@RequestMapping( value = "/admin/search-reindex", method = RequestMethod.POST, params = "action=current") public ModelAndView reindexCurrentMonth(ServletRequest request) throws Exception { Template tmpl = Template.getTemplate(request); Connection db = LorDataSource.getConnection(); try { if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } tmpl.getCurrentUser().checkDelete(); Calendar current = Calendar.getInstance(); for (int i = 0; i < 3; i++) { searchQueueSender.updateMonth(current.get(Calendar.YEAR), current.get(Calendar.MONTH) + 1); current.add(Calendar.MONTH, -1); } return new ModelAndView("action-done", "message", "Scheduled reindex last 3 month"); } finally { JdbcUtils.closeConnection(db); } }
@RequestMapping( value = "/memories.jsp", params = {"remove"}, method = RequestMethod.POST) public @ResponseBody void remove(ServletRequest request, @RequestParam("id") int id) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } User user = tmpl.getCurrentUser(); user.checkBlocked(); user.checkAnonymous(); MemoriesListItem m = memoriesDao.getMemoriesListItem(id); if (m != null) { if (m.getUserid() != user.getId()) { throw new AccessViolationException("Нельзя удалить чужую запись"); } memoriesDao.delete(id); } }
@RequestMapping(value = "/remove-userpic.jsp", method = RequestMethod.POST) public ModelAndView removeUserpic(ServletRequest request, @RequestParam("id") User user) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not autorized"); } User currentUser = tmpl.getCurrentUser(); if (!currentUser.isModerator() && currentUser.getId() != user.getId()) { throw new AccessViolationException("Not permitted"); } if (user.isModerator()) { throw new AccessViolationException( "Пользователю " + user.getNick() + " нельзя удалить картинку"); } if (user.getPhoto() == null) { throw new AccessViolationException("Пользователь " + user.getNick() + " картинки не имеет"); } if (userDao.removePhoto(user, currentUser)) { logger.info("Clearing " + user.getNick() + " userpic by " + currentUser.getNick()); } else { logger.debug("SKIP Clearing " + user.getNick() + " userpic by " + currentUser.getNick()); } return redirectToProfile(user); }
@RequestMapping(method = RequestMethod.GET) public ModelAndView show( @ModelAttribute("form") EditRegisterRequest form, @PathVariable String nick, HttpServletRequest request, HttpServletResponse response) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } if (!tmpl.getNick().equals(nick)) { throw new AccessViolationException("Not authorized"); } User user = tmpl.getCurrentUser(); UserInfo userInfo = userDao.getUserInfoClass(user); ModelAndView mv = new ModelAndView("edit-reg"); form.setEmail(user.getEmail()); form.setUrl(userInfo.getUrl()); form.setTown(userInfo.getTown()); form.setName(user.getName()); form.setInfo(StringEscapeUtils.unescapeHtml(userDao.getUserInfo(user))); response.setHeader("Cache-Control", "no-store, no-cache, must-revalidate"); return mv; }
@RequestMapping(method = RequestMethod.POST) public ModelAndView editProfile(ServletRequest request) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } String profile = tmpl.getNick(); int topics = Integer.parseInt(request.getParameter("topics")); int messages = Integer.parseInt(request.getParameter("messages")); int tags = Integer.parseInt(request.getParameter("tags")); if (topics <= 0 || topics > 500) { throw new BadInputException("некорректное число тем"); } if (messages <= 0 || messages > 1000) { throw new BadInputException("некорректное число сообщений"); } if (tags <= 0 || tags > 100) { throw new BadInputException("некорректное число меток в облаке"); } if (!DefaultProfile.getStyleList().contains(request.getParameter("style"))) { throw new BadInputException("неправльное название темы"); } tmpl.getProf().setTopics(topics); tmpl.getProf().setMessages(messages); tmpl.getProf().setTags(tags); tmpl.getProf().setShowNewFirst("on".equals(request.getParameter("newfirst"))); tmpl.getProf().setShowPhotos("on".equals(request.getParameter("photos"))); tmpl.getProf().setHideAdsense("on".equals(request.getParameter("hideAdsense"))); tmpl.getProf().setShowGalleryOnMain("on".equals(request.getParameter("mainGallery"))); tmpl.getProf().setFormatMode(request.getParameter("format_mode")); tmpl.getProf().setStyle(request.getParameter("style")); // TODO