public static void create(long personID, String content) {
try {
User user = User.loadFromSession();
Person person = Person.findById(personID);
Policy policy =
Policy.getInstance(
Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml");
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(content, policy);
InsConfidential c = new InsConfidential();
c.content = cr.getCleanHTML();
c.createAt = new GregorianCalendar();
c.employe = user.person;
c.person = person;
c.save();
flash.success("messageAdded");
InsConfidentials.show(personID);
} catch (ScanException ex) {
Logger.error(InsConfidentials.class.getName() + " : " + ex);
} catch (PolicyException ex) {
Logger.error(InsConfidentials.class.getName() + " : " + ex);
}
}
public static void save(long id, String content) {
try {
Policy policy =
Policy.getInstance(
Play.applicationPath.getAbsolutePath() + "/conf/antisamy-myspace-1.3.xml");
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(content, policy);
InsConfidential c = InsConfidential.findById(id);
c.content = cr.getCleanHTML();
c.save();
PersonEvaluation.changeMessage(c);
renderJSON("{\"result\":\"ok\"}");
} catch (ScanException ex) {
Logger.error(InsConfidentials.class.getName() + " : " + ex);
renderJSON("{\"result\":\"ko\"}");
} catch (PolicyException ex) {
Logger.error(InsConfidentials.class.getName() + " : " + ex);
renderJSON("{\"result\":\"ko\"}");
}
}
/** Filters input HTML using specified policy as white list of allowed tags. */
@SuppressWarnings("unchecked")
private String filter(String inputHtml, String policyFileName) {
String filteredHtml = "";
if (!StringUtils.isBlank(inputHtml)) {
if (policyFileName == null) {
LOG.warn("Provided policy file name is null.");
policyFileName = DEFAULT_ANTISAMY_POLICY_FILE;
}
AntiSamy htmlScanner = getHtmlScannerByPolicyFileName(policyFileName);
if (htmlScanner != null) {
CleanResults scanResults;
try {
scanResults = htmlScanner.scan(inputHtml);
filteredHtml = scanResults.getCleanHTML();
ArrayList<String> scannerErrors = scanResults.getErrorMessages();
if (!CollectionUtils.isNullOrEmpty(scannerErrors)) {
LOG.trace("HTML input contains erorrs (" + scannerErrors.size() + "):");
int i = 1;
for (String error : scannerErrors) {
LOG.trace(" " + i + ") " + error);
i++;
}
}
} catch (ScanException ex) {
throw new HtmlScannerException(ex);
} catch (PolicyException ex) {
throw new HtmlScannerException(ex);
}
}
}
return filteredHtml;
}
public static String sanitize(String value) {
try {
cservice_ = WCMCoreUtils.getService(ConfigurationManager.class);
InputStream in = cservice_.getInputStream(POLICY_FILE_LOCATION);
Policy policy = Policy.getInstance(in);
AntiSamy as = new AntiSamy();
CleanResults cr = as.scan(value, policy);
value = cr.getCleanHTML();
return value;
} catch (Exception ex) {
return value;
}
}
@Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.PUT, produces = "text/html")
public String update(
@RequestParam(value = "_proceed", required = false) String proceed,
@Valid Question question,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest) {
log.info("update(): handles PUT");
try {
// User user = userService.user_findByLogin(principal.getName());
String login = principal.getName();
User user = userService.user_findByLogin(login);
// SurveyDefinitionPage surveyDefinitionPage =
// surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId);
// surveySettingsService.question_findById(question.getId()).getPage().getSurveyDefinition().getId()
// Check if the user is authorized
if (!securityService.userIsAuthorizedToManageSurvey(
question.getPage().getSurveyDefinition().getId(), user)
&& !securityService.userBelongsToDepartment(
question.getPage().getSurveyDefinition().getDepartment().getId(), user)) {
log.warn(
"Unauthorized access to url path "
+ httpServletRequest.getPathInfo()
+ " attempted by user login:"******"from IP:"
+ httpServletRequest.getLocalAddr());
return "accessDenied";
}
if (proceed != null) {
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, question, user);
log.info(
"-------------------------------------------"
+ bindingResult.getFieldErrors().toString());
return "settings/questions/update";
}
if (!surveySettingsService.question_ValidateDateRange(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("dateMinimum", "date_format_validation_range");
return "settings/questions/update";
}
if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("decimalMinimum", "field_min_invalid");
return "settings/questions/update";
}
if (!surveySettingsService.question_ValidateMinMaxValues(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("integerMinimum", "field_min_invalid");
return "settings/questions/update";
}
if (question.getSuportsOptions()) {
// If user wants to modify and existent question without
// options to Rating type, then use the default values
int NumberOfQuestionOptions = 0;
Set<QuestionOption> qOpts =
surveySettingsService.questionOption_findByQuestionId(question.getId());
for (QuestionOption q : qOpts) {
NumberOfQuestionOptions++;
}
if ((question.getType().toString() == "SMILEY_FACES_RATING"
|| question.getType().toString() == "STAR_RATING")
&& NumberOfQuestionOptions != 5) {
log.info(
"Removing Question Options since the amount of Questions Options for Rating Type cannot be longer than 5 Qoptions");
surveySettingsService.questionOption_removeQuestionOptionsByQuestionId(
question.getId());
