View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.admin;
35  
36  import java.util.ArrayList;
37  import java.util.HashMap;
38  import java.util.Locale;
39  import java.util.Map;
40  
41  import javax.servlet.http.HttpServletRequest;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import fr.paris.lutece.portal.business.portlet.Portlet;
46  import fr.paris.lutece.portal.business.portlet.PortletHome;
47  import fr.paris.lutece.portal.business.portlet.PortletType;
48  import fr.paris.lutece.portal.business.portlet.PortletTypeHome;
49  import fr.paris.lutece.portal.business.user.AdminUser;
50  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
51  import fr.paris.lutece.portal.service.admin.AdminUserService;
52  import fr.paris.lutece.portal.service.message.AdminMessage;
53  import fr.paris.lutece.portal.service.message.AdminMessageService;
54  import fr.paris.lutece.portal.service.portlet.PortletRemovalListenerService;
55  import fr.paris.lutece.portal.service.portlet.PortletResourceIdService;
56  import fr.paris.lutece.portal.service.rbac.RBACService;
57  import fr.paris.lutece.portal.service.security.SecurityTokenService;
58  import fr.paris.lutece.portal.service.util.AppLogService;
59  import fr.paris.lutece.portal.web.constants.Messages;
60  import fr.paris.lutece.portal.web.constants.Parameters;
61  import fr.paris.lutece.util.url.UrlItem;
62  
63  /**
64   * This class provides the admin interface to manage administration of portlet on the pages
65   */
66  public class AdminPagePortletJspBean extends AdminFeaturesPageJspBean
67  {
68      private static final long serialVersionUID = -7578155683931873195L;
69      // Right
70      public static final String RIGHT_MANAGE_ADMIN_SITE = "CORE_ADMIN_SITE";
71      private static final String MSG_ERROR_PORTLET = "Error looking for portlet with id {}";
72      private static final String PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS = "portal.site.message.warningPortletAlias";
73      private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET = "portal.site.message.confirmRemovePortlet";
74      private static final String MESSAGE_CANNOT_REMOVE_PORTLET = "portal.site.message.cannotRemovePortlet";
75      private static final String MESSAGE_CANNOT_REMOVE_PORTLET_TITLE = "portal.site.message.cannotRemovePortlet.title";
76      private static final String PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS = "portal.site.message.confirmModifyStatus";
77      private static final String PORTLET_STATUS = "status";
78      private static final String JSP_REMOVE_PORTLET = "jsp/admin/site/DoRemovePortlet.jsp";
79      private static final String JSP_DO_MODIFY_POSITION = "jsp/admin/site/DoModifyPortletPosition.jsp";
80      private static final String JSP_DO_MODIFY_STATUS = "jsp/admin/site/DoModifyPortletStatus.jsp";
81      private static final String JSP_ADMIN_SITE = "AdminSite.jsp";
82      private static final String JSP_PATH = "jsp/admin/site/";
83  
84      /**
85       * Processes the modification of a portlet whose identifier is stored in the http request
86       *
87       * @param request
88       *            The http request
89       * @return The jsp url of the process result
90       */
91      public String doModifyPortlet( HttpServletRequest request )
92      {
93          String strUrl = null;
94          String strPortletId = request.getParameter( Parameters.PORTLET_ID );
95  
96          int nPortletId = Integer.parseInt( strPortletId );
97          Portlet portlet = PortletHome.findByPrimaryKey( nPortletId );
98  
99          for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
100         {
101             if ( portletType.getId( ).equals( portlet.getPortletTypeId( ) ) )
102             {
103                 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( portletType.getUrlUpdate( ) );
104                 url.addParameter( Parameters.PORTLET_ID, nPortletId );
105                 strUrl = url.getUrl( );
106 
107                 break;
108             }
109         }
110 
111         return strUrl;
112     }
113 
114     /**
115      * Redirects towards the url of the process creation of a portlet according to its type or null if the portlet type doesn't exist.
