom.com>,
for Silverwrist Design Studios. Portions created by Eric J. Bowersox are
Copyright (C) 2001 Eric J. Bowersox/Silverwrist Design Studios. All Rights Reserved.
Contributor(s):
--%>
<%@ page import = "java.util.*" %>
<%@ page import = "com.silverwrist.util.StringUtil" %>
<%@ page import = "com.silverwrist.venice.core.*" %>
<%@ page import = "com.silverwrist.venice.servlets.Variables" %>
<%@ page import = "com.silverwrist.venice.servlets.format.*" %>
<%
AdminFindUser data = AdminFindUser.retrieve(request);
Variables.failIfNull(data);
RenderData rdat = RenderConfig.createRenderData(application,request,response);
String stdfont = rdat.getStdFontTag(null,2);
%>
<% rdat.writeContentHeader(out,"User Account Management",null); %>
<%= stdfont %><A HREF="<%= rdat.getEncodedServletPath("sysadmin") %>">Return to
System Administration Menu</A></FONT><P>
<%-- Display the search form --%>
<% if (rdat.useHTMLComments()) { %><!-- User Search Form --><% } %>
<FORM METHOD="POST" ACTION="<%= rdat.getEncodedServletPath("sysadmin") %>">
<INPUT TYPE=HIDDEN NAME="cmd" VALUE="UF">
<INPUT TYPE=HIDDEN NAME="ofs" VALUE="0">
<%= rdat.getStdFontTag(null,4) %><B>Find Users:</B></FONT><BR>
<%= stdfont %>
Display all users whose&nbsp;&nbsp;
<SELECT NAME="field" SIZE=1>
<OPTION VALUE="<%= SearchMode.FIELD_USER_NAME %>"
<% if (data.searchFieldIs(SearchMode.FIELD_USER_NAME)) { %>SELECTED<% } %> >user name</OPTION>
<OPTION VALUE="<%= SearchMode.FIELD_USER_DESCRIPTION %>"
<% if (data.searchFieldIs(SearchMode.FIELD_USER_DESCRIPTION)) { %>SELECTED<% } %> >description</OPTION>
<OPTION VALUE="<%= SearchMode.FIELD_USER_GIVEN_NAME %>"
<% if (data.searchFieldIs(SearchMode.FIELD_USER_GIVEN_NAME)) { %>SELECTED<% } %> >first name</OPTION>
<OPTION VALUE="<%= SearchMode.FIELD_USER_FAMILY_NAME %>"
<% if (data.searchFieldIs(SearchMode.FIELD_USER_FAMILY_NAME)) { %>SELECTED<% } %> >last name</OPTION>
</SELECT><BR>
<SELECT NAME="mode" SIZE=1>
<OPTION VALUE="<%= SearchMode.SEARCH_PREFIX %>"
<% if (data.searchModeIs(SearchMode.SEARCH_PREFIX)) { %>SELECTED<% } %> >starts with the string</OPTION>
<OPTION VALUE="<%= SearchMode.SEARCH_SUBSTRING %>"
<% if (data.searchModeIs(SearchMode.SEARCH_SUBSTRING)) { %>SELECTED<% } %> >contains the string</OPTION>
<OPTION VALUE="<%= SearchMode.SEARCH_REGEXP %>"
<% if (data.searchModeIs(SearchMode.SEARCH_REGEXP)) { %>SELECTED<% } %> >matches the regular
expression</OPTION>
</SELECT>
&nbsp;&nbsp;
<INPUT TYPE=TEXT NAME="term" SIZE=32 MAXLENGTH=255 VALUE="<%= data.getSearchTerm() %>"><BR>
<INPUT TYPE=IMAGE NAME="search" SRC="<%= rdat.getFullImagePath("bn_search.gif") %>"
ALT="Search" WIDTH=80 HEIGHT=24 BORDER=0><BR>
</FONT>
</FORM>
<% List results = data.getResultsList(); %>
<% if (results!=null) { %>
<% if (rdat.useHTMLComments()) { %><!-- Display Search Results --><% } %>
<%
// Determine the number of results to display and whether to display a "next" button
