Author: channa
Date: Mon Apr 7 06:42:58 2008
New Revision: 15604
Log:
Allow admin to act as user (MASHUP-665) and allow admin to turn any
other user into an admin (MASHUP-663).
Added:
trunk/mashup/java/modules/www/admin_act_user.jsp
trunk/mashup/java/modules/www/promote_user.jsp
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ManageUsers.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/UserInformation.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java
trunk/mashup/java/modules/www/manage_users.jsp
trunk/mashup/java/modules/www/taskbar.jsp
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
==============================================================================
--- trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
(original)
+++ trunk/mashup/java/modules/core/src/org/wso2/mashup/MashupConstants.java
Mon Apr 7 06:42:58 2008
@@ -97,6 +97,7 @@
public static final String ENABLED = "enabled";
public static final String ORIGIN_MASHUP = "origin_mashup";
public static final String PRIMARY = "primary";
+ public static final String PSEUDO_USER = "pseudo_user";
public static final String INFOCARD_PPID = "ppid";
public static final String INFOCARD_COUNT = "cardcount";
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ManageUsers.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ManageUsers.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/ManageUsers.java
Mon Apr 7 06:42:58 2008
@@ -68,11 +68,14 @@
// If the full name is available, use it, otherwise just show
the user name.
fullName = fullName != null ? fullName : allUsers[userCount];
UserInformation userInformation = new
UserInformation(fullName, isUserActive(registry,
- allUsers[userCount]), isUserDeletable(realm,
allUsers[userCount]));
+ allUsers[userCount]), isUserDeletable(realm,
allUsers[userCount]),
+ userHasRole(userStoreAdmin, allUsers[userCount],
RegistryConstants.ADMIN_ROLE));
userMap.put(allUsers[userCount], userInformation);
}
} catch (UserStoreException e) {
log.error("User manager error retrieving user list", e);
+ } catch (RegistryException e) {
+ log.error("Registry error retrieving user list", e);
}
return userMap;
}
@@ -275,4 +278,76 @@
return canBeDeleted;
}
+
+ /**
+ * Examines if a given user has been granted a given role.
+ * @param userStoreAdmin Instance of the user store admin.
+ * @param userName Name of user to be examined.
+ * @param role Name of role to be checked for.
+ * @return true if the user has the role.
+ * @throws RegistryException
+ */
+ private static boolean userHasRole(UserStoreAdmin userStoreAdmin, String
userName, String role)
+ throws RegistryException {
+ String[] userRoles = null;
+ try {
+ userRoles = userStoreAdmin.getUserRoles(userName);
+ } catch (UserStoreException e) {
+ return false;
+ }
+
+ if (userRoles != null) {
+ for (int i = 0; i < userRoles.length; i++) {
+ if (userRoles[i].equalsIgnoreCase(role)) {
+ return true;
+ }
+ }
+ }
+ return false;
+ }
+
+ /**
+ * Contains the logic which determines if admin provileges can be granted
or revoked for a
+ * given user.
+ * @param userName Name of user to be deleted.
+ * @return true if the user can be deleted without any adverse effects to
the system.
+ */
+ private static boolean isUserPromotable(UserRealm realm, String userName)
+ throws UserStoreException {
+ // Current business rules are same as user being deletable, so simply
wraps that method.
+ return isUserDeletable(realm, userName);
+ }
+
+ /**
+ * Grants or revokes the administrator role for a given user.
+ * @param request Servlet request object.
+ * @param userName Name of user to be granted or revoked the admin role.
+ * @return true, if the grant or revoke succeeds.
+ */
+ public static boolean setAdminStatus(HttpServletRequest request, String
userName,
+ boolean enable) {
+ boolean success = false;
+ SecureRegistry registry =
+ (SecureRegistry) request.getSession()
+ .getAttribute(MashupConstants.USER_REGISTRY);
+ UserRealm realm = registry.getUserRealm();
+
+ try {
+ // Check if the user can be promoted and demoted.
+ if (isUserPromotable(realm, userName)) {
+ UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
+
+ // Assign or remove role based on call.