116      *
117      * @param request
118      *            The http request
119      * @return The jsp url of the portlet type process creation
120      */
121     public String doCreatePortlet( HttpServletRequest request )
122     {
123         String strUrl = null;
124         String strPortletTypeId = request.getParameter( Parameters.PORTLET_TYPE_ID );
125 
126         for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
127         {
128             if ( portletType.getId( ).equals( strPortletTypeId ) )
129             {
130                 strUrl = portletType.getUrlCreation( );
131 
132                 break;
133             }
134         }
135 
136         return strUrl;
137     }
138 
139     /**
140      * Displays the confirm message for deleting the portlet
141      *
142      * @param request
143      *            The http request
144      * @return The confirm page
145      * @throws AccessDeniedException
146      *             if the user is not authorized to manage the portlet
147      */
148     public String getRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
149     {
150         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
151         if ( !StringUtils.isNumeric( strPortletId ) )
152         {
153             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
154         }
155         int nPortletId = Integer.parseInt( strPortletId );
156         Portlet portlet = null;
157         try
158         {
159             portlet = PortletHome.findByPrimaryKey( nPortletId );
160         }
161         catch( NullPointerException e )
162         {
163             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
164         }
165         if ( portlet == null || portlet.getId( ) != nPortletId )
166         {
167             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
168                     nPortletId
169             }, AdminMessage.TYPE_ERROR );
170         }
171         AdminUser user = AdminUserService.getAdminUser( request );
172         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
173         {
174             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
175         }
176         String strUrl = JSP_REMOVE_PORTLET;
177         String strTarget = "_top";
178         Map<String, Object> parameters = new HashMap<>( );
179         parameters.put( Parameters.PORTLET_ID, strPortletId );
180         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_REMOVE_PORTLET ) );
181 
182         if ( PortletHome.hasAlias( nPortletId ) )
183         {
184             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS, new Object [ ] {
185                     portlet.getName( )
186             }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
187         }
188 
189         ArrayList<String> listErrors = new ArrayList<>( );
190         Locale locale = AdminUserService.getLocale( request );
191         if ( !PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
192         {
193             String strCause = AdminMessageService.getFormattedList( listErrors, locale );
194             Object [ ] args = {
195                     strCause, portlet.getName( )
196             };
197 
198             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_PORTLET, args, MESSAGE_CANNOT_REMOVE_PORTLET_TITLE, strUrl, strTarget,
199                     AdminMessage.TYPE_STOP, parameters );
200         }
201 
202         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET, new Object [ ] {
203                 portlet.getName( )
204         }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
205     }
206 
207     /**
208      * Processes the removal of the portlet
209      *
210      * @param request
211      *            The http request
212      * @return The Jsp URL of the process result
213      * @throws AccessDeniedException
214      *             if the user is not authorized to manage the portlet
215      */
216     public String doRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
217     {
218         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
219         if ( !StringUtils.isNumeric( strPortletId ) )
220         {
221             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
222         }
223         int nPortletId = Integer.parseInt( strPortletId );
224         Portlet portlet = null;
225         try
226         {
227             portlet = PortletHome.findByPrimaryKey( nPortletId );
228         }
229         catch( NullPointerException e )
230         {
231             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
232         }
233         if ( portlet == null || portlet.getId( ) != nPortletId )
234         {
235             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
236                     nPortletId
237             }, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
238         }
239         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_REMOVE_PORTLET ) )
240         {
241             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
242         }
243         AdminUser user = AdminUserService.getAdminUser( request );
244         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
245         {
246             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
247         }
248         ArrayList<String> listErrors = new ArrayList<>( );
249         Locale locale = AdminUserService.getLocale( request );
250 
251         if ( PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
252         {
253             portlet.remove( );
254         }
255 
256         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
257     }
258 
259     /**
260      * Displays the portlet status modification page
261      *
262      * @param request
263      *            The http request
264      * @return The confirm page
265      * @throws AccessDeniedException
266      *             if the user is not authorized to manage the portlet
267      */
268     public String getModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
269     {
270         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
271         String strStatus = request.getParameter( PORTLET_STATUS );
