StephanRichter
/
Widerhall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Browse Source

working on permissions

drop_old_mail
Stephan Richter 4 years ago
parent
a326004e82
commit
2b9a185bfc
12 changed files with 267 additions and 155 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 89
      doc/data structure.dia
  2. 6
      src/main/java/de/srsoftware/widerhall/Constants.java
  3. 6
      src/main/java/de/srsoftware/widerhall/data/Database.java
  4. 28
      src/main/java/de/srsoftware/widerhall/data/ListMember.java
  5. 35
      src/main/java/de/srsoftware/widerhall/data/MailingList.java
  6. 62
      src/main/java/de/srsoftware/widerhall/data/User.java
  7. 12
      src/main/java/de/srsoftware/widerhall/web/Rest.java
  8. 42
      src/main/java/de/srsoftware/widerhall/web/Web.java
  9. 10
      static/templates/js.st
  10. 2
      static/templates/listadminlist.st
  11. 3
      static/templates/login.st
  12. 1
      static/templates/userlist.st

89
doc/data structure.dia
Unescape View File

@ -267,13 +267,13 @@
</dia:object> </dia:object>
<dia:object type="Flowchart - Box" version="0" id="O4"> <dia:object type="Flowchart - Box" version="0" id="O4">
<dia:attribute name="obj_pos"> <dia:attribute name="obj_pos">
<dia:point val="33,7"/> <dia:point val="33,9"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="32.95,6.95;40.05,9.05"/> <dia:rectangle val="32.95,8.95;40.05,11.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_corner"> <dia:attribute name="elem_corner">
<dia:point val="33,7"/> <dia:point val="33,9"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_width"> <dia:attribute name="elem_width">
<dia:real val="7"/> <dia:real val="7"/>
@ -299,7 +299,7 @@
<dia:real val="0.80000000000000004"/> <dia:real val="0.80000000000000004"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="pos"> <dia:attribute name="pos">
<dia:point val="36.5,8.19406"/> <dia:point val="36.5,10.1941"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="color"> <dia:attribute name="color">
<dia:color val="#000000ff"/> <dia:color val="#000000ff"/>
@ -312,13 +312,13 @@
</dia:object> </dia:object>
<dia:object type="Flowchart - Box" version="0" id="O5"> <dia:object type="Flowchart - Box" version="0" id="O5">
<dia:attribute name="obj_pos"> <dia:attribute name="obj_pos">
<dia:point val="33,11"/> <dia:point val="33,13"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="32.95,10.95;40.05,13.05"/> <dia:rectangle val="32.95,12.95;40.05,15.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_corner"> <dia:attribute name="elem_corner">
<dia:point val="33,11"/> <dia:point val="33,13"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_width"> <dia:attribute name="elem_width">
<dia:real val="7"/> <dia:real val="7"/>
@ -344,7 +344,7 @@
<dia:real val="0.80000000000000004"/> <dia:real val="0.80000000000000004"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="pos"> <dia:attribute name="pos">
<dia:point val="36.5,12.1941"/> <dia:point val="36.5,14.1941"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="color"> <dia:attribute name="color">
<dia:color val="#000000ff"/> <dia:color val="#000000ff"/>
@ -357,13 +357,13 @@
</dia:object> </dia:object>
<dia:object type="Flowchart - Box" version="0" id="O6"> <dia:object type="Flowchart - Box" version="0" id="O6">
<dia:attribute name="obj_pos"> <dia:attribute name="obj_pos">
<dia:point val="33,9"/> <dia:point val="33,11"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="32.95,8.95;40.05,11.05"/> <dia:rectangle val="32.95,10.95;40.05,13.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_corner"> <dia:attribute name="elem_corner">
<dia:point val="33,9"/> <dia:point val="33,11"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_width"> <dia:attribute name="elem_width">
<dia:real val="7"/> <dia:real val="7"/>
@ -389,7 +389,7 @@
<dia:real val="0.80000000000000004"/> <dia:real val="0.80000000000000004"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="pos"> <dia:attribute name="pos">
