private Object getTopic(Long topicId, String siteId, String userId) {
if (LOG.isDebugEnabled()) {
LOG.debug("getTopic(" + topicId + "," + siteId + "," + userId + ")");
}
// This call gets the attachments for the messages but not the topic. Unexpected, yes. Cool,
// not.
DiscussionTopic fatTopic =
(DiscussionTopic) forumManager.getTopicByIdWithMessagesAndAttachments(topicId);
if (!uiPermissionsManager.isRead(
topicId,
fatTopic.getDraft(),
false,
userId,
forumManager.getContextForTopicById(topicId))) {
LOG.error("'" + userId + "' is not authorised to read topic '" + topicId + "'.");
throw new EntityException(
"You are not authorised to read this topic.", "", HttpServletResponse.SC_UNAUTHORIZED);
}
SparseTopic sparseTopic = new SparseTopic(fatTopic);
// Setup the total and read message counts on the topic
List<Long> topicIds = new ArrayList<Long>();
topicIds.add(fatTopic.getId());
List<Object[]> totalCounts = forumManager.getMessageCountsForMainPage(topicIds);
if (totalCounts.size() > 0) {
sparseTopic.setTotalMessages((Integer) totalCounts.get(0)[1]);
} else {
sparseTopic.setTotalMessages(0);
}
List<Object[]> readCounts = forumManager.getReadMessageCountsForMainPage(topicIds);
if (readCounts.size() > 0) {
sparseTopic.setReadMessages((Integer) readCounts.get(0)[1]);
} else {
sparseTopic.setReadMessages(0);
}
List<SparseMessage> messages = new ArrayList<SparseMessage>();
for (Message fatMessage : (List<Message>) fatTopic.getMessages()) {
SparseMessage sparseMessage =
new SparseMessage(
fatMessage,
/* readStatus = */ false,
/* addAttachments = */ true,
developerHelperService.getServerURL());
messages.add(sparseMessage);
}
List<SparseThread> threads =
new MessageUtils().getThreadsWithCounts(messages, forumManager, userId);
sparseTopic.setThreads(threads);
return sparseTopic;
}
// return the list of groups if the item is only accessible to specific groups
// null if it's accessible to the whole site.
public List<String> getGroups(boolean nocache) {
// don't need cache, since simplepagebean is now caching groups
// List<String>ret = (List<String>)topicCache.get(id);
// if (!nocache && ret != null) {
// if (ret.size() == 0)
// return null;
// else
// return ret;
// } else {
// }
if (type != TYPE_FORUM_TOPIC) return null;
List<String> ret = new ArrayList<String>();
if (topic == null) topic = getTopicById(true, id);
if (topic == null) return null;
Set<DBMembershipItem> oldMembershipItemSet =
uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);
Collection<Group> groups = null;
try {
Site site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
groups = site.getGroups();
} catch (Exception e) {
System.out.println("Unable to get site info for getGroups " + e);
}
// now change any existing ones into null
for (DBMembershipItem item : oldMembershipItemSet) {
if (item.getPermissionLevelName().equals("Contributor")
&& item.getType().equals(MembershipItem.TYPE_GROUP)) {
String name = item.getName(); // oddly, this is the actual name, not the ID
for (Group group : groups) {
if (name.equals(group.getTitle())) ret.add(group.getId());
}
}
}
// topicCache.put(id, ret, DEFAULT_EXPIRATION);
if (ret.size() == 0) return null;
else return ret;
}
private Object getMessage(Long messageId, String siteId, String userId) {
if (LOG.isDebugEnabled()) {
LOG.debug("getMessage(" + messageId + "," + siteId + "," + userId + ")");
}
Message fatMessage = forumManager.getMessageById(messageId);
Topic fatTopic =
forumManager.getTopicByIdWithMessagesAndAttachments(fatMessage.getTopic().getId());
// This sets the attachments on the message.We have to do this as
// getMessageById doesn't populate the attachments.
