Automatic generation produced by ISE Eiffel
indexing
description: "handler for user related requests"
author: "Peizhu Li, <lip@student.ethz.ch>"
date: "$05.02.2008$"
revision: "$0.8.1$"
class
USER_HANDLER
inherit
INFORMATICS_HANDLER
redefine
post_processing
end
APPLICATION_CONSTANTS
create
make
feature -- process request
handling_request
-- dispatching requests to relevant handling routines, processing request
require else
context /= Void
do
create return_view.make (context.config.template)
if context.command_string.is_equal ("login") then
authenticate_user
elseif context.command_string.is_equal ("submit") then
create_update_user_account
elseif context.command_string.is_equal ("userform") then
display_user_form
elseif context.command_string.is_equal ("loginform") then
return_view.replace_marker_with_string ("USER_ID", "")
elseif context.command_string.is_equal ("details") then
display_user_details
elseif context.field_defined ("user_id") and then context.command_string.is_equal ("delete") then
delete_user_account (context.text_field_value ("user_id"))
admin_user_list
elseif context.field_defined ("user_id") and then context.command_string.is_equal ("suspend") then
suspend_user_account (context.text_field_value ("user_id"))
admin_user_list
elseif context.field_defined ("user_id") and then context.command_string.is_equal ("activate") then
activate_user_account (context.text_field_value ("user_id"))
admin_user_list
elseif context.command_string.is_equal ("list") then
admin_user_list
else
redirect_to_invalid_request_page
end
end
post_processing
-- common tasks for user related pages
do
return_view.replace_marker_with_string ("ORGANIZATION", actual_user.organization)
return_view.replace_marker_with_string ("TELEPHONE", actual_user.telephone)
return_view.replace_marker_with_string ("PASSWORD", actual_user.password)
return_view.replace_marker_with_string ("CONFIRM_PASSWORD", actual_user.password)
Precursor
end
feature {NONE} -- implementation
format_user_for_adminlist (a_user: INFORMATICS_USER; odd_row: BOOLEAN): STRING_8
-- format user information into a <td> row for user administration view
local
left_border_class, mid_class, right_border_class: STRING_8
edit, suspend, delete, role: STRING_8
img_yes, img_no, img_suspended: STRING_8
do
if odd_row then
left_border_class := "user_row_odd_left_border"
mid_class := "user_row_odd"
right_border_class := "user_row_odd_right_border"
else
left_border_class := "user_row_even_left_border"
mid_class := "user_row_even"
right_border_class := "user_row_even_right_border"
end
img_yes := "<img src=%"{#IMAGE_PATH#}yes.gif%" alt=%"%" />"
img_no := "<img src=%"{#IMAGE_PATH#}no.gif%" alt=%"%" />"
if not a_user.status.is_equal (user_suspended) then
img_suspended := img_yes
suspend := "<a href=%"{#CGI_FILE_NAME#}?user&cmd=suspend&user_id=" + a_user.username + "%">Suspend</a>"
else
img_suspended := img_no
suspend := "<a href=%"{#CGI_FILE_NAME#}?user&cmd=activate&user_id=" + a_user.username + "%">Activate</a>"
end
if a_user.role = role_administrator then
role := "Administrator"
else
role := "User"
end
edit := "<a href=%"{#CGI_FILE_NAME#}?user&cmd=userform&mode=edit&user_id=" + a_user.username + "%">Edit</a>"
delete := "<a href=%"{#CGI_FILE_NAME#}?user&cmd=delete&user_id=" + a_user.username + "%">Delete</a>"
create Result.make_empty
Result.append ("<tr><td class=%"" + left_border_class + "%"><a href=%"{#CGI_FILE_NAME#}?user&cmd=details&user_id=" + a_user.username + "%">" + a_user.first_name + " " + a_user.last_name + "</a></td>%N")
Result.append (" <td class=%"" + mid_class + "%">" + a_user.email + "</td>%N")
Result.append (" <td class=%"" + mid_class + "%">" + a_user.organization + "</td>%N")
Result.append (" <td class=%"" + mid_class + "%">" + role + "</td>%N")
Result.append (" <td class=%"" + mid_class + "%" align=%"center%">" + img_suspended + "</td>%N")
Result.append (" <td class=%"" + mid_class + "%" align=%"right%">" + edit + "</td>%N")
