StephanRichter/Widerhall
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

working on permissions

Browse Source
This commit is contained in:
Stephan Richter
2022-04-18 16:07:59 +02:00
parent a326004e82
commit 2b9a185bfc
12 changed files with 274 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/de/srsoftware/widerhall/data/Database.java
View File

@@ -36,6 +36,7 @@ public class Database {
}
public ResultSet exec() throws SQLException {
LOG.debug("Executing {}",this);
var args = new ArrayList<>();
if (!where.isEmpty()){
var clauses = new ArrayList<String>();
@@ -51,7 +52,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = Database.this.conn.prepareStatement(sql());
if (!args.isEmpty()) {
@@ -64,6 +64,7 @@ public class Database {
}
public void run() throws SQLException {
LOG.debug("Running {}",this);
var args = new ArrayList<>();
if (!setValues.isEmpty()){
@@ -106,7 +107,6 @@ public class Database {
sql.append(String.join(" AND ",clauses));
}
LOG.debug("SQL: {}",sql);
try {
var stmt = conn.prepareStatement(sql());
if (!args.isEmpty()) {
@@ -134,7 +134,7 @@ public class Database {
if (!setValues.isEmpty()){
var keys = new ArrayList<String>();
var expressions = new ArrayList<String>();
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = entry.getValue()");
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = "+entry.getValue());
sql.append(" SET ").append(String.join(", ",expressions));
}

28
src/main/java/de/srsoftware/widerhall/data/ListMember.java
View File

@@ -71,11 +71,16 @@ public class ListMember {
Database.open().query(sql).run();
}
public boolean hasState(int testState) {
return (state & testState) > 0;
}
public static Set<String> listsOwnedBy(User user) {
var list = new HashSet<String>();
try {
var request = Database.open().select(TABLE_NAME, LIST_EMAIL, STATE+" & "+STATE_OWNER+" as "+STATE);
if (!user.is(ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
if (!user.hashPermission(User.PERMISSION_ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
var rs = request.exec();
while (rs.next()) list.add(rs.getString(LIST_EMAIL));
} catch (SQLException e) {
@@ -84,6 +89,26 @@ public class ListMember {
return list;
}
public static ListMember load(MailingList list,User user) throws SQLException {
var rs = Database
.open()
.select(TABLE_NAME)
.where(LIST_EMAIL,list.email())
.where(USER_EMAIL,user.email())
.exec();
try {
if (rs.next()) {
return new ListMember(rs.getString(LIST_EMAIL),
rs.getString(USER_EMAIL),
rs.getInt(STATE),
rs.getString(TOKEN));
}
} finally {
rs.close();
}
return null;
}
public static Map<User,Integer> of(String listEmail) throws SQLException {
var rs = Database.open()
.select(TABLE_NAME)
@@ -142,5 +167,4 @@ public class ListMember {
}
}
}
}

35
src/main/java/de/srsoftware/widerhall/data/MailingList.java
View File

@@ -13,6 +13,7 @@ import java.util.*;
import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t;
import static de.srsoftware.widerhall.data.User.PERMISSION_ADMIN;
public class MailingList {
private static final Logger LOG = LoggerFactory.getLogger(MailingList.class);
@@ -31,7 +32,8 @@ public class MailingList {
private final String email;
public static final String TABLE_NAME = "Lists";
private final String imapPass, imapHost, imapUser;
private final int imapPort, state;
private final int imapPort;
private int state;
private final SmtpClient smtp;
private static final HashMap<String,MailingList> lists = new HashMap<>();
@@ -75,22 +77,26 @@ public class MailingList {
}
public static void enable(String listEmail, boolean enable) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,enable ? STATE+" | "+ STATE_ENABLED : Database.xor(STATE,STATE_ENABLED))
.where(EMAIL, listEmail).run();
public void enable(boolean enable) throws SQLException {
state = enable ? state | STATE_ENABLED : state ^ (state & STATE_ENABLED);
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static void hide(String listEmail, boolean hide) throws SQLException {
Database.open()
.update(TABLE_NAME)
.set(STATE,hide ? STATE+" | "+ STATE_PUBLIC : Database.xor(STATE,STATE_PUBLIC))
.where(EMAIL, listEmail).run();
public void hide(boolean hide) throws SQLException {
state = hide ? state ^ (state & STATE_PUBLIC) : state | STATE_PUBLIC;
Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
}
public static boolean isOpen(String list) {
return openLists().stream().filter(ml -> ml.email.equals(list)).count() > 0;
public boolean isOpenFor(User user) {
if ((state & STATE_PUBLIC) > 0) return true;
if (user == null) return false;
try {
var member = ListMember.load(this,user);
return member.hasState(ListMember.STATE_OWNER|ListMember.STATE_SUBSCRIBER);
} catch (SQLException e) {
LOG.warn("Was not able to load ListMember: ",e);
return false;
}
}
public static Set<MailingList> editableBy(User user) {
@@ -117,6 +123,7 @@ public class MailingList {
}
public static MailingList load(String listEmail) {
if (listEmail == null) return null;
var ml = lists.get(listEmail);
if (ml == null) try {
var rs = Database.open()
@@ -214,7 +221,7 @@ public class MailingList {
public static Set<MailingList> subscribable(User user) {
try {
if (user == null) return openLists();
if (user.is(ADMIN)) {
if (user.hashPermission(PERMISSION_ADMIN)) {
var rs = Database.open().select(TABLE_NAME).exec();
var result = new HashSet<MailingList>();
while (rs.next()) result.add(MailingList.from(rs));