setAttachments(fatMessage, fatTopic.getMessages());
if (!uiPermissionsManager.isRead(
fatTopic.getId(),
((DiscussionTopic) fatTopic).getDraft(),
false,
userId,
forumManager.getContextForTopicById(fatTopic.getId()))) {
LOG.error("'" + userId + "' is not authorised to read message '" + messageId + "'.");
throw new EntityException(
"You are not authorised to read this message.", "", HttpServletResponse.SC_UNAUTHORIZED);
}
List<SparseMessage> messages = new ArrayList<SparseMessage>();
for (Message fm : (List<Message>) fatTopic.getMessages()) {
messages.add(
new SparseMessage(
fm,
/* readStatus =*/ false,
/* addAttachments =*/ true,
developerHelperService.getServerURL()));
}
SparseMessage sparseThread =
new SparseMessage(
fatMessage, false, /* readStatus =*/ true, developerHelperService.getServerURL());
new MessageUtils().attachReplies(sparseThread, messages, forumManager, userId);
return sparseThread;
}
// set the item to be accessible only to the specific groups.
// null to make it accessible to the whole site
public void setGroups(Collection<String> groups) {
if (type != TYPE_FORUM_TOPIC) return;
// Setgroups with a non-null list: we set all contributor entries to none, and then set the
// specified groups to contribtor. By only handling groups, we avoid interfering with
// anything you might do in the tool. But the moment you use access control, we take
// over. Sorry. Once we've done that you could go back into the tool and hack, but I
// don't recommend that.
// Setgroups with a null list: we set all contributor entries to none, and then set all roles
// other than maintain to contributor.
setMasks();
// System.out.println("topic 1 " + topic + " " + groups);
// if (topic == null)
topic = getTopicById(true, id);
// System.out.println("topic 2 " + topic);
if (topic == null) return;
Site site = null;
try {
site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
} catch (Exception e) {
System.out.println("Unable to get site info for AddEntityControl " + e);
return;
}
// topicCache.remove(id);
// old entries
Set<DBMembershipItem> oldMembershipItemSet =
uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);
DBMembershipItem membershipItem = null;
boolean haveOwner = false;
boolean changed = false;
if (groups != null && groups.size() > 0) {
// this is the groups we've been asked to use
// remove groups form this as we see them if they already have access
// so at the end we just add the ones remaining
List<String> groupNames = new ArrayList<String>();
Set<String> addGroupNames = new HashSet<String>();
for (String groupId : groups) {
groupNames.add(site.getGroup(groupId).getTitle());
addGroupNames.add(site.getGroup(groupId).getTitle());
}
// System.out.println("groups " + groups + " " + groupNames + " " + addGroupNames);
// System.out.println("oldMembership " + oldMembershipItemSet.size());
// delete groups from here as they are done.
// if we've seen an owner. Otherwise set the maintain role as owner
// Setgroups with a non-null list: we set all contributor entries to none, and then set the
// specified groups to contribtor. However we don't touch owner.
// By only handling groups, we avoid interfering with
// anything you might do in the tool. But the moment you use access control, we take
// over. Sorry. Once we've done that you could go back into the tool and hack, but I
// don't recommend that.
for (DBMembershipItem item : oldMembershipItemSet) {
// kill everything except our own groups
// this will leave the owner but remove all other roles
// System.out.println("item " + item.getType() + " " + item.getName() + " " +
// item.getPermissionLevelName());
if (item.getType().equals(MembershipItem.TYPE_GROUP)
&& groupNames.contains(item.getName())) {
// System.out.println("found group " + item.getName());
addGroupNames.remove(item.getName()); // we've seen it
// if it's one of our groups make it a contributor if it's not already an owner
if (!item.getPermissionLevelName().equals("Contributor")
&& !item.getPermissionLevelName().equals("Owner")) {
PermissionLevel contributorLevel =
permissionLevelManager.createPermissionLevel(
"Contributor", IdManager.createUuid(), contributorMask);
permissionLevelManager.savePermissionLevel(contributorLevel);
item.setPermissionLevel(contributorLevel);
item.setPermissionLevelName("Contributor");
permissionLevelManager.saveDBMembershipItem(item);
}
} else if (!item.getPermissionLevelName()
.equals("Owner")) { // only group members are contributors
// remove contributor from anything else, both groups and roles
// System.out.println("set none");
// System.out.println("setgroups make none " + item.getName());
PermissionLevel noneLevel =
permissionLevelManager.createPermissionLevel(
"None", IdManager.createUuid(), noneMask);
permissionLevelManager.savePermissionLevel(noneLevel);
item.setPermissionLevel(noneLevel);
item.setPermissionLevelName("None");
permissionLevelManager.saveDBMembershipItem(item);
}
}
for (String newGroupName : addGroupNames) {
// System.out.println("addgroup " + newGroupName);
changed = true;
PermissionLevel contributorLevel =
permissionLevelManager.createPermissionLevel(
"Contributor", IdManager.createUuid(), contributorMask);
permissionLevelManager.savePermissionLevel(contributorLevel);
membershipItem =
permissionLevelManager.createDBMembershipItem(
newGroupName, "Contributor", MembershipItem.TYPE_GROUP);
membershipItem.setPermissionLevel(contributorLevel);
permissionLevelManager.saveDBMembershipItem(membershipItem);
oldMembershipItemSet.add(membershipItem);
}
} else {
// Setgroups with a null list: we set all contributor entries to none, and then set all roles
// to contributor. However we don't touch Owners.
