Skip to content

Antti Väyrynen / Moya

Go to a project
Commit 8ef7678a by Tuomas Riihimäki Committed by Juho Juopperi
Options

Lisätty: 

  - LanEventDomain
  - Facadesäätöä
  - Englanninkielistä käännöstä.
  - Poistettu PermissionDeniedException turhana ja huonona designpatternina..
1 parent 1a267e23
Expand all
Inline Side-by-side
Showing with 569 additions and 435 deletions
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccountEventBean.java
......@@ -91,7 +91,7 @@ public class AccountEventBean implements AccountEventBeanLocal {
*/
@Override
@RolesAllowed(ShopPermission.S_SHOP_PRODUCTS)
public List<AccountEvent> shopCash(User shoppingUser, Map<Product, BigDecimal> shopMap, boolean buyInstant) throws PermissionDeniedException {
public List<AccountEvent> shopCash(User shoppingUser, Map<Product, BigDecimal> shopMap, boolean buyInstant) {
logger.debug("Shoping cash. buyinstant {}", buyInstant);
User seller = permbean.getCurrentUser();
shoppingUser = userbean.findById(shoppingUser.getId());
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
......@@ -9,6 +9,7 @@ import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
......@@ -20,6 +21,7 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beanutil.PdfPrinter;
import fi.insomnia.bortal.bortal.views.BillSummary;
import fi.insomnia.bortal.enums.apps.BillPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.facade.BillFacade;
import fi.insomnia.bortal.facade.BillLineFacade;
import fi.insomnia.bortal.facade.UserFacade;
......@@ -37,7 +39,13 @@ import fi.insomnia.bortal.utilities.I18n;
*/
@Stateless
@LocalBean
@DeclareRoles({ "USER", "BILL/WRITE_ALL", "BILL/READ_ALL", "BILL/CREATE_BILL" })
@DeclareRoles({
BillPermission.S_CREATE_BILL,
BillPermission.S_READ_ALL,
BillPermission.S_VIEW_OWN,
BillPermission.S_WRITE_ALL,
SpecialPermission.S_USER
})
public class BillBean implements BillBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(BillBean.class);
......@@ -66,6 +74,9 @@ public class BillBean implements BillBeanLocal {
@EJB
private UtilBean utilbean;
@EJB
private LoggingBeanLocal loggingBean;
/**
* Default constructor.
*/
......@@ -74,7 +85,7 @@ public class BillBean implements BillBeanLocal {
}
@Override
@RolesAllowed("USER")
@RolesAllowed(BillPermission.S_VIEW_OWN)
public Bill findById(int id) {
LanEvent event = eventbean.getCurrentEvent();
if (id <= 0) {
......@@ -180,14 +191,14 @@ public class BillBean implements BillBeanLocal {
// }
@Override
@RolesAllowed("BILL/READ_ALL")
@RolesAllowed(BillPermission.S_READ_ALL)
public List<Bill> findAll() {
return billFacade.findAll(eventbean.getCurrentEvent());
}
@Override
@RolesAllowed("BILL/READ_ALL")
@RolesAllowed(BillPermission.S_READ_ALL)
public Collection<BillSummary> getBillLineSummary() {
Collection<BillSummary> ret = billLineFacade.getLineSummary(eventbean.getCurrentEvent());
......@@ -195,7 +206,7 @@ public class BillBean implements BillBeanLocal {
}
@Override
@RolesAllowed("BILL/WRITE_ALL")
@RolesAllowed(BillPermission.S_WRITE_ALL)
public void markPaid(Bill bill, Calendar when) {
Product creditproduct = productBean.findCreditProduct();
......@@ -233,10 +244,11 @@ public class BillBean implements BillBeanLocal {
}
@Override
@RolesAllowed("BILL/CREATE_BILL")
public void createBill(Bill bill) throws PermissionDeniedException {
if (!permbean.isCurrentUser(bill.getUser())) {
permbean.fatalPermission(BillPermission.WRITE_ALL, "Not enought rights to create bill for user ", bill.getUser());
@RolesAllowed({ BillPermission.S_CREATE_BILL, BillPermission.S_WRITE_ALL })
public void createBill(Bill bill) {
if (!permbean.hasPermission(BillPermission.WRITE_ALL) || !permbean.isCurrentUser(bill.getUser())) {
loggingBean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "Not enought rights to create bill for user ");
throw new EJBAccessException("Could not create bill for another user");
}
User user = userfacade.find(bill.getUser().getId());
if (user.getBills() == null) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/CardTemplateBean.java
......@@ -87,7 +87,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
}
@Override
public void checkAllUsersCardRights() throws PermissionDeniedException {
public void checkAllUsersCardRights() {
for (User u : userbean.getUsers()) {
checkPrintedCard(u);
}
......@@ -99,7 +99,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
* @throws PermissionDeniedException
*/
@Override
public PrintedCard checkPrintedCard(User user) throws PermissionDeniedException {
public PrintedCard checkPrintedCard(User user) {
logger.info("Checking printed card");
user = userfacade.find(user.getId());
......@@ -166,7 +166,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
}
@RolesAllowed(UserPermission.S_WRITE_ROLES)
public CardTemplate getUsersCardtype(User user) throws PermissionDeniedException {
public CardTemplate getUsersCardtype(User user) {
List<Role> roles = userbean.findUsersRoles(user);
CardTemplate greatestTemplate = null;
......@@ -182,7 +182,7 @@ public class CardTemplateBean implements CardTemplateBeanLocal {
}
@Override
public PrintedCard setRfidUid(String tag, User user) throws PermissionDeniedException {
public PrintedCard setRfidUid(String tag, User user) {
PrintedCard ct = checkPrintedCard(user);
return setRfidUid(tag, ct);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventBean.java
package fi.insomnia.bortal.beans;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
......@@ -10,10 +11,13 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.clientutils.BortalLocalContextHolder;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.facade.EventFacade;
import fi.insomnia.bortal.facade.EventOrganiserFacade;
import fi.insomnia.bortal.facade.LanEventDomainFacade;
import fi.insomnia.bortal.model.EventOrganiser;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.LanEventDomain;
import fi.insomnia.bortal.model.User;
/**
......@@ -26,6 +30,7 @@ public class EventBean implements EventBeanLocal {
private static final String DEFAULT_EVENT_NAME = "Default event";
private static final String DEFAULT_ORGANISATION_NAME = "Default organisation";
private static final Logger logger = LoggerFactory.getLogger(EventBean.class);
private static final String DEFAULT_EVENT_DOMAIN = null;
@EJB
private EventFacade eventFacade;
......@@ -38,6 +43,8 @@ public class EventBean implements EventBeanLocal {
private LoggingBeanLocal loggingbean;
@EJB
private PermissionBeanLocal permbean;
@EJB
private LanEventDomainFacade domainfacade;
@Override
public LanEvent getEventByHostname(String hostname) {
......@@ -80,28 +87,49 @@ public class EventBean implements EventBeanLocal {
@Override
public LanEvent getCurrentEvent() {
String hostname = BortalLocalContextHolder.getHostname();
// logger.info("Current hostname from context: {}", hostname);
LanEvent ret = null;
if (BortalLocalContextHolder.getHostnameId() != null) {
ret = eventFacade.find(BortalLocalContextHolder.getHostnameId());
if (ret != null) {
return ret;
}
}
if (hostname == null || hostname.isEmpty()) {
hostname = DEFAULT_EVENT_DOMAIN;
}
LanEventDomain domain = domainfacade.findByDomain(hostname);
LanEvent ret = getEventByHostname(BortalLocalContextHolder.getHostname());
if (domain != null)
{
ret = domain.getEvent();
}
if (ret == null) {
ret = this.findOrCreateDefaultEvent();
}
BortalLocalContextHolder.setHostnameId(ret.getId());
return ret;
}
@Override
public LanEvent mergeChanges(LanEvent event) throws PermissionDeniedException {
// TODO: Hmm..
if (!permbean.isCurrentUser(event.getOrganiser().getAdmin()) && !permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to merge event: " + event + " without being admin of that group");
}
@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
public LanEvent mergeChanges(LanEvent event) {
return eventFacade.merge(event);
}
@Override
public void create(LanEvent event) throws PermissionDeniedException {
// TODO: Hmm..
