StephanRichter
/
Widerhall
1
0
Fork 0
Code Issues Pull Requests Projects Releases Activity
Browse Source

working on permissions

drop_old_mail
Stephan Richter 3 years ago
parent
2b9a185bfc
commit
fccfea671a
6 changed files with 100 additions and 13 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      src/main/java/de/srsoftware/widerhall/data/ListMember.java
  2. 7
      src/main/java/de/srsoftware/widerhall/data/User.java
  3. 54
      src/main/java/de/srsoftware/widerhall/web/Rest.java
  4. 11
      src/main/java/de/srsoftware/widerhall/web/Web.java
  5. 34
      static/templates/js.st
  6. 1
      static/templates/userlist.st

6
src/main/java/de/srsoftware/widerhall/data/ListMember.java
Unescape View File

@ -1,6 +1,7 @@ @@ -1,6 +1,7 @@
package de.srsoftware.widerhall.data;
import de.srsoftware.widerhall.Util;
import org.antlr.runtime.MismatchedTokenException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.stringtemplate.v4.ST;
@ -32,14 +33,15 @@ public class ListMember { @@ -32,14 +33,15 @@ public class ListMember {
public static User confirm(String token) throws SQLException {
var rs = Database.open().select(TABLE_NAME).where(TOKEN,token).exec();
while (rs.next()){
if (rs.next()){
var lm = new ListMember(rs.getString(LIST_EMAIL),rs.getString(USER_EMAIL),rs.getInt(STATE),rs.getString(TOKEN));
rs.close();
User user = User.loadAll(List.of(lm.userEmail)).stream().findAny().orElse(null);
if (user != null){
int newState = lm.state ^ STATE_AWAITING_CONFIRMATION | STATE_SUBSCRIBER;
Database.open()
.update(TABLE_NAME)
.set(TOKEN,"NULL")
.set(TOKEN,null)
.set(STATE, newState) //drop confirmation state, set subscriber state
.where(LIST_EMAIL,lm.listEmail)
.where(USER_EMAIL,lm.userEmail)

7
src/main/java/de/srsoftware/widerhall/data/User.java
Unescape View File

@ -56,7 +56,7 @@ public class User { @@ -56,7 +56,7 @@ public class User {
public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).where(EMAIL,email()).run();
}
@ -84,6 +84,11 @@ public class User { @@ -84,6 +84,11 @@ public class User {
Database.open().query(sql).run();
}
public void dropPermission(int newPermission) throws SQLException {
permissions ^= (permissions & newPermission);
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public boolean hashPermission(int permission){
return (permissions & permission) > 0;
}

