View Javadoc

1   /*
2    * This software was designed and created by Jason Carroll.
3    * Copyright (c) 2002, 2003, 2004 Jason Carroll.
4    * The author can be reached at jcarroll@cowsultants.com
5    * ITracker website: http://www.cowsultants.com
6    * ITracker forums: http://www.cowsultants.com/phpBB/index.php
7    *
8    * This program is free software; you can redistribute it and/or modify
9    * it only under the terms of the GNU General Public License as published by
10   * the Free Software Foundation; either version 2 of the License, or
11   * (at your option) any later version.
12   *
13   * This program is distributed in the hope that it will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16   * GNU General Public License for more details.
17   */
18  
19  package org.itracker.web.actions.project;
20  
21  import java.io.IOException;
22  import java.util.Map;
23  import java.util.Set;
24  
25  import javax.servlet.ServletException;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  
29  import org.apache.log4j.Logger;
30  import org.apache.struts.action.ActionForm;
31  import org.apache.struts.action.ActionForward;
32  import org.apache.struts.action.ActionMapping;
33  import org.apache.struts.action.ActionMessage;
34  import org.apache.struts.action.ActionMessages;
35  import org.itracker.model.Issue;
36  import org.itracker.model.PermissionType;
37  import org.itracker.model.User;
38  import org.itracker.services.IssueService;
39  import org.itracker.services.util.UserUtilities;
40  import org.itracker.web.actions.base.ItrackerBaseAction;
41  import org.itracker.web.forms.MoveIssueForm;
42  import org.itracker.web.util.LoginUtilities;
43  
44  public class MoveIssueAction extends ItrackerBaseAction {
45      
46  	private static final Logger log = Logger.getLogger(MoveIssueAction.class);
47  	
48      private static final String UNAUTHORIZED_PAGE = "unauthorized";
49  	private static final String VIEW_ISSUE_PAGE = "viewissue";
50  	private static final String EDIT_ISSUE_PAGE = "editissue";
51  	private static final String DEFAULT_PAGE = "index";
52  	private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
53  
54  	public ActionForward execute(ActionMapping mapping, ActionForm form, 
55              HttpServletRequest request, HttpServletResponse response) 
56              throws ServletException, IOException {
57      	ActionMessages errors = new ActionMessages();
58          request.setAttribute("pageTitleKey",PAGE_TITLE_KEY);
59  		request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
60         
61          if (!isValidToken(mapping, request, errors)){
62              return mapping.findForward(DEFAULT_PAGE);
63          }
64          
65          try {
66              IssueService issueService = getITrackerServices().getIssueService();
67  			Integer issueId = ((MoveIssueForm) form).getIssueId();
68  			Integer projectId = ((MoveIssueForm) form).getProjectId();
69  			String caller = ((MoveIssueForm) form).getCaller() != null ? ((MoveIssueForm) form)
70  					.getCaller()
71  					: DEFAULT_PAGE;
72              
73              Issue issue = issueService.getIssue(issueId);
74              if(issue == null) {
75                  errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidissue"));
76              }
77  
78  			request.setAttribute("pageTitleArg", issue.getId());
79  
80          	// is already on this issue            
81              if (issue.getProject() != null && issue.getProject().getId().equals(projectId)) {
82              	log.error("execute: attempted to move issue to its containing project");
83              	errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidproject"));
84              }
85              
86              if (errors.isEmpty()) {
87  				User user = LoginUtilities.getCurrentUser(request);
88  				if (!isPermissionGranted(request, issue))
89  					return mapping.findForward(UNAUTHORIZED_PAGE);
90  				
91                  issueService.moveIssue(issue, projectId, user.getId());
92                  if(caller.equals(EDIT_ISSUE_PAGE)) {
93                  	log.info("execute: go to forward editissue");
94                      return new ActionForward(mapping.findForward(EDIT_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
95                  } else if(caller.equals(VIEW_ISSUE_PAGE)) {
96                  	log.info("execute: go to forward viewissue");
97                      return new ActionForward(mapping.findForward(VIEW_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
98                  } else {
99                      return mapping.findForward(caller);
100                 }
101             }
102         } catch(Exception e) {
103         	log.error("execute: Exception processing form data", e);
104             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.system"));
105         }
106         
107         if(! errors.isEmpty()) {
108         	saveErrors(request, errors);
109         }
110         return mapping.findForward("error");
111     }
112 
113 	/**
114 	 * Validates token.
115 	 * 
116 	 * @param mapping ActionMapping.
117 	 * @param request HttpServletRequest.
118 	 * @param errors  ActionMessages.
119 	 * @return true if token is valid.  
120 	 */
121 	private boolean isValidToken(ActionMapping mapping,
122 			HttpServletRequest request, ActionMessages errors) {
123 		if (!isTokenValid(request)) {
124 			log.debug("Invalid request token while creating issue.");
125 			errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
126 					"itracker.web.error.transaction"));
127 			saveErrors(request, errors);
128 			return false;
129 		}
130         resetToken(request);
131 		return true;
132 	}
133     
134  
135     /**
136      * Checks permissions.
137      * 
138      * @param request HttpServletRequest.
139      * @param issue issue.
140      * @return true if permission is granted.
141      */
142     private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
143         Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
144         // TODO is seems first condition is not necessary
145         // TODO: return detailed messages on the missing authorization
146         if(! UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), UserUtilities.PERMISSION_EDIT_FULL)) {
147         	log.debug("User not authorized to move issue " + issue.getProject().getId());
148             return false;
149         }
150         if(! UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), new int[] {UserUtilities.PERMISSION_EDIT, UserUtilities.PERMISSION_CREATE})) {
151         	log.debug("User attempted to move issue " + issue.getId() + " to unauthorized project.");
152             return false;
153         }
154         return true;
155     }
156 }