Coverage Report

Coverage Report - org.kuali.rice.kns.web.struts.action.BackdoorAction

Classes in this File

Line Coverage

Branch Coverage

Complexity

BackdoorAction

0/51

0/10

1.727

 /*
  * Copyright 2006-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kns.web.struts.action;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
 import org.kuali.rice.core.api.exception.RiceRuntimeException;
 import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
 import org.kuali.rice.core.util.AttributeSet;
 import org.kuali.rice.kew.util.KEWConstants;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.kuali.rice.kim.util.KimConstants;
 import org.kuali.rice.kns.UserSession;
 import org.kuali.rice.kns.util.GlobalVariables;
 import org.kuali.rice.kns.util.KNSConstants;
 import org.kuali.rice.kns.web.struts.form.BackdoorForm;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 
 /**
  * A Struts Action which permits a user to execute a backdoor login to masquerade
  * as another user.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class BackdoorAction extends KualiAction {
 
     private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
 
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm form,
             HttpServletRequest request, HttpServletResponse response)
             throws Exception {
         this.initForm(request, form);
         return super.execute(mapping, form, request, response);
     }
 
     public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("menu");
         return mapping.findForward("basic");
     }
 
     @Override
     public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
             return portal(mapping, form, request, response);
     }
     
     public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("start");
         return portal(mapping, form, request, response);
     }
 
     public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
             LOG.debug("portal started");
             return mapping.findForward("viewPortal");
     }
 
     public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("administration");
         return mapping.findForward("administration");
     }
 
     public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("logout");
         
         String forward = "viewPortal";
         UserSession uSession = getUserSession(request);
         
         if (uSession.isBackdoorInUse()) {
             uSession.clearBackdoorUser();
             setFormGroupPermission((BackdoorForm)form, request);
             //request.setAttribute("reloadPage","true");
             
             org.kuali.rice.kns.UserSession KnsUserSession;
             KnsUserSession = GlobalVariables.getUserSession();
             KnsUserSession.clearBackdoorUser();
         }
         else {
             forward = "logout";
         }
         
         return mapping.findForward(forward);
     }
 
     public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("login");
         UserSession uSession = getUserSession(request);
         BackdoorForm backdoorForm = (BackdoorForm) form;
 
         //if backdoor Id is empty or equal to currently logged in user, clear backdoor id
         if (uSession.isBackdoorInUse() &&
                 (StringUtils.isEmpty(backdoorForm.getBackdoorId())
                 || uSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
             return logout(mapping, form, request, response);
         }
         
         try {
                 uSession.setBackdoorUser(backdoorForm.getBackdoorId());
         } catch (RiceRuntimeException e) {
                 LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
             request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
             return mapping.findForward("portal");
         }
 
         setFormGroupPermission(backdoorForm, request);
         
         return mapping.findForward("portal");
     }
 
     private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
             // based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
             // split this single action up and I can't pass the methodToCall to the permission check
             AttributeSet permissionDetails = new AttributeSet();
             permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
             permissionDetails.put(KimConstants.AttributeConstants.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
             boolean isAdmin = KimApiServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KNSConstants.KNS_NAMESPACE,        KimConstants.PermissionTemplateNames.USE_SCREEN, permissionDetails, new AttributeSet());
         backdoorForm.setIsAdmin(isAdmin);
     }
 
     public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
             BackdoorForm backdoorForm = (BackdoorForm) form;
 
             Boolean showBackdoorLogin = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean(KEWConstants.KEW_NAMESPACE, KNSConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
         backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
         setFormGroupPermission(backdoorForm, request);
         if (backdoorForm.getGraphic() != null) {
                 request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
         }
     }
 
     public static UserSession getUserSession(HttpServletRequest request) {
         return GlobalVariables.getUserSession();
     }
 }