+ if (enable) {
+ userStoreAdmin.addUserToRole(userName,
RegistryConstants.ADMIN_ROLE);
+ } else {
+ userStoreAdmin.removeUserFromRole(userName,
RegistryConstants.ADMIN_ROLE);
+ }
+ success = true;
+ }
+ } catch (UserStoreException e) {
+ log.error("Error getting user properties", e);
+ }
+ return success;
+ }
}
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/UserInformation.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/UserInformation.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/userprofile/UserInformation.java
Mon Apr 7 06:42:58 2008
@@ -21,6 +21,7 @@
public class UserInformation {
private boolean userActive;
private boolean userDeletable;
+ private boolean userAdmin;
private String fullName;
private String userName;
@@ -35,6 +36,14 @@
this.fullName = userFullName;
}
+ public UserInformation(String userFullName, boolean userActive, boolean
userDeleteable,
+ boolean userAdmin) {
+ this.userActive = userActive;
+ this.userDeletable = userDeleteable;
+ this.fullName = userFullName;
+ this.userAdmin = userAdmin;
+ }
+
public boolean isUserActive() {
return userActive;
}
@@ -50,4 +59,8 @@
public String getUserName() {
return userName;
}
+
+ public boolean isUserAdmin() {
+ return userAdmin;
+ }
}
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/webapp/utils/RegistryUtils.java
Mon Apr 7 06:42:58 2008
@@ -175,9 +175,17 @@
if (registry instanceof SecureRegistry) {
SecureRegistry secureRegistry = (SecureRegistry) registry;
String[] userRoles = null;
+ UserStoreReader userStoreReader;
try {
- userRoles = secureRegistry.getUserRealm().getUserStoreReader()
- .getUserRoles(secureRegistry.getUserID());
+ userStoreReader =
secureRegistry.getUserRealm().getUserStoreReader();
+
+ // Get user properties and respond as non-admin if current
user is a pseudo user.
+ Map userProps =
userStoreReader.getUserProperties(secureRegistry.getUserID());
+ if (Boolean.parseBoolean((String)
userProps.get(MashupConstants.PSEUDO_USER))) {
+ return false;
+ }
+
+ userRoles =
userStoreReader.getUserRoles(secureRegistry.getUserID());
} catch (UserStoreException e) {
return false;
}
@@ -195,6 +203,59 @@
return false;
}
+ /**
+ * Returns if the current user is playing a pseudo user role.
+ * @param registry Registry instance.
+ * @return true if the user is playinng a pseudo role.
+ */
+ public static boolean isPseudoUser(Registry registry) {
+ if (registry instanceof SecureRegistry) {
+ SecureRegistry secureRegistry = (SecureRegistry) registry;
+ UserStoreReader userStoreReader;
+ try {
+ userStoreReader =
secureRegistry.getUserRealm().getUserStoreReader();
+
+ // Get user properties and respond as non-admin if current
user is a pseudo user.
+ Map userProps =
userStoreReader.getUserProperties(secureRegistry.getUserID());
+ return Boolean.parseBoolean((String)
userProps.get(MashupConstants.PSEUDO_USER));
+ } catch (UserStoreException e) {
+ return false;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Allows an admin to make self a pseudo user.
+ *
+ * @param registry Instance of registry.
+ * @param enable Make into a pseudo user if true. If false, revert to
admin.
+ * @return true if the operation succeeds.
+ * @throws RegistryException If an error is encountered.
+ */
+ public static boolean makePseudoUser(Registry registry, boolean enable)
+ throws RegistryException, UserStoreException {
+ if (registry instanceof SecureRegistry) {
+ SecureRegistry secureRegistry = (SecureRegistry) registry;
+ UserStoreAdmin userStoreAdmin =
secureRegistry.getUserRealm().getUserStoreAdmin();
+ Map userProps =
userStoreAdmin.getUserProperties(secureRegistry.getUserID());
+
+ // If current user is an admin or a pseudo user, proceed with
change.
+ if (isAdminRole(registry) || Boolean.parseBoolean((String)
+ userProps.get(MashupConstants.PSEUDO_USER))) {
+ if (enable) {
+ // Set the 'enabled' property.
