Coverage Report

Coverage Report - org.kuali.rice.krad.web.struts.action.BackdoorAction

Classes in this File

Line Coverage

Branch Coverage

Complexity

BackdoorAction

0/51

0/10

1.727

 /*
  * Copyright 2006-2011 The Kuali Foundation
  *
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  * http://www.opensource.org/licenses/ecl2.php
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.krad.web.struts.action;
 
 import org.apache.commons.lang.StringUtils;
 import org.apache.struts.action.ActionForm;
 import org.apache.struts.action.ActionForward;
 import org.apache.struts.action.ActionMapping;
 import org.kuali.rice.core.api.exception.RiceRuntimeException;
 import org.kuali.rice.core.api.mo.common.Attributes;
 import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
 import org.kuali.rice.core.util.AttributeSet;
 import org.kuali.rice.kew.util.KEWConstants;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.kuali.rice.kim.util.KimConstants;
 import org.kuali.rice.krad.UserSession;
 import org.kuali.rice.krad.util.GlobalVariables;
 import org.kuali.rice.krad.util.KRADConstants;
 import org.kuali.rice.krad.web.struts.form.BackdoorForm;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 
 /**
  * A Struts Action which permits a user to execute a backdoor login to masquerade
  * as another user.
  *
  * @author Kuali Rice Team (rice.collab@kuali.org)
  */
 public class BackdoorAction extends KualiAction {
 
     private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
 
     @Override
     public ActionForward execute(ActionMapping mapping, ActionForm form,
             HttpServletRequest request, HttpServletResponse response)
             throws Exception {
         this.initForm(request, form);
         return super.execute(mapping, form, request, response);
     }
 
     public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("menu");
         return mapping.findForward("basic");
     }
 
     @Override
     public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
             return portal(mapping, form, request, response);
     }
     
     public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("start");
         return portal(mapping, form, request, response);
     }
 
     public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
             LOG.debug("portal started");
             return mapping.findForward("viewPortal");
     }
 
     public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("administration");
         return mapping.findForward("administration");
     }
 
     public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("logout");
         
         String forward = "viewPortal";
         UserSession uSession = getUserSession(request);
         
         if (uSession.isBackdoorInUse()) {
             uSession.clearBackdoorUser();
             setFormGroupPermission((BackdoorForm)form, request);
             //request.setAttribute("reloadPage","true");
             
             org.kuali.rice.krad.UserSession KnsUserSession;
             KnsUserSession = GlobalVariables.getUserSession();
             KnsUserSession.clearBackdoorUser();
         }
         else {
             forward = "logout";
         }
         
         return mapping.findForward(forward);
     }
 
     public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
         LOG.debug("login");
         UserSession uSession = getUserSession(request);
         BackdoorForm backdoorForm = (BackdoorForm) form;
 
         //if backdoor Id is empty or equal to currently logged in user, clear backdoor id
         if (uSession.isBackdoorInUse() &&
                 (StringUtils.isEmpty(backdoorForm.getBackdoorId())
                 || uSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
             return logout(mapping, form, request, response);
         }
         
         try {
                 uSession.setBackdoorUser(backdoorForm.getBackdoorId());
         } catch (RiceRuntimeException e) {
                 LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
             request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
             return mapping.findForward("portal");
         }
 
         setFormGroupPermission(backdoorForm, request);
         
         return mapping.findForward("portal");
     }
 
     private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
             // based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
             // split this single action up and I can't pass the methodToCall to the permission check
             AttributeSet permissionDetails = new AttributeSet();
             permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
             permissionDetails.put(KimConstants.AttributeConstants.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
             boolean isAdmin = KimApiServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KRADConstants.KRAD_NAMESPACE,        KimConstants.PermissionTemplateNames.USE_SCREEN, Attributes.fromMap(permissionDetails), Attributes.empty());
         backdoorForm.setIsAdmin(isAdmin);
     }
 
     public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
             BackdoorForm backdoorForm = (BackdoorForm) form;
 
             Boolean showBackdoorLogin = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean(KEWConstants.KEW_NAMESPACE, KRADConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
         backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
         setFormGroupPermission(backdoorForm, request);
         if (backdoorForm.getGraphic() != null) {
                 request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
         }
     }
 
     public static UserSession getUserSession(HttpServletRequest request) {
         return GlobalVariables.getUserSession();
     }
 }

