Coverage Report - org.kuali.rice.kns.util.WebUtils
 
Classes in this File Line Coverage Branch Coverage Complexity
WebUtils
0%
0/313
0%
0/160
3.256
 
 1   
 /*
 2   
  * Copyright 2006-2011 The Kuali Foundation
 3   
  *
 4   
  * Licensed under the Educational Community License, Version 2.0 (the "License");
 5   
  * you may not use this file except in compliance with the License.
 6   
  * You may obtain a copy of the License at
 7   
  *
 8   
  * http://www.opensource.org/licenses/ecl2.php
 9   
  *
 10   
  * Unless required by applicable law or agreed to in writing, software
 11   
  * distributed under the License is distributed on an "AS IS" BASIS,
 12   
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 13   
  * See the License for the specific language governing permissions and
 14   
  * limitations under the License.
 15   
  */
 16   
 
 17   
 package org.kuali.rice.kns.util;
 18   
 
 19   
 import org.apache.commons.lang.StringEscapeUtils;
 20   
 import org.apache.commons.lang.StringUtils;
 21   
 import org.apache.log4j.Level;
 22   
 import org.apache.log4j.Logger;
 23   
 import org.apache.struts.Globals;
 24   
 import org.apache.struts.action.ActionForm;
 25   
 import org.apache.struts.action.ActionMapping;
 26   
 import org.apache.struts.action.ActionServletWrapper;
 27   
 import org.apache.struts.upload.CommonsMultipartRequestHandler;
 28   
 import org.apache.struts.upload.FormFile;
 29   
 import org.apache.struts.upload.MultipartRequestHandler;
 30   
 import org.apache.struts.upload.MultipartRequestWrapper;
 31   
 import org.kuali.rice.core.api.config.property.ConfigurationService;
 32   
 import org.kuali.rice.core.framework.parameter.ParameterConstants;
 33   
 import org.kuali.rice.core.framework.parameter.ParameterService;
 34   
 import org.kuali.rice.core.framework.services.CoreFrameworkServiceLocator;
 35   
 import org.kuali.rice.core.util.RiceKeyConstants;
 36   
 import org.kuali.rice.kns.UserSession;
 37   
 import org.kuali.rice.kns.datadictionary.AttributeDefinition;
 38   
 import org.kuali.rice.kns.datadictionary.AttributeSecurity;
 39   
 import org.kuali.rice.kns.datadictionary.DataDictionary;
 40   
 import org.kuali.rice.kns.datadictionary.DataDictionaryEntryBase;
 41   
 import org.kuali.rice.kns.datadictionary.DocumentEntry;
 42   
 import org.kuali.rice.kns.datadictionary.mask.MaskFormatter;
 43   
 import org.kuali.rice.kns.document.Document;
 44   
 import org.kuali.rice.kns.document.authorization.DocumentAuthorizer;
 45   
 import org.kuali.rice.kns.exception.FileUploadLimitExceededException;
 46   
 import org.kuali.rice.kns.exception.ValidationException;
 47   
 import org.kuali.rice.kns.service.BusinessObjectAuthorizationService;
 48   
 import org.kuali.rice.kns.service.KNSServiceLocator;
 49   
 import org.kuali.rice.kns.service.KNSServiceLocatorWeb;
 50   
 import org.kuali.rice.kns.web.struts.action.KualiMultipartRequestHandler;
 51   
 import org.kuali.rice.kns.web.struts.form.KualiDocumentFormBase;
 52   
 import org.kuali.rice.kns.web.struts.form.KualiForm;
 53   
 import org.kuali.rice.kns.web.struts.form.KualiMaintenanceForm;
 54   
 import org.kuali.rice.kns.web.struts.pojo.PojoFormBase;
 55   
 
 56   
 import javax.servlet.ServletException;
 57   
 import javax.servlet.http.HttpServletRequest;
 58   
 import javax.servlet.http.HttpServletResponse;
 59   
 import javax.servlet.http.HttpSession;
 60   
 import javax.servlet.jsp.PageContext;
 61   
 import java.io.ByteArrayOutputStream;
 62   
 import java.io.IOException;
 63   
 import java.io.InputStream;
 64   
 import java.io.OutputStream;
 65   
 import java.util.Arrays;
 66   
 import java.util.Collection;
 67   
 import java.util.Enumeration;
 68   
 import java.util.HashMap;
 69   
 import java.util.Hashtable;
 70   
 import java.util.Iterator;
 71   
 import java.util.List;
 72   
 import java.util.Map;
 73   
 import java.util.Set;
 74   
 import java.util.regex.Matcher;
 75   
 import java.util.regex.Pattern;
 76   
 
 77   
 /**
 78   
  * General helper methods for handling requests.
 79   
  */
 80   
 public final class WebUtils {
 81  0 
     private static final Logger LOG = Logger.getLogger(WebUtils.class);
 82   
 
 83   
     private static final String IMAGE_COORDINATE_CLICKED_X_EXTENSION = ".x";
 84   
     private static final String IMAGE_COORDINATE_CLICKED_Y_EXTENSION = ".y";
 85   
 
 86   
     private static final String APPLICATION_IMAGE_URL_PROPERTY_PREFIX = "application.custom.image.url";
 87   
     private static final String DEFAULT_IMAGE_URL_PROPERTY_NAME = "kr.externalizable.images.url";
 88   
 
