View Javadoc
1   /*
2    * Copyright 2009 The Kuali Foundation
3    * 
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    * http://www.opensource.org/licenses/ecl2.php
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.ole.sys.web.struts;
17  
18  import java.io.File;
19  import java.io.FileInputStream;
20  import java.io.InputStream;
21  import java.text.MessageFormat;
22  
23  import javax.servlet.http.HttpServletRequest;
24  import javax.servlet.http.HttpServletResponse;
25  
26  import org.apache.commons.io.IOUtils;
27  import org.apache.struts.action.ActionForm;
28  import org.apache.struts.action.ActionForward;
29  import org.apache.struts.action.ActionMapping;
30  import org.kuali.ole.sys.OLEConstants;
31  import org.kuali.ole.sys.OLEKeyConstants;
32  import org.kuali.ole.sys.batch.BatchFile;
33  import org.kuali.ole.sys.batch.BatchFileUtils;
34  import org.kuali.ole.sys.batch.service.BatchFileAdminAuthorizationService;
35  import org.kuali.ole.sys.context.SpringContext;
36  import org.kuali.rice.core.api.config.property.ConfigurationService;
37  import org.kuali.rice.core.api.util.RiceConstants;
38  import org.kuali.rice.kns.question.ConfirmationQuestion;
39  import org.kuali.rice.kns.web.struts.action.KualiAction;
40  import org.kuali.rice.krad.exception.AuthorizationException;
41  import org.kuali.rice.krad.util.GlobalVariables;
42  import org.kuali.rice.krad.util.KRADConstants;
43  
44  public class KualiBatchFileAdminAction extends KualiAction {
45      public ActionForward download(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
46          KualiBatchFileAdminForm fileAdminForm = (KualiBatchFileAdminForm) form;
47          String filePath = BatchFileUtils.resolvePathToAbsolutePath(fileAdminForm.getFilePath());
48          File file = new File(filePath).getAbsoluteFile();
49          
50          if (!file.exists() || !file.isFile()) {
51              throw new RuntimeException("Error: non-existent file or directory provided");
52          }
53          File containingDirectory = file.getParentFile();
54          if (!BatchFileUtils.isDirectoryAccessible(containingDirectory.getAbsolutePath())) {
55              throw new RuntimeException("Error: inaccessible directory provided");
56          }
57          
58          BatchFile batchFile = new BatchFile();
59          batchFile.setFile(file);
60          if (!SpringContext.getBean(BatchFileAdminAuthorizationService.class).canDownload(batchFile, GlobalVariables.getUserSession().getPerson())) {
61              throw new RuntimeException("Error: not authorized to download file");
62          }
63          
64          response.setContentType("application/octet-stream");
65          response.setHeader("Content-disposition", "attachment; filename=" + file.getName());
66          response.setHeader("Expires", "0");
67          response.setHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
68          response.setHeader("Pragma", "public");
69          response.setContentLength((int) file.length());
70  
71          InputStream fis = new FileInputStream(file);
72          IOUtils.copy(fis, response.getOutputStream());
73          response.getOutputStream().flush();
74          return null;
75      }
76      
77      public ActionForward delete(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
78          KualiBatchFileAdminForm fileAdminForm = (KualiBatchFileAdminForm) form;
79          String filePath = BatchFileUtils.resolvePathToAbsolutePath(fileAdminForm.getFilePath());
80          File file = new File(filePath).getAbsoluteFile();
81          
82          ConfigurationService kualiConfigurationService = SpringContext.getBean(ConfigurationService.class);
83          
84          if (!file.exists() || !file.isFile()) {
85              throw new RuntimeException("Error: non-existent file or directory provided");
86          }
87          File containingDirectory = file.getParentFile();
88          if (!BatchFileUtils.isDirectoryAccessible(containingDirectory.getAbsolutePath())) {
89              throw new RuntimeException("Error: inaccessible directory provided");
90          }
91          
92          BatchFile batchFile = new BatchFile();
93          batchFile.setFile(file);
94          if (!SpringContext.getBean(BatchFileAdminAuthorizationService.class).canDelete(batchFile, GlobalVariables.getUserSession().getPerson())) {
95              throw new RuntimeException("Error: not authorized to delete file");
96          }
97          
98          String displayFileName = BatchFileUtils.pathRelativeToRootDirectory(file.getAbsolutePath());
99          
100         Object question = request.getParameter(OLEConstants.QUESTION_INST_ATTRIBUTE_NAME);
101         if (question == null) {
102             String questionText = kualiConfigurationService.getPropertyValueAsString(OLEKeyConstants.QUESTION_BATCH_FILE_ADMIN_DELETE_CONFIRM);
103             questionText = MessageFormat.format(questionText, displayFileName);
104             return performQuestionWithoutInput(mapping, fileAdminForm, request, response, "confirmDelete", questionText,
105                     KRADConstants.CONFIRMATION_QUESTION, "delete", fileAdminForm.getFilePath());
106         }
107         else {
108             Object buttonClicked = request.getParameter(OLEConstants.QUESTION_CLICKED_BUTTON);
109             if ("confirmDelete".equals(question)) {
110                 String status = null;
111                 if (ConfirmationQuestion.YES.equals(buttonClicked)) {
112                     try {
113                         file.delete();
114                         status = kualiConfigurationService.getPropertyValueAsString(OLEKeyConstants.MESSAGE_BATCH_FILE_ADMIN_DELETE_SUCCESSFUL);
115                         status = MessageFormat.format(status, displayFileName);
116                     }
117                     catch (SecurityException e) {
118                         status = kualiConfigurationService.getPropertyValueAsString(OLEKeyConstants.MESSAGE_BATCH_FILE_ADMIN_DELETE_ERROR);
119                         status = MessageFormat.format(status, displayFileName);
120                     }
121                 }
122                 else if (ConfirmationQuestion.NO.equals(buttonClicked)) {
123                     status = kualiConfigurationService.getPropertyValueAsString(OLEKeyConstants.MESSAGE_BATCH_FILE_ADMIN_DELETE_CANCELLED);
124                     status = MessageFormat.format(status, displayFileName);
125                 }
126                 if (status != null) {
127                     request.setAttribute("status", status);
128                     return mapping.findForward(RiceConstants.MAPPING_BASIC);
129                 }
130             }
131             throw new RuntimeException("Unrecognized question: " + question + " or response: " + buttonClicked);
132         }
133     }
134 
135     /**
136      * @see org.kuali.rice.kns.web.struts.action.KualiAction#checkAuthorization(org.apache.struts.action.ActionForm, java.lang.String)
137      */
138     @Override
139     protected void checkAuthorization(ActionForm form, String methodToCall) throws AuthorizationException {
140         // do nothing... authorization is integrated into action handler
141     }
142 }