working on permissions
This commit is contained in:
@@ -33,10 +33,28 @@ public class Rest extends HttpServlet {
|
||||
private static final String LIST_SHOW = "list/show";
|
||||
private static final String LIST_TEST = "list/test";
|
||||
private static final String LIST_SUBSCRIBABLE = "list/subscribable";
|
||||
private static final String USER_ADD_PERMISSION = "user/addpermission";
|
||||
private static final String USER_DROP_PERMISSION = "user/droppermission";
|
||||
private static final String USER_LIST = "user/list";
|
||||
private static final String MEMBERS = "members";
|
||||
private static final String SUCCESS = "success";
|
||||
|
||||
private Map addPermission(String userEmail, String permissions) {
|
||||
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
|
||||
try {
|
||||
int perm = Integer.parseInt(permissions);
|
||||
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
|
||||
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
|
||||
user.addPermission(perm);
|
||||
} catch (NumberFormatException nfe){
|
||||
return Map.of(ERROR,"no valid permissions provided!");
|
||||
} catch (SQLException e) {
|
||||
LOG.debug("Failed to load user for address {}",userEmail,e);
|
||||
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
|
||||
}
|
||||
return Map.of(SUCCESS,"Updated user permissions");
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||
String error = handleGet(req, resp);
|
||||
@@ -49,6 +67,22 @@ public class Rest extends HttpServlet {
|
||||
if (error != null) resp.sendError(400,error);
|
||||
}
|
||||
|
||||
private Map dropPermission(String userEmail, String permissions) {
|
||||
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
|
||||
try {
|
||||
int perm = Integer.parseInt(permissions);
|
||||
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
|
||||
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
|
||||
user.dropPermission(perm);
|
||||
} catch (NumberFormatException nfe){
|
||||
return Map.of(ERROR,"no valid permissions provided!");
|
||||
} catch (SQLException e) {
|
||||
LOG.debug("Failed to load user for address {}",userEmail,e);
|
||||
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
|
||||
}
|
||||
return Map.of(SUCCESS,"Updated user permissions");
|
||||
}
|
||||
|
||||
public String handleGet(HttpServletRequest req, HttpServletResponse resp){
|
||||
Object o = req.getSession().getAttribute(USER);
|
||||
JSONObject json = new JSONObject();
|
||||
@@ -102,9 +136,9 @@ public class Rest extends HttpServlet {
|
||||
json.put(USER,user.safeMap());
|
||||
|
||||
var listEmail = req.getParameter(LIST);
|
||||
if (listEmail == null || listEmail.isBlank()) {
|
||||
json.putAll(Map.of(ERROR,"no list email provided!"));
|
||||
} else switch (path) {
|
||||
var userEmail = req.getParameter(EMAIL);
|
||||
var permissions = req.getParameter(PERMISSIONS);
|
||||
switch (path) {
|
||||
case LIST_DISABLE:
|
||||
json.putAll(enableList(listEmail,user,false));
|
||||
break;
|
||||
@@ -123,6 +157,16 @@ public class Rest extends HttpServlet {
|
||||
case LIST_TEST:
|
||||
json.putAll(testList(listEmail,user));
|
||||
break;
|
||||
case USER_ADD_PERMISSION:
|
||||
if (user.hashPermission(User.PERMISSION_ADMIN)){
|
||||
json.putAll(addPermission(userEmail,permissions));
|
||||
} else json.put(ERROR,"You are not allowed to alter user permissions!");
|
||||
break;
|
||||
case USER_DROP_PERMISSION:
|
||||
if (user.hashPermission(User.PERMISSION_ADMIN)){
|
||||
json.putAll(dropPermission(userEmail,permissions));
|
||||
} else json.put(ERROR,"You are not allowed to alter user permissions!");
|
||||
break;
|
||||
default:
|
||||
json.put(ERROR,t("No handler for path '{}'!",path));
|
||||
break;
|
||||
@@ -140,6 +184,7 @@ public class Rest extends HttpServlet {
|
||||
}
|
||||
|
||||
private Map<String, Object> listMembers(String listEmail, User user) {
|
||||
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
|
||||
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
|
||||
try {
|
||||
var members = ListMember.of(listEmail)
|
||||
@@ -161,6 +206,7 @@ public class Rest extends HttpServlet {
|
||||
}
|
||||
|
||||
private Map enableList(String listEmail, User user, boolean enable) {
|
||||
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
|
||||
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
|
||||
try {
|
||||
MailingList.load(listEmail).enable(enable);
|
||||
@@ -174,6 +220,7 @@ public class Rest extends HttpServlet {
|
||||
}
|
||||
|
||||
private Map<String, String> hideList(String listEmail, User user, boolean hide) {
|
||||
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
|
||||
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
|
||||
try {
|
||||
MailingList.load(listEmail).hide(hide);
|
||||
@@ -188,6 +235,7 @@ public class Rest extends HttpServlet {
|
||||
}
|
||||
|
||||
private Map testList(String listEmail, User user) {
|
||||
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
|
||||
try {
|
||||
MailingList.load(listEmail).test(user);
|
||||
return Map.of(SUCCESS,t("Sent test email to {}",user.email()));
|
||||
|
||||
Reference in New Issue
Block a user