 89   
     /**
 90   
      * A request attribute name that indicates that a {@link FileUploadLimitExceededException} has already been thrown for the request.
 91   
      */
 92   
     public static final String FILE_UPLOAD_LIMIT_EXCEEDED_EXCEPTION_ALREADY_THROWN = "fileUploadLimitExceededExceptionAlreadyThrown";
 93   
 
 94  0 
     private WebUtils() {
 95  0 
         throw new UnsupportedOperationException("do not call");
 96   
     }
 97   
 
 98   
     private static ConfigurationService configurationService;
 99   
 
 100   
     /**
 101   
      * Checks for methodToCall parameter, and picks off the value using set dot notation. Handles the problem of image submits.
 102   
      *
 103   
      * @param request
 104   
      * @return methodToCall String
 105   
      */
 106   
     public static String parseMethodToCall(ActionForm form, HttpServletRequest request) {
 107  0 
         String methodToCall = null;
 108   
 
 109   
         // check if is specified cleanly
 110  0 
         if (StringUtils.isNotBlank(request.getParameter(KNSConstants.DISPATCH_REQUEST_PARAMETER))) {
 111  0 
             if (form instanceof KualiForm && !((KualiForm) form).shouldMethodToCallParameterBeUsed(KNSConstants.DISPATCH_REQUEST_PARAMETER,
 112   
                     request.getParameter(KNSConstants.DISPATCH_REQUEST_PARAMETER), request)) {
 113  0 
                 throw new RuntimeException("Cannot verify that the methodToCall should be " + request.getParameter(KNSConstants.DISPATCH_REQUEST_PARAMETER));
 114   
             }
 115  0 
             methodToCall = request.getParameter(KNSConstants.DISPATCH_REQUEST_PARAMETER);
 116   
             // include .x at the end of the parameter to make it consistent w/ other parameters
 117  0 
             request.setAttribute(KNSConstants.METHOD_TO_CALL_ATTRIBUTE, KNSConstants.DISPATCH_REQUEST_PARAMETER + "." + methodToCall + IMAGE_COORDINATE_CLICKED_X_EXTENSION);
 118   
         }
 119   
 
 120   
         /**
 121   
          * The reason why we are checking for a ".x" at the end of the parameter name:
 122   
          * It is for the image names that in addition to sending the form data,
 123   
          * the web browser sends the x,y coordinate of where the user clicked on the image.
 124   
          * If the image input is not given a name then the browser sends the x and y coordinates as the "x" and "y" input fields.
 125   
          * If the input image does have a name, the x and y coordinates are sent using the format name.x and name.y.
 126   
          */
 127  0 
         if (methodToCall == null) {
 128   
             // iterate through parameters looking for methodToCall
 129  0 
             for (Enumeration i = request.getParameterNames(); i.hasMoreElements();) {
 130  0 
                 String parameterName = (String) i.nextElement();
 131   
 
 132   
                 // check if the parameter name is a specifying the methodToCall
 133  0 
                 if (isMethodToCall(parameterName)) {
 134  0 
                     methodToCall = getMethodToCallSettingAttribute(form, request, parameterName);
 135  0 
                     break;
 136   
                 } else {
 137   
                     // KULRICE-1218: Check if the parameter's values match (not just the name)
 138  0 
                     for (String value : request.getParameterValues(parameterName)) {
 139   
                         //adding period to startsWith check - don't want to get confused with methodToCallFoobar
 140  0 
                         if (isMethodToCall(value)) {
 141  0 
                             methodToCall = getMethodToCallSettingAttribute(form, request, value);
 142   
                             //why is there not a break outer loop here?
 143   
                         }
 144   
                     }
 145   
                 }
 146  0 
             }
 147   
         }
 148   
 
 149  0 
         return methodToCall;
 150   
     }
 151   
 
 152   
     /**
 153   
      * gets the UserSession object from the HttpServletRequest object's associated session.
 154   
      * <p/>
 155   
      * <p>
 156   
      * In some cases (different threads) the UserSession cannot be retrieved from
 157   
      * GlobalVariables but can still be accessed via the session object
 158   
      * </p>
 159   
      */
 160   
     public static final UserSession getUserSessionFromRequest(HttpServletRequest request) {
 161  0 
         return (UserSession) request.getSession().getAttribute(KNSConstants.USER_SESSION_KEY);
 162   
     }
 163   
 
 164   
     /**
 165   
      * Checks if a string signifies a methodToCall string
 166   
      *
 167   
      * @param string the string to check
 168   
      * @return true if is a methodToCall
 169   
      */
 170   
     private static boolean isMethodToCall(String string) {
 171   
         //adding period to startsWith check - don't want to get confused with methodToCallFoobar
 172  0 
         return string.startsWith(KNSConstants.DISPATCH_REQUEST_PARAMETER + ".");
 173   
     }
 174   
 
 175   
     /**
 176   
      * Parses out the methodToCall command and also sets the request attribute for the methodToCall.
 177   
      *
 178   
      * @param form    the ActionForm
 179   
      * @param request the request to set the attribute on
 180   
      * @param string  the methodToCall string
 181   
      * @return the methodToCall command
 182   
      */
 183   
     private static String getMethodToCallSettingAttribute(ActionForm form, HttpServletRequest request, String string) {
 184   
 
