StephanRichter
/
Widerhall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Browse Source

working on permissions

drop_old_mail
Stephan Richter 3 years ago
parent
a326004e82
commit
2b9a185bfc
12 changed files with 267 additions and 155 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 89
      doc/data structure.dia
  2. 6
      src/main/java/de/srsoftware/widerhall/Constants.java
  3. 6
      src/main/java/de/srsoftware/widerhall/data/Database.java
  4. 28
      src/main/java/de/srsoftware/widerhall/data/ListMember.java
  5. 35
      src/main/java/de/srsoftware/widerhall/data/MailingList.java
  6. 64
      src/main/java/de/srsoftware/widerhall/data/User.java
  7. 12
      src/main/java/de/srsoftware/widerhall/web/Rest.java
  8. 164
      src/main/java/de/srsoftware/widerhall/web/Web.java
  9. 12
      static/templates/js.st
  10. 2
      static/templates/listadminlist.st
  11. 3
      static/templates/login.st
  12. 1
      static/templates/userlist.st

89
doc/data structure.dia
Unescape View File

@ -267,13 +267,13 @@ @@ -267,13 +267,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O4">
<dia:attribute name="obj_pos">
<dia:point val="33,7"/>
<dia:point val="33,9"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,6.95;40.05,9.05"/>
<dia:rectangle val="32.95,8.95;40.05,11.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,7"/>
<dia:point val="33,9"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -299,7 +299,7 @@ @@ -299,7 +299,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,8.19406"/>
<dia:point val="36.5,10.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -312,13 +312,13 @@ @@ -312,13 +312,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O5">
<dia:attribute name="obj_pos">
<dia:point val="33,11"/>
<dia:point val="33,13"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,10.95;40.05,13.05"/>
<dia:rectangle val="32.95,12.95;40.05,15.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,11"/>
<dia:point val="33,13"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -344,7 +344,7 @@ @@ -344,7 +344,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,12.1941"/>
<dia:point val="36.5,14.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -357,13 +357,13 @@ @@ -357,13 +357,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O6">
<dia:attribute name="obj_pos">
<dia:point val="33,9"/>
<dia:point val="33,11"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,8.95;40.05,11.05"/>
<dia:rectangle val="32.95,10.95;40.05,13.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,9"/>
<dia:point val="33,11"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -389,7 +389,7 @@ @@ -389,7 +389,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,10.1941"/>
<dia:point val="36.5,12.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -537,13 +537,13 @@ @@ -537,13 +537,13 @@
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O10">
<dia:attribute name="obj_pos">
<dia:point val="33,13"/>
<dia:point val="33,7"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,12.95;40.05,15.05"/>
<dia:rectangle val="32.95,6.95;40.05,9.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,13"/>
<dia:point val="33,7"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
@ -569,7 +569,7 @@ @@ -569,7 +569,7 @@
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,14.1941"/>
<dia:point val="36.5,8.19406"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
@ -656,13 +656,13 @@ @@ -656,13 +656,13 @@
<dia:point val="27,10"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="26.95,7.1382;33.05,10.05"/>
<dia:rectangle val="26.95,9.1382;33.05,10.05"/>
</dia:attribute>
<dia:attribute name="orth_points">
<dia:point val="27,10"/>
<dia:point val="30,10"/>
<dia:point val="30,7.5"/>
<dia:point val="33,7.5"/>
<dia:point val="30,9.5"/>
<dia:point val="33,9.5"/>
</dia:attribute>
<dia:attribute name="orth_orient">
<dia:enum val="0"/>
@ -1485,13 +1485,13 @@ @@ -1485,13 +1485,13 @@
<dia:point val="27.0449,25"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="26.9949,8.1382;33.05,25.05"/>
<dia:rectangle val="26.9949,10.1382;33.05,25.05"/>
</dia:attribute>
<dia:attribute name="orth_points">
<dia:point val="27.0449,25"/>
<dia:point val="31,25"/>
<dia:point val="31,8.5"/>
<dia:point val="33,8.5"/>
<dia:point val="31,10.5"/>
<dia:point val="33,10.5"/>
</dia:attribute>
<dia:attribute name="orth_orient">
<dia:enum val="0"/>
@ -1605,5 +1605,50 @@ @@ -1605,5 +1605,50 @@
</dia:composite>
</dia:attribute>
</dia:object>
<dia:object type="Flowchart - Box" version="0" id="O35">
<dia:attribute name="obj_pos">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,14.95;40.05,17.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
</dia:attribute>
<dia:attribute name="elem_height">
<dia:real val="2"/>
</dia:attribute>
<dia:attribute name="show_background">
<dia:boolean val="true"/>
</dia:attribute>
<dia:attribute name="padding">
<dia:real val="0.5"/>
</dia:attribute>
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#Permissions#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
</dia:attribute>
<dia:attribute name="height">
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,16.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
</dia:attribute>
<dia:attribute name="alignment">
<dia:enum val="1"/>
</dia:attribute>
</dia:composite>
</dia:attribute>
</dia:object>
</dia:layer>
</dia:diagram>

