Coverage Report

Coverage Report - org.kuali.rice.kns.web.struts.action.BackdoorAction

Classes in this File

Line Coverage

Branch Coverage

Complexity

BackdoorAction

0/49

0/12

1.727

 /*
  * Copyright 2005-2007 The Kuali Foundation
  *
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kns.web.struts.action;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
 import org.kuali.rice.kew.util.KEWConstants;
 import org.kuali.rice.kew.web.session.UserSession;
 import org.kuali.rice.kim.bo.impl.KimAttributes;
 import org.kuali.rice.kim.bo.types.dto.AttributeSet;
 import org.kuali.rice.kim.service.KIMServiceLocator;
 import org.kuali.rice.kim.util.KimConstants;
 import org.kuali.rice.kns.service.KNSServiceLocator;
 import org.kuali.rice.kns.util.GlobalVariables;
 import org.kuali.rice.kns.util.KNSConstants;
 import org.kuali.rice.kns.web.struts.form.BackdoorForm;
 
 
 /**
  * A Struts Action which permits a user to execute a backdoor login to masquerade
  * as another user.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class BackdoorAction extends KualiAction {
 
     private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
 
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm form,
             HttpServletRequest request, HttpServletResponse response)
             throws Exception {
         this.initForm(request, form);
         return super.execute(mapping, form, request, response);
     }
 
     public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("menu");
         return mapping.findForward("basic");
     }
 
     @Override
     public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
             return portal(mapping, form, request, response);
     }
     
     public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("start");
         return portal(mapping, form, request, response);
     }
 
     public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
             LOG.debug("portal started");
             return mapping.findForward("viewPortal");
     }
 
     public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("administration");
         return mapping.findForward("administration");
     }
 
     public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("logout");
         
         String forward = "viewPortal";
         UserSession uSession = getUserSession(request);
         
         if (uSession.isBackdoorInUse()) {
             uSession.clearBackdoor();
             setFormGroupPermission((BackdoorForm)form, request);
             //request.setAttribute("reloadPage","true");
             
             org.kuali.rice.kns.UserSession KnsUserSession;
             KnsUserSession = GlobalVariables.getUserSession();
             KnsUserSession.clearBackdoorUser();
         }
         else {
             forward = "logout";
         }
         
         return mapping.findForward(forward);
     }
 
     public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("login");
         UserSession uSession = getUserSession(request);
         BackdoorForm backdoorForm = (BackdoorForm) form;
 
         //if backdoor Id is empty or equal to currently logged in user, clear backdoor id
         if (uSession.isBackdoorInUse() &&
                 (StringUtils.isEmpty(backdoorForm.getBackdoorId())
                 || uSession.getActualPrincipal().getPrincipalName().equals(backdoorForm.getBackdoorId()))) {
             return logout(mapping, form, request, response);
         }
         
         if (!uSession.establishBackdoorWithPrincipalName(backdoorForm.getBackdoorId())) {
             request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
             return mapping.findForward("portal");
         }
         
         uSession.getAuthentications().clear();
         setFormGroupPermission(backdoorForm, request);
         
         return mapping.findForward("portal");
     }
 
     private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
             // based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
             // split this single action up and I can't pass the methodToCall to the permission check
             AttributeSet permissionDetails = new AttributeSet();
             permissionDetails.put(KimAttributes.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
             permissionDetails.put(KimAttributes.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
             boolean isAdmin = KIMServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KNSConstants.KNS_NAMESPACE,        KimConstants.PermissionTemplateNames.USE_SCREEN, permissionDetails, new AttributeSet());
         backdoorForm.setIsAdmin(isAdmin);
     }
 
     public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
             BackdoorForm backdoorForm = (BackdoorForm) form;
 
             Boolean showBackdoorLogin = KNSServiceLocator.getParameterService().getIndicatorParameter(KEWConstants.KEW_NAMESPACE, KNSConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
         backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
         setFormGroupPermission(backdoorForm, request);
         if (backdoorForm.getGraphic() != null) {
                 request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
         }
     }
 
     public static UserSession getUserSession(HttpServletRequest request) {
         return UserSession.getAuthenticatedUser();
     }
 }

