Browse Source

working on permissions

drop_old_mail
Stephan Richter 3 years ago
parent
commit
2b9a185bfc
  1. 89
      doc/data structure.dia
  2. 6
      src/main/java/de/srsoftware/widerhall/Constants.java
  3. 6
      src/main/java/de/srsoftware/widerhall/data/Database.java
  4. 28
      src/main/java/de/srsoftware/widerhall/data/ListMember.java
  5. 35
      src/main/java/de/srsoftware/widerhall/data/MailingList.java
  6. 64
      src/main/java/de/srsoftware/widerhall/data/User.java
  7. 12
      src/main/java/de/srsoftware/widerhall/web/Rest.java
  8. 164
      src/main/java/de/srsoftware/widerhall/web/Web.java
  9. 12
      static/templates/js.st
  10. 2
      static/templates/listadminlist.st
  11. 3
      static/templates/login.st
  12. 1
      static/templates/userlist.st

89
doc/data structure.dia

@ -267,13 +267,13 @@ @@ -267,13 +267,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O4">
<dia:attribute name="obj_pos">
<dia:point val="33,7"/>
<dia:point val="33,9"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,6.95;40.05,9.05"/>
<dia:rectangle val="32.95,8.95;40.05,11.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,7"/>
<dia:point val="33,9"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -299,7 +299,7 @@ @@ -299,7 +299,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,8.19406"/>
<dia:point val="36.5,10.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -312,13 +312,13 @@ @@ -312,13 +312,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O5">
<dia:attribute name="obj_pos">
<dia:point val="33,11"/>
<dia:point val="33,13"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,10.95;40.05,13.05"/>
<dia:rectangle val="32.95,12.95;40.05,15.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,11"/>
<dia:point val="33,13"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -344,7 +344,7 @@ @@ -344,7 +344,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,12.1941"/>
<dia:point val="36.5,14.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -357,13 +357,13 @@ @@ -357,13 +357,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O6">
<dia:attribute name="obj_pos">
<dia:point val="33,9"/>
<dia:point val="33,11"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,8.95;40.05,11.05"/>
<dia:rectangle val="32.95,10.95;40.05,13.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,9"/>
<dia:point val="33,11"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -389,7 +389,7 @@ @@ -389,7 +389,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,10.1941"/>
<dia:point val="36.5,12.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -537,13 +537,13 @@ @@ -537,13 +537,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O10">
<dia:attribute name="obj_pos">
<dia:point val="33,13"/>
<dia:point val="33,7"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,12.95;40.05,15.05"/>
<dia:rectangle val="32.95,6.95;40.05,9.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,13"/>
<dia:point val="33,7"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -569,7 +569,7 @@ @@ -569,7 +569,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,14.1941"/>
<dia:point val="36.5,8.19406"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -656,13 +656,13 @@ @@ -656,13 +656,13 @@
<dia:point val="27,10"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="26.95,7.1382;33.05,10.05"/>
<dia:rectangle val="26.95,9.1382;33.05,10.05"/>
</dia:attribute>
<dia:attribute name="orth_points">
<dia:point val="27,10"/>
<dia:point val="30,10"/>
<dia:point val="30,7.5"/>
<dia:point val="33,7.5"/>
<dia:point val="30,9.5"/>
<dia:point val="33,9.5"/>
</dia:attribute>
<dia:attribute name="orth_orient">
<dia:enum val="0"/>
@ -1485,13 +1485,13 @@ @@ -1485,13 +1485,13 @@
<dia:point val="27.0449,25"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="26.9949,8.1382;33.05,25.05"/>
<dia:rectangle val="26.9949,10.1382;33.05,25.05"/>
</dia:attribute>
<dia:attribute name="orth_points">
<dia:point val="27.0449,25"/>
<dia:point val="31,25"/>
<dia:point val="31,8.5"/>
<dia:point val="33,8.5"/>
<dia:point val="31,10.5"/>
<dia:point val="33,10.5"/>
</dia:attribute>
<dia:attribute name="orth_orient">
<dia:enum val="0"/>
@ -1605,5 +1605,50 @@ @@ -1605,5 +1605,50 @@
</dia:composite>
</dia:attribute>
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O35">
<dia:attribute name="obj_pos">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,14.95;40.05,17.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
</dia:attribute>
<dia:attribute name="elem_height">
<dia:real val="2"/>
</dia:attribute>
<dia:attribute name="show_background">
<dia:boolean val="true"/>
</dia:attribute>
<dia:attribute name="padding">
<dia:real val="0.5"/>
</dia:attribute>
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#Permissions#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
</dia:attribute>
<dia:attribute name="height">
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,16.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
</dia:attribute>
<dia:attribute name="alignment">
<dia:enum val="1"/>
</dia:attribute>
</dia:composite>
</dia:attribute>
</dia:object>
</dia:layer>
</dia:diagram>

