private Object getTopic(Long topicId, String siteId, String userId) {

    if (LOG.isDebugEnabled()) {
      LOG.debug("getTopic(" + topicId + "," + siteId + "," + userId + ")");
    }

    // This call gets the attachments for the messages but not the topic. Unexpected, yes. Cool,
    // not.
    DiscussionTopic fatTopic =
        (DiscussionTopic) forumManager.getTopicByIdWithMessagesAndAttachments(topicId);

    if (!uiPermissionsManager.isRead(
        topicId,
        fatTopic.getDraft(),
        false,
        userId,
        forumManager.getContextForTopicById(topicId))) {
      LOG.error("'" + userId + "' is not authorised to read topic '" + topicId + "'.");
      throw new EntityException(
          "You are not authorised to read this topic.", "", HttpServletResponse.SC_UNAUTHORIZED);
    }

    SparseTopic sparseTopic = new SparseTopic(fatTopic);

    // Setup the total and read message counts on the topic
    List<Long> topicIds = new ArrayList<Long>();
    topicIds.add(fatTopic.getId());

    List<Object[]> totalCounts = forumManager.getMessageCountsForMainPage(topicIds);
    if (totalCounts.size() > 0) {
      sparseTopic.setTotalMessages((Integer) totalCounts.get(0)[1]);
    } else {
      sparseTopic.setTotalMessages(0);
    }

    List<Object[]> readCounts = forumManager.getReadMessageCountsForMainPage(topicIds);
    if (readCounts.size() > 0) {
      sparseTopic.setReadMessages((Integer) readCounts.get(0)[1]);
    } else {
      sparseTopic.setReadMessages(0);
    }

    List<SparseMessage> messages = new ArrayList<SparseMessage>();
    for (Message fatMessage : (List<Message>) fatTopic.getMessages()) {
      SparseMessage sparseMessage =
          new SparseMessage(
              fatMessage,
              /* readStatus = */ false,
              /* addAttachments = */ true,
              developerHelperService.getServerURL());
      messages.add(sparseMessage);
    }

    List<SparseThread> threads =
        new MessageUtils().getThreadsWithCounts(messages, forumManager, userId);

    sparseTopic.setThreads(threads);

    return sparseTopic;
  }
Exemple #2
0
  // return the list of groups if the item is only accessible to specific groups
  // null if it's accessible to the whole site.
  public List<String> getGroups(boolean nocache) {

    // don't need cache, since simplepagebean is now caching groups
    //	List<String>ret = (List<String>)topicCache.get(id);
    //	if (!nocache && ret != null) {
    //	    if (ret.size() == 0)
    //		return null;
    //	    else
    //		return ret;
    //	} else {
    //	}

    if (type != TYPE_FORUM_TOPIC) return null;

    List<String> ret = new ArrayList<String>();

    if (topic == null) topic = getTopicById(true, id);
    if (topic == null) return null;

    Set<DBMembershipItem> oldMembershipItemSet =
        uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);

    Collection<Group> groups = null;

    try {
      Site site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
      groups = site.getGroups();
    } catch (Exception e) {
      System.out.println("Unable to get site info for getGroups " + e);
    }

    // now change any existing ones into null
    for (DBMembershipItem item : oldMembershipItemSet) {
      if (item.getPermissionLevelName().equals("Contributor")
          && item.getType().equals(MembershipItem.TYPE_GROUP)) {
        String name = item.getName(); // oddly, this is the actual name, not the ID
        for (Group group : groups) {
          if (name.equals(group.getTitle())) ret.add(group.getId());
        }
      }
    }

    //	topicCache.put(id, ret, DEFAULT_EXPIRATION);
    if (ret.size() == 0) return null;
    else return ret;
  }
  private Object getMessage(Long messageId, String siteId, String userId) {

    if (LOG.isDebugEnabled()) {
      LOG.debug("getMessage(" + messageId + "," + siteId + "," + userId + ")");
    }

    Message fatMessage = forumManager.getMessageById(messageId);

    Topic fatTopic =
        forumManager.getTopicByIdWithMessagesAndAttachments(fatMessage.getTopic().getId());

    // This sets the attachments on the message.We have to do this as
    // getMessageById doesn't populate the attachments.
    setAttachments(fatMessage, fatTopic.getMessages());

    if (!uiPermissionsManager.isRead(
        fatTopic.getId(),
        ((DiscussionTopic) fatTopic).getDraft(),
        false,
        userId,
        forumManager.getContextForTopicById(fatTopic.getId()))) {
      LOG.error("'" + userId + "' is not authorised to read message '" + messageId + "'.");
      throw new EntityException(
          "You are not authorised to read this message.", "", HttpServletResponse.SC_UNAUTHORIZED);
    }

