Search in sources :

Example 1 with RoleSecurity

use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.

the class EditRoleAction method execute.

/**
     * Edit Role.
     * 
     * <pre>
     * </pre>
     * 
     * @param mapping
     *            action mapping
     * @param form
     *            action form
     * @param request
     *            http servlet request
     * @param response
     *            http servlet response
     * 
     * @return action forward instance
     * 
     * @throws Exception
     *             any errors happened
     */
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
    // check admin
    ActionForward forward = this.checkAdmin(mapping, context);
    if (forward != null) {
        return forward;
    }
    RoleForm roleForm = (RoleForm) form;
    AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
    if (roleForm.getId() == null || roleForm.getId().trim().length() == 0) {
        long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
        RoleSecurity role = authorizationPersistence.getRole(roleId);
        if (role == null) {
            return this.handleSuccess(mapping, context, "success");
        }
        // add contest names
        Map<Long, String> contestNames = new TreeMap<Long, String>();
        for (AbstractContest contest : ContestManager.getInstance().getAllContests()) {
            contestNames.put(contest.getId(), contest.getTitle());
        }
        for (AbstractContest contest : ContestManager.getInstance().getAllProblemsets()) {
            contestNames.put(contest.getId(), contest.getTitle());
        }
        for (AbstractContest contest : ContestManager.getInstance().getAllCourses()) {
            contestNames.put(contest.getId(), contest.getTitle());
        }
        context.setAttribute("ContestNames", contestNames);
        // TODO add forums
        Map<Long, String> forumNames = new TreeMap<Long, String>();
        forumNames.put(1L, "ZOJ Forum");
        context.setAttribute("ForumNames", forumNames);
        roleForm.populate(role);
        return this.handleSuccess(mapping, context, "failure");
    }
    RoleSecurity role = roleForm.toRole();
    authorizationPersistence.updateRole(role, context.getUserProfile().getId());
    if (role.getId() == 1) {
        ContextAdapter.resetDefaultUserSecurity();
    }
    return this.handleSuccess(mapping, context, "success");
}
Also used : AbstractContest(cn.edu.zju.acm.onlinejudge.bean.AbstractContest) AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence) RoleForm(cn.edu.zju.acm.onlinejudge.form.RoleForm) TreeMap(java.util.TreeMap) ActionForward(org.apache.struts.action.ActionForward) RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)

Example 2 with RoleSecurity

use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.

the class AuthorizationPersistenceImpl method getContestRoles.

/**
     * <p>
     * Gets all roles of given contest from persistence layer.
     * </p>
     * 
     * @return a list of RoleSecurity instances
     * @throws PersistenceException
     *             wrapping a persistence implementation specific exception
     */
public List<RoleSecurity> getContestRoles(long contestId) throws PersistenceException {
    Connection conn = null;
    try {
        conn = Database.createConnection();
        PreparedStatement ps = null;
        try {
            // select the roles;
            ps = conn.prepareStatement("SELECT role_id, name, description FROM role WHERE role_id IN (SELECT role_id FROM contest_permission WHERE contest_id=? AND permission_level_id>1)");
            ps.setLong(1, contestId);
            ResultSet rs = ps.executeQuery();
            List<RoleSecurity> roles = new ArrayList<RoleSecurity>();
            while (rs.next()) {
                RoleSecurity role = new RoleSecurity(rs.getLong(1), rs.getString(2), rs.getString(3));
                roles.add(role);
            }
            return roles;
        } finally {
            Database.dispose(ps);
        }
    } catch (SQLException e) {
        throw new PersistenceException("Failed to get all roles", e);
    } finally {
        Database.dispose(conn);
    }
}
Also used : SQLException(java.sql.SQLException) Connection(java.sql.Connection) ResultSet(java.sql.ResultSet) ArrayList(java.util.ArrayList) PersistenceException(cn.edu.zju.acm.onlinejudge.persistence.PersistenceException) PreparedStatement(java.sql.PreparedStatement) RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)

Example 3 with RoleSecurity

use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.

the class AuthorizationPersistenceImpl method getUserSecurity.

