From dbd3e42466300200fe1eb1c187ea1894cc063cb6 Mon Sep 17 00:00:00 2001
From: jotty <jottyfan@gmx.de>
Date: Tue, 24 Sep 2019 18:18:27 +0200
Subject: [PATCH] multi user

---
 build.gradle                                  |  2 +-
 .../timetrack/modules/JooqGateway.java        | 17 ++++--
 .../timetrack/modules/SessionBean.java        | 20 ++++++-
 .../timetrack/modules/SessionControl.java     | 54 +++++++++++++++++++
 .../timetrack/modules/SessionGateway.java     | 47 ++++++++++++++--
 .../timetrack/modules/SessionModel.java       | 10 ++++
 src/main/webapp/pages/start.xhtml             | 46 +++++++++++-----
 7 files changed, 175 insertions(+), 21 deletions(-)

diff --git a/build.gradle b/build.gradle
index 4a8d2c2..7a6668c 100644
--- a/build.gradle
+++ b/build.gradle
@@ -22,7 +22,7 @@ apply plugin: 'eclipse'
 apply plugin: 'nu.studer.jooq'
 
 group = 'jottyfan'
-version = '1.0.7'
+version = '1.0.8'
 
 description = """timetrack"""
 
diff --git a/src/main/java/de/jottyfan/timetrack/modules/JooqGateway.java b/src/main/java/de/jottyfan/timetrack/modules/JooqGateway.java
index 843dec1..5364dba 100644
--- a/src/main/java/de/jottyfan/timetrack/modules/JooqGateway.java
+++ b/src/main/java/de/jottyfan/timetrack/modules/JooqGateway.java
@@ -2,6 +2,8 @@ package de.jottyfan.timetrack.modules;
 
 import java.sql.SQLException;
 
+import javax.faces.application.FacesMessage;
+
 import org.jooq.DSLContext;
 import org.jooq.TableLike;
 
@@ -22,11 +24,20 @@ public class JooqGateway {
 	public DSLContext getJooq() throws ClassNotFoundException, SQLException {
 		return (DSLContext) facesContext.getJooq();
 	}
+	
+	public void addToSessionMap(String key, Object value) {
+		facesContext.getExternalContext().getSessionMap().put(key, value);
+	}
 
 	public Integer getFkLogin() {
-		// TODO: make a login, add the profile id to the session and read it here from
-		// facesContext
-		return 1;
+		SessionBean bean = (SessionBean) facesContext.getExternalContext().getSessionMap().get("sessionBean");
+		if (bean == null) {
+			facesContext.addMessage(null, new FacesMessage(FacesMessage.SEVERITY_ERROR, "schwerer Anwendungsfehler",
+					"no sessionBean found in session, therefore, set fkLogin to 1"));
+			bean = new SessionBean();
+			bean.setLogin(1);
+		}
+		return bean.getLogin();
 	}
 
 	/**
diff --git a/src/main/java/de/jottyfan/timetrack/modules/SessionBean.java b/src/main/java/de/jottyfan/timetrack/modules/SessionBean.java
index 2d53047..7860baa 100644
--- a/src/main/java/de/jottyfan/timetrack/modules/SessionBean.java
+++ b/src/main/java/de/jottyfan/timetrack/modules/SessionBean.java
@@ -1,6 +1,8 @@
 package de.jottyfan.timetrack.modules;
 
 import java.io.Serializable;
+import java.util.HashSet;
+import java.util.Set;
 
 import javax.enterprise.context.SessionScoped;
 import javax.inject.Named;
@@ -17,12 +19,17 @@ import org.jasypt.util.password.StrongPasswordEncryptor;
 public class SessionBean implements Serializable {
 	private static final long serialVersionUID = 1L;
 
+	private Set<String> privileges;
 	private Integer login;
 	private String username;
 	private String secret;
 	private String forename;
 	private String surname;
 
+	public SessionBean() {
+		this.privileges = new HashSet<>();
+	}
+
 	public Boolean getHasLogin() {
 		return login != null;
 	}
@@ -39,6 +46,10 @@ public class SessionBean implements Serializable {
 		this.login = login;
 	}
 
