View Javadoc

1   package org.itracker.web.actions.project;
2   
3   import java.util.Iterator;
4   import java.util.Map;
5   import java.util.Set;
6   import java.util.SortedMap;
7   import java.util.TreeMap;
8   
9   import javax.servlet.http.HttpServletRequest;
10  import javax.servlet.http.HttpServletResponse;
11  
12  import org.apache.log4j.Logger;
13  import org.apache.struts.action.ActionForm;
14  import org.apache.struts.action.ActionForward;
15  import org.apache.struts.action.ActionMapping;
16  import org.itracker.model.AbstractEntity;
17  import org.itracker.model.IssueActivity;
18  import org.itracker.model.PermissionType;
19  import org.itracker.model.Project;
20  import org.itracker.model.User;
21  import org.itracker.services.IssueService;
22  import org.itracker.services.util.IssueUtilities;
23  import org.itracker.services.util.UserUtilities;
24  import org.itracker.web.actions.base.ItrackerBaseAction;
25  import org.itracker.web.util.LoginUtilities;
26  import org.itracker.web.util.RequestHelper;
27  
28  /**
29   * 
30   * @author ranks
31   *
32   */
33  public class ViewIssueActivityAction extends ItrackerBaseAction {
34  	private static final Logger log = Logger
35  			.getLogger(ViewIssueActivityAction.class);
36  
37  	/**
38  	 * executes this struts-actions processing
39  	 */
40  	public ActionForward execute(ActionMapping mapping, ActionForm form,
41  			HttpServletRequest request, HttpServletResponse response)
42  			throws Exception {
43  		if (log.isDebugEnabled()) {
44  			log.debug("execute: called");
45  		}
46  		
47  		IssueService issueService = this.getITrackerServices()
48  				.getIssueService();
49  
50  		ActionForward ret = checkPermission(request, issueService, mapping);
51  		if (null != ret) {
52  			if (log.isDebugEnabled()) {
53  				log.debug("checkPermission: user has no permission, forwarding to " + ret);
54  			}
55  			return ret;
56  		}
57  		
58  		Map<IssueActivity, String> activities = prepareActivitiesMap(issueService, request);
59  		if (log.isDebugEnabled()) {
60  			log.debug("execute: preparing with activities: " + activities);
61  		}
62  		setupJspEnv(request, activities);
63  
64  		if (log.isDebugEnabled()) {
65  			log.debug("execute: forwarding to " + mapping.findForward("viewissueactivity"));
66  		}
67  		
68  		return mapping.findForward("viewissueactivity");
69  	}
70  	
71  	/**
72  	 * check if user can view the issue-activites for the requested issue
73  	 * 
74  	 * @param request
75  	 * @param issueService
76  	 * @param mapping
77  	 * @return ActionForward: not-null if access is denied, null if user is granted to see issue activities
78  	 */
79  	private ActionForward checkPermission(HttpServletRequest request, IssueService issueService, ActionMapping mapping) {
80  		final Map<Integer, Set<PermissionType>> permissions = RequestHelper
81  		.getUserPermissions(request.getSession());
82  
83  		User user = RequestHelper.getCurrentUser(request.getSession());
84  		Integer issueId = getIssueId(request);
85  		
86  		Project project = issueService.getIssueProject(issueId);
87  		User owner = issueService.getIssueOwner(issueId);
88  		User creator = issueService.getIssueCreator(issueId);
89  		
90  		if ((project == null || 
91  			    (!UserUtilities.hasPermission(permissions, project.getId(), UserUtilities.PERMISSION_VIEW_ALL)
92  			    	&& !(UserUtilities.hasPermission(permissions, project.getId(), UserUtilities.PERMISSION_VIEW_USERS)
93  			    	&& ((owner != null && owner.getId().equals(user.getId())) || (creator != null && creator.getId().equals(user.getId())))
94  			)))) {
95  
96  			return mapping.findForward("unauthorized");
97  		}
98  		
99  		return null;
100 	}
101 	
102 	/**
103 	 * read issue id from request
104 	 * @param request
105 	 * @return Integer - issue id or -1 if not in request
106 	 */
107 	private static Integer getIssueId(HttpServletRequest request) {
108 		try {
109 			return Integer.valueOf(request.getParameter("id"));
110 		} catch (RuntimeException re) {
111 			if (log.isDebugEnabled()) {
112 				log.debug("getIssueId: no issue-id in request, caught", re);
113 			}
114 		}
115 		return -1;
116 	}
117 
118 	/**
119 	 * 
120 	 * Set the objects in request that are required for ui render
121 	 * 
122 	 * @param request
123 	 * @param issueId
124 	 * @param activities
125 	 */
126 	private static final void setupJspEnv(HttpServletRequest request, Map<IssueActivity, String> activities) {
127 
128 		Integer issueId = getIssueId(request);
129 		request.setAttribute("activities", activities);
130 		request.setAttribute("issueId", issueId);
131 	}
132 	
133 	/**
134 	 * 
135 	 * @param issueId
136 	 * @param issueService
137 	 * @param request
138 	 * @return
139 	 */
140 	private static final Map<IssueActivity, String> prepareActivitiesMap(IssueService issueService, HttpServletRequest request) {
141 		SortedMap<IssueActivity, String> activities = new TreeMap<IssueActivity, String>(AbstractEntity.ID_COMPARATOR);
142 
143 		Integer issueId = getIssueId(request);
144 		Iterator<IssueActivity> activityIt = issueService.getIssueActivity(issueId).iterator();
145 		IssueActivity issueActivity;
146 		while (activityIt.hasNext()) {
147 			issueActivity = (IssueActivity) activityIt.next();
148 			activities.put(issueActivity,IssueUtilities.getActivityName(issueActivity.getActivityType(),
149 					LoginUtilities.getCurrentLocale(request)));
150 		}
151 		
152 		return activities;
153 		
154 	}
155 
156 }