 185  0 
         if (form instanceof ActionForm && !((KualiForm) form).shouldMethodToCallParameterBeUsed(string, request.getParameter(string), request)) {
 186  0 
             throw new RuntimeException("Cannot verify that the methodToCall should be " + string);
 187   
         }
 188   
         //always adding a coordinate even if not an image
 189  0 
         final String attributeValue = endsWithCoordinates(string) ? string : string + IMAGE_COORDINATE_CLICKED_X_EXTENSION;
 190  0 
         final String methodToCall = StringUtils.substringBetween(attributeValue, KNSConstants.DISPATCH_REQUEST_PARAMETER + ".", ".");
 191  0 
         request.setAttribute(KNSConstants.METHOD_TO_CALL_ATTRIBUTE, attributeValue);
 192  0 
         return methodToCall;
 193   
     }
 194   
 
 195   
     /**
 196   
      * Iterates through and logs (at the given level) all attributes and parameters of the given request onto the given Logger
 197   
      *
 198   
      * @param request
 199   
      * @param logger
 200   
      */
 201   
     public static void logRequestContents(Logger logger, Level level, HttpServletRequest request) {
 202  0 
         if (logger.isEnabledFor(level)) {
 203  0 
             logger.log(level, "--------------------");
 204  0 
             logger.log(level, "HttpRequest attributes:");
 205  0 
             for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) {
 206  0 
                 String attrName = (String) e.nextElement();
 207  0 
                 Object attrValue = request.getAttribute(attrName);
 208   
 
 209  0 
                 if (attrValue.getClass().isArray()) {
 210  0 
                     logCollection(logger, level, attrName, Arrays.asList((Object[]) attrValue));
 211  0 
                 } else if (attrValue instanceof Collection) {
 212  0 
                     logCollection(logger, level, attrName, (Collection) attrValue);
 213  0 
                 } else if (attrValue instanceof Map) {
 214  0 
                     logMap(logger, level, attrName, (Map) attrValue);
 215   
                 } else {
 216  0 
                     logObject(logger, level, attrName, attrValue);
 217   
                 }
 218  0 
             }
 219   
 
 220  0 
             logger.log(level, "--------------------");
 221  0 
             logger.log(level, "HttpRequest parameters:");
 222  0 
             for (Enumeration i = request.getParameterNames(); i.hasMoreElements();) {
 223  0 
                 String paramName = (String) i.nextElement();
 224  0 
                 String[] paramValues = (String[]) request.getParameterValues(paramName);
 225   
 
 226  0 
                 logArray(logger, level, paramName, paramValues);
 227  0 
             }
 228   
 
 229  0 
             logger.log(level, "--------------------");
 230   
         }
 231  0 
     }
 232   
 
 233   
 
 234   
     private static void logArray(Logger logger, Level level, String arrayName, Object[] array) {
 235  0 
         StringBuffer value = new StringBuffer("[");
 236  0 
         for (int i = 0; i < array.length; ++i) {
 237  0 
             if (i > 0) {
 238  0 
                 value.append(",");
 239   
             }
 240  0 
             value.append(array[i]);
 241   
         }
 242  0 
         value.append("]");
 243   
 
 244  0 
         logThing(logger, level, arrayName, value);
 245  0 
     }
 246   
 
 247   
     private static void logCollection(Logger logger, Level level, String collectionName, Collection c) {
 248  0 
         StringBuffer value = new StringBuffer("{");
 249  0 
         for (Iterator i = c.iterator(); i.hasNext();) {
 250  0 
             value.append(i.next());
 251  0 
             if (i.hasNext()) {
 252  0 
                 value.append(",");
 253   
             }
 254   
         }
 255  0 
         value.append("}");
 256   
 
 257  0 
         logThing(logger, level, collectionName, value);
 258  0 
     }
 259   
 
 260   
     private static void logMap(Logger logger, Level level, String mapName, Map m) {
 261  0 
         StringBuffer value = new StringBuffer("{");
 262  0 
         for (Iterator i = m.entrySet().iterator(); i.hasNext();) {
 263  0 
             Map.Entry e = (Map.Entry) i.next();
 264  0 
             value.append("('" + e.getKey() + "','" + e.getValue() + "')");
 265  0 
         }
 266  0 
         value.append("}");
 267   
 
 268  0 
         logThing(logger, level, mapName, value);
 269  0 
     }
 270   
 
 271   
     private static void logObject(Logger logger, Level level, String objectName, Object o) {
 272  0 
         logThing(logger, level, objectName, "'" + o + "'");
 273  0 
     }
 274   
 
 275   
     private static void logThing(Logger logger, Level level, String thingName, Object thing) {
 276  0 
         logger.log(level, "    '" + thingName + "' => " + thing);
 277  0 
     }
 278   
 
 279   
     /**
 280   
      * A file that is not of type text/plain or text/html can be output through the response using this method.
 281   
      *
 282   
      * @param response
 283   
      * @param contentType
 284   
      * @param byteArrayOutputStream
 285   
      * @param fileName
 286   
      */
 287   
     public static void saveMimeOutputStreamAsFile(HttpServletResponse response, String contentType, ByteArrayOutputStream byteArrayOutputStream, String fileName) throws IOException {
 288   
 
 289   
         // set response
 290  0 
         response.setContentType(contentType);
 291  0 
         response.setHeader("Content-disposition", "attachment; filename=" + fileName);
 292  0 
         response.setHeader("Expires", "0");
 293  0 
         response.setHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
 294  0 
         response.setHeader("Pragma", "public");
 295  0 
         response.setContentLength(byteArrayOutputStream.size());
 296   
 
 297   
         // write to output
 298  0 
         OutputStream outputStream = response.getOutputStream();
 299  0 
         byteArrayOutputStream.writeTo(response.getOutputStream());
 300  0 
         outputStream.flush();
 301  0 
         outputStream.close();
 302  0 
     }
 303   
 
