001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. The ASF licenses this file to You
004: * under the Apache License, Version 2.0 (the "License"); you may not
005: * use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License. For additional information regarding
015: * copyright in this work, please see the NOTICE file in the top level
016: * directory of this distribution.
017: */
018:
019: package org.apache.roller.ui.core.tags.menu;
020:
021: import java.util.ArrayList;
022: import java.util.Arrays;
023: import java.util.Hashtable;
024: import java.util.Iterator;
025: import java.util.List;
026: import javax.servlet.http.HttpServletRequest;
027: import javax.servlet.jsp.PageContext;
028: import org.apache.struts.util.RequestUtils;
029: import org.apache.roller.RollerException;
030: import org.apache.roller.config.RollerConfig;
031: import org.apache.roller.business.Roller;
032: import org.apache.roller.business.RollerFactory;
033: import org.apache.roller.pojos.FolderData;
034: import org.apache.roller.pojos.BookmarkData;
035: import org.apache.roller.pojos.PermissionsData;
036: import org.apache.roller.pojos.UserData;
037: import org.apache.roller.pojos.WeblogCategoryData;
038: import org.apache.roller.pojos.WeblogEntryData;
039: import org.apache.roller.pojos.WebsiteData;
040: import org.apache.roller.ui.core.BasePageModel;
041: import org.apache.roller.ui.core.RequestConstants;
042: import org.apache.roller.ui.core.RollerSession;
043: import org.apache.roller.ui.rendering.util.WeblogPageRequest;
044: import org.apache.roller.util.Utilities;
045:
046: /**
047: * Base class for Roller menu objects.
048: */
049: public abstract class BaseRollerMenu {
050:
051: protected String mName = null;
052: protected String mForward = null;
053: protected String mSubforwards = null;
054: protected String mEnabledProperty = null;
055: protected String mDisabledProperty = null;
056: protected List mRoles = new ArrayList();
057: protected List mPerms = new ArrayList();
058:
059: public BaseRollerMenu() {
060: init();
061: }
062:
063: public BaseRollerMenu(String name, String forward) {
064: mName = name;
065: mForward = forward;
066: init();
067: }
068:
069: /**
070: * Set defaults as described in WEB-INF/editor-menu.xml
071: */
072: public void init() {
073: mRoles.add("admin");
074: mRoles.add("editor");
075:
076: mPerms.add("admin");
077: mPerms.add("author");
078: }
079:
080: /** Name of menu */
081: public void setName(String v) {
082: mName = v;
083: }
084:
085: /** Name of menu */
086: public String getName() {
087: return mName;
088: }
089:
090: /** Struts forward */
091: public String getForward() {
092: return mForward;
093: }
094:
095: /** Struts forward */
096: public void setForward(String forward) {
097: mForward = forward;
098: }
099:
100: /** Subforward: other forwards grouped under this menu */
101: public String getSubforwards() {
102: return mSubforwards;
103: }
104:
105: /** Subforwards: other forwards grouped under this menu */
106: public void setSubforwards(String subforwards) {
107: mSubforwards = subforwards;
108: }
109:
110: /** Roles allowed to view menu, comma separated */
111: public void setRoles(String roles) {
112: mRoles = Arrays.asList(Utilities
113: .stringToStringArray(roles, ","));
114: }
115:
116: /** Website permissions required to view menu, comma separated */
117: public void setPerms(String perms) {
118: mPerms = Arrays.asList(Utilities
119: .stringToStringArray(perms, ","));
120: }
121:
122: /** Name of property that enables menu (or null if always enabled) */
123: public void setEnabledProperty(String enabledProperty) {
124: mEnabledProperty = enabledProperty;
125: }
126:
127: /** Name of property that disable menu (or null if always enabled) */
128: public void setDisabledProperty(String disabledProperty) {
129: mDisabledProperty = disabledProperty;
130: }
131:
132: /** Determine if menu should be shown to use of specified request */
133: public boolean isPermitted(HttpServletRequest req)
134: throws RollerException {
135: // first, bail out if menu is disabled
136: if (mEnabledProperty != null) {
137: String enabledProp = RollerConfig
138: .getProperty(mEnabledProperty);
139: if (enabledProp != null
140: && enabledProp.equalsIgnoreCase("false")) {
141: return false;
142: }
143: }
144: if (mDisabledProperty != null) {
145: String disabledProp = RollerConfig
146: .getProperty(mDisabledProperty);
147: if (disabledProp != null
148: && disabledProp.equalsIgnoreCase("true")) {
149: return false;
150: }
151: }
152: RollerSession rses = RollerSession.getRollerSession(req);
153: boolean ret = true;
154:
155: if (rses != null && rses.isGlobalAdminUser())
156: return true;
157:
158: // next, make sure that users role permits it
159: if (mRoles != null && mRoles.size() > 0) {
160: ret = false;
161: Iterator roles = mRoles.iterator();
162: while (roles.hasNext()) {
163: String role = (String) roles.next();
164: if (req.isUserInRole(role) || role.equals("any")) {
165: ret = true;
166: break;
167: }
