001: /**********************************************************************************
002: * $URL: https://source.sakaiproject.org/svn/sam/tags/sakai_2-4-1/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/servlet/delivery/ShowMediaServlet.java $
003: * $Id: ShowMediaServlet.java 17070 2006-10-12 00:07:52Z ktsao@stanford.edu $
004: ***********************************************************************************
005: *
006: * Copyright (c) 2005, 2006 The Sakai Foundation.
007: *
008: * Licensed under the Educational Community License, Version 1.0 (the"License");
009: * you may not use this file except in compliance with the License.
010: * You may obtain a copy of the License at
011: *
012: * http://www.opensource.org/licenses/ecl1.php
013: *
014: * Unless required by applicable law or agreed to in writing, software
015: * distributed under the License is distributed on an "AS IS" BASIS,
016: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: * See the License for the specific language governing permissions and
018: * limitations under the License.
019: *
020: **********************************************************************************/package org.sakaiproject.tool.assessment.ui.servlet.delivery;
021:
022: import org.sakaiproject.authz.cover.SecurityService;
023: import org.sakaiproject.tool.assessment.services.assessment.PublishedAssessmentService;
024: import org.sakaiproject.tool.assessment.services.GradingService;
025: import org.sakaiproject.tool.assessment.data.dao.grading.MediaData;
026: import org.sakaiproject.tool.assessment.data.ifc.assessment.PublishedAssessmentIfc;
027: import org.sakaiproject.tool.assessment.data.ifc.shared.TypeIfc;
028: import org.sakaiproject.tool.assessment.facade.AgentFacade;
029: import org.sakaiproject.tool.assessment.ui.bean.shared.PersonBean;
030: import org.sakaiproject.tool.assessment.ui.listener.util.ContextUtil;
031: import java.io.*;
032:
033: import javax.servlet.ServletException;
034: import javax.servlet.ServletOutputStream;
035: import javax.servlet.http.HttpServlet;
036: import javax.servlet.http.HttpServletRequest;
037: import javax.servlet.http.HttpServletResponse;
038: import javax.servlet.RequestDispatcher;
039: import org.apache.commons.logging.Log;
040: import org.apache.commons.logging.LogFactory;
041:
042: /**
043: * <p>Title: Samigo</p>
044: * <p>Description: Sakai Assessment Manager</p>
045: * <p>Copyright: Copyright (c) 2004 Sakai Project</p>
046: * <p>Organization: Sakai Project</p>
047: * @author Ed Smiley
048: * @version $Id: ShowMediaServlet.java 17070 2006-10-12 00:07:52Z ktsao@stanford.edu $
049: */
050:
051: public class ShowMediaServlet extends HttpServlet {
052: /**
053: *
054: */
055: private static final long serialVersionUID = 2203681863823855810L;
056: private static Log log = LogFactory.getLog(ShowMediaServlet.class);
057:
058: public ShowMediaServlet() {
059: }
060:
061: public void doGet(HttpServletRequest req, HttpServletResponse res)
062: throws ServletException, IOException {
063: doPost(req, res);
064: }
065:
066: public void doPost(HttpServletRequest req, HttpServletResponse res)
067: throws ServletException, IOException {
068: // get media
069: String mediaId = req.getParameter("mediaId");
070: GradingService gradingService = new GradingService();
071: MediaData mediaData = gradingService.getMedia(mediaId);
072: String mediaLocation = mediaData.getLocation();
073: int fileSize = mediaData.getFileSize().intValue();
074: log.info("****1. media file size=" + fileSize);
075:
076: //if setMimeType="false" in query string, implies, we want to do a forced download
077: //in this case, we set contentType='application/octet-stream'
078: String setMimeType = req.getParameter("setMimeType");
079: log.info("****2. setMimeType=" + setMimeType);
080:
081: // get assessment's ownerId
082: // String assessmentCreatedBy = req.getParameter("createdBy");
083:
084: // who can access the media? You can,
085: // a. if you are the creator.