+	public Boolean hasPrivilege(String privilege) {
+		return privileges.contains(privilege);
+	}
+
 	public String getSecret() {
 		StrongPasswordEncryptor spe = new StrongPasswordEncryptor();
 		return spe.encryptPassword(secret);
@@ -48,7 +59,7 @@ public class SessionBean implements Serializable {
 		StrongPasswordEncryptor spe = new StrongPasswordEncryptor();
 		return spe.checkPassword(secret, encrypted);
 	}
-	
+
 	public void setSecret(String secret) {
 		this.secret = secret;
 	}
@@ -76,4 +87,11 @@ public class SessionBean implements Serializable {
 	public void setUsername(String username) {
 		this.username = username;
 	}
+
+	/**
+	 * @return the privileges
+	 */
+	public Set<String> getPrivileges() {
+		return privileges;
+	}
 }
diff --git a/src/main/java/de/jottyfan/timetrack/modules/SessionControl.java b/src/main/java/de/jottyfan/timetrack/modules/SessionControl.java
index c6a28ad..5eee78f 100644
--- a/src/main/java/de/jottyfan/timetrack/modules/SessionControl.java
+++ b/src/main/java/de/jottyfan/timetrack/modules/SessionControl.java
@@ -1,6 +1,7 @@
 package de.jottyfan.timetrack.modules;
 
 import javax.enterprise.context.RequestScoped;
+import javax.faces.application.FacesMessage;
 import javax.faces.context.FacesContext;
 import javax.inject.Inject;
 import javax.inject.Named;
@@ -20,6 +21,9 @@ public class SessionControl {
 	@Inject
 	private SessionBean sessionBean;
 
+	private String secretNew1;
+	private String secretNew2;
+
 	public String doLogin() {
 		SessionModel model = new SessionModel();
 		model.doLogin((JooqFacesContext) FacesContext.getCurrentInstance(), sessionBean);
@@ -32,6 +36,56 @@ public class SessionControl {
 		sessionBean.setForename(null);
 		sessionBean.setSurname(null);
 		sessionBean.setUsername(null);
+		sessionBean.getPrivileges().clear();
 		return Pages.START.get();
 	}
+
+	public String doChangePassword() {
+		if (!secretNew1.equals(secretNew2)) {
+			FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password",
+					"passwords are not equal");
+			FacesContext.getCurrentInstance().addMessage(null, msg);
+			return "";
+		} else if (new SessionModel().doChangePassword((JooqFacesContext) FacesContext.getCurrentInstance(), secretNew1)) {
+			FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_INFO, "successfully changed password",
+					"the new password has been saved");
+			FacesContext.getCurrentInstance().addMessage(null, msg);
+			return Pages.START.get();
+		} else {
+			FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password",
+					"database change was not successful");
+			FacesContext.getCurrentInstance().addMessage(null, msg);
+			return "";
+		}
+	}
+
+	/**
+	 * @return the secretNew1
+	 */
+	public String getSecretNew1() {
+		return secretNew1;
+	}
+
+	/**
+	 * @param secretNew1
+	 *          the secretNew1 to set
+	 */
+	public void setSecretNew1(String secretNew1) {
+		this.secretNew1 = secretNew1;
+	}
+
+	/**
+	 * @return the secretNew2
+	 */
+	public String getSecretNew2() {
+		return secretNew2;
+	}
+
+	/**
+	 * @param secretNew2
+	 *          the secretNew2 to set
+	 */
+	public void setSecretNew2(String secretNew2) {
+		this.secretNew2 = secretNew2;
+	}
 }
diff --git a/src/main/java/de/jottyfan/timetrack/modules/SessionGateway.java b/src/main/java/de/jottyfan/timetrack/modules/SessionGateway.java
index 7c587a3..26b99b2 100644
--- a/src/main/java/de/jottyfan/timetrack/modules/SessionGateway.java
+++ b/src/main/java/de/jottyfan/timetrack/modules/SessionGateway.java
@@ -1,17 +1,21 @@
 package de.jottyfan.timetrack.modules;
 
 import static de.jottyfan.timetrack.db.profile.Tables.T_LOGIN;
+import static de.jottyfan.timetrack.db.profile.Tables.V_LOGINROLE;
 
 import java.sql.SQLException;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.jooq.DSLContext;
+import org.jooq.Record1;
 import org.jooq.Record4;
 import org.jooq.SelectConditionStep;
+import org.jooq.UpdateConditionStep;
 import org.jooq.exception.DataAccessException;
 
 import de.jooqFaces.JooqFacesContext;
+import de.jottyfan.timetrack.db.profile.tables.records.TLoginRecord;
 
