StephanRichter/Widerhall
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity

working on permissions

Browse Source
This commit is contained in:
Stephan Richter
2022-04-18 17:15:24 +02:00
parent 2b9a185bfc
commit fccfea671a
6 changed files with 100 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/de/srsoftware/widerhall/data/ListMember.java
View File

@@ -1,6 +1,7 @@
package de.srsoftware.widerhall.data; package de.srsoftware.widerhall.data;
import de.srsoftware.widerhall.Util; import de.srsoftware.widerhall.Util;
import org.antlr.runtime.MismatchedTokenException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.stringtemplate.v4.ST; import org.stringtemplate.v4.ST;
@@ -32,14 +33,15 @@ public class ListMember {
public static User confirm(String token) throws SQLException { public static User confirm(String token) throws SQLException {
var rs = Database.open().select(TABLE_NAME).where(TOKEN,token).exec(); var rs = Database.open().select(TABLE_NAME).where(TOKEN,token).exec();
while (rs.next()){ if (rs.next()){
var lm = new ListMember(rs.getString(LIST_EMAIL),rs.getString(USER_EMAIL),rs.getInt(STATE),rs.getString(TOKEN)); var lm = new ListMember(rs.getString(LIST_EMAIL),rs.getString(USER_EMAIL),rs.getInt(STATE),rs.getString(TOKEN));
rs.close();
User user = User.loadAll(List.of(lm.userEmail)).stream().findAny().orElse(null); User user = User.loadAll(List.of(lm.userEmail)).stream().findAny().orElse(null);
if (user != null){ if (user != null){
int newState = lm.state ^ STATE_AWAITING_CONFIRMATION | STATE_SUBSCRIBER; int newState = lm.state ^ STATE_AWAITING_CONFIRMATION | STATE_SUBSCRIBER;
Database.open() Database.open()
.update(TABLE_NAME) .update(TABLE_NAME)
.set(TOKEN,"NULL") .set(TOKEN,null)
.set(STATE, newState) //drop confirmation state, set subscriber state .set(STATE, newState) //drop confirmation state, set subscriber state
.where(LIST_EMAIL,lm.listEmail) .where(LIST_EMAIL,lm.listEmail)
.where(USER_EMAIL,lm.userEmail) .where(USER_EMAIL,lm.userEmail)

7
src/main/java/de/srsoftware/widerhall/data/User.java
View File

@@ -56,7 +56,7 @@ public class User {
public void addPermission(int newPermission) throws SQLException { public void addPermission(int newPermission) throws SQLException {
permissions |= newPermission; permissions |= newPermission;
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run(); Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).where(EMAIL,email()).run();
} }
@@ -84,6 +84,11 @@ public class User {
Database.open().query(sql).run(); Database.open().query(sql).run();
} }
public void dropPermission(int newPermission) throws SQLException {
permissions ^= (permissions & newPermission);
Database.open().update(TABLE_NAME).set(PERMISSIONS,permissions).run();
}
public boolean hashPermission(int permission){ public boolean hashPermission(int permission){
return (permissions & permission) > 0; return (permissions & permission) > 0;
} }