SortedSet<QuestionOption> options = new TreeSet<QuestionOption>();
options.add(
new QuestionOption(
question,
(short) 1,
"1",
messageSource.getMessage(
EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 2,
"2",
messageSource.getMessage(
UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 3,
"3",
messageSource.getMessage(
NEUTRAL_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 4,
"4",
messageSource.getMessage(
SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 5,
"5",
messageSource.getMessage(
EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
// Adding default values to Rating Type Question
log.info("Adding default values to Rating Type Question");
question = surveySettingsService.question_merge(question, options);
uiModel.asMap().clear();
return "settings/questions/saved";
} else {
Policy questionTextPolicy =
Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crQuestionText =
emailAs.scan(question.getQuestionText(), questionTextPolicy);
question.setQuestionText(crQuestionText.getCleanHTML());
Policy questionTipPolicy =
Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crQuestionTip =
completedSurveyAs.scan(question.getTip(), questionTipPolicy);
question.setTip(crQuestionTip.getCleanHTML());
question = surveySettingsService.question_merge(question);
uiModel.asMap().clear();
return "settings/questions/saved";
}
}
question = surveySettingsService.question_merge(question);
uiModel.asMap().clear();
return "settings/questions/saved";
} else {
return "redirect:/settings/surveyDefinitions/"
+ encodeUrlPathSegment(
question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
throw (new RuntimeException(e));
}
}
@Secured({"ROLE_ADMIN", "ROLE_SURVEY_ADMIN"})
@RequestMapping(method = RequestMethod.POST, produces = "text/html")
public String create(
@RequestParam(value = "_proceed", required = false) String proceed,
@Valid Question question,
BindingResult bindingResult,
Principal principal,
Model uiModel,
HttpServletRequest httpServletRequest) {
log.info("create(): handles " + RequestMethod.POST.toString());
try {
String login = principal.getName();
User user = userService.user_findByLogin(login);
// SurveyDefinitionPage surveyDefinitionPage =
// surveySettingsService.surveyDefinitionPage_findById(surveyDefinitionPageId);
// Check if the user is authorized
if (!securityService.userIsAuthorizedToManageSurvey(
question.getPage().getSurveyDefinition().getId(), user)
&& !securityService.userBelongsToDepartment(
question.getPage().getSurveyDefinition().getDepartment().getId(), user)) {
log.warn(
"Unauthorized access to url path "
+ httpServletRequest.getPathInfo()
+ " attempted by user login:"******"from IP:"
+ httpServletRequest.getLocalAddr());
return "accessDenied";
}
// User user = userService.user_findByLogin(principal.getName());
if (proceed != null) {
if (bindingResult.hasErrors()) {
populateEditForm(uiModel, question, user);
return "settings/questions/create";
}
if (!surveySettingsService.question_ValidateDateRange(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("dateMinimum", "date_format_validation_range");
return "settings/questions/create";
}
// validate Double min max
if (!surveySettingsService.question_ValidateMinMaxDoubleValues(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("decimalMinimum", "field_min_invalid");
return "settings/questions/create";
}
// validate Integer min max
if (!surveySettingsService.question_ValidateMinMaxValues(question)) {
populateEditForm(uiModel, question, user);
bindingResult.rejectValue("integerMinimum", "field_min_invalid");
return "settings/questions/create";
}
if (question.getType().getIsRating()) {
SortedSet<QuestionOption> options = new TreeSet<QuestionOption>();
options.add(
new QuestionOption(
question,
(short) 1,
"1",
messageSource.getMessage(
EXTREMELY_UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 2,
"2",
messageSource.getMessage(
UNSATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 3,
"3",
messageSource.getMessage(NEUTRAL_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 4,
"4",
messageSource.getMessage(
SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
options.add(
new QuestionOption(
question,
(short) 5,
"5",
messageSource.getMessage(
EXTREMELY_SATISFIED_LABEL, null, LocaleContextHolder.getLocale())));
question = surveySettingsService.question_merge(question, options);
}
// if (question.getPublishToSocrata().equals(true)){
// bindingResult.rejectValue("socrataColumnName",
// "field_min_invalid");
// return "settings/questions/create";
// }
else {
Policy questionTextPolicy =
Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy emailAs = new AntiSamy();
CleanResults crQuestionText =
emailAs.scan(question.getQuestionText(), questionTextPolicy);
question.setQuestionText(crQuestionText.getCleanHTML());
Policy questionTipPolicy =
Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION));
AntiSamy completedSurveyAs = new AntiSamy();
CleanResults crQuestionTip = completedSurveyAs.scan(question.getTip(), questionTipPolicy);
question.setTip(crQuestionTip.getCleanHTML());
question = surveySettingsService.question_merge(question);
}
uiModel.asMap().clear();
return "settings/questions/saved";
} else {
return "redirect:/settings/surveyDefinitions/"
+ encodeUrlPathSegment(
question.getPage().getSurveyDefinition().getId().toString(), httpServletRequest);
}
} catch (Exception e) {
log.error(e.getMessage(), e);
throw (new RuntimeException(e));
}
}