Changeset 2014

Timestamp:

07/17/09 20:49:27 (3 years ago)

Author:

mswertz

Message:

Renamed 'Login' to 'Security' framework and further improved it, including readonly in ui.
Small UI bugfixes

Location:

molgenis3_3/src/org/molgenis

Files:

• MolgenisOptions.java (modified) (1 diff)
• framework/Database.java (modified) (2 diffs)
• framework/UserInterface.java (modified) (2 diffs)
• framework/data/MappingDecorator.java (modified) (1 diff)
• framework/data/inmemory/InMemoryDatabase.java (modified) (4 diffs)
• framework/data/jdbc/AbstractJDBCMapper.java (modified) (7 diffs)
• framework/data/jdbc/JDBCDatabase.java (modified) (9 diffs)
• framework/data/jdbc/JDBCMapper.java (modified) (1 diff)
• framework/data/xml/XmlDatabase.java (modified) (2 diffs)
• framework/screen/UserInterface.java (modified) (5 diffs)
• framework/screen/form/FormController.java (modified) (2 diffs)
• framework/screen/form/FormScreen.java (modified) (11 diffs)
• framework/screen/form/commands/AddBatchCommand.java (modified) (1 diff)
• framework/screen/form/commands/AddCommand.java (modified) (1 diff)
• framework/screen/form/commands/AddCommand2.java (modified) (1 diff)
• framework/screen/form/commands/ViewEditViewCommand.java (modified) (1 diff)
• framework/screen/plugin/PluginScreen.java (modified) (2 diffs)
• framework/security (moved) (moved from molgenis3_3/src/org/molgenis/framework/auth)
• framework/security/Login.java (deleted)
• framework/security/Security.java (copied) (copied from molgenis3_3/src/org/molgenis/framework/auth/Login.java) (6 diffs)
• framework/security/SimpleLogin.java (deleted)
• framework/security/SimpleSecurity.java (copied) (copied from molgenis3_3/src/org/molgenis/framework/auth/SimpleLogin.java) (3 diffs)
• framework/security/package-info.java (modified) (1 diff)
• framework/server/AbstractMolgenisServlet.java (modified) (6 diffs)
• framework/style/original/FormScreen.ftl (modified) (15 diffs)
• generators/screen/FormScreenGen.java.ftl (modified) (2 diffs)
• generators/servlet/MolgenisServletGen.ftl (modified) (2 diffs)
• generators/sql/FillMetadataTablesGen.sql.ftl (modified) (1 diff)
• model/syntax/Entity.java (modified) (1 diff)

molgenis3_3/src/org/molgenis/MolgenisOptions.java

@@ -79 +79 @@
         
         @Option(name = "auth_loginclass", param = "auth_loginclass", type = Option.Type.REQUIRED_ARGUMENT, usage = "Expert option.")
-        public String auth_loginclass = "org.molgenis.framework.auth.SimpleLogin";
+        public String auth_loginclass = "org.molgenis.framework.security.SimpleSecurity";
 
         // @Option(name = "force_lowercase_names", param = "force_lowercase_names",

molgenis3_3/src/org/molgenis/framework/Database.java

@@ -23 +23 @@
 import java.util.List;
 
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.CustomQuery;
 import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.data.Query;
 import org.molgenis.framework.data.QueryRule;
+import org.molgenis.framework.security.Security;
 import org.molgenis.model.syntax.Model;
 import org.molgenis.util.CsvReader;
@@ -356 +356 @@
 
         /** Return the login object that takes care of auth */
-        public Login getLogin();
-
-        public void setLogin(Login login);
+        public Security getSecurity();
+
+        public void setLogin(Security login);
 
         public Class<Entity> getClassForName(String name);

molgenis3_3/src/org/molgenis/framework/UserInterface.java

@@ -1 +1 @@
 package org.molgenis.framework;
 
-import org.molgenis.framework.auth.Login;
+import org.molgenis.framework.security.Security;
 
 public interface UserInterface
@@ -10 +10 @@
         public void setDatabase(Database db);
         /**Get the login for this user interface*/
-        public Login getLogin();
+        public Security getLogin();
         /**set the login for this user interface*/
-        public void setLogin(Login loging);
+        public void setLogin(Security loging);
         /**Get the root screen of this userinterface*/
         //public void getScreen();

molgenis3_3/src/org/molgenis/framework/data/MappingDecorator.java

@@ -73 +73 @@
 
         @Override
-        public int remove(CsvReader reader)
+        public int remove(CsvReader reader) throws DatabaseException
         {
                 return mapper.remove(reader);

molgenis3_3/src/org/molgenis/framework/data/inmemory/InMemoryDatabase.java

@@ -11 +11 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.CustomQuery;
 import org.molgenis.framework.data.DatabaseException;
@@ -18 +17 @@
 import org.molgenis.framework.data.QueryRule;
 import org.molgenis.framework.data.QueryRule.Operator;
+import org.molgenis.framework.security.Security;
 import org.molgenis.model.syntax.Model;
 import org.molgenis.util.CsvReader;
@@ -306 +306 @@
 