272         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
273         {
274             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
275         }
276         int nPortletId = Integer.parseInt( strPortletId );
277         Portlet portlet = null;
278         try
279         {
280             portlet = PortletHome.findByPrimaryKey( nPortletId );
281         }
282         catch( NullPointerException e )
283         {
284             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
285         }
286         if ( portlet == null || portlet.getId( ) != nPortletId )
287         {
288             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
289                     nPortletId
290             }, AdminMessage.TYPE_ERROR );
291         }
292         int nStatus = Integer.parseInt( strStatus );
293         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
294         {
295             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
296                     nStatus
297             }, AdminMessage.TYPE_ERROR );
298         }
299         AdminUser user = AdminUserService.getAdminUser( request );
300         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
301         {
302             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
303         }
304         String strUrl = JSP_DO_MODIFY_STATUS;
305         String strTarget = "_top";
306 
307         Map<String, Object> parameters = new HashMap<>( );
308         parameters.put( Parameters.PORTLET_ID, strPortletId );
309         parameters.put( PORTLET_STATUS, strStatus );
310         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_DO_MODIFY_STATUS ) );
311         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS, null, null, strUrl, strTarget,
312                 AdminMessage.TYPE_CONFIRMATION, parameters );
313     }
314 
315     /**
316      * Processes the status definition for portlet : suspended or activated
317      *
318      * @param request
319      *            The http request
320      * @return The Jsp URL of the process result
321      * @throws AccessDeniedException
322      *             if the user is not authorized to manage the portlet
323      */
324     public String doModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
325     {
326         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_DO_MODIFY_STATUS ) )
327         {
328             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
329         }
330         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
331         String strStatus = request.getParameter( PORTLET_STATUS );
332         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
333         {
334             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
335         }
336         int nPortletId = Integer.parseInt( strPortletId );
337         Portlet portlet = null;
338         try
339         {
340             portlet = PortletHome.findByPrimaryKey( nPortletId );
341         }
342         catch( NullPointerException e )
343         {
344             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
345         }
346         if ( portlet == null || portlet.getId( ) != nPortletId )
347         {
348             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
349                     nPortletId
350             }, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
351         }
352         int nStatus = Integer.parseInt( strStatus );
353         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
354         {
355             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
356                     nStatus
357             }, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
358         }
359         AdminUser user = AdminUserService.getAdminUser( request );
360         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
361         {
362             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
363         }
364 
365         PortletHome.updateStatus( portlet, nStatus );
366 
367         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
368     }
369     
370     /**
371      * Processes the Order and Column Update of the portlet
372      *
373      * @param request
374      *            The http request
375      * @return The Jsp URL of the process result
376      * @throws AccessDeniedException
377      *             if the user is not authorized to manage the portlet
378      */
379     public String doUpdatePortletPosition( HttpServletRequest request ) throws AccessDeniedException
380     {
381         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
382         String strColumnId = request.getParameter( Parameters.COLUMN );
383         String strOrder = request.getParameter( Parameters.ORDER );
384 
385         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strColumnId ) || !StringUtils.isNumeric( strOrder )  )
386         {
387             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
388         }
389         int nPortletId = Integer.parseInt( strPortletId );
390         int nColumnId = Integer.parseInt( strColumnId );
391         int nOrder = Integer.parseInt( strOrder );
392         Portlet portlet = null;
393         try
394         {
395             portlet = PortletHome.findByPrimaryKey( nPortletId );
396         }
397         catch( NullPointerException e )
398         {
399             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
400         }
401         if ( portlet == null || portlet.getId( ) != nPortletId )
402         {
403             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
404                     nPortletId
405             }, JSP_PATH+JSP_ADMIN_SITE, AdminMessage.TYPE_ERROR );
406         }
407        
408         PortletHome.updatePosition( portlet, nColumnId, nOrder );
409 
410        return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
411         
412     }
413 
414     private static String getMessageErrorAuthorization( AdminUser user, String permission, int nPortletId )
415     {
416         return "User " + user + " is not authorized to permission " + permission + " on portlet " + nPortletId;
417     }
418 }