/**
     * <p>
     * Gets a UserSecurity instance with the given user id from persistence layer.
     * </p>
     * 
     * @param userProfileId
     *            the id of user profile used to get the UserSecurity instance
     * @return the UserSecurity instance with the given user id
     * @throws PersistenceException
     *             wrapping a persistence implementation specific exception
     */
public UserSecurity getUserSecurity(long userProfileId) throws PersistenceException {
    Connection conn = null;
    try {
        conn = Database.createConnection();
        PreparedStatement ps = null;
        ResultSet rs = null;
        boolean superAdmin = false;
        try {
            ps = conn.prepareStatement("SELECT super_admin FROM user_profile where user_profile_id=?");
            ps.setLong(1, userProfileId);
            rs = ps.executeQuery();
            if (rs.next()) {
                superAdmin = rs.getBoolean("super_admin");
            } else {
                return null;
            }
        } finally {
            Database.dispose(ps);
        }
        UserSecurity security = new UserSecurity(userProfileId, superAdmin);
        List<RoleSecurity> roles = new ArrayList<RoleSecurity>();
        Map<Long, RoleSecurity> roleIds = new HashMap<Long, RoleSecurity>();
        try {
            // select the roles;
            ps = conn.prepareStatement("SELECT role_id, name, description FROM role " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
            ps.setLong(1, userProfileId);
            rs = ps.executeQuery();
            while (rs.next()) {
                RoleSecurity role = new RoleSecurity(rs.getLong(1), rs.getString(2), rs.getString(3));
                roles.add(role);
                roleIds.put(role.getId(), role);
            }
        } finally {
            Database.dispose(ps);
        }
        try {
            // select the contests permissions
            ps = conn.prepareStatement("SELECT role_id, contest_id, permission_level_id FROM contest_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
            ps.setLong(1, userProfileId);
            rs = ps.executeQuery();
            while (rs.next()) {
                RoleSecurity role = roleIds.get(rs.getLong(1));
                role.getContestPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
            }
        } finally {
            Database.dispose(ps);
        }
        try {
            // select the forum permissions
            ps = conn.prepareStatement("SELECT role_id, forum_id, permission_level_id FROM forum_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
            ps.setLong(1, userProfileId);
            rs = ps.executeQuery();
            while (rs.next()) {
                RoleSecurity role = roleIds.get(rs.getLong(1));
                role.getForumPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
            }
        } finally {
            Database.dispose(ps);
        }
        for (RoleSecurity role : roles) {
            security.importRole(role);
        }
        return security;
    } catch (SQLException e) {
        throw new PersistenceException("Failed to get user security with id " + userProfileId, e);
    } finally {
        Database.dispose(conn);
    }
}
Also used : HashMap(java.util.HashMap) SQLException(java.sql.SQLException) Connection(java.sql.Connection) ArrayList(java.util.ArrayList) PreparedStatement(java.sql.PreparedStatement) RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity) UserSecurity(cn.edu.zju.acm.onlinejudge.security.UserSecurity) ResultSet(java.sql.ResultSet) PersistenceException(cn.edu.zju.acm.onlinejudge.persistence.PersistenceException)

Example 4 with RoleSecurity

use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.

the class StatisticsManager method getRankList.

public RankList getRankList(long contestId, long roleId) throws PersistenceException {
    List<Long> key = new ArrayList<Long>();
    key.add(contestId);
    key.add(roleId);
    synchronized (this.ranklistCache) {
        RankList ranklist = this.ranklistCache.get(key);
        if (ranklist == null) {
            ranklist = new RankList();
            List<RoleSecurity> roles = PersistenceManager.getInstance().getAuthorizationPersistence().getContestRoles(contestId);
            ranklist.setRoles(roles);
            for (RoleSecurity role : roles) {
                if (role.getId() == roleId) {
                    ranklist.setRole(role);
                    break;
                }
            }
            if (roleId < 0 || ranklist.getRole() != null) {
                AbstractContest contest = ContestManager.getInstance().getContest(contestId);
                List<Problem> problems = ContestManager.getInstance().getContestProblems(contestId);
                List<RankListEntry> entries = PersistenceManager.getInstance().getSubmissionPersistence().getRankList(problems, contest.getStartTime().getTime(), roleId);
                for (RankListEntry entry : entries) {
                    entry.setUserProfile(UserManager.getInstance().getUserProfile(entry.getUserProfile().getId()));
                }
                ranklist.setEntries(entries);
            }
            this.ranklistCache.put(key, ranklist);
        }
        return ranklist;
    }
}
Also used : AbstractContest(cn.edu.zju.acm.onlinejudge.bean.AbstractContest) ArrayList(java.util.ArrayList) Problem(cn.edu.zju.acm.onlinejudge.bean.Problem) RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)