 304   
     /**
 305   
      * A file that is not of type text/plain or text/html can be output through the response using this method.
 306   
      *
 307   
      * @param response
 308   
      * @param contentType
 309   
      * @param inStream
 310   
      * @param fileName
 311   
      * @param fileSize
 312   
      */
 313   
     public static void saveMimeInputStreamAsFile(HttpServletResponse response, String contentType, InputStream inStream, String fileName, int fileSize) throws IOException {
 314   
 
 315   
         // set response
 316  0 
         response.setContentType(contentType);
 317  0 
         response.setHeader("Content-disposition", "attachment; filename=" + fileName);
 318  0 
         response.setHeader("Expires", "0");
 319  0 
         response.setHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
 320  0 
         response.setHeader("Pragma", "public");
 321  0 
         response.setContentLength(fileSize);
 322   
 
 323   
         // write to output
 324  0 
         OutputStream out = response.getOutputStream();
 325  0 
         while (inStream.available() > 0) {
 326  0 
             out.write(inStream.read());
 327   
         }
 328  0 
         out.flush();
 329  0 
     }
 330   
 
 331   
     /**
 332   
      * JSTL function to return the tab state of the tab from the form.
 333   
      *
 334   
      * @param form
 335   
      * @param tabKey
 336   
      * @return
 337   
      */
 338   
     public static String getTabState(KualiForm form, String tabKey) {
 339  0 
         return form.getTabState(tabKey);
 340   
     }
 341   
 
 342   
     public static void incrementTabIndex(KualiForm form, String tabKey) {
 343  0 
         form.incrementTabIndex();
 344  0 
     }
 345   
 
 346   
     /**
 347   
      * Generates a String from the title that can be used as a Map key.
 348   
      *
 349   
      * @param tabTitle
 350   
      * @return
 351   
      */
 352   
     public static String generateTabKey(String tabTitle) {
 353  0 
         String key = "";
 354  0 
         if (!StringUtils.isBlank(tabTitle)) {
 355  0 
             key = tabTitle.replaceAll("\\W", "");
 356   
 //            if (key.length() > 25) {
 357   
 //                key = key.substring(0, 24);
 358   
 //            }
 359   
         }
 360   
 
 361  0 
         return key;
 362   
     }
 363   
 
 364   
     public static void getMultipartParameters(HttpServletRequest request, ActionServletWrapper servletWrapper, ActionForm form, ActionMapping mapping) {
 365  0 
         Map params = new HashMap();
 366   
 
 367   
         // Get the ActionServletWrapper from the form bean
 368   
         //ActionServletWrapper servletWrapper = getServletWrapper();
 369   
 
 370   
         try {
 371  0 
             CommonsMultipartRequestHandler multipartHandler = new CommonsMultipartRequestHandler();
 372  0 
             if (multipartHandler != null) {
 373   
                 // Set servlet and mapping info
 374  0 
                 if (servletWrapper != null) {
 375   
                     // from pojoformbase
 376   
                     // servlet only affects tempdir on local disk
 377  0 
                     servletWrapper.setServletFor(multipartHandler);
 378   
                 }
 379  0 
                 multipartHandler.setMapping((ActionMapping) request.getAttribute(Globals.MAPPING_KEY));
 380   
                 // Initialize multipart request class handler
 381  0 
                 multipartHandler.handleRequest(request);
 382   
 
 383  0 
                 Collection<FormFile> files = multipartHandler.getFileElements().values();
 384  0 
                 Enumeration keys = multipartHandler.getFileElements().keys();
 385   
 
 386   
 
 387  0 
                 while (keys.hasMoreElements()) {
 388  0 
                     Object key = keys.nextElement();
 389  0 
                     FormFile file = (FormFile) multipartHandler.getFileElements().get(key);
 390  0 
                     long maxSize = WebUtils.getMaxUploadSize(form);
 391  0 
                     if (LOG.isDebugEnabled()) {
 392  0 
                         LOG.debug(file.getFileSize());
 393   
                     }
 394  0 
                     if (maxSize > 0 && Long.parseLong(file.getFileSize() + "") > maxSize) {
 395   
 
 396  0 
                         GlobalVariables.getMessageMap().putError(key.toString(),
 397   
                                 RiceKeyConstants.ERROR_UPLOADFILE_SIZE,
 398   
                                 new String[]{
 399   
                                         file.getFileName(), Long.toString(maxSize)});
 400   
 
 401   
                     }
 402  0 
                 }
 403   
 
 404   
                 // get file elements for kualirequestprocessor
 405  0 
                 if (servletWrapper == null) {
 406  0 
                     request.setAttribute(KNSConstants.UPLOADED_FILE_REQUEST_ATTRIBUTE_KEY, getFileParametersForMultipartRequest(request, multipartHandler));
 407   
                 }
 408   
             }
 409  0 
         } catch (ServletException e) {
 410  0 
             throw new ValidationException("unable to handle multipart request " + e.getMessage(), e);
 411  0 
         }
 412  0 
     }
 413   
 
 414   
     public static long getMaxUploadSize(ActionForm form) {
 415  0 
         long max = 0L;
 416  0 
         KualiMultipartRequestHandler multipartHandler = new KualiMultipartRequestHandler();
 417  0 
         if (form instanceof PojoFormBase) {
 418  0 
             max = multipartHandler.calculateMaxUploadSizeToMaxOfList(((PojoFormBase) form).getMaxUploadSizes());
 419   
         }
 420  0 
         if (LOG.isDebugEnabled()) {
 421  0 
             LOG.debug("Max File Upload Size: " + max);
 422   
         }
 423  0 
         return max;
 424   
     }
 425   
 