    List<SparseMessage> messages = new ArrayList<SparseMessage>();

    for (Message fm : (List<Message>) fatTopic.getMessages()) {
      messages.add(
          new SparseMessage(
              fm,
              /* readStatus =*/ false,
              /* addAttachments =*/ true,
              developerHelperService.getServerURL()));
    }

    SparseMessage sparseThread =
        new SparseMessage(
            fatMessage, false, /* readStatus =*/ true, developerHelperService.getServerURL());

    new MessageUtils().attachReplies(sparseThread, messages, forumManager, userId);

    return sparseThread;
  }
Exemple #4
0
  // set the item to be accessible only to the specific groups.
  // null to make it accessible to the whole site
  public void setGroups(Collection<String> groups) {

    if (type != TYPE_FORUM_TOPIC) return;

    // Setgroups with a non-null list: we set all contributor entries to none, and then set the
    //    specified groups to contribtor. By only handling groups, we avoid interfering with
    //    anything you might do in the tool. But the moment you use access control, we take
    //    over. Sorry. Once we've done that you could go back into the tool and hack, but I
    //    don't recommend that.
    // Setgroups with a null list: we set all contributor entries to none, and then set all roles
    //    other than maintain to contributor.

    setMasks();

    // System.out.println("topic 1 " + topic + " " + groups);
    //	if (topic == null)
    topic = getTopicById(true, id);
    // System.out.println("topic 2 " + topic);
    if (topic == null) return;

    Site site = null;
    try {
      site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
    } catch (Exception e) {
      System.out.println("Unable to get site info for AddEntityControl " + e);
      return;
    }

    // topicCache.remove(id);

    // old entries
    Set<DBMembershipItem> oldMembershipItemSet =
        uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);

    DBMembershipItem membershipItem = null;

    boolean haveOwner = false;
    boolean changed = false;

    if (groups != null && groups.size() > 0) {

      // this is the groups we've been asked to use
      // remove groups form this as we see them if they already have access
      // so at the end we just add the ones remaining
      List<String> groupNames = new ArrayList<String>();
      Set<String> addGroupNames = new HashSet<String>();
      for (String groupId : groups) {
        groupNames.add(site.getGroup(groupId).getTitle());
        addGroupNames.add(site.getGroup(groupId).getTitle());
      }
      //	    System.out.println("groups " + groups + " " + groupNames + " " + addGroupNames);
      //	    System.out.println("oldMembership " + oldMembershipItemSet.size());

      // delete groups from here as they are done.

      // if we've seen an owner. Otherwise set the maintain role as owner

      // Setgroups with a non-null list: we set all contributor entries to none, and then set the
      //    specified groups to contribtor. However we don't touch owner.
      // By only handling groups, we avoid interfering with
      //    anything you might do in the tool. But the moment you use access control, we take
      //    over. Sorry. Once we've done that you could go back into the tool and hack, but I
      //    don't recommend that.

      for (DBMembershipItem item : oldMembershipItemSet) {
        // kill everything except our own groups
        // this will leave the owner but remove all other roles
        // System.out.println("item " + item.getType() + " " + item.getName() + " " +
        // item.getPermissionLevelName());
        if (item.getType().equals(MembershipItem.TYPE_GROUP)
            && groupNames.contains(item.getName())) {
          //		    System.out.println("found group " + item.getName());
          addGroupNames.remove(item.getName()); // we've seen it
          // if it's one of our groups make it a contributor if it's not already an owner
          if (!item.getPermissionLevelName().equals("Contributor")
              && !item.getPermissionLevelName().equals("Owner")) {

            PermissionLevel contributorLevel =
                permissionLevelManager.createPermissionLevel(
                    "Contributor", IdManager.createUuid(), contributorMask);
            permissionLevelManager.savePermissionLevel(contributorLevel);

            item.setPermissionLevel(contributorLevel);
            item.setPermissionLevelName("Contributor");
            permissionLevelManager.saveDBMembershipItem(item);
          }
        } else if (!item.getPermissionLevelName()
            .equals("Owner")) { // only group members are contributors
          // remove contributor from anything else, both groups and roles
          // System.out.println("set none");
          //		    System.out.println("setgroups make none " + item.getName());
          PermissionLevel noneLevel =
              permissionLevelManager.createPermissionLevel(
                  "None", IdManager.createUuid(), noneMask);
          permissionLevelManager.savePermissionLevel(noneLevel);