if (!permbean.isCurrentUser(event.getOrganiser().getAdmin()) && !permbean.getCurrentUser().isSuperadmin()) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to create a new event for organiser " + event.getOrganiser() + " without being admin of that group");
@RolesAllowed({ SpecialPermission.S_SUPERADMIN, SpecialPermission.S_ORGANISATION_ADMIN })
public void create(LanEvent event) {
}
eventFacade.create(event);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventMapBean.java
......@@ -8,6 +8,7 @@ import javax.ejb.Stateless;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.facade.EventMapFacade;
import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.LanEvent;
......@@ -16,7 +17,7 @@ import fi.insomnia.bortal.model.LanEvent;
* Session Bean implementation class EventMapBean
*/
@Stateless
@DeclareRoles({ "MAP/MANAGE_MAPS" })
@DeclareRoles({ MapPermission.S_MANAGE_MAPS })
public class EventMapBean implements EventMapBeanLocal {
@EJB
......@@ -28,15 +29,15 @@ public class EventMapBean implements EventMapBeanLocal {
private static final Logger logger = LoggerFactory.getLogger(EventMapBean.class);
@Override
@RolesAllowed("MAP/MANAGE_MAPS")
@RolesAllowed(MapPermission.S_MANAGE_MAPS)
public EventMap saveMap(EventMap eventmap) {
return eventmapfacade.merge(eventmap);
}
@Override
@RolesAllowed("MAP/MANAGE_MAPS")
public EventMap create(String mapname) throws PermissionDeniedException {
@RolesAllowed(MapPermission.S_MANAGE_MAPS)
public EventMap create(String mapname) {
EventMap ret = new EventMap(eventbean.getCurrentEvent());
ret.setName(mapname);
LanEvent event = eventbean.getCurrentEvent();
......@@ -47,7 +48,7 @@ public class EventMapBean implements EventMapBeanLocal {
}
@Override
@RolesAllowed("MAP/MANAGE_MAPS")
@RolesAllowed(MapPermission.S_MANAGE_MAPS)
public void sendImage(int destId, byte[] imagedata) {
EventMap map = eventmapfacade.find(destId);
logger.debug("Setting mapdata for map {}", map);
......@@ -58,7 +59,7 @@ public class EventMapBean implements EventMapBeanLocal {
}
@Override
@RolesAllowed("MAP/MANAGE_MAPS")
@RolesAllowed(MapPermission.S_MANAGE_MAPS)
public EventMap find(Integer mapId) {
return eventmapfacade.find(mapId);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PermissionBean.java
......@@ -17,9 +17,9 @@ import fi.insomnia.bortal.enums.apps.ContentPermission;
import fi.insomnia.bortal.enums.apps.IAppPermission;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.enums.apps.PollPermission;
import fi.insomnia.bortal.enums.apps.TerminalPermission;
import fi.insomnia.bortal.enums.apps.ShopPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.enums.apps.TerminalPermission;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.facade.UserFacade;
import fi.insomnia.bortal.model.User;
......@@ -66,7 +66,7 @@ import fi.insomnia.bortal.model.User;
SpecialPermission.S_SUPERADMIN,
SpecialPermission.S_USER,
SpecialPermission.S_ANONYMOUS,
TerminalPermission.S_TERMINAL,
TerminalPermission.S_CASHIER_TERMINAL,
TerminalPermission.S_CUSTOMER_TERMINAL,
......@@ -102,32 +102,36 @@ public class PermissionBean implements PermissionBeanLocal {
}
@Override
public boolean fatalPermission(IAppPermission permission, Object... failmessage) throws PermissionDeniedException {
boolean ret = hasPermission(permission);
if (!ret) {
StringBuilder message = new StringBuilder().append(" permission: ").append(permission);
if (failmessage == null || failmessage.length == 0) {
message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
.append(permission);
} else {
for (Object part : failmessage) {
message.append(part == null ? "NULL" : part.toString());
}
}
// throw new SecurityException("Foobar");
throw new PermissionDeniedException(loggingbean, getCurrentUser(), message.toString());
}
return true;
}
@Override
public void fatalNotLoggedIn() throws PermissionDeniedException {
if (!isLoggedIn()) {
throw new PermissionDeniedException(loggingbean, getCurrentUser(), "User is not logged in!");
}
}
// @Override
// public boolean fatalPermission(IAppPermission permission, Object...
// failmessage) {
// boolean ret = hasPermission(permission);
// if (!ret) {
// StringBuilder message = new
// StringBuilder().append(" permission: ").append(permission);
// if (failmessage == null || failmessage.length == 0) {
// message.append(" MSG: SessionHandler mbean permission exception: Permission: ")
// .append(permission);
// } else {
// for (Object part : failmessage) {
// message.append(part == null ? "NULL" : part.toString());
// }
// }
// // throw new SecurityException("Foobar");
//
// throw new PermissionDeniedException(loggingbean, getCurrentUser(),
// message.toString());
// }
// return true;
// }
//
// @Override
// public void fatalNotLoggedIn() throws PermissionDeniedException {
// if (!isLoggedIn()) {
// throw new PermissionDeniedException(loggingbean, getCurrentUser(),
// "User is not logged in!");
// }
// }
@Override
public boolean isCurrentUser(User user) {
......@@ -168,31 +172,31 @@ public class PermissionBean implements PermissionBeanLocal {
}
return defaultUser;
}
public String getPrincipal() {
Principal principal = context.getCallerPrincipal();
logger.debug("Principal: {}", principal);
String principalName = principal.getName();
logger.debug("Principal is {}", principalName);
return principalName;
}
@Override
public String getCommonName() throws IllegalStateException {
String dn = context.getCallerPrincipal().getName();
String[] parts = dn.split(",");
for (String part : parts) {
if (part.trim().toUpperCase().startsWith("CN=")) {
String cn = part.substring("CN=".length());
return cn;
}
}
throw new IllegalStateException("Current security principal has no CN");
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceBean.java
......@@ -19,6 +19,7 @@ import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.ejb.Timeout;
......@@ -29,6 +30,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.enums.apps.SpecialPermission;
import fi.insomnia.bortal.exceptions.BortalCatchableException;
import fi.insomnia.bortal.facade.GroupMembershipFacade;
import fi.insomnia.bortal.facade.PlaceFacade;
......@@ -48,7 +50,6 @@ import fi.insomnia.bortal.model.User;
@Stateless
@LocalBean
@DeclareRoles({ MapPermission.S_BUY_PLACES,
"MAP/BUY_PLACES",
MapPermission.S_MANAGE_MAPS })
public class PlaceBean implements PlaceBeanLocal {
private static final String PLACE_RESERVE_TIMEOUTER = "Map reserve timeouter";
......@@ -75,6 +76,8 @@ public class PlaceBean implements PlaceBeanLocal {
private PermissionBeanLocal permbean;
@EJB
private UserFacade userfacade;
@EJB
private LoggingBeanLocal loggerbean;
@Override
@RolesAllowed(MapPermission.S_MANAGE_MAPS)
......@@ -90,18 +93,24 @@ public class PlaceBean implements PlaceBeanLocal {
* logged in user, but if user does not have enough rights an exception will
* be thrown
*
* @throws PermissionDeniedException
*
*/
@RolesAllowed(SpecialPermission.S_USER)
@Override
public BigDecimal totalReservationPrice(User user, Place newPlace) throws PermissionDeniedException {
if (user == null) {
user = permbean.getCurrentUser();
} else if (!permbean.isCurrentUser(user) &&
!permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
throw new PermissionDeniedException(logbean,
permbean.getCurrentUser(), "No right to impersonate another user");
}
public BigDecimal getTotalReservationPrice(Place newPlace)
{
return addAndCalcPrice(permbean.getCurrentUser(), newPlace);
}
@RolesAllowed(MapPermission.S_MANAGE_OTHERS)
@Override
public BigDecimal getTotalReservationPrice(User user, Place newPlace)
{
return addAndCalcPrice(user, newPlace);
}
private BigDecimal addAndCalcPrice(User user, Place newPlace) {
Set<Place> places = new HashSet<Place>();
places.addAll(placeFacade.findUsersReservations(eventBean.getCurrentEvent(), user));
......@@ -207,12 +216,13 @@ public class PlaceBean implements PlaceBeanLocal {
@Override
@RolesAllowed(MapPermission.S_BUY_PLACES)
public PlaceGroup buySelectedPlaces(User user) throws BortalCatchableException, PermissionDeniedException {
public PlaceGroup buySelectedPlaces(User user) throws BortalCatchableException {
if (user == null) {
user = permbean.getCurrentUser();
} else {
if (!user.equals(permbean.getCurrentUser())) {
permbean.fatalPermission(MapPermission.MANAGE_OTHERS, "Can not buy places for user ", user);
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "Can not buy places for user " + user);
throw new EJBAccessException("Not enough permissions to buy place");
}
user = userfacade.find(user.getId());
}
......@@ -225,7 +235,7 @@ public class PlaceBean implements PlaceBeanLocal {
// PlaceGroup pg = pgbean.createPlaceGroup(user);
BigDecimal totalprice = totalReservationPrice(user, null);
BigDecimal totalprice = addAndCalcPrice(user, null);
BigDecimal balance = user.getAccountBalance();
if (balance.compareTo(totalprice) < 0) {
logger.info("User {} Could not buy things because account balance {} is too low for purchase {}", new Object[] { user, balance, totalprice });
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBean.java
......@@ -6,6 +6,7 @@ import java.util.List;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.Stateless;
import org.slf4j.Logger;
......@@ -44,6 +45,8 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
@EJB
private PermissionBeanLocal permbean;
@EJB
private LoggingBeanLocal loggerbean;
/**
* Default constructor.
