1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.plugins.workflow.modules.comment.web;
35
36 import fr.paris.lutece.api.user.User;
37 import fr.paris.lutece.plugins.workflow.modules.comment.business.CommentValue;
38 import fr.paris.lutece.plugins.workflow.modules.comment.service.CommentResourceIdService;
39 import fr.paris.lutece.plugins.workflow.modules.comment.service.CommentValueService;
40 import fr.paris.lutece.plugins.workflow.modules.comment.service.ICommentValueService;
41 import fr.paris.lutece.plugins.workflow.utils.WorkflowUtils;
42 import fr.paris.lutece.plugins.workflow.web.task.TaskComponentManager;
43 import fr.paris.lutece.plugins.workflowcore.business.resource.ResourceHistory;
44 import fr.paris.lutece.plugins.workflowcore.service.resource.IResourceHistoryService;
45 import fr.paris.lutece.plugins.workflowcore.service.resource.ResourceHistoryService;
46 import fr.paris.lutece.plugins.workflowcore.service.task.ITask;
47 import fr.paris.lutece.plugins.workflowcore.service.task.ITaskService;
48 import fr.paris.lutece.plugins.workflowcore.service.task.TaskService;
49 import fr.paris.lutece.plugins.workflowcore.web.task.ITaskComponentManager;
50 import fr.paris.lutece.portal.business.user.AdminUser;
51 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
52 import fr.paris.lutece.portal.service.admin.AdminUserService;
53 import fr.paris.lutece.portal.service.message.AdminMessage;
54 import fr.paris.lutece.portal.service.message.AdminMessageService;
55 import fr.paris.lutece.portal.service.rbac.RBACService;
56 import fr.paris.lutece.portal.service.spring.SpringContextService;
57 import fr.paris.lutece.portal.util.mvc.admin.MVCAdminJspBean;
58 import fr.paris.lutece.util.url.UrlItem;
59
60 import java.io.UnsupportedEncodingException;
61 import java.net.URLDecoder;
62 import java.net.URLEncoder;
63 import java.util.Iterator;
64 import java.util.List;
65
66 import javax.servlet.http.HttpServletRequest;
67
68 import org.apache.commons.lang3.StringUtils;
69
70
71
72
73
74 public class CommentJspBean extends MVCAdminJspBean
75 {
76
77
78
79 private static final long serialVersionUID = 5300419950066235152L;
80
81
82 private static final String PARAMETER_ID_HISTORY = "id_history";
83 private static final String PARAMETER_ID_TASK = "id_task";
84 private static final String PARAMETER_RETURN_URL = "return_url";
85
86
87 private static final String JSP_DO_REMOVE_COMMENT = "jsp/admin/plugins/workflow/modules/comment/DoRemoveComment.jsp";
88
89
90 private static final String MESSAGE_CONFIRM_REMOVE_COMMENT = "module.workflow.comment.message.confirm_remove_comment";
91
92
93 private static final String PARAMETER_ENCODING = "UTF-8";
94
95
96 private ICommentValueService _commentValueService = SpringContextService.getBean( CommentValueService.BEAN_SERVICE );
97 private IResourceHistoryService _resourceHistoryService = SpringContextService.getBean( ResourceHistoryService.BEAN_SERVICE );
98 private ITaskService _taskService = SpringContextService.getBean( TaskService.BEAN_SERVICE );
99 private ITaskComponentManager _taskComponentManager = SpringContextService.getBean( TaskComponentManager.BEAN_MANAGER );
100
101
102
103
104
105
106
107
108
109
110
111
112 public String getConfirmRemoveComment( HttpServletRequest request ) throws AccessDeniedException, UnsupportedEncodingException
113 {
114 if ( !canDeleteComment( request ) )
115 {
116 throw new AccessDeniedException( "The connected user is not allowed to delete this comment" );
117 }
118
119 String strIdHistory = request.getParameter( PARAMETER_ID_HISTORY );
120 String strIdTask = request.getParameter( PARAMETER_ID_TASK );
121 String strReturnUrl = request.getParameter( PARAMETER_RETURN_URL );
122
123 UrlItem url = new UrlItem( JSP_DO_REMOVE_COMMENT );
124 url.addParameter( PARAMETER_ID_HISTORY, strIdHistory );
125 url.addParameter( PARAMETER_ID_TASK, strIdTask );
126 url.addParameter( PARAMETER_RETURN_URL, URLEncoder.encode( strReturnUrl, PARAMETER_ENCODING ) );
127
128 return AdminMessageService.getMessageUrl( request, MESSAGE_CONFIRM_REMOVE_COMMENT, url.getUrl( ), AdminMessage.TYPE_CONFIRMATION );
129 }
130
131
132
133
134
135
136
137
138
139
140
141
142 public String doRemoveComment( HttpServletRequest request ) throws AccessDeniedException, UnsupportedEncodingException
143 {
144 if ( !canDeleteComment( request ) )
145 {
146 throw new AccessDeniedException( "The connected user is not allowed to delete this comment" );
147 }
148
149 String strIdHistory = request.getParameter( PARAMETER_ID_HISTORY );
150 int nIdHistory = WorkflowUtils.convertStringToInt( strIdHistory );
151 String strIdTask = request.getParameter( PARAMETER_ID_TASK );
152 int nIdTask = WorkflowUtils.convertStringToInt( strIdTask );
153
154 _commentValueService.removeByHistory( nIdHistory, nIdTask, WorkflowUtils.getPlugin( ) );
155
156
157 ResourceHistory resourceHistory = _resourceHistoryService.findByPrimaryKey( nIdHistory );
158 List<ITask> listActionTasks = _taskService.getListTaskByIdAction( resourceHistory.getAction( ).getId( ), request.getLocale( ) );
159
160 Iterator<ITask> iterator = listActionTasks.iterator( );
161 boolean informationToDisplay = false;
162 while ( iterator.hasNext( ) )
163 {
164 ITask task = iterator.next( );
165
166 String strTaskinformation = _taskComponentManager.getDisplayTaskInformation( resourceHistory.getId( ), request, request.getLocale( ), task );
167 if ( !StringUtils.isEmpty( strTaskinformation ) )
168 {
169 informationToDisplay = true;
170 break;
171 }
172 }
173
174 if ( !informationToDisplay )
175 {
176
177 for ( ITask actionTask : listActionTasks )
178 {
179 actionTask.doRemoveTaskInformation( nIdHistory );
180 }
181 _resourceHistoryService.remove( nIdHistory );
182 }
183
184 return URLDecoder.decode( request.getParameter( PARAMETER_RETURN_URL ), PARAMETER_ENCODING );
185 }
186
187
188
189
190
191
192
193
194 private boolean canDeleteComment( HttpServletRequest request )
195 {
196 String strIdHistory = request.getParameter( PARAMETER_ID_HISTORY );
197 int nIdHistory = WorkflowUtils.convertStringToInt( strIdHistory );
198 String strIdTask = request.getParameter( PARAMETER_ID_TASK );
199 int nIdTask = WorkflowUtils.convertStringToInt( strIdTask );
200 AdminUser userConnected = AdminUserService.getAdminUser( request );
201
202 CommentValue commentValue = _commentValueService.findByPrimaryKey( nIdHistory, nIdTask, WorkflowUtils.getPlugin( ) );
203
204 boolean bHasPermissionDeletion = RBACService.isAuthorized( commentValue, CommentResourceIdService.PERMISSION_DELETE, (User) userConnected );
205 boolean bIsOwner = _commentValueService.isOwner( nIdHistory, userConnected );
206
207 return bHasPermissionDeletion || bIsOwner;
208 }
209 }