Example 5 with RoleSecurity

use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.

the class ManageRoleUsersAction method execute.

/**
     * Edit Role.
     * 
     * <pre>
     * </pre>
     * 
     * @param mapping
     *            action mapping
     * @param form
     *            action form
     * @param request
     *            http servlet request
     * @param response
     *            http servlet response
     * 
     * @return action forward instance
     * 
     * @throws Exception
     *             any errors happened
     */
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
    // check admin
    ActionForward forward = this.checkAdmin(mapping, context);
    if (forward != null) {
        return forward;
    }
    long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
    RoleSecurity role = null;
    AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
    if (roleId >= 0) {
        role = authorizationPersistence.getRole(roleId);
    }
    if (role == null) {
        return this.handleSuccess(mapping, context, "failure");
    }
    context.setAttribute("importMessage", "");
    context.setAttribute("role", role);
    String users = context.getRequest().getParameter("users");
    if (users == null || users.trim().length() == 0) {
        return this.handleSuccess(mapping, context, "success");
    }
    List<String> userList = new ArrayList<String>();
    BufferedReader reader = new BufferedReader(new StringReader(users));
    for (; ; ) {
        String line = reader.readLine();
        if (line == null) {
            break;
        }
        if (line.trim().length() > 0) {
            userList.add(line.trim());
        }
    }
    String operation = context.getRequest().getParameter("operation");
    if ("remove".equalsIgnoreCase(operation)) {
        // TODO NOT SAFE HERE, Sql injection is possible.
        Map<String, Boolean> result = authorizationPersistence.removeRoleUsers(userList, roleId);
        String message = this.generateResult(userList, result, true);
        context.setAttribute("importMessage", message);
    } else if ("add".equalsIgnoreCase(operation)) {
        // TODO NOT SAFE HERE, Sql injection is possible.
        Map<String, Boolean> result = authorizationPersistence.addRoleUsers(userList, roleId);
        String message = this.generateResult(userList, result, false);
        context.setAttribute("importMessage", message);
    }
    return this.handleSuccess(mapping, context, "success");
}
Also used : ArrayList(java.util.ArrayList) BufferedReader(java.io.BufferedReader) StringReader(java.io.StringReader) AuthorizationPersistence(cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence) Map(java.util.Map) ActionForward(org.apache.struts.action.ActionForward) RoleSecurity(cn.edu.zju.acm.onlinejudge.security.RoleSecurity)

Aggregations

RoleSecurity (cn.edu.zju.acm.onlinejudge.security.RoleSecurity)9 ArrayList (java.util.ArrayList)5 AuthorizationPersistence (cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence)4 PersistenceException (cn.edu.zju.acm.onlinejudge.persistence.PersistenceException)4 Connection (java.sql.Connection)4 PreparedStatement (java.sql.PreparedStatement)4 ResultSet (java.sql.ResultSet)4 SQLException (java.sql.SQLException)4 ActionForward (org.apache.struts.action.ActionForward)4 AbstractContest (cn.edu.zju.acm.onlinejudge.bean.AbstractContest)2 HashMap (java.util.HashMap)2 Problem (cn.edu.zju.acm.onlinejudge.bean.Problem)1 RoleForm (cn.edu.zju.acm.onlinejudge.form.RoleForm)1 UserSecurity (cn.edu.zju.acm.onlinejudge.security.UserSecurity)1 BufferedReader (java.io.BufferedReader)1 StringReader (java.io.StringReader)1 Map (java.util.Map)1 TreeMap (java.util.TreeMap)1