6
src/main/java/de/srsoftware/widerhall/Constants.java
Unescape View File

@ -1,9 +1,9 @@ @@ -1,9 +1,9 @@
package de.srsoftware.widerhall;
public class Constants {
public static final String ADMIN = "Admin";
public static final String BASE = "base";
public static final String BASE_URL = "base_url";
public static final String CONFIG = "configuration";
public static final String DB = "database";
public static final String DOMAIN = "domain";
public static final String EMAIL = "email";
@ -14,9 +14,11 @@ public class Constants { @@ -14,9 +14,11 @@ public class Constants {
public static final String INDEX = "index";
public static final String INT = "INT";
public static final String LIST = "list";
public static final String LOCATIONS = "locations";
public static final String NAME = "name";
public static final String NOTES = "notes";
public static final String PASSWORD = "password";
public static final String PERMISSIONS = "permissions";
public static final Object PORT = "port";
public static final String PREFIX = "prefix";
public static final String PROTOCOL = "mail.store.protocol";
@ -26,6 +28,4 @@ public class Constants { @@ -26,6 +28,4 @@ public class Constants {
public static final String VARCHAR = "VARCHAR(255)";
public static final String CONFIG = "configuration";
public static final String LOCATIONS = "locations";
}

6
src/main/java/de/srsoftware/widerhall/data/Database.java
Unescape View File

@ -36,6 +36,7 @@ public class Database { @@ -36,6 +36,7 @@ public class Database {
}
public ResultSet exec() throws SQLException {
LOG.debug("Executing {}",this);
var args = new ArrayList<>();
if (!where.isEmpty()){
var clauses = new ArrayList<String>();
@ -51,7 +52,6 @@ public class Database { @@ -51,7 +52,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = Database.this.conn.prepareStatement(sql());
if (!args.isEmpty()) {
@ -64,6 +64,7 @@ public class Database { @@ -64,6 +64,7 @@ public class Database {
}
public void run() throws SQLException {
LOG.debug("Running {}",this);
var args = new ArrayList<>();
if (!setValues.isEmpty()){
@ -106,7 +107,6 @@ public class Database { @@ -106,7 +107,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = conn.prepareStatement(sql());
if (!args.isEmpty()) {
@ -134,7 +134,7 @@ public class Database { @@ -134,7 +134,7 @@ public class Database {
if (!setValues.isEmpty()){
var keys = new ArrayList<String>();
var expressions = new ArrayList<String>();
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = entry.getValue()");
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = "+entry.getValue());
sql.append(" SET ").append(String.join(", ",expressions));
}

