AdminPagePortletJspBean.java

  1. /*
  2.  * Copyright (c) 2002-2022, City of Paris
  3.  * All rights reserved.
  4.  *
  5.  * Redistribution and use in source and binary forms, with or without
  6.  * modification, are permitted provided that the following conditions
  7.  * are met:
  8.  *
  9.  *  1. Redistributions of source code must retain the above copyright notice
  10.  *     and the following disclaimer.
  11.  *
  12.  *  2. Redistributions in binary form must reproduce the above copyright notice
  13.  *     and the following disclaimer in the documentation and/or other materials
  14.  *     provided with the distribution.
  15.  *
  16.  *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
  17.  *     contributors may be used to endorse or promote products derived from
  18.  *     this software without specific prior written permission.
  19.  *
  20.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21.  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23.  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
  24.  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
  25.  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
  26.  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
  27.  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
  28.  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  29.  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
  30.  * POSSIBILITY OF SUCH DAMAGE.
  31.  *
  32.  * License 1.0
  33.  */
  34. package fr.paris.lutece.portal.web.admin;

  36. import java.util.ArrayList;
  37. import java.util.HashMap;
  38. import java.util.Locale;
  39. import java.util.Map;

  41. import javax.servlet.http.HttpServletRequest;

  43. import org.apache.commons.lang3.StringUtils;

  45. import fr.paris.lutece.portal.business.portlet.Portlet;
  46. import fr.paris.lutece.portal.business.portlet.PortletHome;
  47. import fr.paris.lutece.portal.business.portlet.PortletType;
  48. import fr.paris.lutece.portal.business.portlet.PortletTypeHome;
  49. import fr.paris.lutece.portal.business.user.AdminUser;
  50. import fr.paris.lutece.portal.service.admin.AccessDeniedException;
  51. import fr.paris.lutece.portal.service.admin.AdminUserService;
  52. import fr.paris.lutece.portal.service.message.AdminMessage;
  53. import fr.paris.lutece.portal.service.message.AdminMessageService;
  54. import fr.paris.lutece.portal.service.portlet.PortletRemovalListenerService;
  55. import fr.paris.lutece.portal.service.portlet.PortletResourceIdService;
  56. import fr.paris.lutece.portal.service.rbac.RBACService;
  57. import fr.paris.lutece.portal.service.security.SecurityTokenService;
  58. import fr.paris.lutece.portal.service.util.AppLogService;
  59. import fr.paris.lutece.portal.web.constants.Messages;
  60. import fr.paris.lutece.portal.web.constants.Parameters;
  61. import fr.paris.lutece.util.url.UrlItem;

  63. /**
  64.  * This class provides the admin interface to manage administration of portlet on the pages
  65.  */
  66. public class AdminPagePortletJspBean extends AdminFeaturesPageJspBean
  67. {
  68.     private static final long serialVersionUID = -7578155683931873195L;
  69.     // Right
  70.     public static final String RIGHT_MANAGE_ADMIN_SITE = "CORE_ADMIN_SITE";
  71.     private static final String MSG_ERROR_PORTLET = "Error looking for portlet with id {}";
  72.     private static final String PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS = "portal.site.message.warningPortletAlias";
  73.     private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET = "portal.site.message.confirmRemovePortlet";
  74.     private static final String MESSAGE_CANNOT_REMOVE_PORTLET = "portal.site.message.cannotRemovePortlet";
  75.     private static final String MESSAGE_CANNOT_REMOVE_PORTLET_TITLE = "portal.site.message.cannotRemovePortlet.title";
  76.     private static final String PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS = "portal.site.message.confirmModifyStatus";
  77.     private static final String PORTLET_STATUS = "status";
  78.     private static final String JSP_REMOVE_PORTLET = "jsp/admin/site/DoRemovePortlet.jsp";
  79.     private static final String JSP_DO_MODIFY_POSITION = "jsp/admin/site/DoModifyPortletPosition.jsp";
  80.     private static final String JSP_DO_MODIFY_STATUS = "jsp/admin/site/DoModifyPortletStatus.jsp";
  81.     private static final String JSP_ADMIN_SITE = "AdminSite.jsp";

  83.     /**
  84.      * Processes the modification of a portlet whose identifier is stored in the http request
  85.      *
  86.      * @param request
  87.      *            The http request
  88.      * @return The jsp url of the process result
  89.      */
  90.     public String doModifyPortlet( HttpServletRequest request )
  91.     {
  92.         String strUrl = null;
  93.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );

  95.         int nPortletId = Integer.parseInt( strPortletId );
  96.         Portlet portlet = PortletHome.findByPrimaryKey( nPortletId );

  98.         for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
  99.         {
  100.             if ( portletType.getId( ).equals( portlet.getPortletTypeId( ) ) )
  101.             {
  102.                 UrlItem url = new UrlItem( portletType.getUrlUpdate( ) );
  103.                 url.addParameter( Parameters.PORTLET_ID, nPortletId );
  104.                 strUrl = url.getUrl( );

