ucUAValidateForm
Purpose
This display is used on the user account administration screen. It is called to validate all of the form parameters returned from the user before database modifications are made.
Applies To
User Account Display
Signature
public boolean ucUAValidateForm(
String mode,
FormParameters fp,
SecurityUser su,
HttpServletRequest request,
HttpServletResponse response,
Connection dbconn,
SesameSession session) throws Exception
Notes
For unsuccessful return, the ALERT attribute in the current session should be set. The form will be refreshed, resulting in an alert to the user.
Example
public boolean ucUAValidateForm(String mode, FormParameters fp, SecurityUser su, HttpServletRequest request, HttpServletResponse response, Connection dbconn, SesameSession session) throws Exception { // Don't validate if the area/role form parameter doesn't exist // or if we don't have visible permission on these fields // (in case of non-admin user editing account settings) //check security permissions String mUser = session.getUserId(); int mArea = session.getArea(); int mProject = session.getProject(); boolean userUserGroupPerm = SecurityPermission.getObjectAccess( "UC_USER_USER_GROUP", SecurityPermission.WRITE, mUser, mArea, mProject, session); boolean userSecurityGroupPerm = SecurityPermission.getObjectAccess( "SE_SECURITY_GROUP", SecurityPermission.WRITE, mUser, mArea, mProject, session); if ((userUserGroupPerm && userSecurityGroupPerm ) && fp.containsKey("p_area_role") ){ String[] roles = fp.getArray("p_user_group"); // Create ArrayList from roles String array, can use ArrayList.contains() method later ArrayList rolesList = new ArrayList(); for (int r = 0; r < roles.length; r++) rolesList.add(roles[r]); String[] areaRoles = fp.getArray("p_area_role"); String invalidRoles = null; // Check that the area/role mapping selected matches with the list // of roles the user has access to for (int i = 0; i < areaRoles.length; i++) { // Get the role id of this area/role mapping String value = areaRoles[i]; // formatted as "
|
" int barIndex = value.indexOf('|'); String roleId = value.substring(barIndex + 1); // Verify that this role is in the list of user's allowed roles, // ignoring special none value if (!roleId.equals("{NULL}") && !rolesList.contains(roleId)) { if (invalidRoles == null) invalidRoles = roleId; else invalidRoles += ", " + roleId; } } // If any invalid roles have been found, set the ALERT session attribute if (invalidRoles != null) { session.setAttribute("ALERT", "\n"); return false; } } return true; }