Result.append (" <td class=%"" + mid_class + "%" align=%"right%">" + suspend + "</td>%N")
Result.append (" <td class=%"" + right_border_class + "%" align=%"right%">" + delete + "</td>%N</tr>%N")
end
admin_user_list
-- generate the user administation view
local
table_content: STRING_8
a_user: INFORMATICS_USER
odd_row: BOOLEAN
do
if actual_user.role /= role_administrator then
redirect_to_permission_denied_page
end
create a_user.make
create table_content.make_empty
if user_manager.user_count > 0 then
user_manager.user_list.start
odd_row := True
from
user_manager.user_list.start
until
user_manager.user_list.after
loop
a_user ?= user_manager.user_list.item_for_iteration
table_content.append (format_user_for_adminlist (a_user, odd_row))
user_manager.user_list.forth
odd_row := not odd_row
end
end
return_view.replace_marker_with_string ("USER_LIST", table_content)
end
authenticate_user
-- validate "login" form and authenticate user
local
error_messages: HASH_TABLE [STRING_8, STRING_8]
error_string: STRING_8
a_user: INFORMATICS_USER
do
error_messages := validate_login_form
if error_messages.count = 0 then
if user_manager.is_user_authentication_valid (context.text_field_value ("user_id"), context.text_field_value ("password")) then
a_user ?= user_manager.get_user_by_name (context.text_field_value ("user_id"))
if a_user.status = user_suspended then
error_messages.put ("User account <b>" + context.text_field_value ("user_id") + "</b> is suspended.<br />Please contact administrator for further information.", "Account Suspended")
else
return_view.enable_alternative_section ("AUTHENTICATION_FORM", 1)
actual_user ?= user_manager.get_user_by_name (context.text_field_value ("user_id"))
check
actual_user_updated: actual_user /= Void and then actual_user.username.is_equal (context.text_field_value ("user_id"))
end
my_session.set_email (actual_user.email)
my_session.set_username (actual_user.email)
session.set_expiration_after_seconds (context.config.session_expiration)
end
else
error_messages.put ("Invalid password for " + context.text_field_value ("user_id") + ". Please try again.", "Password")
end
end
if error_messages.count > 0 then
return_view.enable_section ("VALIDATION_ERROR_MESSAGES")
error_string := expand_error_string (error_messages)
return_view.replace_marker_with_string ("ERROR_MESSAGES", error_string)
if context.field_defined ("user_id") then
return_view.replace_marker_with_string ("USER_ID", context.text_field_value ("user_id"))
end
end
end
create_update_user_account
-- validate user form, create/update an user account if ok
local
error_messages: HASH_TABLE [STRING_8, STRING_8]
error_string: STRING_8
a_user: INFORMATICS_USER
email: STRING_8
do
create a_user.make
error_messages := validate_user_form (a_user)
if error_messages.count = 0 then
email := context.text_field_value ("email")
if actual_user.role = role_guest and then user_manager.username_defined (email) then
error_messages.put ("Given email address is already registered.", "Email")
elseif actual_user.role = role_normal_user and then (not actual_user.username.is_equal (email) and user_manager.username_defined (email)) then
error_messages.put ("Given email address is already registered by another user.", "Email")
else
if context.field_defined ("mode") then
if context.text_field_value ("mode").is_equal ("register") or context.text_field_value ("mode").is_equal ("add") then
return_view.enable_alternative_section ("USER_FORM", 1)
if context.text_field_value ("mode").is_equal ("register") then
return_view.replace_marker_with_string ("FORM_TITLE", "Register")
else
return_view.replace_marker_with_string ("FORM_TITLE", "Add User")
end
elseif context.text_field_value ("mode").is_equal ("edit") or context.text_field_value ("mode").is_equal ("update") then
return_view.enable_alternative_section ("USER_FORM", 2)
if context.text_field_value ("mode").is_equal ("edit") then
return_view.replace_marker_with_string ("FORM_TITLE", "Edit User")
else