         @Override
-        public Login getLogin()
+        public Security getSecurity()
         {
                 // TODO Auto-generated method stub
@@ -313 +313 @@
 
         @Override
-        public void setLogin(Login login)
+        public void setLogin(Security login)
         {
                 // TODO Auto-generated method stub

molgenis3_3/src/org/molgenis/framework/data/jdbc/AbstractJDBCMapper.java

@@ -17 +17 @@
 import org.molgenis.framework.data.QueryRule.Operator;
 import org.molgenis.framework.data.jdbc.ColumnInfo.Type;
+import org.molgenis.framework.security.Security;
 import org.molgenis.util.CsvReader;
 import org.molgenis.util.Entity;
@@ -112 +113 @@
 
                         List<E> entities = toList(reader, BATCH_SIZE);
-
+                                
                         if (writer != null) writer.writeHeader(entities.get(0));
 
@@ -121 +122 @@
 
                                 // add to the database
-                                rowsAffected += this.add(entities);
+                                rowsAffected += database.add(entities);
                                 if (writer != null)
                                 {
@@ -147 +148 @@
                 final String TX_TICKET = "UPDATE" + this.getClass().getSimpleName();
                 try
-                {
+                {                       
                         // start anonymous transaction for the batched update
                         database.beginPrivateTx(TX_TICKET);
@@ -163 +164 @@
                         // update in batches
                         for (int i = 0; i < entities.size(); i += BATCH_SIZE)
-                        {
+                        {                               
                                 int endindex = Math.min(i + BATCH_SIZE, entities.size());
                                 List<E> sublist = entities.subList(i, endindex);
@@ -203 +204 @@
 
                                 // update to the database
-                                rowsAffected += update(entities);
+                                rowsAffected += database.update(entities);
                                 entities = toList(reader, BATCH_SIZE);
                         }
@@ -461 +462 @@
         }
 
-        public int remove(CsvReader reader)
-        {
-                // TODO Auto-generated method stub
-                return 0;
+        public int remove(CsvReader reader) throws DatabaseException
+        {
+                int rowsAffected = 0;
+                final String TX_TICKET = "REMOVE+" + this.create().getClass().getCanonicalName() + "_CSV";
+                try
+                {
+                        database.beginPrivateTx(TX_TICKET);
+                        List<E> entities = toList(reader, BATCH_SIZE);
+                        while (entities.size() > 0)
+                        {
+                                // resolve foreign keys
+                                this.resolveForeignKeys(entities);
+
+                                // update to the database
+                                rowsAffected += database.remove(entities);
+                                entities = toList(reader, BATCH_SIZE);
+                        }
+
+                        database.commitPrivateTx(TX_TICKET);
+                }
+                catch (Exception e)
+                {
+                        database.rollbackPrivateTx(TX_TICKET);
+                        throw new DatabaseException(e);
+                }
+                return rowsAffected;
         }
 

