admin: edit Administrator

Author: phasenraum2010

src/main/java/org/woehlke/greenshop/admin/service/AdministratorService.java

@@ -14,4 +14,5 @@ public interface AdministratorService extends UserDetailsService {
 
     Administrator findAdministratorById(long administratorId);
 
+    void update(Administrator thisAdministrator);
 }

src/main/java/org/woehlke/greenshop/admin/service/AdministratorServiceImpl.java

@@ -10,6 +10,8 @@
 
 import javax.inject.Inject;
 import javax.inject.Named;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
 import java.util.List;
 
 /**
@@ -32,10 +34,36 @@ public Administrator findAdministratorById(long administratorId) {
         return administratorRepository.findOne(administratorId);
     }
 
+    @Override
+    @Transactional(readOnly=false,propagation=Propagation.REQUIRES_NEW)
+    public void update(Administrator thisAdministrator) {
+        Administrator original = administratorRepository.findOne(thisAdministrator.getId());
+        if(original.getUserPassword().compareTo(thisAdministrator.getUserPassword())!=0){
+            thisAdministrator.setUserPassword(md5(thisAdministrator.getUserPassword()));
+        }
+        thisAdministrator = administratorRepository.save(thisAdministrator);
+    }
+
     @Override
     public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
         Administrator administrator = administratorRepository.findByUserName(username);
         if(administrator == null) throw new UsernameNotFoundException(username);
         return new AdministratorBean(administrator);
     }
+
+    private String md5(String input){
+        MessageDigest md = null;
+        try {
+            md = MessageDigest.getInstance("MD5");
+        } catch (NoSuchAlgorithmException e) {
+            e.printStackTrace();
+        }
+        md.update(input.getBytes());
+        byte[] digest = md.digest();
+        StringBuffer sb = new StringBuffer();
+        for (byte b : digest) {
+            sb.append(String.format("%02x", b & 0xff));
+        }
+        return sb.toString();
+    }
 }

src/main/java/org/woehlke/greenshop/admin/web/configuration/AdministratorController.java

@@ -2,6 +2,7 @@
 
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.validation.BindingResult;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -10,6 +11,7 @@
 import org.woehlke.greenshop.admin.service.AdministratorService;
 
 import javax.inject.Inject;
+import javax.validation.Valid;
 import java.util.List;
 
 /**
@@ -53,4 +55,34 @@ public String administratorId(
         model.addAttribute("administrators",administrators);
         return "admin/configuration/administrators";
     }
+
+    @RequestMapping(value = "/admin/administrators/{administratorId}/edit", method = RequestMethod.GET)
+    public String administratorEditForm(
+            @PathVariable long administratorId, Model model){
+        int menuCategory = AdminMenuCategory.CONFIGURATION.ordinal();
+        model.addAttribute("menuCategory",menuCategory);
+        Administrator thisAdministrator = administratorService.findAdministratorById(administratorId);
+        model.addAttribute("thisAdministrator",thisAdministrator);
+        List<Administrator> administrators = administratorService.findAllAdministrators();
+        model.addAttribute("administrators",administrators);
+        return "admin/configuration/administratorsEdit";
+    }
+
+    @RequestMapping(value = "/admin/administrators/{administratorId}/edit", method = RequestMethod.POST)
+    public String administratorEditSave(
+            @PathVariable long administratorId,
+            @Valid Administrator thisAdministrator, BindingResult result, Model model){
+        int menuCategory = AdminMenuCategory.CONFIGURATION.ordinal();
+        model.addAttribute("menuCategory",menuCategory);
+        if(result.hasErrors()){
+            model.addAttribute("thisAdministrator",thisAdministrator);
+            List<Administrator> administrators = administratorService.findAllAdministrators();
+            model.addAttribute("administrators",administrators);
+            return "admin/configuration/administratorsEdit";
+        } else {
+            thisAdministrator.setId(administratorId);
+            administratorService.update(thisAdministrator);
+            return "redirect:/admin/administrators/"+administratorId;
+        }
+    }
 }

src/main/webapp/WEB-INF/jsp/admin/admin-tiles.xml

@@ -55,6 +55,10 @@
         <put-attribute name="bodyContent" value="/WEB-INF/jsp/admin/configuration/administrators.jsp" />
     </definition>
 
