View Javadoc
1   /*
2    * Copyright (c) 2002-2022, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.admin;
35  
36  import java.util.ArrayList;
37  import java.util.HashMap;
38  import java.util.Locale;
39  import java.util.Map;
40  
41  import javax.servlet.http.HttpServletRequest;
42  
43  import org.apache.commons.lang3.StringUtils;
44  
45  import fr.paris.lutece.portal.business.portlet.Portlet;
46  import fr.paris.lutece.portal.business.portlet.PortletHome;
47  import fr.paris.lutece.portal.business.portlet.PortletType;
48  import fr.paris.lutece.portal.business.portlet.PortletTypeHome;
49  import fr.paris.lutece.portal.business.user.AdminUser;
50  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
51  import fr.paris.lutece.portal.service.admin.AdminUserService;
52  import fr.paris.lutece.portal.service.message.AdminMessage;
53  import fr.paris.lutece.portal.service.message.AdminMessageService;
54  import fr.paris.lutece.portal.service.portlet.PortletRemovalListenerService;
55  import fr.paris.lutece.portal.service.portlet.PortletResourceIdService;
56  import fr.paris.lutece.portal.service.rbac.RBACService;
57  import fr.paris.lutece.portal.service.security.SecurityTokenService;
58  import fr.paris.lutece.portal.service.util.AppLogService;
59  import fr.paris.lutece.portal.web.constants.Messages;
60  import fr.paris.lutece.portal.web.constants.Parameters;
61  import fr.paris.lutece.util.url.UrlItem;
62  
63  /**
64   * This class provides the admin interface to manage administration of portlet on the pages
65   */
66  public class AdminPagePortletJspBean extends AdminFeaturesPageJspBean
67  {
68      private static final long serialVersionUID = -7578155683931873195L;
69      // Right
70      public static final String RIGHT_MANAGE_ADMIN_SITE = "CORE_ADMIN_SITE";
71      private static final String MSG_ERROR_PORTLET = "Error looking for portlet with id {}";
72      private static final String PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS = "portal.site.message.warningPortletAlias";
73      private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET = "portal.site.message.confirmRemovePortlet";
74      private static final String MESSAGE_CANNOT_REMOVE_PORTLET = "portal.site.message.cannotRemovePortlet";
75      private static final String MESSAGE_CANNOT_REMOVE_PORTLET_TITLE = "portal.site.message.cannotRemovePortlet.title";
76      private static final String PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS = "portal.site.message.confirmModifyStatus";
77      private static final String PORTLET_STATUS = "status";
78      private static final String JSP_REMOVE_PORTLET = "jsp/admin/site/DoRemovePortlet.jsp";
79      private static final String JSP_DO_MODIFY_POSITION = "jsp/admin/site/DoModifyPortletPosition.jsp";
80      private static final String JSP_DO_MODIFY_STATUS = "jsp/admin/site/DoModifyPortletStatus.jsp";
81      private static final String JSP_ADMIN_SITE = "AdminSite.jsp";
82  
83      /**
84       * Processes the modification of a portlet whose identifier is stored in the http request
85       *
86       * @param request
87       *            The http request
88       * @return The jsp url of the process result
89       */
90      public String doModifyPortlet( HttpServletRequest request )
91      {
92          String strUrl = null;
93          String strPortletId = request.getParameter( Parameters.PORTLET_ID );
94  
95          int nPortletId = Integer.parseInt( strPortletId );
96          Portlet portlet = PortletHome.findByPrimaryKey( nPortletId );
97  
98          for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
99          {
100             if ( portletType.getId( ).equals( portlet.getPortletTypeId( ) ) )
101             {
102                 UrlItem/url/UrlItem.html#UrlItem">UrlItem url = new UrlItem( portletType.getUrlUpdate( ) );
103                 url.addParameter( Parameters.PORTLET_ID, nPortletId );
104                 strUrl = url.getUrl( );
105 
106                 break;
107             }
108         }
109 
110         return strUrl;
111     }
112 
113     /**
114      * Redirects towards the url of the process creation of a portlet according to its type or null if the portlet type doesn't exist.