<dia:point val="36.5,10.1941"/> <dia:point val="36.5,12.1941"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="color"> <dia:attribute name="color">
<dia:color val="#000000ff"/> <dia:color val="#000000ff"/>
@ -537,13 +537,13 @@
</dia:object> </dia:object>
<dia:object type="Flowchart - Box" version="0" id="O10"> <dia:object type="Flowchart - Box" version="0" id="O10">
<dia:attribute name="obj_pos"> <dia:attribute name="obj_pos">
<dia:point val="33,13"/> <dia:point val="33,7"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="32.95,12.95;40.05,15.05"/> <dia:rectangle val="32.95,6.95;40.05,9.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_corner"> <dia:attribute name="elem_corner">
<dia:point val="33,13"/> <dia:point val="33,7"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="elem_width"> <dia:attribute name="elem_width">
<dia:real val="7"/> <dia:real val="7"/>
@ -569,7 +569,7 @@
<dia:real val="0.80000000000000004"/> <dia:real val="0.80000000000000004"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="pos"> <dia:attribute name="pos">
<dia:point val="36.5,14.1941"/> <dia:point val="36.5,8.19406"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="color"> <dia:attribute name="color">
<dia:color val="#000000ff"/> <dia:color val="#000000ff"/>
@ -656,13 +656,13 @@
<dia:point val="27,10"/> <dia:point val="27,10"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="26.95,7.1382;33.05,10.05"/> <dia:rectangle val="26.95,9.1382;33.05,10.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="orth_points"> <dia:attribute name="orth_points">
<dia:point val="27,10"/> <dia:point val="27,10"/>
<dia:point val="30,10"/> <dia:point val="30,10"/>
<dia:point val="30,7.5"/> <dia:point val="30,9.5"/>
<dia:point val="33,7.5"/> <dia:point val="33,9.5"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="orth_orient"> <dia:attribute name="orth_orient">
<dia:enum val="0"/> <dia:enum val="0"/>
@ -1485,13 +1485,13 @@
<dia:point val="27.0449,25"/> <dia:point val="27.0449,25"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="obj_bb"> <dia:attribute name="obj_bb">
<dia:rectangle val="26.9949,8.1382;33.05,25.05"/> <dia:rectangle val="26.9949,10.1382;33.05,25.05"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="orth_points"> <dia:attribute name="orth_points">
<dia:point val="27.0449,25"/> <dia:point val="27.0449,25"/>
<dia:point val="31,25"/> <dia:point val="31,25"/>
<dia:point val="31,8.5"/> <dia:point val="31,10.5"/>
<dia:point val="33,8.5"/> <dia:point val="33,10.5"/>
</dia:attribute> </dia:attribute>
<dia:attribute name="orth_orient"> <dia:attribute name="orth_orient">
<dia:enum val="0"/> <dia:enum val="0"/>
@ -1605,5 +1605,50 @@
</dia:composite> </dia:composite>
</dia:attribute> </dia:attribute>
</dia:object> </dia:object>
<dia:object type="Flowchart - Box" version="0" id="O35">
<dia:attribute name="obj_pos">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="obj_bb">
<dia:rectangle val="32.95,14.95;40.05,17.05"/>
</dia:attribute>
<dia:attribute name="elem_corner">
<dia:point val="33,15"/>
</dia:attribute>
<dia:attribute name="elem_width">
<dia:real val="7"/>
</dia:attribute>
<dia:attribute name="elem_height">
<dia:real val="2"/>
</dia:attribute>
<dia:attribute name="show_background">
<dia:boolean val="true"/>
</dia:attribute>
<dia:attribute name="padding">
<dia:real val="0.5"/>
</dia:attribute>
<dia:attribute name="text">
<dia:composite type="text">
<dia:attribute name="string">
<dia:string>#Permissions#</dia:string>
</dia:attribute>
<dia:attribute name="font">
<dia:font family="sans" style="0" name="Helvetica"/>
</dia:attribute>
<dia:attribute name="height">
<dia:real val="0.80000000000000004"/>
</dia:attribute>
<dia:attribute name="pos">
<dia:point val="36.5,16.1941"/>
</dia:attribute>
<dia:attribute name="color">
<dia:color val="#000000ff"/>
</dia:attribute>
<dia:attribute name="alignment">
<dia:enum val="1"/>
</dia:attribute>
</dia:composite>
</dia:attribute>
</dia:object>
</dia:layer> </dia:layer>
</dia:diagram> </dia:diagram>