+    <definition name="admin/configuration/administratorsEdit" extends="backend">
+        <put-attribute name="bodyContent" value="/WEB-INF/jsp/admin/configuration/administratorsEditForm.jsp" />
+    </definition>
+
 
     <!-- currencies -->
 

src/main/webapp/WEB-INF/jsp/admin/configuration/administrators.jsp

@@ -57,7 +57,7 @@
                     </table>
                     <table border="0" width="100%" cellspacing="0" cellpadding="2">
                         <tr>
-                            <td align="center" class="infoBoxContent"><span class="tdbLink"><a id="tdb2" href="http://localhost/oscommerce2/admin/administrators.php?aID=2&action=edit">Edit</a></span><script type="text/javascript">$("#tdb2").button({icons:{primary:"ui-icon-document"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script><span class="tdbLink"><a id="tdb3" href="http://localhost/oscommerce2/admin/administrators.php?aID=2&action=delete">Delete</a></span><script type="text/javascript">$("#tdb3").button({icons:{primary:"ui-icon-trash"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
+                            <td align="center" class="infoBoxContent"><span class="tdbLink"><a id="tdb2" href="<c:url value="/admin/administrators/${thisAdministrator.id}/edit"/>">Edit</a></span><script type="text/javascript">$("#tdb2").button({icons:{primary:"ui-icon-document"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script><span class="tdbLink"><a id="tdb3" href="http://localhost/oscommerce2/admin/administrators.php?aID=2&action=delete">Delete</a></span><script type="text/javascript">$("#tdb3").button({icons:{primary:"ui-icon-trash"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
                         </tr>
                     </table>
                 </td>