115      *
116      * @param request
117      *            The http request
118      * @return The jsp url of the portlet type process creation
119      */
120     public String doCreatePortlet( HttpServletRequest request )
121     {
122         String strUrl = null;
123         String strPortletTypeId = request.getParameter( Parameters.PORTLET_TYPE_ID );
124 
125         for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale( ) ) )
126         {
127             if ( portletType.getId( ).equals( strPortletTypeId ) )
128             {
129                 strUrl = portletType.getUrlCreation( );
130 
131                 break;
132             }
133         }
134 
135         return strUrl;
136     }
137 
138     /**
139      * Displays the confirm message for deleting the portlet
140      *
141      * @param request
142      *            The http request
143      * @return The confirm page
144      * @throws AccessDeniedException
145      *             if the user is not authorized to manage the portlet
146      */
147     public String getRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
148     {
149         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
150         if ( !StringUtils.isNumeric( strPortletId ) )
151         {
152             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
153         }
154         int nPortletId = Integer.parseInt( strPortletId );
155         Portlet portlet = null;
156         try
157         {
158             portlet = PortletHome.findByPrimaryKey( nPortletId );
159         }
160         catch( NullPointerException e )
161         {
162             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
163         }
164         if ( portlet == null || portlet.getId( ) != nPortletId )
165         {
166             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
167                     nPortletId
168             }, AdminMessage.TYPE_ERROR );
169         }
170         AdminUser user = AdminUserService.getAdminUser( request );
171         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
172         {
173             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
174         }
175         String strUrl = JSP_REMOVE_PORTLET;
176         String strTarget = "_top";
177         Map<String, Object> parameters = new HashMap<>( );
178         parameters.put( Parameters.PORTLET_ID, strPortletId );
179         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_REMOVE_PORTLET ) );
180 
181         if ( PortletHome.hasAlias( nPortletId ) )
182         {
183             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS, new Object [ ] {
184                     portlet.getName( )
185             }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
186         }
187 
188         ArrayList<String> listErrors = new ArrayList<>( );
189         Locale locale = AdminUserService.getLocale( request );
190         if ( !PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
191         {
192             String strCause = AdminMessageService.getFormattedList( listErrors, locale );
193             Object [ ] args = {
194                     strCause, portlet.getName( )
195             };
196 
197             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_PORTLET, args, MESSAGE_CANNOT_REMOVE_PORTLET_TITLE, strUrl, strTarget,
198                     AdminMessage.TYPE_STOP, parameters );
199         }
200 
201         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET, new Object [ ] {
202                 portlet.getName( )
203         }, null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION, parameters );
204     }
205 
206     /**
207      * Processes the removal of the portlet
208      *
209      * @param request
210      *            The http request
211      * @return The Jsp URL of the process result
212      * @throws AccessDeniedException
213      *             if the user is not authorized to manage the portlet
214      */
215     public String doRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
216     {
217         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
218         if ( !StringUtils.isNumeric( strPortletId ) )
219         {
220             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
221         }
222         int nPortletId = Integer.parseInt( strPortletId );
223         Portlet portlet = null;
224         try
225         {
226             portlet = PortletHome.findByPrimaryKey( nPortletId );
227         }
228         catch( NullPointerException e )
229         {
230             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
231         }
232         if ( portlet == null || portlet.getId( ) != nPortletId )
233         {
234             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
235                     nPortletId
236             }, AdminMessage.TYPE_ERROR );
237         }
238         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_REMOVE_PORTLET ) )
239         {
240             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
241         }
242         AdminUser user = AdminUserService.getAdminUser( request );
243         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
244         {
245             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
246         }
247         ArrayList<String> listErrors = new ArrayList<>( );
248         Locale locale = AdminUserService.getLocale( request );
249 
250         if ( PortletRemovalListenerService.getService( ).checkForRemoval( strPortletId, listErrors, locale ) )
251         {
252             portlet.remove( );
253         }
254 
255         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
256     }
257 
258     /**
259      * Displays the portlet status modification page
260      *
261      * @param request
262      *            The http request
263      * @return The confirm page
264      * @throws AccessDeniedException
265      *             if the user is not authorized to manage the portlet
266      */
267     public String getModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
268     {
269         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
270         String strStatus = request.getParameter( PORTLET_STATUS );