int dcount = results.size();
boolean go_next = false;
if (dcount>data.getNumResultsDisplayed())
{ // there's a "next"
dcount = data.getNumResultsDisplayed();
go_next = true;
} // end if
%>
<HR>
<TABLE WIDTH="100%" BORDER=0 ALIGN=CENTER><TR VALIGN=MIDDLE>
<TD WIDTH="50%" ALIGN=LEFT><%= rdat.getStdFontTag(null,3) %>
<%-- The initial search results --%>
<B>Search Results</B>
<% if (data.getFindCount()>0) { %>
(Displaying <%= data.getOffset() + 1 %>-<%= data.getOffset() + dcount %> of
<%= data.getFindCount() %>)
<% } else { %>(None)<% } %>
</FONT></TD>
<TD WIDTH="50%" ALIGN=RIGHT>
<% if (go_next || (data.getOffset()>0)) { %>
<%-- The navigational form that allows us to page through the results --%>
<% if (rdat.useHTMLComments()) { %><!-- Navigational Form --><% } %>
<FORM METHOD="POST" ACTION="<%= rdat.getEncodedServletPath("sysadmin") %>">
<INPUT TYPE=HIDDEN NAME="cmd" VALUE="UF">
<INPUT TYPE=HIDDEN NAME="ofs" VALUE="<%= data.getOffset() %>">
<INPUT TYPE=HIDDEN NAME="field" VALUE="<%= data.getSearchField() %>">
<INPUT TYPE=HIDDEN NAME="mode" VALUE="<%= data.getSearchMode() %>">
<INPUT TYPE=HIDDEN NAME="term" VALUE="<%= data.getSearchTerm() %>">
<INPUT TYPE=HIDDEN NAME="fcount" VALUE="<%= data.getFindCount() %>">
<% if (data.getOffset()>0) { %>
<INPUT TYPE=IMAGE NAME="previous" SRC="<%= rdat.getFullImagePath("bn_ar_previous.gif") %>"
ALT="Previous" WIDTH=80 HEIGHT=24 BORDER=0>
<% } else { %>
<IMG SRC="<%= rdat.getFullImagePath("bn_transparent.gif") %>" WIDTH=80 HEIGHT=24 BORDER=0>
<% } // end if %>
&nbsp;&nbsp;
<% if (go_next) { %>
<INPUT TYPE=IMAGE NAME="next" SRC="<%= rdat.getFullImagePath("bn_ar_next.gif") %>"
ALT="Next" WIDTH=80 HEIGHT=24 BORDER=0>
<% } else { %>
<IMG SRC="<%= rdat.getFullImagePath("bn_transparent.gif") %>" WIDTH=80 HEIGHT=24 BORDER=0>
<% } // end if %>
</FORM>
<% } else { %>&nbsp;<% } %>
</TD>
</TR></TABLE><BR>
<%-- Display the results of the search --%>
<TABLE BORDER=0 ALIGN=LEFT CELLPADDING=0 CELLSPACING=4>
<% for (int i=0; i<dcount; i++) { %>
<TR VALIGN=TOP>
<TD ALIGN=CENTER WIDTH=14>
<IMG SRC="<%= rdat.getFullImagePath("purple-ball.gif") %>" ALT="*" WIDTH=14 HEIGHT=14 BORDER=0>
</TD>
<TD ALIGN=LEFT><%= stdfont %>
<% UserFound uf = (UserFound)(results.get(i)); %>
<A HREF="<%= rdat.getEncodedServletPath("user/" + uf.getName()) %>"><%= uf.getName() %></A><BR>
<%= StringUtil.encodeHTML(uf.getGivenName()) %> <%= StringUtil.encodeHTML(uf.getFamilyName()) %>,
from <%= StringUtil.encodeHTML(uf.getLocality()) %>, <%= StringUtil.encodeHTML(uf.getRegion()) %>
<%= uf.getCountry() %>
<% if (!StringUtil.isStringEmpty(uf.getDescription())) { %>
<BR><EM><%= StringUtil.encodeHTML(uf.getDescription()) %></EM>
<% } // end if %>
<BR>
<A HREF="<%= rdat.getEncodedServletPath("sysadmin?cmd=UM&uid=" + uf.getUID()) %>">[Modify User]</A>
</FONT></TD>
</TR>
<% } // end for %>
</TABLE><BR CLEAR=LEFT>
<% } // end if (results found) %>