086: // b. if you have a assessment.grade.any or assessment.grade.own permission
087: boolean accessDenied = true;
088: String agentIdString = getAgentString(req, res);
089: String currentSiteId = "";
090: boolean isAudio = false;
091: Long assessmentGradingId = mediaData.getItemGradingData()
092: .getAssessmentGradingId();
093: PublishedAssessmentIfc pub = gradingService
094: .getPublishedAssessmentByAssessmentGradingId(assessmentGradingId
095: .toString());
096: if (pub != null) {
097: PublishedAssessmentService service = new PublishedAssessmentService();
098: currentSiteId = service.getPublishedAssessmentOwner(pub
099: .getPublishedAssessmentId());
100: }
101: Long typeId = gradingService.getTypeId(mediaData
102: .getItemGradingData().getItemGradingId());
103: if (typeId.equals(TypeIfc.AUDIO_RECORDING)) {
104: isAudio = true;
105: }
106:
107: // some log checking
108: //log.debug("agentIdString ="+agentIdString);
109: //log.debug("****current site Id ="+currentSiteId);
110:
111: // We only need to verify the Previleage if we display the media as a hyperlink
112: // If we display them in line, the previleage has been checked during rendering
113: // For SAK-6294, we want to display audio player in line. So we set isAudio to true above
114: // and skip the privilege checking
115: boolean hasPrivilege = agentIdString != null
116: && mediaData != null
117: && (agentIdString.equals(mediaData.getCreatedBy()) // user is creator
118: || canGrade(req, res, agentIdString, currentSiteId));
119: if (hasPrivilege || isAudio) {
120: accessDenied = false;
121: }
122: if (accessDenied) {
123: String path = "/jsf/delivery/mediaAccessDenied.faces";
124: RequestDispatcher dispatcher = req
125: .getRequestDispatcher(path);
126: dispatcher.forward(req, res);
127: } else {
128: String displayType = "inline";
129: if (mediaData.getMimeType() != null
130: && !(setMimeType != null && ("false")
131: .equals(setMimeType))) {
132: res.setContentType(mediaData.getMimeType());
133: } else {
134: displayType = "attachment";
135: res.setContentType("application/octet-stream");
136: }
137: log.debug("****" + displayType + ";filename=\""
138: + mediaData.getFilename() + "\";");
139: res.setHeader("Content-Disposition", displayType
140: + ";filename=\"" + mediaData.getFilename() + "\";");
141:
142: //** note that res.setContentType() must be called before res.getOutputStream(). see javadoc on this
143: FileInputStream inputStream = null;
144: BufferedInputStream buf_inputStream = null;
145: ServletOutputStream outputStream = res.getOutputStream();
146: BufferedOutputStream buf_outputStream = new BufferedOutputStream(
147: outputStream);
148: ByteArrayInputStream byteArrayInputStream = null;
149: if (mediaLocation == null
150: || (mediaLocation.trim()).equals("")) {
151: try {
152: byte[] media = mediaData.getMedia();
153: byteArrayInputStream = new ByteArrayInputStream(
154: media);
155: buf_inputStream = new BufferedInputStream(
156: byteArrayInputStream);
157: log.debug("**** media.length=" + media.length);
158: } catch (Exception e) {
159: log.error("****empty media =" + e.getMessage());
160: }
161: } else {
162: inputStream = getFileStream(mediaLocation);
163: buf_inputStream = new BufferedInputStream(inputStream);
164: }
165:
166: int count = 0;
167: try {
168: int i = 0;
169: while ((i = buf_inputStream.read()) != -1) {
170: //System.out.print(i);
171: buf_outputStream.write(i);
172: count++;
173: }
174: log.debug("**** mediaLocation=" + mediaLocation);
175: res.setContentLength(count);
176: res.flushBuffer();
177: } catch (Exception e) {
178: log.warn(e.getMessage());
179: } finally {
180: if (buf_outputStream != null) {
181: try {
182: buf_outputStream.close();
183: } catch (IOException e) {
184: log.error(e.getMessage());
185: }
186: }
187: if (buf_inputStream != null) {
188: try {
189: buf_inputStream.close();
190: } catch (IOException e) {
191: log.error(e.getMessage());
192: }
193: }
194: if (inputStream != null) {
195: try {
196: inputStream.close();
197: } catch (IOException e) {
198: log.error(e.getMessage());
199: }
200: }
201: if (outputStream != null) {
202: try {
203: outputStream.close();
204: } catch (IOException e) {
205: log.error(e.getMessage());
206: }
207: }
208: if (byteArrayInputStream != null) {
209: try {
210: byteArrayInputStream.close();
211: } catch (IOException e) {
212: log.error(e.getMessage());
213: }
214: }
215: }
216: }
217: }
218:
219: private FileInputStream getFileStream(String mediaLocation) {
220: FileInputStream inputStream = null;
221: try {
222: File media = new File(mediaLocation);
223: inputStream = new FileInputStream(media);
224: } catch (FileNotFoundException ex) {
225: log.warn("file not found=" + ex.getMessage());
226: }
227: return inputStream;
228: }
229:
230: public String getAgentString(HttpServletRequest req,
231: HttpServletResponse res) {
232: //String agentIdString = req.getRemoteUser();
233: String agentIdString = AgentFacade.getAgentString();
234: if (agentIdString == null || agentIdString.equals("")) { // try this
235: PersonBean person = (PersonBean) ContextUtil
236: .lookupBeanFromExternalServlet("person", req, res);
237: agentIdString = person.getAnonymousId();
238: }
239: return agentIdString;
240: }
241:
242: public boolean canGrade(HttpServletRequest req,
243: HttpServletResponse res, String agentId,
244: String currentSiteId) {
245: boolean hasPrivilege_any = hasPrivilege(req,
246: "grade_any_assessment", currentSiteId);
247: boolean hasPrivilege_own = hasPrivilege(req,
248: "grade_own_assessment", currentSiteId);
249: log.debug("hasPrivilege_any=" + hasPrivilege_any);
250: log.debug("hasPrivilege_own=" + hasPrivilege_own);
251: boolean hasPrivilege = (hasPrivilege_any || hasPrivilege_own);
252: return hasPrivilege;
253:
254: }
255:
256: public boolean isOwner(String agentId, String ownerId) {
257: boolean isOwner = false;
258: isOwner = agentId.equals(ownerId);
259: return isOwner;
260: }
261:
262: public boolean hasPrivilege(HttpServletRequest req,
263: String functionKey, String context) {
264: String functionName = (String) ContextUtil
265: .getLocalizedString(
266: req,
267: "org.sakaiproject.tool.assessment.bundle.AuthzPermissions",
268: functionKey);
269: boolean privilege = SecurityService.unlock(functionName,
270: "/site/" + context);
271: return privilege;
272: }
273: }
|