6
src/main/java/de/srsoftware/widerhall/Constants.java
Unescape View File

@ -1,9 +1,9 @@
package de.srsoftware.widerhall; package de.srsoftware.widerhall;
public class Constants { public class Constants {
public static final String ADMIN = "Admin";
public static final String BASE = "base"; public static final String BASE = "base";
public static final String BASE_URL = "base_url"; public static final String BASE_URL = "base_url";
public static final String CONFIG = "configuration";
public static final String DB = "database"; public static final String DB = "database";
public static final String DOMAIN = "domain"; public static final String DOMAIN = "domain";
public static final String EMAIL = "email"; public static final String EMAIL = "email";
@ -14,9 +14,11 @@ public class Constants {
public static final String INDEX = "index"; public static final String INDEX = "index";
public static final String INT = "INT"; public static final String INT = "INT";
public static final String LIST = "list"; public static final String LIST = "list";
public static final String LOCATIONS = "locations";
public static final String NAME = "name"; public static final String NAME = "name";
public static final String NOTES = "notes"; public static final String NOTES = "notes";
public static final String PASSWORD = "password"; public static final String PASSWORD = "password";
public static final String PERMISSIONS = "permissions";
public static final Object PORT = "port"; public static final Object PORT = "port";
public static final String PREFIX = "prefix"; public static final String PREFIX = "prefix";
public static final String PROTOCOL = "mail.store.protocol"; public static final String PROTOCOL = "mail.store.protocol";
@ -26,6 +28,4 @@ public class Constants {
public static final String VARCHAR = "VARCHAR(255)"; public static final String VARCHAR = "VARCHAR(255)";
public static final String CONFIG = "configuration";
public static final String LOCATIONS = "locations";
} }

6
src/main/java/de/srsoftware/widerhall/data/Database.java
Unescape View File

@ -36,6 +36,7 @@ public class Database {
} }
public ResultSet exec() throws SQLException { public ResultSet exec() throws SQLException {
LOG.debug("Executing {}",this);
var args = new ArrayList<>(); var args = new ArrayList<>();
if (!where.isEmpty()){ if (!where.isEmpty()){
var clauses = new ArrayList<String>(); var clauses = new ArrayList<String>();
@ -51,7 +52,6 @@ public class Database {
sql.append(String.join(" AND ",clauses)); sql.append(String.join(" AND ",clauses));
} }
LOG.debug("SQL: {}",sql);
try { try {
var stmt = Database.this.conn.prepareStatement(sql()); var stmt = Database.this.conn.prepareStatement(sql());
if (!args.isEmpty()) { if (!args.isEmpty()) {
@ -64,6 +64,7 @@ public class Database {
} }
public void run() throws SQLException { public void run() throws SQLException {
LOG.debug("Running {}",this);
var args = new ArrayList<>(); var args = new ArrayList<>();
if (!setValues.isEmpty()){ if (!setValues.isEmpty()){
@ -106,7 +107,6 @@ public class Database {
sql.append(String.join(" AND ",clauses)); sql.append(String.join(" AND ",clauses));
} }
LOG.debug("SQL: {}",sql);
try { try {
var stmt = conn.prepareStatement(sql()); var stmt = conn.prepareStatement(sql());
if (!args.isEmpty()) { if (!args.isEmpty()) {
@ -134,7 +134,7 @@ public class Database {
if (!setValues.isEmpty()){ if (!setValues.isEmpty()){
var keys = new ArrayList<String>(); var keys = new ArrayList<String>();
var expressions = new ArrayList<String>(); var expressions = new ArrayList<String>();
for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = entry.getValue()"); for (var entry : setValues.entrySet()) expressions.add(entry.getKey()+" = "+entry.getValue());
sql.append(" SET ").append(String.join(", ",expressions)); sql.append(" SET ").append(String.join(", ",expressions));
} }

