public void saveMedia(String agent, String mediaLocation) {
try {
SecurityService.pushAdvisor(
new SecurityAdvisor() {
public SecurityAdvice isAllowed(String userId, String function, String reference) {
return SecurityAdvice.ALLOWED;
}
});
File media = new File(mediaLocation);
byte[] mediaByte = getMediaStream(mediaLocation);
String mimeType = MimeTypesLocator.getInstance().getContentType(media);
String fullname = media.getName().trim();
String collectionId = getPrivateCollection();
currentItem.setImageMapSrc("/access/content" + collectionId + fullname);
ResourcePropertiesEdit resourceProperties =
AssessmentService.getContentHostingService().newResourceProperties();
resourceProperties.addProperty(ResourceProperties.PROP_DISPLAY_NAME, fullname);
AssessmentService.getContentHostingService()
.addResource(
collectionId + fullname,
mimeType,
mediaByte,
resourceProperties,
NotificationService.NOTI_NONE);
} catch (Exception e) {
log.warn(e);
} finally {
SecurityService.popAdvisor();
}
}
/** Setup a security advisor. */
public void pushAdvisor() {
// setup a security advisor
SecurityService.pushAdvisor(
new SecurityAdvisor() {
public SecurityAdvice isAllowed(String userId, String function, String reference) {
return SecurityAdvice.ALLOWED;
}
});
}
public void doPresence(
HttpServletRequest req,
HttpServletResponse res,
Session session,
String siteId,
String toolContextPath,
String toolPathInfo)
throws ToolException, IOException {
// permission check - visit the site
Site site = null;
try {
Set<SecurityAdvisor> advisors =
(Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
if (advisors != null) {
for (SecurityAdvisor advisor : advisors) {
SecurityService.pushAdvisor(advisor);
// session.removeAttribute("sitevisit.security.advisor");
}
}
site = SiteService.getSiteVisit(siteId);
} catch (IdUnusedException e) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
} catch (PermissionException e) {
// if not logged in, give them a chance
if (session.getUserId() == null) {
portal.doLogin(req, res, session, req.getPathInfo(), false);
} else {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
}
return;
}
// get the skin for the site
String skin = site.getSkin();
// find the tool registered for this
ActiveTool tool = ActiveToolManager.getActiveTool("sakai.presence");
if (tool == null) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
}
// form a placement based on the site and the fact that this is that
// site's presence...
// Note: the placement is transient, but will always have the same id
// and context based on the siteId
Placement placement =
new org.sakaiproject.util.Placement(
siteId + "-presence", tool.getId(), tool, null, siteId, null);
portal.forwardTool(tool, req, res, placement, skin, toolContextPath, toolPathInfo);
}
/**
* Establish a security advisor to allow the "embedded" azg work to occur with no need for
* additional security permissions.
*/
protected void enableSecurityAdvisorToGetAnnouncement() {
// put in a security advisor so we can do our podcast work without need
// of further permissions
SecurityService.pushAdvisor(
new SecurityAdvisor() {
public SecurityAdvice isAllowed(String userId, String function, String reference) {
if (function.equals(AnnouncementService.SECURE_ANNC_READ)
|| function.equals(ContentHostingService.AUTH_RESOURCE_READ)) // SAK-23300
return SecurityAdvice.ALLOWED;
else return SecurityAdvice.PASS;
}
});
}
public void doTool(
HttpServletRequest req,
HttpServletResponse res,
Session session,
String placementId,
String toolContextPath,
String toolPathInfo)
throws ToolException, IOException {
if (portal.redirectIfLoggedOut(res)) return;
// find the tool from some site
ToolConfiguration siteTool = SiteService.findTool(placementId);
if (siteTool == null) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
}
// Reset the tool state if requested
if ("true".equals(req.getParameter(portalService.getResetStateParam()))
|| "true".equals(portalService.getResetState())) {
Session s = SessionManager.getCurrentSession();
ToolSession ts = s.getToolSession(placementId);
ts.clearAttributes();
}
// find the tool registered for this
ActiveTool tool = ActiveToolManager.getActiveTool(siteTool.getToolId());
if (tool == null) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
}
// permission check - visit the site (unless the tool is configured to
// bypass)
Site site = null;
if (tool.getAccessSecurity() == Tool.AccessSecurity.PORTAL) {
try {
Set<SecurityAdvisor> advisors =
(Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
if (advisors != null) {
for (SecurityAdvisor advisor : advisors) {
SecurityService.pushAdvisor(advisor);
// session.removeAttribute("sitevisit.security.advisor");
}
}
site = SiteService.getSiteVisit(siteTool.getSiteId());
} catch (IdUnusedException e) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
} catch (PermissionException e) {
// if not logged in, give them a chance
if (session.getUserId() == null) {
portal.doLogin(req, res, session, req.getPathInfo(), false);
} else {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
}
return;
}
}
// Check to see if the tool is visible
if (!isToolVisible(site, siteTool)) {
portal.doError(req, res, session, Portal.ERROR_WORKSITE);
return;
}
if (portal.isPortletPlacement(siteTool)) {
String siteType = portal.calcSiteType(siteTool.getSiteId());
// form a context sensitive title
String title =
ServerConfigurationService.getString("ui.service")
+ " : "
+ site.getTitle()
+ " : "
+ siteTool.getTitle();
PortalRenderContext rcontext =
portal.startPageContext(siteType, title, siteTool.getSkin(), req);
Map m = portal.includeTool(res, req, siteTool);
rcontext.put("tool", m);
portal.sendResponse(rcontext, res, "tool", null);
} else {
portal.forwardTool(
tool, req, res, siteTool, siteTool.getSkin(), toolContextPath, toolPathInfo);
}
}