          item.setPermissionLevel(noneLevel);
          item.setPermissionLevelName("None");
          permissionLevelManager.saveDBMembershipItem(item);
        }
      }
      for (String newGroupName : addGroupNames) {
        // System.out.println("addgroup " + newGroupName);
        changed = true;
        PermissionLevel contributorLevel =
            permissionLevelManager.createPermissionLevel(
                "Contributor", IdManager.createUuid(), contributorMask);
        permissionLevelManager.savePermissionLevel(contributorLevel);
        membershipItem =
            permissionLevelManager.createDBMembershipItem(
                newGroupName, "Contributor", MembershipItem.TYPE_GROUP);
        membershipItem.setPermissionLevel(contributorLevel);
        permissionLevelManager.saveDBMembershipItem(membershipItem);
        oldMembershipItemSet.add(membershipItem);
      }

    } else {
      // Setgroups with a null list: we set all contributor entries to none, and then set all roles
      //    to contributor.  However we don't touch Owners.

      for (DBMembershipItem item : oldMembershipItemSet) {
        if (item.getPermissionLevelName().equals("Owner")) {
          haveOwner = true;
        } else if (item.getType().equals(MembershipItem.TYPE_ROLE)) {
          // default state has all roles except owner as contributor
          if (!item.getPermissionLevelName().equals("Contributor")) {
            PermissionLevel contributorLevel =
                permissionLevelManager.createPermissionLevel(
                    "Contributor", IdManager.createUuid(), contributorMask);
            permissionLevelManager.savePermissionLevel(contributorLevel);

            item.setPermissionLevel(contributorLevel);
            item.setPermissionLevelName("Contributor");
            permissionLevelManager.saveDBMembershipItem(item);
          }
        } else if (!item.getPermissionLevelName().equals("None")) {
          // kill other contributors
          PermissionLevel noneLevel =
              permissionLevelManager.createPermissionLevel(
                  "None", IdManager.createUuid(), noneMask);
          permissionLevelManager.savePermissionLevel(noneLevel);

          item.setPermissionLevel(noneLevel);
          item.setPermissionLevelName("None");
          permissionLevelManager.saveDBMembershipItem(item);
        }
      }
    }

    if (changed) {
      // System.out.println("changed");
      // have to refresh the topic or the save won't work
      topic = getTopicById(true, id);
      topic.setMembershipItemSet(oldMembershipItemSet);
      forumManager.saveDiscussionForumTopic((DiscussionTopic) topic);

      //	    topic.setVersion(null);
      //	    try {
      //		System.out.println("simplepagetool dao " + simplePageToolDao);
      //		hibernateTemplate.merge(topic);
      //	    } catch (Exception e){
      //		System.out.println("Unable to save forum topic " + e);
      //	    }

    }
  }
Exemple #5
0
  // seems not to be used anymore
  public boolean removeEntityControl(String siteId, String groupId) throws IOException {

    if (type != TYPE_FORUM_TOPIC) return false;

    setMasks();

    if (topic == null) topic = getTopicById(true, id);
    if (topic == null) return false;

    Set<DBMembershipItem> oldMembershipItemSet =
        uiPermissionsManager.getTopicItemsSet((DiscussionTopic) topic);

    Set membershipItemSet = new HashSet();

    String groupName = null;
    String maintainRole = null;
    try {
      Site site = SiteService.getSite(ToolManager.getCurrentPlacement().getContext());
      groupName = site.getGroup(groupId).getTitle();
      maintainRole = authzGroupService.getAuthzGroup("/site/" + site.getId()).getMaintainRole();
    } catch (Exception e) {
      System.out.println("Unable to get site info for AddEntityControl " + e);
    }

    PermissionLevel ownerLevel =
        permissionLevelManager.createPermissionLevel(
            "Owner", typeManager.getOwnerLevelType(), ownerMask);
    permissionLevelManager.savePermissionLevel(ownerLevel);

    DBMembershipItem membershipItem =
        permissionLevelManager.createDBMembershipItem(
            maintainRole, "Owner", MembershipItem.TYPE_ROLE);
    membershipItem.setPermissionLevel(ownerLevel);
    permissionLevelManager.saveDBMembershipItem(membershipItem);

    membershipItemSet.add(membershipItem);