убрать как только userDao.setStyle(tmpl.getCurrentUser(), request.getParameter("style")); tmpl.getProf().setShowSocial("on".equals(request.getParameter("showSocial"))); String avatar = request.getParameter("avatar"); if (!DefaultProfile.getAvatars().contains(avatar)) { throw new BadInputException("invalid avatar value"); } tmpl.getProf().setAvatarMode(avatar); tmpl.getProf().setThreeColumnsOnMain("on".equals(request.getParameter("3column"))); tmpl.getProf().setShowAnonymous("on".equals(request.getParameter("showanonymous"))); tmpl.getProf().setUseHover("on".equals(request.getParameter("hover"))); tmpl.writeProfile(profile); return new ModelAndView(new RedirectView("/")); }
@RequestMapping(method = RequestMethod.GET) public ModelAndView showForm(ServletRequest request) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } return new ModelAndView("edit-profile"); }
@RequestMapping( value = "/admin/search-reindex", method = RequestMethod.POST, params = "action=all") public ModelAndView reindexAll(ServletRequest request) throws Exception { Template tmpl = Template.getTemplate(request); Connection db = LorDataSource.getConnection(); try { if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } tmpl.getCurrentUser().checkDelete(); Statement st = db.createStatement(); ResultSet rs = st.executeQuery("SELECT min(postdate) FROM topics WHERE postdate!='epoch'::timestamp"); if (!rs.next()) { throw new RuntimeException("no topics?!"); } Timestamp startDate = rs.getTimestamp(1); rs.close(); st.close(); Calendar start = Calendar.getInstance(); start.setTime(startDate); start.set(Calendar.DAY_OF_MONTH, 1); start.set(Calendar.HOUR, 0); start.set(Calendar.MINUTE, 0); for (Calendar i = Calendar.getInstance(); i.after(start); i.add(Calendar.MONTH, -1)) { searchQueueSender.updateMonth(i.get(Calendar.YEAR), i.get(Calendar.MONTH) + 1); } searchQueueSender.updateMonth(1970, 1); return new ModelAndView("action-done", "message", "Scheduled reindex"); } finally { JdbcUtils.closeConnection(db); } }
@ModelAttribute("filters") public static List<TrackerFilterEnum> getFilter(HttpServletRequest request) { Template tmpl = Template.getTemplate(request); if (tmpl.isSessionAuthorized()) { return Arrays.asList(TrackerFilterEnum.values()); } else { List<TrackerFilterEnum> trackerFilters = new ArrayList<>(); for (TrackerFilterEnum trackerFilter : TrackerFilterEnum.values()) { if ("mine".equals(trackerFilter.getValue())) { continue; } trackerFilters.add(trackerFilter); } return trackerFilters; } }
@RequestMapping("/people/{nick}/remarks") public ModelAndView showRemarks( ServletRequest request, @PathVariable String nick, @RequestParam(value = "offset", defaultValue = "0") int offset, @RequestParam(value = "sort", defaultValue = "0") int sortorder) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized() || !tmpl.getCurrentUser().getNick().equals(nick)) { throw new AccessViolationException("Not authorized"); } int count = userDao.getRemarkCount(tmpl.getCurrentUser()); ModelAndView mv = new ModelAndView("view-remarks"); int limit = tmpl.getProf().getMessages(); if (count > 0) { if (offset >= count) { throw new UserErrorException("Offset is too long"); } if (offset < 0) offset = 0; if (sortorder != 1) { sortorder = 0; mv.getModel().put("sortorder", ""); } else { mv.getModel().put("sortorder", "&sort=1"); } List<Remark> remarks = userDao.getRemarkList(tmpl.getCurrentUser(), offset, sortorder, limit); List<PreparedRemark> preparedRemarks = prepareService.prepareRemarkList(remarks); mv.getModel().put("remarks", preparedRemarks); } else { mv.getModel().put("remarks", ImmutableList.of()); } mv.getModel().put("offset", offset); mv.getModel().put("limit", limit); mv.getModel().put("hasMore", (count > (offset + limit))); return mv; }
@RequestMapping( value = "/memories.jsp", params = {"add"}, method = RequestMethod.POST) public @ResponseBody Integer add(ServletRequest request, @RequestParam("msgid") int msgid) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } User user = tmpl.getCurrentUser(); user.checkBlocked(); user.checkAnonymous(); Topic topic = messageDao.getById(msgid); if (topic.isDeleted()) { throw new UserErrorException("Тема удалена"); } return memoriesDao.addToMemories(user.getId(), topic.getId()); }
