use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.
the class EditRoleAction method execute.
/**
* Edit Role.
*
* <pre>
* </pre>
*
* @param mapping
* action mapping
* @param form
* action form
* @param request
* http servlet request
* @param response
* http servlet response
*
* @return action forward instance
*
* @throws Exception
* any errors happened
*/
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
// check admin
ActionForward forward = this.checkAdmin(mapping, context);
if (forward != null) {
return forward;
}
RoleForm roleForm = (RoleForm) form;
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
if (roleForm.getId() == null || roleForm.getId().trim().length() == 0) {
long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
RoleSecurity role = authorizationPersistence.getRole(roleId);
if (role == null) {
return this.handleSuccess(mapping, context, "success");
}
// add contest names
Map<Long, String> contestNames = new TreeMap<Long, String>();
for (AbstractContest contest : ContestManager.getInstance().getAllContests()) {
contestNames.put(contest.getId(), contest.getTitle());
}
for (AbstractContest contest : ContestManager.getInstance().getAllProblemsets()) {
contestNames.put(contest.getId(), contest.getTitle());
}
for (AbstractContest contest : ContestManager.getInstance().getAllCourses()) {
contestNames.put(contest.getId(), contest.getTitle());
}
context.setAttribute("ContestNames", contestNames);
// TODO add forums
Map<Long, String> forumNames = new TreeMap<Long, String>();
forumNames.put(1L, "ZOJ Forum");
context.setAttribute("ForumNames", forumNames);
roleForm.populate(role);
return this.handleSuccess(mapping, context, "failure");
}
RoleSecurity role = roleForm.toRole();
authorizationPersistence.updateRole(role, context.getUserProfile().getId());
if (role.getId() == 1) {
ContextAdapter.resetDefaultUserSecurity();
}
return this.handleSuccess(mapping, context, "success");
}
use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.
the class AuthorizationPersistenceImpl method getContestRoles.
/**
* <p>
* Gets all roles of given contest from persistence layer.
* </p>
*
* @return a list of RoleSecurity instances
* @throws PersistenceException
* wrapping a persistence implementation specific exception
*/
public List<RoleSecurity> getContestRoles(long contestId) throws PersistenceException {
Connection conn = null;
try {
conn = Database.createConnection();
PreparedStatement ps = null;
try {
// select the roles;
ps = conn.prepareStatement("SELECT role_id, name, description FROM role WHERE role_id IN (SELECT role_id FROM contest_permission WHERE contest_id=? AND permission_level_id>1)");
ps.setLong(1, contestId);
ResultSet rs = ps.executeQuery();
List<RoleSecurity> roles = new ArrayList<RoleSecurity>();
while (rs.next()) {
RoleSecurity role = new RoleSecurity(rs.getLong(1), rs.getString(2), rs.getString(3));
roles.add(role);
}
return roles;
} finally {
Database.dispose(ps);
}
} catch (SQLException e) {
throw new PersistenceException("Failed to get all roles", e);
} finally {
Database.dispose(conn);
}
}
use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.
the class AuthorizationPersistenceImpl method getUserSecurity.
/**
* <p>
* Gets a UserSecurity instance with the given user id from persistence layer.
* </p>
*
* @param userProfileId
* the id of user profile used to get the UserSecurity instance
* @return the UserSecurity instance with the given user id
* @throws PersistenceException
* wrapping a persistence implementation specific exception
*/
public UserSecurity getUserSecurity(long userProfileId) throws PersistenceException {
Connection conn = null;
try {
conn = Database.createConnection();
PreparedStatement ps = null;
ResultSet rs = null;
boolean superAdmin = false;
try {
ps = conn.prepareStatement("SELECT super_admin FROM user_profile where user_profile_id=?");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
if (rs.next()) {
superAdmin = rs.getBoolean("super_admin");
} else {
return null;
}
} finally {
Database.dispose(ps);
}
UserSecurity security = new UserSecurity(userProfileId, superAdmin);
List<RoleSecurity> roles = new ArrayList<RoleSecurity>();
Map<Long, RoleSecurity> roleIds = new HashMap<Long, RoleSecurity>();
try {
// select the roles;
ps = conn.prepareStatement("SELECT role_id, name, description FROM role " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = new RoleSecurity(rs.getLong(1), rs.getString(2), rs.getString(3));
roles.add(role);
roleIds.put(role.getId(), role);
}
} finally {
Database.dispose(ps);
}
try {
// select the contests permissions
ps = conn.prepareStatement("SELECT role_id, contest_id, permission_level_id FROM contest_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = roleIds.get(rs.getLong(1));
role.getContestPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
}
} finally {
Database.dispose(ps);
}
try {
// select the forum permissions
ps = conn.prepareStatement("SELECT role_id, forum_id, permission_level_id FROM forum_permission " + "WHERE role_id IN " + "(SELECT role_id from user_role WHERE user_profile_id = ?)");
ps.setLong(1, userProfileId);
rs = ps.executeQuery();
while (rs.next()) {
RoleSecurity role = roleIds.get(rs.getLong(1));
role.getForumPermission().addPermission(rs.getLong(2), PermissionLevel.findById(rs.getLong(3)));
}
} finally {
Database.dispose(ps);
}
for (RoleSecurity role : roles) {
security.importRole(role);
}
return security;
} catch (SQLException e) {
throw new PersistenceException("Failed to get user security with id " + userProfileId, e);
} finally {
Database.dispose(conn);
}
}
use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.