......@@ -83,11 +86,10 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
@Override
@RolesAllowed(MapPermission.S_BUY_PLACES)
public boolean associateToToken(User user, String token) throws PermissionDeniedException {
if (!permbean.isCurrentUser(user)) {
permbean.fatalPermission(MapPermission.MANAGE_OTHERS);
public boolean associateToToken(User user, String token) {
if (!permbean.isCurrentUser(user) && !permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
throw new EJBAccessException();
}
token = token.trim();
GroupMembership mem = gmemfacade.findByToken(token);
......@@ -161,10 +163,11 @@ public class PlaceGroupBean implements PlaceGroupBeanLocal {
}
@Override
public void releaseAndGenerateToken(GroupMembership gmem) throws PermissionDeniedException {
public void releaseAndGenerateToken(GroupMembership gmem) {
gmem = gmemfacade.find(gmem.getId());
if (!(permbean.getCurrentUser().getId().equals(gmem.getPlaceGroup().getCreator().getId()) || permbean.hasPermission(MapPermission.MANAGE_OTHERS))) {
throw new PermissionDeniedException(loggingbean, permbean.getCurrentUser(), "User tried to release and generate group membership: " + gmem);
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to release and generate group membership: " + gmem);
throw new EJBAccessException("Not enough rights to release token");
}
gmem.setUser(null);
gmem.setInviteToken(gmemfacade.createInviteToken());
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
......@@ -5,8 +5,6 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.util.Calendar;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.ejb.Stateless;
......@@ -235,9 +233,9 @@ public class TestDataBean implements TestDataBeanLocal {
return map;
} catch (URISyntaxException ex) {
Logger.getLogger(getClass().getName()).log(Level.SEVERE, null, ex);
logger.warn("Exception while generating testmap", ex);
} catch (IOException ex) {
Logger.getLogger(getClass().getName()).log(Level.SEVERE, null, ex);
logger.warn("Exception while generating testmap", ex);
} finally
{
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
......@@ -14,6 +14,7 @@ import java.util.Set;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.imageio.ImageIO;
......@@ -83,6 +84,9 @@ public class UserBean implements UserBeanLocal {
@EJB
private UserImageFacade imagefacade;
@EJB
private LoggingBeanLocal loggerbean;
@Override
@RolesAllowed(UserPermission.S_VIEW_ALL)
public List<User> getUsers() {
......@@ -93,10 +97,10 @@ public class UserBean implements UserBeanLocal {
@Override
@RolesAllowed(SpecialPermission.S_USER)
public User mergeChanges(User user) throws PermissionDeniedException {
if (!permbean.isCurrentUser(user)) {
permbean.fatalPermission(UserPermission.MODIFY);
public User mergeChanges(User user) {
if (!permbean.isCurrentUser(user) && !permbean.hasPermission(UserPermission.MODIFY)) {
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to save another user: " + user);
throw new EJBAccessException("Not enough rights to save user");
}
User ret = userFacade.merge(user);
......@@ -111,10 +115,11 @@ public class UserBean implements UserBeanLocal {
}
@Override
public List<Role> findUsersRoles(User u) throws PermissionDeniedException {
public List<Role> findUsersRoles(User u) {
User currusr = permbean.getCurrentUser();
if (!currusr.equals(u)) {
permbean.fatalNotLoggedIn();
if (!currusr.equals(u) && !permbean.hasPermission(UserPermission.MODIFY)) {
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "User tried to fetc another users roles: " + u);
throw new EJBAccessException("Not enough rights to find roles");
}
return localFindUsersRoles(u);
......@@ -164,13 +169,15 @@ public class UserBean implements UserBeanLocal {
@Override
@RolesAllowed(SpecialPermission.S_USER)
public UserImage uploadImage(User user, String contentType, byte[] image, String filename, String description) throws PermissionDeniedException {
public UserImage uploadImage(User user, String contentType, byte[] image, String filename, String description) {
user = userFacade.merge(user);
logger.debug("uploading image to userid {}", user);
if (!user.equals(permbean.getCurrentUser())) {
permbean.fatalPermission(UserPermission.MODIFY, "usert tried to save picture to userid " + user + " without sufficient permissions!");
User curruser = permbean.getCurrentUser();
if (!curruser.equals(user) && !permbean.hasPermission(UserPermission.MODIFY)) {
loggerbean.logMessage(SecurityLogType.permissionDenied, curruser, "user tried to save picture to userid " + user + " without sufficient permissions!");
throw new EJBAccessException("No permission to upload image as another user");
}
UserImage userimage = new UserImage(user);
......@@ -194,16 +201,18 @@ public class UserBean implements UserBeanLocal {
}
@Override
public UserImage findUserImage(int id) throws PermissionDeniedException {
public UserImage findUserImage(int id) {
UserImage ret = null;
if (id == 0 && permbean.isLoggedIn()) {
ret = permbean.getCurrentUser().getCurrentImage();
} else {
ret = userimagefacade.find(id);
if (ret != null && !permbean.isCurrentUser(ret.getUser())) {
permbean.fatalPermission(UserPermission.MODIFY, "Not enough rights to access image id: " + id + " for user " + ret.getUser());
if (ret != null && !permbean.isCurrentUser(ret.getUser()) && permbean.hasPermission(UserPermission.MODIFY)) {
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(), "Not enough rights to access image id: " + id + " for user " + ret.getUser());
throw new EJBAccessException("Not enough permissions to fetch image");
}
}
return ret;
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UtilBean.java
......@@ -87,7 +87,7 @@ public class UtilBean implements UtilBeanLocal {
// }
@Override
public boolean convertImage(User user) throws PermissionDeniedException {
public boolean convertImage(User user) {
user = userbean.mergeChanges(user);
UserImage oldpic = user.getCurrentImage();
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/AccountEventFacade.java
......@@ -24,13 +24,6 @@ public class AccountEventFacade extends EventChildGenericFacade<AccountEvent> {
super(AccountEvent.class);
}
// @Override
// public void create(AccountEvent event) {
// user = userfacade
//
// userfacade.evict(event.getUser());
// }
public List<Role> findProvidedRoles(LanEvent event, User u) {
CriteriaBuilder cb = getEm().getCriteriaBuilder();
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/ActionLogFacade.java
......@@ -18,6 +18,7 @@ import fi.insomnia.bortal.model.ActionLogMessageResponse_;
public class ActionLogFacade extends IntegerPkGenericFacade<ActionLogMessage> {
public ActionLogFacade() {
super(ActionLogMessage.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/BillFacade.java
......@@ -25,6 +25,7 @@ public class BillFacade extends EventChildGenericFacade<Bill> {
public BillFacade() {
super(Bill.class);
}
// @Override
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/BillLineFacade.java
......@@ -21,6 +21,7 @@ public class BillLineFacade extends EventChildGenericFacade<BillLine> {
private static final Logger logger = LoggerFactory.getLogger(BillLineFacade.class);
public BillLineFacade() {
super(BillLine.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CardTemplateFacade.java
......@@ -21,6 +21,7 @@ public class CardTemplateFacade extends IntegerPkGenericFacade<CardTemplate> {
private EventBeanLocal eventbean;
public CardTemplateFacade() {
super(CardTemplate.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CompoEntryFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.CompoEntry;
public class CompoEntryFacade extends EventChildGenericFacade<CompoEntry> {
public CompoEntryFacade() {
super(CompoEntry.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CompoEntryFileFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.CompoEntryFile;
public class CompoEntryFileFacade extends EventChildGenericFacade<CompoEntryFile> {
public CompoEntryFileFacade() {
super(CompoEntryFile.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CompoEntryParticipantFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.CompoEntryParticipant;
public class CompoEntryParticipantFacade extends EventChildGenericFacade<CompoEntryParticipant> {
public CompoEntryParticipantFacade() {
super(CompoEntryParticipant.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/CompoFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.Compo;
public class CompoFacade extends EventChildGenericFacade<Compo> {
public CompoFacade() {
super(Compo.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/DiscountFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.Discount;
public class DiscountFacade extends EventChildGenericFacade<Discount> {
public DiscountFacade() {
super(Discount.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/DiscountInstanceFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.DiscountInstance;
public class DiscountInstanceFacade extends EventChildGenericFacade<DiscountInstance> {
public DiscountInstanceFacade() {
super(DiscountInstance.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/EventChildGenericFacade.java
......@@ -21,10 +21,11 @@ import fi.insomnia.bortal.model.LanEvent;
* Session Bean implementation class GenericFacade
*/
public abstract class EventChildGenericFacade<T extends GenericEventChild> extends GenericFacade<EventPk, T> {
@PersistenceContext
private EntityManager em;
protected final EntityManager getEm() {
protected EntityManager getEm() {
return em;
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/EventFacade.java
......@@ -14,6 +14,7 @@ import fi.insomnia.bortal.model.LanEvent_;
public class EventFacade extends IntegerPkGenericFacade<LanEvent> {
public EventFacade() {
super(LanEvent.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/EventMapFacade.java
......@@ -32,6 +32,7 @@ public class EventMapFacade extends IntegerPkGenericFacade<EventMap> {
);
return getSingleNullableResult(getEm().createQuery(cq));
}
public Long countSelectable(EventMap map) {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/EventOrganiserFacade.java
......@@ -16,6 +16,7 @@ import fi.insomnia.bortal.model.EventOrganiser_;
public class EventOrganiserFacade extends IntegerPkGenericFacade<EventOrganiser> {
public EventOrganiserFacade() {
super(EventOrganiser.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/FoodWaveFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.FoodWave;
public class FoodWaveFacade extends EventChildGenericFacade<FoodWave> {
public FoodWaveFacade() {
super(FoodWave.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/FoodWaveTemplateFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.FoodWaveTemplate;
public class FoodWaveTemplateFacade extends EventChildGenericFacade<FoodWaveTemplate> {
public FoodWaveTemplateFacade() {
super(FoodWaveTemplate.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GenericFacade.java
......@@ -23,18 +23,6 @@ import fi.insomnia.bortal.utilities.jpa.ModelInterface;
public abstract class GenericFacade<I extends Serializable, C extends ModelInterface<I>> {
// protected static <T, C extends ModelInterface<T>>
// List<SingularAttribute<C, T>> mkAttrlist(SingularAttribute<C, T>...
