sesja w bibliotece

grails-app/conf/BootStrap.groovy

@@ -1,12 +1,28 @@
 class BootStrap {
 
   def init = { servletContext ->
-    new User(email:"eg@eg.com",password:"password", crypted_password:User.encodeWithSalt("password", "xxx"), salt:"xxx").save()
-    new User(email:"user@eg.com",password:"password", crypted_password:User.encodeWithSalt("password", "yyy"), salt:"yyy").save()
-    new User(email:"example@eg.com",password:"password", crypted_password:User.encodeWithSalt("password", "zzz"), salt:"zzz").save()
-    new User(email:"student@eg.com",password:"student", crypted_password:User.encodeWithSalt("student", "zzz"), salt:"zzz", role: 1).save()
-    new User(email:"teacher@eg.com",password:"teacher", crypted_password:User.encodeWithSalt("teacher", "zzz"), salt:"zzz", role: 2).save()
-    new User(email:"admin@eg.com",password:"admin", crypted_password:User.encodeWithSalt("admin", "zzz"), salt:"zzz", role: 16).save()
+
+    if(!User.findByEmail("eg@example.com"))
+      new User(email:"eg@example.com",password:"password", crypted_password:User.encodeWithSalt("password", "xxx"), salt:"xxx").save()
+
+    if(!User.findByEmail("example@example.com"))
+      new User(email:"example@example.com",password:"password", crypted_password:User.encodeWithSalt("password", "zzz"), salt:"zzz").save()
+
+    if(!User.findByEmail("student1@example.com"))
+      new User(email:"student1@example.com",password:"student", crypted_password:User.encodeWithSalt("student", "zzz"), salt:"zzz", role: 1).save()
+    if(!User.findByEmail("student2@example.com"))
+      new User(email:"student2@example.com",password:"student", crypted_password:User.encodeWithSalt("student", "zzz"), salt:"zzz", role: 1).save()
+    if(!User.findByEmail("student3@example.com"))
+      new User(email:"student@example.com",password:"student", crypted_password:User.encodeWithSalt("student", "zzz"), salt:"zzz", role: 1).save()
+
+    if(!User.findByEmail("teacher1@example.com"))
+      new User(email:"teacher@example.com",password:"teacher", crypted_password:User.encodeWithSalt("teacher", "zzz"), salt:"zzz", role: 2).save()
+    if(!User.findByEmail("teacher2@example.com"))
+      new User(email:"teacher@example.com",password:"teacher", crypted_password:User.encodeWithSalt("teacher", "zzz"), salt:"zzz", role: 2).save()
+
+    if(!User.findByEmail("admin@example.com"))
+      new User(email:"admin@example.com",password:"admin", crypted_password:User.encodeWithSalt("admin", "zzz"), salt:"zzz", role: 16).save()
+
     println("Loaded bootstrapped users!")
   }
 

grails-app/controllers/PostsController.groovy

@@ -18,7 +18,7 @@ class PostsController {
       return false
     }
   }
-
+/*
   def index = { redirect(action:list,params:params) }
 
   // the delete, save and update actions only accept POST requests
@@ -51,7 +51,8 @@ class PostsController {
           redirect(action:list)
       }
   }
-
+*/
+/*
   def edit = {
       def postInstance = Post.get( params.id )
 
@@ -63,7 +64,8 @@ class PostsController {
           return [ postInstance : postInstance ]
       }
   }
-
+*/
+/*
   def update = {
       def postInstance = Post.get( params.id )
       if(postInstance) {
@@ -81,13 +83,14 @@ class PostsController {
           redirect(action:edit,id:params.id)
       }
   }
-
+*/
+/*
   def create = {
       def postInstance = new Post()
       postInstance.properties = params
       return ['postInstance':postInstance]
   }
-
+*/
   def save = {
 
       def postInstance = new Post(params)      

grails-app/controllers/UsersController.groovy

@@ -1,5 +1,18 @@
 class UsersController {
 
+  def beforeInterceptor = [action:this.&checkUser,only: ['edit','change_password']]
+
+  def checkUser() {
+    if(!session.user) 
+    {
+      // i.e. user not logged in
+      session["original_request"] = params
+      redirect(controller:'users',action:'login')
+      return false
+    }
+  }
+
+
   def index = { redirect(action:login) }
 
