taylor 01/07/06 01:44:21 Modified: src/java/org/apache/jetspeed/modules/actions/portlets/security RoleBrowserAction.java RoleUpdateAction.java SecurityConstants.java Added: src/java/org/apache/jetspeed/modules/actions/portlets/security RolePermissionUpdateAction.java UserRoleUpdateAction.java Log: - added two new actions for listing and updating roles per user, and permissions per role Revision Changes Path 1.3 +7 -6 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java Index: RoleBrowserAction.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleBrowserAction.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- RoleBrowserAction.java 2001/07/02 07:33:44 1.2 +++ RoleBrowserAction.java 2001/07/06 08:44:14 1.3 @@ -63,16 +63,16 @@ import org.apache.turbine.util.StringUtils; import org.apache.turbine.util.DynamicURI; -import org.apache.turbine.util.security.RoleSet; -import org.apache.turbine.util.db.Criteria; - // turbine om import org.apache.turbine.om.security.Role; import org.apache.turbine.om.security.User; +import org.apache.turbine.om.security.Group; // turbine security import org.apache.turbine.util.security.EntityExistsException; -import org.apache.turbine.util.security.DataBackendException; +import org.apache.turbine.util.security.UnknownEntityException; +import org.apache.turbine.util.security.RoleSet; +import org.apache.turbine.util.db.Criteria; // jetspeed services import org.apache.jetspeed.services.JetspeedSecurity; @@ -132,12 +132,12 @@ RunData rundata ) { try - { + { Criteria criteria = new Criteria(); RoleSet roles = JetspeedSecurity.getRoles(criteria); context.put(SecurityConstants.CONTEXT_ROLES, roles.getRolesArray()); } - catch (DataBackendException e) + catch (Exception e) { // log the error msg Log.error(e); @@ -147,5 +147,6 @@ rundata.setScreenTemplate("Error.vm"); } } + } 1.3 +0 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java Index: RoleUpdateAction.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RoleUpdateAction.java,v retrieving revision 1.2 retrieving revision 1.3 diff -u -r1.2 -r1.3 --- RoleUpdateAction.java 2001/07/02 07:33:45 1.2 +++ RoleUpdateAction.java 2001/07/06 08:44:15 1.3 @@ -138,7 +138,6 @@ */ String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE); - // // if we are updating or deleting - put the name in the context // if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_UPDATE) || 1.2 +10 -1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java Index: SecurityConstants.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/SecurityConstants.java,v retrieving revision 1.1 retrieving revision 1.2 diff -u -r1.1 -r1.2 --- SecurityConstants.java 2001/07/02 07:33:45 1.1 +++ SecurityConstants.java 2001/07/06 08:44:16 1.2 @@ -68,6 +68,8 @@ static final String PARAM_MSG = "msg"; // unique entity id - parameter passed between browser forms and update forms static final String PARAM_ENTITY_ID = "entityid"; + // username parameter + static final String PARAM_USERNAME = "username"; // mode parameter static final String PARAM_MODE = "mode"; @@ -89,6 +91,7 @@ static final String CONTEXT_PERMISSIONS = "permissions"; static final String CONTEXT_GROUP = "group"; static final String CONTEXT_GROUPS = "groups"; + static final String CONTEXT_SELECTED = "selected"; // user browser pane id static final String PANEID_USER_BROWSER = "User Browser"; @@ -106,6 +109,10 @@ static final String PANEID_GROUP_BROWSER = "Group Browser"; // group form pane id static final String PANEID_GROUP_UPDATE = "Group"; + // user role form pane id + static final String PANEID_USERROLE_UPDATE = "User Roles"; + // role permission form pane id + static final String PANEID_ROLEPERMISSION_UPDATE = "Role Permissions"; // // Informational and Error Messages for Security Forms @@ -116,7 +123,8 @@ "Database Delete Failure. Please report this error to your Database Administrator.", "Invalid Entity Name. Please enter a valid entity name.", "Entity Name Already Exists. Please choose another unique, identifying name.", - "Deletion not allowed. You are trying to delete the currently logged on user." + "Deletion not allowed. You are trying to delete the currently logged on user.", + "Missing Parameter. Cannot process Security form." }; // // indexes into messages @@ -126,5 +134,6 @@ static final int MID_INVALID_ENTITY_NAME = 2; static final int MID_ENTITY_ALREADY_EXISTS = 3; static final int MID_CANT_DELETE_CURRENT = 4; + static final int MID_MISSING_PARAMETER = 5; }; 1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/RolePermissionUpdateAction.java Index: RolePermissionUpdateAction.