  106.                 break;
  107.             }
  108.         }

  110.         return strUrl;
  111.     }

  113.     /**
  114.      * Redirects towards the url of the process creation of a portlet according to its type or null if the portlet type doesn't exist.
  115.      *
  116.      * @param request
  117.      *            The http request
  118.      * @return The jsp url of the portlet type process creation
  119.      */
  120.     public String doCreatePortlet( HttpServletRequest request )
  121.     {
  122.         String strUrl = null;
  123.         String strPortletTypeId = request.getParameter( Parameters.PORTLET_TYPE_ID );

  125.         for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
  126.         {
  127.             if ( portletType.getId( ).equals( strPortletTypeId ) )
  128.             {
  129.                 strUrl = portletType.getUrlCreation( );

  131.                 break;
  132.             }
  133.         }

  135.         return strUrl;
  136.     }

  138.     /**
  139.      * Displays the confirm message for deleting the portlet
  140.      *
  141.      * @param request
  142.      *            The http request
  143.      * @return The confirm page
  144.      * @throws AccessDeniedException
  145.      *             if the user is not authorized to manage the portlet
  146.      */
  147.     public String getRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
  148.     {
  149.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
  150.         if ( !StringUtils.isNumeric( strPortletId ) )
  151.         {
  152.             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
  153.         }
  154.         int nPortletId = Integer.parseInt( strPortletId );
  155.         Portlet portlet = null;
  156.         try
  157.         {
  158.             portlet = PortletHome.findByPrimaryKey( nPortletId );
  159.         }
  160.         catch( NullPointerException e )
  161.         {
  162.             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
  163.         }
  164.         if ( portlet == null || portlet.getId( ) != nPortletId )
  165.         {
  166.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  167.                     nPortletId
  168.             }, AdminMessage.TYPE_ERROR );
  169.         }
  170.         AdminUser user = AdminUserService.getAdminUser( request );
  171.         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
  172.         {
  173.             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
  174.         }
  175.         String strUrl = JSP_REMOVE_PORTLET;
  176.         String strTarget = "_top";
  177.         Map<String, Object> parameters = new HashMap<>( );
  178.         parameters.put( Parameters.PORTLET_ID, strPortletId );
  179.         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_REMOVE_PORTLET ) );

  181.         if ( PortletHome.hasAlias( nPortletId ) )
  182.         {
  183.             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS, new Object [ ] {
  184.                     portlet.getName( )
  185.             }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
  186.         }

  188.         ArrayList<String> listErrors = new ArrayList<>( );
  189.         Locale locale = AdminUserService.getLocale( request );
  190.         if ( !PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
  191.         {
  192.             String strCause = AdminMessageService.getFormattedList( listErrors, locale );
  193.             Object [ ] args = {
  194.                     strCause, portlet.getName( )
  195.             };

  197.             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_PORTLET, args, MESSAGE_CANNOT_REMOVE_PORTLET_TITLE, strUrl, strTarget,
  198.                     AdminMessage.TYPE_STOP, parameters );
  199.         }

  201.         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET, new Object [ ] {
  202.                 portlet.getName( )
  203.         }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
  204.     }

  206.     /**
  207.      * Processes the removal of the portlet
  208.      *
  209.      * @param request
  210.      *            The http request
  211.      * @return The Jsp URL of the process result
  212.      * @throws AccessDeniedException
  213.      *             if the user is not authorized to manage the portlet
  214.      */
  215.     public String doRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
  216.     {
  217.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
  218.         if ( !StringUtils.isNumeric( strPortletId ) )
  219.         {
  220.             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
  221.         }
  222.         int nPortletId = Integer.parseInt( strPortletId );
  223.         Portlet portlet = null;
  224.         try
  225.         {
  226.             portlet = PortletHome.findByPrimaryKey( nPortletId );
  227.         }
  228.         catch( NullPointerException e )
  229.         {
  230.             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
  231.         }
  232.         if ( portlet == null || portlet.getId( ) != nPortletId )
  233.         {
  234.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  235.                     nPortletId
  236.             }, AdminMessage.TYPE_ERROR );
  237.         }
  238.         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_REMOVE_PORTLET ) )
  239.         {
  240.             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
  241.         }
  242.         AdminUser user = AdminUserService.getAdminUser( request );
  243.         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
  244.         {
  245.             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
  246.         }
  247.         ArrayList<String> listErrors = new ArrayList<>( );
  248.         Locale locale = AdminUserService.getLocale( request );

  250.         if ( PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
  251.         {
  252.             portlet.remove( );
  253.         }

