001: package org.tigris.scarab.screens;
002:
003: /* ================================================================
004: * Copyright (c) 2000-2002 CollabNet. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions are
008: * met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in the
015: * documentation and/or other materials provided with the distribution.
016: *
017: * 3. The end-user documentation included with the redistribution, if
018: * any, must include the following acknowlegement: "This product includes
019: * software developed by Collab.Net <http://www.Collab.Net/>."
020: * Alternately, this acknowlegement may appear in the software itself, if
021: * and wherever such third-party acknowlegements normally appear.
022: *
023: * 4. The hosted project names must not be used to endorse or promote
024: * products derived from this software without prior written
025: * permission. For written permission, please contact info@collab.net.
026: *
027: * 5. Products derived from this software may not use the "Tigris" or
028: * "Scarab" names nor may "Tigris" or "Scarab" appear in their names without
029: * prior written permission of Collab.Net.
030: *
031: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
032: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
033: * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
034: * IN NO EVENT SHALL COLLAB.NET OR ITS CONTRIBUTORS BE LIABLE FOR ANY
035: * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
036: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
037: * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
038: * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
039: * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
040: * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
041: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
042: *
043: * ====================================================================
044: *
045: * This software consists of voluntary contributions made by many
046: * individuals on behalf of Collab.Net.
047: */
048:
049: // Java Stuff
050: import java.util.List;
051:
052: // Turbine Stuff
053: import org.apache.turbine.RunData;
054: import org.apache.turbine.TemplateContext;
055: import org.apache.turbine.TemplateSecureScreen;
056: import org.apache.turbine.Turbine;
057:
058: // Scarab Stuff
059: import org.tigris.scarab.services.security.ScarabSecurity;
060: import org.tigris.scarab.tools.ScarabRequestTool;
061: import org.tigris.scarab.tools.ScarabLocalizationTool;
062: import org.tigris.scarab.tools.localization.L10NKeySet;
063: import org.tigris.scarab.util.ScarabConstants;
064: import org.tigris.scarab.util.Log;
065: import org.tigris.scarab.om.Module;
066: import org.tigris.scarab.om.ModuleManager;
067: import org.tigris.scarab.om.ScarabUser;
068:
069: /**
070: * This class is responsible for building the Context up
071: * for the Default Screen as well as validating Security information
072: * for all of the Screens. Please note that the Actions also may depend
073: * on the checkAuthorized() method in order to prevent the need for
074: * duplication of code.
075: *
076: * @author <a href="mailto:jon@collab.net">Jon S. Stevens</a>
077: * @version $Id: Default.java 9290 2004-12-03 15:57:52Z dep4b $
078: */
079: public class Default extends TemplateSecureScreen {
080: /**
081: * Override the subclass and call doBuildTemplate. This is a hack.
082: * For some reason the doBuildTemplate is not being called in a
083: * few select cases, so lets just hack things to always get called
084: * properly.
085: */
086: public String doBuild(RunData data) throws Exception {
087: super .doBuild(data);
088: return "";
089: }
090:
091: /**
092: * builds up the context for display of variables on the page.
093: */
094: protected void doBuildTemplate(RunData data, TemplateContext context)
095: throws Exception {
096: ScarabRequestTool scarabR = getScarabRequestTool(context);
097: // This may not be the best location for this, we might need to create
098: // a valve.
099: // check that the module exists, it may not have been created yet.
100: try {
101: scarabR.getCurrentModule();
102: } catch (Exception ignore) {
103: }
104:
105: // add the title text to the context.
106: ScarabLocalizationTool l10n = (ScarabLocalizationTool) context
107: .get("l10n");
108:
109: // Determine whether this target requires issue types.
110: String altTarget = getTargetForNoIssueTypes(data);
111: boolean changeTarget = false;
112: if (altTarget != null) {
113: List issueTypes = scarabR.getCurrentModule().getIssueTypes(
114: true);
115: changeTarget = (issueTypes == null || issueTypes.isEmpty());
116: }
117:
118: if (changeTarget) {
119: // Pass control to the alternate target.
120: scarabR.setAlertMessage(L10NKeySet.IssueTypeUnavailable);
121: setTarget(data, altTarget);
122: } else {
123: // Add the title text to the context.
124: String title = null;
125: try {
126: title = getTitle(scarabR, l10n);
127: } catch (Exception e) {
128: Log.get().info(
129: "Error getting page title for Screen: "
130: + data.getTarget());
131: }
132: if (title == null) {
133: title = "Scarab";
134: }
135: context.put("title", title);
136: }
137: }
138:
139: protected String getTitle(ScarabRequestTool scarabR,
140: ScarabLocalizationTool l10n) throws Exception {
141: return l10n.getTitle();
142: }
143:
144: /**
145: * @return The value of the
146: * <code>template.[screen].noIssueTypesForwardsTo</code> property,
147: * or <code>null</code> if not set.