6
src/main/java/de/srsoftware/widerhall/Constants.java

@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
package de.srsoftware.widerhall;
public class Constants {
public static final String ADMIN = "Admin";
public static final String BASE = "base";
public static final String BASE_URL = "base_url";
public static final String CONFIG = "configuration";
public static final String DB = "database";
public static final String DOMAIN = "domain";
public static final String EMAIL = "email";
@ -14,9 +14,11 @@ public class Constants { @@ -14,9 +14,11 @@ public class Constants {
public static final String INDEX = "index";
public static final String INT = "INT";
public static final String LIST = "list";
public static final String LOCATIONS = "locations";
public static final String NAME = "name";
public static final String NOTES = "notes";
public static final String PASSWORD = "password";
public static final String PERMISSIONS = "permissions";
public static final Object PORT = "port";
public static final String PREFIX = "prefix";
public static final String PROTOCOL = "mail.store.protocol";
@ -26,6 +28,4 @@ public class Constants { @@ -26,6 +28,4 @@ public class Constants {
public static final String VARCHAR = "VARCHAR(255)";
public static final String CONFIG = "configuration";
public static final String LOCATIONS = "locations";
}

6
src/main/java/de/srsoftware/widerhall/data/Database.java

@ -36,6 +36,7 @@ public class Database { @@ -36,6 +36,7 @@ public class Database {
}
public ResultSet exec() throws SQLException {
LOG.debug("Executing {}",this);
var args = new ArrayList<>();
if (!where.isEmpty()){
var clauses = new ArrayList<String>();
@ -51,7 +52,6 @@ public class Database { @@ -51,7 +52,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = Database.this.conn.prepareStatement(sql());
if (!args.isEmpty()) {
@ -64,6 +64,7 @@ public class Database { @@ -64,6 +64,7 @@ public class Database {
}
public void run() throws SQLException {
LOG.debug("Running {}",this);
var args = new ArrayList<>();
if (!setValues.isEmpty()){
@ -106,7 +107,6 @@ public class Database { @@ -106,7 +107,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = conn.prepareStatement(sql());
if (!args.isEmpty()) {
@ -134,7 +134,7 @@ public class Database { @@ -134,7 +134,7 @@ public class Database {
if (!setValues.isEmpty()){
var keys = new ArrayList<String>();
var expressions = new ArrayList<String>();
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = entry.getValue()");
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = "+entry.getValue());
sql.append(" SET ").append(String.join(", ",expressions));
}

28
src/main/java/de/srsoftware/widerhall/data/ListMember.java

@ -71,11 +71,16 @@ public class ListMember { @@ -71,11 +71,16 @@ public class ListMember {
Database.open().query(sql).run();
}
public boolean hasState(int testState) {
return (state & testState) > 0;
}
public static Set<String> listsOwnedBy(User user) {
var list = new HashSet<String>();
try {
var request = Database.open().select(TABLE_NAME, LIST_EMAIL, STATE+" & "+STATE_OWNER+" as "+STATE);
if (!user.is(ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
if (!user.hashPermission(User.PERMISSION_ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
var rs = request.exec();
while (rs.next()) list.add(rs.getString(LIST_EMAIL));
} catch (SQLException e) {
@ -84,6 +89,26 @@ public class ListMember { @@ -84,6 +89,26 @@ public class ListMember {
return list;
}
public static ListMember load(MailingList list,User user) throws SQLException {
var rs = Database
.open()
.select(TABLE_NAME)
.where(LIST_EMAIL,list.email())
.where(USER_EMAIL,user.email())
.exec();
try {
if (rs.next()) {
return new ListMember(rs.getString(LIST_EMAIL),
rs.getString(USER_EMAIL),
rs.getInt(STATE),
rs.getString(TOKEN));
}
} finally {
rs.close();
}
return null;
}
public static Map<User,Integer> of(String listEmail) throws SQLException {
var rs = Database.open()
.select(TABLE_NAME)
@ -142,5 +167,4 @@ public class ListMember { @@ -142,5 +167,4 @@ public class ListMember {
}
}
}
}