+ userProps.put(MashupConstants.PSEUDO_USER,
String.valueOf(enable));
+ } else {
+ userProps.remove(MashupConstants.PSEUDO_USER);
+ }
+ userStoreAdmin.setUserProperties(secureRegistry.getUserID(),
userProps);
+ return true;
+ }
+ }
+ return false;
+ }
public static String getCurrentUser(Registry registry) throws
RegistryException {
Added: trunk/mashup/java/modules/www/admin_act_user.jsp
==============================================================================
--- (empty file)
+++ trunk/mashup/java/modules/www/admin_act_user.jsp Mon Apr 7 06:42:58 2008
@@ -0,0 +1,134 @@
+<%--
+ * Copyright 2006,2007 WSO2, Inc. http://www.wso2.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+--%>
+<%@ page errorPage="error.jsp" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndContent" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndContentImpl" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndEntry" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndEntryImpl" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndFeed" %>
+<%@ page import="com.sun.syndication.feed.synd.SyndFeedImpl" %>
+<%@ page import="com.sun.syndication.io.SyndFeedOutput" %>
+<%@ page import="org.wso2.mashup.MashupConstants" %>
+<%@ page import="org.wso2.mashup.utils.QueryResult" %>
+<%@ page import="org.wso2.mashup.utils.QueryResults" %>
+<%@ page import="org.wso2.mashup.webapp.identity.InfoCardHandler" %>
+<%@ page import="org.wso2.mashup.webapp.identity.RegistrationBean" %>
+<%@ page import="org.wso2.mashup.webapp.userprofile.ManageUsers" %>
+<%@ page import="org.wso2.mashup.webapp.userprofile.User" %>
+<%@ page import="org.wso2.mashup.webapp.userprofile.UserQuery" %>
+<%@ page import="org.wso2.mashup.webapp.utils.QueryParamUtils" %>
+<%@ page import="org.wso2.mashup.webapp.utils.RegistryUtils" %>
+<%@ page import="org.wso2.registry.Comment" %>
+<%@ page import="org.wso2.registry.Registry" %>
+<%@ page import="org.wso2.registry.RegistryConstants" %>
+<%@ page import="org.wso2.registry.RegistryException" %>
+<%@ page import="org.wso2.registry.Resource" %>
+<%@ page import="org.wso2.registry.Tag" %>
+<%@ page import="org.wso2.registry.jdbc.JDBCRegistry" %>
+<%@ page import="org.wso2.registry.secure.SecureRegistry" %>
+<%@ page import="org.wso2.usermanager.Realm" %>
+<%@ page import="org.wso2.usermanager.UserManagerException" %>
+<%@ page import="javax.servlet.ServletContext" %>
+<%@ page import="java.net.URL" %>
+<%@ page import="java.net.URLDecoder" %>
+<%@ page import="java.util.ArrayList" %>
+<%@ page import="java.util.Date" %>
+<%@ page import="java.util.Iterator" %>
+<%@ page import="java.util.List" %>
+<%@ page import="java.util.Map" %>
+
+<!--Required to keep a user logged in if 'Remember Me' option is selected-->
+<%@ include file="validate_login.jsp" %>
+
+<%
+ String bounceback = request.getParameter("bounceback");
+ String enable = request.getParameter("enable");
+ if (bounceback == null) {
+ bounceback = "index.jsp";
+ } else {
+ bounceback = URLDecoder.decode(bounceback, "UTF-8");
+ }
+%>
+<html>
+<head>
+ <title><%= bundle.getString("main.title")%> - Act as User</title>
+ <!-- Required CSS -->
+ <link href="css/styles.css" rel="stylesheet" type="text/css"/>
+ <script language="javascript" src="js/common.js"
type="text/javascript"></script>
+ <script language="javascript"
+ type="text/javascript">userLoggedOn =
<%=RegistryUtils.isLoggedIn(registry) %>;</script>
+</head>
+<body>
+<div id="page">
+ <% String thisPage = "admin_act_user.jsp"; %>
+ <%@ include file="header.jsp" %>
+ <div id="search"></div>
+ <div id="welcome">
+
+
+ </div>
+ <div id="content">
+ <div class="mashup_title">Act as User</div>
+ <table width="100%" height="400" border="0" cellspacing="0"
cellpadding="5">
+
+ <tr>
+ <td align="center" height="150">
+ <% if ("true".equals(enable)) {
+ if (RegistryUtils.isAdminRole(registry)) {
+ RegistryUtils.makePseudoUser(registry, true);
+ %>
+ <div><img src="images/correct.gif"
align="absmiddle"> User privileges activated.<br/>
+ </div>
+ <br/><br/>
+
+ <div align="justify">
+ You have activated the 'Act as User' feature, which
revokes your administrator privileges until
+ you revert to your administrator role.
+ <br/><br/>
+ Please use the 'Revert to Administrator' link in the
task bar to regain administrator privileges.
