• file
• revisions
• annotate
• diff
• comparison
• raw

src/main/kotlin/de/uapcore/lightpit/servlet/UsersServlet.kt@c9c6abf167c7 (annotated)

src/main/kotlin/de/uapcore/lightpit/servlet/UsersServlet.kt

Tue, 03 Aug 2021 13:41:32 +0200

author

Mike Becker <universe@uap-core.de>

date

Tue, 03 Aug 2021 13:41:32 +0200

changeset 209

c9c6abf167c7

parent 184

e8eecee6aadf

child 210

37fbdcb422b7

permissions

-rw-r--r--

#21 adds input validation mechanism

Also upgrades to Kotlin 1.5.21

universe@184	1	/*
universe@184	2	* Copyright 2021 Mike Becker. All rights reserved.
universe@184	3	*
universe@184	4	* Redistribution and use in source and binary forms, with or without
universe@184	5	* modification, are permitted provided that the following conditions are met:
universe@184	6	*
universe@184	7	* 1. Redistributions of source code must retain the above copyright
universe@184	8	* notice, this list of conditions and the following disclaimer.
universe@184	9	*
universe@184	10	* 2. Redistributions in binary form must reproduce the above copyright
universe@184	11	* notice, this list of conditions and the following disclaimer in the
universe@184	12	* documentation and/or other materials provided with the distribution.
universe@184	13	*
universe@184	14	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
universe@184	15	* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
universe@184	16	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
universe@184	17	* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
universe@184	18	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
universe@184	19	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
universe@184	20	* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
universe@184	21	* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
universe@184	22	* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
universe@184	23	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
universe@184	24	*/
universe@184	25
universe@184	26	package de.uapcore.lightpit.servlet
universe@184	27
universe@209	28	import de.uapcore.lightpit.*
universe@184	29	import de.uapcore.lightpit.dao.DataAccessObject
universe@184	30	import de.uapcore.lightpit.entities.User
universe@184	31	import de.uapcore.lightpit.viewmodel.UserEditView
universe@184	32	import de.uapcore.lightpit.viewmodel.UsersView
universe@184	33	import javax.servlet.annotation.WebServlet
universe@184	34
universe@184	35	@WebServlet(urlPatterns = ["/users/*"])
universe@184	36	class UsersServlet : AbstractServlet(), LoggingTrait {
universe@184	37
universe@184	38	init {
universe@184	39	get("/", this::index)
universe@184	40	get("/-/create", this::create)
universe@184	41	get("/%userid/edit", this::edit)
universe@184	42	post("/-/commit", this::commit)
universe@184	43	}
universe@184	44
universe@184	45	private val list = "users"
universe@184	46	private val form = "user-form"
universe@184	47
universe@209	48	private fun index(http: HttpRequest, dao: DataAccessObject) {
universe@184	49	with(http) {
universe@184	50	view = UsersView(dao.listUsers())
universe@184	51	render(list)
universe@184	52	}
universe@184	53	}
universe@184	54
universe@209	55	private fun create(http: HttpRequest, dao: DataAccessObject) {
universe@184	56	with(http) {
universe@184	57	view = UserEditView(User(-1))
universe@184	58	render(form)
universe@184	59	}
universe@184	60	}
universe@184	61
universe@209	62	private fun edit(http: HttpRequest, dao: DataAccessObject) {
universe@184	63	val id = http.pathParams["userid"]?.toIntOrNull()
universe@184	64	if (id == null) {
universe@184	65	http.response.sendError(404)
universe@184	66	} else {
universe@184	67	val user = dao.findUser(id)
universe@184	68	if (user == null) {
universe@184	69	http.response.sendError(404)
universe@184	70	} else {
universe@184	71	with(http) {
universe@184	72	view = UserEditView(user)
universe@184	73	render(form)
universe@184	74	}
universe@184	75	}
universe@184	76	}
universe@184	77	}
universe@184	78
universe@209	79	private fun commit(http: HttpRequest, dao: DataAccessObject) {
universe@184	80	val id = http.param("userid")?.toIntOrNull()
universe@184	81	if (id == null) {
universe@184	82	http.response.sendError(400)
universe@184	83	return
universe@184	84	}
universe@184	85
universe@184	86	val user = User(id)
universe@184	87	with(user) {
universe@184	88	givenname = http.param("givenname")
universe@184	89	lastname = http.param("lastname")
universe@184	90	mail = http.param("mail")
universe@184	91	}
universe@184	92
universe@209	93	if (user.id > 0) {
universe@209	94	logger().info("Update user with id ${user.id}.")
universe@209	95	dao.updateUser(user)
universe@209	96	http.renderCommit("users/")
universe@209	97	} else {
universe@209	98	val errorMessages = mutableListOf<String>()
universe@209	99	val username = http.param("username", {
universe@209	100	if (it == null) ValidationError("validation.username.null")
universe@209	101	else if (dao.findUserByName(it) != null) ValidationError("validation.username.unique")
universe@209	102	else ValidatedValue(it)
universe@209	103	}, errorMessages)
universe@209	104
universe@209	105	if (username != null) {
universe@209	106	logger().info("Insert user ${username}.")
universe@209	107	user.username = username
universe@209	108	dao.insertUser(user)
universe@209	109	http.renderCommit("users/")
universe@209	110	} else {
universe@209	111	http.view = UserEditView(user).apply { this.errorMessages = errorMessages }
universe@209	112	http.render(form)
universe@184	113	}
universe@184	114	}
universe@184	115	}
universe@184	116	}