ucUAValidateForm | Product Documentation

ucUAValidateForm

Purpose

This display is used on the user account administration screen. It is called to validate all of the form parameters returned from the user before database modifications are made.

Applies To

User Account Display

Signature

public boolean ucUAValidateForm( 
                      String mode, 
                      FormParameters fp,
                      SecurityUser su,
                      HttpServletRequest request,
                      HttpServletResponse response,
                      Connection dbconn,
                      SesameSession session) throws Exception

Notes

For unsuccessful return, the ALERT attribute in the current session should be set. The form will be refreshed, resulting in an alert to the user.

Example

public boolean ucUAValidateForm(String mode,
                                    FormParameters fp,
                                    SecurityUser su,
                                    HttpServletRequest request,
                                    HttpServletResponse response,
                                    Connection dbconn,
                                    SesameSession session) throws Exception {

        // Don't validate if the area/role form parameter doesn't exist
        // or if we don't have visible permission on these fields
        // (in case of non-admin user editing account settings)
        //check security permissions

        String mUser = session.getUserId();
        int mArea = session.getArea();
        int mProject = session.getProject();

        boolean userUserGroupPerm = 
                   SecurityPermission.getObjectAccess(
                                       "UC_USER_USER_GROUP",
                                       SecurityPermission.WRITE,
                                       mUser, mArea, mProject, session);
        boolean userSecurityGroupPerm = 
                   SecurityPermission.getObjectAccess(
                                       "SE_SECURITY_GROUP",
                                        SecurityPermission.WRITE,
                                        mUser, mArea, mProject, session);

        if ((userUserGroupPerm && userSecurityGroupPerm ) && 
             fp.containsKey("p_area_role")  ){


        String[] roles = fp.getArray("p_user_group");

        // Create ArrayList from roles String array, can use ArrayList.contains() method later
        ArrayList rolesList = new ArrayList();

        for (int r = 0; r < roles.length; r++)
            rolesList.add(roles[r]);

        String[] areaRoles = fp.getArray("p_area_role");
        String invalidRoles = null;

        // Check that the area/role mapping selected matches with the list
        // of roles the user has access to
        for (int i = 0; i < areaRoles.length; i++) {

            // Get the role id of this area/role mapping
            String value = areaRoles[i]; // formatted as "|"
            int barIndex = value.indexOf('|');
            String roleId = value.substring(barIndex + 1);

            // Verify that this role is in the list of user's allowed roles,
            // ignoring special none value
            if (!roleId.equals("{NULL}") && !rolesList.contains(roleId)) {
                if (invalidRoles == null)
                    invalidRoles = roleId;
                else
                    invalidRoles += ", " + roleId;
            }
        }

        // If any invalid roles have been found, set the ALERT session attribute
        if (invalidRoles != null) {
            session.setAttribute("ALERT", "\n");
            return false;
        }
        }
        return true;
    }