// types) {
// List<SingularAttribute<C, T>> ret = new ArrayList<SingularAttribute<C,
// T>>();
// for (SingularAttribute<C, T> a : types) {
// ret.add(a);
// }
// return Collections.unmodifiableList(ret);
//
// }
private final Class<C> entClass;
private static final Logger logger = LoggerFactory.getLogger(GenericFacade.class);
......@@ -76,8 +64,8 @@ public abstract class GenericFacade<I extends Serializable, C extends ModelInter
/**
* Deprekoitu! Yleensä ei haluta palauttaa kaikkia entryjä kannasta, vaan
* vain ko. tapahtumaan / käyttäjään / muuhun olioon liittyvät Jos
* oikeasti tarpeellinen luo funktio facadeen!
* vain ko. tapahtumaan / käyttäjään / muuhun olioon liittyvät Jos oikeasti
* tarpeellinen luo funktio facadeen!
*/
// @Deprecated
// public List<C> findAll() {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/GroupMembershipFacade.java
......@@ -32,6 +32,7 @@ public class GroupMembershipFacade extends IntegerPkGenericFacade<GroupMembershi
private EventBeanLocal eventbean;
public GroupMembershipFacade() {
super(GroupMembership.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/IntegerPkGenericFacade.java
......@@ -9,10 +9,11 @@ import fi.insomnia.bortal.utilities.jpa.ModelInterface;
* Session Bean implementation class GenericFacade
*/
public abstract class IntegerPkGenericFacade<T extends ModelInterface<Integer>> extends GenericFacade<Integer, T> {
@PersistenceContext
private EntityManager em;
protected final EntityManager getEm() {
protected EntityManager getEm() {
return em;
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LanEventDomainFacade.java
......@@ -2,8 +2,15 @@ package fi.insomnia.bortal.facade;
import javax.ejb.LocalBean;
import javax.ejb.Stateless;
import javax.persistence.TypedQuery;
import javax.persistence.criteria.CriteriaBuilder;
import javax.persistence.criteria.CriteriaQuery;
import javax.persistence.criteria.Path;
import javax.persistence.criteria.Root;
import fi.insomnia.bortal.model.LanEventDomain;
import fi.insomnia.bortal.model.LanEventDomain_;
import fi.insomnia.bortal.model.LanEvent_;
@Stateless
@LocalBean
......@@ -13,4 +20,20 @@ public class LanEventDomainFacade extends IntegerPkGenericFacade<LanEventDomain>
super(LanEventDomain.class);
}
public LanEventDomain findByDomain(String hostname) {
CriteriaBuilder cb = getEm().getCriteriaBuilder();
CriteriaQuery<LanEventDomain> cq = cb.createQuery(LanEventDomain.class);
Root<LanEventDomain> root = cq.from(LanEventDomain.class);
Path<String> domainPath = root.get(LanEventDomain_.domain);
cq.where(cb.like(cb.lower(domainPath), "%" + hostname.toLowerCase().trim()));
cq.orderBy(cb.asc(root.get(LanEventDomain_.overridePriority)), cb.desc(root.get(LanEventDomain_.event).get(LanEvent_.startTime)), cb.asc(cb.length(root.get(LanEventDomain_.domain))));
TypedQuery<LanEventDomain> query = getEm().createQuery(cq);
query.setMaxResults(1);
return super.getSingleNullableResult(query);
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LocationFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.Location;
public class LocationFacade extends IntegerPkGenericFacade<Location> {
public LocationFacade() {
super(Location.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.LogEntry;
public class LogEntryFacade extends IntegerPkGenericFacade<LogEntry> {
public LogEntryFacade() {
super(LogEntry.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
......@@ -12,6 +12,7 @@ import fi.insomnia.bortal.model.LogEntryType;
public class LogEntryTypeFacade extends IntegerPkGenericFacade<LogEntryType> {
public LogEntryTypeFacade() {
super(LogEntryType.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/MenuNavigationFacade.java
......@@ -25,7 +25,6 @@ public class MenuNavigationFacade extends IntegerPkGenericFacade<MenuNavigation>
public MenuNavigationFacade() {
super(MenuNavigation.class);
// TODO Auto-generated constructor stub
}
@EJB
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/MenuitemFacade.java
......@@ -14,6 +14,7 @@ import fi.insomnia.bortal.model.Menuitem_;
public class MenuitemFacade extends IntegerPkGenericFacade<Menuitem> {
public MenuitemFacade() {
super(Menuitem.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/NewsFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.News;
public class NewsFacade extends IntegerPkGenericFacade<News> {
public NewsFacade() {
super(News.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/NewsGroupFacade.java
......@@ -18,6 +18,7 @@ import fi.insomnia.bortal.model.NewsGroup_;
public class NewsGroupFacade extends IntegerPkGenericFacade<NewsGroup> {
public NewsGroupFacade() {
super(NewsGroup.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PageContentFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.PageContent;
public class PageContentFacade extends IntegerPkGenericFacade<PageContent> {
public PageContentFacade() {
super(PageContent.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PlaceFacade.java
......@@ -28,6 +28,7 @@ public class PlaceFacade extends IntegerPkGenericFacade<Place> {
private static final Logger logger = LoggerFactory.getLogger(PlaceFacade.class);
public PlaceFacade() {
super(Place.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PlaceGroupFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.PlaceGroup;
public class PlaceGroupFacade extends IntegerPkGenericFacade<PlaceGroup> {
public PlaceGroupFacade() {
super(PlaceGroup.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PollAnswerFacade.java
......@@ -10,7 +10,7 @@ import fi.insomnia.bortal.model.PollAnswer;
public class PollAnswerFacade extends IntegerPkGenericFacade<PollAnswer> {
public PollAnswerFacade() {
super(PollAnswer.class);
}
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PollFacade.java
......@@ -18,6 +18,7 @@ import fi.insomnia.bortal.model.Poll_;
public class PollFacade extends IntegerPkGenericFacade<Poll> {
public PollFacade() {
super(Poll.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PollQuestionFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.PollQuestion;
public class PollQuestionFacade extends IntegerPkGenericFacade<PollQuestion> {
public PollQuestionFacade() {
super(PollQuestion.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PossibleAnswerFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.PossibleAnswer;
public class PossibleAnswerFacade extends IntegerPkGenericFacade<PossibleAnswer> {
public PossibleAnswerFacade() {
super(PossibleAnswer.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/PrintedCardFacade.java
......@@ -21,6 +21,7 @@ import fi.insomnia.bortal.model.User;
public class PrintedCardFacade extends IntegerPkGenericFacade<PrintedCard> {
public PrintedCardFacade() {
super(PrintedCard.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/ProductFacade.java
......@@ -23,6 +23,7 @@ public class ProductFacade extends IntegerPkGenericFacade<Product> {
private EventBeanLocal eventbean;
public ProductFacade() {
super(Product.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/ReaderFacade.java
......@@ -23,6 +23,7 @@ public class ReaderFacade extends IntegerPkGenericFacade<Reader> {
private EventBeanLocal eventbean;
public ReaderFacade() {
super(Reader.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
......@@ -18,6 +18,7 @@ import fi.insomnia.bortal.model.User;
public class RoleFacade extends IntegerPkGenericFacade<Role> {
public RoleFacade() {
super(Role.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/SalesEntityFacade.java
......@@ -13,6 +13,7 @@ import fi.insomnia.bortal.model.salespoint.SalesEntity;
public class SalesEntityFacade extends IntegerPkGenericFacade<SalesEntity> {
public SalesEntityFacade() {
super(SalesEntity.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/SitePageFacade.java
......@@ -25,6 +25,7 @@ public class SitePageFacade extends IntegerPkGenericFacade<SitePage> {
private EventBeanLocal eventbean;
public SitePageFacade() {
super(SitePage.class);
}
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserFacade.java
......@@ -26,21 +26,6 @@ public class UserFacade extends IntegerPkGenericFacade<User> {
private static final Logger logger = LoggerFactory.getLogger(UserFacade.class);
// private enum Userfields implements StringPredicateField<User> {
// nick(User_.nick), login(User_.login), firstnames(User_.firstnames),
// lastname(User_.lastname), email(User_.email);
// private SingularAttribute<User, String> field;
//
// Userfields(SingularAttribute<User, String> f) {
// field = f;
// }
//
// @Override
// public SingularAttribute<User, String> getField() {
// return field;
// }
// }
private static List<SingularAttribute<User, String>> SEARCHATTRS;
private List<SingularAttribute<User, String>> getAttrlist() {
......
