diff --git a/lib/WebGUI/Operation.pm b/lib/WebGUI/Operation.pm index c664436de..4c102fb75 100644 --- a/lib/WebGUI/Operation.pm +++ b/lib/WebGUI/Operation.pm @@ -194,6 +194,9 @@ sub getOperations { 'setPersonalStyle' => 'Style', 'unsetPersonalStyle' => 'Style', + 'ajaxCreateUser' => 'User', + 'ajaxDeleteUser' => 'User', + 'ajaxUpdateUser' => 'User', 'becomeUser' => 'User', 'deleteUser' => 'User', 'editUser' => 'User', diff --git a/lib/WebGUI/Operation/User.pm b/lib/WebGUI/Operation/User.pm index 5d2d94eef..b89119bf4 100644 --- a/lib/WebGUI/Operation/User.pm +++ b/lib/WebGUI/Operation/User.pm @@ -25,6 +25,8 @@ use WebGUI::SQL; use WebGUI::TabForm; use WebGUI::User; use WebGUI::Utility; +use JSON; +use XML::Simple; =head1 NAME @@ -136,7 +138,7 @@ sub canUseService { my ( $session ) = @_; my $subnets = $session->config->get('serviceSubnets'); return 1 if !$subnets || !@{$subnets}; - return 1 if WebGUI::Utility::isInSubnet( $session->getIp, $subnets ); + return 1 if WebGUI::Utility::isInSubnet( $session->env->getIp, $subnets ); return 0; # Don't go away mad, just go away } @@ -157,6 +159,27 @@ sub canView { #------------------------------------------------------------------- +=head2 createServiceResponse ( format, data ) + +Create a string with the correct C from the given C. + +Possible formats are "json" and "xml". + +=cut + +sub createServiceResponse { + my ( $format, $data ) = @_; + + if ( lc $format eq "xml" ) { + return XML::Simple::XMLout($data, NoAttr => 1, RootName => "response" ); + } + else { + return JSON->new->encode($data); + } +} + +#------------------------------------------------------------------- + =head2 doUserSearch ( session, op, returnPaginator, userFilter ) Subroutine that actually performs the SQL search for users. @@ -339,22 +362,21 @@ sub www_ajaxCreateUser { ### Verify data # User data is in form - my %user = ( + my %userParam = ( map { $_ => $session->form->get($_) } - grep { !/^auth:/ } - $session->form->get + grep { !/^auth:/ && $_ ne "op" } + ( $session->form->param ) ); # Auth data is auth:: in form - my %auth = (); - for my $formParam ( grep { /^auth:([^:]+):(.+)$/ } $session->form->get ) { - my $authMethod = $1; - my $property = $2; - $auth{$authMethod}{$property} = $session->form->get($formParam); + my %authParam = (); + for my $formParam ( grep { /^auth:[^:]+:.+$/ } $session->form->get ) { + my ( $authMethod, $property ) = $formParam =~ /^auth:([^:]+):(.+)$/; + $authParam{$authMethod}{$property} = $session->form->get($formParam); } - + # User must have a username - if ( !$user{username} ) { + if ( !$userParam{username} ) { return createServiceResponse( $outputFormat, { error => "WebGUI::Error::InvalidParam", param => "username", @@ -362,11 +384,26 @@ sub www_ajaxCreateUser { } ); } - # Create user - - # Send new user's data - + ### Create user + my $user = WebGUI::User->create( $session ); + $user->update( \%userParam ); + for my $authMethod ( keys %authParam ) { + my $auth = WebGUI::Operation::Auth::getInstance($session,$authMethod,$user->getId); + # XXX Special handling for WebGUI passwords. This should be removed when + # Auth is fixed in WebGUI 8 + if ( $authMethod eq 'WebGUI' && exists $authParam{$authMethod}{identifier} ) { + $authParam{$authMethod}{identifier} + = $auth->hashPassword( $authParam{$authMethod}{identifier} ); + } + + $auth->saveParams( $user->getId, $auth->authMethod, $authParam{$authMethod} ); + } + + ### Send new user's data + return createServiceResponse( $outputFormat, { + user => $user->get, + } ); } #------------------------------------------------------------------- @@ -380,7 +417,53 @@ Delete a