/* 
    P/P   *  Method: net.sourceforge.pebble.web.action.SaveUserDetailsAction__static_init
          * 
          *  Postconditions:
          *    init'ed(log)
          */
     1  /*
     2   * Copyright (c) 2003-2006, Simon Brown
     3   * All rights reserved.
     4   *
     5   * Redistribution and use in source and binary forms, with or without
     6   * modification, are permitted provided that the following conditions are met:
     7   *
     8   *   - Redistributions of source code must retain the above copyright
     9   *     notice, this list of conditions and the following disclaimer.
    10   *
    11   *   - Redistributions in binary form must reproduce the above copyright
    12   *     notice, this list of conditions and the following disclaimer in
    13   *     the documentation and/or other materials provided with the
    14   *     distribution.
    15   *
    16   *   - Neither the name of Pebble nor the names of its contributors may
    17   *     be used to endorse or promote products derived from this software
    18   *     without specific prior written permission.
    19   *
    20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
    24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    30   * POSSIBILITY OF SUCH DAMAGE.
    31   */
    32  package net.sourceforge.pebble.web.action;
    33  
    34  import net.sourceforge.pebble.Constants;
    35  import net.sourceforge.pebble.PebbleContext;
    36  import net.sourceforge.pebble.domain.AbstractBlog;
    37  import net.sourceforge.pebble.security.PebbleUserDetails;
    38  import net.sourceforge.pebble.security.SecurityRealm;
    39  import net.sourceforge.pebble.security.SecurityRealmException;
    40  import net.sourceforge.pebble.util.SecurityUtils;
    41  import net.sourceforge.pebble.web.security.RequireSecurityToken;
    42  import net.sourceforge.pebble.web.validation.ValidationContext;
    43  import net.sourceforge.pebble.web.view.ForwardView;
    44  import net.sourceforge.pebble.web.view.RedirectView;
    45  import net.sourceforge.pebble.web.view.View;
    46  import net.sourceforge.pebble.web.view.impl.FourZeroThreeView;
    47  import org.apache.commons.logging.Log;
    48  import org.apache.commons.logging.LogFactory;
    49  
         /* 
    P/P   *  Method: void net.sourceforge.pebble.web.action.SaveUserDetailsAction()
          */
    50  import javax.servlet.ServletException;
    51  import javax.servlet.http.HttpServletRequest;
    52  import javax.servlet.http.HttpServletResponse;
    53  
    54  /**
    55   * Saves user details.
    56   *
    57   * @author    Simon Brown
    58   */
    59  @RequireSecurityToken
    60  public class SaveUserDetailsAction extends SecureAction {
    61  
    62    /** the log used by this class */
    63    private static final Log log = LogFactory.getLog(SaveUserDetailsAction.class);
    64  
    65    /**
    66     * Peforms the processing associated with this action.
    67     *
    68     * @param request  the HttpServletRequest instance
    69     * @param response the HttpServletResponse instance
    70     * @return the name of the next view
    71     */
    72    public View process(HttpServletRequest request, HttpServletResponse response) throws ServletException {
    73      try {
               /* 
    P/P         *  Method: View process(HttpServletRequest, HttpServletResponse)
                * 
                *  Preconditions:
                *    request != null
                *    this.model != null
                *    this.model.data != null
                *    (soft) net.sourceforge.pebble.PebbleContext__static_init.new PebbleContext(PebbleContext__static_init#1).configuration != null
                * 
                *  Presumptions:
                *    currentUserDetails.grantedAuthories != null
                *    currentUserDetails.grantedAuthories.length <= 232-1
                *    currentUserDetails.grantedAuthories[...] != null
                *    java.io.File:exists(...)@103 == 1
                *    java.util.HashMap:get(...)@63 != null
                *    ...
                * 
                *  Postconditions:
                *    return_value in Addr_Set{&new ForwardView(process#6),&new RedirectView(process#4),&new FourZeroThreeView(process#1)}
                *    new ForwardView(process#6) num objects <= 1
                *    new ForwardView(process#6).uri == &".editUserDetails.secureaction"
                *    new FourZeroThreeView(process#1) num objects <= 1
                *    new RedirectView(process#4) num objects <= 1
                * 
                *  Test Vectors:
                *    currentUserDetails.detailsUpdateable: {1}, {0}
                */
    74        AbstractBlog blog = (AbstractBlog)getModel().get(Constants.BLOG_KEY);
    75  
    76        String name = request.getParameter("name");
    77        String emailAddress = request.getParameter("emailAddress");
    78        String website = request.getParameter("website");
    79        String profile = request.getParameter("profile");
    80  
    81        PebbleUserDetails currentUserDetails = SecurityUtils.getUserDetails();
    82  
    83        // can the user change their user details?
+   84        if (!currentUserDetails.isDetailsUpdateable()) {
    85          return new FourZeroThreeView();
    86        }
    87  
    88        SecurityRealm realm = PebbleContext.getInstance().getConfiguration().getSecurityRealm();
    89        PebbleUserDetails newUserDetails;
    90  
    91        ValidationContext validationContext = new ValidationContext();
    92  
    93        if (!validationContext.hasErrors()) {
    94        newUserDetails = new PebbleUserDetails(
    95            currentUserDetails.getUsername(),
    96            name,
    97            emailAddress,
    98            website,
    99            profile,
   100            currentUserDetails.getRoles(),
   101            currentUserDetails.getPreferences(),
   102            currentUserDetails.isDetailsUpdateable());
   103  
   104            realm.updateUser(newUserDetails);
   105  
   106            return new RedirectView(blog.getUrl() + "editUserDetails.secureaction");
   107        }
   108  
   109        getModel().put("validationContext", validationContext);
   110        return new ForwardView("/editUserDetails.secureaction");
   111      } catch (SecurityRealmException e) {
   112        throw new ServletException(e);
   113      }
   114    }
   115  
   116    /**
   117     * Gets a list of all roles that are allowed to access this action.
   118     *
   119     * @return  an array of Strings representing role names
   120     * @param request
   121     */
   122    public String[] getRoles(HttpServletRequest request) {
             /* 
    P/P       *  Method: String[] getRoles(HttpServletRequest)
              * 
              *  Presumptions:
              *    init'ed(net.sourceforge.pebble.Constants.ANY_ROLE)
              * 
              *  Postconditions:
              *    return_value == &new String[](getRoles#1)
              *    new String[](getRoles#1) num objects == 1
              *    return_value.length == 1
              *    return_value[0] == net.sourceforge.pebble.Constants.ANY_ROLE
              *    (soft) init'ed(return_value[0])
              */
   123      return new String[]{Constants.ANY_ROLE};
   124    }
   125  
   126  }