28
src/main/java/de/srsoftware/widerhall/data/ListMember.java
Unescape View File

@ -71,11 +71,16 @@ public class ListMember { @@ -71,11 +71,16 @@ public class ListMember {
Database.open().query(sql).run();
}
public boolean hasState(int testState) {
return (state & testState) > 0;
}
public static Set<String> listsOwnedBy(User user) {
var list = new HashSet<String>();
try {
var request = Database.open().select(TABLE_NAME, LIST_EMAIL, STATE+" & "+STATE_OWNER+" as "+STATE);
if (!user.is(ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
if (!user.hashPermission(User.PERMISSION_ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
var rs = request.exec();
while (rs.next()) list.add(rs.getString(LIST_EMAIL));
} catch (SQLException e) {
@ -84,6 +89,26 @@ public class ListMember { @@ -84,6 +89,26 @@ public class ListMember {
return list;
}
public static ListMember load(MailingList list,User user) throws SQLException {
var rs = Database
.open()
.select(TABLE_NAME)
.where(LIST_EMAIL,list.email())
.where(USER_EMAIL,user.email())
.exec();
try {
if (rs.next()) {
return new ListMember(rs.getString(LIST_EMAIL),
rs.getString(USER_EMAIL),
rs.getInt(STATE),
rs.getString(TOKEN));
}
} finally {
rs.close();
}
return null;
}
public static Map<User,Integer> of(String listEmail) throws SQLException {
var rs = Database.open()
.select(TABLE_NAME)
@ -142,5 +167,4 @@ public class ListMember { @@ -142,5 +167,4 @@ public class ListMember {
}
}
}
}

35
src/main/java/de/srsoftware/widerhall/data/MailingList.java
Unescape View File

@ -13,6 +13,7 @@ import java.util.*; @@ -13,6 +13,7 @@ import java.util.*;
import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t;
import static de.srsoftware.widerhall.data.User.PERMISSION_ADMIN;
public class MailingList {
private static final Logger LOG = LoggerFactory.getLogger(MailingList.class);
@ -31,7 +32,8 @@ public class MailingList { @@ -31,7 +32,8 @@ public class MailingList {
private final String email;
public static final String TABLE_NAME = "Lists";
private final String imapPass, imapHost, imapUser;
private final int imapPort, state;
private final int imapPort;
private int state;
private final SmtpClient smtp;
private static final HashMap<String,MailingList> lists = new HashMap<>();
@ -75,22 +77,26 @@ public class MailingList { @@ -75,22 +77,26 @@ public class MailingList {
}
public static void enable(String listEmail, boolean enable) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,enable ? STATE+" | "+ STATE_ENABLED : Database.xor(STATE,STATE_ENABLED))
.where(EMAIL, listEmail).run();
public void enable(boolean enable) throws SQLException {
state = enable ? state | STATE_ENABLED : state ^ (state & STATE_ENABLED);
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static void hide(String listEmail, boolean hide) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,hide ? STATE+" | "+ STATE_PUBLIC : Database.xor(STATE,STATE_PUBLIC))
.where(EMAIL, listEmail).run();
public void hide(boolean hide) throws SQLException {
state = hide ? state ^ (state & STATE_PUBLIC) : state | STATE_PUBLIC;
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static boolean isOpen(String list) {
return openLists().stream().filter(ml -> ml.email.equals(list)).count() > 0;
public boolean isOpenFor(User user) {
if ((state & STATE_PUBLIC) > 0) return true;
if (user == null) return false;
try {
var member = ListMember.load(this,user);
return member.hasState(ListMember.STATE_OWNER|ListMember.STATE_SUBSCRIBER);
} catch (SQLException e) {
LOG.warn("Was not able to load ListMember: ",e);
return false;
}
}
public static Set<MailingList> editableBy(User user) {
@ -117,6 +123,7 @@ public class MailingList { @@ -117,6 +123,7 @@ public class MailingList {
}
public static MailingList load(String listEmail) {
if (listEmail == null) return null;
var ml = lists.get(listEmail);
if (ml == null) try {
var rs = Database.open()
@ -214,7 +221,7 @@ public class MailingList { @@ -214,7 +221,7 @@ public class MailingList {
public static Set<MailingList> subscribable(User user) {
try {
if (user == null) return openLists();
if (user.is(ADMIN)) {
if (user.hashPermission(PERMISSION_ADMIN)) {
var rs = Database.open().select(TABLE_NAME).exec();
var result = new HashSet<MailingList>();
while (rs.next()) result.add(MailingList.from(rs));