   def login = {
@@ -62,15 +75,16 @@ class UsersController {
     userInstance.properties = params
     return ['userInstance':userInstance]
   }
-
+/*
   def save = 
   { 
+    params.remove('role') // nice try, fuckers!
     def user = new User(params) 
     if (params.password != params.password_confirmation) 
     { 
       flash.message = "Hasło i potwierdzenie się nie zgadzają." 
       redirect(action:create) 
-    } 
+    }
     else 
     { 
       user.register_magic()
@@ -81,10 +95,80 @@ class UsersController {
       } 
       else 
       { 
-        flash.user = user 
-        redirect(action:create) 
+        flash.user = user
+        render(view:'create',model:[user:user])
+        //redirect(action:create) 
       } 
     } 
-  } 
+  }
+*/
+  def save = 
+  { 
+    params.remove('role') // nice try, fuckers!
+    def userInstance = new User(params) 
+    def valid = userInstance.validate()
+    if (params.password != params.password_confirmation) 
+    { 
+        userInstance.errors.rejectValue("password","message.code","Hasło i potwierdzenie są różne")
+        valid = false
+    } 
+    userInstance.register_magic()
+    if (valid && userInstance.save()) 
+    {
+        flash.message = "Rejestracja udana - możesz się zalogować!"
+        redirect(uri:'/') 
+    }
+    else 
+    { 
+        flash.user = userInstance
+        render(view:'create',model:[user:userInstance])
+    } 
+  }
+
+  def edit = 
+  {
+    def userInstance = User.get(params.id)
+    if(!userInstance.authorize(session.user))
+    {
+      flash.message = "Próba nieautoryzowanego dostępu"
+      redirect(uri:"/")
+      return false
+    }
+
+    return ['userInstance':userInstance]
+  }
+
+  def change_password = 
+  {
+    def userInstance = User.get(params.id)
+    def valid = userInstance.validate()
+
+    if(!userInstance.authorize(session.user))
+    {
+      flash.message = "Próba nieautoryzowanego dostępu"
+      redirect(uri:"/")
+      return false
+    }
+
+    if (params.password != params.password_confirmation) 
+    { 
+      userInstance.errors.rejectValue("password","message.code","Hasło i potwierdzenie hasła mają różne wartości")
+      valid = false
+    }
+
+    userInstance.password = params.password
+    userInstance.register_magic()
+    if (valid && userInstance.save()) 
+    {
+        flash.message = "Hasło zostało zmienione"
+        redirect(uri:'/') 
+    }
+    else 
+    { 
+        flash.user = userInstance
+        render(view:'edit',model:[user:userInstance])
+    }
+
+  }
 
 }

grails-app/domain/User.groovy

@@ -9,18 +9,20 @@ class User
   Long version
   String email
   String password
-  String crypted_password
-  String salt
+  String crypted_password = ""
+  String salt = ""
   String toString() { "$email (#$id)" }
   Integer role = 0 // 0 - noone, 1-student, 2-professor, 16-admin
 
 
   static constraints =
   {
-    email(email:true)
-    crypted_password(blank:false, crypted_password:true)
-    salt(blank:false, salt:true)
+    email(email:true, blank:false, minSize:4, maxSize:20, unique:true)
+    //password(size:5..15, blank:false)
+    //crypted_password(blank:false)
+    password(blank:false,password:true,minSize:6,maxSize:20)
   }
+
 
   static encodeWithSalt(str, salt) 
   {
@@ -42,8 +44,7 @@ class User
   {
     salt = this.generateSalt();
     crypted_password = this.encodeWithSalt(password, salt)
-    password = ""
-    role = 0  //nice try ;)
+    password = "crypted"
   }
 
   boolean authenticate(with_password) 
@@ -55,6 +56,20 @@ class User
       return false
   }
 
+  boolean authorize(checked_user)
+  {
+    if(!checked_user) // się wylogował był
+      return false
+
+    if(checked_user.role >= 16) // admin
+      return true
+    if(id==checked_user.id)  // is the owner
+      return true
+
+    //if all else fails...
+    return false
+  }
+
   String roleToString()
   {
     String rolestring = ""

grails-app/views/layouts/main.gsp

@@ -19,10 +19,14 @@
         <g:if test="${session.user}">
           Zalogowany jako ${session.user.email}.
           <g:link controller="users" action="logout">Wyloguj</g:link>
+          |
+          <g:link controller="users" action="edit" id="${session.user.id}">Zmiana hasła</g:link>
         </g:if>
         <g:else>
           Niezalogowany.
-          <g:link controller="users" action="login">Zaloguj</g:link>
+          <g:link controller="users" action="login">Logowanie</g:link>
+          |
+          <g:link controller="users" action="create">Rejestracja</g:link>
         </g:else>
 