28
src/main/java/de/srsoftware/widerhall/data/ListMember.java
Unescape View File

@ -71,11 +71,16 @@ public class ListMember {
Database.open().query(sql).run(); Database.open().query(sql).run();
} }
public boolean hasState(int testState) {
return (state & testState) > 0;
}
public static Set<String> listsOwnedBy(User user) { public static Set<String> listsOwnedBy(User user) {
var list = new HashSet<String>(); var list = new HashSet<String>();
try { try {
var request = Database.open().select(TABLE_NAME, LIST_EMAIL, STATE+" & "+STATE_OWNER+" as "+STATE); var request = Database.open().select(TABLE_NAME, LIST_EMAIL, STATE+" & "+STATE_OWNER+" as "+STATE);
if (!user.is(ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER); if (!user.hashPermission(User.PERMISSION_ADMIN)) request = request.where(USER_EMAIL, user.email()).where(STATE, STATE_OWNER);
var rs = request.exec(); var rs = request.exec();
while (rs.next()) list.add(rs.getString(LIST_EMAIL)); while (rs.next()) list.add(rs.getString(LIST_EMAIL));
} catch (SQLException e) { } catch (SQLException e) {
@ -84,6 +89,26 @@ public class ListMember {
return list; return list;
} }
public static ListMember load(MailingList list,User user) throws SQLException {
var rs = Database
.open()
.select(TABLE_NAME)
.where(LIST_EMAIL,list.email())
.where(USER_EMAIL,user.email())
.exec();
try {
if (rs.next()) {
return new ListMember(rs.getString(LIST_EMAIL),
rs.getString(USER_EMAIL),
rs.getInt(STATE),
rs.getString(TOKEN));
}
} finally {
rs.close();
}
return null;
}
public static Map<User,Integer> of(String listEmail) throws SQLException { public static Map<User,Integer> of(String listEmail) throws SQLException {
var rs = Database.open() var rs = Database.open()
.select(TABLE_NAME) .select(TABLE_NAME)
@ -142,5 +167,4 @@ public class ListMember {
} }
} }
} }
} }

35
src/main/java/de/srsoftware/widerhall/data/MailingList.java
Unescape View File

@ -13,6 +13,7 @@ import java.util.*;
import static de.srsoftware.widerhall.Constants.*; import static de.srsoftware.widerhall.Constants.*;
import static de.srsoftware.widerhall.Util.t; import static de.srsoftware.widerhall.Util.t;
import static de.srsoftware.widerhall.data.User.PERMISSION_ADMIN;
public class MailingList { public class MailingList {
private static final Logger LOG = LoggerFactory.getLogger(MailingList.class); private static final Logger LOG = LoggerFactory.getLogger(MailingList.class);
@ -31,7 +32,8 @@ public class MailingList {
private final String email; private final String email;
public static final String TABLE_NAME = "Lists"; public static final String TABLE_NAME = "Lists";
private final String imapPass, imapHost, imapUser; private final String imapPass, imapHost, imapUser;
private final int imapPort, state; private final int imapPort;
private int state;
private final SmtpClient smtp; private final SmtpClient smtp;
private static final HashMap<String,MailingList> lists = new HashMap<>(); private static final HashMap<String,MailingList> lists = new HashMap<>();
@ -75,22 +77,26 @@ public class MailingList {
} }
public static void enable(String listEmail, boolean enable) throws SQLException { public void enable(boolean enable) throws SQLException {
Database.open() state = enable ? state | STATE_ENABLED : state ^ (state & STATE_ENABLED);
.update(TABLE_NAME) Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
.set(STATE,enable ? STATE+" | "+ STATE_ENABLED : Database.xor(STATE,STATE_ENABLED))
.where(EMAIL, listEmail).run();
} }
public static void hide(String listEmail, boolean hide) throws SQLException { public void hide(boolean hide) throws SQLException {
Database.open() state = hide ? state ^ (state & STATE_PUBLIC) : state | STATE_PUBLIC;
.update(TABLE_NAME) Database.open().update(TABLE_NAME).set(STATE,state).where(EMAIL, email()).run();
.set(STATE,hide ? STATE+" | "+ STATE_PUBLIC : Database.xor(STATE,STATE_PUBLIC))
.where(EMAIL, listEmail).run();
} }
public static boolean isOpen(String list) { public boolean isOpenFor(User user) {
return openLists().stream().filter(ml -> ml.email.equals(list)).count() > 0; if ((state & STATE_PUBLIC) > 0) return true;
if (user == null) return false;
try {
var member = ListMember.load(this,user);
return member.hasState(ListMember.STATE_OWNER|ListMember.STATE_SUBSCRIBER);
} catch (SQLException e) {
LOG.warn("Was not able to load ListMember: ",e);
return false;
}
} }
public static Set<MailingList> editableBy(User user) { public static Set<MailingList> editableBy(User user) {
@ -117,6 +123,7 @@ public class MailingList {
} }
public static MailingList load(String listEmail) { public static MailingList load(String listEmail) {
if (listEmail == null) return null;
var ml = lists.get(listEmail); var ml = lists.get(listEmail);
if (ml == null) try { if (ml == null) try {
var rs = Database.open() var rs = Database.open()
@ -214,7 +221,7 @@ public class MailingList {
public static Set<MailingList> subscribable(User user) { public static Set<MailingList> subscribable(User user) {
try { try {
if (user == null) return openLists(); if (user == null) return openLists();
if (user.is(ADMIN)) { if (user.hashPermission(PERMISSION_ADMIN)) {
var rs = Database.open().select(TABLE_NAME).exec(); var rs = Database.open().select(TABLE_NAME).exec();
var result = new HashSet<MailingList>(); var result = new HashSet<MailingList>();
while (rs.next()) result.add(MailingList.from(rs)); while (rs.next()) result.add(MailingList.from(rs));