64
src/main/java/de/srsoftware/widerhall/data/User.java
Unescape View File

@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*; @@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*;
public class User {
public static final String TABLE_NAME = "Users";
private static final Logger LOG = LoggerFactory.getLogger(User.class);
private static final HashMap<String,User> users = new HashMap<>();
public static final int PERMISSION_ADMIN = 1;
public static final int PERMISSION_CREATE_LISTS = 2;
private String email, salt, hashedPass, name;
private int permissions;
public User(String email, String name, String salt, String hashedPass) {
public User(String email, String name, String salt, String hashedPass, int permissions) {
this.email = email;
this.name = name;
this.salt = salt;
this.hashedPass = hashedPass;
this.permissions = permissions;
}
/*********** field accessors ***************/
@ -39,12 +44,22 @@ public class User { @@ -39,12 +44,22 @@ public class User {
return name;
}
public int permissions(){
return permissions;
}
public String salt(){
return salt;
}
/************** end of field accessors ****************/
public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public static User create(String email, String name, String password) throws SQLException {
String salt = null;
String hashedPass = null;
@ -52,7 +67,7 @@ public class User { @@ -52,7 +67,7 @@ public class User {
salt = Util.sha256(email + name + LocalDate.now());
hashedPass = Util.sha256(password + salt);
}
return new User(email,name,salt,hashedPass).save();
return new User(email,name,salt,hashedPass,0).save();
}
public static void createTable() throws SQLException {
@ -60,16 +75,17 @@ public class User { @@ -60,16 +75,17 @@ public class User {
.append("CREATE TABLE ").append(TABLE_NAME)
.append(" (")
.append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ")
.append(NAME).append(" ").append(VARCHAR).append(", ")
.append(PERMISSIONS).append(" ").append(INT).append(", ")
.append(SALT).append(" ").append(VARCHAR).append(", ")
.append(HASHED_PASS).append(" ").append(VARCHAR).append(", ")
.append(NAME).append(" ").append(VARCHAR)
.append(HASHED_PASS).append(" ").append(VARCHAR)
.append(");");
Database.open().query(sql).run();
}
public boolean is(String test){
if (test == null) return false;
return test.equals(name) || test.equals(email);
public boolean hashPermission(int permission){
return (permissions & permission) > 0;
}
@ -82,14 +98,21 @@ public class User { @@ -82,14 +98,21 @@ public class User {
var query = Database.open().select(TABLE_NAME);
if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails);
var rs = query.exec();
while (rs.next()) userList.add(new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS)));
while (rs.next()) userList.add(User.from(rs));
return userList;
}
private static User from(ResultSet rs) throws SQLException {
var email = rs.getString(EMAIL);
var user = users.get(email);
if (user == null) users.put(email,user = new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS),
rs.getInt(PERMISSIONS)));
return user;
}
public static User loadUser(String email, String password) throws InvalidKeyException, SQLException {
@ -99,14 +122,8 @@ public class User { @@ -99,14 +122,8 @@ public class User {
.exec();
try {
if (rs.next()) {
email = rs.getString(EMAIL);
var name = rs.getString(NAME);
var hashedPassword = rs.getString(HASHED_PASS);
var salt = rs.getString(SALT);
var loadedUser = new User(email, name, salt, hashedPassword);
var loadedUser = User.from(rs);
if (loadedUser.matching(password)) return loadedUser;
} else if (noUsers()){
return User.create(email,"Admin",password);
}
} finally {
rs.close();
@ -134,8 +151,15 @@ public class User { @@ -134,8 +151,15 @@ public class User {
return false;
}
public String permissionList(){
var list = new ArrayList<String>();
if (hashPermission(PERMISSION_ADMIN)) list.add("admin");
if (hashPermission(PERMISSION_CREATE_LISTS)) list.add("create lists");
return String.join(", ",list);
}
public Map<String,String> safeMap(){
return Map.of(NAME,name,EMAIL,email,PASSWORD,hashedPassword() == null ? "no" : "yes");
return Map.of(NAME,name,EMAIL,email,PERMISSIONS,permissionList(),PASSWORD,hashedPassword() == null ? "no" : "yes");
}
private User save() throws SQLException {