for (DBMembershipItem item : oldMembershipItemSet) {
if (item.getPermissionLevelName().equals("Owner")) {
haveOwner = true;
} else if (item.getType().equals(MembershipItem.TYPE_ROLE)) {
// default state has all roles except owner as contributor
if (!item.getPermissionLevelName().equals("Contributor")) {
PermissionLevel contributorLevel =
permissionLevelManager.createPermissionLevel(
"Contributor", IdManager.createUuid(), contributorMask);
permissionLevelManager.savePermissionLevel(contributorLevel);
item.setPermissionLevel(contributorLevel);
item.setPermissionLevelName("Contributor");
permissionLevelManager.saveDBMembershipItem(item);
}
} else if (!item.getPermissionLevelName().equals("None")) {
// kill other contributors
PermissionLevel noneLevel =
permissionLevelManager.createPermissionLevel(
"None", IdManager.createUuid(), noneMask);
permissionLevelManager.savePermissionLevel(noneLevel);
item.setPermissionLevel(noneLevel);
item.setPermissionLevelName("None");
permissionLevelManager.saveDBMembershipItem(item);
}
}
}
if (changed) {
// System.out.println("changed");
// have to refresh the topic or the save won't work
topic = getTopicById(true, id);
topic.setMembershipItemSet(oldMembershipItemSet);
forumManager.saveDiscussionForumTopic((DiscussionTopic) topic);
// topic.setVersion(null);
// try {
// System.out.println("simplepagetool dao " + simplePageToolDao);
// hibernateTemplate.merge(topic);
// } catch (Exception e){
// System.out.println("Unable to save forum topic " + e);
// }
}
}
// seems not to be used anymore
public boolean removeEntityControl(String siteId, String groupId) throws IOException {
if (type != TYPE_FORUM_TOPIC) return false;
setMasks();
if (topic == null) topic = getTopicById(true, id);
if (topic == null) return false;
Set<DBMembershipItem> oldMembershipItemSet =
uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);
Set membershipItemSet = new HashSet();
String groupName = null;
String maintainRole = null;
try {
Site site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
groupName = site.getGroup(groupId).getTitle();
maintainRole = authzGroupService.getAuthzGroup("/site/" + site.getId()).getMaintainRole();
} catch (Exception e) {
System.out.println("Unable to get site info for AddEntityControl " + e);
}
PermissionLevel ownerLevel =
permissionLevelManager.createPermissionLevel(
"Owner", typeManager.getOwnerLevelType(), ownerMask);
permissionLevelManager.savePermissionLevel(ownerLevel);
DBMembershipItem membershipItem =
permissionLevelManager.createDBMembershipItem(
maintainRole, "Owner", MembershipItem.TYPE_ROLE);
membershipItem.setPermissionLevel(ownerLevel);
permissionLevelManager.saveDBMembershipItem(membershipItem);
membershipItemSet.add(membershipItem);
// now change any existing ones into null
for (DBMembershipItem item : oldMembershipItemSet) {
if (item.getType().equals(MembershipItem.TYPE_ROLE)) {
if (!maintainRole.equals(item.getName())) { // that was done above, other roles contributor
PermissionLevel contributorLevel =
permissionLevelManager.createPermissionLevel(
"Contributor", typeManager.getContributorLevelType(), contributorMask);
permissionLevelManager.savePermissionLevel(contributorLevel);
membershipItem =
permissionLevelManager.createDBMembershipItem(
item.getName(), "Contributor", item.getType());
membershipItem.setPermissionLevel(contributorLevel);
permissionLevelManager.saveDBMembershipItem(membershipItem);
membershipItemSet.add(membershipItem);
}
