001: /*
002: * File : $Source: /usr/local/cvs/opencms/src-modules/org/opencms/workplace/tools/accounts/CmsAccountsToolHandler.java,v $
003: * Date : $Date: 2008-02-27 14:44:57 $
004: * Version: $Revision: 1.17 $
005: *
006: * This library is part of OpenCms -
007: * the Open Source Content Management System
008: *
009: * Copyright (c) 2002 - 2008 Alkacon Software GmbH (http://www.alkacon.com)
010: *
011: * This library is free software; you can redistribute it and/or
012: * modify it under the terms of the GNU Lesser General Public
013: * License as published by the Free Software Foundation; either
014: * version 2.1 of the License, or (at your option) any later version.
015: *
016: * This library is distributed in the hope that it will be useful,
017: * but WITHOUT ANY WARRANTY; without even the implied warranty of
018: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: * Lesser General Public License for more details.
020: *
021: * For further information about Alkacon Software GmbH, please see the
022: * company website: http://www.alkacon.com
023: *
024: * For further information about OpenCms, please see the
025: * project website: http://www.opencms.org
026: *
027: * You should have received a copy of the GNU Lesser General Public
028: * License along with this library; if not, write to the Free Software
029: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
030: */
031:
032: package org.opencms.workplace.tools.accounts;
033:
034: import org.opencms.file.CmsGroup;
035: import org.opencms.file.CmsObject;
036: import org.opencms.file.CmsUser;
037: import org.opencms.main.CmsException;
038: import org.opencms.main.CmsLog;
039: import org.opencms.main.OpenCms;
040: import org.opencms.module.CmsModule;
041: import org.opencms.security.CmsOrganizationalUnit;
042: import org.opencms.security.CmsRole;
043: import org.opencms.util.CmsRequestUtil;
044: import org.opencms.util.CmsUUID;
045: import org.opencms.workplace.CmsWorkplace;
046: import org.opencms.workplace.CmsWorkplaceUserInfoManager;
047: import org.opencms.workplace.tools.CmsDefaultToolHandler;
048:
049: import java.util.Iterator;
050: import java.util.List;
051:
052: import org.apache.commons.logging.Log;
053:
054: /**
055: * Users management tool handler that hides the tool if the current user
056: * has not the needed privileges.<p>
057: *
058: * @author Michael Moossen
059: *
060: * @version $Revision: 1.17 $
061: *
062: * @since 6.0.0
063: */
064: public class CmsAccountsToolHandler extends CmsDefaultToolHandler {
065:
066: /** Visibility parameter value constant. */
067: protected static final String VISIBILITY_ALL = "all";
068:
069: /** Account manager file path constant. */
070: private static final String ACCMAN_FILE = "account_managers.jsp";
071:
072: /** All additional info file path constant. */
073: private static final String ALLINFO_FILE = "user_allinfo.jsp";
074:
075: /** Assign users file path constant. */
076: private static final String ASSIGN_FILE = "user_assign.jsp";
077:
078: /** Delete file path constant. */
079: private static final String DELETE_FILE = "unit_delete.jsp";
080:
081: /** Organizational unit edit file path constant. */
082: private static final String OU_EDIT_FILE = "unit_edit.jsp";
083:
084: /** Group users file path constant. */
085: private static final String GROUP_USERS_FILE = "group_users.jsp";
086:
087: /** Edit group users file path constant. */
088: private static final String GROUPUSERS_FILE = "group_users.jsp";
089:
090: /** The log object for this class. */
091: private static final Log LOG = CmsLog
092: .getLog(CmsAccountsToolHandler.class);
093:
094: /** New file path constant. */
095: private static final String NEW_FILE = "unit_new.jsp";
096:
097: /** Organizational unit roles file path constant. */
098: private static final String OUROLES_FILE = "roles_list.jsp";
099:
100: /** Overview file path constant. */
101: private static final String OVERVIEW_FILE = "unit_overview.jsp";
102:
103: /** Visibility flag module parameter name. */
104: private static final String PARAM_VISIBILITY_FLAG = "visibility";
105:
106: /** Parent file path constant. */
107: private static final String PARENT_FILE = "unit_parent.jsp";
108:
109: /** Role users edit file path constant. */
110: private static final String ROLEUSERS_EDIT_FILE = "role_users.jsp";
111:
112: /** Switch user file path constant. */
113: private static final String SWITCHUSER_FILE = "user_switch.jsp";
114:
115: /** User roles file path constant. */
116: private static final String USERROLE_FILE = "user_role.jsp";
117:
118: /** Visibility parameter value constant. */
119: private static final String VISIBILITY_NONE = "none";
120:
121: /** Flag to indicate if the current ou is a webuser ou. */
122: private boolean m_webuserOu = false;
123:
124: /**
125: * @see org.opencms.workplace.tools.A_CmsToolHandler#getDisabledHelpText()
126: */
127: public String getDisabledHelpText() {
128:
129: if (super .getDisabledHelpText().equals(
130: DEFAULT_DISABLED_HELPTEXT)) {
131: if (getLink().equals(getPath(GROUPUSERS_FILE))) {
132: return "${key."