54
src/main/java/de/srsoftware/widerhall/web/Rest.java
Unescape View File

@ -33,10 +33,28 @@ public class Rest extends HttpServlet { @@ -33,10 +33,28 @@ public class Rest extends HttpServlet {
private static final String LIST_SHOW = "list/show";
private static final String LIST_TEST = "list/test";
private static final String LIST_SUBSCRIBABLE = "list/subscribable";
private static final String USER_ADD_PERMISSION = "user/addpermission";
private static final String USER_DROP_PERMISSION = "user/droppermission";
private static final String USER_LIST = "user/list";
private static final String MEMBERS = "members";
private static final String SUCCESS = "success";
private Map addPermission(String userEmail, String permissions) {
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
try {
int perm = Integer.parseInt(permissions);
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
user.addPermission(perm);
} catch (NumberFormatException nfe){
return Map.of(ERROR,"no valid permissions provided!");
} catch (SQLException e) {
LOG.debug("Failed to load user for address {}",userEmail,e);
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
}
return Map.of(SUCCESS,"Updated user permissions");
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String error = handleGet(req, resp);
@ -49,6 +67,22 @@ public class Rest extends HttpServlet { @@ -49,6 +67,22 @@ public class Rest extends HttpServlet {
if (error != null) resp.sendError(400,error);
}
private Map dropPermission(String userEmail, String permissions) {
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
try {
int perm = Integer.parseInt(permissions);
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
user.dropPermission(perm);
} catch (NumberFormatException nfe){
return Map.of(ERROR,"no valid permissions provided!");
} catch (SQLException e) {
LOG.debug("Failed to load user for address {}",userEmail,e);
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
}
return Map.of(SUCCESS,"Updated user permissions");
}
public String handleGet(HttpServletRequest req, HttpServletResponse resp){
Object o = req.getSession().getAttribute(USER);
JSONObject json = new JSONObject();
@ -102,9 +136,9 @@ public class Rest extends HttpServlet { @@ -102,9 +136,9 @@ public class Rest extends HttpServlet {
json.put(USER,user.safeMap());
var listEmail = req.getParameter(LIST);
if (listEmail == null || listEmail.isBlank()) {
json.putAll(Map.of(ERROR,"no list email provided!"));
} else switch (path) {
var userEmail = req.getParameter(EMAIL);
var permissions = req.getParameter(PERMISSIONS);
switch (path) {
case LIST_DISABLE:
json.putAll(enableList(listEmail,user,false));
break;
@ -123,6 +157,16 @@ public class Rest extends HttpServlet { @@ -123,6 +157,16 @@ public class Rest extends HttpServlet {
case LIST_TEST:
json.putAll(testList(listEmail,user));
break;
case USER_ADD_PERMISSION:
if (user.hashPermission(User.PERMISSION_ADMIN)){
json.putAll(addPermission(userEmail,permissions));
} else json.put(ERROR,"You are not allowed to alter user permissions!");
break;
case USER_DROP_PERMISSION:
if (user.hashPermission(User.PERMISSION_ADMIN)){
json.putAll(dropPermission(userEmail,permissions));
} else json.put(ERROR,"You are not allowed to alter user permissions!");
break;
default:
json.put(ERROR,t("No handler for path '{}'!",path));
break;
@ -140,6 +184,7 @@ public class Rest extends HttpServlet { @@ -140,6 +184,7 @@ public class Rest extends HttpServlet {
}
private Map<String, Object> listMembers(String listEmail, User user) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
try {
var members = ListMember.of(listEmail)
@ -161,6 +206,7 @@ public class Rest extends HttpServlet { @@ -161,6 +206,7 @@ public class Rest extends HttpServlet {
}
private Map enableList(String listEmail, User user, boolean enable) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.load(listEmail).enable(enable);
@ -174,6 +220,7 @@ public class Rest extends HttpServlet { @@ -174,6 +220,7 @@ public class Rest extends HttpServlet {
}
private Map<String, String> hideList(String listEmail, User user, boolean hide) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try {
MailingList.load(listEmail).hide(hide);
@ -188,6 +235,7 @@ public class Rest extends HttpServlet { @@ -188,6 +235,7 @@ public class Rest extends HttpServlet {
}
private Map testList(String listEmail, User user) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
try {
MailingList.load(listEmail).test(user);
return Map.of(SUCCESS,t("Sent test email to {}",user.email()));

11
src/main/java/de/srsoftware/widerhall/web/Web.java
Unescape View File

@ -6,6 +6,7 @@ import de.srsoftware.widerhall.Util; @@ -6,6 +6,7 @@ import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList;
import de.srsoftware.widerhall.data.User;
import org.antlr.runtime.MismatchedTokenException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.stringtemplate.v4.STGroup;
@ -146,8 +147,8 @@ public class Web extends HttpServlet { @@ -146,8 +147,8 @@ public class Web extends HttpServlet {
if (token== null || token.isBlank()) return t("Invalid or missing token!");
var user = ListMember.confirm(token);
if (user != null) return loadTemplate(INDEX,Map.of(USER,user.safeMap(),NOTES,"Confirmed list subscription!"),resp);
return t("Unknown user");
} catch (SQLException e) {
return t("Unknown user or token");
} catch (Exception e) {
LOG.debug("Failed to confirm list membership:",e);
return t("Confirmation of list membership failed!");
}
@ -400,7 +401,11 @@ public class Web extends HttpServlet { @@ -400,7 +401,11 @@ public class Web extends HttpServlet {
try {
list.requestSubscription(user,skipConfirmation);
data.put(NOTES,t("Successfully subscribed '{}' to '{}'.",user.email(),list.email()));
if (skipConfirmation) {
data.put(NOTES, t("Successfully subscribed '{}' to '{}'.", user.email(), list.email()));
} else {
data.put(NOTES, t("Sent confirmation mail to '{}.", user.email()));
}
return loadTemplate(INDEX,data,resp);
} catch (SQLException sqle) {
LOG.debug("List subscription failed: ",sqle);