 426   
     private static Map getFileParametersForMultipartRequest(HttpServletRequest request, MultipartRequestHandler multipartHandler) {
 427  0 
         Map parameters = new HashMap();
 428  0 
         Hashtable elements = multipartHandler.getFileElements();
 429  0 
         Enumeration e = elements.keys();
 430  0 
         while (e.hasMoreElements()) {
 431  0 
             String key = (String) e.nextElement();
 432  0 
             parameters.put(key, elements.get(key));
 433  0 
         }
 434   
 
 435  0 
         if (request instanceof MultipartRequestWrapper) {
 436  0 
             request = (HttpServletRequest) ((MultipartRequestWrapper) request).getRequest();
 437  0 
             e = request.getParameterNames();
 438  0 
             while (e.hasMoreElements()) {
 439  0 
                 String key = (String) e.nextElement();
 440  0 
                 parameters.put(key, request.getParameterValues(key));
 441  0 
             }
 442   
         } else {
 443  0 
             LOG.debug("Gathering multipart parameters for unwrapped request");
 444   
         }
 445  0 
         return parameters;
 446   
     }
 447   
 
 448   
 
 449   
     // end multipart
 450   
 
 451   
     public static void registerEditableProperty(PojoFormBase form, String editablePropertyName) {
 452  0 
         form.registerEditableProperty(editablePropertyName);
 453  0 
     }
 454   
 
 455   
     public static boolean isDocumentSession(Document document, PojoFormBase docForm) {
 456  0 
         boolean sessionDoc = document instanceof org.kuali.rice.kns.document.SessionDocument;
 457  0 
         boolean dataDictionarySessionDoc = false;
 458  0 
         if (!sessionDoc) {
 459  0 
             DocumentEntry documentEntry = null;
 460  0 
             DataDictionary dataDictionary = KNSServiceLocatorWeb.getDataDictionaryService().getDataDictionary();
 461  0 
             if (docForm instanceof KualiMaintenanceForm) {
 462  0 
                 KualiMaintenanceForm maintenanceForm = (KualiMaintenanceForm) docForm;
 463  0 
                 if (dataDictionary != null) {
 464  0 
                     if (maintenanceForm.getDocTypeName() != null) {
 465  0 
                         documentEntry = dataDictionary.getDocumentEntry(maintenanceForm.getDocTypeName());
 466  0 
                         dataDictionarySessionDoc = documentEntry.isSessionDocument();
 467   
                     }
 468   
                 }
 469  0 
             } else {
 470  0 
                 if (document != null && dataDictionary != null) {
 471  0 
                     documentEntry = dataDictionary.getDocumentEntry(document.getClass().getName());
 472  0 
                     dataDictionarySessionDoc = documentEntry.isSessionDocument();
 473   
                 }
 474   
             }
 475   
         }
 476  0 
         return sessionDoc || dataDictionarySessionDoc;
 477   
     }
 478   
 
 479   
     public static boolean isFormSessionDocument(PojoFormBase form) {
 480  0 
         Document document = null;
 481  0 
         if (KualiDocumentFormBase.class.isAssignableFrom(form.getClass())) {
 482  0 
             KualiDocumentFormBase docForm = (KualiDocumentFormBase) form;
 483  0 
             document = docForm.getDocument();
 484   
         }
 485  0 
         return isDocumentSession(document, form);
 486   
     }
 487   
 
 488  0 
     public static String KEY_KUALI_FORM_IN_SESSION = "KualiForm";
 489   
 
 490   
     public static ActionForm getKualiForm(PageContext pageContext) {
 491  0 
         return getKualiForm((HttpServletRequest) pageContext.getRequest());
 492   
     }
 493   
 
 494   
     public static ActionForm getKualiForm(HttpServletRequest request) {
 495  0 
         if (request.getAttribute(KEY_KUALI_FORM_IN_SESSION) != null) {
 496  0 
             return (ActionForm) request.getAttribute(KEY_KUALI_FORM_IN_SESSION);
 497   
         } else {
 498  0 
             final HttpSession session = request.getSession(false);
 499  0 
             return session != null ? (ActionForm) session.getAttribute(KEY_KUALI_FORM_IN_SESSION) : null;
 500   
         }
 501   
     }
 502   
 
 503   
     public static boolean isPropertyEditable(Set<String> editableProperties, String propertyName) {
 504  0 
         if (LOG.isDebugEnabled()) {
 505  0 
             LOG.debug("isPropertyEditable(" + propertyName + ")");
 506   
         }
 507   
 
 508  0 
         boolean returnVal = editableProperties == null || editableProperties.contains(propertyName) ||
 509   
                 (getIndexOfCoordinateExtension(propertyName) == -1 ? false :
 510   
                         editableProperties.contains(
 511   
                                 propertyName.substring(0, getIndexOfCoordinateExtension(propertyName))));
 512  0 
         if (!returnVal) {
 513  0 
             if (LOG.isDebugEnabled()) {
 514  0 
                 LOG.debug("isPropertyEditable(" + propertyName + ") == false / editableProperties: " + editableProperties);
 515   
             }
 516   
         }
 517  0 
         return returnVal;
 518   
     }
 519   
 
 520   
     public static boolean endsWithCoordinates(String parameter) {
 521  0 
         return parameter.endsWith(WebUtils.IMAGE_COORDINATE_CLICKED_X_EXTENSION) ||
 522   
                 parameter.endsWith(WebUtils.IMAGE_COORDINATE_CLICKED_Y_EXTENSION);
 523   
     }
 524   
 