133: + Messages.GUI_VIRTUAL_GROUP_DISABLED_EDITION_HELP_0
134: + "}";
135: }
136: if (getLink().equals(getPath(ROLEUSERS_EDIT_FILE))) {
137: return "${key."
138: + Messages.GUI_ROLEUSERS_EDIT_DISABLED_HELP_0
139: + "}";
140: }
141: return "${key."
142: + Messages.GUI_ORGUNIT_ADMIN_TOOL_DISABLED_DELETE_HELP_0
143: + "}";
144: }
145: return super .getDisabledHelpText();
146: }
147:
148: /**
149: * @see org.opencms.workplace.tools.A_CmsToolHandler#isEnabled(org.opencms.workplace.CmsWorkplace)
150: */
151: public boolean isEnabled(CmsWorkplace wp) {
152:
153: if (getLink().equals(getPath(GROUPUSERS_FILE))) {
154: String groupId = CmsRequestUtil
155: .getNotEmptyDecodedParameter(wp.getJsp()
156: .getRequest(),
157: A_CmsEditGroupDialog.PARAM_GROUPID);
158: try {
159: return !wp.getCms().readGroup(new CmsUUID(groupId))
160: .isVirtual();
161: } catch (Exception e) {
162: return false;
163: }
164: }
165: if (!getLink().equals(ASSIGN_FILE)) {
166: wp.getJsp().getRequest().getSession().removeAttribute(
167: A_CmsOrgUnitUsersList.ORGUNIT_USERS);
168: wp.getJsp().getRequest().getSession().removeAttribute(
169: A_CmsOrgUnitUsersList.NOT_ORGUNIT_USERS);
170: }
171:
172: if (getLink().equals(DELETE_FILE)) {
173: String ouFqn = CmsRequestUtil.getNotEmptyDecodedParameter(
174: wp.getJsp().getRequest(),
175: A_CmsOrgUnitDialog.PARAM_OUFQN);
176: if (ouFqn == null) {
177: ouFqn = wp.getCms().getRequestContext().getOuFqn();
178: }
179: try {
180: if (OpenCms.getOrgUnitManager().getUsers(wp.getCms(),
181: ouFqn, true).size() > 0) {
182: return false;
183: }
184: if (OpenCms.getOrgUnitManager().getGroups(wp.getCms(),
185: ouFqn, true).size() > 0) {
186: List groups = OpenCms.getOrgUnitManager()
187: .getGroups(wp.getCms(), ouFqn, true);
188: Iterator itGroups = groups.iterator();
189: while (itGroups.hasNext()) {
190: CmsGroup group = (CmsGroup) itGroups.next();
191: if (!OpenCms.getDefaultUsers().isDefaultGroup(
192: group.getName())) {
193: return false;
194: }
195: }
196: }
197: if (OpenCms.getOrgUnitManager().getOrganizationalUnits(
198: wp.getCms(), ouFqn, true).size() > 0) {
199: return false;
200: }
201: } catch (CmsException e) {
202: // noop
203: }
204: }
205:
206: if (getLink().equals(getPath(ROLEUSERS_EDIT_FILE))) {
207: String roleName = CmsRequestUtil
208: .getNotEmptyDecodedParameter(wp.getJsp()
209: .getRequest(), CmsRolesList.PARAM_ROLE);
210: if (!OpenCms.getRoleManager().hasRole(wp.getCms(),
211: CmsRole.valueOfGroupName(roleName))) {
212: return false;
213: }
214: } else if (getPath().indexOf("/users/edit/") > -1) {
215: // check if the current user is the root administrator
216: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
217: CmsRole.ROOT_ADMIN)) {
218: return true;
219: }
220: CmsUUID userId = new CmsUUID(CmsRequestUtil
221: .getNotEmptyDecodedParameter(wp.getJsp()
222: .getRequest(),
223: A_CmsEditUserDialog.PARAM_USERID));
224: try {
225: CmsUser user = wp.getCms().readUser(userId);
226: // check if the user to change is root administrator
227: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
228: user.getName(), CmsRole.ROOT_ADMIN)) {
229: return false;
230: }
231: // check if the current user is an administrator
232: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
