View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.web.admin;
35  
36  import fr.paris.lutece.portal.business.portlet.Portlet;
37  import fr.paris.lutece.portal.business.portlet.PortletHome;
38  import fr.paris.lutece.portal.business.portlet.PortletType;
39  import fr.paris.lutece.portal.business.portlet.PortletTypeHome;
40  import fr.paris.lutece.portal.business.user.AdminUser;
41  import fr.paris.lutece.portal.service.admin.AccessDeniedException;
42  import fr.paris.lutece.portal.service.admin.AdminUserService;
43  import fr.paris.lutece.portal.service.message.AdminMessage;
44  import fr.paris.lutece.portal.service.message.AdminMessageService;
45  import fr.paris.lutece.portal.service.portlet.PortletRemovalListenerService;
46  import fr.paris.lutece.portal.service.portlet.PortletResourceIdService;
47  import fr.paris.lutece.portal.service.rbac.RBACService;
48  import fr.paris.lutece.portal.service.util.AppLogService;
49  import fr.paris.lutece.portal.web.constants.Messages;
50  import fr.paris.lutece.portal.web.constants.Parameters;
51  import fr.paris.lutece.util.url.UrlItem;
52  
53  import java.util.ArrayList;
54  import java.util.Locale;
55  
56  import javax.servlet.http.HttpServletRequest;
57  
58  import org.apache.commons.lang.StringUtils;
59  
60  /**
61   * This class provides the admin interface to manage administration of portlet on the pages
62   */
63  public class AdminPagePortletJspBean extends AdminFeaturesPageJspBean
64  {
65      // Right
66      public static final String RIGHT_MANAGE_ADMIN_SITE = "CORE_ADMIN_SITE";
67      private static final String PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS = "portal.site.message.warningPortletAlias";
68      private static final String PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET = "portal.site.message.confirmRemovePortlet";
69      private static final String MESSAGE_CANNOT_REMOVE_PORTLET = "portal.site.message.cannotRemovePortlet";
70      private static final String MESSAGE_CANNOT_REMOVE_PORTLET_TITLE = "portal.site.message.cannotRemovePortlet.title";
71      private static final String PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS = "portal.site.message.confirmModifyStatus";
72      private static final String PORTLET_STATUS = "status";
73      private static final String JSP_REMOVE_PORTLET = "jsp/admin/site/DoRemovePortlet.jsp";
74      private static final String JSP_DO_MODIFY_STATUS = "jsp/admin/site/DoModifyPortletStatus.jsp";
75      private static final String JSP_ADMIN_SITE = "AdminSite.jsp";
76  
77      /**
78       * Processes the modification of a portlet whose identifier is stored in the http request
79       *
80       * @param request The http request
81       * @return The jsp url of the process result
82       */
83      public String doModifyPortlet( HttpServletRequest request )
84      {
85          String strUrl = null;
86          String strPortletId = request.getParameter( Parameters.PORTLET_ID );
87  
88          int nPortletId = Integer.parseInt( strPortletId );
89          Portlet portlet = PortletHome.findByPrimaryKey( nPortletId );
90  
91          for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale(  ) ) )
92          {
93              if ( portletType.getId(  ).equals( portlet.getPortletTypeId(  ) ) )
94              {
95                  UrlItem url = new UrlItem( portletType.getUrlUpdate(  ) );
96                  url.addParameter( Parameters.PORTLET_ID, nPortletId );
97                  strUrl = url.getUrl(  );
98  
99                  break;
100             }
101         }
102 
103         return strUrl;
104     }
105 
106     /**
107      * Redirects towards the url of the process creation of a portlet according to its type or null if the portlet type
108      * doesn't exist.