+ </div>
+ <% } else {
+ response.sendRedirect(bounceback);
+ }
+ } else {
+ if (RegistryUtils.isPseudoUser(registry)) {
+ RegistryUtils.makePseudoUser(registry, false);%>
+ <div><img src="images/correct.gif"
align="absmiddle"> Admin privileges re-activated.<br/>
+ </div>
+ <br/><br/>
+ <div align="justify">
+ You have disabled the 'Act as user' feature and have
been granted all administrator privileges.
+ </div>
+ <%
+ } else {
+ response.sendRedirect(bounceback);
+ }
+ }
+ %>
+ </td>
+ </tr>
+ <tr>
+ <td align="center" height="25">
+ You may return to the page you were on using this <a
+ href="<%=bounceback%>">link</a>.
+ </td>
+ </tr>
+ </table>
+ </div>
+ <%@ include file="footer.jsp" %>
+</div>
+</body>
+</html>
\ No newline at end of file
Modified: trunk/mashup/java/modules/www/manage_users.jsp
==============================================================================
--- trunk/mashup/java/modules/www/manage_users.jsp (original)
+++ trunk/mashup/java/modules/www/manage_users.jsp Mon Apr 7 06:42:58 2008
@@ -105,11 +105,25 @@
</td>
<td><%= userInformation.getFullName() %></td>
<td align="center"><a
href="add_user.jsp?username=<%=userName%>&editmode=true&firstcall=true&bounceback=<%=URLEncoder.encode(thisPage,"UTF-8")%>"><img
src="images/edit.gif" alt="Edit user" title="Edit user" border="0"></a></td>
- <% if (userInformation.isUserDeletable()) { %>
- <td align="center"><a href="delete_user.jsp?username=<%=
URLEncoder.encode(userName,"UTF-8") %>&fullname=<%=
URLEncoder.encode(userInformation.getFullName(),"UTF-8")
%>&firstcall=true&bounceback=<%=URLEncoder.encode(thisPage,"UTF-8")%>"><img
src="images/delete.gif" alt="Delete user" title="Delete user"
border="0"></a></td>
- <% } %>
+ <% if (userInformation.isUserDeletable()) {
+ String urlString = "username=" + URLEncoder.encode(userName,
"UTF-8") + "&fullname=" + URLEncoder.encode(userInformation.getFullName(),
"UTF-8") + "&firstcall=true&bounceback=" + URLEncoder.encode(thisPage,
"UTF-8"); %>
+ <td align="center"><a href="delete_user.jsp?<%= urlString
%>"><img src="images/delete.gif"
+
alt="Delete user" title="Delete user"
+
border="0"></a></td>
+ <% if (userInformation.isUserAdmin()) { %>
+ <td align="center"><a href="promote_user.jsp?<%= urlString
%>&demote=true"><img src="images/arrowDown.gif"
+
alt="Revoke Admin"
+
title="Revoke Admin"
+
border="0"></a></td>
+ <% } else { %>
+ <td align="center"><a href="promote_user.jsp?<%= urlString
%>"><img src="images/arrowUp.gif"
+
alt="Assign Admin"
+
title="Assign Admin" border="0"></a>
+ </td>
+ <% }
+ } %>
</tr>
- <% }%>
+ <% }%>
</table>
<br>
<br>
Added: trunk/mashup/java/modules/www/promote_user.jsp
==============================================================================
--- (empty file)
+++ trunk/mashup/java/modules/www/promote_user.jsp Mon Apr 7 06:42:58 2008
@@ -0,0 +1,122 @@
+<%--
+ * Copyright 2006,2007 WSO2, Inc. http://www.wso2.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+--%>
+<%@ page errorPage="error.jsp" %>
+<%@ page import="org.wso2.mashup.webapp.userprofile.ManageUsers" %>
+<%@ page import="org.wso2.mashup.webapp.utils.RegistryUtils" %>
+<%@ page import="org.wso2.registry.Registry" %>
+<%@ page import="java.net.URLDecoder" %>
+
+<!--Required to keep a user logged in if 'Remember Me' option is selected-->
+<%@ include file="validate_login.jsp" %>
+
+<%
+ String firstcall = request.getParameter("firstcall");
+ String demote = request.getParameter("demote");
+ String userName = request.getParameter("username");
+ String fullName = request.getParameter("fullname");
+ String message = ("true".equals(demote) ? "Revoke": "Grant") + " Admin
Privileges";
+ String bounceback = request.getParameter("bounceback");
+ boolean actionFailed = false;
+
+ if (bounceback == null) {
+ bounceback = "index.jsp";
+ } else {
+ bounceback = URLDecoder.decode(bounceback, "UTF-8");
+ }
+
+ if (userName != null) {
+ userName = URLDecoder.decode(userName, "UTF-8");
+ }
+
+ if (fullName != null) {
+ fullName = URLDecoder.decode(fullName, "UTF-8");
+ }
+
+ if (!"true".equals(firstcall)) {
+ if (RegistryUtils.isAdminRole(registry)) {
+ if ("true".equals(demote)) {
+ // remove users admin role.