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/UserImageFacade.java
......@@ -17,12 +17,4 @@ public class UserImageFacade extends IntegerPkGenericFacade<UserImage> {
super(UserImage.class);
}
// @Override
// public void create(UserImage entity)
// {
// super.create(entity);
// userfacade.evict(entity.getUser());
//
// }
}
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/VoteFacade.java
......@@ -10,6 +10,7 @@ import fi.insomnia.bortal.model.Vote;
public class VoteFacade extends EventChildGenericFacade<Vote> {
public VoteFacade() {
super(Vote.class);
}
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/AccountEventBeanLocal.java
......@@ -24,6 +24,6 @@ public interface AccountEventBeanLocal {
List<Role> getRolesFromAccountEvents(User u);
List<AccountEvent> shopCash(User shoppingUser, Map<Product, BigDecimal>
shopMap, boolean buyInstant) throws PermissionDeniedException;
shopMap, boolean buyInstant);
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/BillBeanLocal.java
......@@ -13,7 +13,7 @@ import fi.insomnia.bortal.model.Bill;
@Local
public interface BillBeanLocal {
Bill findById(int id) throws PermissionDeniedException;
Bill findById(int id);
//
// Bill createEmptyBill(User shoppingUser) throws PermissionDeniedException;
......@@ -29,6 +29,6 @@ public interface BillBeanLocal {
void getPdfBillStream(Bill bill, OutputStream ostream);
void createBill(Bill bill) throws PermissionDeniedException;
void createBill(Bill bill);
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/CardTemplateBeanLocal.java
......@@ -19,11 +19,11 @@ public interface CardTemplateBeanLocal extends EntityFinderBean<CardTemplate> {
CardTemplate find(Integer id);
PrintedCard checkPrintedCard(User user) throws PermissionDeniedException;
PrintedCard checkPrintedCard(User user);
void checkAllUsersCardRights() throws PermissionDeniedException;
void checkAllUsersCardRights();
PrintedCard setRfidUid(String tag, User user) throws PermissionDeniedException;
PrintedCard setRfidUid(String tag, User user);
PrintedCard setRfidUid(String tag, PrintedCard card);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/EventBeanLocal.java
......@@ -12,9 +12,9 @@ public interface EventBeanLocal {
LanEvent getCurrentEvent();
LanEvent mergeChanges(LanEvent event) throws PermissionDeniedException;
LanEvent mergeChanges(LanEvent event);
void create(LanEvent event) throws PermissionDeniedException;
void create(LanEvent event);
String flushCache();
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/EventMapBeanLocal.java
......@@ -9,7 +9,7 @@ public interface EventMapBeanLocal {
EventMap saveMap(EventMap eventmap);
EventMap create(String mapname) throws PermissionDeniedException;
EventMap create(String mapname);
void sendImage(int destId, byte[] imagedata);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PermissionBeanLocal.java
......@@ -17,20 +17,22 @@ public interface PermissionBeanLocal {
boolean isCurrentUser(User thisuser);
boolean fatalPermission(IAppPermission perm, Object... failmessage) throws PermissionDeniedException;
// boolean fatalPermission(IAppPermission perm, Object... failmessage);
// throws PermissionDeniedException;
void fatalNotLoggedIn() throws PermissionDeniedException;
// void fatalNotLoggedIn();
User getAnonUser();
String getPrincipal();
/**
* Get common name of the logged in cert like "customer-01"
*
* @return CN of the certificate
* @throws IllegalStateException Principal has no CN
* @throws IllegalStateException
* Principal has no CN
*/
String getCommonName() throws IllegalStateException;
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PermissionDeniedException.java deleted 100644 → 0
package fi.insomnia.bortal.beans;
import fi.insomnia.bortal.model.User;
public class PermissionDeniedException extends Exception {
public PermissionDeniedException(LoggingBeanLocal bean, User user, String message) {
super(message);
bean.logMessage(SecurityLogType.permissionDenied, user, this.getMessage());
}
/**
*
*/
private static final long serialVersionUID = -5845504817243929548L;
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PlaceBeanLocal.java
......@@ -35,9 +35,7 @@ public interface PlaceBeanLocal {
Place mergeChanges(Place place);
PlaceGroup buySelectedPlaces(User user) throws BortalCatchableException, PermissionDeniedException;
BigDecimal totalReservationPrice(User user, Place newPlace) throws PermissionDeniedException;
PlaceGroup buySelectedPlaces(User user) throws BortalCatchableException;
// void releaseUsersPlaces(User user) throws PermissionDeniedException;
......@@ -45,4 +43,8 @@ public interface PlaceBeanLocal {
void unbuyPlace(Place place);
BigDecimal getTotalReservationPrice(User user, Place newPlace);
BigDecimal getTotalReservationPrice(Place newPlace);
}
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/PlaceGroupBeanLocal.java
......@@ -17,9 +17,9 @@ public interface PlaceGroupBeanLocal {
// List<GroupMembership> getMemberships(User user);
boolean associateToToken(User user, String token) throws PermissionDeniedException;
boolean associateToToken(User user, String token);
void releaseAndGenerateToken(GroupMembership gmem) throws PermissionDeniedException;
void releaseAndGenerateToken(GroupMembership gmem);
void getGroupMembershipPdf(List<GroupMembership> memberships, OutputStream ostream);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
......@@ -20,7 +20,7 @@ public interface UserBeanLocal {
User getUser(String login);
User mergeChanges(User currentUser) throws PermissionDeniedException;
User mergeChanges(User currentUser);
// boolean hasCurrentUserPermission(Permission userManagement,
// RolePermission execute);
......@@ -30,9 +30,9 @@ public interface UserBeanLocal {
// void fatalNotLoggedIn();
UserImage uploadImage(User user, String contentType, byte[] image, String filename, String description) throws PermissionDeniedException;
UserImage uploadImage(User user, String contentType, byte[] image, String filename, String description);
UserImage findUserImage(int id) throws PermissionDeniedException;
UserImage findUserImage(int id);
// List<User> searchName(String name);
......@@ -44,7 +44,7 @@ public interface UserBeanLocal {
User initPasswordReset(User user, String hash, String mailpath);
List<Role> findUsersRoles(User u) throws PermissionDeniedException;
List<Role> findUsersRoles(User u);
User findById(Integer integer);
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UtilBeanLocal.java
......@@ -12,7 +12,7 @@ public interface UtilBeanLocal {
boolean sendMail(MailMessage message);
boolean convertImage(User user) throws PermissionDeniedException;
boolean convertImage(User user);
// void checkAllUsersImages() throws PermissionDeniedException;
......
code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/clientutils/BortalLocalContextHolder.java
......@@ -10,8 +10,10 @@ public class BortalLocalContextHolder {
private static final ThreadLocal<BortalLocalContextHolder> THREAD_WITH_CONTEXT = new ThreadLocal<BortalLocalContextHolder>();
private String hostname;
private Integer hostnameId;
private final Map<IAppPermission, Boolean> rightcache = new HashMap<IAppPermission, Boolean>();
private static boolean inDevelopmentMode = false;
public BortalLocalContextHolder() {
......@@ -72,9 +74,14 @@ public class BortalLocalContextHolder {
public static void setInDevelopmentMode(boolean developmentMode) {
inDevelopmentMode = developmentMode;
}
public static Integer getHostnameId() {
return getThread().hostnameId;
}
public static void setHostnameId(Integer id)
{
getThread().hostnameId = id;
}
}
\ No newline at end of file
code/LanBortalDatabase/src/fi/insomnia/bortal/model/Bill.java
......@@ -137,6 +137,7 @@ public class Bill extends GenericEventChild {
* User who should pay this bill.
*/
@ManyToOne(optional = false)
@JoinColumn(updatable = false)
private User user;
private static final Logger logger = LoggerFactory.getLogger(Bill.class);
......
code/LanBortalDatabase/src/fi/insomnia/bortal/model/LanEvent.java
package fi.insomnia.bortal.model;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.List;
......@@ -18,6 +19,7 @@ import javax.persistence.TemporalType;
import org.eclipse.persistence.annotations.OptimisticLocking;
import org.eclipse.persistence.annotations.OptimisticLockingType;
import org.eclipse.persistence.annotations.PrivateOwned;
import fi.insomnia.bortal.enums.EventStatus;
import fi.insomnia.bortal.model.salespoint.Salespoint;
......@@ -96,7 +98,12 @@ public class LanEvent extends GenericEntity {
@OneToMany(mappedBy = "event", cascade = CascadeType.ALL)
private List<Salespoint> salespoints;
@OneToMany(mappedBy = "event", cascade = CascadeType.ALL)
@PrivateOwned
private List<LanEventDomain> domains = new ArrayList<LanEventDomain>();
public LanEvent() {
}
public Calendar getStartTime() {
......@@ -265,4 +272,12 @@ public class LanEvent extends GenericEntity {
this.salespoints = salespoints;
}
public List<LanEventDomain> getDomains() {
return domains;
}
public void setDomains(List<LanEventDomain> domains) {
this.domains = domains;
}
}
code/LanBortalDatabase/src/fi/insomnia/bortal/model/LanEventDomain.java 0 → 100644
package fi.insomnia.bortal.model;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.JoinColumn;
import javax.persistence.Lob;
import javax.persistence.ManyToOne;
import javax.persistence.Table;
import org.eclipse.persistence.annotations.OptimisticLocking;
import org.eclipse.persistence.annotations.OptimisticLockingType;
@Entity
@Table(name = "event_domains")
@OptimisticLocking(type = OptimisticLockingType.CHANGED_COLUMNS)
public class LanEventDomain extends GenericEntity {
public LanEventDomain() {
super();
}
public LanEventDomain(LanEvent e, String dom) {
super();
event = e;
domain = dom;
}
private static final long serialVersionUID = -8050125804595746831L;
@Column(name = "domainname", nullable = false, unique = true)
private String domain;
@Lob
@Column(name = "description")
private String description;
@ManyToOne(optional = false)
@JoinColumn(name = "event_id", nullable = false)
private LanEvent event;
private int overridePriority;
public String getDomain() {
return domain;
}
public void setDomain(String domain) {
this.domain = domain;
}
public String getDescription() {
return description;
}
public void setDescription(String description) {
this.description = description;
}
public LanEvent getEvent() {
return event;
}
public void setEvent(LanEvent event) {
this.event = event;
}
public int getOverridePriority() {
return overridePriority;
}
public void setOverridePriority(int overridePriority) {
this.overridePriority = overridePriority;
}
}
code/LanBortalTerminalWeb/src/fi/insomnia/bortal/terminal/exceptions/BortalTerminalExceptionHandler.java
......@@ -17,8 +17,6 @@ import javax.faces.event.ExceptionQueuedEventContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.PermissionDeniedException;
public class BortalTerminalExceptionHandler extends ExceptionHandlerWrapper {
private static final Logger logger = LoggerFactory
......@@ -57,8 +55,7 @@ public class BortalTerminalExceptionHandler extends ExceptionHandlerWrapper {
logger.debug(
"Cause not null, but {}: {}, checking"
+ cause.getClass(), cause.getMessage());
if (cause instanceof PermissionDeniedException
|| cause instanceof EJBAccessException
if (cause instanceof EJBAccessException
|| cause instanceof AccessLocalException) {
logger.debug("Found Permission Denied cause: {}, {}",
cause.getClass(), cause.getMessage());
......