 525   
     public static int getIndexOfCoordinateExtension(String parameter) {
 526  0 
         int indexOfCoordinateExtension = parameter.lastIndexOf(WebUtils.IMAGE_COORDINATE_CLICKED_X_EXTENSION);
 527  0 
         if (indexOfCoordinateExtension == -1)
 528  0 
             indexOfCoordinateExtension = parameter.lastIndexOf(WebUtils.IMAGE_COORDINATE_CLICKED_Y_EXTENSION);
 529  0 
         return indexOfCoordinateExtension;
 530   
     }
 531   
 
 532   
 
 533   
     public static boolean isInquiryHiddenField(String className, String fieldName, Object formObject, String propertyName) {
 534  0 
             boolean isHidden = false;
 535  0 
             String hiddenInquiryFields = getKualiConfigurationService().getPropertyString(className+".hidden");
 536  0 
             if (StringUtils.isEmpty(hiddenInquiryFields)) {
 537  0 
                     return isHidden;
 538   
             }
 539  0 
             List hiddenFields = Arrays.asList(hiddenInquiryFields.replaceAll(" ", "").split(","));
 540  0 
             if (hiddenFields.contains(fieldName.trim())) {
 541  0 
                     isHidden = true;
 542   
             }
 543  0 
             return isHidden;
 544   
     }
 545   
 
 546   
     public static boolean isHiddenKimObjectType(String type, String configParameter) {
 547  0 
             boolean hideType = false;
 548  0 
             String hiddenTypes = getKualiConfigurationService().getPropertyString(configParameter);
 549  0 
             if (StringUtils.isEmpty(hiddenTypes)) {
 550  0 
                     return hideType;
 551   
             }
 552  0 
             List hiddenTypeValues = Arrays.asList(hiddenTypes.replaceAll(" ", "").split(","));
 553  0 
             if (hiddenTypeValues.contains(type.trim())) {
 554  0 
                     hideType = true;
 555   
             }
 556  0 
             return hideType;
 557   
     }
 558   
 
 559   
     public static String getFullyMaskedValue(String className, String fieldName, Object formObject, String propertyName) {
 560  0 
         String displayMaskValue = null;
 561  0 
         Object propertyValue = ObjectUtils.getPropertyValue(formObject, propertyName);
 562   
 
 563  0 
         DataDictionaryEntryBase entry = (DataDictionaryEntryBase) KNSServiceLocatorWeb.getDataDictionaryService().getDataDictionary().getDictionaryObjectEntry(className);
 564  0 
         AttributeDefinition a = entry.getAttributeDefinition(fieldName);
 565   
 
 566  0 
         AttributeSecurity attributeSecurity = a.getAttributeSecurity();
 567  0 
         if (attributeSecurity != null && attributeSecurity.isMask()) {
 568  0 
             MaskFormatter maskFormatter = attributeSecurity.getMaskFormatter();
 569  0 
             displayMaskValue = maskFormatter.maskValue(propertyValue);
 570   
 
 571   
         }
 572  0 
         return displayMaskValue;
 573   
     }
 574   
 
 575   
     public static String getPartiallyMaskedValue(String className, String fieldName, Object formObject, String propertyName) {
 576  0 
         String displayMaskValue = null;
 577  0 
         Object propertyValue = ObjectUtils.getPropertyValue(formObject, propertyName);
 578   
 
 579  0 
         DataDictionaryEntryBase entry = (DataDictionaryEntryBase) KNSServiceLocatorWeb.getDataDictionaryService().getDataDictionary().getDictionaryObjectEntry(className);
 580  0 
         AttributeDefinition a = entry.getAttributeDefinition(fieldName);
 581   
 
 582  0 
         AttributeSecurity attributeSecurity = a.getAttributeSecurity();
 583  0 
         if (attributeSecurity != null && attributeSecurity.isPartialMask()) {
 584  0 
             MaskFormatter partialMaskFormatter = attributeSecurity.getPartialMaskFormatter();
 585  0 
             displayMaskValue = partialMaskFormatter.maskValue(propertyValue);
 586   
 
 587   
         }
 588  0 
         return displayMaskValue;
 589   
     }
 590   
 
 591   
     public static boolean canFullyUnmaskField(String businessObjectClassName, String fieldName, KualiForm form) {
 592  0 
         Class businessObjClass = null;
 593  0 
         BusinessObjectAuthorizationService boAuthZService = KNSServiceLocatorWeb.getBusinessObjectAuthorizationService();
 594   
         try {
 595  0 
             businessObjClass = Class.forName(businessObjectClassName);
 596  0 
         } catch (Exception e) {
 597  0 
             throw new RuntimeException("Unable to resolve class name: " + businessObjectClassName);
 598  0 
         }
 599  0 
         if (form instanceof KualiDocumentFormBase) {
 600  0 
             return boAuthZService.canFullyUnmaskField(GlobalVariables.getUserSession().getPerson(),
 601   
                     businessObjClass, fieldName, ((KualiDocumentFormBase) form).getDocument());
 602   
         } else {
 603  0 
             return boAuthZService.canFullyUnmaskField(GlobalVariables.getUserSession().getPerson(),
 604   
                     businessObjClass, fieldName, null);
 605   
         }
 606   
     }
 607   
 