return_view.replace_marker_with_string ("FORM_TITLE", "Edit Profile")
end
end
end
if actual_user.role /= role_administrator then
a_user.set_role (role_normal_user)
a_user.set_status (user_active)
end
if not user_manager.username_defined (a_user.username) then
user_manager.add_user (a_user)
else
user_manager.update_user (a_user)
end
user_manager.persist_data
if actual_user.role /= role_administrator then
my_session.set_username (a_user.username)
my_session.set_email (a_user.email)
actual_user := a_user
end
return_view.replace_marker_with_string ("EMAIL_ADDRESS", a_user.email)
end
end
if error_messages.count > 0 then
return_view.enable_section ("VALIDATION_ERROR_MESSAGES")
error_string := expand_error_string (error_messages)
return_view.replace_marker_with_string ("ERROR_MESSAGES", error_string)
if context.field_defined ("mode") then
if context.text_field_value ("mode").is_equal ("register") or context.text_field_value ("mode").is_equal ("add") then
if context.text_field_value ("mode").is_equal ("register") then
return_view.replace_marker_with_string ("FORM_TITLE", "Register")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Register")
return_view.replace_marker_with_string ("SAVE_MODE", "register")
else
return_view.replace_marker_with_string ("FORM_TITLE", "Add User")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Add User")
return_view.replace_marker_with_string ("SAVE_MODE", "add")
end
return_view.replace_marker_with_string ("READONLY", "")
elseif context.text_field_value ("mode").is_equal ("edit") and then context.field_defined ("user_id") then
return_view.replace_marker_with_string ("FORM_TITLE", "Edit User")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Save")
return_view.replace_marker_with_string ("SAVE_MODE", "edit")
else
return_view.replace_marker_with_string ("FORM_TITLE", "Edit Profile")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Save")
return_view.replace_marker_with_string ("SAVE_MODE", "update")
end
return_view.replace_marker_with_string ("READONLY", "readonly=%"readonly%"")
end
if context.field_defined ("first_name") then
return_view.replace_marker_with_string ("first_name", context.text_field_value ("first_name"))
end
if context.field_defined ("last_name") then
return_view.replace_marker_with_string ("last_name", context.text_field_value ("last_name"))
end
if context.field_defined ("email") then
return_view.replace_marker_with_string ("email_address", context.text_field_value ("email"))
return_view.replace_marker_with_string ("email", context.text_field_value ("email"))
end
if context.field_defined ("organization") then
return_view.replace_marker_with_string ("organization", context.text_field_value ("organization"))
end
if context.field_defined ("telephone") then
return_view.replace_marker_with_string ("telephone", context.text_field_value ("telephone"))
end
end
end
display_user_form
-- update and display user registration form based on actual context (register / admin / update mode)
local
edit_user: INFORMATICS_USER
user_id: STRING_8
do
if context.field_defined ("mode") then
if context.text_field_value ("mode").is_equal ("register") or context.text_field_value ("mode").is_equal ("add") then
if context.text_field_value ("mode").is_equal ("register") then
return_view.replace_marker_with_string ("FORM_TITLE", "Register")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Register")
return_view.replace_marker_with_string ("SAVE_MODE", "register")
else
return_view.replace_marker_with_string ("FORM_TITLE", "Add User")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Add User")
return_view.replace_marker_with_string ("SAVE_MODE", "add")
end
create edit_user.make
restore_user_data (edit_user)
return_view.replace_marker_with_string ("READONLY", "")
elseif context.text_field_value ("mode").is_equal ("edit") and then context.field_defined ("user_id") then
user_id := context.text_field_value ("user_id")
return_view.enable_section ("ADMINISTRATOR_INFORMATION")