} else { // everything else off
PermissionLevel noneLevel =
permissionLevelManager.createPermissionLevel(
"None", typeManager.getNoneLevelType(), noneMask);
permissionLevelManager.savePermissionLevel(noneLevel);
membershipItem =
permissionLevelManager.createDBMembershipItem(item.getName(), "None", item.getType());
membershipItem.setPermissionLevel(noneLevel);
permissionLevelManager.saveDBMembershipItem(membershipItem);
membershipItemSet.add(membershipItem);
}
}
permissionLevelManager.deleteMembershipItems(oldMembershipItemSet);
topic.setMembershipItemSet(membershipItemSet);
discussionForumManager.saveTopic((DiscussionTopic) topic);
return true;
};
/** This will return a SparseForum populated down to the topics with their attachments. */
private Object getForum(Long forumId, String siteId, String userId) {
if (LOG.isDebugEnabled()) {
LOG.debug("getForum(" + forumId + "," + siteId + "," + userId + ")");
}
DiscussionForum fatForum = forumManager.getForumByIdWithTopicsAttachmentsAndMessages(forumId);
if (checkAccess(fatForum, userId, siteId)) {
SparseForum sparseForum = new SparseForum(fatForum, developerHelperService);
List<DiscussionTopic> fatTopics = (List<DiscussionTopic>) fatForum.getTopics();
// Gather all the topic ids so we can make the minimum number
// of calls for the message counts.
List<Long> topicIds = new ArrayList<Long>();
for (DiscussionTopic topic : fatTopics) {
topicIds.add(topic.getId());
}
List<Object[]> topicTotals = forumManager.getMessageCountsForMainPage(topicIds);
List<Object[]> topicReadTotals = forumManager.getReadMessageCountsForMainPage(topicIds);
int totalForumMessages = 0;
for (Object[] topicTotal : topicTotals) {
totalForumMessages += (Integer) topicTotal[1];
}
sparseForum.setTotalMessages(totalForumMessages);
int totalForumReadMessages = 0;
for (Object[] topicReadTotal : topicReadTotals) {
totalForumReadMessages += (Integer) topicReadTotal[1];
}
sparseForum.setReadMessages(totalForumReadMessages);
// Reduce the fat topics to sparse topics while setting the total and read
// counts. A SparseTopic will only be created if the currrent user has read access.
List<SparsestTopic> sparseTopics = new ArrayList<SparsestTopic>();
for (DiscussionTopic fatTopic : fatTopics) {
// Only add this topic to the list if the current user has read permission
if (!uiPermissionsManager.isRead(fatTopic, fatForum, userId, siteId)) {
// No read permission, skip this topic.
continue;
}
SparsestTopic sparseTopic = new SparsestTopic(fatTopic);
for (Object[] topicTotal : topicTotals) {
if (topicTotal[0].equals(sparseTopic.getId())) {
sparseTopic.setTotalMessages((Integer) topicTotal[1]);
}
}
for (Object[] topicReadTotal : topicReadTotals) {
if (topicReadTotal[0].equals(sparseTopic.getId())) {
sparseTopic.setReadMessages((Integer) topicReadTotal[1]);
}
}
List<SparseAttachment> attachments = new ArrayList<SparseAttachment>();
for (Attachment attachment : (List<Attachment>) fatTopic.getAttachments()) {
String url =
developerHelperService.getServerURL()
+ "/access/content"
+ attachment.getAttachmentId();
attachments.add(new SparseAttachment(attachment.getAttachmentName(), url));
}
sparseTopic.setAttachments(attachments);
sparseTopics.add(sparseTopic);
}
sparseForum.setTopics(sparseTopics);
return sparseForum;
} else {
LOG.error("Not authorised to access forum '" + forumId + "'");
throw new EntityException(
"You are not authorised to access this forum.", "", HttpServletResponse.SC_UNAUTHORIZED);
}
}