/**
* Stores uploaded file "as it is" and adds database entry.
*
* @return ID of attachment in the database.
*/
@Override
public Attachment uploadFile(
String fileName, String contentType, User user, byte[] contents, String tags) {
if (log.isTraceEnabled()) {
log.trace(">> uploadFile()");
}
try {
if (contents.length > MAX_ZIP_SIZE) {
log.trace("File too large!");
throw new IOException("File too large.");
}
if (!checkUploadRights(user)) {
return null;
}
Attachment a = prepareAttachment(fileName, contentType, user, contents, tags);
em.persist(a);
Set<User> uset = new HashSet();
uset.add(user);
a.setUser(uset);
em.merge(a);
if (log.isTraceEnabled()) {
log.trace("<< uploadFile(): " + a);
}
return a;
} catch (Exception ex) {
log.error("uploadFile(): Failed to upload file.", ex);
return null;
}
}
@Override
public Attachment shareFile(Long attachmentId, long who, Long with) {
if (log.isTraceEnabled()) {
log.trace(">> shareFile(): attachmentId=" + attachmentId + ", who=" + who + ", with=" + with);
}
Attachment att = em.find(Attachment.class, attachmentId);
if (att == null) {
if (log.isTraceEnabled()) {
log.trace("<< shareFile(): null - no such attachment");
}
return null;
}
boolean canShare = false;
try {
// canShare |= um.isAdmin(who);
User actor = em.find(User.class, who);
if (actor != null && actor.getUserGroup() == 1) {
canShare = true;
}
} catch (Exception ex) {
}
if (!canShare) {
for (User u : att.getUser()) {
if (u.getId() == who) {
canShare = true;
break;
}
}
}
if (!canShare) {
if (log.isTraceEnabled()) {
log.trace("<< shareFile(): null - operation is not permitted");
}
return null;
}
User w = em.find(User.class, with);
if (w == null) {
if (log.isTraceEnabled()) {
log.trace("<< shareFile(): cannot share with nobody, and owners list was not modified");
}
return att;
}
att.getUser().add(w);
em.persist(att);
return att;
}
/**
* Stores uploaded file in database. If there are several files, they are compressed into zip
* archive (with filename = user_login.zip).
*
* @param user Owner of the attachment
* @param files List of uploaded files to be saved into database
* @return ID of attachment in the database or null if operation failed.
*/
@Override
public Attachment uploadFiles(User user, List<ReshakaUploadedFile> files, String tags) {
if (log.isTraceEnabled()) {
log.trace(">> uploadFiles(): " + files);
}
if (!checkUploadRights(user)) {
return null;
}
if (files.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("List of files is empty! Nothing to compress.");
}
return null;
}
try {
Attachment att = prepareAttachment(user, files, tags);
if (att.getSize() > MAX_ZIP_SIZE) {
if (log.isTraceEnabled()) {
log.trace("File too large!");
}
throw new IOException("File too large.");
}
em.persist(att);
Set<User> uset = new HashSet();
uset.add(user);
att.setUser(uset);
em.merge(att);
if (log.isTraceEnabled()) {
log.trace("<< uploadFiles(): " + att);
}
return att;
} catch (Exception ex) {
log.error("uploadFiles(): Failed to upload files. ", ex);
return null;
}
}
@Override
public Attachment reuploadFiles(
User user, Long attachmentId, List<ReshakaUploadedFile> files, String tags) {
if (attachmentId == null) {
return uploadFiles(user, files, tags);
}
if (!checkUploadRights(user)) {
return null;
}
Attachment original = em.find(Attachment.class, attachmentId);
if (original == null) {
return null;
}
Set<User> u = original.getUser();
removeAttachmentFromDisk(original);
original = prepareAttachment(user, files, tags);
original.setId(attachmentId);
original.setUser(u);
return em.merge(original);
}
@Override
public Attachment renameAttachment(Long userId, long attachmentId, String name) {
if (log.isDebugEnabled()) {
log.debug(">> renameAttachment() : userId =" + userId + ", attachmentId=" + attachmentId);
}
if (userId == null) {
if (log.isTraceEnabled()) {
log.trace("<< renameAttachment() : null // operation is not permitted");
}
return null;
}
User u = em.find(User.class, userId);
if (u == null) {
if (log.isTraceEnabled()) {
log.trace("<< renameAttachment() : null // no such user! operation is not permitted");
}
return null;
}
Attachment att = em.find(Attachment.class, attachmentId);
if (att == null) {
if (log.isTraceEnabled()) {
log.trace("<< renameAttachment() : null // invalid attachmentId=" + attachmentId);
}
return null;
}
if (!isOwner(u, att) && u.getUserGroup() != User.ADMIN) {
if (log.isTraceEnabled()) {
log.trace("<< renameAttachment() : null // operation is not permitted");
}
return null;
}
att.setName(name);
if (log.isDebugEnabled()) {
log.debug(">> renameAttachment() : userId =" + userId + ", attachmentId=" + attachmentId);
}
return em.merge(att);
}
@javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.SUPPORTS)
private boolean isOwner(User u, Attachment a) {
for (User usr : a.getUser()) {
if (usr.getId().equals(u.getId())) {
if (log.isTraceEnabled()) {
log.trace("<< isOwner(): true // owner of the file");
}
return true;
}
}
if (log.isTraceEnabled()) {
log.trace("<< isOwner(): false");
}
return false;
}
@Override
@javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.SUPPORTS)