62
src/main/java/de/srsoftware/widerhall/data/User.java
Unescape View File

@ -16,14 +16,19 @@ import static de.srsoftware.widerhall.Constants.*;
public class User { public class User {
public static final String TABLE_NAME = "Users"; public static final String TABLE_NAME = "Users";
private static final Logger LOG = LoggerFactory.getLogger(User.class); private static final Logger LOG = LoggerFactory.getLogger(User.class);
private static final HashMap<String,User> users = new HashMap<>();
public static final int PERMISSION_ADMIN = 1;
public static final int PERMISSION_CREATE_LISTS = 2;
private String email, salt, hashedPass, name; private String email, salt, hashedPass, name;
private int permissions;
public User(String email, String name, String salt, String hashedPass) { public User(String email, String name, String salt, String hashedPass, int permissions) {
this.email = email; this.email = email;
this.name = name; this.name = name;
this.salt = salt; this.salt = salt;
this.hashedPass = hashedPass; this.hashedPass = hashedPass;
this.permissions = permissions;
} }
/*********** field accessors ***************/ /*********** field accessors ***************/
@ -39,12 +44,22 @@ public class User {
return name; return name;
} }
public int permissions(){
return permissions;
}
public String salt(){ public String salt(){
return salt; return salt;
} }
/************** end of field accessors ****************/ /************** end of field accessors ****************/
public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public static User create(String email, String name, String password) throws SQLException { public static User create(String email, String name, String password) throws SQLException {
String salt = null; String salt = null;
String hashedPass = null; String hashedPass = null;
@ -52,7 +67,7 @@ public class User {
salt = Util.sha256(email + name + LocalDate.now()); salt = Util.sha256(email + name + LocalDate.now());
hashedPass = Util.sha256(password + salt); hashedPass = Util.sha256(password + salt);
} }
return new User(email,name,salt,hashedPass).save(); return new User(email,name,salt,hashedPass,0).save();
} }
public static void createTable() throws SQLException { public static void createTable() throws SQLException {
@ -60,16 +75,17 @@ public class User {
.append("CREATE TABLE ").append(TABLE_NAME) .append("CREATE TABLE ").append(TABLE_NAME)
.append(" (") .append(" (")
.append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ") .append(EMAIL).append(" ").append(VARCHAR).append(" NOT NULL PRIMARY KEY, ")
.append(NAME).append(" ").append(VARCHAR).append(", ")
.append(PERMISSIONS).append(" ").append(INT).append(", ")
.append(SALT).append(" ").append(VARCHAR).append(", ") .append(SALT).append(" ").append(VARCHAR).append(", ")
.append(HASHED_PASS).append(" ").append(VARCHAR).append(", ") .append(HASHED_PASS).append(" ").append(VARCHAR)
.append(NAME).append(" ").append(VARCHAR)
.append(");"); .append(");");
Database.open().query(sql).run(); Database.open().query(sql).run();
} }
public boolean is(String test){ public boolean hashPermission(int permission){
if (test == null) return false; return (permissions & permission) > 0;
return test.equals(name) || test.equals(email);
} }
@ -82,16 +98,23 @@ public class User {
var query = Database.open().select(TABLE_NAME); var query = Database.open().select(TABLE_NAME);
if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails); if (emails != null && !emails.isEmpty()) query.where(EMAIL,emails);
var rs = query.exec(); var rs = query.exec();
while (rs.next()) userList.add(new User( while (rs.next()) userList.add(User.from(rs));
return userList;
}
private static User from(ResultSet rs) throws SQLException {
var email = rs.getString(EMAIL);
var user = users.get(email);
if (user == null) users.put(email,user = new User(
rs.getString(EMAIL), rs.getString(EMAIL),
rs.getString(NAME), rs.getString(NAME),
rs.getString(SALT), rs.getString(SALT),
rs.getString(HASHED_PASS))); rs.getString(HASHED_PASS),
return userList; rs.getInt(PERMISSIONS)));
return user;
} }
public static User loadUser(String email, String password) throws InvalidKeyException, SQLException { public static User loadUser(String email, String password) throws InvalidKeyException, SQLException {
ResultSet rs = Database.open() ResultSet rs = Database.open()
.select(TABLE_NAME) .select(TABLE_NAME)
@ -99,14 +122,8 @@ public class User {
.exec(); .exec();
try { try {
if (rs.next()) { if (rs.next()) {
email = rs.getString(EMAIL); var loadedUser = User.from(rs);
var name = rs.getString(NAME);
var hashedPassword = rs.getString(HASHED_PASS);
var salt = rs.getString(SALT);
var loadedUser = new User(email, name, salt, hashedPassword);
if (loadedUser.matching(password)) return loadedUser; if (loadedUser.matching(password)) return loadedUser;
} else if (noUsers()){
return User.create(email,"Admin",password);
} }
} finally { } finally {
rs.close(); rs.close();
@ -134,8 +151,15 @@ public class User {
return false; return false;
} }
public String permissionList(){
var list = new ArrayList<String>();
if (hashPermission(PERMISSION_ADMIN)) list.add("admin");
if (hashPermission(PERMISSION_CREATE_LISTS)) list.add("create lists");
return String.join(", ",list);
}
public Map<String,String> safeMap(){ public Map<String,String> safeMap(){
return Map.of(NAME,name,EMAIL,email,PASSWORD,hashedPassword() == null ? "no" : "yes"); return Map.of(NAME,name,EMAIL,email,PERMISSIONS,permissionList(),PASSWORD,hashedPassword() == null ? "no" : "yes");
} }
private User save() throws SQLException { private User save() throws SQLException {