233: CmsRole.ADMINISTRATOR)) {
234: return true;
235: }
236: // check if the user to change is an administrator
237: return !OpenCms.getRoleManager().hasRole(wp.getCms(),
238: user.getName(), CmsRole.ADMINISTRATOR);
239: } catch (CmsException e) {
240: // should never happen
241: if (LOG.isErrorEnabled()) {
242: LOG.error(e.getLocalizedMessage(), e);
243: }
244: }
245: return false;
246: }
247:
248: return true;
249: }
250:
251: /**
252: * @see org.opencms.workplace.tools.A_CmsToolHandler#isVisible(org.opencms.workplace.CmsWorkplace)
253: */
254: public boolean isVisible(CmsWorkplace wp) {
255:
256: if (getVisibilityFlag().equals(VISIBILITY_NONE)) {
257: return false;
258: }
259:
260: if (getLink().equals(getPath(ALLINFO_FILE))) {
261: CmsWorkplaceUserInfoManager manager = OpenCms
262: .getWorkplaceManager().getUserInfoManager();
263: if ((manager == null) || (manager.getBlocks() == null)
264: || manager.getBlocks().isEmpty()) {
265: return false;
266: }
267: }
268:
269: CmsObject cms = wp.getCms();
270: if (!OpenCms.getRoleManager().hasRole(cms,
271: CmsRole.ACCOUNT_MANAGER)) {
272: return false;
273: }
274:
275: String ouFqn = CmsRequestUtil.getNotEmptyDecodedParameter(wp
276: .getJsp().getRequest(), A_CmsOrgUnitDialog.PARAM_OUFQN);
277: if (ouFqn == null) {
278: ouFqn = cms.getRequestContext().getOuFqn();
279: }
280: String parentOu = CmsOrganizationalUnit.getParentFqn(ouFqn);
281: try {
282: m_webuserOu = OpenCms.getOrgUnitManager()
283: .readOrganizationalUnit(wp.getCms(), ouFqn)
284: .hasFlagWebuser();
285: } catch (CmsException e) {
286: // ignore
287: if (LOG.isErrorEnabled()) {
288: LOG.error(e.getLocalizedMessage(), e);
289: }
290: }
291:
292: if (getLink().equals(getPath(OVERVIEW_FILE))) {
293: if (parentOu != null) {
294: return !OpenCms.getRoleManager().hasRole(cms,
295: CmsRole.ADMINISTRATOR.forOrgUnit(parentOu));
296: }
297: return true;
298: } else if (getLink().equals(getPath(OU_EDIT_FILE))) {
299: if (parentOu != null) {
300: return (OpenCms.getRoleManager().hasRole(cms,
301: CmsRole.ADMINISTRATOR) && OpenCms
302: .getRoleManager().hasRole(
303: cms,
304: CmsRole.ADMINISTRATOR
305: .forOrgUnit(parentOu)));
306: } else {
307: return false;
308: }
309: } else if (getLink().equals(getPath(NEW_FILE))) {
310: if (m_webuserOu) {
311: return false;
312: }
313: return OpenCms.getRoleManager().hasRole(cms,
314: CmsRole.ADMINISTRATOR);
315: } else if (getLink().equals(getPath(PARENT_FILE))) {
316: if (parentOu != null) {
317: return OpenCms.getRoleManager().hasRole(cms,
318: CmsRole.ACCOUNT_MANAGER.forOrgUnit(parentOu));
319: } else {
320: return false;
321: }
322: } else if (getLink().equals(getPath(DELETE_FILE))) {
323: if (parentOu != null) {
324: return (OpenCms.getRoleManager().hasRole(cms,
325: CmsRole.ADMINISTRATOR) && OpenCms
326: .getRoleManager().hasRole(
327: cms,
328: CmsRole.ADMINISTRATOR
329: .forOrgUnit(parentOu)));
330: } else {
331: return false;
332: }
333: } else if (getLink().equals(getPath(ASSIGN_FILE))) {
334: try {
335: List orgUnits = OpenCms.getRoleManager()
336: .getOrgUnitsForRole(cms,
337: CmsRole.ACCOUNT_MANAGER.forOrgUnit(""),
338: true);
339: if (orgUnits.size() == 1) {
340: return false;
341: }
342: return !m_webuserOu;
343: } catch (CmsException e) {