35
src/main/java/de/srsoftware/widerhall/data/MailingList.java

@ -13,6 +13,7 @@ import java.util.*; @@ -13,6 +13,7 @@ import java.util.*;
import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t;
import static de.srsoftware.widerhall.data.User.PERMISSION_ADMIN;
public class MailingList {
private static final Logger LOG = LoggerFactory.getLogger(MailingList.class);
@ -31,7 +32,8 @@ public class MailingList { @@ -31,7 +32,8 @@ public class MailingList {
private final String email;
public static final String TABLE_NAME = "Lists";
private final String imapPass, imapHost, imapUser;
private final int imapPort, state;
private final int imapPort;
private int state;
private final SmtpClient smtp;
private static final HashMap<String,MailingList> lists = new HashMap<>();
@ -75,22 +77,26 @@ public class MailingList { @@ -75,22 +77,26 @@ public class MailingList {
}
public static void enable(String listEmail, boolean enable) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,enable ? STATE+" | "+ STATE_ENABLED : Database.xor(STATE,STATE_ENABLED))
.where(EMAIL, listEmail).run();
public void enable(boolean enable) throws SQLException {
state = enable ? state | STATE_ENABLED : state ^ (state & STATE_ENABLED);
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static void hide(String listEmail, boolean hide) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,hide ? STATE+" | "+ STATE_PUBLIC : Database.xor(STATE,STATE_PUBLIC))
.where(EMAIL, listEmail).run();
public void hide(boolean hide) throws SQLException {
state = hide ? state ^ (state & STATE_PUBLIC) : state | STATE_PUBLIC;
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static boolean isOpen(String list) {
return openLists().stream().filter(ml -> ml.email.equals(list)).count() > 0;
public boolean isOpenFor(User user) {
if ((state & STATE_PUBLIC) > 0) return true;
if (user == null) return false;
try {
var member = ListMember.load(this,user);
return member.hasState(ListMember.STATE_OWNER|ListMember.STATE_SUBSCRIBER);
} catch (SQLException e) {
LOG.warn("Was not able to load ListMember: ",e);
return false;
}
}
public static Set<MailingList> editableBy(User user) {
@ -117,6 +123,7 @@ public class MailingList { @@ -117,6 +123,7 @@ public class MailingList {
}
public static MailingList load(String listEmail) {
if (listEmail == null) return null;
var ml = lists.get(listEmail);
if (ml == null) try {
var rs = Database.open()
@ -214,7 +221,7 @@ public class MailingList { @@ -214,7 +221,7 @@ public class MailingList {
public static Set<MailingList> subscribable(User user) {
try {
if (user == null) return openLists();
if (user.is(ADMIN)) {
if (user.hashPermission(PERMISSION_ADMIN)) {
var rs = Database.open().select(TABLE_NAME).exec();
var result = new HashSet<MailingList>();
while (rs.next()) result.add(MailingList.from(rs));