12
src/main/java/de/srsoftware/widerhall/web/Rest.java
Unescape View File

@ -59,7 +59,7 @@ public class Rest extends HttpServlet {
switch (path) { switch (path) {
case USER_LIST: case USER_LIST:
try { try {
json.put("users", (user.is(ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList()); json.put("users", (user.hashPermission(User.PERMISSION_ADMIN) ? User.loadAll() : List.of(user)).stream().map(User::safeMap).toList());
} catch (SQLException e) { } catch (SQLException e) {
LOG.debug("Failed to load user list:",e); LOG.debug("Failed to load user list:",e);
json.put(ERROR,"failed to load user list"); json.put(ERROR,"failed to load user list");
@ -140,7 +140,7 @@ public class Rest extends HttpServlet {
} }
private Map<String, Object> listMembers(String listEmail, User user) { private Map<String, Object> listMembers(String listEmail, User user) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) { if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
try { try {
var members = ListMember.of(listEmail) var members = ListMember.of(listEmail)
.entrySet() .entrySet()
@ -161,9 +161,9 @@ public class Rest extends HttpServlet {
} }
private Map enableList(String listEmail, User user, boolean enable) { private Map enableList(String listEmail, User user, boolean enable) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){ if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try { try {
MailingList.enable(listEmail,enable); MailingList.load(listEmail).enable(enable);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,enable ? "enabled" : "disabled")); return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,enable ? "enabled" : "disabled"));
} catch (SQLException e) { } catch (SQLException e) {
LOG.error("Failed to enable/disable mailing list: ",e); LOG.error("Failed to enable/disable mailing list: ",e);
@ -174,9 +174,9 @@ public class Rest extends HttpServlet {
} }
private Map<String, String> hideList(String listEmail, User user, boolean hide) { private Map<String, String> hideList(String listEmail, User user, boolean hide) {
if (user.is(ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){ if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try { try {
MailingList.hide(listEmail,hide); MailingList.load(listEmail).hide(hide);
return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,hide ? "hidden" : "made public")); return Map.of(SUCCESS,t("Mailing list '{}' was {}!",listEmail,hide ? "hidden" : "made public"));
} catch (SQLException e) { } catch (SQLException e) {
LOG.error("Failed to (un)hide mailing list: ",e); LOG.error("Failed to (un)hide mailing list: ",e);