271         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
272         {
273             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
274         }
275         int nPortletId = Integer.parseInt( strPortletId );
276         Portlet portlet = null;
277         try
278         {
279             portlet = PortletHome.findByPrimaryKey( nPortletId );
280         }
281         catch( NullPointerException e )
282         {
283             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
284         }
285         if ( portlet == null || portlet.getId( ) != nPortletId )
286         {
287             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
288                     nPortletId
289             }, AdminMessage.TYPE_ERROR );
290         }
291         int nStatus = Integer.parseInt( strStatus );
292         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
293         {
294             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
295                     nStatus
296             }, AdminMessage.TYPE_ERROR );
297         }
298         AdminUser user = AdminUserService.getAdminUser( request );
299         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
300         {
301             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
302         }
303         String strUrl = JSP_DO_MODIFY_STATUS;
304         String strTarget = "_top";
305 
306         Map<String, Object> parameters = new HashMap<>( );
307         parameters.put( Parameters.PORTLET_ID, strPortletId );
308         parameters.put( PORTLET_STATUS, strStatus );
309         parameters.put( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, JSP_DO_MODIFY_STATUS ) );
310         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS, null, null, strUrl, strTarget,
311                 AdminMessage.TYPE_CONFIRMATION, parameters );
312     }
313 
314     /**
315      * Processes the status definition for portlet : suspended or activated
316      *
317      * @param request
318      *            The http request
319      * @return The Jsp URL of the process result
320      * @throws AccessDeniedException
321      *             if the user is not authorized to manage the portlet
322      */
323     public String doModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
324     {
325         if ( !SecurityTokenService.getInstance( ).validate( request, JSP_DO_MODIFY_STATUS ) )
326         {
327             throw new AccessDeniedException( ERROR_INVALID_TOKEN );
328         }
329         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
330         String strStatus = request.getParameter( PORTLET_STATUS );
331         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
332         {
333             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
334         }
335         int nPortletId = Integer.parseInt( strPortletId );
336         Portlet portlet = null;
337         try
338         {
339             portlet = PortletHome.findByPrimaryKey( nPortletId );
340         }
341         catch( NullPointerException e )
342         {
343             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
344         }
345         if ( portlet == null || portlet.getId( ) != nPortletId )
346         {
347             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
348                     nPortletId
349             }, AdminMessage.TYPE_ERROR );
350         }
351         int nStatus = Integer.parseInt( strStatus );
352         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
353         {
354             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
355                     nStatus
356             }, AdminMessage.TYPE_ERROR );
357         }
358         AdminUser user = AdminUserService.getAdminUser( request );
359         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId( ), PortletResourceIdService.PERMISSION_MANAGE, user ) )
360         {
361             throw new AccessDeniedException( getMessageErrorAuthorization( user, PortletResourceIdService.PERMISSION_MANAGE, nPortletId ) );
362         }
363 
364         PortletHome.updateStatus( portlet, nStatus );
365 
366         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
367     }
368     
369     /**
370      * Processes the Order and Column Update of the portlet
371      *
372      * @param request
373      *            The http request
374      * @return The Jsp URL of the process result
375      * @throws AccessDeniedException
376      *             if the user is not authorized to manage the portlet
377      */
378     public String doUpdatePortletPosition( HttpServletRequest request ) throws AccessDeniedException
379     {
380         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
381         String strColumnId = request.getParameter( Parameters.COLUMN );
382         String strOrder = request.getParameter( Parameters.ORDER );
383 
384         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strColumnId ) || !StringUtils.isNumeric( strOrder )  )
385         {
386             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR );
387         }
388         int nPortletId = Integer.parseInt( strPortletId );
389         int nColumnId = Integer.parseInt( strColumnId );
390         int nOrder = Integer.parseInt( strOrder );
391         Portlet portlet = null;
392         try
393         {
394             portlet = PortletHome.findByPrimaryKey( nPortletId );
395         }
396         catch( NullPointerException e )
397         {
398             AppLogService.error( MSG_ERROR_PORTLET, nPortletId, e );
399         }
400         if ( portlet == null || portlet.getId( ) != nPortletId )
401         {
402             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object [ ] {
403                     nPortletId
404             }, AdminMessage.TYPE_ERROR );
405         }
406        
407         PortletHome.updatePosition( portlet, nColumnId, nOrder );
408 
409        return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId( );
410         
411     }
412 
413     private static String getMessageErrorAuthorization( AdminUser user, String permission, int nPortletId )
414     {
415         return "User " + user + " is not authorized to permission " + permission + " on portlet " + nPortletId;
416     }
417 }