12
src/main/java/de/srsoftware/widerhall/web/Rest.java
Unescape View File

@ -59,7 +59,7 @@ public class Rest extends HttpServlet { @@ -59,7 +59,7 @@ public class Rest extends HttpServlet {
switch (path) {
case USER_LIST:
try {
json.put("users", (user.is(ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList());
json.put("users", (user.hashPermission(User.PERMISSION_ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList());
} catch (SQLException e) {
LOG.debug("Failed to load user list:",e);
json.put(ERROR,"failed to load user list");
@ -140,7 +140,7 @@ public class Rest extends HttpServlet { @@ -140,7 +140,7 @@ public class Rest extends HttpServlet {
}
private Map<String, Object> listMembers(String listEmail, User user) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
try {
var members = ListMember.of(listEmail)
.entrySet()
@ -161,9 +161,9 @@ public class Rest extends HttpServlet { @@ -161,9 +161,9 @@ public class Rest extends HttpServlet {
}
private Map enableList(String listEmail, User user, boolean enable) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.enable(listEmail,enable);
MailingList.load(listEmail).enable(enable);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,enable ? "enabled" : "disabled"));
} catch (SQLException e) {
LOG.error("Failed to enable/disable mailing list: ",e);
@ -174,9 +174,9 @@ public class Rest extends HttpServlet { @@ -174,9 +174,9 @@ public class Rest extends HttpServlet {
}
private Map<String, String> hideList(String listEmail, User user, boolean hide) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.hide(listEmail,hide);
MailingList.load(listEmail).hide(hide);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,hide ? "hidden" : "made public"));
} catch (SQLException e) {
LOG.error("Failed to (un)hide mailing list: ",e);