 /**
  * 
@@ -31,9 +35,9 @@ public class SessionGateway extends JooqGateway {
 	 * @param bean
 	 *          the bean
 	 * @return true or false
-	 * @throws SQLException 
-	 * @throws ClassNotFoundException 
-	 * @throws DataAccessException 
+	 * @throws SQLException
+	 * @throws ClassNotFoundException
+	 * @throws DataAccessException
 	 */
 	public boolean seekAndSetLogin(SessionBean bean) throws DataAccessException, ClassNotFoundException, SQLException {
 		try (DSLContext jooq = getJooq()) {
@@ -54,6 +58,18 @@ public class SessionGateway extends JooqGateway {
 					bean.setLogin(r.get(T_LOGIN.PK));
 					bean.setForename(r.get(T_LOGIN.FORENAME));
 					bean.setSurname(r.get(T_LOGIN.SURNAME));
+
+					SelectConditionStep<Record1<String>> sql2 = jooq
+					// @formatter:off
+						.select(V_LOGINROLE.ROLE_NAME)
+						.from(V_LOGINROLE)
+						.where(V_LOGINROLE.LOGIN.eq(bean.getUsername()));
+					// @formatter:on
+					LOGGER.debug(sql2.toString());
+					for (Record1<String> privilege : sql2.fetch()) {
+						bean.getPrivileges().add(privilege.get(V_LOGINROLE.ROLE_NAME));
+					}
+					addToSessionMap("sessionBean", bean);
 					return true;
 				} else {
 					throw new DataAccessException("wrong password");
@@ -64,4 +80,29 @@ public class SessionGateway extends JooqGateway {
 		}
 	}
 
+	/**
+	 * change the password
+	 * 
+	 * @param bean
+	 *          the bean containing the new password
+	 * @return true or false
+	 * @throws SQLException
+	 * @throws ClassNotFoundException
+	 * @throws DataAccessException
+	 */
+	public boolean changePassword(SessionBean bean, String newPassword)
+			throws DataAccessException, ClassNotFoundException, SQLException {
+		bean.setSecret(newPassword);
+		String encryptedPassword = bean.getSecret();
+		try (DSLContext jooq = getJooq()) {
+			UpdateConditionStep<TLoginRecord> sql = jooq
+			// @formatter:off
+					.update(T_LOGIN)
+					.set(T_LOGIN.PASSWORD, encryptedPassword)
+					.where(T_LOGIN.PK.eq(bean.getLogin()));
+				// @formatter:on
+			LOGGER.debug("updating password, disable log here");
+			return sql.execute() == 1;
+		}
+	}
 }
diff --git a/src/main/java/de/jottyfan/timetrack/modules/SessionModel.java b/src/main/java/de/jottyfan/timetrack/modules/SessionModel.java
index 5a34443..a049a87 100644
--- a/src/main/java/de/jottyfan/timetrack/modules/SessionModel.java
+++ b/src/main/java/de/jottyfan/timetrack/modules/SessionModel.java
@@ -25,4 +25,14 @@ public class SessionModel {
 		}
 	}
 