molgenis3_3/src/org/molgenis/framework/data/jdbc/JDBCDatabase.java

@@ -20 +20 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.CustomQuery;
 import org.molgenis.framework.data.DatabaseException;
@@ -28 +27 @@
 import org.molgenis.framework.data.jdbc.datasource.DataSourceWrapper;
 import org.molgenis.framework.data.jdbc.datasource.SimpleDataSourceWrapper;
+import org.molgenis.framework.security.Security;
 import org.molgenis.model.syntax.Model;
 import org.molgenis.util.CsvReader;
@@ -67 +67 @@
         File fileSource;
         /** Login object */
-        Login login;
+        Security login;
         /** Logger for this database */
         static Logger logger = Logger.getLogger(JDBCDatabase.class.getSimpleName());
@@ -282 +282 @@
         public <E extends Entity> int add(List<E> entities) throws DatabaseException, IOException
         {
-                if(!this.getLogin().hasEditPermission(entities)) throw new DatabaseException("Add not allowed for this user");
-                if (entities.size() > 0) return getMapperFor(entities).add(entities);
+                if (entities.size() > 0)
+                {
+                        checkEditPermission(entities);
+                        return getMapperFor(entities).add(entities);
+                }
                 return 0;
         }
@@ -304 +307 @@
         public <E extends Entity> int update(List<E> entities) throws DatabaseException, IOException
         {
-                if (entities.size() > 0) return getMapperFor(entities).update(entities);
+                if (entities.size() > 0)
+                {
+                        checkEditPermission(entities);
+                        return getMapperFor(entities).update(entities);
+                }
                 return 0;
         }
@@ -325 +332 @@
         public <E extends Entity> int remove(List<E> entities) throws DatabaseException, IOException
         {
-                if (entities.size() > 0) return getMapperFor(entities).remove(entities);
+                if (entities.size() > 0)
+                {
+                        checkEditPermission(entities);
+                        return getMapperFor(entities).remove(entities);
+                }
                 return 0;
         }
@@ -334 +345 @@
                 return getMapperFor(klazz).remove(reader);
         }
-
-        // @Override
-        // public <E extends Entity> void cacheXrefOptions(Class<E> klazz) throws
-        // DatabaseException
-        // {
-        // try
-        // {
-        // JDBCMapper<E> mapper = this.getMapperFor(klazz);
-        // mapper.cacheXrefOptions(this);
-        // }
-        // // whatever happens, close connection
-        // finally
-        // {
-        // closeConnection();
-        // }
-        // }
-
-        // @Override
-        // public <E extends Entity> E setXrefOptions(E entity) throws
-        // DatabaseException
-        // {
-        // if (entity != null)
-        // {
-        // try
-        // {
-        // // openConnection();
-        // JDBCMapper<E> mapper = (JDBCMapper<E>)
-        // this.getMapperFor(entity.getClass());
-        // //entity = mapper.setXrefOptions(entity, entity.isReadonly());
-        // }
-        // // whatever happens, close connection
-        // finally
-        // {
-        // closeConnection();
-        // }
-        // }
-        // return entity;
-        // }
 
         // @Override
@@ -557 +530 @@
         }
 
-        public Login getLogin()
+        public Security getSecurity()
         {
                 return login;
         }
 
-        public void setLogin(Login login)
+        public void setLogin(Security login)
         {
                 this.login = login;
@@ -577 +550 @@
                 return metadata;
         }
+
+        /**
+         * Verify edit permission for all entities
+         * 
+         * @param entities
+         * @return
+         * @throws DatabaseException
+         */
+        private <E extends Entity> void checkEditPermission(List<E> entities) throws DatabaseException
+        {
+                Security security = getSecurity();
+                for (E entity : entities)
+                {
+                        if (!security.hasEditPermission(entity)) throw new DatabaseException("Edit not allowed");
+                }
+        }
 }

molgenis3_3/src/org/molgenis/framework/data/jdbc/JDBCMapper.java

@@ -50 +50 @@
         public void find(CsvWriter writer, QueryRule[] rules) throws DatabaseException;
 
-        public int remove(CsvReader reader);
+        public int remove(CsvReader reader) throws DatabaseException;
 
         public List<E> toList(CsvReader reader, int limit) throws Exception;

molgenis3_3/src/org/molgenis/framework/data/xml/XmlDatabase.java

@@ -10 +10 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.CustomQuery;
 import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.data.Query;
 import org.molgenis.framework.data.QueryRule;
+import org.molgenis.framework.security.Security;
 import org.molgenis.model.syntax.Model;
 import org.molgenis.util.CsvReader;
@@ -264 +264 @@
 
         @Override
-        public Login getLogin() {
-                // TODO Auto-generated method stub
-                return null;
-        }
-
-        @Override
-        public void setLogin(Login login) {
+        public Security getSecurity() {
+                // TODO Auto-generated method stub
+                return null;
+        }
+
+        @Override
+        public void setLogin(Security login) {
                 // TODO Auto-generated method stub
                 

molgenis3_3/src/org/molgenis/framework/screen/UserInterface.java

@@ -7 +7 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.file.FileLink;
 import org.molgenis.framework.screen.menu.MenuScreen;
+import org.molgenis.framework.security.Security;
 import org.molgenis.util.Tuple;
 
