|
|
@ -13,6 +13,7 @@ import javax.servlet.ServletException; |
|
|
|
import javax.servlet.http.HttpServlet; |
|
|
|
import javax.servlet.http.HttpServlet; |
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
|
|
|
|
import javax.ws.rs.NotAllowedException; |
|
|
|
import java.io.IOException; |
|
|
|
import java.io.IOException; |
|
|
|
import java.sql.SQLException; |
|
|
|
import java.sql.SQLException; |
|
|
|
import java.time.Month; |
|
|
|
import java.time.Month; |
|
|
@ -40,6 +41,7 @@ public class Rest extends HttpServlet { |
|
|
|
private static final String LIST_SHOW = "list/show"; |
|
|
|
private static final String LIST_SHOW = "list/show"; |
|
|
|
private static final String LIST_TEST = "list/test"; |
|
|
|
private static final String LIST_TEST = "list/test"; |
|
|
|
private static final String LIST_SUBSCRIBABLE = "list/subscribable"; |
|
|
|
private static final String LIST_SUBSCRIBABLE = "list/subscribable"; |
|
|
|
|
|
|
|
private static final String MAIL_DROP = "mail/drop"; |
|
|
|
private static final String USER_ADD_PERMISSION = "user/addpermission"; |
|
|
|
private static final String USER_ADD_PERMISSION = "user/addpermission"; |
|
|
|
private static final String USER_DROP_PERMISSION = "user/droppermission"; |
|
|
|
private static final String USER_DROP_PERMISSION = "user/droppermission"; |
|
|
|
private static final String USER_LIST = "user/list"; |
|
|
|
private static final String USER_LIST = "user/list"; |
|
|
@ -62,28 +64,30 @@ public class Rest extends HttpServlet { |
|
|
|
return Map.of(SUCCESS,"Nutzer-Berechtigungen aktualisiert"); |
|
|
|
return Map.of(SUCCESS,"Nutzer-Berechtigungen aktualisiert"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private Map<String,Object> archive(MailingList list, String month, User requestingUser){ |
|
|
|
|
|
|
|
if (list != null){ |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
var allEmails = requestingUser != null || list.hasState(STATE_OPEN_FOR_SUBSCRIBERS) || list.hasState(STATE_OPEN_FOR_GUESTS); |
|
|
|
|
|
|
|
var limitedSenders = allEmails ? null : list.moderators().map(ListMember::user).map(User::email).toList(); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if (month == null || month.isBlank()) { |
|
|
|
private Map<String,Object> archive(HttpServletRequest req, User user) throws SQLException { |
|
|
|
return Map.of(LIST,list.email(),"summary",Post.summarize(list,limitedSenders)); |
|
|
|
var list = Util.getMailingList(req); |
|
|
|
} else { |
|
|
|
if (list == null) throw new IllegalArgumentException(t("You are trying to access a non-existing list!")); |
|
|
|
return Map.of(LIST,list.email(),"posts",Post.find(list,month,limitedSenders).stream().map(Post::safeMap).toList()); |
|
|
|
var allowed = list.hasPublicArchive() || list.mayBeAlteredBy(user); |
|
|
|
} |
|
|
|
if (!allowed) throw new IllegalAccessError(t("You are not allowed to access the archive of this list!")); |
|
|
|
} catch (SQLException e) { |
|
|
|
|
|
|
|
e.printStackTrace(); |
|
|
|
var allEmails = user != null || list.hasState(STATE_OPEN_FOR_SUBSCRIBERS) || list.hasState(STATE_OPEN_FOR_GUESTS); |
|
|
|
} |
|
|
|
var limitedSenders = allEmails ? null : list.moderators().map(ListMember::user).map(User::email).toList(); |
