1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.directory.web;
35
36 import fr.paris.lutece.plugins.directory.business.DirectoryXsl;
37 import fr.paris.lutece.plugins.directory.business.DirectoryXslHome;
38 import fr.paris.lutece.plugins.directory.business.File;
39 import fr.paris.lutece.plugins.directory.business.FileHome;
40 import fr.paris.lutece.plugins.directory.business.PhysicalFile;
41 import fr.paris.lutece.plugins.directory.business.PhysicalFileHome;
42 import fr.paris.lutece.plugins.directory.business.RecordField;
43 import fr.paris.lutece.plugins.directory.business.RecordFieldFilter;
44 import fr.paris.lutece.plugins.directory.business.RecordFieldHome;
45 import fr.paris.lutece.plugins.directory.service.DirectoryPlugin;
46 import fr.paris.lutece.plugins.directory.service.DirectoryXslResourceIdService;
47 import fr.paris.lutece.plugins.directory.service.record.IRecordService;
48 import fr.paris.lutece.plugins.directory.service.record.RecordService;
49 import fr.paris.lutece.plugins.directory.utils.DirectoryUtils;
50 import fr.paris.lutece.portal.business.user.AdminUser;
51 import fr.paris.lutece.portal.service.admin.AdminUserService;
52 import fr.paris.lutece.portal.service.message.AdminMessage;
53 import fr.paris.lutece.portal.service.message.AdminMessageService;
54 import fr.paris.lutece.portal.service.plugin.Plugin;
55 import fr.paris.lutece.portal.service.plugin.PluginService;
56 import fr.paris.lutece.portal.service.rbac.RBACService;
57 import fr.paris.lutece.portal.service.spring.SpringContextService;
58 import fr.paris.lutece.portal.service.util.AppLogService;
59 import fr.paris.lutece.portal.web.constants.Messages;
60 import fr.paris.lutece.util.filesystem.FileSystemUtil;
61
62 import org.apache.commons.lang.StringUtils;
63
64 import java.io.IOException;
65 import java.io.OutputStream;
66
67 import java.util.List;
68
69 import javax.servlet.http.HttpServletRequest;
70 import javax.servlet.http.HttpServletResponse;
71
72
73
74
75
76
77 public final class DoDownloadFile
78 {
79 private static final String PARAMETER_ID_FILE = "id_file";
80 private static final String MESSAGE_ERROR_DURING_DOWNLOAD_FILE = "directory.message.error_during_download_file";
81
82
83
84
85 private DoDownloadFile( )
86 {
87 }
88
89
90
91
92
93
94
95
96
97
98
99 public static String doDownloadFile( HttpServletRequest request, HttpServletResponse response )
100 {
101 Plugin plugin = PluginService.getPlugin( DirectoryPlugin.PLUGIN_NAME );
102 String strIdFile = request.getParameter( PARAMETER_ID_FILE );
103 int nIdFile = DirectoryUtils.CONSTANT_ID_NULL;
104
105 if ( StringUtils.isBlank( strIdFile ) || !StringUtils.isNumeric( strIdFile ) )
106 {
107 String strIdDirectoryRecord = request.getParameter( DirectoryUtils.PARAMETER_ID_DIRECTORY_RECORD );
108 String strIdEntry = request.getParameter( DirectoryUtils.PARAMETER_ID_ENTRY );
109
110 if ( ( StringUtils.isBlank( strIdDirectoryRecord ) || !StringUtils.isNumeric( strIdDirectoryRecord ) )
111 && ( StringUtils.isBlank( strIdEntry ) || !StringUtils.isNumeric( strIdEntry ) ) )
112 {
113 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_DURING_DOWNLOAD_FILE, AdminMessage.TYPE_STOP );
114 }
115
116 int nIdDirectoryRecord = DirectoryUtils.convertStringToInt( strIdDirectoryRecord );
117 int nIdEntry = DirectoryUtils.convertStringToInt( strIdEntry );
118 RecordFieldFilter rfFilter = new RecordFieldFilter( );
119 rfFilter.setIdRecord( nIdDirectoryRecord );
120 rfFilter.setIdEntry( nIdEntry );
121
122 List<RecordField> listRecordFields = RecordFieldHome.getRecordFieldList( rfFilter, plugin );
123
124 if ( ( listRecordFields != null ) && !listRecordFields.isEmpty( ) )
125 {
126 RecordField recordField = listRecordFields.get( 0 );
127
128 if ( ( recordField != null ) && ( recordField.getFile( ) != null ) )
129 {
130 nIdFile = recordField.getFile( ).getIdFile( );
131 }
132 }
133
134 if ( ( nIdFile == DirectoryUtils.CONSTANT_ID_NULL ) || ( nIdFile == DirectoryUtils.CONSTANT_ID_ZERO ) )
135 {
136 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_DURING_DOWNLOAD_FILE, AdminMessage.TYPE_STOP );
137 }
138 }
139 else
140 {
141 nIdFile = DirectoryUtils.convertStringToInt( strIdFile );
142 }
143
144 DirectoryXsl directoryXsl = DirectoryXslHome.findByFile( nIdFile, plugin );
145 File file;
146
147 if ( directoryXsl != null )
148 {
149 if ( !isXslAuthorized( directoryXsl.getIdDirectoryXsl( ), request ) )
150 {
151 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
152 }
153 file = directoryXsl.getFile( );
154 }
155 else
156 {
157 IRecordService recordService = SpringContextService.getBean( RecordService.BEAN_SERVICE );
158 if ( !recordService.isFileAuthorized( nIdFile, request, plugin ) )
159 {
160 return AdminMessageService.getMessageUrl( request, Messages.USER_ACCESS_DENIED, AdminMessage.TYPE_STOP );
161 }
162 file = FileHome.findByPrimaryKey( nIdFile, plugin );
163 }
164
165 PhysicalFile physicalFile = ( file != null ) ? PhysicalFileHome.findByPrimaryKey( file.getPhysicalFile( ).getIdPhysicalFile( ), plugin ) : null;
166
167 if ( physicalFile != null )
168 {
169 try
170 {
171 byte [ ] byteFileOutPut = physicalFile.getValue( );
172 DirectoryUtils.addHeaderResponse( request, response, file.getTitle( ) );
173
174 String strMimeType = file.getMimeType( );
175
176 if ( strMimeType == null )
177 {
178 strMimeType = FileSystemUtil.getMIMEType( file.getTitle( ) );
179 }
180
181 response.setContentType( strMimeType );
182 response.setContentLength( byteFileOutPut.length );
183
184 OutputStream os = response.getOutputStream( );
185 os.write( byteFileOutPut );
186 os.close( );
187 }
188 catch( IOException e )
189 {
190 AppLogService.error( e );
191 }
192 }
193
194 return AdminMessageService.getMessageUrl( request, MESSAGE_ERROR_DURING_DOWNLOAD_FILE, AdminMessage.TYPE_STOP );
195 }
196
197 private static boolean isXslAuthorized( int nIdDirectoryXsl, HttpServletRequest request )
198 {
199 AdminUser adminUser = AdminUserService.getAdminUser( request );
200 if ( adminUser != null )
201 {
202 if ( adminUser.checkRight( ManageDirectoryJspBean.RIGHT_MANAGE_DIRECTORY ) )
203 {
204 boolean bRbacModify = RBACService.isAuthorized( DirectoryXsl.RESOURCE_TYPE, Integer.toString( nIdDirectoryXsl ),
205 DirectoryXslResourceIdService.PERMISSION_MODIFY, adminUser );
206 if ( bRbacModify )
207 {
208 return true;
209 }
210 }
211 }
212 return false;
213 }
214 }