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2001 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Jetspeed" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache" or * "Apache Jetspeed", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. */ package org.apache.jetspeed.modules.actions.portlets.security; // java util import java.util.Vector; // velocity import org.apache.velocity.context.Context; // turbine util import org.apache.turbine.util.Log; import org.apache.turbine.util.RunData; import org.apache.turbine.util.StringUtils; import org.apache.turbine.util.DynamicURI; // turbine om import org.apache.turbine.om.security.Role; import org.apache.turbine.om.security.User; import org.apache.turbine.om.security.Permission; // turbine security import org.apache.turbine.util.security.EntityExistsException; import org.apache.turbine.util.security.RoleSet; import org.apache.turbine.util.security.PermissionSet; import org.apache.turbine.util.db.Criteria; import org.apache.turbine.util.security.AccessControlList; import org.apache.turbine.util.security.DataBackendException; import org.apache.turbine.util.security.UnknownEntityException; // jetspeed services import org.apache.jetspeed.services.JetspeedSecurity; import org.apache.jetspeed.services.resources.JetspeedResources; // jetspeed velocity import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction; import org.apache.jetspeed.portal.portlets.VelocityPortlet; /** * This action sets up the template context for editing security permissions in the Turbine database * for a given role. * * @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a> */ public class RolePermissionUpdateAction extends VelocityPortletAction { private static final String TEMP_ROLE = "tempRole"; /** * Build the maximized state content for this portlet. (Same as normal state). * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildMaximizedContext( VelocityPortlet portlet, Context context, RunData rundata ) { buildNormalContext( portlet, context, rundata); } /** * Build the configure state content for this portlet. * TODO: we could configure this portlet with configurable skins, etc.. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildConfigureContext( VelocityPortlet portlet, Context context, RunData rundata ) { buildNormalContext( portlet, context, rundata); } /** * Build the normal state content for this portlet. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildNormalContext( VelocityPortlet portlet, Context context, RunData rundata ) { try { Role role = null; /* * Grab the mode for the user form. */ String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE); // // check to see if we are adding a role for a single user // String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID); if (entityid == null || entityid.trim().length() == 0) { return; } buildRolePermissionContext(portlet, context, rundata, entityid); // // if there was an error, display the message // String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID); if (msgid != null) { int id = Integer.parseInt(msgid); if (id < SecurityConstants.MESSAGES.length) context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]); } } catch (Exception e) { Log.error(e); rundata.setMessage("Error in Jetspeed Role Permission Security: " + e.toString()); rundata.setStackTrace(StringUtils.stackTrace(e), e); rundata.setScreenTemplate("Error.vm"); } } /** * Database Update Action for Security Role Permissions. Performs updates into security database. * * @param rundata The turbine rundata context for this request. * @param context The velocity context for this request. */ public void doUpdate(RunData rundata, Context context) throws Exception { String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID); if (entityid == null || entityid.trim().length() == 0) { Log.error("RolePermissionBrowser: Failed to get entity: " + entityid ); DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } Role role = JetspeedSecurity.getRole(entityid); if (null == role) { Log.error("RolePermissionBrowser: Failed to get role: " + entityid ); DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } try { Permission[] permissions = (Permission[])rundata.getUser().getTemp(SecurityConstants.CONTEXT_PERMISSIONS); Vector selected = (Vector)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED); if (permissions == null || selected == null) { DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } // // walk thru all the permissions, see if anything changed // if changed, update the database // for (int ix = 0; ix < permissions.length; ix++) { boolean newValue = rundata.getParameters().getBoolean("box_" + permissions[ix].getName(), false); boolean oldValue = ((Boolean)selected.elementAt(ix + 1)).booleanValue(); if (newValue != oldValue) { if (newValue == true) { // grant a permission to a role JetspeedSecurity.grant( role, permissions[ix] ); } else { // revoke a permission from a role JetspeedSecurity.revoke( role, permissions[ix] ); } } } // clear the temp values rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, null); rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, null); // // success -- bring user back to user browser // DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLE_BROWSER); rundata.getResponse().sendRedirect(duri.toString()); } catch (Exception e) { // log the error msg Log.error("Failed update role+permission: " + e); // // error on update - display error message // DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_ROLEPERMISSION_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED); if (role != null) duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, role.getName()); rundata.getResponse().sendRedirect(duri.toString()); } } /** * Build the context for a role browser for a specific user. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. * @param roleName The roleName of the role that we are building a role context for. */ private void buildRolePermissionContext(VelocityPortlet portlet, Context context, RunData rundata, String roleName) throws UnknownEntityException, DataBackendException { // get master list of roles Criteria criteria = new Criteria(); PermissionSet master = JetspeedSecurity.getPermissions(criteria); // get the user object Role role = JetspeedSecurity.getRole(roleName); if (null == role) { // no ACL found Log.error("RolePermissionBrowser: Failed to get role: " + roleName); return; } // get the permissions for this particular role PermissionSet subset = JetspeedSecurity.getPermissions(role); Permission[] permissions = master.getPermissionsArray(); Vector selected = new Vector(master.size()+1); selected.add(0, new Boolean(false)); boolean sel = false; for ( int ix = 0; ix < permissions.length; ix++ ) { if (null != subset) sel = subset.contains(permissions[ix].getName()); else sel = false; selected.add(ix + 1, new Boolean(sel)); } rundata.getUser().setTemp(SecurityConstants.CONTEXT_PERMISSIONS, permissions); rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected); context.put(SecurityConstants.CONTEXT_PERMISSIONS, permissions); context.put(SecurityConstants.CONTEXT_SELECTED, selected); context.put(SecurityConstants.CONTEXT_ROLE, role); } } 1.1 jakarta-jetspeed/src/java/org/apache/jetspeed/modules/actions/portlets/security/UserRoleUpdateAction.java Index: UserRoleUpdateAction.java =================================================================== /* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2001 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" and * "Apache Jetspeed" must not be used to endorse or promote products * derived from this software without prior written permission. For * written permission, please contact [EMAIL PROTECTED] * * 5. Products derived from this software may not be called "Apache" or * "Apache Jetspeed", nor may "Apache" appear in their name, without * prior written permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * <http://www.apache.org/>. */ package org.apache.jetspeed.modules.actions.portlets.security; // java util import java.util.Vector; // velocity import org.apache.velocity.context.Context; // turbine util import org.apache.turbine.util.Log; import org.apache.turbine.util.RunData; import org.apache.turbine.util.StringUtils; import org.apache.turbine.util.DynamicURI; // turbine om import org.apache.turbine.om.security.Role; import org.apache.turbine.om.security.User; import org.apache.turbine.om.security.Group; // turbine security import org.apache.turbine.util.security.EntityExistsException; import org.apache.turbine.util.security.RoleSet; import org.apache.turbine.util.db.Criteria; import org.apache.turbine.util.security.AccessControlList; import org.apache.turbine.util.security.DataBackendException; import org.apache.turbine.util.security.UnknownEntityException; // jetspeed services import org.apache.jetspeed.services.JetspeedSecurity; import org.apache.jetspeed.services.resources.JetspeedResources; // jetspeed velocity import org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction; import org.apache.jetspeed.portal.portlets.VelocityPortlet; /** * This action sets up the template context for editing security roles in the Turbine database * for a given user. * * @author <a href="mailto:[EMAIL PROTECTED]">David Sean Taylor</a> */ public class UserRoleUpdateAction extends VelocityPortletAction { /** * Build the maximized state content for this portlet. (Same as normal state). * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildMaximizedContext( VelocityPortlet portlet, Context context, RunData rundata ) { buildNormalContext( portlet, context, rundata); } /** * Build the configure state content for this portlet. * TODO: we could configure this portlet with configurable skins, etc.. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildConfigureContext( VelocityPortlet portlet, Context context, RunData rundata ) { buildNormalContext( portlet, context, rundata); } /** * Build the normal state content for this portlet. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. */ protected void buildNormalContext( VelocityPortlet portlet, Context context, RunData rundata ) { try { Role role = null; /* * Grab the mode for the user form. */ String mode = rundata.getParameters().getString(SecurityConstants.PARAM_MODE); // // check to see if we are adding a role for a single user // String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID); if (entityid == null || entityid.trim().length() == 0) { return; } buildUserRoleContext(portlet, context, rundata, entityid); // // if there was an error, display the message // String msgid = rundata.getParameters().getString(SecurityConstants.PARAM_MSGID); if (msgid != null) { int id = Integer.parseInt(msgid); if (id < SecurityConstants.MESSAGES.length) context.put(SecurityConstants.PARAM_MSG, SecurityConstants.MESSAGES[id]); } } catch (Exception e) { Log.error(e); rundata.setMessage("Error in Jetspeed User Role Security: " + e.toString()); rundata.setStackTrace(StringUtils.stackTrace(e), e); rundata.setScreenTemplate("Error.vm"); } } /** * Database Update Action for Security Roles. Performs updates into security database. * * @param rundata The turbine rundata context for this request. * @param context The velocity context for this request. */ public void doUpdate(RunData rundata, Context context) throws Exception { // TODO: if the user is the current user, we will need to refresh the // rundata's ACL list as described in the constructor for AccessControlList.java String entityid = rundata.getParameters().getString(SecurityConstants.PARAM_ENTITY_ID); if (entityid == null || entityid.trim().length() == 0) { Log.error("UserRoleBrowser: Failed to get entity: " + entityid ); DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } User user = JetspeedSecurity.getUser(entityid); if (null == user) { Log.error("UserRoleBrowser: Failed to get user: " + entityid ); DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } try { Role[] roles = (Role[])rundata.getUser().getTemp(SecurityConstants.CONTEXT_ROLES); Vector selected = (Vector)rundata.getUser().getTemp(SecurityConstants.CONTEXT_SELECTED); if (roles == null || selected == null) { DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_MISSING_PARAMETER); rundata.getResponse().sendRedirect(duri.toString()); return; } // // walk thru all the roles, see if anything changed // if changed, update the database // for (int ix = 0; ix < roles.length; ix++) { boolean newValue = rundata.getParameters().getBoolean("box_" + roles[ix].getName(), false); boolean oldValue = ((Boolean)selected.elementAt(ix + 1)).booleanValue(); if (newValue != oldValue) { if (newValue == true) { // grant a role to a user JetspeedSecurity.grant( user, JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP), roles[ix] ); } else { // revoke a role from a user JetspeedSecurity.revoke( user, JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP), roles[ix] ); } } } // clear the temp values rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, null); rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, null); // // success -- bring user back to user browser // DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USER_BROWSER); rundata.getResponse().sendRedirect(duri.toString()); } catch (Exception e) { // log the error msg Log.error("Failed update role+permission: " + e); // // error on update - display error message // DynamicURI duri = new DynamicURI (rundata); duri.addPathInfo(JetspeedResources.PATH_PANEL_KEY, SecurityConstants.PANEID_USERROLE_UPDATE); duri.addPathInfo(SecurityConstants.PARAM_MSGID, SecurityConstants.MID_UPDATE_FAILED); if (user != null) duri.addPathInfo(SecurityConstants.PARAM_ENTITY_ID, user.getUserName()); rundata.getResponse().sendRedirect(duri.toString()); } } /** * Build the context for a role browser for a specific user. * * @param portlet The velocity-based portlet that is being built. * @param context The velocity context for this request. * @param rundata The turbine rundata context for this request. * @param userid The userid of the user that we are building a role context for. */ private void buildUserRoleContext(VelocityPortlet portlet, Context context, RunData rundata, String userid) throws UnknownEntityException, DataBackendException { // get master list of roles Criteria criteria = new Criteria(); RoleSet master = JetspeedSecurity.getRoles(criteria); // get the user object User user = JetspeedSecurity.getUser(userid); if (null == user) { // no ACL found Log.error("UserRoleBrowser: Failed to get user: " + userid ); return; } // get the access control list for the given user AccessControlList acl = JetspeedSecurity.getACL(user); if (null == acl) { // no ACL found Log.error("RoleBrowser: NO ACL found for user: " + user.getUserName() ); return; } // get all the roles for this user in the Jetspeed Group Group jetGroup = JetspeedSecurity.getGroup(JetspeedSecurity.JETSPEED_GROUP); RoleSet userRoles = acl.getRoles( jetGroup ); Role[] roles = master.getRolesArray(); Vector selected = new Vector(master.size()+1); selected.add(0, new Boolean(false)); boolean sel = false; for ( int ix = 0; ix < roles.length; ix++ ) { if (null != userRoles) sel = userRoles.contains(roles[ix].getName()); else sel = false; selected.add(ix + 1, new Boolean(sel)); } rundata.getUser().setTemp(SecurityConstants.CONTEXT_ROLES, roles); rundata.getUser().setTemp(SecurityConstants.CONTEXT_SELECTED, selected); context.put(SecurityConstants.CONTEXT_USER, user); context.put(SecurityConstants.CONTEXT_ROLES, roles); context.put(SecurityConstants.CONTEXT_SELECTED, selected); } } --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]