164
src/main/java/de/srsoftware/widerhall/web/Web.java
Unescape View File

@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
package de.srsoftware.widerhall.web;
import de.srsoftware.widerhall.Configuration;
import de.srsoftware.widerhall.Constants;
import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList;
@ -30,6 +31,7 @@ public class Web extends HttpServlet { @@ -30,6 +31,7 @@ public class Web extends HttpServlet {
private static final String ADD_LIST = "add_list";
private static final String CONFIRM = "confirm";
private static final Logger LOG = LoggerFactory.getLogger(Web.class);
private static final String ADMIN = "admin";
private static final String LOGIN = "login";
private static final String LOGOUT = "logout";
private static final String REGISTER = "register";
@ -58,80 +60,84 @@ public class Web extends HttpServlet { @@ -58,80 +60,84 @@ public class Web extends HttpServlet {
private String addList(HttpServletRequest req, HttpServletResponse resp) {
var o = req.getSession().getAttribute(USER);
if (o instanceof User user){
var data = new HashMap<String,Object>();
data.put(USER,user);
var name = req.getParameter(NAME);
data.put(NAME,name);
var email = req.getParameter(EMAIL);
data.put(EMAIL,email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST,imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER,imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST,smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER,smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT,imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT,smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR,"List name and address are required!");
return loadTemplate(ADD_LIST,data,resp);
}
if (!(o instanceof User user)) {
return redirectTo(LOGIN,resp);
}
var data = new HashMap<String, Object>();
data.put(USER, user);
if (!Util.isEmail(email)){
data.put(ERROR,t("List email ({}) is not a valid email address!",email));
return loadTemplate(ADD_LIST,data,resp);
}
if (!user.hashPermission(User.PERMISSION_CREATE_LISTS)){
data.put(ERROR,t("You are not allowed to create new mailing lists!"));
return loadTemplate(ADMIN,data,resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR,"IMAP credentials are required!");
return loadTemplate(ADD_LIST,data,resp);
}
var name = req.getParameter(NAME);
data.put(NAME, name);
var email = req.getParameter(EMAIL);
data.put(EMAIL, email);
var imapHost = req.getParameter(IMAP_HOST);
data.put(IMAP_HOST, imapHost);
var imapUser = req.getParameter(IMAP_USER);
data.put(IMAP_USER, imapUser);
var imapPass = req.getParameter(IMAP_PASS);
var smtpHost = req.getParameter(SMTP_HOST);
data.put(SMTP_HOST, smtpHost);
var smtpUser = req.getParameter(SMTP_USER);
data.put(SMTP_USER, smtpUser);
var smtpPass = req.getParameter(SMTP_PASS);
Integer imapPort = 993;
data.put(IMAP_PORT, imapPort);
Integer smtpPort = 465;
data.put(SMTP_PORT, smtpPort);
if (name == null || name.isBlank() || email == null || email.isBlank()) {
data.put(ERROR, "List name and address are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT,imapPort);
} catch (NumberFormatException nfe){
data.put(ERROR,t("'{}' is not a proper port number!",req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST,data,resp);
}
if (!Util.isEmail(email)) {
data.put(ERROR, t("List email ({}) is not a valid email address!", email));
return loadTemplate(ADD_LIST, data, resp);
}
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR,"SMTP credentials are required!");
return loadTemplate(ADD_LIST,data,resp);
}
if (imapHost == null || imapHost.isBlank() || imapUser == null || imapUser.isBlank() || imapPass == null || imapPass.isBlank()) {
data.put(ERROR, "IMAP credentials are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT,smtpPort);
} catch (NumberFormatException nfe){
data.put(ERROR,t("'{}' is not a proper port number!",req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST,data,resp);
}
try {
var list = MailingList.create(email,name,imapHost,imapPort,imapUser,imapPass,smtpHost,smtpPort,smtpUser,smtpPass);
ListMember.create(list,user,ListMember.STATE_OWNER);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
return t("Failed to create list '{}': {}",name,e.getMessage());
}
try {
imapPort = Integer.parseInt(req.getParameter(IMAP_PORT));
data.put(IMAP_PORT, imapPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' is not a proper port number!", req.getParameter(IMAP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
return redirectTo(LOGIN,resp);
if (smtpHost == null || smtpHost.isBlank() || smtpUser == null || smtpUser.isBlank() || smtpPass == null || smtpPass.isBlank()) {
data.put(ERROR, "SMTP credentials are required!");
return loadTemplate(ADD_LIST, data, resp);
}
try {
smtpPort = Integer.parseInt(req.getParameter(SMTP_PORT));
data.put(SMTP_PORT, smtpPort);
} catch (NumberFormatException nfe) {
data.put(ERROR, t("'{}' is not a proper port number!", req.getParameter(SMTP_PORT)));
return loadTemplate(ADD_LIST, data, resp);
}
try {
var list = MailingList.create(email, name, imapHost, imapPort, imapUser, imapPass, smtpHost, smtpPort, smtpUser, smtpPass);
ListMember.create(list, user, ListMember.STATE_OWNER);
return redirectTo(INDEX, resp);
} catch (SQLException e) {
return t("Failed to create list '{}': {}", name, e.getMessage());
}
}
private String confirm(HttpServletRequest req, HttpServletResponse resp) {
@ -181,8 +187,9 @@ public class Web extends HttpServlet { @@ -181,8 +187,9 @@ public class Web extends HttpServlet {
var path = req.getPathInfo();
path = (path == null || path.equals("/")) ? INDEX : path.substring(1);
String notes = null;
var list = req.getParameter(LIST);
if (list != null && !list.isBlank()) data.put(LIST,list);
var listEmail = req.getParameter(LIST);
var list = MailingList.load(listEmail);
if (list != null) data.put(LIST,list.minimalMap());
switch (path){
case CONFIRM:
return confirm(req,resp);
@ -195,12 +202,11 @@ public class Web extends HttpServlet { @@ -195,12 +202,11 @@ public class Web extends HttpServlet {
case UNSUBSCRIBE:
return loadTemplate(path,data,resp);
case SUBSCRIBE:
// TODO check permission
if (MailingList.isOpen(list)) {
data.put(LIST, list);
if (list.isOpenFor(user)) {
data.put(LIST,listEmail);
return loadTemplate(path, data, resp);
}
return t("You are not allowed to subscribe to '{}'!",list);
return t("You are not allowed to subscribe to '{}'!",list.email());
case "js":
resp.setContentType("text/javascript");
return loadTemplate(path,data,resp);
@ -326,12 +332,9 @@ public class Web extends HttpServlet { @@ -326,12 +332,9 @@ public class Web extends HttpServlet {
if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwords do not match!",NAME,name,EMAIL,email),resp);
if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Password to short or to simple!",NAME,name,EMAIL,email),resp);
var firstUser = false;
try {
if (User.noUsers()) { // we are registering the first user, which is forced to be „Admin“
name = ADMIN;
} else {
if (ADMIN.equals(name)) return loadTemplate(REGISTER,Map.of(ERROR,t("Name must not be „{}“",ADMIN),NAME,name,EMAIL,email),resp);
}
firstUser = User.noUsers();
} catch (SQLException e) {
return t("Failed to access user database: {}",e.getMessage());
}
@ -339,9 +342,11 @@ public class Web extends HttpServlet { @@ -339,9 +342,11 @@ public class Web extends HttpServlet {
try {
var user = User.create(email, name, pass);
if (firstUser) user.addPermission(User.PERMISSION_ADMIN|User.PERMISSION_CREATE_LISTS);
req.getSession().setAttribute("user",user);
return redirectTo(INDEX,resp);
} catch (SQLException e) {
LOG.warn("Failed to create new user:",e);
return t("Failed to create new user: {}",e.getMessage());
}
}
@ -388,6 +393,11 @@ public class Web extends HttpServlet { @@ -388,6 +393,11 @@ public class Web extends HttpServlet {
}
data.put(USER,user.safeMap());
if (!list.isOpenFor(user)){
data.put(ERROR,t("You are not allowed to join {}!",list.email()));
return loadTemplate(SUBSCRIBE,data,resp);
}
try {
list.requestSubscription(user,skipConfirmation);
data.put(NOTES,t("Successfully subscribed '{}' to '{}'.",user.email(),list.email()));
@ -454,6 +464,4 @@ public class Web extends HttpServlet { @@ -454,6 +464,4 @@ public class Web extends HttpServlet {
}
}
}