1		/*
2		* Copyright 2006-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.kns.web.struts.action;
17
18		import org.apache.commons.lang.StringUtils;
19		import org.apache.struts.action.ActionForm;
20		import org.apache.struts.action.ActionForward;
21		import org.apache.struts.action.ActionMapping;
22		import org.kuali.rice.core.api.exception.RiceRuntimeException;
23		import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
24		import org.kuali.rice.core.util.AttributeSet;
25		import org.kuali.rice.kew.util.KEWConstants;
26		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
27		import org.kuali.rice.kim.util.KimConstants;
28		import org.kuali.rice.kns.UserSession;
29		import org.kuali.rice.kns.util.GlobalVariables;
30		import org.kuali.rice.kns.util.KNSConstants;
31		import org.kuali.rice.kns.web.struts.form.BackdoorForm;
32
33		import javax.servlet.http.HttpServletRequest;
34		import javax.servlet.http.HttpServletResponse;
35
36
37		/**
38		* A Struts Action which permits a user to execute a backdoor login to masquerade
39		* as another user.
40		*
41		* @author Kuali Rice Team (rice.collab@kuali.org)
42		*/
43	0	public class BackdoorAction extends KualiAction {
44
45	0	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
46
47		@Override
48		public ActionForward execute(ActionMapping mapping, ActionForm form,
49		HttpServletRequest request, HttpServletResponse response)
50		throws Exception {
51	0	this.initForm(request, form);
52	0	return super.execute(mapping, form, request, response);
53		}
54
55		public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
56	0	LOG.debug("menu");
57	0	return mapping.findForward("basic");
58		}
59
60		@Override
61		public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
62	0	return portal(mapping, form, request, response);
63		}
64
65		public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
66	0	LOG.debug("start");
67	0	return portal(mapping, form, request, response);
68		}
69
70		public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
71	0	LOG.debug("portal started");
72	0	return mapping.findForward("viewPortal");
73		}
74
75		public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
76	0	LOG.debug("administration");
77	0	return mapping.findForward("administration");
78		}
79
80		public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
81	0	LOG.debug("logout");
82
83	0	String forward = "viewPortal";
84	0	UserSession uSession = getUserSession(request);
85
86	0	if (uSession.isBackdoorInUse()) {
87	0	uSession.clearBackdoorUser();
88	0	setFormGroupPermission((BackdoorForm)form, request);
89		//request.setAttribute("reloadPage","true");
90
91		org.kuali.rice.kns.UserSession KnsUserSession;
92	0	KnsUserSession = GlobalVariables.getUserSession();
93	0	KnsUserSession.clearBackdoorUser();
94	0	}
95		else {
96	0	forward = "logout";
97		}
98
99	0	return mapping.findForward(forward);
100		}
101
102		public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
103	0	LOG.debug("login");
104	0	UserSession uSession = getUserSession(request);
105	0	BackdoorForm backdoorForm = (BackdoorForm) form;
106
107		//if backdoor Id is empty or equal to currently logged in user, clear backdoor id
108	0	if (uSession.isBackdoorInUse() &&
109		(StringUtils.isEmpty(backdoorForm.getBackdoorId())
110		\|\| uSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
111	0	return logout(mapping, form, request, response);
112		}
113
114		try {
115	0	uSession.setBackdoorUser(backdoorForm.getBackdoorId());
116	0	} catch (RiceRuntimeException e) {
117	0	LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
118	0	request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
119	0	return mapping.findForward("portal");
120	0	}
121
122	0	setFormGroupPermission(backdoorForm, request);
123
124	0	return mapping.findForward("portal");
125		}
126
127		private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
128		// based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
129		// split this single action up and I can't pass the methodToCall to the permission check
130	0	AttributeSet permissionDetails = new AttributeSet();
131	0	permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
132	0	permissionDetails.put(KimConstants.AttributeConstants.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
133	0	boolean isAdmin = KimApiServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KNSConstants.KNS_NAMESPACE, KimConstants.PermissionTemplateNames.USE_SCREEN, permissionDetails, new AttributeSet());
134	0	backdoorForm.setIsAdmin(isAdmin);
135	0	}
136
137		public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
138	0	BackdoorForm backdoorForm = (BackdoorForm) form;
139
140	0	Boolean showBackdoorLogin = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean(KEWConstants.KEW_NAMESPACE, KNSConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
141	0	backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
142	0	setFormGroupPermission(backdoorForm, request);
143	0	if (backdoorForm.getGraphic() != null) {
144	0	request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
145		}
146	0	}
147
148		public static UserSession getUserSession(HttpServletRequest request) {
149	0	return GlobalVariables.getUserSession();
150		}
151		}