+ if (ManageUsers.setAdminStatus(request, userName, false)) {
+ response.sendRedirect(bounceback);
+ } else {
+ message = "Could not revoke admin privileges for user.";
+ actionFailed = true;
+ }
+ } else {
+ if (ManageUsers.setAdminStatus(request, userName, true)) {
+ response.sendRedirect(bounceback);
+ } else {
+ message = "Could not grant admin privileges to user.";
+ actionFailed = true;
+ }
+ }
+ } else {
+ response.sendRedirect(bounceback);
+ }
+ }
+%>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
+<html>
+<head>
+ <title><%= bundle.getString("main.title")%> - Administrator Rights</title>
+ <!-- Required CSS -->
+ <link href="css/styles.css" rel="stylesheet" type="text/css"/>
+ <script language="javascript" src="js/common.js"
type="text/javascript"></script>
+ <script language="javascript"
+ type="text/javascript">userLoggedOn =
<%=RegistryUtils.isLoggedIn(registry) %>;</script>
+</head>
+<body>
+<div id="page">
+ <% String thisPage = "promote_user.jsp"; %>
+ <%@ include file="header.jsp" %>
+ <div id="search"></div>
+ <div id="content" style="height:400px; ">
+ <div class="mashup_title"><%= message %></div>
+<br/>
+ <form name="formPromoteUser" method='post'
action="promote_user.jsp">
+ <input type="hidden" name="bounceback"
value="<%=bounceback%>"/>
+ <input type="hidden" name="username"
value="<%=userName%>"/>
+ <input type="hidden" name="demote"
value="<%=demote%>"/>
+ <table width="100%" border="0" cellspacing="0"
cellpadding="3">
+ <tr>
+ <td width="150"><label><strong><%=
("true".equals(demote) ? "Revoke Rights of": "Grant Rights to") %>
:</strong></label></td>
+ <td><label><%= userName %></label></td>
+ </tr>
+ <tr>
+ <td width="150"><label><strong>Full
Name:</strong></label></td>
+ <td><label><%= fullName %></label></td>
+ </tr>
+ <tr>
+ <% if (actionFailed) { %>
+ You may return to the page you were on using
this <a
+ href="<%=bounceback%>">link</a>.
+ <% } else { %>
+ <td> </td>
+ <td> </td>
+ <% } %>
+ </tr>
+ <tr>
+ <td> </td>
+ <td><input type="submit" value="<%=
"true".equals(demote) ? "Revoke": "Grant" %>"/> <input type="button"
value="Cancel" onclick="document.location = '<%= bounceback %>';"></td>
+ </tr>
+ </table>
+ </form>
+ <br/><br/><br/><br/><br/>
+ </div>
+ <%@ include file="footer.jsp" %>
+</div>
+</body>
+</html>
\ No newline at end of file
Modified: trunk/mashup/java/modules/www/taskbar.jsp
==============================================================================
--- trunk/mashup/java/modules/www/taskbar.jsp (original)
+++ trunk/mashup/java/modules/www/taskbar.jsp Mon Apr 7 06:42:58 2008
@@ -201,6 +201,12 @@
<a href="infocard.jsp">Register your Infocard</a>
</li>
<% } %>
+<%
+ if (RegistryUtils.isPseudoUser(registry)) { %>
+<li>
+ <a href="admin_act_user.jsp?enable=false">Revert to Administrator</a>
+</li>
+<% } %>
<!--
<li>
<a href="#">Add virtual directory**</a>
@@ -248,6 +254,9 @@
<% } %>
</li>
<li>
+ <a href="admin_act_user.jsp?enable=true">Act as User</a>
+ </li>
+ <li>
<a href="log_reader.jsp">View Server Log</a>
</li>
</ul>
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