34
static/templates/js.st
Unescape View File

@ -1,3 +1,9 @@ @@ -1,3 +1,9 @@
function addPermission(userEmail,permission){
if (confirm("Really give permission to "+userEmail+"?")){
$.post('/api/user/addpermission',{email:userEmail,permissions:permission},reload,'json');
}
}
function disableList(listEmail){
$.post('/api/list/disable',{list:listEmail},showListResult,'json');
}
@ -6,6 +12,13 @@ function dropList(listEmail){ @@ -6,6 +12,13 @@ function dropList(listEmail){
console.log('dopList('+listEmail+')');
}
function dropPermission(userEmail,permission){
if (confirm("Really withdraw permission from "+userEmail+"?")){
$.post('/api/user/droppermission',{email:userEmail,permissions:permission},reload,'json');
}
}
function enableList(listEmail){
$.post('/api/list/enable',{list:listEmail},showListResult,'json');
}
@ -55,7 +68,7 @@ function showListOfEditableLists(data){ @@ -55,7 +68,7 @@ function showListOfEditableLists(data){
let select = $('<select/>',{name:addr}).change(function () {
let action = $(this).children("option:selected").val();
let list = $(this).attr('name');
if (confirm("This will "+action+" '"+list+"'. Are you sure?"))self[action+'List'](list);
if (confirm("This will "+action+" '"+list+"'. Are you sure?")) self[action+'List'](list);
});
$('<option/>').text('Actions').appendTo(select);
['enable','disable','drop','hide','show','test'].forEach(val => $('<option/>',{value:val}).text(val).appendTo(select));
@ -70,7 +83,6 @@ function showListOfEditableLists(data){ @@ -70,7 +83,6 @@ function showListOfEditableLists(data){
$('<td/>').text(list.smtp_user).appendTo(row);
row.appendTo('#listlist');
}
console.log(data.user);
if (data.user.permissions.includes('create lists')){
$('a[href=add_list]').show();
} else {
@ -97,7 +109,6 @@ function showListList(data){ @@ -97,7 +109,6 @@ function showListList(data){
}
function showListResult(result){
console.log(result);
if ('error' in result){
alert(result.error);
return;
@ -123,6 +134,7 @@ function showMembers(data){ @@ -123,6 +134,7 @@ function showMembers(data){
}
function showUserList(data){
let isAdmin = data.user.permissions.includes('admin');
for (let i in data.users){
let user = data.users[i];
let row = $('<tr/>');
@ -130,9 +142,23 @@ function showUserList(data){ @@ -130,9 +142,23 @@ function showUserList(data){
$('<td/>').text(user.email).appendTo(row);
$('<td/>').text(user.password).appendTo(row);
$('<td/>').text(user.permissions).appendTo(row);
let permissions = $('<span/>');
if (isAdmin){
if (user.permissions.includes('admin')){
$('<button/>').text("- admin").click(() => dropPermission(user.email,1)).appendTo(permissions);
} else {
$('<button/>').text("+ admin").click(() => addPermission(user.email,1)).appendTo(permissions);
}
if (user.permissions.includes('create lists')){
$('<button/>').text("- create lists").click(() => dropPermission(user.email,2)).appendTo(permissions);
} else {
$('<button/>').text("+ create lists").click(() => addPermission(user.email,2)).appendTo(permissions);
}
}
permissions.appendTo(row);
row.appendTo('#userlist');
}
if (data.user.permissions.includes('admin')){
if (isAdmin){
$('a[href=register]').show();
} else {
$('a[href=register]').hide();

1
static/templates/userlist.st
Unescape View File

@ -6,6 +6,7 @@ @@ -6,6 +6,7 @@
<th>Email</th>
<th>Password</th>
<th>Permissions</th>
<th>Actions</th>
</tr>
</table>
<a href="register">Register new user</a>

Write Preview
Loading…
Cancel
Save