  255.         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
  256.     }

  258.     /**
  259.      * Displays the portlet status modification page
  260.      *
  261.      * @param request
  262.      *            The http request
  263.      * @return The confirm page
  264.      * @throws AccessDeniedException
  265.      *             if the user is not authorized to manage the portlet
  266.      */
  267.     public String getModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
  268.     {
  269.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
  270.         String strStatus = request.getParameter( PORTLET_STATUS );
  271.         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
  272.         {
  273.             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
  274.         }
  275.         int nPortletId = Integer.parseInt( strPortletId );
  276.         Portlet portlet = null;
  277.         try
  278.         {
  279.             portlet = PortletHome.findByPrimaryKey( nPortletId );
  280.         }
  281.         catch( NullPointerException e )
  282.         {
  283.             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
  284.         }
  285.         if ( portlet == null || portlet.getId( ) != nPortletId )
  286.         {
  287.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  288.                     nPortletId
  289.             }, AdminMessage.TYPE_ERROR );
  290.         }
  291.         int nStatus = Integer.parseInt( strStatus );
  292.         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
  293.         {
  294.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  295.                     nStatus
  296.             }, AdminMessage.TYPE_ERROR );
  297.         }
  298.         AdminUser user = AdminUserService.getAdminUser( request );
  299.         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
  300.         {
  301.             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
  302.         }
  303.         String strUrl = JSP_DO_MODIFY_STATUS;
  304.         String strTarget = "_top";

  306.         Map<String, Object> parameters = new HashMap<>( );
  307.         parameters.put( Parameters.PORTLET_ID, strPortletId );
  308.         parameters.put( PORTLET_STATUS, strStatus );
  309.         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_DO_MODIFY_STATUS ) );
  310.         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS, null, null, strUrl, strTarget,
  311.                 AdminMessage.TYPE_CONFIRMATION, parameters );
  312.     }

  314.     /**
  315.      * Processes the status definition for portlet : suspended or activated
  316.      *
  317.      * @param request
  318.      *            The http request
  319.      * @return The Jsp URL of the process result
  320.      * @throws AccessDeniedException
  321.      *             if the user is not authorized to manage the portlet
  322.      */
  323.     public String doModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
  324.     {
  325.         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_DO_MODIFY_STATUS ) )
  326.         {
  327.             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
  328.         }
  329.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
  330.         String strStatus = request.getParameter( PORTLET_STATUS );
  331.         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
  332.         {
  333.             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
  334.         }
  335.         int nPortletId = Integer.parseInt( strPortletId );
  336.         Portlet portlet = null;
  337.         try
  338.         {
  339.             portlet = PortletHome.findByPrimaryKey( nPortletId );
  340.         }
  341.         catch( NullPointerException e )
  342.         {
  343.             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
  344.         }
  345.         if ( portlet == null || portlet.getId( ) != nPortletId )
  346.         {
  347.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  348.                     nPortletId
  349.             }, AdminMessage.TYPE_ERROR );
  350.         }
  351.         int nStatus = Integer.parseInt( strStatus );
  352.         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
  353.         {
  354.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  355.                     nStatus
  356.             }, AdminMessage.TYPE_ERROR );
  357.         }
  358.         AdminUser user = AdminUserService.getAdminUser( request );
  359.         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
  360.         {
  361.             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
  362.         }

  364.         PortletHome.updateStatus( portlet, nStatus );

  366.         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
  367.     }
  368.     
  369.     /**
  370.      * Processes the Order and Column Update of the portlet
  371.      *
  372.      * @param request
  373.      *            The http request
  374.      * @return The Jsp URL of the process result
  375.      * @throws AccessDeniedException
  376.      *             if the user is not authorized to manage the portlet
  377.      */
  378.     public String doUpdatePortletPosition( HttpServletRequest request ) throws AccessDeniedException
  379.     {
  380.         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
  381.         String strColumnId = request.getParameter( Parameters.COLUMN );
  382.         String strOrder = request.getParameter( Parameters.ORDER );

  384.         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strColumnId ) || !StringUtils.isNumeric( strOrder )  )
  385.         {
  386.             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
  387.         }
  388.         int nPortletId = Integer.parseInt( strPortletId );
  389.         int nColumnId = Integer.parseInt( strColumnId );
  390.         int nOrder = Integer.parseInt( strOrder );
  391.         Portlet portlet = null;
  392.         try
  393.         {
  394.             portlet = PortletHome.findByPrimaryKey( nPortletId );
  395.         }
  396.         catch( NullPointerException e )
  397.         {
  398.             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
  399.         }
  400.         if ( portlet == null || portlet.getId( ) != nPortletId )
  401.         {
  402.             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
  403.                     nPortletId
  404.             }, AdminMessage.TYPE_ERROR );
  405.         }
  406.        
  407.         PortletHome.updatePosition( portlet, nColumnId, nOrder );

  409.        return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
  410.         
  411.     }

  413.     private static String getMessageErrorAuthorization( AdminUser user, String permission, int nPortletId )
  414.     {
  415.         return "User " + user + " is not authorized to permission " + permission + " on portlet " + nPortletId;
  416.     }
  417. }
Created with JaCoCo 0.8.4.201905082037