54
src/main/java/de/srsoftware/widerhall/web/Rest.java
View File

@@ -33,10 +33,28 @@ public class Rest extends HttpServlet {
private static final String LIST_SHOW = "list/show"; private static final String LIST_SHOW = "list/show";
private static final String LIST_TEST = "list/test"; private static final String LIST_TEST = "list/test";
private static final String LIST_SUBSCRIBABLE = "list/subscribable"; private static final String LIST_SUBSCRIBABLE = "list/subscribable";
private static final String USER_ADD_PERMISSION = "user/addpermission";
private static final String USER_DROP_PERMISSION = "user/droppermission";
private static final String USER_LIST = "user/list"; private static final String USER_LIST = "user/list";
private static final String MEMBERS = "members"; private static final String MEMBERS = "members";
private static final String SUCCESS = "success"; private static final String SUCCESS = "success";
private Map addPermission(String userEmail, String permissions) {
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
try {
int perm = Integer.parseInt(permissions);
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
user.addPermission(perm);
} catch (NumberFormatException nfe){
return Map.of(ERROR,"no valid permissions provided!");
} catch (SQLException e) {
LOG.debug("Failed to load user for address {}",userEmail,e);
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
}
return Map.of(SUCCESS,"Updated user permissions");
}
@Override @Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String error = handleGet(req, resp); String error = handleGet(req, resp);
@@ -49,6 +67,22 @@ public class Rest extends HttpServlet {
if (error != null) resp.sendError(400,error); if (error != null) resp.sendError(400,error);
} }
private Map dropPermission(String userEmail, String permissions) {
if (userEmail == null || userEmail.isBlank()) return Map.of(ERROR,"missing user email address!");
try {
int perm = Integer.parseInt(permissions);
var user = User.loadAll(List.of(userEmail)).stream().findAny().orElse(null);
if (user == null) return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
user.dropPermission(perm);
} catch (NumberFormatException nfe){
return Map.of(ERROR,"no valid permissions provided!");
} catch (SQLException e) {
LOG.debug("Failed to load user for address {}",userEmail,e);
return Map.of(ERROR,t("Failed to load user for address {}",userEmail));
}
return Map.of(SUCCESS,"Updated user permissions");
}
public String handleGet(HttpServletRequest req, HttpServletResponse resp){ public String handleGet(HttpServletRequest req, HttpServletResponse resp){
Object o = req.getSession().getAttribute(USER); Object o = req.getSession().getAttribute(USER);
JSONObject json = new JSONObject(); JSONObject json = new JSONObject();
@@ -102,9 +136,9 @@ public class Rest extends HttpServlet {
json.put(USER,user.safeMap()); json.put(USER,user.safeMap());
var listEmail = req.getParameter(LIST); var listEmail = req.getParameter(LIST);
if (listEmail == null || listEmail.isBlank()) { var userEmail = req.getParameter(EMAIL);
json.putAll(Map.of(ERROR,"no list email provided!")); var permissions = req.getParameter(PERMISSIONS);
} else switch (path) { switch (path) {
case LIST_DISABLE: case LIST_DISABLE:
json.putAll(enableList(listEmail,user,false)); json.putAll(enableList(listEmail,user,false));
break; break;
@@ -123,6 +157,16 @@ public class Rest extends HttpServlet {
case LIST_TEST: case LIST_TEST:
json.putAll(testList(listEmail,user)); json.putAll(testList(listEmail,user));
break; break;
case USER_ADD_PERMISSION:
if (user.hashPermission(User.PERMISSION_ADMIN)){
json.putAll(addPermission(userEmail,permissions));
} else json.put(ERROR,"You are not allowed to alter user permissions!");
break;
case USER_DROP_PERMISSION:
if (user.hashPermission(User.PERMISSION_ADMIN)){
json.putAll(dropPermission(userEmail,permissions));
} else json.put(ERROR,"You are not allowed to alter user permissions!");
break;
default: default:
json.put(ERROR,t("No handler for path '{}'!",path)); json.put(ERROR,t("No handler for path '{}'!",path));
break; break;
@@ -140,6 +184,7 @@ public class Rest extends HttpServlet {
} }
private Map<String, Object> listMembers(String listEmail, User user) { private Map<String, Object> listMembers(String listEmail, User user) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) { if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)) {
try { try {
var members = ListMember.of(listEmail) var members = ListMember.of(listEmail)
@@ -161,6 +206,7 @@ public class Rest extends HttpServlet {
} }
private Map enableList(String listEmail, User user, boolean enable) { private Map enableList(String listEmail, User user, boolean enable) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){ if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try { try {
MailingList.load(listEmail).enable(enable); MailingList.load(listEmail).enable(enable);
@@ -174,6 +220,7 @@ public class Rest extends HttpServlet {
} }
private Map<String, String> hideList(String listEmail, User user, boolean hide) { private Map<String, String> hideList(String listEmail, User user, boolean hide) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){ if (user.hashPermission(User.PERMISSION_ADMIN) || ListMember.listsOwnedBy(user).contains(listEmail)){
try { try {
MailingList.load(listEmail).hide(hide); MailingList.load(listEmail).hide(hide);
@@ -188,6 +235,7 @@ public class Rest extends HttpServlet {
} }
private Map testList(String listEmail, User user) { private Map testList(String listEmail, User user) {
if (listEmail == null || listEmail.isBlank()) return Map.of(ERROR,"no list email provided!");
try { try {
MailingList.load(listEmail).test(user); MailingList.load(listEmail).test(user);
return Map.of(SUCCESS,t("Sent test email to {}",user.email())); return Map.of(SUCCESS,t("Sent test email to {}",user.email()));