64
src/main/java/de/srsoftware/widerhall/data/User.java

@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*; @@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*;
public class User {
public static final String TABLE_NAME = "Users";
private static final Logger LOG = LoggerFactory.getLogger(User.class);
private static final HashMap<String,User> users = new HashMap<>();
public static final int PERMISSION_ADMIN = 1;
public static final int PERMISSION_CREATE_LISTS = 2;
private String email, salt, hashedPass, name;
private int permissions;
public User(String email, String name, String salt, String hashedPass) {
public User(String email, String name, String salt, String hashedPass, int permissions) {
this.email = email;
this.name = name;
this.salt = salt;
this.hashedPass = hashedPass;
this.permissions = permissions;
}
/*********** field accessors ***************/
@ -39,12 +44,22 @@ public class User { @@ -39,12 +44,22 @@ public class User {
return name;
}
public int permissions(){
return permissions;
}
public String salt(){
return salt;
}
/************** end of field accessors ****************/
public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public static User create(String email, String name, String password) throws SQLException {
String salt = null;
String hashedPass = null;
@ -52,7 +67,7 @@ public class User { @@ -52,7 +67,7 @@ public class User {
salt = Util.sha256(email + name + LocalDate.now());
hashedPass = Util.sha256(password + salt);
}
return new User(email,name,salt,hashedPass).save();
return new User(email,name,salt,hashedPass,0).save();
}
public static void createTable() throws SQLException {
@ -60,16 +75,17 @@ public class User { @@ -60,16 +75,17 @@ public class User {
.append("CREATE TABLE ").append(TABLE_NAME)
.append(" (")
.append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ")
.append(NAME).append(" ").append(VARCHAR).append(", ")
.append(PERMISSIONS).append(" ").append(INT).append(", ")
.append(SALT).append(" ").append(VARCHAR).append(", ")
.append(HASHED_PASS).append(" ").append(VARCHAR).append(", ")
.append(NAME).append(" ").append(VARCHAR)
.append(HASHED_PASS).append(" ").append(VARCHAR)
.append(");");
Database.open().query(sql).run();
}
public boolean is(String test){
if (test == null) return false;
return test.equals(name) || test.equals(email);
public boolean hashPermission(int permission){
return (permissions & permission) > 0;
}
@ -82,14 +98,21 @@ public class User { @@ -82,14 +98,21 @@ public class User {
var query = Database.open().select(TABLE_NAME);
if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails);
var rs = query.exec();
while (rs.next()) userList.add(new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS)));
while (rs.next()) userList.add(User.from(rs));
return userList;
}
private static User from(ResultSet rs) throws SQLException {
var email = rs.getString(EMAIL);
var user = users.get(email);
if (user == null) users.put(email,user = new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS),
rs.getInt(PERMISSIONS)));
return user;
}
public static User loadUser(String email, String password) throws InvalidKeyException, SQLException {
@ -99,14 +122,8 @@ public class User { @@ -99,14 +122,8 @@ public class User {
.exec();
try {
if (rs.next()) {
email = rs.getString(EMAIL);
var name = rs.getString(NAME);
var hashedPassword = rs.getString(HASHED_PASS);
var salt = rs.getString(SALT);
var loadedUser = new User(email, name, salt, hashedPassword);
var loadedUser = User.from(rs);
if (loadedUser.matching(password)) return loadedUser;
} else if (noUsers()){
return User.create(email,"Admin",password);
}
} finally {
rs.close();
@ -134,8 +151,15 @@ public class User { @@ -134,8 +151,15 @@ public class User {
return false;
}
public String permissionList(){
var list = new ArrayList<String>();
if (hashPermission(PERMISSION_ADMIN)) list.add("admin");
if (hashPermission(PERMISSION_CREATE_LISTS)) list.add("create lists");
return String.join(", ",list);
}
public Map<String,String> safeMap(){
return Map.of(NAME,name,EMAIL,email,PASSWORD,hashedPassword() == null ? "no" : "yes");
return Map.of(NAME,name,EMAIL,email,PERMISSIONS,permissionList(),PASSWORD,hashedPassword() == null ? "no" : "yes");
}
private User save() throws SQLException {

12
src/main/java/de/srsoftware/widerhall/web/Rest.java

@ -59,7 +59,7 @@ public class Rest extends HttpServlet { @@ -59,7 +59,7 @@ public class Rest extends HttpServlet {
switch (path) {
case USER_LIST:
try {
json.put("users", (user.is(ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList());
json.put("users", (user.hashPermission(User.PERMISSION_ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList());
} catch (SQLException e) {
LOG.debug("Failed to load user list:",e);
json.put(ERROR,"failed to load user list");
@ -140,7 +140,7 @@ public class Rest extends HttpServlet { @@ -140,7 +140,7 @@ public class Rest extends HttpServlet {
}
private Map<String, Object> listMembers(String listEmail, User user) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
try {
var members = ListMember.of(listEmail)
.entrySet()
@ -161,9 +161,9 @@ public class Rest extends HttpServlet { @@ -161,9 +161,9 @@ public class Rest extends HttpServlet {
}
private Map enableList(String listEmail, User user, boolean enable) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.enable(listEmail,enable);
MailingList.load(listEmail).enable(enable);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,enable ? "enabled" : "disabled"));
} catch (SQLException e) {
LOG.error("Failed to enable/disable mailing list: ",e);
@ -174,9 +174,9 @@ public class Rest extends HttpServlet { @@ -174,9 +174,9 @@ public class Rest extends HttpServlet {
}
private Map<String, String> hideList(String listEmail, User user, boolean hide) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.hide(listEmail,hide);
MailingList.load(listEmail).hide(hide);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,hide ? "hidden" : "made public"));
} catch (SQLException e) {
LOG.error("Failed to (un)hide mailing list: ",e);

