Exemple #1
0
  public void saveMedia(String agent, String mediaLocation) {
    try {

      SecurityService.pushAdvisor(
          new SecurityAdvisor() {
            public SecurityAdvice isAllowed(String userId, String function, String reference) {
              return SecurityAdvice.ALLOWED;
            }
          });
      File media = new File(mediaLocation);
      byte[] mediaByte = getMediaStream(mediaLocation);
      String mimeType = MimeTypesLocator.getInstance().getContentType(media);

      String fullname = media.getName().trim();
      String collectionId = getPrivateCollection();
      currentItem.setImageMapSrc("/access/content" + collectionId + fullname);

      ResourcePropertiesEdit resourceProperties =
          AssessmentService.getContentHostingService().newResourceProperties();
      resourceProperties.addProperty(ResourceProperties.PROP_DISPLAY_NAME, fullname);

      AssessmentService.getContentHostingService()
          .addResource(
              collectionId + fullname,
              mimeType,
              mediaByte,
              resourceProperties,
              NotificationService.NOTI_NONE);
    } catch (Exception e) {
      log.warn(e);
    } finally {
      SecurityService.popAdvisor();
    }
  }
 /** Setup a security advisor. */
 public void pushAdvisor() {
   // setup a security advisor
   SecurityService.pushAdvisor(
       new SecurityAdvisor() {
         public SecurityAdvice isAllowed(String userId, String function, String reference) {
           return SecurityAdvice.ALLOWED;
         }
       });
 }
  public void doPresence(
      HttpServletRequest req,
      HttpServletResponse res,
      Session session,
      String siteId,
      String toolContextPath,
      String toolPathInfo)
      throws ToolException, IOException {
    // permission check - visit the site
    Site site = null;
    try {
      Set<SecurityAdvisor> advisors =
          (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
      if (advisors != null) {
        for (SecurityAdvisor advisor : advisors) {
          SecurityService.pushAdvisor(advisor);
          // session.removeAttribute("sitevisit.security.advisor");
        }
      }
      site = SiteService.getSiteVisit(siteId);
    } catch (IdUnusedException e) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    } catch (PermissionException e) {
      // if not logged in, give them a chance
      if (session.getUserId() == null) {
        portal.doLogin(req, res, session, req.getPathInfo(), false);
      } else {
        portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      }
      return;
    }

    // get the skin for the site
    String skin = site.getSkin();

    // find the tool registered for this
    ActiveTool tool = ActiveToolManager.getActiveTool("sakai.presence");
    if (tool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // form a placement based on the site and the fact that this is that
    // site's presence...
    // Note: the placement is transient, but will always have the same id
    // and context based on the siteId
    Placement placement =
        new org.sakaiproject.util.Placement(
            siteId + "-presence", tool.getId(), tool, null, siteId, null);

    portal.forwardTool(tool, req, res, placement, skin, toolContextPath, toolPathInfo);
  }
 /**
  * Establish a security advisor to allow the "embedded" azg work to occur with no need for
  * additional security permissions.
  */
 protected void enableSecurityAdvisorToGetAnnouncement() {
   // put in a security advisor so we can do our podcast work without need
   // of further permissions
   SecurityService.pushAdvisor(
       new SecurityAdvisor() {
         public SecurityAdvice isAllowed(String userId, String function, String reference) {
           if (function.equals(AnnouncementService.SECURE_ANNC_READ)
               || function.equals(ContentHostingService.AUTH_RESOURCE_READ)) // SAK-23300
           return SecurityAdvice.ALLOWED;
           else return SecurityAdvice.PASS;
         }
       });
 }
  public void doTool(
      HttpServletRequest req,
      HttpServletResponse res,
      Session session,
      String placementId,
      String toolContextPath,
      String toolPathInfo)
      throws ToolException, IOException {

    if (portal.redirectIfLoggedOut(res)) return;

    // find the tool from some site
    ToolConfiguration siteTool = SiteService.findTool(placementId);
    if (siteTool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // Reset the tool state if requested
    if ("true".equals(req.getParameter(portalService.getResetStateParam()))
        || "true".equals(portalService.getResetState())) {
      Session s = SessionManager.getCurrentSession();
      ToolSession ts = s.getToolSession(placementId);
      ts.clearAttributes();
    }

    // find the tool registered for this
    ActiveTool tool = ActiveToolManager.getActiveTool(siteTool.getToolId());
    if (tool == null) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    // permission check - visit the site (unless the tool is configured to
    // bypass)
    Site site = null;
    if (tool.getAccessSecurity() == Tool.AccessSecurity.PORTAL) {
      try {
        Set<SecurityAdvisor> advisors =
            (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor");
        if (advisors != null) {
          for (SecurityAdvisor advisor : advisors) {
            SecurityService.pushAdvisor(advisor);
            // session.removeAttribute("sitevisit.security.advisor");
          }
        }
        site = SiteService.getSiteVisit(siteTool.getSiteId());
      } catch (IdUnusedException e) {
        portal.doError(req, res, session, Portal.ERROR_WORKSITE);
        return;
      } catch (PermissionException e) {
        // if not logged in, give them a chance
        if (session.getUserId() == null) {
          portal.doLogin(req, res, session, req.getPathInfo(), false);
        } else {
          portal.doError(req, res, session, Portal.ERROR_WORKSITE);
        }
        return;
      }
    }

    // Check to see if the tool is visible
    if (!isToolVisible(site, siteTool)) {
      portal.doError(req, res, session, Portal.ERROR_WORKSITE);
      return;
    }

    if (portal.isPortletPlacement(siteTool)) {

      String siteType = portal.calcSiteType(siteTool.getSiteId());

      // form a context sensitive title
      String title =
          ServerConfigurationService.getString("ui.service")
              + " : "
              + site.getTitle()
              + " : "
              + siteTool.getTitle();

      PortalRenderContext rcontext =
          portal.startPageContext(siteType, title, siteTool.getSkin(), req);

      Map m = portal.includeTool(res, req, siteTool);
      rcontext.put("tool", m);

      portal.sendResponse(rcontext, res, "tool", null);

    } else {
      portal.forwardTool(
          tool, req, res, siteTool, siteTool.getSkin(), toolContextPath, toolPathInfo);
    }
  }