64
src/main/java/de/srsoftware/widerhall/data/User.java
View File

@@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*;
public class User {
public static final String TABLE_NAME = "Users";
private static final Logger LOG = LoggerFactory.getLogger(User.class);
private static final HashMap<String,User> users = new HashMap<>();
public static final int PERMISSION_ADMIN = 1;
public static final int PERMISSION_CREATE_LISTS = 2;
private String email, salt, hashedPass, name;
private int permissions;
public User(String email, String name, String salt, String hashedPass) {
public User(String email, String name, String salt, String hashedPass, int permissions) {
this.email = email;
this.name = name;
this.salt = salt;
this.hashedPass = hashedPass;
this.permissions = permissions;
}
/*********** field accessors ***************/
@@ -39,12 +44,22 @@ public class User {
return name;
}
public int permissions(){
return permissions;
}
public String salt(){
return salt;
}
/************** end of field accessors ****************/
public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public static User create(String email, String name, String password) throws SQLException {
String salt = null;
String hashedPass = null;
@@ -52,7 +67,7 @@ public class User {
salt = Util.sha256(email + name + LocalDate.now());
hashedPass = Util.sha256(password + salt);
}
return new User(email,name,salt,hashedPass).save();
return new User(email,name,salt,hashedPass,0).save();
}
public static void createTable() throws SQLException {
@@ -60,16 +75,17 @@ public class User {
.append("CREATE TABLE ").append(TABLE_NAME)
.append(" (")
.append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ")
.append(NAME).append(" ").append(VARCHAR).append(", ")
.append(PERMISSIONS).append(" ").append(INT).append(", ")
.append(SALT).append(" ").append(VARCHAR).append(", ")
.append(HASHED_PASS).append(" ").append(VARCHAR).append(", ")
.append(NAME).append(" ").append(VARCHAR)
.append(HASHED_PASS).append(" ").append(VARCHAR)
.append(");");
Database.open().query(sql).run();
}
public boolean is(String test){
if (test == null) return false;
return test.equals(name) || test.equals(email);
public boolean hashPermission(int permission){
return (permissions & permission) > 0;
}
@@ -82,14 +98,21 @@ public class User {
var query = Database.open().select(TABLE_NAME);
if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails);
var rs = query.exec();
while (rs.next()) userList.add(new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS)));
while (rs.next()) userList.add(User.from(rs));
return userList;
}
private static User from(ResultSet rs) throws SQLException {
var email = rs.getString(EMAIL);
var user = users.get(email);
if (user == null) users.put(email,user = new User(
rs.getString(EMAIL),
rs.getString(NAME),
rs.getString(SALT),
rs.getString(HASHED_PASS),
rs.getInt(PERMISSIONS)));
return user;
}
public static User loadUser(String email, String password) throws InvalidKeyException, SQLException {
@@ -99,14 +122,8 @@ public class User {
.exec();
try {
if (rs.next()) {
email = rs.getString(EMAIL);
var name = rs.getString(NAME);
var hashedPassword = rs.getString(HASHED_PASS);
var salt = rs.getString(SALT);
var loadedUser = new User(email, name, salt, hashedPassword);
var loadedUser = User.from(rs);
if (loadedUser.matching(password)) return loadedUser;
} else if (noUsers()){
return User.create(email,"Admin",password);
}
} finally {
rs.close();
@@ -134,8 +151,15 @@ public class User {
return false;
}
public String permissionList(){
var list = new ArrayList<String>();
if (hashPermission(PERMISSION_ADMIN)) list.add("admin");
if (hashPermission(PERMISSION_CREATE_LISTS)) list.add("create lists");
return String.join(", ",list);
}
public Map<String,String> safeMap(){
return Map.of(NAME,name,EMAIL,email,PASSWORD,hashedPassword() == null ? "no" : "yes");
return Map.of(NAME,name,EMAIL,email,PERMISSIONS,permissionList(),PASSWORD,hashedPassword() == null ? "no" : "yes");
}
private User save() throws SQLException {