user using a web service. sub www_ajaxDeleteUser { my ( $session ) = @_; + ### Get desired output format first (for future error messages) + my $outputFormat = "json"; + my $mimeType = "application/json"; + # Allow XML + if ( lc $session->form->get('as') eq "xml" ) { + $outputFormat = "xml"; + $mimeType = "application/xml"; + } + + $session->http->setMimeType( $mimeType ); + + # Verify access + if ( !canEdit($session) || !canUseService($session) ) { + # We need an automatic way to send a request for an http basic auth + $session->http->setStatus(401,'Unauthorized'); + return createServiceResponse( $outputFormat, { + error => "WebGUI::Error::Unauthorized", + message => "", + } ); + } + + # Verify data + my $userId = $session->form->get('userId'); + if ( !$userId ) { + return createServiceResponse( $outputFormat, { + error => "WebGUI::Error::InvalidParam", + param => "userId", + message => "", + } ); + } + elsif ( $userId eq "1" || $userId eq "3" ) { + $session->http->setStatus(403,"Forbidden"); + return createServiceResponse( $outputFormat, { + error => 'WebGUI::Error::InvalidParam', + param => 'userId', + message => 'Cannot delete system user', + } ); + } + + ### Delete user + my $user = WebGUI::User->new( $session, $userId ); + $user->delete; + + return createServiceResponse( $outputFormat, { + message => 'User deleted', + } ); } #------------------------------------------------------------------- @@ -394,7 +477,72 @@ Update a user using a web service. sub www_ajaxUpdateUser { my ( $session ) = @_; + ### Get desired output format first (for future error messages) + my $outputFormat = "json"; + my $mimeType = "application/json"; + # Allow XML + if ( lc $session->form->get('as') eq "xml" ) { + $outputFormat = "xml"; + $mimeType = "application/xml"; + } + + $session->http->setMimeType( $mimeType ); + + # Verify access + if ( !canEdit($session) || !canUseService($session) ) { + # We need an automatic way to send a request for an http basic auth + $session->http->setStatus(401,'Unauthorized'); + return createServiceResponse( $outputFormat, { + error => "WebGUI::Error::Unauthorized", + message => "", + } ); + } + + ### Verify data + # User data is in form + my %userParam = ( + map { $_ => $session->form->get($_) } + grep { !/^auth:/ && $_ ne "op" } + ( $session->form->param ) + ); + + # Auth data is auth:: in form + my %authParam = (); + for my $formParam ( grep { /^auth:[^:]+:.+$/ } $session->form->param ) { + my ( $authMethod, $property ) = $formParam =~ /^auth:([^:]+):(.+)$/; + $authParam{$authMethod}{$property} = $session->form->get($formParam); + } + + # User must have a userId + if ( !$userParam{userId} ) { + return createServiceResponse( $outputFormat, { + error => "WebGUI::Error::InvalidParam", + param => "userId", + message => "", + } ); + } + + ### Update user + my $user = WebGUI::User->new( $session, delete $userParam{userId} ); + $user->update( \%userParam ); + for my $authMethod ( keys %authParam ) { + my $auth = WebGUI::Operation::Auth::getInstance($session,$authMethod,$user->getId); + + # XXX Special handling for WebGUI passwords. This should be removed when + # Auth is fixed in WebGUI 8 + if ( $authMethod eq 'WebGUI' && exists $authParam{$authMethod}{identifier} ) { + $authParam{$authMethod}{identifier} + = $auth->hashPassword( $authParam{$authMethod}{identifier} ); + } + + $auth->saveParams( $user->getId, $auth->authMethod, $authParam{$authMethod} ); + } + + ### Send user's data + return createServiceResponse( $outputFormat, { + user => $user->get, + } ); } >>>>>>> added services to create, update, and delete users:lib/WebGUI/Operation/User.pm