View Javadoc
1   /*
2    * Copyright (c) 2002-2018, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.appcenter.modules.support.web;
35  
36  import fr.paris.lutece.plugins.appcenter.business.Demand;
37  import fr.paris.lutece.plugins.appcenter.business.DemandHome;
38  import fr.paris.lutece.plugins.appcenter.business.DemandType;
39  import fr.paris.lutece.plugins.appcenter.business.DemandTypeHome;
40  import fr.paris.lutece.plugins.appcenter.modules.support.business.SupportDemand;
41  import fr.paris.lutece.plugins.appcenter.modules.support.business.UploadFile;
42  import fr.paris.lutece.plugins.appcenter.web.ManageAppCenterJspBean;
43  import javax.servlet.http.HttpServletRequest;
44  
45  import fr.paris.lutece.portal.business.file.File;
46  import fr.paris.lutece.portal.business.file.FileHome;
47  import fr.paris.lutece.portal.business.physicalfile.PhysicalFile;
48  import fr.paris.lutece.portal.business.physicalfile.PhysicalFileHome;
49  import fr.paris.lutece.portal.business.user.AdminUser;
50  import fr.paris.lutece.portal.service.admin.AdminUserService;
51  import fr.paris.lutece.portal.service.message.AdminMessage;
52  import fr.paris.lutece.portal.service.message.AdminMessageService;
53  import fr.paris.lutece.portal.service.rbac.RBACService;
54  import fr.paris.lutece.portal.service.util.AppLogService;
55  import fr.paris.lutece.portal.web.constants.Messages;
56  import fr.paris.lutece.util.filesystem.FileSystemUtil;
57  import java.io.IOException;
58  import java.io.OutputStream;
59  import javax.servlet.http.HttpServletResponse;
60  import org.apache.commons.lang.StringUtils;
61  
62  /**
63   * DoAdminDownloadFile
64   */
65  public class DoAdminDownloadFile
66  {
67      private static final String PARAMETER_ID_FILE = "id_file";
68      private static final String PARAMETER_ID_DEMAND = "id_demand";
69      private static final String VIEW_PERMISSION = "VIEW";
70      private static final String MESSAGE_ERROR_DURING_DOWNLOAD_FILE = "module.appcenter.support.error.error_during_download_file";
71  
72      /**
73       * Private constructor
74       */
75      private DoAdminDownloadFile( )
76      {
77      }
78      
79      /**
80       * Write in the http response the file to upload
81       * @param request the http request
82       * @param response The http response
83       * @return Error Message
84       *
85       */
86      public static String doDownloadFile( HttpServletRequest request, HttpServletResponse response )
87      {             
88          String strIdDemand = request.getParameter( PARAMETER_ID_DEMAND );
89          String strIdFile = request.getParameter( PARAMETER_ID_FILE );
90  
91          if ( StringUtils.isBlank( strIdFile ) 
92                  || !StringUtils.isNumeric( strIdFile ) 
93                  || StringUtils.isBlank( strIdDemand )
94                  || !StringUtils.isNumeric( strIdDemand ) )
95          {
96              return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_DURING_DOWNLOAD_FILE, AdminMessage.TYPE_STOP );
97          }
98  
99          int nIdDemand = Integer.parseInt( strIdDemand );
100         int nIdFile = Integer.parseInt( strIdFile );
101 
102         SupportDemand supportDemand = DemandHome.findByPrimaryKey( nIdDemand, SupportDemand.class );
103         DemandType demandType = DemandTypeHome.findByIdDemandType( supportDemand.getIdDemandType( ) );
104         
105         if ( !isFileInDemand( supportDemand, nIdFile ) )
106         {
107             return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
108         }
109         
110         AdminUser adminUser = AdminUserService.getAdminUser( request );
111         
112         if( ( adminUser == null ) || ( !adminUser.checkRight( ManageAppCenterJspBean.RIGHT_MANAGEAPPCENTER ) ) || ( !RBACService.isAuthorized( demandType, VIEW_PERMISSION, adminUser ) ) )
113         {
114             return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
115         }
116 
117         File file = FileHome.findByPrimaryKey( nIdFile );
118         PhysicalFile physicalFile = ( file != null )
119             ? PhysicalFileHome.findByPrimaryKey( file.getPhysicalFile(  ).getIdPhysicalFile(  ) ) : null;
120 
121         if ( physicalFile != null )
122         {
123             try
124             {
125                 byte[] byteFileOutPut = physicalFile.getValue(  );
126 
127                 response.setHeader( "Content-Disposition", "attachment ;filename=\"" + file.getTitle(  ) + "\"" );
128                 response.setHeader( "Pragma", "public" );
129                 response.setHeader( "Expires", "0" );
130                 response.setHeader( "Cache-Control", "must-revalidate,post-check=0,pre-check=0" );
131 
132                 String strMimeType = file.getMimeType(  );
133 
134                 if ( strMimeType == null )
135                 {
136                     strMimeType = FileSystemUtil.getMIMEType( file.getTitle(  ) );
137                 }
138 
139                 response.setContentType( strMimeType );
140                 response.setContentLength( byteFileOutPut.length );
141 
142                 OutputStream os = response.getOutputStream(  );
143                 os.write( byteFileOutPut );
144                 os.close(  );
145             }
146             catch ( IOException e )
147             {
148                 AppLogService.error( e );
149             }
150         }
151         
152         return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_DURING_DOWNLOAD_FILE, AdminMessage.TYPE_STOP );
153     }
154     
155     /**
156      * Check if a file is present in demand
157      * @param supportDemand The demand
158      * @param nIdFile The file id
159      * @return true if file is present in demand and false otherwise.
160      *
161      */
162     private static boolean isFileInDemand( SupportDemand supportDemand, int nIdFile )
163     {
164         boolean bFileInDemand = false;
165         for (UploadFile uploadFile : supportDemand.getListFilesSupport( ))
166         {
167             if ( uploadFile.getIdFile(  ) == nIdFile )
168             {
169                 bFileInDemand = true;
170             }
171         }
172         
173         return bFileInDemand;
174     }
175 }