1		/*
2		* Copyright 2006-2011 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.krad.web.struts.action;
17
18		import org.apache.commons.lang.StringUtils;
19		import org.apache.struts.action.ActionForm;
20		import org.apache.struts.action.ActionForward;
21		import org.apache.struts.action.ActionMapping;
22		import org.kuali.rice.core.api.exception.RiceRuntimeException;
23		import org.kuali.rice.core.api.mo.common.Attributes;
24		import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
25		import org.kuali.rice.core.util.AttributeSet;
26		import org.kuali.rice.kew.util.KEWConstants;
27		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
28		import org.kuali.rice.kim.util.KimConstants;
29		import org.kuali.rice.krad.UserSession;
30		import org.kuali.rice.krad.util.GlobalVariables;
31		import org.kuali.rice.krad.util.KRADConstants;
32		import org.kuali.rice.krad.web.struts.form.BackdoorForm;
33
34		import javax.servlet.http.HttpServletRequest;
35		import javax.servlet.http.HttpServletResponse;
36
37
38		/**
39		* A Struts Action which permits a user to execute a backdoor login to masquerade
40		* as another user.
41		*
42		* @author Kuali Rice Team (rice.collab@kuali.org)
43		*/
44	0	public class BackdoorAction extends KualiAction {
45
46	0	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(BackdoorAction.class);
47
48		@Override
49		public ActionForward execute(ActionMapping mapping, ActionForm form,
50		HttpServletRequest request, HttpServletResponse response)
51		throws Exception {
52	0	this.initForm(request, form);
53	0	return super.execute(mapping, form, request, response);
54		}
55
56		public ActionForward menu(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
57	0	LOG.debug("menu");
58	0	return mapping.findForward("basic");
59		}
60
61		@Override
62		public ActionForward refresh(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
63	0	return portal(mapping, form, request, response);
64		}
65
66		public ActionForward start(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
67	0	LOG.debug("start");
68	0	return portal(mapping, form, request, response);
69		}
70
71		public ActionForward portal(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception{
72	0	LOG.debug("portal started");
73	0	return mapping.findForward("viewPortal");
74		}
75
76		public ActionForward administration(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
77	0	LOG.debug("administration");
78	0	return mapping.findForward("administration");
79		}
80
81		public ActionForward logout(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
82	0	LOG.debug("logout");
83
84	0	String forward = "viewPortal";
85	0	UserSession uSession = getUserSession(request);
86
87	0	if (uSession.isBackdoorInUse()) {
88	0	uSession.clearBackdoorUser();
89	0	setFormGroupPermission((BackdoorForm)form, request);
90		//request.setAttribute("reloadPage","true");
91
92		org.kuali.rice.krad.UserSession KnsUserSession;
93	0	KnsUserSession = GlobalVariables.getUserSession();
94	0	KnsUserSession.clearBackdoorUser();
95	0	}
96		else {
97	0	forward = "logout";
98		}
99
100	0	return mapping.findForward(forward);
101		}
102
103		public ActionForward login(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
104	0	LOG.debug("login");
105	0	UserSession uSession = getUserSession(request);
106	0	BackdoorForm backdoorForm = (BackdoorForm) form;
107
108		//if backdoor Id is empty or equal to currently logged in user, clear backdoor id
109	0	if (uSession.isBackdoorInUse() &&
110		(StringUtils.isEmpty(backdoorForm.getBackdoorId())
111		\|\| uSession.getLoggedInUserPrincipalName().equals(backdoorForm.getBackdoorId()))) {
112	0	return logout(mapping, form, request, response);
113		}
114
115		try {
116	0	uSession.setBackdoorUser(backdoorForm.getBackdoorId());
117	0	} catch (RiceRuntimeException e) {
118	0	LOG.warn("invalid backdoor id " + backdoorForm.getBackdoorId(), e);
119	0	request.setAttribute("badbackdoor", "Invalid backdoor Id given '" + backdoorForm.getBackdoorId() + "'");
120	0	return mapping.findForward("portal");
121	0	}
122
123	0	setFormGroupPermission(backdoorForm, request);
124
125	0	return mapping.findForward("portal");
126		}
127
128		private void setFormGroupPermission(BackdoorForm backdoorForm, HttpServletRequest request) {
129		// based on whether or not they have permission to use the fictional "AdministrationAction", kind of a hack for now since I don't have time to
130		// split this single action up and I can't pass the methodToCall to the permission check
131	0	AttributeSet permissionDetails = new AttributeSet();
132	0	permissionDetails.put(KimConstants.AttributeConstants.NAMESPACE_CODE, KEWConstants.KEW_NAMESPACE);
133	0	permissionDetails.put(KimConstants.AttributeConstants.ACTION_CLASS, "org.kuali.rice.kew.web.backdoor.AdministrationAction");
134	0	boolean isAdmin = KimApiServiceLocator.getIdentityManagementService().isAuthorizedByTemplateName(getUserSession(request).getPrincipalId(), KRADConstants.KRAD_NAMESPACE, KimConstants.PermissionTemplateNames.USE_SCREEN, Attributes.fromMap(permissionDetails), Attributes.empty());
135	0	backdoorForm.setIsAdmin(isAdmin);
136	0	}
137
138		public void initForm(HttpServletRequest request, ActionForm form) throws Exception {
139	0	BackdoorForm backdoorForm = (BackdoorForm) form;
140
141	0	Boolean showBackdoorLogin = CoreFrameworkServiceLocator.getParameterService().getParameterValueAsBoolean(KEWConstants.KEW_NAMESPACE, KRADConstants.DetailTypes.BACKDOOR_DETAIL_TYPE, KEWConstants.SHOW_BACK_DOOR_LOGIN_IND);
142	0	backdoorForm.setShowBackdoorLogin(showBackdoorLogin);
143	0	setFormGroupPermission(backdoorForm, request);
144	0	if (backdoorForm.getGraphic() != null) {
145	0	request.getSession().setAttribute("showGraphic", backdoorForm.getGraphic());
146		}
147	0	}
148
149		public static UserSession getUserSession(HttpServletRequest request) {
150	0	return GlobalVariables.getUserSession();
151		}
152		}