+	public boolean doChangePassword(JooqFacesContext facesContext, String secretNew) {
+		try {
+			SessionBean bean = (SessionBean) facesContext.getExternalContext().getSessionMap().get("sessionBean");
+			return new SessionGateway(facesContext).changePassword(bean, secretNew);
+		} catch (DataAccessException | ClassNotFoundException | SQLException e) {
+			FacesMessage msg = new FacesMessage(FacesMessage.SEVERITY_ERROR, "error on changing password", e.getMessage());
+			facesContext.addMessage(null, msg);
+			return false;
+		}
+	}
 }
diff --git a/src/main/webapp/pages/start.xhtml b/src/main/webapp/pages/start.xhtml
index 0f8b655..815d48d 100644
--- a/src/main/webapp/pages/start.xhtml
+++ b/src/main/webapp/pages/start.xhtml
@@ -1,7 +1,7 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html"
-  xmlns:f="http://java.sun.com/jsf/core" xmlns:my="http://xmlns.jcp.org/jsf/composite/my" xmlns:b="http://bootsfaces.net/ui">
+<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core"
+  xmlns:my="http://xmlns.jcp.org/jsf/composite/my" xmlns:b="http://bootsfaces.net/ui">
 <h:head>
 </h:head>
 <h:body>
@@ -11,12 +11,31 @@
     </ui:define>
     <ui:define name="main">
       <b:panel title="Einstellungen" collapsed="true" rendered="#{sessionBean.hasLogin}">
-        <b:form>
-          <b:selectOneMenu value="#{themeBean.currentTheme}">
-            <f:selectItems value="#{themeBean.validThemes}" var="t" itemValue="#{t}" itemLabel="#{t}" />
-          </b:selectOneMenu>
-          <b:commandButton action="#{doneControl.toStart}" value="ändern" iconAwesome="pencil" look="warning" />
-        </b:form>
+        <b:accordion expandedPanels="layout">
+          <b:panel id="layout" title="Layout">
+            <b:form>
+              <b:selectOneMenu value="#{themeBean.currentTheme}">
+                <f:selectItems value="#{themeBean.validThemes}" var="t" itemValue="#{t}" itemLabel="#{t}" />
+              </b:selectOneMenu>
+              <b:commandButton action="#{doneControl.toStart}" value="ändern" iconAwesome="pencil" look="warning" />
+            </b:form>
+          </b:panel>
+          <b:panel id="password" title="Passwort">
+            <b:form>
+              <b:inputSecret value="#{sessionControl.secretNew1}" required="true" requiredMessage="Das Feld Passwort muss ausgefüllt werden.">
+                <f:facet name="prepend">
+                  <h:outputText value="Passwort" />
+                </f:facet>
+              </b:inputSecret>
+              <b:inputSecret value="#{sessionControl.secretNew2}" required="true" requiredMessage="Das Feld Passwort nochmal muss ausgefüllt werden.">
+                <f:facet name="prepend">
+                  <h:outputText value="Passwort nochmal" />
+                </f:facet>
+              </b:inputSecret>
+              <b:commandButton action="#{sessionControl.doChangePassword}" value="übernehmen" look="warning" />
+            </b:form>
+          </b:panel>
+        </b:accordion>
       </b:panel>
       <b:panel title="Login" rendered="#{sessionBean.hasNoLogin}" styleClass="loginpanel">
         <b:form>
@@ -25,6 +44,7 @@
               <h:outputText value="Username" />
             </f:facet>
             <f:selectItem itemValue="henkej" itemLabel="Jörg Henke" />
+            <f:selectItem itemValue="piontekm" itemLabel="Michael Piontek" />
           </b:selectOneMenu>
           <b:inputSecret value="#{sessionBean.secret}">
             <f:facet name="prepend">
@@ -38,11 +58,11 @@
     <ui:define name="navigation">
       <b:form rendered="#{sessionBean.hasLogin}">
         <b:buttonGroup>
-          <b:commandButton action="#{noteControl.toList}" value="#{noteControl.amount} Notizen verwalten" look="primary"
-            iconAwesome="comments-o" />
-          <b:commandButton action="#{contactControl.toList}" value="#{contactControl.amount} Kontakte verwalten" look="primary"
-            iconAwesome="group" />
-          <b:commandButton action="#{doneControl.toList}" value="Arbeitszeit verwalten" look="primary" iconAwesome="clock-o" />
+          <b:commandButton action="#{noteControl.toList}" value="#{noteControl.amount} Notizen verwalten" look="primary" iconAwesome="comments-o"
+            rendered="#{sessionBean.hasPrivilege('write_note')}" />
+          <b:commandButton action="#{contactControl.toList}" value="#{contactControl.amount} Kontakte verwalten" look="primary" iconAwesome="group"
+            rendered="#{sessionBean.hasPrivilege('write_contact')}" />
+          <b:commandButton action="#{doneControl.toList}" value="Arbeitszeit verwalten" look="primary" iconAwesome="clock-o" rendered="#{sessionBean.hasPrivilege('write_done')}" />
           <b:commandButton action="#{sessionControl.doLogout}" value="abmelden" look="danger" iconAwesome="sign-out" />
         </b:buttonGroup>
       </b:form>