@@ -27 +27 @@
         private static Logger logger = Logger.getLogger(UserInterface.class.getSimpleName());
         /** The login * */
-        private Login login;
+        private Security login;
         /** The Database used by this UserInterface */
         //private Database database;
@@ -41 +41 @@
          *        for authentication/authorization
          */
-        public UserInterface(Login login)
+        public UserInterface(Security login)
         {
                 super("main", null); // this is the root of the screen tree.
@@ -55 +55 @@
          * @return Login
          */
-        public Login getLogin()
+        public Security getLogin()
         {
                 return login;
@@ -65 +65 @@
          * @param login
          */
-        public void setLogin( Login login )
+        public void setLogin( Security login )
         {
                 this.login = login;

molgenis3_3/src/org/molgenis/framework/screen/form/FormController.java

@@ -398 +398 @@
 
                 // set form level rights
-                boolean formReadonly = view.isReadonly() || !view.getLogin().hasEditPermission(view.create().getClass());
+                boolean formReadonly = view.isReadonly() || !view.getSecurity().hasEditPermission(view.create().getClass());
                 view.setReadonly(formReadonly);
 
@@ -411 +411 @@
                 for (E record : allRecords)
                 {
-                        boolean rowReadonly = formReadonly || !view.getLogin().hasEditPermission(record.getClass());
+                        boolean rowReadonly = formReadonly || !view.getSecurity().hasEditPermission(record.getClass());
 
                         if (rowReadonly) record.setReadonly(true);

molgenis3_3/src/org/molgenis/framework/screen/form/FormScreen.java

@@ -23 +23 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.data.DatabasePager;
@@ -30 +29 @@
 import org.molgenis.framework.data.csv.CsvEntityReader;
 import org.molgenis.framework.html.FileInput;
+import org.molgenis.framework.html.HtmlForm;
 import org.molgenis.framework.html.HtmlInput;
 import org.molgenis.framework.screen.Screen;
@@ -47 +47 @@
 import org.molgenis.framework.screen.form.commands.ViewListViewCommand;
 import org.molgenis.framework.screen.form.commands.ViewRecordViewCommand;
+import org.molgenis.framework.security.Security;
 import org.molgenis.util.Entity;
 import org.molgenis.util.Tuple;
@@ -65 +66 @@
          * @param newrecord
          */
-        public abstract Vector<HtmlInput> getInputs(E entity, boolean newrecord);
+        public abstract HtmlForm<E> getInputs(E entity, boolean newrecord);
 
         /**
@@ -277 +278 @@
         public boolean isVisible()
         {
-                return this.getLogin().hasReadPermission(this.create().getClass());
+                return this.getSecurity().hasReadPermission(this.create().getClass());
         }
 
@@ -371 +372 @@
         {
                 Vector<String> headers = new Vector<String>();
-                for (HtmlInput input : getInputs(this.create(), true))
+                for (HtmlInput input : getInputs(this.create(), true).getInputs())
                 {
                         headers.add(input.getLabel());
@@ -383 +384 @@
          * @throws DatabaseException
          */
-        public Vector<HtmlInput> getNewInputs() throws DatabaseException
+        public HtmlForm<E> getNewRecordForm() throws DatabaseException
         {
                 E entity = this.create();
@@ -396 +397 @@
          *         row on screen.
          */
-        public Vector<Vector<HtmlInput>> getRecordInputs()
-        {
-                Vector<Vector<HtmlInput>> records = new Vector<Vector<HtmlInput>>();
+        public Vector<HtmlForm<E>> getRecordInputs()
+        {
+                Vector<HtmlForm<E>> records = new Vector<HtmlForm<E>>();
 
                 try
@@ -404 +405 @@
                         for (E entity : getRecords())
                         {
-                                records.add(getInputs(entity, false));
+                                HtmlForm<E> record = getInputs(entity, false);
+                                record.setReadonly(!getSecurity().hasEditPermission(entity));
+                                records.add(record);
                         }
                 }
@@ -427 +430 @@
                 Map<String, String> nameLabelMap = new TreeMap<String, String>();
 
-                for (HtmlInput input : this.getNewInputs())
+                for (HtmlInput input : this.getNewRecordForm().getInputs())
                 {
                         // getSearchFields maps xref and mref field to their label
@@ -692 +695 @@
         }
 
-        public Login getLogin()
+        public Security getSecurity()
         {
                 return getRootScreen().getLogin();

molgenis3_3/src/org/molgenis/framework/screen/form/commands/AddBatchCommand.java

@@ -56 +56 @@
 
                 // delegate to the formscreen
-                List<HtmlInput> inputs = this.getScreen().getNewInputs();
+                List<HtmlInput> inputs = this.getScreen().getNewRecordForm().getInputs();
 