    // now change any existing ones into null
    for (DBMembershipItem item : oldMembershipItemSet) {
      if (item.getType().equals(MembershipItem.TYPE_ROLE)) {
        if (!maintainRole.equals(item.getName())) { // that was done above, other roles contributor
          PermissionLevel contributorLevel =
              permissionLevelManager.createPermissionLevel(
                  "Contributor", typeManager.getContributorLevelType(), contributorMask);
          permissionLevelManager.savePermissionLevel(contributorLevel);

          membershipItem =
              permissionLevelManager.createDBMembershipItem(
                  item.getName(), "Contributor", item.getType());
          membershipItem.setPermissionLevel(contributorLevel);
          permissionLevelManager.saveDBMembershipItem(membershipItem);
          membershipItemSet.add(membershipItem);
        }
      } else { // everything else off
        PermissionLevel noneLevel =
            permissionLevelManager.createPermissionLevel(
                "None", typeManager.getNoneLevelType(), noneMask);
        permissionLevelManager.savePermissionLevel(noneLevel);

        membershipItem =
            permissionLevelManager.createDBMembershipItem(item.getName(), "None", item.getType());
        membershipItem.setPermissionLevel(noneLevel);
        permissionLevelManager.saveDBMembershipItem(membershipItem);
        membershipItemSet.add(membershipItem);
      }
    }

    permissionLevelManager.deleteMembershipItems(oldMembershipItemSet);

    topic.setMembershipItemSet(membershipItemSet);
    discussionForumManager.saveTopic((DiscussionTopic) topic);

    return true;
  };
  /** This will return a SparseForum populated down to the topics with their attachments. */
  private Object getForum(Long forumId, String siteId, String userId) {

    if (LOG.isDebugEnabled()) {
      LOG.debug("getForum(" + forumId + "," + siteId + "," + userId + ")");
    }

    DiscussionForum fatForum = forumManager.getForumByIdWithTopicsAttachmentsAndMessages(forumId);

    if (checkAccess(fatForum, userId, siteId)) {

      SparseForum sparseForum = new SparseForum(fatForum, developerHelperService);

      List<DiscussionTopic> fatTopics = (List<DiscussionTopic>) fatForum.getTopics();

      // Gather all the topic ids so we can make the minimum number
      // of calls for the message counts.
      List<Long> topicIds = new ArrayList<Long>();
      for (DiscussionTopic topic : fatTopics) {
        topicIds.add(topic.getId());
      }

      List<Object[]> topicTotals = forumManager.getMessageCountsForMainPage(topicIds);
      List<Object[]> topicReadTotals = forumManager.getReadMessageCountsForMainPage(topicIds);

      int totalForumMessages = 0;
      for (Object[] topicTotal : topicTotals) {
        totalForumMessages += (Integer) topicTotal[1];
      }
      sparseForum.setTotalMessages(totalForumMessages);

      int totalForumReadMessages = 0;
      for (Object[] topicReadTotal : topicReadTotals) {
        totalForumReadMessages += (Integer) topicReadTotal[1];
      }
      sparseForum.setReadMessages(totalForumReadMessages);

      // Reduce the fat topics to sparse topics while setting the total and read
      // counts. A SparseTopic will only be created if the currrent user has read access.
      List<SparsestTopic> sparseTopics = new ArrayList<SparsestTopic>();
      for (DiscussionTopic fatTopic : fatTopics) {

        // Only add this topic to the list if the current user has read permission
        if (!uiPermissionsManager.isRead(fatTopic, fatForum, userId, siteId)) {
          // No read permission, skip this topic.
          continue;
        }

        SparsestTopic sparseTopic = new SparsestTopic(fatTopic);
        for (Object[] topicTotal : topicTotals) {
          if (topicTotal[0].equals(sparseTopic.getId())) {
            sparseTopic.setTotalMessages((Integer) topicTotal[1]);
          }
        }
        for (Object[] topicReadTotal : topicReadTotals) {
          if (topicReadTotal[0].equals(sparseTopic.getId())) {
            sparseTopic.setReadMessages((Integer) topicReadTotal[1]);
          }
        }

        List<SparseAttachment> attachments = new ArrayList<SparseAttachment>();
        for (Attachment attachment : (List<Attachment>) fatTopic.getAttachments()) {
          String url =
              developerHelperService.getServerURL()
                  + "/access/content"
                  + attachment.getAttachmentId();
          attachments.add(new SparseAttachment(attachment.getAttachmentName(), url));
        }
        sparseTopic.setAttachments(attachments);

        sparseTopics.add(sparseTopic);
      }

      sparseForum.setTopics(sparseTopics);

      return sparseForum;
    } else {
      LOG.error("Not authorised to access forum '" + forumId + "'");
      throw new EntityException(
          "You are not authorised to access this forum.", "", HttpServletResponse.SC_UNAUTHORIZED);
    }
  }