code/LanBortalUtilities/src/fi/insomnia/bortal/enums/apps/SpecialPermission.java
package fi.insomnia.bortal.enums.apps;
public enum SpecialPermission {
SUPERADMIN, USER, ANONYMOUS;
SUPERADMIN, USER, ANONYMOUS, ORGANISATION_ADMIN;
public static final String S_USER = "USER";
public static final String S_SUPERADMIN = "SUPERADMIN";
public static final String S_ANONYMOUS = "ANONYMOUS";
public static final String S_ORGANISATION_ADMIN = "ORGANISATION_ADMIN";
}
code/LanBortalWeb/WebContent/eventorg/editEvent.xhtml
......@@ -42,6 +42,22 @@
<h:commandButton id="commitbtn" action="#{eventorgView.saveEvent()}" value="#{i18n['event.save']}" />
</h:panelGrid>
</h:form>
<h:form>
<h:inputText value="#{eventorgView.newdomain}" />
<h:commandButton action="#{eventorgView.addDomain()}" />
<h:dataTable var="domain" value="#{eventorgView.eventdomains}">
<h:column>
<f:facet name="header">
<h:outputText value="#{i18n['eventdomain.domainname']}" />
</f:facet>
<h:outputText value="#{domain.domain}" />
</h:column>
<h:column>
<h:commandButton action="#{eventorgView.removeDomain()}" />
</h:column>
</h:dataTable>
</h:form>
</ui:define>
......
code/LanBortalWeb/src/fi/insomnia/bortal/exceptions/BortalExceptionHandler.java
......@@ -17,8 +17,6 @@ import javax.faces.event.ExceptionQueuedEventContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.PermissionDeniedException;
public class BortalExceptionHandler extends ExceptionHandlerWrapper {
private static final Logger logger = LoggerFactory.getLogger(BortalExceptionHandler.class);
......@@ -51,9 +49,8 @@ public class BortalExceptionHandler extends ExceptionHandlerWrapper {
Throwable cause = t.getCause();
for (int loop = 0; loop < 20 && cause != null; ++loop) {
logger.debug("Cause not null, but {}: {}, checking" + cause.getClass(), cause.getMessage());
if (cause instanceof PermissionDeniedException ||
cause instanceof EJBAccessException ||
cause instanceof AccessLocalException) {
if (cause instanceof EJBAccessException ||
cause instanceof AccessLocalException) {
logger.debug("Found Permission Denied cause: {}, {}", cause.getClass(), cause.getMessage());
// errorpage(i, t, "permissionDenied");
......
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n.properties
global.copyright=Verkkopeliyhdistys Insomnia ry
global.productname=Omnia
navi.auth.login=frontpage
navi.auth.loginerror=frontpage
navi.auth.logout=frontpage
pagegroup.auth.login=frontpage
page.index.pagegroup=frontpage
page.auth.login.pagegroup=login
page.auth.loginerror.pagegroup=frontpage
page.auth.logout.pagegroup=login
page.auth.logoutsuccess.pagegroup=frontpage
page.auth.notauthorized.pagegroup=frontpage
page.bill.list.pagegroup=shop
page.viewexpired.pagegroup=frontpage
page.eventorg.list.pagegroup=admin
page.eventorg.edit.pagegroup=admin
page.eventorg.create.pagegroup=admin
page.eventorg.editEvent.pagegroup=admin
page.product.create.pagegroup=admin
page.product.createBill.pagegroup=shop
page.product.edit.pagegroup=admin
page.product.list.pagegroup=admin
product.providedRole=Tuote tarjoaa roolin
product.createDiscount=Lis mralennus
product.saved=Tuote tallennettu
product.returnProductEdit=Palaa tuotteeseen:
page.role.create.pagegroup=admin
page.role.edit.pagegroup=admin
page.role.list.pagegroup=admin
page.place.placemap.pagegroup=placemap
page.place.mygroups.pagegroup=user
page.place.insertToken.pagegroup=user
page.place.edit.pagegroup=admin
page.account.edit.pagegroup=admin
page.user.create.pagegroup=user
page.user.edit.pagegroup=user
page.user.list.pagegroup=user
page.user.editself.pagegroup=user
page.user.mygroups.pagegroup=user
page.admin.sendimage.pagegroup=admin
page.auth.login.loginerror.pagegroup=frontpage
page.auth.login.logout.pagegroup=frontpage
page.permissionDenied.pagegroup=frontpage
page.bill.placemap.pagegroup=placemap
page.bill.listAll.pagegroup=shop
page.bill.edit.pagegroup=shop
page.bill.billSummary.pagegroup=shop
page.account.list.pagegroup=user
page.auth.resetPassword.pagegroup=user
page.shop.readerevents.pagegroup=rfidshop
page.game.start.pagegroup=game
page.game.list.pagegroup=game
page.poll.start.pagegroup=poll
page.poll.answer.pagegroup=poll
page.poll.answered.pagegroup=poll
poll.edit=edit
global.copyright = Verkkopeliyhdistys Insomnia ry
global.productname = Omnia
httpsession.creationTime = Luotu
#Bill number
# Validationmessages
httpsession.id=ID
httpsession.creationTime=Luotu
httpsession.lastAccessedTime=Viimeksi nhty
httpsession.sessionHasExisted=Ollut elossa (s)
httpsession.maxInactiveInterval=Aikakatkaisu (s)
httpsession.isSessionNew=Uusi sessio
httpsession.invalidate=Mitti
httpsession.user=Tunnus
httpsession.invalidateSuccessfull=Sessio onnistuneesti mittity
user.unauthenticated=Kirjautumaton
httpsession.id = ID
httpsession.invalidate = Mit\uFFFDt\uFFFDi
httpsession.invalidateSuccessfull = Sessio onnistuneesti mit\uFFFDt\uFFFDity
httpsession.isSessionNew = Uusi sessio
httpsession.lastAccessedTime = Viimeksi n\uFFFDhty
httpsession.maxInactiveInterval = Aikakatkaisu (s)
httpsession.sessionHasExisted = Ollut elossa (s)
httpsession.user = Tunnus
map.id = #
navi.auth.login = frontpage
navi.auth.loginerror = frontpage
navi.auth.logout = frontpage
page.account.edit.pagegroup = admin
page.account.list.pagegroup = user
page.admin.sendimage.pagegroup = admin
page.auth.login.loginerror.pagegroup = frontpage
page.auth.login.logout.pagegroup = frontpage
page.auth.login.pagegroup = login
page.auth.loginerror.pagegroup = frontpage
page.auth.logout.pagegroup = login
page.auth.logoutsuccess.pagegroup = frontpage
page.auth.notauthorized.pagegroup = frontpage
page.auth.resetPassword.pagegroup = user
page.bill.billSummary.pagegroup = shop
page.bill.edit.pagegroup = shop
page.bill.list.pagegroup = shop
page.bill.listAll.pagegroup = shop
page.bill.placemap.pagegroup = placemap
page.eventorg.create.pagegroup = admin
page.eventorg.edit.pagegroup = admin
page.eventorg.editEvent.pagegroup = admin
page.eventorg.list.pagegroup = admin
page.game.list.pagegroup = game
page.game.start.pagegroup = game
page.index.pagegroup = frontpage
page.permissionDenied.pagegroup = frontpage
page.place.edit.pagegroup = admin
page.place.insertToken.pagegroup = user
page.place.mygroups.pagegroup = user
page.place.placemap.pagegroup = placemap
page.poll.answer.pagegroup = poll
page.poll.answered.pagegroup = poll
page.poll.start.pagegroup = poll
page.product.create.pagegroup = admin
page.product.createBill.pagegroup = shop
page.product.edit.pagegroup = admin
page.product.list.pagegroup = admin
page.role.create.pagegroup = admin
page.role.edit.pagegroup = admin
page.role.list.pagegroup = admin
page.shop.readerevents.pagegroup = rfidshop
page.user.create.pagegroup = user
page.user.edit.pagegroup = user
page.user.editself.pagegroup = user
page.user.list.pagegroup = user
page.user.mygroups.pagegroup = user
page.viewexpired.pagegroup = frontpage
pagegroup.auth.login = frontpage
poll.edit = edit
product.providedRole = Tuote tarjoaa roolin
product.returnProductEdit = Palaa tuotteeseen:
product.saved = Tuote tallennettu
user.unauthenticated = Kirjautumaton
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n_en_ST.properties
#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net)
#Bill number
# Validationmessages
global.infomail=info@streamparty.org
global.webpage=http\u003A//www.streamparty.org
bill.billMarkedPaidMail.message = Your deposit number {0} has been marked as paid.