148: *
149: */
150: private String getTargetForNoIssueTypes(RunData data) {
151: String property = "template."
152: + data.getTarget().replace(',', '/')
153: + ".noIssueTypesForwardsTo";
154: return Turbine.getConfiguration().getString(property, null);
155: }
156:
157: /**
158: * sets the template to Login.vm if the user hasn't logged in yet
159: * or if the user does not have the base permissions.
160: */
161: protected boolean isAuthorized(RunData data) throws Exception {
162: return checkAuthorized(data);
163: }
164:
165: /**
166: * Public static access to the isAuthorized() method so that
167: * an Action can use this same method to do authorization.
168: */
169: public static boolean checkAuthorized(RunData data)
170: throws Exception {
171: String template = data.getTarget();
172: {
173: template = template.replace(',', '.');
174: String perm = ScarabSecurity.getScreenPermission(template);
175: TemplateContext context = getTemplateContext(data);
176: ScarabRequestTool scarabR = getScarabRequestTool(context);
177: ScarabLocalizationTool l10n = getLocalizationTool(context);
178: Module currentModule = scarabR.getCurrentModule();
179: ScarabUser user = (ScarabUser) data.getUser();
180: if (perm != null) {
181: if (!user.hasLoggedIn()
182: || !user.hasPermission(perm, currentModule)) {
183: scarabR
184: .setInfoMessage(L10NKeySet.LoginToAccountWithPermissions);
185: // it is very common to come from email to view a
186: // particular issue. Until a more general formula for
187: // deciding which requests might be ok to continue after
188: // a login, we will at least allow this one.
189: if ("ViewIssue.vm".equals(data.getTarget())) {
190: data.getParameters().setString("viewIssueId",
191: data.getParameters().getString("id"));
192: }
193:
194: setTargetLogin(data);
195: scarabR.setCurrentModule(null);
196: return false;
197: } else if (currentModule == null) {
198: Log.get().debug("Current module is null");
199: scarabR
200: .setInfoMessage(L10NKeySet.SelectModuleToWorkIn);
201: setTargetSelectModule(data);
202: return false;
203: }
204: }
205: // does the user at least have a role in the module?
206: // we don't check user.hasLoggedIn() here because guest
207: // users could have a role in a module.
208: else if (currentModule != null
209: && !user.hasAnyRoleIn(currentModule)
210: && !user.hasAnyRoleIn(ModuleManager
211: .getInstance(Module.ROOT_ID))) {
212: if (Log.get().isDebugEnabled()) {
213: Log
214: .get()
215: .debug(
216: "User ("
217: + user.getUserId()
218: + ") did not have any roles in current module"
219: + currentModule.getName());
220: }
221: scarabR.setCurrentModule(null);
222: data.getParameters().remove(
223: ScarabConstants.CURRENT_MODULE);
224: scarabR
225: .setAlertMessage(L10NKeySet.NoPermissionInModule);
226: setTargetSelectModule(data);
227: return false;
228: }
229: /* FIXME
230: Breaks the ability to request roles because the permission is null and
231: the module is null, but we are logged in. John, we should assign default
232: permissions to each screen so that we can make it so that someone can be
233: logged in, but not select a module yet and be shown the select module
234: screen. (JSS)
235:
236: else if (currentModule == null &&
237: user != null &&
238: user.hasLoggedIn())
239: {
240: setTargetSelectModule(data);
241: return true;
242: }
243: */
244: }
245: return true;
246: }
247:
248: public static void setTargetSelectModule(RunData data) {
249: getTemplateContext(data).put(
250: ScarabConstants.NEXT_TEMPLATE,
251: data.getParameters().getString(
252: ScarabConstants.NEXT_TEMPLATE));
253:
254: setTarget(data, Turbine.getConfiguration().getString(
255: "scarab.CurrentModuleTemplate", "SelectModule.vm"));
256: }
257:
258: public static void setTargetLogin(RunData data) {
259: getTemplateContext(data).put(ScarabConstants.NEXT_TEMPLATE,
260: data.getParameters().getString("template"));
261: setTarget(data, "Login.vm");
262: }
263:
264: /**
265: * Helper method to retrieve the ScarabRequestTool from the Context
266: */
267: public static ScarabRequestTool getScarabRequestTool(
268: TemplateContext context) {
269: return (ScarabRequestTool) context
270: .get(ScarabConstants.SCARAB_REQUEST_TOOL);
271: }
272:
273: /**
274: * Helper method to retrieve the ScarabLocalizationTool from the Context
275: */
276: public static ScarabLocalizationTool getLocalizationTool(
277: TemplateContext context) {
278: return (ScarabLocalizationTool) context
279: .get(ScarabConstants.LOCALIZATION_TOOL);
280: }
281: }
|