ManageRoleUsersAction.java

/*
 * Copyright 2007 Zhang, Zheng <oldbig@gmail.com>
 * 
 * This file is part of ZOJ.
 * 
 * ZOJ is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation; either revision 3 of the License, or (at your option) any later revision.
 * 
 * ZOJ is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with ZOJ. if not, see
 * <http://www.gnu.org/licenses/>.
 */

package cn.edu.zju.acm.onlinejudge.action;

import java.io.BufferedReader;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;

import cn.edu.zju.acm.onlinejudge.persistence.AuthorizationPersistence;
import cn.edu.zju.acm.onlinejudge.security.RoleSecurity;
import cn.edu.zju.acm.onlinejudge.util.PersistenceManager;
import cn.edu.zju.acm.onlinejudge.util.Utility;

/**
 * <p>
 * Edit Role Action.
 * </p>
 * 
 * 
 * @author Zhang, Zheng
 * @version 2.0
 */
public class ManageRoleUsersAction extends BaseAction {

    /**
     * <p>
     * Default constructor.
     * </p>
     */
    public ManageRoleUsersAction() {
    // empty
    }

    /**
     * Edit Role.
     * 
     * <pre>
     * </pre>
     * 
     * @param mapping
     *            action mapping
     * @param form
     *            action form
     * @param request
     *            http servlet request
     * @param response
     *            http servlet response
     * 
     * @return action forward instance
     * 
     * @throws Exception
     *             any errors happened
     */
    @Override
    public ActionForward execute(ActionMapping mapping, ActionForm form, ContextAdapter context) throws Exception {

        // check admin
        ActionForward forward = this.checkAdmin(mapping, context);
        if (forward != null) {
            return forward;
        }
        long roleId = Utility.parseLong(context.getRequest().getParameter("roleId"));
        RoleSecurity role = null;
        AuthorizationPersistence authorizationPersistence =
                PersistenceManager.getInstance().getAuthorizationPersistence();
        if (roleId >= 0) {
            role = authorizationPersistence.getRole(roleId);
        }
        if (role == null) {
            return this.handleSuccess(mapping, context, "failure");
        }
        context.setAttribute("importMessage", "");
        context.setAttribute("role", role);
        String users = context.getRequest().getParameter("users");
        if (users == null || users.trim().length() == 0) {
            return this.handleSuccess(mapping, context, "success");
        }
        List<String> userList = new ArrayList<String>();
        BufferedReader reader = new BufferedReader(new StringReader(users));
        for (;;) {
            String line = reader.readLine();
            if (line == null) {
                break;
            }
            if (line.trim().length() > 0) {
                userList.add(line.trim());
            }
        }

        String operation = context.getRequest().getParameter("operation");
        if ("remove".equalsIgnoreCase(operation)) {
            // TODO NOT SAFE HERE, Sql injection is possible.
            Map<String, Boolean> result = authorizationPersistence.removeRoleUsers(userList, roleId);
            String message = this.generateResult(userList, result, true);
            context.setAttribute("importMessage", message);
        } else if ("add".equalsIgnoreCase(operation)) {
            // TODO NOT SAFE HERE, Sql injection is possible.
            Map<String, Boolean> result = authorizationPersistence.addRoleUsers(userList, roleId);
            String message = this.generateResult(userList, result, false);
            context.setAttribute("importMessage", message);
        }

        return this.handleSuccess(mapping, context, "success");

    }

    private String generateResult(List<String> userList, Map<String, Boolean> results, boolean remove) {
        List<String> nonexistingUsers = new ArrayList<String>();
        List<String> notUpdatedUsers = new ArrayList<String>();
        for (String user : userList) {
            Boolean result = results.get(user);
            if (result == null) {
                nonexistingUsers.add(user);
            } else if (!result) {
                notUpdatedUsers.add(user);
            }

        }
        StringBuilder sb = new StringBuilder();
        if (nonexistingUsers.size() != 0) {
            sb.append("<font color='red'>Invalid Users: " + nonexistingUsers.size() + "</font><br>\n");
        }
        if (notUpdatedUsers.size() != 0) {
            sb.append("<font color='green'>Not Updated Users: " + notUpdatedUsers.size() + "</font><br>\n");
        }
        sb.append("<font color='green'>Updated Users: " +
            (userList.size() - notUpdatedUsers.size() - nonexistingUsers.size()) + "</font><br>\n");

        if (nonexistingUsers.size() != 0) {
            sb.append("<br>\n");
            sb.append("<font color='red'><b>Following handles are invalid:</b></font><br>\n");
            for (String user : nonexistingUsers) {
                sb.append(user + "<br>\n");
            }

        }

        if (notUpdatedUsers.size() != 0) {
            sb.append("<br>\n");
            if (remove) {
                sb.append("<font color='green'><b>Following users don't belong to this role:</b></font><br>\n");
            } else {
                sb.append("<font color='green'><b>Following users already belong to this role:</b></font><br>\n");
            }
            for (String user : notUpdatedUsers) {
                sb.append(user + "<br>\n");
            }
        }

        return sb.toString();
    }
}