                 // remove not-null constraints

molgenis3_3/src/org/molgenis/framework/screen/form/commands/AddCommand.java

@@ -35 +35 @@
         {
                 // delegate to the formscreen
-                return this.getScreen().getNewInputs();
+                return this.getScreen().getNewRecordForm().getInputs();
         }
 

molgenis3_3/src/org/molgenis/framework/screen/form/commands/AddCommand2.java

@@ -43 +43 @@
         {
                 Form f = new Form();
-                f.addAll(this.getScreen().getNewInputs());              
+                f.addAll(this.getScreen().getNewRecordForm().getInputs());              
                 f.setAll(previousRequest);
                 return f.getInputs();

molgenis3_3/src/org/molgenis/framework/screen/form/commands/ViewEditViewCommand.java

@@ -36 +36 @@
                 //show add button when not in recordview
                 //show add button if the screen is not readonly
-                return !this.getScreen().getMode().equals(Mode.EDIT_VIEW) && !this.getScreen().isReadonly();
+                return !this.getScreen().getMode().equals(Mode.EDIT_VIEW) 
+                && !this.getScreen().isReadonly() 
+                && this.getScreen().getRecordInputs().size() != 0
+                && !this.getScreen().getRecordInputs().get(0).isReadonly();
         }
 }

molgenis3_3/src/org/molgenis/framework/screen/plugin/PluginScreen.java

@@ -6 +6 @@
 
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.screen.Screen;
 import org.molgenis.framework.screen.ScreenController;
 import org.molgenis.framework.screen.ScreenMessage;
 import org.molgenis.framework.screen.common.SimpleScreen;
+import org.molgenis.framework.security.Security;
 import org.molgenis.util.Tuple;
 
@@ -26 +26 @@
         }
 
-        public Login getLogin()
+        public Security getLogin()
         {
                 return this.getRootScreen().getLogin();

molgenis3_3/src/org/molgenis/framework/security/Security.java

@@ -1 @@
-package org.molgenis.framework.auth;
+package org.molgenis.framework.security;
 
 import java.text.ParseException;
@@ -10 +10 @@
 
 /**
- * Represents the login features of the application.
+ * Simple authentication and authorization interface that enables MOLGENIS
+ * developers to enhance their applications with authentication and
+ * authorization.
+ * <ul>
+ * <li>Login/logout (authorization)
+ * <li>Entity level security (hasReadPermission(class),
+ * hasWritePermission(class))
+ * <li>Instance level security (rowLevelSecurityFilter,
+ * hasWritePermission(object))
+ * </ul>
+ * Developers can implement this interface to realize a variety of security
+ * schemes.
  */
-public interface Login
+public interface Security
 {
         /**
@@ -28 +39 @@
 
         /**
-         * Un-authenticate the user.
+         * Un-authenticate the user. Now the user will be perceived as 'guest'.
          */
         public void logout();
 
         /**
-         * Reloads all permission settings for this user.
+         * Reloads all permission settings for this user from database.
          * 
          * @throws ParseException
@@ -41 +52 @@
 
         /**
-         * Whether the current use has ben authenicated. Otherwise the user is a
-         * guest.
+         * Indicates whether the current use has been authenicated. Otherwise the
+         * user is a guest.
          * 
          * @return
@@ -48 +59 @@
         public boolean isAuthenticated();
 
-        /** does the user have permissions to read data from this entity */
-        public <E extends Entity> boolean  hasReadPermission(Class<E> entityClass);
-
-        /** Does the user have create, update, delete permissions for this entity */
-        public <E extends Entity> boolean hasEditPermission(Class<E> entityClass) throws DatabaseException;
-        
-        /** Does the user have the right to write these entities*/
-        public <E extends Entity> boolean hasEditPermission(E entity) throws DatabaseException;
-        
-        public <E extends Entity> boolean hasEditPermission(List<E> entities) throws DatabaseException;
-
-        /** create a filter for only those records the user/group is allowed to view */
-        public QueryRule getRowlevelSecurityFilters(Entity entity);
-
         /**
-         * The name of this user.
+         * The name of the logged in user user.
          * 
-         * @return
+         * @return the unique name of the user
          */
         public String getUserName();
@@ -72 +69 @@
          * The system id of this user.
          * 
-         * @return
+         * @return numeric identifier of the user
          */
         public Integer getUserId();
 
