1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.itracker.web.actions.project;
20
21 import java.io.IOException;
22 import java.util.ArrayList;
23 import java.util.Collections;
24 import java.util.List;
25 import java.util.Map;
26 import java.util.Set;
27
28 import javax.servlet.ServletException;
29 import javax.servlet.http.HttpServletRequest;
30 import javax.servlet.http.HttpServletResponse;
31
32 import org.apache.log4j.Logger;
33 import org.apache.struts.action.ActionForm;
34 import org.apache.struts.action.ActionForward;
35 import org.apache.struts.action.ActionMapping;
36 import org.apache.struts.action.ActionMessage;
37 import org.apache.struts.action.ActionMessages;
38 import org.itracker.model.Issue;
39 import org.itracker.model.PermissionType;
40 import org.itracker.model.Project;
41 import org.itracker.services.IssueService;
42 import org.itracker.services.ProjectService;
43 import org.itracker.services.util.UserUtilities;
44 import org.itracker.web.actions.base.ItrackerBaseAction;
45 import org.itracker.web.forms.MoveIssueForm;
46
47 public class MoveIssueFormAction extends ItrackerBaseAction {
48
49 private static final Logger log = Logger.getLogger(MoveIssueFormAction.class);
50
51 private static final String UNAUTHORIZED_PAGE = "unauthorized";
52 private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
53
54
55
56 public ActionForward execute(ActionMapping mapping, ActionForm form,
57 HttpServletRequest request, HttpServletResponse response)
58 throws ServletException, IOException {
59
60 ActionMessages errors = new ActionMessages();
61 request.setAttribute("pageTitleKey", PAGE_TITLE_KEY);
62 request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
63
64 try {
65 IssueService issueService = getITrackerServices().getIssueService();
66 ProjectService projectService = getITrackerServices()
67 .getProjectService();
68
69 Integer issueId = Integer
70 .valueOf((request.getParameter("id") == null ? "-1"
71 : (request.getParameter("id"))));
72 Issue issue = issueService.getIssue(issueId);
73 if (issue == null) {
74 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
75 "itracker.web.error.invalidissue"));
76 } else {
77 request.setAttribute("pageTitleArg", issue.getId());
78
79 if (errors.isEmpty()) {
80 if (!isPermissionGranted(request, issue)) {
81 return mapping.findForward(UNAUTHORIZED_PAGE);
82 }
83
84 List<Project> projects = projectService.getAllAvailableProjects();
85 if (projects.size() == 0) {
86 return mapping.findForward(UNAUTHORIZED_PAGE);
87 }
88
89 List<Project> availableProjects = getAvailableProjects(request,
90 projects, issue);
91 if (availableProjects.size() == 0) {
92 errors.add(ActionMessages.GLOBAL_MESSAGE,
93 new ActionMessage("itracker.web.error.noprojects"));
94 }
95
96 if (errors.isEmpty()) {
97 setupMoveIssueForm(request, form, issue, availableProjects);
98 return mapping.getInputForward();
99 }
100 }
101 }
102 } catch (RuntimeException e) {
103 log.error("Exception while creating move issue form.", e);
104 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
105 "itracker.web.error.system"));
106 }
107 if (!errors.isEmpty()) {
108 saveErrors(request, errors);
109 }
110 return mapping.findForward("error");
111 }
112
113
114
115
116
117
118
119
120
121 private void setupMoveIssueForm(HttpServletRequest request, ActionForm form, Issue issue, List<Project> availableProjects){
122 MoveIssueForm moveIssueForm = (MoveIssueForm) form;
123 if (moveIssueForm == null) {
124 moveIssueForm = new MoveIssueForm();
125 }
126 moveIssueForm.setIssueId(issue.getId());
127 moveIssueForm.setCaller(request.getParameter("caller"));
128
129 request.setAttribute("moveIssueForm", moveIssueForm);
130 request.setAttribute("projects", availableProjects);
131 request.setAttribute("issue", issue);
132 saveToken(request);
133 log.info("No errors while moving issue. Forwarding to move issue form.");
134 }
135
136
137
138
139
140
141
142
143
144 private List<Project> getAvailableProjects(HttpServletRequest request, List<Project> projects,
145 Issue issue) {
146 Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
147 List<Project> availableProjects = new ArrayList<Project>();
148 for (int i = 0; i < projects.size(); i++) {
149 if (projects.get(i).getId() != null
150 && !projects.get(i).equals(issue.getProject())) {
151 if (UserUtilities.hasPermission(userPermissions,
152 projects.get(i).getId(), new int[] {
153 UserUtilities.PERMISSION_EDIT,
154 UserUtilities.PERMISSION_CREATE })) {
155 availableProjects.add(projects.get(i));
156 }
157 }
158 }
159 Collections.sort(availableProjects, new Project.ProjectComparator());
160 return availableProjects;
161 }
162
163
164
165
166
167
168
169 private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
170 Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
171
172 if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(),UserUtilities.PERMISSION_EDIT)) {
173 log.debug("Unauthorized user requested access to move issue for issue "
174 + issue.getId());
175 return false;
176 }
177 return true;
178 }
179 }