164
src/main/java/de/srsoftware/widerhall/web/Web.java

@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
package de.srsoftware.widerhall.web;
import de.srsoftware.widerhall.Configuration;
import de.srsoftware.widerhall.Constants;
import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList;
@ -30,6 +31,7 @@ public class Web extends HttpServlet { @@ -30,6 +31,7 @@ public class Web extends HttpServlet {
private static final String ADD_LIST = "add_list";
private static final String CONFIRM = "confirm";
private static final Logger LOG = LoggerFactory.getLogger(Web.class);
private static final String ADMIN = "admin";
private static final String LOGIN = "login";
private static final String LOGOUT = "logout";
private static final String REGISTER = "register";
@ -58,80 +60,84 @@ public class Web extends HttpServlet { @@ -58,80 +60,84 @@ public class Web extends HttpServlet {
private String addList(HttpServletRequest req, HttpServletResponse resp) {
var o = req.getSession().getAttribute(USER);
if (o instanceof User user){
var data = new HashMap<String,Object>();
data.put(USER,user);
var name = req.getParameter(NAME);
data.put(NAME,name);
var email = req.getParameter(EMAIL);
data.put(EMAIL,email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST,imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER,imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST,smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER,smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT,imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT,smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR,"List name and address are required!");
return loadTemplate(ADD_LIST,data,resp);
}
if (!(o instanceof User user)) {
return redirectTo(LOGIN,resp);
}
var data = new HashMap<String, Object>();
data.put(USER, user);
if (!Util.isEmail(email)){
data.put(ERROR,t("List email ({}) is not a valid email address!",email));
return loadTemplate(ADD_LIST,data,resp);
}
if (!user.hashPermission(User.PERMISSION_CREATE_LISTS)){
data.put(ERROR,t("You are not allowed to create new mailing lists!"));
return loadTemplate(ADMIN,data,resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR,"IMAP credentials are required!");
return loadTemplate(ADD_LIST,data,resp);
}
var name = req.getParameter(NAME);
data.put(NAME, name);
var email = req.getParameter(EMAIL);
data.put(EMAIL, email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST, imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER, imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST, smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER, smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT, imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT, smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR, "List name and address are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT,imapPort);
} catch (NumberFormatException nfe){
data.put(ERROR,t("'{}' is not a proper port number!",req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST,data,resp);
}
if (!Util.isEmail(email)) {
data.put(ERROR, t("List email ({}) is not a valid email address!", email));
return loadTemplate(ADD_LIST, data, resp);
}
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR,"SMTP credentials are required!");
return loadTemplate(ADD_LIST,data,resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR, "IMAP credentials are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT,smtpPort);
} catch (NumberFormatException nfe){
data.put(ERROR,t("'{}' is not a proper port number!",req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST,data,resp);
}
try {
var list = MailingList.create(email,name,imapHost,imapPort,imapUser,imapPass,smtpHost,smtpPort,smtpUser,smtpPass);
ListMember.create(list,user,ListMember.STATE_OWNER);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
return t("Failed to create list '{}': {}",name,e.getMessage());
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT, imapPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' is not a proper port number!", req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
return redirectTo(LOGIN,resp);
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR, "SMTP credentials are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT, smtpPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' is not a proper port number!", req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
try {
var list = MailingList.create(email, name, imapHost, imapPort, imapUser, imapPass, smtpHost, smtpPort, smtpUser, smtpPass);
ListMember.create(list, user, ListMember.STATE_OWNER);
return redirectTo(INDEX, resp);
} catch (SQLException e) {
return t("Failed to create list '{}': {}", name, e.getMessage());
}
}
private String confirm(HttpServletRequest req, HttpServletResponse resp) {
@ -181,8 +187,9 @@ public class Web extends HttpServlet { @@ -181,8 +187,9 @@ public class Web extends HttpServlet {
var path = req.getPathInfo();
path = (path == null || path.equals("/")) ? INDEX : path.substring(1);
String notes = null;
var list = req.getParameter(LIST);
if (list != null && !list.isBlank()) data.put(LIST,list);
var listEmail = req.getParameter(LIST);
var list = MailingList.load(listEmail);
if (list != null) data.put(LIST,list.minimalMap());
switch (path){
case CONFIRM:
return confirm(req,resp);
@ -195,12 +202,11 @@ public class Web extends HttpServlet { @@ -195,12 +202,11 @@ public class Web extends HttpServlet {
case UNSUBSCRIBE:
return loadTemplate(path,data,resp);
case SUBSCRIBE:
// TODO check permission
if (MailingList.isOpen(list)) {
data.put(LIST, list);
if (list.isOpenFor(user)) {
data.put(LIST,listEmail);
return loadTemplate(path, data, resp);
}
return t("You are not allowed to subscribe to '{}'!",list);
return t("You are not allowed to subscribe to '{}'!",list.email());
case "js":
resp.setContentType("text/javascript");
return loadTemplate(path,data,resp);
@ -326,12 +332,9 @@ public class Web extends HttpServlet { @@ -326,12 +332,9 @@ public class Web extends HttpServlet {
if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwords do not match!",NAME,name,EMAIL,email),resp);
if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Password to short or to simple!",NAME,name,EMAIL,email),resp);
var firstUser = false;
try {
if (User.noUsers()) { // we are registering the first user, which is forced to be „Admin“
name = ADMIN;
} else {
if (ADMIN.equals(name)) return loadTemplate(REGISTER,Map.of(ERROR,t("Name must not be „{}“",ADMIN),NAME,name,EMAIL,email),resp);
}
firstUser = User.noUsers();
} catch (SQLException e) {
return t("Failed to access user database: {}",e.getMessage());
}
@ -339,9 +342,11 @@ public class Web extends HttpServlet { @@ -339,9 +342,11 @@ public class Web extends HttpServlet {
try {
var user = User.create(email, name, pass);
if (firstUser) user.addPermission(User.PERMISSION_ADMIN|User.PERMISSION_CREATE_LISTS);
req.getSession().setAttribute("user",user);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
LOG.warn("Failed to create new user:",e);
return t("Failed to create new user: {}",e.getMessage());
}
}
@ -388,6 +393,11 @@ public class Web extends HttpServlet { @@ -388,6 +393,11 @@ public class Web extends HttpServlet {
}
data.put(USER,user.safeMap());
if (!list.isOpenFor(user)){
data.put(ERROR,t("You are not allowed to join {}!",list.email()));
return loadTemplate(SUBSCRIBE,data,resp);
}
try {
list.requestSubscription(user,skipConfirmation);
data.put(NOTES,t("Successfully subscribed '{}' to '{}'.",user.email(),list.email()));
@ -454,6 +464,4 @@ public class Web extends HttpServlet { @@ -454,6 +464,4 @@ public class Web extends HttpServlet {
}
}
}