         /**
-         * Indicate if login is required
+         * Indicate if login is required. If true then the user will not be able to
+         * access MOLGENIS unless authenticated. If false then the user will always
+         * be able to login, but with 'guest' level user rights.
          * 
-         * @return
+         * @return login required
          */
         public boolean isLoginRequired();
+
+        /**
+         * Indicates whether the user has permissions to read data from this class
+         * of entities (aka 'entity level security')
+         * 
+         * @return readpermission
+         */
+        public <E extends Entity> boolean hasReadPermission(Class<E> entityClass);
+
+        /**
+         * Indicates whether the user has permissions to add, update, delete data
+         * for this entity class (aka 'entity level security')
+         * 
+         * @return editpermission
+         */
+        public <E extends Entity> boolean hasEditPermission(Class<E> entityClass) throws DatabaseException;
+
+        /**
+         * Indicates whether the user has permissions to add, update, delete this
+         * particular entity instance*
+         * 
+         * @return editpermission
+         */
+        public <E extends Entity> boolean hasEditPermission(E entity) throws DatabaseException;
+
+        /**
+         * Creates a filter which can be used by find/count to only retrieve those
+         * records the user/group is allowed to view
+         */
+        public QueryRule getRowlevelSecurityFilters(Entity entity);
+
 }

molgenis3_3/src/org/molgenis/framework/security/SimpleSecurity.java

@@ -1 @@
-package org.molgenis.framework.auth;
+package org.molgenis.framework.security;
 
 import java.util.List;
@@ -8 +8 @@
 import org.molgenis.util.Entity;
 
-public class SimpleLogin implements Login {
+public class SimpleSecurity implements Security {
 
         @Override
@@ -99 +99 @@
                 return true;
         }
-
-        @Override
-        public <E extends Entity> boolean hasEditPermission(List<E> entities)
-                        throws DatabaseException {
-                // TODO Auto-generated method stub
-                return true;
-        }
 }

molgenis3_3/src/org/molgenis/framework/security/package-info.java

@@ -1 +1 @@
 /**
- * {@link org.molgenis.framework.auth} minimal authentication and authorization framework.
+ * {@link org.molgenis.framework.security} minimal authentication and authorization framework.
  */
-package org.molgenis.framework.auth;
+package org.molgenis.framework.security;

molgenis3_3/src/org/molgenis/framework/server/AbstractMolgenisServlet.java

@@ -35 +35 @@
 import org.apache.log4j.Logger;
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
 import org.molgenis.framework.data.CustomQuery;
 import org.molgenis.framework.data.DatabaseException;
@@ -44 +43 @@
 import org.molgenis.framework.screen.UserInterface;
 import org.molgenis.framework.screen.form.FormScreen;
+import org.molgenis.framework.security.Security;
 import org.molgenis.framework.style.original.MolgenisOriginalStyle;
 import org.molgenis.util.Entity;
@@ -100 +100 @@
          * can override this to set a security mechanism.
          */
-        public abstract Login createLogin(Database db, HttpServletRequest request);
+        public abstract Security createLogin(Database db, HttpServletRequest request);
 
         /**
@@ -106 +106 @@
          * path...
          */
-        public abstract Screen createApplication(Login userLogin);
+        public abstract Screen createApplication(Security userLogin);
 
         /**
@@ -235 +235 @@
                 // login/logout
                 HttpSession session = request.getSession();
-                Login userLogin = null;
+                Security userLogin = null;
                 // Get appplication from session (or create one)
                 Screen molgenis = (UserInterface) session.getAttribute("application");
@@ -978 +978 @@
                                 for (Object label : xref_label)
                                 {
-                                        out.write(result.get(i).getString((String) label) + ".");
+                                        out.write(result.get(i).getString((String) label));
                                 }
                                 out.write("\"");