109      *
110      * @param request The http request
111      * @return The jsp url of the portlet type process creation
112      */
113     public String doCreatePortlet( HttpServletRequest request )
114     {
115         String strUrl = null;
116         String strPortletTypeId = request.getParameter( Parameters.PORTLET_TYPE_ID );
117 
118         for ( PortletType portletType : PortletTypeHome.getPortletTypesList( getLocale(  ) ) )
119         {
120             if ( portletType.getId(  ).equals( strPortletTypeId ) )
121             {
122                 strUrl = portletType.getUrlCreation(  );
123 
124                 break;
125             }
126         }
127 
128         return strUrl;
129     }
130 
131     /**
132      * Displays the confirm message for deleting the portlet
133      *
134      * @param request The http request
135      * @return The confirm page
136      * @throws AccessDeniedException if the user is not authorized to manage the portlet
137      */
138     public String getRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
139     {
140         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
141         if ( !StringUtils.isNumeric( strPortletId ) )
142         {
143             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR);
144         }
145         int nPortletId = Integer.parseInt( strPortletId );
146         Portlet portlet = null;
147         try
148         {
149             portlet = PortletHome.findByPrimaryKey( nPortletId );
150         } catch (NullPointerException e)
151         {
152             AppLogService.error( "Error looking for portlet with id " + nPortletId, e );
153         }
154         if ( portlet == null || portlet.getId( ) != nPortletId )
155         {
156             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nPortletId }, AdminMessage.TYPE_ERROR);
157         }
158         AdminUser user = AdminUserService.getAdminUser( request );
159         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId(  ),
160                 PortletResourceIdService.PERMISSION_MANAGE, user ) )
161         {
162             throw new AccessDeniedException( "User " + user + " is not authorized to permission " + PortletResourceIdService.PERMISSION_MANAGE
163                     + " on portlet " + nPortletId );
164         }
165         String strUrl = JSP_REMOVE_PORTLET + "?portlet_id=" + strPortletId;
166         String strTarget = "_top";
167         if ( PortletHome.hasAlias( nPortletId ) )
168         {
169             return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_WARNING_PORTLET_ALIAS,
170                     new Object[] { portlet.getName( ) },
171                     null, strUrl, strTarget, AdminMessage.TYPE_CONFIRMATION );
172         }
173 
174         ArrayList<String> listErrors = new ArrayList<String>(  );
175         Locale locale = AdminUserService.getLocale( request );
176         if ( !PortletRemovalListenerService.getService(  ).checkForRemoval( strPortletId, listErrors, locale ) )
177         {
178             String strCause = AdminMessageService.getFormattedList( listErrors, locale );
179             Object[] args = { strCause, portlet.getName( ) };
180 
181             return AdminMessageService.getMessageUrl( request, MESSAGE_CANNOT_REMOVE_PORTLET, args,
182                 MESSAGE_CANNOT_REMOVE_PORTLET_TITLE, strUrl, strTarget, AdminMessage.TYPE_STOP );
183         }
184 
185         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_REMOVE_PORTLET,
186                 new Object[] { portlet.getName( ) }, null, strUrl, strTarget,
187                 AdminMessage.TYPE_CONFIRMATION );
188     }
189 
190     /**
191      * Processes the removal of the portlet
192      *
193      * @param request The http request
194      * @return The Jsp URL of the process result
195      * @throws AccessDeniedException if the user is not authorized to manage the portlet
196      */
197     public String doRemovePortlet( HttpServletRequest request ) throws AccessDeniedException
198     {
199         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
200         if ( !StringUtils.isNumeric( strPortletId ) )
201         {
202             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR);
203         }
204         int nPortletId = Integer.parseInt( strPortletId );
205         Portlet portlet = null;
206         try
207         {
208             portlet = PortletHome.findByPrimaryKey( nPortletId );
209         } catch (NullPointerException e)
210         {
211             AppLogService.error( "Error looking for portlet with id " + nPortletId, e );
212         }
213         if ( portlet == null || portlet.getId( ) != nPortletId )
214         {
215             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nPortletId }, AdminMessage.TYPE_ERROR);
216         }
217         AdminUser user = AdminUserService.getAdminUser( request );
218         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId(  ),
219                 PortletResourceIdService.PERMISSION_MANAGE, user ) )
220         {
221             throw new AccessDeniedException( "User " + user + " is not authorized to permission " + PortletResourceIdService.PERMISSION_MANAGE