|
|
|
} |
|
|
|
|
|
|
|
LOG.debug("list: {}",list.email()); |
|
|
|
boolean userIsMod = list.mayBeAlteredBy(user); |
|
|
|
return Map.of(); |
|
|
|
String month = req.getParameter(MONTH); |
|
|
|
|
|
|
|
if (month == null || month.isBlank()) return Map.of(LIST,list.email(),MODERATOR,userIsMod,"summary",Post.summarize(list,limitedSenders)); |
|
|
|
|
|
|
|
return Map.of(LIST,list.email(),MODERATOR,userIsMod,"posts",Post.find(list,month,limitedSenders).stream().map(Post::safeMap).toList()); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
@Override |
|
|
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { |
|
|
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { |
|
|
|
String error = handleGet(req, resp); |
|
|
|
String error; |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
error = handleGet(req, resp); |
|
|
|
|
|
|
|
} catch (SQLException e) { |
|
|
|
|
|
|
|
error = e.getMessage(); |
|
|
|
|
|
|
|
} |
|
|
|
if (error != null) resp.sendError(400,error); |
|
|
|
if (error != null) resp.sendError(400,error); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -120,6 +124,21 @@ public class Rest extends HttpServlet { |
|
|
|
if (error != null) resp.sendError(400,error); |
|
|
|
if (error != null) resp.sendError(400,error); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
private Map dropMail(String messageId,User user){ |
|
|
|
|
|
|
|
try { |
|
|
|
|
|
|
|
var message = Post.load(messageId); |
|
|
|
|
|
|
|
if (message == null) return Map.of(ERROR,t("Cannot remove: unknown message id")); |
|
|
|
|
|
|
|
var allowed = message.list().mayBeAlteredBy(user); |
|
|
|
|
|
|
|
if (allowed){ |
|
|
|
|
|
|
|
message.remove(); |
|
|
|
|
|
|
|
return Map.of(SUCCESS,t("Message deleted")); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return Map.of(ERROR,t("You are not allowed to remove messages from this list!")); |
|
|
|
|
|
|
|
} catch (SQLException e) { |
|
|
|
|
|
|
|
throw new RuntimeException(e); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private Map dropPermission(String userEmail, String permissions) { |
|
|
|
private Map dropPermission(String userEmail, String permissions) { |
|
|
|
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"Nutzer-Emailadresse fehlt!"); |
|
|
|
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"Nutzer-Emailadresse fehlt!"); |
|
|
|
try { |
|
|
|
try { |
|
|
@ -148,7 +167,7 @@ public class Rest extends HttpServlet { |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
public String handleGet(HttpServletRequest req, HttpServletResponse resp){ |
|
|
|
public String handleGet(HttpServletRequest req, HttpServletResponse resp) throws SQLException { |
|
|
|
var user = Util.getUser(req); |
|
|
|
var user = Util.getUser(req); |
|
|
|
var path = Util.getPath(req); |
|
|
|
var path = Util.getPath(req); |
|
|
|
|
|
|
|
|
|
|
@ -158,14 +177,7 @@ public class Rest extends HttpServlet { |
|
|
|
json.put(USER,user.safeMap()); |
|
|
|
json.put(USER,user.safeMap()); |
|
|
|
switch (path) { |
|
|
|
switch (path) { |
|
|
|
case LIST_ARCHIVE: |
|
|
|
case LIST_ARCHIVE: |
|
|
|
var list = Util.getMailingList(req); |
|
|
|
json.put("archive",archive(req,user)); |
|