molgenis3_3/src/org/molgenis/framework/style/original/FormScreen.ftl

@@ -74 +74 @@
                 <!--search box-->
                 <label>Search:</label><select title="choose attribute" name="__filter_attribute">
-                <#list screen.getNewInputs() as input>
+                <#list screen.getNewRecordForm().inputs as input>
                         <option value="${screen.getSearchField(input.name)}">${input.label}</option>
                 </#list>
@@ -102 +102 @@
         <#assign requiredcount = 0 />
         <#assign required = "" />
-        <#list screen.getNewInputs() as input>
+        <#list screen.getNewRecordForm() as input>
                 <#if !input.isHidden()>
                         <tr>
@@ -183 +183 @@
                                 <td>
                                         <select name="attribute">
-        <#list screen.getNewInputs() as input>
+        <#list screen.getNewRecordForm() as input>
                                         <option value="${input.name}">${input.label}</option>
         </#list>
@@ -219 +219 @@
 <#assign massupdate = command.screen.getSelectedIds()>
 <#assign screen = command.screen>
-<body onload="<#list screen.getNewInputs() as input><#if !input.isHidden()>${screen.name}_massupdate.${input.name}.disabled = true; </#if></#list>">
+<body onload="<#list screen.getNewRecordForm().inputs as input><#if !input.isHidden()>${screen.name}_massupdate.${input.name}.disabled = true; </#if></#list>">
         <p class="form_header">Update multiple ${screen.label} records</p>
         <#if massupdate?has_content>
@@ -233 +233 @@
                         <input type="hidden" name="massUpdate" value="${id}">
         </#list>
-        <#list screen.getNewInputs() as input>
+        <#list screen.getNewRecordForm() as input>
                 <#if !input.isHidden()>
                         <tr>
@@ -266 +266 @@
                 <#assign required = "" />
                 <#assign readonly = "true" />
-                <#list record as input>
+                <#list record.inputs as input>
                         <#if !input.isReadonly()>
                                 <#assign readonly = "false" />
@@ -294 +294 @@
 </table></td><td  class="edit_button_area">
                 <#if screen.mode.toString() == "recordview" >
-                        <#if screen.readonly == true>
+                        <#if readonly = "true">
                         <#else>
                                 <image class="edit_button" src="res/img/editview.gif" alt="Edit" onclick="setInput('${screen.name}_form','_self','','${screen.name}','editview','iframe'); document.forms.${screen.name}_form.submit();" title="edit current record" />                         
@@ -316 +316 @@
         <tr>
                 <th><label>&nbsp;</label></th>
-                        <#list record as input>
+                        <#list record.inputs as input>
                                 <#if input.getName() == screen.getIdField()>    
                                         <th><label>&nbsp;</label></th>
@@ -322 +322 @@
                         </#list>
                 
-                        <#list record as input>
-                <th>
+                        <#list record.inputs as input>                          
                                 <#if screen.getController().getClass().getSimpleName() != "FormController">
                                         <#if input.isHidden()>
                                         <#else>
-                                                <label class="tableheader" title="${input.getDescription()}">${input.getLabel()}</label>
+                                        <th>
+                                                <label class="tableheader" title="${input.getDescription()}">${input.getLabel()}</label></th>
                                         </#if>
                                 <#else>
@@ -334 +334 @@
                                         <#else>
                         <#--<img src="res/img/close.png" title="hide ${input.getLabel()}" onclick="setInput('${screen.name}_form','_self','','${screen.name}','hideColumn','iframe'); document.forms.${screen.name}_form.attribute.value='${input.getName()}'; document.forms.${screen.name}_form.submit();" />-->
-                        <label class="tableheader" onclick="setInput('${screen.name}_form','_self','','${screen.name}','sort','iframe'); document.forms.${screen.name}_form.__sortattribute.value='${input.getName()}'; document.forms.${screen.name}_form.submit();">
+                        <th><label class="tableheader" onclick="setInput('${screen.name}_form','_self','','${screen.name}','sort','iframe'); document.forms.${screen.name}_form.__sortattribute.value='${input.getName()}'; document.forms.${screen.name}_form.submit();">
                                         ${input.getLabel()}<#if screen.getSort() == input.getName()> <#if screen.getSortMode().toString() == "SORTASC"><img src="res/img/sort_asc.gif"><#else><img src="res/img/sort_desc.gif"></#if></#if>
                         </label>
+                                        </th>
                                         </#if>
                                 </#if>
-                </th>
+
                         </#list>
         </tr>   
@@ -347 +348 @@
                 <#assign rowcolor = offset % 2>         
                 <#assign readonly = "*" />
-                <#list record as input>
+                <#list record.inputs as input>
                         <#if !input.isReadonly()>
                                 <#assign readonly = "" />
@@ -355 +356 @@
         <td>
                 <label>${offset}. 
-                                <img class="edit_button" src="res/img/recordview.png" title="edit record" alt="edit${offset}" onClick="setInput('${screen.name}_form','_self','','${screen.name}','editview','iframe'); document.forms.${screen.name}_form.__offset.value='${offset}'; document.forms.${screen.name}_form.submit();">${readonly}</label>
+                <#if readonly == "*" >
+                        <img class="edit_button" src="res/img/recordview.png" title="view record" alt="edit${offset}" onClick="setInput('${screen.name}_form','_self','','${screen.name}','recordview','iframe'); document.forms.${screen.name}_form.__offset.value='${offset}'; document.forms.${screen.name}_form.submit();">${readonly}</label>
+                <#else>
+                        <img class="edit_button" src="res/img/recordview.png" title="edit record" alt="edit${offset}" onClick="setInput('${screen.name}_form','_self','','${screen.name}','editview','iframe'); document.forms.${screen.name}_form.__offset.value='${offset}'; document.forms.${screen.name}_form.submit();">${readonly}</label>
+                </#if>
         </td>
-                <#list record as input>
+                <#list record.inputs as input>
                         <#if input.getName()?lower_case == screen.getIdField()?lower_case>                                      
         <td><input type="checkbox" name="massUpdate" value="${input.getHtmlValue()}"></td>
@@ -366 +371 @@
                 </#list>
         