222                     + " on portlet " + nPortletId );
223         }
224         ArrayList<String> listErrors = new ArrayList<String>(  );
225         Locale locale = AdminUserService.getLocale( request );
226 
227         if ( PortletRemovalListenerService.getService(  ).checkForRemoval( strPortletId, listErrors, locale ) )
228         {
229             portlet.remove(  );
230         }
231 
232         String strUrl = JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId(  );
233         return strUrl;
234     }
235 
236     /**
237      * Displays the portlet status modification page
238      *
239      * @param request The http request
240      * @return The confirm page
241      * @throws AccessDeniedException if the user is not authorized to manage the portlet
242      */
243     public String getModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
244     {
245         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
246         String strStatus = request.getParameter( PORTLET_STATUS );
247         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
248         {
249             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR);
250         }
251         int nPortletId = Integer.parseInt( strPortletId );
252         Portlet portlet = null;
253         try
254         {
255             portlet = PortletHome.findByPrimaryKey( nPortletId );
256         } catch (NullPointerException e)
257         {
258             AppLogService.error( "Error looking for portlet with id " + nPortletId, e );
259         }
260         if ( portlet == null || portlet.getId( ) != nPortletId )
261         {
262             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nPortletId }, AdminMessage.TYPE_ERROR);
263         }
264         int nStatus = Integer.parseInt( strStatus );
265         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
266         {
267             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nStatus }, AdminMessage.TYPE_ERROR);
268         }
269         AdminUser user = AdminUserService.getAdminUser( request );
270         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId(  ),
271                 PortletResourceIdService.PERMISSION_MANAGE, user ) )
272         {
273             throw new AccessDeniedException( "User " + user + " is not authorized to permission " + PortletResourceIdService.PERMISSION_MANAGE
274                     + " on portlet " + nPortletId );
275         }
276         String strUrl = JSP_DO_MODIFY_STATUS + "?portlet_id=" + strPortletId + "&status=" + strStatus;
277         String strTarget = "_top";
278 
279         return AdminMessageService.getMessageUrl( request, PROPERTY_MESSAGE_CONFIRM_MODIFY_STATUS, strUrl, strTarget,
280             AdminMessage.TYPE_CONFIRMATION );
281     }
282 
283     /**
284      * Processes the status definition for portlet : suspended or activated
285      *
286      * @param request The http request
287      * @return The Jsp URL of the process result
288      * @throws AccessDeniedException if the user is not authorized to manage the portlet
289      */
290     public String doModifyPortletStatus( HttpServletRequest request ) throws AccessDeniedException
291     {
292         String strPortletId = request.getParameter( Parameters.PORTLET_ID );
293         String strStatus = request.getParameter( PORTLET_STATUS );
294         if ( !StringUtils.isNumeric( strPortletId ) || !StringUtils.isNumeric( strStatus ) )
295         {
296             return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_ERROR);
297         }
298         int nPortletId = Integer.parseInt( strPortletId );
299         Portlet portlet = null;
300         try
301         {
302             portlet = PortletHome.findByPrimaryKey( nPortletId );
303         } catch (NullPointerException e)
304         {
305             AppLogService.error( "Error looking for portlet with id " + nPortletId, e );
306         }
307         if ( portlet == null || portlet.getId( ) != nPortletId )
308         {
309             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nPortletId }, AdminMessage.TYPE_ERROR);
310         }
311         int nStatus = Integer.parseInt( strStatus );
312         if ( nStatus != Portlet.STATUS_PUBLISHED && nStatus != Portlet.STATUS_UNPUBLISHED )
313         {
314             return AdminMessageService.getMessageUrl( request, Messages.MESSAGE_INVALID_ENTRY, new Object[] { nStatus }, AdminMessage.TYPE_ERROR);
315         }
316         AdminUser user = AdminUserService.getAdminUser( request );
317         if ( !RBACService.isAuthorized( PortletType.RESOURCE_TYPE, portlet.getPortletTypeId(  ),
318                 PortletResourceIdService.PERMISSION_MANAGE, user ) )
319         {
320             throw new AccessDeniedException( "User " + user + " is not authorized to permission " + PortletResourceIdService.PERMISSION_MANAGE
321                     + " on portlet " + nPortletId );
322         }
323 
324         PortletHome.updateStatus( portlet, nStatus );
325 
326         return JSP_ADMIN_SITE + "?" + Parameters.PAGE_ID + "=" + portlet.getPageId(  );
327     }
328 }