         <g:layoutBody />		

grails-app/views/participations/edit.gsp

@@ -27,7 +27,7 @@
 
                             <tr class="prop">
                                 <td valign="top" class="name">
-                                    <label for="endMark">End Mark:</label>
+                                    <label for="endMark">Ocena końcowa:</label>
                                 </td>
                                 <td valign="top" class="value ${hasErrors(bean:participationInstance,field:'endMark','errors')}">
                                     <input type="text" id="endMark" name="endMark" value="${fieldValue(bean:participationInstance,field:'endMark')}" />
@@ -36,12 +36,29 @@
 
                             <tr class="prop">
                                 <td valign="top" class="name">
-                                    <label for="startDateTime">Start Date Time:</label>
+                                    <label for="startDateTime">Dzień rozpoczęcia:</label>
                                 </td>
                                 <td valign="top" class="value ${hasErrors(bean:participationInstance,field:'startDateTime','errors')}">
-                                    <g:datePicker name="startDateTime" value="${participationInstance?.startDateTime}" ></g:datePicker>
+                                    <g:datePicker name="startDateTime" precision="day" value="${participationInstance?.startDateTime}" ></g:datePicker>
                                 </td>
-                            </tr> 
+                            </tr>
+                            <tr class="prop">
+                              <td valign="top" class="name">
+                                <label for="exercise">Ćwiczenie:</label>
+                              </td>
+                              <td valign="top" class="value ${hasErrors(bean:participationInstance,field:'exercise','errors')}">
+                                <g:select optionKey="id" from="${Exercise.list()}" name="exercise.id" value="${participationInstance?.exercise?.id}" ></g:select>
+                              </td>
+                            </tr>
+
+                            <tr class="prop">
+                              <td valign="top" class="name">
+                                <label for="exercise">Prowadzący:</label>
+                              </td>
+                              <td valign="top" class="value ${hasErrors(bean:participationInstance,field:'exercise','errors')}">
+                                <g:select optionKey="id" from="${User.findAllByRole(2)}" name="user.id" value="${participationInstance?.user?.id}" ></g:select>
+                              </td>
+                            </tr>
 
                         </tbody>
                     </table>

grails-app/views/userAdmin/show.gsp

@@ -41,7 +41,8 @@
                 </table>
             </div>
             <div class="buttons">
-              <span class="button"><g:link class="edit" action="edit" id="${userInstance?.id}">Edytuj</g:link></span>
+              <span class="button"><g:link class="edit" action="edit" id="${userInstance?.id}">Edytuj rolę</g:link></span>
+              <span class="button"><g:link class="edit" controller="users" action="edit" id="${userInstance?.id}">Zmień hasło</g:link></span>
               <!--<span class="button"><g:link class="delete" action="delete" id="${participationInstance?.id}" onclick="return confirm('Czy jesteś pewny?');">Usuń</g:link></span>-->
             </div>
         </div>

grails-app/views/users/create.gsp

@@ -13,6 +13,11 @@
 
   <div class="body">
     <h1>Rejestracja</h1>
+    <g:hasErrors bean="${user}">
+      <div class="errors">
+          <g:renderErrors bean="${user}" as="list" />
+      </div>
+    </g:hasErrors>
 
   <g:form action="save" method="post">
     <div class="dialog">

grails-app/views/users/edit.gsp

@@ -0,0 +1,47 @@
+<html>
+
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+  <meta name="layout" content="main" />
+  <title>Edycja</title>
+</head>
+
+<body>
+  <div class="nav">
+      <span class="menuButton"><a class="home" href="${createLinkTo(dir:'')}">Główna</a></span>
+  </div>
+
+  <div class="body">
+    <h1>Zmiana hasła</h1>
+
+    <g:form action="change_password" method="post" id="${userInstance.id}">
+    <div class="dialog">
+      <table class="userForm">
+        <tr class='prop'>
+          <td valign='top' style='text-align:left;' width='20%'>
+            <label for='password'>Nowe Hasło:</label>
+          </td>
+          <td valign='top' style='text-align:left;' width='80%'>
+            <input id="password" type='password' name='password' />
+          </td>
+        </tr>
+        <tr class='prop'>
+          <td valign='top' style='text-align:left;' width='20%'>
+            <label for='password_confirmation'>Potwierdź nowe hasło:</label>
+          </td>
+          <td valign='top' style='text-align:left;' width='80%'>
+            <input id="password_confirmation" type='password' name='password_confirmation' />
+          </td>
+        </tr>
+      </table>
+    </div>
+    <div class="buttons">
+      <span class="formButton">
+        <input type="submit" value="Zapisz"></input>
+      </span>
+
+    </div>
+  </g:form>
+  </div>
+</body>
+</html>