if actual_user.role /= role_administrator then
redirect_to_permission_denied_page
elseif not user_manager.username_defined (user_id) then
redirect_to_invalid_request_page
else
edit_user ?= user_manager.get_user_by_name (user_id)
if edit_user = Void then
redirect_to_invalid_request_page
else
return_view.replace_marker_with_string ("FORM_TITLE", "Edit User")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Save")
return_view.replace_marker_with_string ("SAVE_MODE", "edit")
return_view.replace_marker_with_string ("READONLY", "readonly=%"readonly%"")
restore_user_data (edit_user)
end
end
else
return_view.replace_marker_with_string ("FORM_TITLE", "Edit Profile")
return_view.replace_marker_with_string ("BUTTON_TEXT", "Save")
return_view.replace_marker_with_string ("SAVE_MODE", "update")
restore_user_data (actual_user)
return_view.replace_marker_with_string ("READONLY", "readonly=%"readonly%"")
end
end
end
display_user_details
-- update the "User details" view
local
s, user_id: STRING_8
a_user: INFORMATICS_USER
do
if actual_user.role /= role_administrator and then (context.field_defined ("user_id") and then not actual_user.username.is_equal (context.text_field_value ("user_id"))) then
redirect_to_permission_denied_page
else
if actual_user.role = role_administrator then
s := "{
<td style="padding: 0px 10px 0px 0px">
<a href="{#CGI_FILE_NAME#}?user&cmd=userform&mode=edit&user_id={#user_id#}">Edit</a>
</td>
<td>
<a href="{#CGI_FILE_NAME#}?user&cmd=delete&user_id={#user_id#}">Delete</a>
</td>
}"
return_view.replace_marker_with_string ("ADMIN_USER_COMMAND", s)
end
if context.field_defined ("user_id") then
user_id := context.text_field_value ("user_id")
else
user_id := actual_user.username
end
a_user ?= user_manager.get_user_by_name (user_id)
if a_user /= Void then
restore_user_data (a_user)
end
end
end
delete_user_account (user_id: STRING_8)
-- delete an user account
require
user_exists: user_id /= Void and then not user_id.is_empty and then user_manager.username_defined (user_id)
do
if actual_user.role /= role_administrator then
redirect_to_permission_denied_page
else
user_manager.delete_user_by_name (user_id)
user_manager.persist_data
end
end
suspend_user_account (user_id: STRING_8)
-- suspend an user account
require
user_exists: user_id /= Void and then not user_id.is_empty and then user_manager.username_defined (user_id)
local
a_user: INFORMATICS_USER
do
if actual_user.role /= role_administrator then
redirect_to_permission_denied_page
else
a_user ?= user_manager.get_user_by_name (user_id)
a_user.set_status (user_suspended)
user_manager.update_user (a_user)
user_manager.persist_data
end
end
activate_user_account (user_id: STRING_8)
-- activate a suspended user account
require
user_exists: user_id /= Void and then not user_id.is_empty and then user_manager.username_defined (user_id)
local
a_user: INFORMATICS_USER
do
if actual_user.role /= role_administrator then
redirect_to_permission_denied_page
else
a_user ?= user_manager.get_user_by_name (user_id)
a_user.set_status (user_active)
user_manager.update_user (a_user)
user_manager.persist_data
end
end
feature -- form processing
restore_user_data (a_user: INFORMATICS_USER)
-- fill user registration form with given user information
local
role: STRING_8
do
return_view.replace_marker_with_string ("first_name", a_user.first_name)
return_view.replace_marker_with_string ("last_name", a_user.last_name)
return_view.replace_marker_with_string ("user_name", a_user.first_name + " " + a_user.last_name)
return_view.replace_marker_with_string ("email", a_user.email)
return_view.replace_marker_with_string ("user_id", a_user.email)
return_view.replace_marker_with_string ("password", a_user.password)
return_view.replace_marker_with_string ("confirm_password", a_user.password)
return_view.replace_marker_with_string ("organization", a_user.organization)
return_view.replace_marker_with_string ("telephone", a_user.telephone)
