public void saveMedia(String agent, String mediaLocation) { try { SecurityService.pushAdvisor( new SecurityAdvisor() { public SecurityAdvice isAllowed(String userId, String function, String reference) { return SecurityAdvice.ALLOWED; } }); File media = new File(mediaLocation); byte[] mediaByte = getMediaStream(mediaLocation); String mimeType = MimeTypesLocator.getInstance().getContentType(media); String fullname = media.getName().trim(); String collectionId = getPrivateCollection(); currentItem.setImageMapSrc("/access/content" + collectionId + fullname); ResourcePropertiesEdit resourceProperties = AssessmentService.getContentHostingService().newResourceProperties(); resourceProperties.addProperty(ResourceProperties.PROP_DISPLAY_NAME, fullname); AssessmentService.getContentHostingService() .addResource( collectionId + fullname, mimeType, mediaByte, resourceProperties, NotificationService.NOTI_NONE); } catch (Exception e) { log.warn(e); } finally { SecurityService.popAdvisor(); } }
/** Setup a security advisor. */ public void pushAdvisor() { // setup a security advisor SecurityService.pushAdvisor( new SecurityAdvisor() { public SecurityAdvice isAllowed(String userId, String function, String reference) { return SecurityAdvice.ALLOWED; } }); }
public void doPresence( HttpServletRequest req, HttpServletResponse res, Session session, String siteId, String toolContextPath, String toolPathInfo) throws ToolException, IOException { // permission check - visit the site Site site = null; try { Set<SecurityAdvisor> advisors = (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor"); if (advisors != null) { for (SecurityAdvisor advisor : advisors) { SecurityService.pushAdvisor(advisor); // session.removeAttribute("sitevisit.security.advisor"); } } site = SiteService.getSiteVisit(siteId); } catch (IdUnusedException e) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } catch (PermissionException e) { // if not logged in, give them a chance if (session.getUserId() == null) { portal.doLogin(req, res, session, req.getPathInfo(), false); } else { portal.doError(req, res, session, Portal.ERROR_WORKSITE); } return; } // get the skin for the site String skin = site.getSkin(); // find the tool registered for this ActiveTool tool = ActiveToolManager.getActiveTool("sakai.presence"); if (tool == null) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } // form a placement based on the site and the fact that this is that // site's presence... // Note: the placement is transient, but will always have the same id // and context based on the siteId Placement placement = new org.sakaiproject.util.Placement( siteId + "-presence", tool.getId(), tool, null, siteId, null); portal.forwardTool(tool, req, res, placement, skin, toolContextPath, toolPathInfo); }
/** * Establish a security advisor to allow the "embedded" azg work to occur with no need for * additional security permissions. */ protected void enableSecurityAdvisorToGetAnnouncement() { // put in a security advisor so we can do our podcast work without need // of further permissions SecurityService.pushAdvisor( new SecurityAdvisor() { public SecurityAdvice isAllowed(String userId, String function, String reference) { if (function.equals(AnnouncementService.SECURE_ANNC_READ) || function.equals(ContentHostingService.AUTH_RESOURCE_READ)) // SAK-23300 return SecurityAdvice.ALLOWED; else return SecurityAdvice.PASS; } }); }
public void doTool( HttpServletRequest req, HttpServletResponse res, Session session, String placementId, String toolContextPath, String toolPathInfo) throws ToolException, IOException { if (portal.redirectIfLoggedOut(res)) return; // find the tool from some site ToolConfiguration siteTool = SiteService.findTool(placementId); if (siteTool == null) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } // Reset the tool state if requested if ("true".equals(req.getParameter(portalService.getResetStateParam())) || "true".equals(portalService.getResetState())) { Session s = SessionManager.getCurrentSession(); ToolSession ts = s.getToolSession(placementId); ts.clearAttributes(); } // find the tool registered for this ActiveTool tool = ActiveToolManager.getActiveTool(siteTool.getToolId()); if (tool == null) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } // permission check - visit the site (unless the tool is configured to // bypass) Site site = null; if (tool.getAccessSecurity() == Tool.AccessSecurity.PORTAL) { try { Set<SecurityAdvisor> advisors = (Set<SecurityAdvisor>) session.getAttribute("sitevisit.security.advisor"); if (advisors != null) { for (SecurityAdvisor advisor : advisors) { SecurityService.pushAdvisor(advisor); // session.removeAttribute("sitevisit.security.advisor"); } } site = SiteService.getSiteVisit(siteTool.getSiteId()); } catch (IdUnusedException e) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } catch (PermissionException e) { // if not logged in, give them a chance if (session.getUserId() == null) { portal.doLogin(req, res, session, req.getPathInfo(), false); } else { portal.doError(req, res, session, Portal.ERROR_WORKSITE); } return; } } // Check to see if the tool is visible if (!isToolVisible(site, siteTool)) { portal.doError(req, res, session, Portal.ERROR_WORKSITE); return; } if (portal.isPortletPlacement(siteTool)) { String siteType = portal.calcSiteType(siteTool.getSiteId()); // form a context sensitive title String title = ServerConfigurationService.getString("ui.service") + " : " + site.getTitle() + " : " + siteTool.getTitle(); PortalRenderContext rcontext = portal.startPageContext(siteType, title, siteTool.getSkin(), req); Map m = portal.includeTool(res, req, siteTool); rcontext.put("tool", m); portal.sendResponse(rcontext, res, "tool", null); } else { portal.forwardTool( tool, req, res, siteTool, siteTool.getSkin(), toolContextPath, toolPathInfo); } }