 608   
     public static boolean canPartiallyUnmaskField(String businessObjectClassName, String fieldName, KualiForm form) {
 609  0 
         Class businessObjClass = null;
 610  0 
         BusinessObjectAuthorizationService boAuthZService = KNSServiceLocatorWeb.getBusinessObjectAuthorizationService();
 611   
         try {
 612  0 
             businessObjClass = Class.forName(businessObjectClassName);
 613  0 
         } catch (Exception e) {
 614  0 
             throw new RuntimeException("Unable to resolve class name: " + businessObjectClassName);
 615  0 
         }
 616  0 
         if (form instanceof KualiDocumentFormBase) {
 617  0 
             return boAuthZService.canPartiallyUnmaskField(GlobalVariables.getUserSession().getPerson(),
 618   
                     businessObjClass, fieldName, ((KualiDocumentFormBase) form).getDocument());
 619   
         } else {
 620  0 
             return boAuthZService.canPartiallyUnmaskField(GlobalVariables.getUserSession().getPerson(),
 621   
                     businessObjClass, fieldName, null);
 622   
         }
 623   
     }
 624   
 
 625   
     public static boolean canAddNoteAttachment(Document document) {
 626  0 
         boolean canViewNoteAttachment = false;
 627  0 
         DocumentAuthorizer documentAuthorizer = KNSServiceLocatorWeb.getDocumentHelperService().getDocumentAuthorizer(document);
 628  0 
         canViewNoteAttachment = documentAuthorizer.canAddNoteAttachment(document, null, GlobalVariables.getUserSession().getPerson());
 629  0 
         return canViewNoteAttachment;
 630   
     }
 631   
 
 632   
     public static boolean canViewNoteAttachment(Document document, String attachmentTypeCode) {
 633  0 
         boolean canViewNoteAttachment = false;
 634  0 
         DocumentAuthorizer documentAuthorizer = KNSServiceLocatorWeb.getDocumentHelperService().getDocumentAuthorizer(document);
 635  0 
         canViewNoteAttachment = documentAuthorizer.canViewNoteAttachment(document, attachmentTypeCode, GlobalVariables.getUserSession().getPerson());
 636  0 
         return canViewNoteAttachment;
 637   
     }
 638   
 
 639   
     public static boolean canDeleteNoteAttachment(Document document, String attachmentTypeCode, String authorUniversalIdentifier) {
 640  0 
         boolean canDeleteNoteAttachment = false;
 641  0 
         DocumentAuthorizer documentAuthorizer = KNSServiceLocatorWeb.getDocumentHelperService().getDocumentAuthorizer(document);
 642  0 
         canDeleteNoteAttachment = documentAuthorizer.canDeleteNoteAttachment(document, attachmentTypeCode, "false", GlobalVariables.getUserSession().getPerson());
 643  0 
         if (canDeleteNoteAttachment) {
 644  0 
             return canDeleteNoteAttachment;
 645   
         } else {
 646  0 
             canDeleteNoteAttachment = documentAuthorizer.canDeleteNoteAttachment(document, attachmentTypeCode, "true", GlobalVariables.getUserSession().getPerson());
 647  0 
             if (canDeleteNoteAttachment && !authorUniversalIdentifier.equals(GlobalVariables.getUserSession().getPerson().getPrincipalId())) {
 648  0 
                 canDeleteNoteAttachment = false;
 649   
             }
 650   
         }
 651  0 
         return canDeleteNoteAttachment;
 652   
     }
 653   
 
 654   
     public static void reuseErrorMapFromPreviousRequest(KualiDocumentFormBase kualiDocumentFormBase) {
 655  0 
         if (kualiDocumentFormBase.getMessageMapFromPreviousRequest() == null) {
 656  0 
             LOG.error("Error map from previous request is null!");
 657  0 
             return;
 658   
         }
 659  0 
         MessageMap errorMapFromGlobalVariables = GlobalVariables.getMessageMap();
 660  0 
         if (kualiDocumentFormBase.getMessageMapFromPreviousRequest() == errorMapFromGlobalVariables) {
 661   
             // if we've switched them already, then return early and do nothing
 662  0 
             return;
 663   
         }
 664  0 
         if (!errorMapFromGlobalVariables.hasNoErrors()) {
 665  0 
             throw new RuntimeException("Cannot replace error map because it is not empty");
 666   
         }
 667  0 
         GlobalVariables.setMessageMap(kualiDocumentFormBase.getMessageMapFromPreviousRequest());
 668  0 
         GlobalVariables.getMessageMap().clearErrorPath();
 669  0 
     }
 670   
 
 671   
     /**
 672   
      * Excapes out HTML to prevent XSS attacks, and replaces the following strings to allow for a limited set of HTML tags
 673   
      * <p/>
 674   
      * <li> [X] and [/X], where X represents any 1 or 2 letter string may be used to specify the equivalent tag in HTML (i.e. &lt;X&gt; and &lt;/X&gt;)
 675   
      * <li> [font COLOR], where COLOR represents any valid html color (i.e. color name or hexcode preceeded by #) will be filtered into &lt;font color="COLOR"/&gt;
 676   
      * <li> [/font] will be filtered into &lt;/font&gt;
 677   
      * <li> [table CLASS], where CLASS gives the style class to use, will be filter into &lt;table class="CLASS"/&gt;
 678   
      * <li> [/table] will be filtered into &lt;/table&gt;
 679   
      * <li> [td CLASS], where CLASS gives the style class to use, will be filter into &lt;td class="CLASS"/&gt;
 680   
      *
 681   
      * @param inputString
 682   
      * @return
 683   
      */
 684   
     public static String filterHtmlAndReplaceRiceMarkup(String inputString) {
 685  0 
         String outputString = StringEscapeUtils.escapeHtml(inputString);
 686   
         // string has been escaped of all <, >, and & (and other characters)
 687   
 
