package modelsimport externals.BCryptimport play.db.anorm._;class Us

1. package models
2.  
3. import externals.BCrypt
4. import play.db.anorm._;
5.  
6.  
7. class User (protected var _id: Int, protected var _email: String, protected var _name: String,
8.             protected var _password: String, protected var _permissions: Set[String]) extends ActiveModel {
9.     private val BCRYPT_WORK_FACTOR: Int = 6
10.    
11.    
12.     def id: Int = _id
13.     def id_=(v: Int) = { _id = v; _dirty = true}
14.     def email: String = _email
15.     def email_=(v: String) = { _email = v; _dirty = true }
16.     def name: String = _name
17.     def name_=(v: String) = { _name = v; _dirty = true }
18.     def permissions: Set[String] = _permissions
19.    
20.    
21.     def password_=(password: String) = {
22.         _password = BCrypt.hashpw(password, BCrypt.gensalt(BCRYPT_WORK_FACTOR))
23.         _dirty = true
24.     }
25.     def checkPassword(password: String): Boolean = {
26.         return BCrypt.checkpw(password, _password)
27.     }
28.    
29.     def hasPermission(permission: String): Boolean = _permissions.contains(permission)
30.     def grantPermission(permission: String) = {
31.         var _set = new scala.collection.immutable.HashSet[String]
32.        
33.         _permissions.foreach( p => { _set += p })
34.         _set += permission
35.         _permissions = _set.toSet[String]
36.         _dirty = true
37.     }
38.     def revokePermission(permission: String) = {
39.         var _set = new scala.collection.immutable.HashSet[String]
40.        
41.         _permissions.foreach( p => { if (p != permission) _set += p })
42.         _permissions = _set.toSet[String]
43.         _dirty = true
44.     }
45.    
46.     protected def insert(): Boolean = {
47.         var res = SQL(User.INSERT_USER).on("name" -> _name, "email" -> _email, "password" -> _password).execute()
48.        
49.         if (res == false)
50.             return false
51.        
52.         var getIdRow = SQL(User.GET_USER_ID_BY_EMAIL).on("email" -> _email).apply().head
53.        
54.         _id = getIdRow.get[Int]("id").get
55.        
56.         return storePermissions
57.     }
58.     protected def update(): Boolean = {
59.         var result = SQL(User.UPDATE_USER).on("name" -> _name, "email" -> _email, "password" -> _password).execute()
60.        
61.         if (result == false)
62.             return false
63.        
64.         return storePermissions
65.     }
66.    
67.     protected def storePermissions(): Boolean = {
68.         var q = new StringBuilder
69.        
70.         q append "START TRANSACTION;"
71.        
72.         q append User.REVOKE_ALL_PERMISSIONS + "\n"
73.        
74.         _permissions.foreach( p => {
75.             q append User.GRANT_PERMISSION.replace("{permission_name}", "\"" + p + "\"") + "\n"
76.         })
77.        
78.         q append "COMMIT;"
79.        
80.         return SQL(q.toString).on("user_id" -> _id).execute()
81.     }
82. }
83.  
84. object User {
85.     private val USER_TABLE: String = "users"
86.     private val USER_PERMISSIONS_TABLE: String = "user_permissions"
87.    
88.     private val GET_USER_BY_ID: String =
89.         "SELECT * FROM tbl WHERE id={id};".replace("tbl", USER_TABLE)
90.     private val GET_USER_ID_BY_EMAIL: String =
91.         "SELECT id FROM tbl WHERE email={email};".replace("tbl", USER_TABLE)
92.     private val GET_USER_PERMISSIONS: String =
93.         "SELECT * FROM tbl WHERE user_id={id};".replace("tbl", USER_PERMISSIONS_TABLE)
94.    
95.     private val INSERT_USER: String =
96.         "INSERT INTO tbl (name, email, password) VALUES ({name}, {email}, {password});".replace("tbl", USER_TABLE)
97.    
98.     private val UPDATE_USER: String =
99.         "UPDATE tbl SET name={name}, email={email}, password={password} WHERE id={id};".replace("tbl", USER_TABLE)
100.    
101.     private val GRANT_PERMISSION: String =
102.         "INSERT INTO tbl VALUES ( {user_id}, {permission_name});".replace("tbl", USER_PERMISSIONS_TABLE)
103.     private val REVOKE_PERMISSION: String =
104.         "DELETE FROM tbl WHERE user_id={user_id} AND permission_name = {permission_name};".replace("tbl", USER_PERMISSIONS_TABLE)
105.     private val REVOKE_ALL_PERMISSIONS: String =
106.         "DELETE FROM tbl WHERE user_id={user_id};".replace("tbl", USER_PERMISSIONS_TABLE)
107.    
108.     def getById(id: Int): User = {
109.         var query = SQL(GET_USER_BY_ID).on("id" -> id)
110.         var result = query.apply().head
111.        
112.         return createUserFromRow(result)
113.     }
114.     private def createUserFromRow(row: Row): User = {
115.         var id: Int = row.get[Int]("id").get
116.         var email: String = row.get[String]("email").get
117.         var name: String = row.get[String]("name").get
118.         var password: String = row.get[String]("password").get
119.        
120.         var permissions: Set[String] = getPermissionsById(id)
121.        
122.         return new User(id, email, name, password, permissions)
123.     }
124.    
125.     def getPermissionsById(id: Int): Set[String] = {
126.         var query = SQL(GET_USER_PERMISSIONS).on("id" -> id)
127.        
128.         var permSet = new scala.collection.mutable.HashSet[String]
129.        
130.         val permissions = query.apply().foreach(
131.             row => permSet.add(row.get[String]("permission_name").get)
132.         )
133.        
134.         return permSet.toSet[String]
135.     }
136. }