Source code: com/RuntimeCollective/webapps/tag/CheckEditTag.java

   /* $Header: /home/CVS/rjp/src/com/RuntimeCollective/webapps/tag/CheckEditTag.java,v 1.7 2003/09/30 15:13:16 joe Exp $
    * $Revision: 1.7 $
    * $Date: 2003/09/30 15:13:16 $
    *
    * ====================================================================
    *
    * Josephine : http://www.runtime-collective.com/josephine/index.html
    *
    * Copyright (C) 2003 Runtime Collective
   * 
   * This product includes software developed by the
   * Apache Software Foundation (http://www.apache.org/).
   *
   * This library is free software; you can redistribute it and/or
   * modify it under the terms of the GNU Lesser General Public
   * License as published by the Free Software Foundation; either
   * version 2.1 of the License, or (at your option) any later version.
   *
   * This library is distributed in the hope that it will be useful,
   * but WITHOUT ANY WARRANTY; without even the implied warranty of
   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   * Lesser General Public License for more details.
   *
   * You should have received a copy of the GNU Lesser General Public
   * License along with this library; if not, write to the Free Software
   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   *
   */
  
  package com.RuntimeCollective.webapps.tag;
  
  import com.RuntimeCollective.webapps.RuntimeParameters;
  import com.RuntimeCollective.webapps.bean.User;
  import com.RuntimeCollective.webapps.bean.PermissionBean;
  import com.RuntimeCollective.webapps.bean.EntityBean;
  
  import java.sql.SQLException;
  import java.io.IOException;
  import javax.servlet.http.HttpSession;
  import javax.servlet.jsp.JspException;
  import javax.servlet.jsp.JspWriter;
  import javax.servlet.jsp.PageContext;
  import javax.servlet.jsp.tagext.TagSupport;
  import org.apache.struts.action.Action;
  import org.apache.struts.action.ActionError;
  import org.apache.struts.action.ActionErrors;
  import org.apache.struts.util.MessageResources;
  
  /**
   *
   * Check if a user can edit the named session-scoped bean.  This bean must implement the PermissionBean interface.
   *
   * If they do not have permission to edit this bean, control will be forwarded to a page that will display errors (defaults to /logon.jsp).
   *
   * <p> By default, the User on the session under RuntimeParameters.get("logonUserKey") will be used.  A different User bean on the session
   * can be used by specifying the "user" parameter.
   * <p>
   * This tag assumes the user is logged on; this tag should be used after checkLogon (unless "user" is specified).
   * <p>
   * Attributes:
   * <ul>
   * <li> name - The name of the bean to check edit permissions for</li>
   * <li> user - [optional] The name of the user bean to check permissions with - defaults to  RuntimeParameters.get("logonUserKey")</li>
   * <li> page - the page to go to if the user is not logged in (defaults to /logon.jsp)</li>
   * </ul>
   * <p>
   * For example, inserting
   * <br><code>&lt;%@ taglib uri="/WEB-INF/runtime-struts.tld" prefix="rs" %&gt;
   * <br>&lt;rs:checkEdit name="com.RuntimeCollective.school.bean.Course"/&gt;
   * <br></code>
   * <br> into a jsp page will check that the user in the session under <code>RuntimeParameters.get("logonUserKey")</code> can edit the <code>com.RuntimeCollective.school.bean.Course</code> bean.
   *
   * <p> The following errors are returned
   * <ul>
   * <li><code>error.permission.editDenied</code>
   * <li><code>error.permission.nullValues</code>
   * <li><code>error.db.connection</code>
   * <li><code>error.permission.nullSession</code>
   * </ul>
   * @author Joe Holmberg
   * @version $Id: CheckEditTag.java,v 1.7 2003/09/30 15:13:16 joe Exp $
   */
  
  public final class CheckEditTag extends TagSupport {
  
  
      /** The key of the session-scope bean we check permissions for. */
      private String name = "";
  
      /** The page to which we should forward for the user to log on. Defaults to "/logon.jsp"*/
      private String page = "/logon.jsp";
  
      /** The key of the user to check permissions for. Defaults to <code>RuntimeParameters.get("logonUserKey")</code> */
      private String user = RuntimeParameters.get("logonUserKey");
  
      /** Return the bean name. */
      public String getName() {
    return (this.name);
      }
 
     /** Set the bean name.
      * @param name The new bean name
      */
     public void setName(String name) {
   this.name = name;
     }
 
     /** Return the forward page. */
     public String getPage() {
   return (this.page);
     }
 
     /** Set the forward page.
      * @param page The new forward page
      */
     public void setPage(String page) {
   this.page = page;
     }
 
     /** Return the user. */
     public String getUser() { return this.user; }
 
     /** Set the user. */
     public void setUser(String user) { this.user = user; }
 
 
     /** Defer our checking until the end of this tag is encountered.
      * @exception JspException if a JSP exception has occurred
      */
     public int doStartTag() throws JspException {
   return (SKIP_BODY);
     }
 
     /**
 
      * Perform a permissions check by calling the specified bean's 
      * <code>canEdit</code> method, with the current user.
      * If either of these beans are blank, or there is no session,
      * or the user does not have permissions to access that bean,
      * control will be forwarded to the specified error page
      * with an appropriate error message set.
      * @exception JspException if a JSP exception has occurred
      */
     public int doEndTag() throws JspException {
 
   ActionErrors errors = new ActionErrors();
 
   // Does the user have permission?
   HttpSession session = pageContext.getSession();
   if (session!=null) {
       User userBean = (User) session.getAttribute(user);
       if (userBean != null) {
     userBean = (User)RuntimeParameters.getStore().get(User.class.getName(), userBean.getId());
       }
       PermissionBean perm = (PermissionBean) session.getAttribute(name);
       try {
     if (userBean != null && perm != null) {
         RuntimeParameters.logDebug( this, "user id="+userBean.getId()+" and bean id="+( (EntityBean) perm).getId() );
         if ( !perm.canEdit(userBean) ) errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.editDenied"));
     } else {
         RuntimeParameters.logWarn(this,"Unable to find user and permission bean for name="+name);
         errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.nullValues"));
     }
       } catch ( SQLException e ) {
     RuntimeParameters.logError(this,"problem connecting to db",e);
     errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.db.connection"));
       }
   } else {
       errors.add(ActionErrors.GLOBAL_ERROR, new ActionError("error.permission.nullSession"));
   }
 
   // Forward control based on results
   if (errors.size() == 0)
       return (EVAL_PAGE);
   else {
       // Put the errors on the request
       pageContext.getRequest().setAttribute(Action.ERROR_KEY, errors);
 
       try {
     pageContext.forward(page);
       } catch (Exception e) {
     throw new JspException(e.toString());
       }
       return (SKIP_PAGE);
   }
     }
 
 
     /** Release any acquired resources. */
     public void release() {
         super.release();
         this.name = "";
         this.page = "/logon.jsp";
   this.user = RuntimeParameters.get("logonUserKey");
     }
 }