 688  0 
         Map<String, String> findAndReplacePatterns = new HashMap<String, String>();
 689   
 
 690   
         // now replace our rice custom markup into html
 691   
 
 692   
         // DON'T ALLOW THE SCRIPT TAG OR ARBITRARY IMAGES/URLS/ETC. THROUGH
 693   
 
 694   
         // filter any one character tags
 695  0 
         findAndReplacePatterns.put("\\[([A-Za-z])\\]", "<$1>");
 696  0 
         findAndReplacePatterns.put("\\[/([A-Za-z])\\]", "</$1>");
 697   
         // filter any two character tags
 698  0 
         findAndReplacePatterns.put("\\[([A-Za-z]{2})\\]", "<$1>");
 699  0 
         findAndReplacePatterns.put("\\[/([A-Za-z]{2})\\]", "</$1>");
 700   
         // filter the font tag
 701  0 
         findAndReplacePatterns.put("\\[font (#[0-9A-Fa-f]{1,6}|[A-Za-z]+)\\]", "<font color=\"$1\">");
 702  0 
         findAndReplacePatterns.put("\\[/font\\]", "</font>");
 703   
         // filter the table tag
 704  0 
         findAndReplacePatterns.put("\\[table\\]", "<table>");
 705  0 
         findAndReplacePatterns.put("\\[table ([A-Za-z]+)\\]", "<table class=\"$1\">");
 706  0 
         findAndReplacePatterns.put("\\[/table\\]", "</table>");
 707   
         // fiter td with class
 708  0 
         findAndReplacePatterns.put("\\[td ([A-Za-z]+)\\]", "<td class=\"$1\">");
 709   
 
 710  0 
         for (String findPattern : findAndReplacePatterns.keySet()) {
 711  0 
             Pattern p = Pattern.compile(findPattern);
 712  0 
             Matcher m = p.matcher(outputString);
 713  0 
             if (m.find()) {
 714  0 
                 String replacePattern = findAndReplacePatterns.get(findPattern);
 715  0 
                 outputString = m.replaceAll(replacePattern);
 716   
             }
 717  0 
         }
 718   
 
 719  0 
         return outputString;
 720   
     }
 721   
 
 722   
     public static boolean containsSensitiveDataPatternMatch(String fieldValue) {
 723  0 
         if (StringUtils.isBlank(fieldValue)) {
 724  0 
             return false;
 725   
         }
 726  0 
         ParameterService parameterService = CoreFrameworkServiceLocator.getParameterService();
 727  0 
         Collection<String> sensitiveDataPatterns = parameterService.getParameterValuesAsString(KNSConstants.KNS_NAMESPACE, ParameterConstants.ALL_COMPONENT,
 728   
                 KNSConstants.SystemGroupParameterNames.SENSITIVE_DATA_PATTERNS);
 729  0 
         for (String pattern : sensitiveDataPatterns) {
 730  0 
             if (Pattern.compile(pattern).matcher(fieldValue).find()) {
 731  0 
                 return true;
 732   
             }
 733   
         }
 734  0 
         return false;
 735   
     }
 736   
 
 737   
     /**
 738   
      * Determines and returns the URL for question button images; looks first for a property "application.custom.image.url",
 739   
      * and if that is missing, uses the image url returned by getDefaultButtonImageUrl()
 740   
      *
 741   
      * @param imageName the name of the image to find a button for
 742   
      * @return the URL where question button images are located
 743   
      */
 744   
     public static String getButtonImageUrl(String imageName) {
 745  0 
         String buttonImageUrl = getKualiConfigurationService().getPropertyString(WebUtils.APPLICATION_IMAGE_URL_PROPERTY_PREFIX + "." + imageName);
 746  0 
         if (StringUtils.isBlank(buttonImageUrl)) {
 747  0 
             buttonImageUrl = getDefaultButtonImageUrl(imageName);
 748   
         }
 749  0 
         return buttonImageUrl;
 750   
     }
 751   
 
 752   
     /**
 753   
      * Generates a default button image URL, in the form of: ${kr.externalizable.images.url}buttonsmall_${imageName}.gif
 754   
      *
 755   
      * @param imageName the image name to generate a default button name for
 756   
      * @return the default button image url
 757   
      */
 758   
     public static String getDefaultButtonImageUrl(String imageName) {
 759  0 
         return getKualiConfigurationService().getPropertyString(WebUtils.DEFAULT_IMAGE_URL_PROPERTY_NAME) + "buttonsmall_" + imageName + ".gif";
 760   
     }
 761   
 
 762   
     /**
 763   
      * @return whether the deploy environment is production
 764   
      */
 765   
     public static boolean isProductionEnvironment() {
 766  0 
         return getKualiConfigurationService().isProductionEnvironment();
 767   
     }
 768   
 
 769   
     /**
 770   
      * @return an implementation of the ConfigurationService
 771   
      */
 772   
     public static ConfigurationService getKualiConfigurationService() {
 773  0 
         if (configurationService == null) {
 774  0 
             configurationService = KNSServiceLocator.getKualiConfigurationService();
 775   
         }
 776  0 
         return configurationService;
 777   
     }
 778   
 }
Report generated by Cobertura 1.9.4.1 on 4/13/11 4:03 AM.