bill.billMarkedPaidMail.subject = [Streamparty] Your credits have been updated
bill.billMarkedPaidMail.message=Your bill number {0} has been marked as paid.
bill.billMarkedPaidMail.subject=[INSOMNIA] Lasku merkitty maksetuksi
\ No newline at end of file
global.infomail = info@streamparty.org
global.webpage = http://www.streamparty.org
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n_en_ST_v7.properties
#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net)
#Bill number
# Validationmessages
global.eventname=Stream seven
global.eventname = Stream seven
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n_fi_IN.properties
#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net)
#Bill number
# Validationmessages
global.infomail=info@insomnia.fi
global.webpage=http\u003A//www.insomnia.fi
bill.billMarkedPaidMail.message = Laskusi numero {0} on merkitty maksetuksi. Voit nyt siirty\u00E4 lippukauppaan varamaamaan haluamasi paikat. \nTervetuloa tapahtumaan!\n\nTerveisin,\nInsomnia lippupalvelu\nwww.insomnia.fi
bill.billMarkedPaidMail.subject = [INSOMNIA] Lasku merkitty maksetuksi
bill.billMarkedPaidMail.message=Laskusi numero {0} on merkitty maksetuksi. Voit nyt siirty\u2030 lippukauppaan varamaamaan haluamasi paikat. \nTervetuloa tapahtumaan!\n\nTerveisin,\nInsomnia lippupalvelu\nwww.insomnia.fi
bill.billMarkedPaidMail.subject=[INSOMNIA] Lasku merkitty maksetuksi
global.infomail = info@insomnia.fi
global.webpage = http://www.insomnia.fi
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n_fi_IN_XII.properties
#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net)
#Bill number
# Validationmessages
global.eventname=Insomnia XII
global.eventname = Insomnia XII
code/LanBortalWeb/src/fi/insomnia/bortal/resources/i18n_fi_IN_XIII.properties
#Generated by ResourceBundle Editor (http://eclipse-rbe.sourceforge.net)
#Bill number
# Validationmessages
global.eventname=Insomnia XIII
global.eventname = Insomnia XIII
code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PlaceMap.java
......@@ -15,6 +15,8 @@ import java.util.Date;
import java.util.List;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.EJBException;
import javax.imageio.ImageIO;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
......@@ -25,9 +27,10 @@ import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.LoggingBeanLocal;
import fi.insomnia.bortal.beans.PermissionBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceMapBeanLocal;
import fi.insomnia.bortal.beans.SecurityLogType;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.model.EventMap;
import fi.insomnia.bortal.model.Place;
......@@ -49,6 +52,9 @@ public class PlaceMap extends HttpServlet {
@EJB
private transient PermissionBeanLocal permbean;
@EJB
private LoggingBeanLocal loggerbean;
private static final String PARAMETER_EVENT_MAP_ID = "mapid";
/**
......@@ -102,7 +108,7 @@ public class PlaceMap extends HttpServlet {
* out.println("<h1>Servlet PlaceMap at " + request.getContextPath
* () + "</h1>"); out.println("</body>"); out.println("</html>");
*/
} catch (PermissionDeniedException e) {
} catch (EJBException e) {
logger.debug("Permission denied. Returning SC_FORBIDDEN!");
response.setContentType("text/html;charset=UTF-8");
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
......@@ -116,12 +122,15 @@ public class PlaceMap extends HttpServlet {
}
private void printPlaceMapToStream(OutputStream outputStream,
String filetype, EventMap map) throws IOException,
PermissionDeniedException {
permbean.fatalPermission(MapPermission.VIEW,
"User tried to print the placemap to Stream");
String filetype, EventMap map) throws IOException
{
if (!permbean.hasPermission(MapPermission.VIEW))
{
loggerbean.logMessage(SecurityLogType.permissionDenied, permbean.getCurrentUser(),
"User tried to print the placemap to stream without sufficient permissions");
throw new EJBAccessException("Not enough permissions to print placemap");
}
long begin = new Date().getTime();
// List<Place> selectedPlaceList = placeBean.findPlaces(placeIds);
......@@ -251,7 +260,7 @@ public class PlaceMap extends HttpServlet {
} else if (p.isTaken()) {
color = RESERVED_COLOR;
} else if (p.getProduct().getColor() != null) {
try {
color = Color.decode(p.getProduct().getColor());
} catch (NumberFormatException x) {
......
code/LanBortalWeb/src/fi/insomnia/bortal/servlet/PrintBill.java
......@@ -5,6 +5,7 @@ import java.io.IOException;
import javax.ejb.EJB;
import javax.ejb.EJBAccessException;
import javax.ejb.EJBException;
import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
......@@ -13,7 +14,6 @@ import javax.servlet.http.HttpServletResponse;
import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.model.Bill;
/**
......@@ -68,7 +68,7 @@ public class PrintBill extends HttpServlet {
ostream.close();
return;
} catch (EJBAccessException e) {
} catch (PermissionDeniedException e) {
} catch (EJBException e) {
}
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
......
code/LanBortalWeb/src/fi/insomnia/bortal/servlet/UploadServlet.java
......@@ -4,6 +4,7 @@ import java.io.IOException;
import java.io.PrintWriter;
import javax.ejb.EJB;
import javax.ejb.EJBException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
......@@ -18,7 +19,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.EventMapBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.beans.UtilBeanLocal;
import fi.insomnia.bortal.model.UserImage;
......@@ -121,7 +121,7 @@ public class UploadServlet extends HttpServlet {
} catch (FileUploadException e) {
logger.warn("Error uploading image", e);
retmsg = "Tiedoston tallennuksessa tapahtui virhe!";
} catch (PermissionDeniedException e) {
} catch (EJBException e) {
logger.warn("Error uploading image", e);
retmsg = "Tiedoston tallennuksessa tapahtui virhe!";
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/map/MapManageView.java
......@@ -12,7 +12,6 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.EventMapBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceBeanLocal;
import fi.insomnia.bortal.beans.ProductBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
......@@ -110,11 +109,8 @@ public class MapManageView extends GenericCDIView {
public String createMap() {
try {
map = eventmapBean.create(getMapname());
} catch (PermissionDeniedException e) {
logger.info("Permission denied", e);
}
map = eventmapBean.create(getMapname());
return "edit";
}
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/map/MapView.java
......@@ -12,7 +12,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceBeanLocal;
import fi.insomnia.bortal.beans.PlaceMapBeanLocal;
import fi.insomnia.bortal.enums.apps.MapPermission;
......@@ -53,8 +52,15 @@ public class MapView extends GenericCDIView {
return user.getAccountBalance().compareTo(BigDecimal.ZERO) > 0;
}
public BigDecimal getReservationPrice() throws PermissionDeniedException {
return placeBean.totalReservationPrice(user, null);
public BigDecimal getReservationPrice() {
BigDecimal ret = null;
if (permbean.isCurrentUser(user))
ret = placeBean.getTotalReservationPrice(null);
else {
ret = placeBean.getTotalReservationPrice(user, null);
}
return ret;
}
public Long getPlacesLeftToSelect() {
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/map/PlaceView.java
......@@ -14,7 +14,6 @@ import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.apps.MapPermission;
......@@ -57,7 +56,7 @@ public class PlaceView extends GenericCDIView {
return permbean.hasPermission(MapPermission.MANAGE_MAPS);
}
public String buySelectedPlaces() throws PermissionDeniedException {
public String buySelectedPlaces() {
try {
placebean.buySelectedPlaces(user);
return "/place/myGroups";
......@@ -67,8 +66,7 @@ public class PlaceView extends GenericCDIView {
return null;
}
public void placeSelectActionListener(ActionEvent e) throws PermissionDeniedException {
public void placeSelectActionListener(ActionEvent e) {
super.beginConversation();
FacesContext context = FacesContext.getCurrentInstance();
......@@ -95,7 +93,13 @@ public class PlaceView extends GenericCDIView {
} else if (place.isBuyable() && !place.isTaken()) {
BigDecimal balance = permbean.getCurrentUser().getAccountBalance();
BigDecimal price = placebean.totalReservationPrice(user, place);
BigDecimal price = null;
if (permbean.isCurrentUser(user)) {
price = placebean.getTotalReservationPrice(place);
} else {
price = placebean.getTotalReservationPrice(user, place);
}
logger.debug("Balance {}, price {}", balance, price);
if (price.compareTo(balance) <= 0) {
logger.debug("Place was free. Marking for user.");
......@@ -124,7 +128,7 @@ public class PlaceView extends GenericCDIView {
}
public String reserveForUser() throws PermissionDeniedException {
public String reserveForUser() {
try {
User user = userlist.getRowData();
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/map/PlacegroupView.java
......@@ -9,7 +9,6 @@ import javax.faces.model.ListDataModel;
import javax.inject.Inject;