12
static/templates/js.st
Unescape View File

@ -62,7 +62,7 @@ function showListOfEditableLists(data){ @@ -62,7 +62,7 @@ function showListOfEditableLists(data){
select.appendTo($('<td/>')).appendTo(row);
$('<td/>').text(list.imap_host).appendTo(row);
$('<td/>').text(list.imap_host).appendTo(row);
$('<td/>').text(list.imap_port).appendTo(row);
$('<td/>').text(list.imap_user).appendTo(row);
$('<td/>').text(list.smtp_host).appendTo(row);
@ -70,10 +70,11 @@ function showListOfEditableLists(data){ @@ -70,10 +70,11 @@ function showListOfEditableLists(data){
$('<td/>').text(list.smtp_user).appendTo(row);
row.appendTo('#listlist');
}
if (data.user.name == 'Admin'){
$('a[href=register]').show();
console.log(data.user);
if (data.user.permissions.includes('create lists')){
$('a[href=add_list]').show();
} else {
$('a[href=register]').hide();
$('a[href=add_list]').hide();
}
}
@ -128,9 +129,10 @@ function showUserList(data){ @@ -128,9 +129,10 @@ function showUserList(data){
$('<td/>').text(user.name).appendTo(row);
$('<td/>').text(user.email).appendTo(row);
$('<td/>').text(user.password).appendTo(row);
$('<td/>').text(user.permissions).appendTo(row);
row.appendTo('#userlist');
}
if (data.user.name == 'Admin'){
if (data.user.permissions.includes('admin')){
$('a[href=register]').show();
} else {
$('a[href=register]').hide();

2
static/templates/listadminlist.st
Unescape View File

@ -1,5 +1,5 @@ @@ -1,5 +1,5 @@
<fieldset>
<legend>List of mailinglists</legend>
<legend>List of (editable) mailinglists</legend>
<table id="listlist">
<tr>
<th colspan="4">List</th>

3
static/templates/login.st
Unescape View File

@ -7,8 +7,9 @@ @@ -7,8 +7,9 @@
<link rel="stylesheet" href="css" />
</head>
<body id="login">
<h1>Widerhall login</h1>
«navigation()»
«messages()»
<h1>Widerhall login</h1>
<form method="POST">
<fieldset>
<legend>Login-Daten</legend>

1
static/templates/userlist.st
Unescape View File

@ -5,6 +5,7 @@ @@ -5,6 +5,7 @@
<th>User name</th>
<th>Email</th>
<th>Password</th>
<th>Permissions</th>
</tr>
</table>
<a href="register">Register new user</a>

Write Preview
Loading…
Cancel
Save