the class StatisticsManager method getRankList.
public RankList getRankList(long contestId, long roleId) throws PersistenceException {
List<Long> key = new ArrayList<Long>();
key.add(contestId);
key.add(roleId);
synchronized (this.ranklistCache) {
RankList ranklist = this.ranklistCache.get(key);
if (ranklist == null) {
ranklist = new RankList();
List<RoleSecurity> roles = PersistenceManager.getInstance().getAuthorizationPersistence().getContestRoles(contestId);
ranklist.setRoles(roles);
for (RoleSecurity role : roles) {
if (role.getId() == roleId) {
ranklist.setRole(role);
break;
}
}
if (roleId < 0 || ranklist.getRole() != null) {
AbstractContest contest = ContestManager.getInstance().getContest(contestId);
List<Problem> problems = ContestManager.getInstance().getContestProblems(contestId);
List<RankListEntry> entries = PersistenceManager.getInstance().getSubmissionPersistence().getRankList(problems, contest.getStartTime().getTime(), roleId);
for (RankListEntry entry : entries) {
entry.setUserProfile(UserManager.getInstance().getUserProfile(entry.getUserProfile().getId()));
}
ranklist.setEntries(entries);
}
this.ranklistCache.put(key, ranklist);
}
return ranklist;
}
}
use of cn.edu.zju.acm.onlinejudge.security.RoleSecurity in project zoj by licheng.
the class ManageRoleUsersAction method execute.
/**
* Edit Role.
*
* <pre>
* </pre>
*
* @param mapping
* action mapping
* @param form
* action form
* @param request
* http servlet request
* @param response
* http servlet response
*
* @return action forward instance
*
* @throws Exception
* any errors happened
*/
@Override
public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {
// check admin
ActionForward forward = this.checkAdmin(mapping, context);
if (forward != null) {
return forward;
}
long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
RoleSecurity role = null;
AuthorizationPersistence authorizationPersistence = PersistenceManager.getInstance().getAuthorizationPersistence();
if (roleId >= 0) {
role = authorizationPersistence.getRole(roleId);
}
if (role == null) {
return this.handleSuccess(mapping, context, "failure");
}
context.setAttribute("importMessage", "");
context.setAttribute("role", role);
String users = context.getRequest().getParameter("users");
if (users == null || users.trim().length() == 0) {
return this.handleSuccess(mapping, context, "success");
}
List<String> userList = new ArrayList<String>();
BufferedReader reader = new BufferedReader(new StringReader(users));
for (; ; ) {
String line = reader.readLine();
if (line == null) {
break;
}
if (line.trim().length() > 0) {
userList.add(line.trim());
}
}
String operation = context.getRequest().getParameter("operation");
if ("remove".equalsIgnoreCase(operation)) {
// TODO NOT SAFE HERE, Sql injection is possible.
Map<String, Boolean> result = authorizationPersistence.removeRoleUsers(userList, roleId);
String message = this.generateResult(userList, result, true);
context.setAttribute("importMessage", message);
} else if ("add".equalsIgnoreCase(operation)) {
// TODO NOT SAFE HERE, Sql injection is possible.
Map<String, Boolean> result = authorizationPersistence.addRoleUsers(userList, roleId);
String message = this.generateResult(userList, result, false);
context.setAttribute("importMessage", message);
}
return this.handleSuccess(mapping, context, "success");
}
Aggregations