import javax.inject.Named;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceGroupBeanLocal;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.apps.MapPermission;
......@@ -67,7 +66,7 @@ public class PlacegroupView extends GenericCDIView {
return memberlist;
}
public String releasePlace() throws PermissionDeniedException {
public String releasePlace() {
GroupMembership row = memberlist.getRowData();
if (row != null)
{
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/map/TokenView.java
......@@ -5,7 +5,6 @@ import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.inject.Named;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.PlaceGroupBeanLocal;
import fi.insomnia.bortal.enums.apps.MapPermission;
import fi.insomnia.bortal.model.User;
......@@ -27,7 +26,7 @@ public class TokenView extends GenericCDIView {
@EJB
private transient PlaceGroupBeanLocal placegroupbean;
public String saveToken() throws PermissionDeniedException {
public String saveToken() {
super.requirePermissions();
if (!permbean.hasPermission(MapPermission.BUY_PLACES) && !permbean.isCurrentUser(user) && permbean.hasPermission(MapPermission.MANAGE_OTHERS)) {
this.addFaceMessage("permission.denied");
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/menu/MenuView.java
......@@ -14,10 +14,7 @@ import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.MenubeanLocal;
import fi.insomnia.bortal.beans.PermissionBeanLocal;
import fi.insomnia.bortal.beans.SitePageBeanLocal;
import fi.insomnia.bortal.model.MenuNavigation;
import fi.insomnia.bortal.web.cdiview.GenericCDIView;
......@@ -35,14 +32,6 @@ public class MenuView extends GenericCDIView {
@EJB
private MenubeanLocal menubean;
@EJB
private PermissionBeanLocal permbean;
@EJB
private SitePageBeanLocal sitepagebean;
@EJB
private EventBeanLocal eventbean;
private LinkedList<List<JsfMenuitem>> menus;
private HashSet<MenuNavigation> navis;
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/organisation/EventOrgView.java
......@@ -5,6 +5,7 @@ import java.util.List;
import javax.ejb.EJB;
import javax.enterprise.context.ConversationScoped;
import javax.faces.model.ListDataModel;
import javax.inject.Inject;
import javax.inject.Named;
......@@ -12,6 +13,7 @@ import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.EventOrganiserBeanLocal;
import fi.insomnia.bortal.model.EventOrganiser;
import fi.insomnia.bortal.model.LanEvent;
import fi.insomnia.bortal.model.LanEventDomain;
import fi.insomnia.bortal.model.User;
import fi.insomnia.bortal.web.annotations.LoggedIn;
import fi.insomnia.bortal.web.cdiview.GenericCDIView;
......@@ -41,13 +43,28 @@ public class EventOrgView extends GenericCDIView {
private Integer eventid;
private LanEvent event;
private String newdomain;
private ListDataModel<LanEventDomain> eventdomains;
public void initCreate()
{
if (super.requirePermissions(user.isSuperadmin()))
{
if (super.requirePermissions(user.isSuperadmin())) {
super.beginConversation();
}
}
public String removeDomain()
{
event.getDomains().remove(eventdomains.getRowData());
setEvent(eventbean.mergeChanges(event));
return null;
}
public String addDomain() {
getEvent().getDomains().add(new LanEventDomain(getEvent(), newdomain));
setEvent(eventbean.mergeChanges(getEvent()));
return null;
}
public void initEdit() {
......@@ -165,8 +182,17 @@ public class EventOrgView extends GenericCDIView {
return event;
}
public String getNewdomain() {
return newdomain;
}
public void setNewdomain(String newdomain) {
this.newdomain = newdomain;
}
public void setEvent(LanEvent event) {
this.event = event;
eventdomains = new ListDataModel<LanEventDomain>(event.getDomains());
}
}
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/shop/BillEditView.java
......@@ -5,7 +5,6 @@ import javax.enterprise.context.ConversationScoped;
import javax.inject.Named;
import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.model.Bill;
import fi.insomnia.bortal.web.cdiview.GenericCDIView;
......@@ -25,7 +24,7 @@ public class BillEditView extends GenericCDIView {
@EJB
private transient BillBeanLocal billbean;
public void initView() throws PermissionDeniedException {
public void initView() {
if (this.requirePermissions(permbean.isLoggedIn())) {
if (billid <= 0 && bill != null) {
this.addFaceMessage("billedit.billnotfound");
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/shop/ProductShopView.java
......@@ -14,7 +14,6 @@ import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.BillBeanLocal;
import fi.insomnia.bortal.beans.EventBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.ProductBeanLocal;
import fi.insomnia.bortal.enums.apps.ShopPermission;
import fi.insomnia.bortal.model.Bill;
......@@ -76,25 +75,20 @@ public class ProductShopView extends GenericCDIView {
Iterator<ProductShopItem> cartIter = shoppingcart.iterator();
try {
Bill bill = new Bill(eventbean.getCurrentEvent(), user);
bill.setOurReference(eventbean.getCurrentEvent().getName());
Bill bill = new Bill(eventbean.getCurrentEvent(), user);
bill.setOurReference(eventbean.getCurrentEvent().getName());
while (cartIter.hasNext()) {
ProductShopItem shopitem = cartIter.next();
if (shopitem.getCount().compareTo(BigDecimal.ZERO) > 0) {
while (cartIter.hasNext()) {
ProductShopItem shopitem = cartIter.next();
if (shopitem.getCount().compareTo(BigDecimal.ZERO) > 0) {
bill.addProduct(shopitem.getProduct(), shopitem.getCount());
bill.addProduct(shopitem.getProduct(), shopitem.getCount());
}
}
billbean.createBill(bill);
addFaceMessage("productshop.billCreated");
} catch (PermissionDeniedException e) {
logger.info("Error committing bill cart", e);
addFaceMessage("productshop.errorCreatingBill");
return "failure";
}
billbean.createBill(bill);
addFaceMessage("productshop.billCreated");
return "/bill/list";
}
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/user/PasswordView.java
......@@ -5,7 +5,6 @@ import javax.enterprise.context.ConversationScoped;
import javax.inject.Inject;
import javax.inject.Named;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.model.User;
......@@ -35,11 +34,7 @@ public class PasswordView extends GenericCDIView {
if (permbean.isCurrentUser(user) || permbean.hasPermission(UserPermission.MODIFY)) {
if (password != null && password.equals(passwordcheck)) {
user.resetPassword(password);
try {
user = userbean.mergeChanges(user);
} catch (PermissionDeniedException e) {
return "permissionDenied";
}
user = userbean.mergeChanges(user);
} else {
super.addFaceMessage("userview.passwordsDontMatch");
return null;
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/cdiview/user/UserView.java
......@@ -15,7 +15,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.CardTemplateBeanLocal;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.enums.apps.UserPermission;
import fi.insomnia.bortal.model.PrintedCard;
......@@ -98,14 +97,10 @@ public class UserView extends GenericCDIView {
public String makeCard()
{
try {
PrintedCard card = cardBean.checkPrintedCard(user);
if (card != null)
{
user = card.getUser();
}
} catch (PermissionDeniedException e) {
logger.info("Error printing card {}", e);
PrintedCard card = cardBean.checkPrintedCard(user);
if (card != null)
{
user = card.getUser();
}
return null;
......@@ -113,12 +108,8 @@ public class UserView extends GenericCDIView {
public String sendImage() {
try {
UserImage userimage = userbean.uploadImage(user, getImage().getContentType(), getImage().getContents(), getImage().getFileName(), "");
user = userimage.getUser();
} catch (PermissionDeniedException e) {
super.addFaceMessage("user.imageUploadFailed");
}
UserImage userimage = userbean.uploadImage(user, getImage().getContentType(), getImage().getContents(), getImage().getFileName(), "");
user = userimage.getUser();
super.addFaceMessage("user.imageUploaded");
return null;
......@@ -156,12 +147,7 @@ public class UserView extends GenericCDIView {
public String saveUser() {
if (permbean.getCurrentUser().equals(user) || permbean.hasPermission(UserPermission.MODIFY)) {
this.addFaceMessage("user.successfullySaved");
try {
user = userbean.mergeChanges(user);
} catch (PermissionDeniedException e) {
logger.warn("Permission denied", e);
this.requirePermissions(false);
}
user = userbean.mergeChanges(user);
} else {
this.addFaceMessage("user.saveFailed");
......
code/LanBortalWeb/src/fi/insomnia/bortal/web/converter/UserImageConverter.java
......@@ -10,7 +10,6 @@ import javax.inject.Named;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import fi.insomnia.bortal.beans.PermissionDeniedException;
import fi.insomnia.bortal.beans.UserBeanLocal;
import fi.insomnia.bortal.model.UserImage;
......@@ -34,12 +33,8 @@ public class UserImageConverter implements Converter {
}
int id = Integer.parseInt(value);
UserImage ret;
try {
ret = userbean.findUserImage(id);
} catch (PermissionDeniedException e) {
logger.debug("Permission denied!", e);
ret = null;
}
ret = userbean.findUserImage(id);
return ret;
}
......
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!