344: // ignore
345: if (LOG.isErrorEnabled()) {
346: LOG.error(e.getLocalizedMessage(), e);
347: }
348: }
349: } else if (getLink().equals(getPath(OUROLES_FILE))) {
350: return !m_webuserOu;
351: } else if (getLink().equals(getPath(SWITCHUSER_FILE))) {
352: boolean visible = OpenCms.getRoleManager().hasRole(
353: wp.getCms(), CmsRole.ROOT_ADMIN);
354: CmsUUID userId = new CmsUUID(CmsRequestUtil
355: .getNotEmptyDecodedParameter(wp.getJsp()
356: .getRequest(),
357: A_CmsEditUserDialog.PARAM_USERID));
358: try {
359: visible &= OpenCms.getRoleManager().hasRole(
360: wp.getCms(),
361: wp.getCms().readUser(userId).getName(),
362: CmsRole.WORKPLACE_USER);
363: } catch (CmsException e) {
364: // should never happen
365: if (LOG.isErrorEnabled()) {
366: LOG.error(e.getLocalizedMessage(), e);
367: }
368: }
369: return visible;
370: } else if (getPath().indexOf("/users/edit/") > -1) {
371: // check if the current user is the root administrator
372: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
373: CmsRole.ROOT_ADMIN)) {
374: return true;
375: }
376: CmsUUID userId = new CmsUUID(CmsRequestUtil
377: .getNotEmptyDecodedParameter(wp.getJsp()
378: .getRequest(),
379: A_CmsEditUserDialog.PARAM_USERID));
380: try {
381: CmsUser user = wp.getCms().readUser(userId);
382: // check if the user to change is root administrator
383: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
384: user.getName(), CmsRole.ROOT_ADMIN)) {
385: return false;
386: }
387: // check if the current user is an administrator
388: if (OpenCms.getRoleManager().hasRole(wp.getCms(),
389: CmsRole.ADMINISTRATOR)) {
390: return true;
391: }
392: // check if the user to change is an administrator
393: return !OpenCms.getRoleManager().hasRole(wp.getCms(),
394: user.getName(), CmsRole.ADMINISTRATOR);
395: } catch (CmsException e) {
396: // should never happen
397: if (LOG.isErrorEnabled()) {
398: LOG.error(e.getLocalizedMessage(), e);
399: }
400: }
401: return false;
402: } else if (getLink().equals(getPath(USERROLE_FILE))
403: || getLink().equals(getPath(GROUP_USERS_FILE))) {
404: String userId = CmsRequestUtil.getNotEmptyDecodedParameter(
405: wp.getJsp().getRequest(),
406: A_CmsEditUserDialog.PARAM_USERID);
407: try {
408: return !wp.getCms().readUser(new CmsUUID(userId))
409: .isWebuser();
410: } catch (Exception e) {
411: // ignore
412: if (LOG.isErrorEnabled()) {
413: LOG.error(e.getLocalizedMessage(), e);
414: }
415: }
416: } else if (getLink().equals(getPath(ACCMAN_FILE))) {
417: return m_webuserOu;
418: }
419: return true;
420: }
421:
422: /**
423: * Returns the path to the jsp.<p>
424: *
425: * @param jspName the jsp name
426: *
427: * @return the full path
428: */
429: protected String getPath(String jspName) {
430:
431: return "/system/workplace/admin/accounts/" + jspName;
432: }
433:
434: /**
435: * Returns the visibility flag module parameter value.<p>
436: *
437: * @return the visibility flag module parameter value
438: */
439: protected String getVisibilityFlag() {
440:
441: CmsModule module = OpenCms.getModuleManager().getModule(
442: this.getClass().getPackage().getName());
443: if (module == null) {
444: return VISIBILITY_ALL;
445: }
446: return module.getParameter(PARAM_VISIBILITY_FLAG,
447: VISIBILITY_ALL);
448: }
449: }
|