@RequestMapping(method = RequestMethod.POST) public ModelAndView edit( HttpServletRequest request, @Valid @ModelAttribute("form") EditRegisterRequest form, Errors errors) throws Exception { Template tmpl = Template.getTemplate(request); if (!tmpl.isSessionAuthorized()) { throw new AccessViolationException("Not authorized"); } String nick = tmpl.getNick(); String password = Strings.emptyToNull(form.getPassword()); if (password != null && password.equalsIgnoreCase(nick)) { errors.reject(null, "пароль не может совпадать с логином"); } InternetAddress mail = null; if (!Strings.isNullOrEmpty(form.getEmail())) { try { mail = new InternetAddress(form.getEmail()); } catch (AddressException e) { errors.rejectValue("email", null, "Некорректный e-mail: " + e.getMessage()); } } String url = null; if (!Strings.isNullOrEmpty(form.getUrl())) { url = URLUtil.fixURL(form.getUrl()); } String name = Strings.emptyToNull(form.getName()); if (name != null) { name = StringUtil.escapeHtml(name); } String town = null; if (!Strings.isNullOrEmpty(form.getTown())) { town = StringUtil.escapeHtml(form.getTown()); } String info = null; if (!Strings.isNullOrEmpty(form.getInfo())) { info = StringUtil.escapeHtml(form.getInfo()); } ipBlockDao.checkBlockIP(request.getRemoteAddr(), errors, tmpl.getCurrentUser()); boolean emailChanged = false; User user = userDao.getUser(nick); if (Strings.isNullOrEmpty(form.getOldpass())) { errors.rejectValue("oldpass", null, "Для изменения регистрации нужен ваш пароль"); } else if (!user.matchPassword(form.getOldpass())) { errors.rejectValue("oldpass", null, "Неверный пароль"); } user.checkAnonymous(); String newEmail = null; if (mail != null) { if (user.getEmail() != null && user.getEmail().equals(form.getEmail())) { newEmail = null; } else { if (userDao.getByEmail(mail.getAddress(), false) != null) { errors.rejectValue("email", null, "такой email уже используется"); } newEmail = mail.getAddress(); emailChanged = true; } } if (!errors.hasErrors()) { userDao.updateUser(user, name, url, newEmail, town, password, info); if (emailChanged) { emailService.sendEmail(user.getNick(), mail.getAddress(), false); } } else { return new ModelAndView("edit-reg"); } if (emailChanged) { String msg = "Обновление регистрации прошло успешно. Ожидайте письма с кодом активации смены email."; return new ModelAndView("action-done", "message", msg); } else { return new ModelAndView(new RedirectView("/people/" + nick + "/profile")); } }
@RequestMapping("/tracker") public ModelAndView tracker( @RequestParam(value = "filter", defaultValue = "all") String filterAction, @RequestParam(value = "offset", required = false) Integer offset, HttpServletRequest request) throws Exception { if (offset == null) { offset = 0; } else { if (offset < 0 || offset > 300) { throw new UserErrorException("Некорректное значение offset"); } } TrackerFilterEnum trackerFilter = getFilterValue(filterAction); Map<String, Object> params = new HashMap<>(); params.put("mine", trackerFilter == TrackerFilterEnum.MINE); params.put("offset", offset); params.put("filter", trackerFilter.getValue()); if (trackerFilter != TrackerFilterEnum.ALL) { params.put("addition_query", "&filter=" + trackerFilter.getValue()); } else { params.put("addition_query", ""); } Calendar calendar = Calendar.getInstance(); calendar.setTime(new Date()); if (trackerFilter == TrackerFilterEnum.MINE) { calendar.add(Calendar.MONTH, -6); } else { calendar.add(Calendar.HOUR, -24); } Timestamp dateLimit = new Timestamp(calendar.getTimeInMillis()); Template tmpl = Template.getTemplate(request); int messages = tmpl.getProf().getMessages(); int topics = tmpl.getProf().getTopics(); params.put("topics", topics); User user = tmpl.getCurrentUser(); if (trackerFilter == TrackerFilterEnum.MINE) { if (!tmpl.isSessionAuthorized()) { throw new UserErrorException("Not authorized"); } params.put("title", "Последние сообщения (мои темы)"); } else { params.put("title", "Последние сообщения"); } params.put( "msgs", trackerDao.getTrackAll(trackerFilter, user, dateLimit, topics, offset, messages)); if (tmpl.isModeratorSession() && trackerFilter != TrackerFilterEnum.MINE) { params.put("newUsers", userDao.getNewUsers()); params.put("deleteStats", deleteInfoDao.getRecentStats()); } return new ModelAndView("tracker", params); }