if a_user.role = role_administrator then
role := "<option selected=%"selected%" value=%"Administrator%">Administrator</option>"
else
role := "<option selected=%"selected%" value=%"User%">User</option>"
end
return_view.replace_marker_with_string ("user_role", role)
if a_user.status.is_equal (user_suspended) then
return_view.replace_marker_with_string ("suspend", "checked=%"checked%"")
end
end
validate_login_form: HASH_TABLE [STRING_8, STRING_8]
-- validate login form, return a table filled with validation failure messages if any
require
environment_set: context /= Void
local
validator: FORM_VALIDATOR
error_string_table: HASH_TABLE [STRING_8, STRING_8]
do
create validator.make (context)
create error_string_table.make (100)
if not validator.is_must_field_filled ("user_id") then
error_string_table.put ("Please enter your registered email address.", "Email")
else
if not validator.is_email_valid (validator.get_field_string ("user_id")) then
error_string_table.put ("Given email address seems not valid.", "Email")
elseif not user_manager.username_defined (context.text_field_value ("user_id")) then
error_string_table.put ("Given email address is not registered.", "Email")
end
end
if not validator.is_must_field_filled ("password") then
error_string_table.put ("please enter the password.", "Password")
end
Result := error_string_table
end
validate_user_form (a_user: INFORMATICS_USER): HASH_TABLE [STRING_8, STRING_8]
-- validate user registation form, , return a table filled with validation failure messages if any
require
environment_set: context /= Void
local
validator: FORM_VALIDATOR
error_string_table: HASH_TABLE [STRING_8, STRING_8]
do
create validator.make (context)
create error_string_table.make (100)
if not validator.is_must_field_filled ("email") then
error_string_table.put ("An email address must be specified (used as the login name).", "Email")
else
a_user.set_email (validator.get_field_string ("email"))
a_user.set_username (validator.get_field_string ("email"))
if not validator.is_email_valid (validator.get_field_string ("email")) then
error_string_table.put ("Given email address seems not valid.", "Email")
elseif context.field_defined ("mode") then
if context.text_field_value ("mode").is_equal ("add") and then user_manager.username_defined (validator.get_field_string ("email")) then
error_string_table.put ("Given email address is already registered.", "Email")
end
end
end
if not validator.is_must_field_filled ("first_name") then
error_string_table.put ("Please enter your first name.", "First name")
else
a_user.set_first_name (validator.get_field_string ("first_name"))
end
if not validator.is_must_field_filled ("last_name") then
error_string_table.put ("Please enter your family name.", "Family name")
else
a_user.set_last_name (validator.get_field_string ("last_name"))
end
if not validator.is_must_field_filled ("organization") then
error_string_table.put ("Please specify your organization.", "Organization")
else
a_user.set_organization (validator.get_field_string ("organization"))
end
if not validator.is_must_field_filled ("password") or not validator.is_must_field_filled ("confirm_password") then
error_string_table.put ("password should be typed in both fields", "Password")
elseif not validator.are_fields_equal ("password", "confirm_password") then
error_string_table.put ("typed passwords not match each other", "Password")
else
a_user.set_password (validator.get_field_string ("password"))
end
a_user.set_telephone (validator.get_field_string ("telephone"))
if validator.get_field_string ("user_role").is_equal ("Administrator") then
a_user.set_role (role_administrator)
else
a_user.set_role (role_normal_user)
end
if validator.get_field_string ("suspend").is_equal ("1") then
a_user.set_status (user_suspended)
else
a_user.set_status (user_active)
end
Result := error_string_table
end
invariant
invariant_clause: True
end -- class USER_HANDLER
-- Generated by ISE Eiffel --
For more details: www.eiffel.com