src/main/webapp/WEB-INF/jsp/admin/configuration/administratorsEditForm.jsp

@@ -0,0 +1,78 @@
+<%@ include file="/WEB-INF/layout/taglibs.jsp"%>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="2">
+    <tr>
+        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
+            <tr>
+                <td class="pageHeading">Administrators</td>
+                <td class="pageHeading" align="right"><img src="resources/admin/images/pixel_trans.gif" border="0" alt="" width="57" height="40" /></td>
+            </tr>
+        </table></td>
+    </tr>
+    <!--
+    <tr>
+        <td>
+            <table border="0" width="100%" cellspacing="0" cellpadding="2">
+                <tr class="messageStackError">
+                    <td class="messageStackError"><img src="resources/admin/images/icons/error.gif" border="0" alt="Error" title="Error" />&nbsp;<strong>Additional Protection With htaccess/htpasswd</strong><p>This osCommerce Online Merchant Administration Tool installation is not additionally secured through htaccess/htpasswd means.</p><p>Enabling the htaccess/htpasswd security layer will automatically store administrator username and passwords in a htpasswd file when updating administrator password records.</p><p><strong>Please note</strong>, if this additional security layer is enabled and you can no longer access the Administration Tool, please make the following changes and consult your hosting provider to enable htaccess/htpasswd protection:</p><p><u><strong>1. Edit this file:</strong></u><br /><br />/opt/local/apache2/htdocs/oscommerce2/admin/.htaccess</p><p>Remove the following lines if they exist:</p><p><i>##### OSCOMMERCE ADMIN PROTECTION - BEGIN #####<br />AuthType Basic<br />AuthName "osCommerce Online Merchant Administration Tool"<br />AuthUserFile /opt/local/apache2/htdocs/oscommerce2/admin/.htpasswd_oscommerce<br />Require valid-user<br />##### OSCOMMERCE ADMIN PROTECTION - END #####</i></p><p><u><strong>2. Delete this file:</strong></u><br /><br />/opt/local/apache2/htdocs/oscommerce2/admin/.htpasswd_oscommerce</p></td>
+                </tr>
+            </table>
+        </td>
+    </tr>
+    -->
+    <tr>
+        <td><table border="0" width="100%" cellspacing="0" cellpadding="0">
+            <tr>
+                <td valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
+                    <tr class="dataTableHeadingRow">
+                        <td class="dataTableHeadingContent">Administrators</td>
+                        <td class="dataTableHeadingContent" align="center">Secured by htpasswd</td>
+                        <td class="dataTableHeadingContent" align="right">Action&nbsp;</td>
+                    </tr>
+                    <c:forEach var="administrator" items="${administrators}">
+                        <c:if test="${administrator.id == thisAdministrator.id}">
+                            <tr id="defaultSelected" class="dataTableRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='<c:url value="/admin/administrators/${administrator.id}"/>'">
+                                <td class="dataTableContent">${administrator.userName}</td>
+                                <td class="dataTableContent" align="center"><img src="resources/admin/images/icon_status_red.gif" border="0" alt="Not Secured" title="Not Secured" width="10" height="10" /></td>
+                                <td class="dataTableContent" align="right"><img src="resources/admin/images/icon_arrow_right.gif" border="0" alt="" />&nbsp;</td>
+                            </tr>
+                        </c:if>
+                        <c:if test="${administrator.id != thisAdministrator.id}">
+                            <tr class="dataTableRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="document.location.href='<c:url value="/admin/administrators/${administrator.id}"/>'">
+                                <td class="dataTableContent">${administrator.userName}</td>
+                                <td class="dataTableContent" align="center"><img src="resources/admin/images/icon_status_red.gif" border="0" alt="Not Secured" title="Not Secured" width="10" height="10" /></td>
+                                <td class="dataTableContent" align="right"><a href="<c:url value="/admin/administrators/${administrator.id}"/>"><img src="resources/admin/images/icon_info.gif" border="0" alt="Info" title="Info" /></a>&nbsp;</td>
+                            </tr>
+                        </c:if>
+                    </c:forEach>
+                    <tr>
+                        <td class="smallText" colspan="3" align="right"><span class="tdbLink"><a id="tdb1" href="http://localhost/oscommerce2/admin/administrators.php?action=new">Insert</a></span><script type="text/javascript">$("#tdb1").button({icons:{primary:"ui-icon-plus"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
+                    </tr>
+                </table></td>
+                <td width="25%" valign="top">
+                    <table border="0" width="100%" cellspacing="0" cellpadding="2">
+                        <tr class="infoBoxHeading">
+                            <td class="infoBoxHeading"><strong>${thisAdministrator.userName}</strong></td>
+                        </tr>
+                    </table>
+                    <form:form commandName="thisAdministrator" method="post" autocomplete="off"><form:hidden path="id"/>
+                    <table border="0" width="100%" cellspacing="0" cellpadding="2">
+                        <tr>
+                            <td class="infoBoxContent">Please make any necessary changes</td>
+                        </tr>
+                        <tr>
+                            <td class="infoBoxContent"><br />Username:<br /><form:input path="userName" maxlength="40"/><form:errors path="userName" /></td>
+                        </tr>
+                        <tr>
+                            <td class="infoBoxContent"><br />New Password:<br /><form:password path="userPassword" maxlength="40"/><form:errors path="userPassword" /></td>
+                        </tr>
+                        <tr>
+                            <td align="center" class="infoBoxContent"><br /><span class="tdbLink"><button id="tdb2" type="submit">Save</button></span><script type="text/javascript">$("#tdb2").button({icons:{primary:"ui-icon-disk"}}).addClass("ui-priority-primary").parent().removeClass("tdbLink");</script><span class="tdbLink"><a id="tdb3" href="<c:url value="/admin/administrators/${thisAdministrator.id}"/>">Cancel</a></span><script type="text/javascript">$("#tdb3").button({icons:{primary:"ui-icon-close"}}).addClass("ui-priority-secondary").parent().removeClass("tdbLink");</script></td>
+                        </tr>
+                    </table>
+                    </form:form>
+                </td>
+            </tr>
+        </table></td>
+    </tr>
+</table>