-                <#list record as input>
+                <#list record.inputs as input>
                                 <#if input.isHidden()>
-        <td></td>
                                 <#else>
                                         <#if input.getTarget() != "" && input.getObject()?exists >
@@ -386 +390 @@
                 <tr>
                         <td></td>
-                <#list screen.getNewInputs() as input>
+                <#list screen.getNewRecordForm().inputs as input>
                         <#if input.getName() == screen.getIdField()>
                         <td><input title="select all visible" type="checkbox" name="checkall" id="checkall" onclick="Javascript:checkAll('${screen.name}_form','massUpdate')" /></td>
@@ -405 +409 @@
                 <table>
                 <tr><td colspan="2"><i>Set constants (overrides uploaded data).</i></td></tr>
-                <#list screen.getNewInputs() as input>
+                <#list screen.getNewRecordForm() as input>
                 <tr><td><label>${input.label}</label></td><td>${input.toHtml()}</td></tr>
                 </#list>

molgenis3_3/src/org/molgenis/generators/screen/FormScreenGen.java.ftl

@@ -128 +128 @@
         
         @Override
-        public Vector<HtmlInput> getInputs(${entity} entity, boolean newrecord)
+        public HtmlForm<${entity}> getInputs(${entity} entity, boolean newrecord)
         {
 <#if parent_form?exists>
@@ -165 +165 @@
                 form.setNewRecord(newrecord);
                 form.setReadonly(isReadonly());
-                return form.getInputs();
+                return form;
         }
         

molgenis3_3/src/org/molgenis/generators/servlet/MolgenisServletGen.ftl

@@ -18 +18 @@
 
 import org.molgenis.framework.Database;
-import org.molgenis.framework.auth.Login;
+import org.molgenis.framework.security.Security;
 import org.molgenis.framework.data.DatabaseException;
 import org.molgenis.framework.screen.UserInterface;
@@ -47 +47 @@
         }
 
-        public Login createLogin( Database db, HttpServletRequest request )
+        public Security createLogin( Database db, HttpServletRequest request )
         {
                 return new ${loginclass}();
         }
 
-        public UserInterface createApplication( Login userLogin )
+        public UserInterface createApplication( Security userLogin )
         {
                 UserInterface app = new UserInterface( userLogin);

molgenis3_3/src/org/molgenis/generators/sql/FillMetadataTablesGen.sql.ftl

@@ -1 +1 @@
 <#include "GeneratorHelper.ftl">
 delete from molgenis_fieldmetadata;
-delete from molgenis_entitymetadata;
+INSERT INTO molgenisuser(name,password,superuser) values ("admin","admin",true);
 <#list model.getConcreteEntities() as entity>
-INSERT INTO molgenis_entitymetadata(name,classname) values ("${name(entity)}","${package}.${Name(entity)}");
-<#list entity.fields as field>
+INSERT INTO molgenisentity(name,classname) values ("${name(entity)}","${package}.${Name(entity)}");
+<#--list entity.fields as field>
 INSERT INTO molgenis_fieldmetadata(entity,name,description) SELECT id, "${name(field)}", "<#if field.description != field.name>${field.description}</#if>" from molgenis_entitymetadata where name="${name(entity)}";
+</#list-->
 </#list>
-</#list>

molgenis3_3/src/org/molgenis/model/syntax/Entity.java

@@ -840 +840 @@
                 for (Field field : getAllFields())
                 {
-                        logger.debug("testing: " + field.getName());
+                        //logger.debug("testing: " + field.getName());
 
                         if (name.equalsIgnoreCase(field.getName()))