public Attachment getUploadedFile(Long userId, long id) {
if (log.isTraceEnabled()) {
log.trace(">> getUploadedFile(): id=" + id);
}
try {
Attachment att = em.find(Attachment.class, id);
if (!checkDownloadRights(userId, att.getId())) {
return null;
}
if (log.isTraceEnabled()) {
log.trace("<< getUploadedFile(): " + att);
}
return att;
} catch (Exception ex) {
if (log.isTraceEnabled()) {
log.trace("<< getUploadedFile()");
}
}
return null;
}
private Attachment prepareAttachment(
String fileName, String contentType, User user, byte[] contents, String tags) {
try {
Attachment a = new Attachment();
a.setName(fileName);
a.setMimeType(contentType);
File root = new File(DEFAULT_UPLOAD_DIRECTORY, user.getLogin());
root.mkdirs();
File tmpFile = File.createTempFile("upload_", ".bin", root);
FileUtils.writeToFile(tmpFile, contents);
a.setSize((long) contents.length);
a.setMD5(FileUtils.getMD5(tmpFile));
a.setFileName(user.getLogin() + "/" + tmpFile.getName());
return a;
} catch (Exception ex) {
return null;
}
}
private Attachment prepareAttachment(User user, List<ReshakaUploadedFile> files, String tags) {
if (files.isEmpty()) {
if (log.isDebugEnabled()) {
log.debug("prepareAttachment() : List of files is empty! Nothing to compress.");
}
return null;
}
if (files.size() == 1) {
if (log.isTraceEnabled()) {
log.trace(
"prepareAttachment() : Single file is being uploaded. Delegating to uploadFile()");
}
try {
return prepareAttachment(
files.get(0).getFileName(),
files.get(0).getContentType(),
user,
files.get(0).getContents(),
tags);
} catch (IOException ex) {
if (log.isTraceEnabled()) {
log.trace("prepareAttachment() : I/O exception" + ex);
}
return null;
}
}
try {
// create zip file
log.trace("prepareAttachment(): Creating zip-file");
File root = new File(DEFAULT_UPLOAD_DIRECTORY, user.getLogin());
root.mkdirs();
File file = File.createTempFile("upload_", ".zip", root);
try (ZipOutputStream zos = new ZipOutputStream(file)) {
zos.setEncoding("utf-8");
zos.setMethod(ZipOutputStream.DEFLATED);
zos.setLevel(Deflater.BEST_COMPRESSION);
for (ReshakaUploadedFile uf : files) {
addFileToZip(zos, uf, uf.getFileName());
}
}
if (log.isDebugEnabled()) {
log.debug("prepareAttachment(): Files are saved at " + file);
}
if (file.length() > MAX_ZIP_SIZE) {
file.delete();
throw new IOException("File too large.");
}
// Create attachment
Attachment att = new Attachment();
att.setName(file.getName());
att.setMimeType("application/zip");
att.setSize(file.length());
att.setMD5(FileUtils.getMD5(file));
att.setFileName(user.getLogin() + "/" + file.getName());
if (log.isTraceEnabled()) {
log.trace("<< prepareAttachment()");
}
return att;
} catch (IOException ex) {
log.error("prepareAttachment(): Failed to upload files. ", ex);
return null;
}
}
/** Checks if user has the right to download specified attachment */
@javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.SUPPORTS)
private boolean checkDownloadRights(User u, Attachment a) {
if (log.isTraceEnabled()) {
log.trace(">> checkDownloadRights(): user="******"SELECT u FROM User u WHERE u.avatarId = :avatarId", User.class);
q.setParameter("avatarId", a.getId());
List<User> lst = q.getResultList();
if (lst != null && !lst.isEmpty()) {
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRights(): true // this is an avatar");
}
return true;
}
if (a == null) {
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRights(): false // attachment = null");
}
return false;
}
// do check if it is a problem statement
q = em.createQuery("SELECT o FROM Order o WHERE o.conditionId = :conditionId", Order.class);
q.setParameter("conditionId", a.getId());
lst = q.getResultList();
if (lst != null && !lst.isEmpty()) {
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRights(): true // this is a problem statement");
}
return true;
}
// do check if it is a solution to closed order
q =
em.createQuery(
"SELECT o FROM Order o WHERE o.solutionId = :solutionId and o.status in :statuses",
Order.class);
q.setParameter("solutionId", a.getId());
q.setParameter(
"statuses",
new ArrayList() {
{
add(Order.CLOSED_OFFLINE_ORDER_STATUS);
add(Order.FULL_PAYED_OFFLINE_ORDER_STATUS);
add(Order.EXPIRED_OFFLINE_ORDER_STATUS);
add(Order.EXPIRED_ONLINE_ORDER_STATUS);
}
});
lst = q.getResultList();
if (lst != null && !lst.isEmpty()) {
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRights(): true // this is a problem statement");
}
return true;
}
if (u == null) {
// guest tries to download file (not condition or avatar)
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRights(): false // user = null");
}
return false;
}
// Admin ?
if (u.getUserGroup() == 1) {
return true;
}
try {
// check whether the requestor is owner of the file
if (log.isTraceEnabled()) {
log.trace("checkDownloadRights(): file owners >> " + a.getUser().size());
}
if (isOwner(u, a)) return true;
} catch (Exception ex) {
if (log.isTraceEnabled()) {
log.trace("checkDownloadRights(): false // exception while processing owners list", ex);
}
return false;
}
// we might as well return false...
if (log.isTraceEnabled()) {
log.trace("<< checkDownloadRigths(): false");
}
return false;
}