42
src/main/java/de/srsoftware/widerhall/web/Web.java
Unescape View File

@ -1,6 +1,7 @@
package de.srsoftware.widerhall.web; package de.srsoftware.widerhall.web;
import de.srsoftware.widerhall.Configuration; import de.srsoftware.widerhall.Configuration;
import de.srsoftware.widerhall.Constants;
import de.srsoftware.widerhall.Util; import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember; import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList; import de.srsoftware.widerhall.data.MailingList;
@ -30,6 +31,7 @@ public class Web extends HttpServlet {
private static final String ADD_LIST = "add_list"; private static final String ADD_LIST = "add_list";
private static final String CONFIRM = "confirm"; private static final String CONFIRM = "confirm";
private static final Logger LOG = LoggerFactory.getLogger(Web.class); private static final Logger LOG = LoggerFactory.getLogger(Web.class);
private static final String ADMIN = "admin";
private static final String LOGIN = "login"; private static final String LOGIN = "login";
private static final String LOGOUT = "logout"; private static final String LOGOUT = "logout";
private static final String REGISTER = "register"; private static final String REGISTER = "register";
@ -58,10 +60,17 @@ public class Web extends HttpServlet {
private String addList(HttpServletRequest req, HttpServletResponse resp) { private String addList(HttpServletRequest req, HttpServletResponse resp) {
var o = req.getSession().getAttribute(USER); var o = req.getSession().getAttribute(USER);
if (o instanceof User user){ if (!(o instanceof User user)) {
return redirectTo(LOGIN,resp);
}
var data = new HashMap<String, Object>(); var data = new HashMap<String, Object>();
data.put(USER, user); data.put(USER, user);
if (!user.hashPermission(User.PERMISSION_CREATE_LISTS)){
data.put(ERROR,t("You are not allowed to create new mailing lists!"));
return loadTemplate(ADMIN,data,resp);
}
var name = req.getParameter(NAME); var name = req.getParameter(NAME);
data.put(NAME, name); data.put(NAME, name);
@ -130,9 +139,6 @@ public class Web extends HttpServlet {
return t("Failed to create list '{}': {}", name, e.getMessage()); return t("Failed to create list '{}': {}", name, e.getMessage());
} }
} }
return redirectTo(LOGIN,resp);
}
private String confirm(HttpServletRequest req, HttpServletResponse resp) { private String confirm(HttpServletRequest req, HttpServletResponse resp) {
try { try {
@ -181,8 +187,9 @@ public class Web extends HttpServlet {
var path = req.getPathInfo(); var path = req.getPathInfo();
path = (path == null || path.equals("/")) ? INDEX : path.substring(1); path = (path == null || path.equals("/")) ? INDEX : path.substring(1);
String notes = null; String notes = null;
var list = req.getParameter(LIST); var listEmail = req.getParameter(LIST);
if (list != null && !list.isBlank()) data.put(LIST,list); var list = MailingList.load(listEmail);
if (list != null) data.put(LIST,list.minimalMap());
switch (path){ switch (path){
case CONFIRM: case CONFIRM:
return confirm(req,resp); return confirm(req,resp);
@ -195,12 +202,11 @@ public class Web extends HttpServlet {
case UNSUBSCRIBE: case UNSUBSCRIBE:
return loadTemplate(path,data,resp); return loadTemplate(path,data,resp);
case SUBSCRIBE: case SUBSCRIBE:
// TODO check permission if (list.isOpenFor(user)) {
if (MailingList.isOpen(list)) { data.put(LIST,listEmail);
data.put(LIST, list);
return loadTemplate(path, data, resp); return loadTemplate(path, data, resp);
} }
return t("You are not allowed to subscribe to '{}'!",list); return t("You are not allowed to subscribe to '{}'!",list.email());
case "js": case "js":
resp.setContentType("text/javascript"); resp.setContentType("text/javascript");
return loadTemplate(path,data,resp); return loadTemplate(path,data,resp);
@ -326,12 +332,9 @@ public class Web extends HttpServlet {
if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwords do not match!",NAME,name,EMAIL,email),resp); if (!pass.equals(pass_repeat)) return loadTemplate(REGISTER,Map.of(ERROR,"Passwords do not match!",NAME,name,EMAIL,email),resp);
if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Password to short or to simple!",NAME,name,EMAIL,email),resp); if (Util.simplePassword(pass)) return loadTemplate(REGISTER,Map.of(ERROR,"Password to short or to simple!",NAME,name,EMAIL,email),resp);
var firstUser = false;
try { try {
if (User.noUsers()) { // we are registering the first user, which is forced to be „Admin“ firstUser = User.noUsers();
name = ADMIN;
} else {
if (ADMIN.equals(name)) return loadTemplate(REGISTER,Map.of(ERROR,t("Name must not be „{}“",ADMIN),NAME,name,EMAIL,email),resp);
}
} catch (SQLException e) { } catch (SQLException e) {
return t("Failed to access user database: {}",e.getMessage()); return t("Failed to access user database: {}",e.getMessage());
} }
@ -339,9 +342,11 @@ public class Web extends HttpServlet {
try { try {
var user = User.create(email, name, pass); var user = User.create(email, name, pass);
if (firstUser) user.addPermission(User.PERMISSION_ADMIN|User.PERMISSION_CREATE_LISTS);
req.getSession().setAttribute("user",user); req.getSession().setAttribute("user",user);
return redirectTo(INDEX,resp); return redirectTo(INDEX,resp);
} catch (SQLException e) { } catch (SQLException e) {
LOG.warn("Failed to create new user:",e);
return t("Failed to create new user: {}",e.getMessage()); return t("Failed to create new user: {}",e.getMessage());
} }
} }
@ -388,6 +393,11 @@ public class Web extends HttpServlet {
} }
data.put(USER,user.safeMap()); data.put(USER,user.safeMap());
if (!list.isOpenFor(user)){
data.put(ERROR,t("You are not allowed to join {}!",list.email()));
return loadTemplate(SUBSCRIBE,data,resp);
}
try { try {
list.requestSubscription(user,skipConfirmation); list.requestSubscription(user,skipConfirmation);
data.put(NOTES,t("Successfully subscribed '{}' to '{}'.",user.email(),list.email())); data.put(NOTES,t("Successfully subscribed '{}' to '{}'.",user.email(),list.email()));
@ -454,6 +464,4 @@ public class Web extends HttpServlet {
} }
} }
} }