1		/*
2		* Copyright 2005-2007 The Kuali Foundation
3		*
4		*
5		* Licensed under the Educational Community License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.opensource.org/licenses/ecl2.php
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		package org.kuali.rice.kns.web.struts.action;
18
19		import javax.servlet.http.HttpServletRequest;
20		import javax.servlet.http.HttpServletResponse;
21
22		import org.apache.commons.lang.StringUtils;
23		import org.apache.struts.action.ActionForm;
24		import org.apache.struts.action.ActionForward;
25		import org.apache.struts.action.ActionMapping;
26		import org.kuali.rice.kew.util.KEWConstants;
27		import org.kuali.rice.kew.web.session.UserSession;
28		import org.kuali.rice.kim.bo.impl.KimAttributes;
29		import org.kuali.rice.kim.bo.types.dto.AttributeSet;
30		import org.kuali.rice.kim.service.KIMServiceLocator;
31		import org.kuali.rice.kim.util.KimConstants;
32		import org.kuali.rice.kns.service.KNSServiceLocator;
33		import org.kuali.rice.kns.util.GlobalVariables;
34		import org.kuali.rice.kns.util.KNSConstants;
35		import org.kuali.rice.kns.web.struts.form.BackdoorForm;
36
37
38		/**
39		* A Struts Action which permits a user to execute a backdoor login to masquerade
40		* as another user.
41		*
42		* @author Kuali Rice Team (rice.collab@kuali.org)
43		*/
44	0	public class BackdoorAction extends KualiAction {
45
46	0	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
47
48		@Override
49		public ActionForward execute(ActionMapping mapping, ActionForm form,
50		HttpServletRequest request, HttpServletResponse response)
51		throws Exception {
52	0	this.initForm(request, form);
53	0	return super.execute(mapping, form, request, response);
54		}
55
56		public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
57	0	LOG.debug("menu");
58	0	return mapping.findForward("basic");
59		}
60
61		@Override
62		public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
63	0	return portal(mapping, form, request, response);
64		}
65
66		public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
67	0	LOG.debug("start");
68	0	return portal(mapping, form, request, response);
69		}
70
71		public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
72	0	LOG.debug("portal started");
73	0	return mapping.findForward("viewPortal");
74		}
75
76		public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
77	0	LOG.debug("administration");
78	0	return mapping.findForward("administration");
79		}
80
81		public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
82	0	LOG.debug("logout");
83
84	0	String forward = "viewPortal";
85	0	UserSession uSession = getUserSession(request);
86
87	0	if (uSession.isBackdoorInUse()) {
88	0	uSession.clearBackdoor();
89	0	setFormGroupPermission((BackdoorForm)form, request);
90		//request.setAttribute("reloadPage","true");
91
92		org.kuali.rice.kns.UserSession KnsUserSession;
93	0	KnsUserSession = GlobalVariables.getUserSession();
94	0	KnsUserSession.clearBackdoorUser();
95	0	}
96		else {
97	0	forward = "logout";
98		}
99
100	0	return mapping.findForward(forward);
101		}
102
103		public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
104	0	LOG.debug("login");
105	0	UserSession uSession = getUserSession(request);
106	0	BackdoorForm backdoorForm = (BackdoorForm) form;
107
108		//if backdoor Id is empty or equal to currently logged in user, clear backdoor id
109	0	if (uSession.isBackdoorInUse() &&
110		(StringUtils.isEmpty(backdoorForm.getBackdoorId())
111		\|\| uSession.getActualPrincipal().getPrincipalName().equals(backdoorForm.getBackdoorId()))) {
112	0	return logout(mapping, form, request, response);
113		}
114
115	0	if (!uSession.establishBackdoorWithPrincipalName(backdoorForm.getBackdoorId())) {
116	0	request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
117	0	return mapping.findForward("portal");
118		}
119
120	0	uSession.getAuthentications().clear();
121	0	setFormGroupPermission(backdoorForm, request);
122
123	0	return mapping.findForward("portal");
124		}
125
126		private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
127		// based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
128		// split this single action up and I can't pass the methodToCall to the permission check
129	0	AttributeSet permissionDetails = new AttributeSet();
130	0	permissionDetails.put(KimAttributes.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
131	0	permissionDetails.put(KimAttributes.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
132	0	boolean isAdmin = KIMServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KNSConstants.KNS_NAMESPACE, KimConstants.PermissionTemplateNames.USE_SCREEN, permissionDetails, new AttributeSet());
133	0	backdoorForm.setIsAdmin(isAdmin);
134	0	}
135
136		public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
137	0	BackdoorForm backdoorForm = (BackdoorForm) form;
138
139	0	Boolean showBackdoorLogin = KNSServiceLocator.getParameterService().getIndicatorParameter(KEWConstants.KEW_NAMESPACE, KNSConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
140	0	backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
141	0	setFormGroupPermission(backdoorForm, request);
142	0	if (backdoorForm.getGraphic() != null) {
143	0	request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
144		}
145	0	}
146
147		public static UserSession getUserSession(HttpServletRequest request) {
148	0	return UserSession.getAuthenticatedUser();
149		}
150		}