168: }
169: }
170:
171: // finally make sure that user has required website permissions
172: if (ret && mPerms != null && mPerms.size() > 0) {
173: UserData user = null;
174: if (rses != null)
175: user = rses.getAuthenticatedUser();
176:
177: WebsiteData website = getRequestedWeblog(req);
178: BasePageModel pageModel = (BasePageModel) req
179: .getAttribute("model");
180: if (pageModel != null) {
181: website = pageModel.getWebsite();
182: }
183:
184: PermissionsData permsData = null;
185: if (user != null && website != null) {
186: permsData = RollerFactory.getRoller().getUserManager()
187: .getPermissions(website, user);
188: }
189: ret = false;
190: Iterator perms = mPerms.iterator();
191: while (perms.hasNext()) {
192: String perm = (String) perms.next();
193: if (perm.equals("any")) {
194: ret = true; // any permission will do (including none)
195: break;
196: }
197: if (permsData != null
198: && ((perm.equals("admin") && permsData
199: .has(PermissionsData.ADMIN))
200: || (perm.equals("author") && permsData
201: .has(PermissionsData.AUTHOR)) || (perm
202: .equals("limited") && permsData
203: .has(PermissionsData.LIMITED)))) {
204: ret = true; // user has one of the required permissions
205: break;
206: }
207: }
208: }
209: return ret;
210: }
211:
212: /** Name of Struts forward menu item should link to */
213: public String getUrl(PageContext pctx) {
214: String url = null;
215: try {
216: Hashtable params = RollerMenuModel
217: .createParams((HttpServletRequest) pctx
218: .getRequest());
219: params.put(RollerMenuModel.MENU_ITEM_KEY, getName());
220: url = RequestUtils.computeURL(pctx, mForward, // forward
221: null, // href
222: null, // page
223: null, params, // params
224: null, // anchor
225: false); // redirect
226: } catch (Exception e) {
227: pctx.getServletContext().log(
228: "ERROR in menu item creating URL", e);
229: }
230: return url;
231: }
232:
233: /**
234: * Currently, the menu tag can be used in both the authoring UI and the
235: * rendering system, so we have to check both forms of URL to determine
236: * the selected weblog.
237: *
238: * TODO 3.0: more simple/consistent method for conveying weblog state across requests
239: *
240: * NOTE: even better would be to separate this into 2 versions, one for
241: * the authoring/admin UI and one for rendering. it doesn't make
242: * sense for this strange intermixing to be happening.
243: */
244: protected static WebsiteData getRequestedWeblog(
245: HttpServletRequest request) throws RollerException {
246: WebsiteData weblog = null;
247: Roller roller = RollerFactory.getRoller();
248: // first check authoring form of URL
249: if (request.getParameter(RequestConstants.WEBLOG) != null) {
250: String weblogHandle = request
251: .getParameter(RequestConstants.WEBLOG);
252: weblog = roller.getUserManager().getWebsiteByHandle(
253: weblogHandle);
254: } else if (request.getParameter(RequestConstants.WEBLOG_ID) != null) {
255: String weblogId = request
256: .getParameter(RequestConstants.WEBLOG_ID);
257: weblog = roller.getUserManager().getWebsite(weblogId);
258: } else if (request
259: .getParameter(RequestConstants.WEBLOGENTRY_ID) != null) {
260: String entryId = request
261: .getParameter(RequestConstants.WEBLOGENTRY_ID);
262: WeblogEntryData entry = roller.getWeblogManager()
263: .getWeblogEntry(entryId);
264: if (entry != null) {
265: weblog = entry.getWebsite();
266: }
267: } else if (request
268: .getParameter(RequestConstants.WEBLOGCATEGORY_ID) != null) {
269: String catId = request
270: .getParameter(RequestConstants.WEBLOGCATEGORY_ID);
271: WeblogCategoryData cat = roller.getWeblogManager()
272: .getWeblogCategory(catId);
273: if (cat != null) {
274: weblog = cat.getWebsite();
275: }
276: } else if (request.getParameter(RequestConstants.FOLDER_ID) != null) {
277: String folderId = request
278: .getParameter(RequestConstants.FOLDER_ID);
279: FolderData folder = roller.getBookmarkManager().getFolder(
280: folderId);
281: if (folder != null) {
282: weblog = folder.getWebsite();
283: }
284: } else if (request.getParameter(RequestConstants.BOOKMARK_ID) != null) {
285: String bookmarkId = request
286: .getParameter(RequestConstants.BOOKMARK_ID);
287: BookmarkData bookmark = roller.getBookmarkManager()
288: .getBookmark(bookmarkId);
289: FolderData folder = bookmark.getFolder();
290: if (folder != null) {
291: weblog = folder.getWebsite();
292: }
293: } else if (request.getSession().getAttribute(
294: RequestConstants.WEBLOG_SESSION_STASH) != null) {
295: String handle = (String) request.getSession().getAttribute(
296: RequestConstants.WEBLOG_SESSION_STASH);
297: weblog = roller.getUserManager().getWebsiteByHandle(handle);
298: } else {
299: // check rendering system form of URL
300: // TODO: hack. we expect the parsed request as an HttpRequest attr
301: WeblogPageRequest pageRequest = (WeblogPageRequest) request
302: .getAttribute("pageRequest");
303: if (pageRequest != null) {
304: weblog = pageRequest.getWeblog();
305: }
306: }
307: return weblog;
308: }
309: }
|