package de.uhilger.um.api; import de.uhilger.baselink.GenericRecord; import de.uhilger.baselink.PersistenceManager; import de.uhilger.baselink.Record; import de.uhilger.um.App; import de.uhilger.um.daten.User; import de.uhilger.um.daten.UserRole; import java.sql.Connection; import java.util.List; import org.apache.catalina.realm.RealmBase; /** * Klasse zur Verwaltung von Benutzern und Rollen * in einer Datenbank * * Das SQL findet sich in WEB-INF/sql.properties * * @author Ulrich Hilger */ public class UserMgr { private static final String MD5 = "MD5"; private static final Record UserMapper = new GenericRecord(User.class); private static final Record UserRoleMapper = new GenericRecord(UserRole.class); public static final String SQL_GET_USER_LIST = "getUserList"; public static final String SQL_GET_USER_NAME_LIST = "getUserNameList"; public static final String SQL_GET_ROLE_LIST = "getRoleList"; public static final String SQL_GET_USER_ROLES = "getUserRoles"; public static final String SQL_DELETE_USER = "deleteUser"; public static final String SQL_DELETE_USER_ROLES = "deleteUserRoles"; /* ----------- Benutzer -------------- */ public User createUser(User user) { String kw = user.getPw(); String digestedPw = RealmBase.Digest(kw, MD5, null); user.setPw(digestedPw); App.getDatabase().insert(user, UserMapper); return user; } public List getUserNameList() { String sql = App.getSqlStatement(SQL_GET_USER_NAME_LIST); List userNames = App.getDatabase().select(sql, App.WITHOUT_BLOBS); return userNames; } public User deleteUser(User user) { PersistenceManager pm = App.getDatabase(); Connection c = pm.getConnection(); pm.startTransaction(c); String sql = App.getSqlStatement(SQL_DELETE_USER_ROLES); pm.execute(c, sql, user.getId()); User deletedUser = (User) pm.delete(c, user, UserMapper); pm.commit(c); return deletedUser; } /* ------------ Rollen ------------------ */ public UserRole grantRole(String userId, String roleName) { UserRole ur = new UserRole(); ur.setRole(roleName); ur.setUser(userId); App.getDatabase().insert(ur, UserRoleMapper); return ur; } public UserRole revokeRole(String userId, String roleName) { UserRole ur = new UserRole(); ur.setRole(roleName); ur.setUser(userId); App.getDatabase().delete(ur, UserRoleMapper); return ur; } public List getRoleNamesGranted() { String sql = App.getSqlStatement(SQL_GET_ROLE_LIST); List roleNames = App.getDatabase().select(sql, App.WITHOUT_BLOBS); return roleNames; } public List getUserRoleNames(String userId) { String sql = App.getSqlStatement(SQL_GET_USER_ROLES); List roleNames = App.getDatabase().select(sql, App.WITHOUT_BLOBS, userId); return roleNames; } }