working on permissions
This commit is contained in:
@@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*;
|
||||
public class User {
|
||||
public static final String TABLE_NAME = "Users";
|
||||
private static final Logger LOG = LoggerFactory.getLogger(User.class);
|
||||
private static final HashMap<String,User> users = new HashMap<>();
|
||||
public static final int PERMISSION_ADMIN = 1;
|
||||
public static final int PERMISSION_CREATE_LISTS = 2;
|
||||
|
||||
private String email, salt, hashedPass, name;
|
||||
private int permissions;
|
||||
|
||||
public User(String email, String name, String salt, String hashedPass) {
|
||||
public User(String email, String name, String salt, String hashedPass, int permissions) {
|
||||
this.email = email;
|
||||
this.name = name;
|
||||
this.salt = salt;
|
||||
this.hashedPass = hashedPass;
|
||||
this.permissions = permissions;
|
||||
}
|
||||
|
||||
/*********** field accessors ***************/
|
||||
@@ -39,12 +44,22 @@ public class User {
|
||||
return name;
|
||||
}
|
||||
|
||||
public int permissions(){
|
||||
return permissions;
|
||||
}
|
||||
|
||||
public String salt(){
|
||||
return salt;
|
||||
}
|
||||
|
||||
/************** end of field accessors ****************/
|
||||
|
||||
public void addPermission(int newPermission) throws SQLException {
|
||||
permissions |= newPermission;
|
||||
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
|
||||
}
|
||||
|
||||
|
||||
public static User create(String email, String name, String password) throws SQLException {
|
||||
String salt = null;
|
||||
String hashedPass = null;
|
||||
@@ -52,7 +67,7 @@ public class User {
|
||||
salt = Util.sha256(email + name + LocalDate.now());
|
||||
hashedPass = Util.sha256(password + salt);
|
||||
}
|
||||
return new User(email,name,salt,hashedPass).save();
|
||||
return new User(email,name,salt,hashedPass,0).save();
|
||||
}
|
||||
|
||||
public static void createTable() throws SQLException {
|
||||
@@ -60,16 +75,17 @@ public class User {
|
||||
.append("CREATE TABLE ").append(TABLE_NAME)
|
||||
.append(" (")
|
||||
.append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ")
|
||||
.append(NAME).append(" ").append(VARCHAR).append(", ")
|
||||
.append(PERMISSIONS).append(" ").append(INT).append(", ")
|
||||
.append(SALT).append(" ").append(VARCHAR).append(", ")
|
||||
.append(HASHED_PASS).append(" ").append(VARCHAR).append(", ")
|
||||
.append(NAME).append(" ").append(VARCHAR)
|
||||
.append(HASHED_PASS).append(" ").append(VARCHAR)
|
||||
|
||||
.append(");");
|
||||
Database.open().query(sql).run();
|
||||
}
|
||||
|
||||
public boolean is(String test){
|
||||
if (test == null) return false;
|
||||
return test.equals(name) || test.equals(email);
|
||||
public boolean hashPermission(int permission){
|
||||
return (permissions & permission) > 0;
|
||||
}
|
||||
|
||||
|
||||
@@ -82,14 +98,21 @@ public class User {
|
||||
var query = Database.open().select(TABLE_NAME);
|
||||
if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails);
|
||||
var rs = query.exec();
|
||||
while (rs.next()) userList.add(new User(
|
||||
rs.getString(EMAIL),
|
||||
rs.getString(NAME),
|
||||
rs.getString(SALT),
|
||||
rs.getString(HASHED_PASS)));
|
||||
while (rs.next()) userList.add(User.from(rs));
|
||||
return userList;
|
||||
}
|
||||
|
||||
private static User from(ResultSet rs) throws SQLException {
|
||||
var email = rs.getString(EMAIL);
|
||||
var user = users.get(email);
|
||||
if (user == null) users.put(email,user = new User(
|
||||
rs.getString(EMAIL),
|
||||
rs.getString(NAME),
|
||||
rs.getString(SALT),
|
||||
rs.getString(HASHED_PASS),
|
||||
rs.getInt(PERMISSIONS)));
|
||||
return user;
|
||||
}
|
||||
|
||||
|
||||
public static User loadUser(String email, String password) throws InvalidKeyException, SQLException {
|
||||
@@ -99,14 +122,8 @@ public class User {
|
||||
.exec();
|
||||
try {
|
||||
if (rs.next()) {
|
||||
email = rs.getString(EMAIL);
|
||||
var name = rs.getString(NAME);
|
||||
var hashedPassword = rs.getString(HASHED_PASS);
|
||||
var salt = rs.getString(SALT);
|
||||
var loadedUser = new User(email, name, salt, hashedPassword);
|
||||
var loadedUser = User.from(rs);
|
||||
if (loadedUser.matching(password)) return loadedUser;
|
||||
} else if (noUsers()){
|
||||
return User.create(email,"Admin",password);
|
||||
}
|
||||
} finally {
|
||||
rs.close();
|
||||
@@ -134,8 +151,15 @@ public class User {
|
||||
return false;
|
||||
}
|
||||
|
||||
public String permissionList(){
|
||||
var list = new ArrayList<String>();
|
||||
if (hashPermission(PERMISSION_ADMIN)) list.add("admin");
|
||||
if (hashPermission(PERMISSION_CREATE_LISTS)) list.add("create lists");
|
||||
return String.join(", ",list);
|
||||
}
|
||||
|
||||
public Map<String,String> safeMap(){
|
||||
return Map.of(NAME,name,EMAIL,email,PASSWORD,hashedPassword() == null ? "no" : "yes");
|
||||
return Map.of(NAME,name,EMAIL,email,PERMISSIONS,permissionList(),PASSWORD,hashedPassword() == null ? "no" : "yes");
|
||||
}
|
||||
|
||||
private User save() throws SQLException {
|
||||
|
||||
Reference in New Issue
Block a user