9
src/main/java/de/srsoftware/widerhall/web/Web.java
View File

@@ -6,6 +6,7 @@ import de.srsoftware.widerhall.Util;
import de.srsoftware.widerhall.data.ListMember; import de.srsoftware.widerhall.data.ListMember;
import de.srsoftware.widerhall.data.MailingList; import de.srsoftware.widerhall.data.MailingList;
import de.srsoftware.widerhall.data.User; import de.srsoftware.widerhall.data.User;
import org.antlr.runtime.MismatchedTokenException;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.stringtemplate.v4.STGroup; import org.stringtemplate.v4.STGroup;
@@ -146,8 +147,8 @@ public class Web extends HttpServlet {
if (token== null || token.isBlank()) return t("Invalid or missing token!"); if (token== null || token.isBlank()) return t("Invalid or missing token!");
var user = ListMember.confirm(token); var user = ListMember.confirm(token);
if (user != null) return loadTemplate(INDEX,Map.of(USER,user.safeMap(),NOTES,"Confirmed list subscription!"),resp); if (user != null) return loadTemplate(INDEX,Map.of(USER,user.safeMap(),NOTES,"Confirmed list subscription!"),resp);
return t("Unknown user"); return t("Unknown user or token");
} catch (SQLException e) { } catch (Exception e) {
LOG.debug("Failed to confirm list membership:",e); LOG.debug("Failed to confirm list membership:",e);
return t("Confirmation of list membership failed!"); return t("Confirmation of list membership failed!");
} }
@@ -400,7 +401,11 @@ public class Web extends HttpServlet {
try { try {
list.requestSubscription(user,skipConfirmation); list.requestSubscription(user,skipConfirmation);
if (skipConfirmation) {
data.put(NOTES, t("Successfully subscribed '{}' to '{}'.", user.email(), list.email())); data.put(NOTES, t("Successfully subscribed '{}' to '{}'.", user.email(), list.email()));
} else {
data.put(NOTES, t("Sent confirmation mail to '{}.", user.email()));
}
return loadTemplate(INDEX,data,resp); return loadTemplate(INDEX,data,resp);
} catch (SQLException sqle) { } catch (SQLException sqle) {
LOG.debug("List subscription failed: ",sqle); LOG.debug("List subscription failed: ",sqle);

32
static/templates/js.st
View File

@@ -1,3 +1,9 @@
function addPermission(userEmail,permission){
if (confirm("Really give permission to "+userEmail+"?")){
$.post('/api/user/addpermission',{email:userEmail,permissions:permission},reload,'json');
}
}
function disableList(listEmail){ function disableList(listEmail){
$.post('/api/list/disable',{list:listEmail},showListResult,'json'); $.post('/api/list/disable',{list:listEmail},showListResult,'json');
} }
@@ -6,6 +12,13 @@ function dropList(listEmail){
console.log('dopList('+listEmail+')'); console.log('dopList('+listEmail+')');
} }
function dropPermission(userEmail,permission){
if (confirm("Really withdraw permission from "+userEmail+"?")){
$.post('/api/user/droppermission',{email:userEmail,permissions:permission},reload,'json');
}
}
function enableList(listEmail){ function enableList(listEmail){
$.post('/api/list/enable',{list:listEmail},showListResult,'json'); $.post('/api/list/enable',{list:listEmail},showListResult,'json');
} }
@@ -70,7 +83,6 @@ function showListOfEditableLists(data){
$('<td/>').text(list.smtp_user).appendTo(row); $('<td/>').text(list.smtp_user).appendTo(row);
row.appendTo('#listlist'); row.appendTo('#listlist');
} }
console.log(data.user);
if (data.user.permissions.includes('create lists')){ if (data.user.permissions.includes('create lists')){
$('a[href=add_list]').show(); $('a[href=add_list]').show();
} else { } else {
@@ -97,7 +109,6 @@ function showListList(data){
} }
function showListResult(result){ function showListResult(result){
console.log(result);
if ('error' in result){ if ('error' in result){
alert(result.error); alert(result.error);
return; return;
@@ -123,6 +134,7 @@ function showMembers(data){
} }
function showUserList(data){ function showUserList(data){
let isAdmin = data.user.permissions.includes('admin');
for (let i in data.users){ for (let i in data.users){
let user = data.users[i]; let user = data.users[i];
let row = $('<tr/>'); let row = $('<tr/>');
@@ -130,9 +142,23 @@ function showUserList(data){
$('<td/>').text(user.email).appendTo(row); $('<td/>').text(user.email).appendTo(row);
$('<td/>').text(user.password).appendTo(row); $('<td/>').text(user.password).appendTo(row);
$('<td/>').text(user.permissions).appendTo(row); $('<td/>').text(user.permissions).appendTo(row);
let permissions = $('<span/>');
if (isAdmin){
if (user.permissions.includes('admin')){
$('<button/>').text("- admin").click(() => dropPermission(user.email,1)).appendTo(permissions);
} else {
$('<button/>').text("+ admin").click(() => addPermission(user.email,1)).appendTo(permissions);
}
if (user.permissions.includes('create lists')){
$('<button/>').text("- create lists").click(() => dropPermission(user.email,2)).appendTo(permissions);
} else {
$('<button/>').text("+ create lists").click(() => addPermission(user.email,2)).appendTo(permissions);
}
}
permissions.appendTo(row);
row.appendTo('#userlist'); row.appendTo('#userlist');
} }
if (data.user.permissions.includes('admin')){ if (isAdmin){
$('a[href=register]').show(); $('a[href=register]').show();
} else { } else {
$('a[href=register]').hide(); $('a[href=register]').hide();

1
static/templates/userlist.st
View File

@@ -6,6 +6,7 @@
<th>Email</th> <th>Email</th>
<th>Password</th> <th>Password</th>
<th>Permissions</th> <th>Permissions</th>
<th>Actions</th>
</tr> </tr>
</table> </table>
<a href="register">Register new user</a> <a href="register">Register new user</a>