|
|
try { |
|
|
|
|
|
|
|
var allowed = list.hasState(STATE_PUBLIC_ARCHIVE) || list.moderators().map(ListMember::user).anyMatch(mod -> user.equals(mod)); |
|
|
|
|
|
|
|
if (!allowed) return t("Sie sind nicht berechtigt, das Archiv dieser Liste einzusehen!"); |
|
|
|
|
|
|
|
json.put("archive",archive(list,req.getParameter(MONTH),user)); |
|
|
|
|
|
|
|
} catch (SQLException sqle){ |
|
|
|
|
|
|
|
return sqle.getMessage(); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
case USER_LIST: |
|
|
|
case USER_LIST: |
|
|
|
try { |
|
|
|
try { |
|
|
@ -188,10 +200,7 @@ public class Rest extends HttpServlet { |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
switch (path) { |
|
|
|
switch (path) { |
|
|
|
case LIST_ARCHIVE: |
|
|
|
case LIST_ARCHIVE: |
|
|
|
var list = Util.getMailingList(req); |
|
|
|
json.put("archive",archive(req,null)); |
|
|
|
var allowed = list.hasState(STATE_PUBLIC_ARCHIVE); |
|
|
|
|
|
|
|
if (!allowed) return t("Diese Liste hat kein öffentliches Archiv!"); |
|
|
|
|
|
|
|
json.put("archive",archive(list,req.getParameter(MONTH),null)); |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
case LIST_SUBSCRIBABLE: |
|
|
|
case LIST_SUBSCRIBABLE: |
|
|
|
json.put("lists", MailingList.subscribable().stream().map(MailingList::minimalMap).toList()); |
|
|
|
json.put("lists", MailingList.subscribable().stream().map(MailingList::minimalMap).toList()); |
|
|
@ -257,6 +266,10 @@ public class Rest extends HttpServlet { |
|
|
|
case LIST_TEST: |
|
|
|
case LIST_TEST: |
|
|
|
json.putAll(testList(list,user)); |
|
|
|
json.putAll(testList(list,user)); |
|
|
|
break; |
|
|
|
break; |
|
|
|
|
|
|
|
case MAIL_DROP: |
|
|
|
|
|
|
|
var messageId = req.getParameter(MESSAGE_ID); |
|
|
|
|
|
|
|
json.putAll(dropMail(messageId,user)); |
|
|
|
|
|
|
|
break; |
|
|
|
case USER_ADD_PERMISSION: |
|
|
|
case USER_ADD_PERMISSION: |
|
|
|
if (user.hashPermission(User.PERMISSION_ADMIN)){ |
|
|
|
if (user.hashPermission(User.PERMISSION_ADMIN)){ |
|
|
|
json.putAll(addPermission(userEmail,permissions)); |
|
|
|
json.putAll(addPermission(userEmail,permissions)); |
|
|
@ -319,7 +332,7 @@ public class Rest extends HttpServlet { |
|
|
|
if (list.hasState(MailingList.STATE_REPLY_TO_LIST)) map.put(KEY_REPLY_TO_LIST,true); |
|
|
|
if (list.hasState(MailingList.STATE_REPLY_TO_LIST)) map.put(KEY_REPLY_TO_LIST,true); |
|
|
|
if (list.isOpenForGuests()) map.put(KEY_OPEN_FOR_GUESTS,true); |
|
|
|
if (list.isOpenForGuests()) map.put(KEY_OPEN_FOR_GUESTS,true); |
|
|
|
if (list.isOpenForSubscribers()) map.put(KEY_OPEN_FOR_SUBSCRIBERS,true); |
|
|
|
if (list.isOpenForSubscribers()) map.put(KEY_OPEN_FOR_SUBSCRIBERS,true); |
|
|
|
if (list.hasState(MailingList.STATE_PUBLIC_ARCHIVE)) map.put(KEY_ARCHIVE,true); |
|
|
|
if (list.hasPublicArchive()) map.put(KEY_ARCHIVE,true); |
|
|
|
if (list.hasState(STATE_MODS_CAN_EDIT_MODS)) map.put(KEY_MODS_CAN_EDIT_MODS,true); |
|
|
|
if (list.hasState(STATE_MODS_CAN_EDIT_MODS)) map.put(KEY_MODS_CAN_EDIT_MODS,true); |
|
|
|
if (list.holdTime() != null) map.put(KEY_DELETE_MESSAGES,list.holdTime()); |
|
|
|
if (list.holdTime() != null) map.put(KEY_DELETE_MESSAGES,list.holdTime()); |
|
|
|
return map; |
|
|
|
return map; |
|
|
|