12
static/templates/js.st

@ -62,7 +62,7 @@ function showListOfEditableLists(data){ @@ -62,7 +62,7 @@ function showListOfEditableLists(data){
select.appendTo($('<td/>')).appendTo(row);
$('<td/>').text(list.imap_host).appendTo(row);
$('<td/>').text(list.imap_host).appendTo(row);
$('<td/>').text(list.imap_port).appendTo(row);
$('<td/>').text(list.imap_user).appendTo(row);
$('<td/>').text(list.smtp_host).appendTo(row);
@ -70,10 +70,11 @@ function showListOfEditableLists(data){ @@ -70,10 +70,11 @@ function showListOfEditableLists(data){
$('<td/>').text(list.smtp_user).appendTo(row);
row.appendTo('#listlist');
}
if (data.user.name == 'Admin'){
$('a[href=register]').show();
console.log(data.user);
if (data.user.permissions.includes('create lists')){
$('a[href=add_list]').show();
} else {
$('a[href=register]').hide();
$('a[href=add_list]').hide();
}
}
@ -128,9 +129,10 @@ function showUserList(data){ @@ -128,9 +129,10 @@ function showUserList(data){
$('<td/>').text(user.name).appendTo(row);
$('<td/>').text(user.email).appendTo(row);
$('<td/>').text(user.password).appendTo(row);
$('<td/>').text(user.permissions).appendTo(row);
row.appendTo('#userlist');
}
if (data.user.name == 'Admin'){
if (data.user.permissions.includes('admin')){
$('a[href=register]').show();
} else {
$('a[href=register]').hide();

2
static/templates/listadminlist.st

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
<fieldset>
<legend>List of mailinglists</legend>
<legend>List of (editable) mailinglists</legend>
<table id="listlist">
<tr>
<th colspan="4">List</th>

3
static/templates/login.st

@ -7,8 +7,9 @@ @@ -7,8 +7,9 @@
<link rel="stylesheet" href="css" />
</head>
<body id="login">
<h1>Widerhall login</h1>
«navigation()»
«messages()»
<h1>Widerhall login</h1>
<form method="POST">
<fieldset>
<legend>Login-Daten</legend>

1
static/templates/userlist.st

@ -5,6 +5,7 @@ @@ -5,6 +5,7 @@
<th>User name</th>
<th>Email</th>
<th>Password</th>
<th>Permissions</th>
</tr>
</table>
<a href="register">Register new user</a>

Loading…
Cancel
Save