10
static/templates/js.st
Unescape View File

@ -70,10 +70,11 @@ function showListOfEditableLists(data){
$('<td/>').text(list.smtp_user).appendTo(row); $('<td/>').text(list.smtp_user).appendTo(row);
row.appendTo('#listlist'); row.appendTo('#listlist');
} }
if (data.user.name == 'Admin'){ console.log(data.user);
$('a[href=register]').show(); if (data.user.permissions.includes('create lists')){
$('a[href=add_list]').show();
} else { } else {
$('a[href=register]').hide(); $('a[href=add_list]').hide();
} }
} }
@ -128,9 +129,10 @@ function showUserList(data){
$('<td/>').text(user.name).appendTo(row); $('<td/>').text(user.name).appendTo(row);
$('<td/>').text(user.email).appendTo(row); $('<td/>').text(user.email).appendTo(row);
$('<td/>').text(user.password).appendTo(row); $('<td/>').text(user.password).appendTo(row);
$('<td/>').text(user.permissions).appendTo(row);
row.appendTo('#userlist'); row.appendTo('#userlist');
} }
if (data.user.name == 'Admin'){ if (data.user.permissions.includes('admin')){
$('a[href=register]').show(); $('a[href=register]').show();
} else { } else {
$('a[href=register]').hide(); $('a[href=register]').hide();

2
static/templates/listadminlist.st
Unescape View File

@ -1,5 +1,5 @@
<fieldset> <fieldset>
<legend>List of mailinglists</legend> <legend>List of (editable) mailinglists</legend>
<table id="listlist"> <table id="listlist">
<tr> <tr>
<th colspan="4">List</th> <th colspan="4">List</th>

3
static/templates/login.st
Unescape View File

@ -7,8 +7,9 @@
<link rel="stylesheet" href="css" /> <link rel="stylesheet" href="css" />
</head> </head>
<body id="login"> <body id="login">
<h1>Widerhall login</h1> «navigation()»
«messages()» «messages()»
<h1>Widerhall login</h1>
<form method="POST"> <form method="POST">
<fieldset> <fieldset>
<legend>Login-Daten</legend> <legend>Login-Daten</legend>

1
static/templates/userlist.st
Unescape View File

@ -5,6 +5,7 @@
<th>User name</th> <th>User name</th>
<th>Email</th> <th>Email</th>
<th>Password</th> <th>Password</th>
<th>Permissions</th>
</tr> </tr>
</table> </table>
<a href="register">Register new user</a> <a href="register">Register new user</a>

Write Preview
Loading…
Cancel
Save