001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/portal/standard/security/control/EditSubadminRoleListener.java $ 002 /*---------------------------------------------------------------------------- 003 This file is part of deegree, http://deegree.org/ 004 Copyright (C) 2001-2009 by: 005 Department of Geography, University of Bonn 006 and 007 lat/lon GmbH 008 009 This library is free software; you can redistribute it and/or modify it under 010 the terms of the GNU Lesser General Public License as published by the Free 011 Software Foundation; either version 2.1 of the License, or (at your option) 012 any later version. 013 This library is distributed in the hope that it will be useful, but WITHOUT 014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS 015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more 016 details. 017 You should have received a copy of the GNU Lesser General Public License 018 along with this library; if not, write to the Free Software Foundation, Inc., 019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 020 021 Contact information: 022 023 lat/lon GmbH 024 Aennchenstr. 19, 53177 Bonn 025 Germany 026 http://lat-lon.de/ 027 028 Department of Geography, University of Bonn 029 Prof. Dr. Klaus Greve 030 Postfach 1147, 53001 Bonn 031 Germany 032 http://www.geographie.uni-bonn.de/deegree/ 033 034 e-mail: info@deegree.org 035 ----------------------------------------------------------------------------*/ 036 package org.deegree.portal.standard.security.control; 037 038 import org.deegree.enterprise.control.AbstractListener; 039 import org.deegree.enterprise.control.FormEvent; 040 import org.deegree.enterprise.control.RPCException; 041 import org.deegree.enterprise.control.RPCMethodCall; 042 import org.deegree.enterprise.control.RPCParameter; 043 import org.deegree.enterprise.control.RPCWebEvent; 044 import org.deegree.i18n.Messages; 045 import org.deegree.security.GeneralSecurityException; 046 import org.deegree.security.drm.SecurityAccess; 047 import org.deegree.security.drm.SecurityAccessManager; 048 import org.deegree.security.drm.model.Role; 049 import org.deegree.security.drm.model.User; 050 051 /** 052 * This <tt>Listener</tt> reacts on 'EditSubadminRole'-events, extracts the submitted role-id and 053 * passes the role + known datasets on to the JSP. 054 * <p> 055 * Access constraints: 056 * <ul> 057 * <li>only users that have the 'Administrator'-role are allowed</li> 058 * </ul> 059 * 060 * @author <a href="mschneider@lat-lon.de">Markus Schneider </a> 061 * @author last edited by: $Author: mschneider $ 062 * 063 * @version $Revision: 18195 $, $Date: 2009-06-18 17:55:39 +0200 (Do, 18 Jun 2009) $ 064 */ 065 public class EditSubadminRoleListener extends AbstractListener { 066 067 @Override 068 public void actionPerformed( FormEvent event ) { 069 070 try { 071 RPCWebEvent ev = (RPCWebEvent) event; 072 RPCMethodCall rpcCall = ev.getRPCMethodCall(); 073 RPCParameter[] params = rpcCall.getParameters(); 074 075 if ( params.length != 1 ) { 076 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_PARAM_NUM" ) ); 077 } 078 if ( params[0].getType() != String.class ) { 079 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_MISSING_STRING" ) ); 080 } 081 int roleId = -1; 082 try { 083 roleId = Integer.parseInt( (String) params[0].getValue() ); 084 } catch ( NumberFormatException e ) { 085 throw new RPCException( Messages.getMessage( "IGEO_STD_SEC_WRONG_ROLE_VALUE" ) ); 086 } 087 088 // get user 089 SecurityAccessManager manager = SecurityAccessManager.getInstance(); 090 User user = manager.getUserByName( toModel().get( ClientHelper.KEY_USERNAME ) ); 091 SecurityAccess access = manager.acquireAccess( user ); 092 093 // perform access check 094 ClientHelper.checkForAdminRole( access ); 095 Role role = access.getRoleById( roleId ); 096 097 // supply necessary data for the JSP 098 getRequest().setAttribute( "TOKEN", access ); 099 getRequest().setAttribute( "ROLE", role ); 100 getRequest().setAttribute( "DATASETS", access.getAllSecuredObjects( "dataset" ) ); 101 } catch ( RPCException e ) { 102 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 103 getRequest().setAttribute( "MESSAGE", 104 Messages.getMessage( "IGEO_STD_SEC_FAIL_ACCESS_ROLEEDITOR", e.getMessage() ) ); 105 setNextPage( "admin/admin_error.jsp" ); 106 } catch ( GeneralSecurityException e ) { 107 getRequest().setAttribute( "SOURCE", this.getClass().getName() ); 108 getRequest().setAttribute( "MESSAGE", 109 Messages.getMessage( "IGEO_STD_SEC_ERROR_ROLE_EDITOR", e.getMessage() ) ); 110 setNextPage( "admin/admin_error.jsp" ); 111 } 112 113 } 114 }