From: Julien V. <coo...@us...> - 2004-01-21 08:13:50
|
User: cooperfbi Date: 04/01/21 00:13:48 Modified: nukes/src/main/org/jboss/nukes/core/modules/html HtmlModule.java Log: fixed previously introduced mistake Revision Changes Path 1.65 +243 -349 nukes/nukes/src/main/org/jboss/nukes/core/modules/html/HtmlModule.java Index: HtmlModule.java =================================================================== RCS file: /cvsroot/jboss/nukes/nukes/src/main/org/jboss/nukes/core/modules/html/HtmlModule.java,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- HtmlModule.java 12 Jan 2004 12:50:26 -0000 1.64 +++ HtmlModule.java 21 Jan 2004 08:13:48 -0000 1.65 @@ -18,24 +18,22 @@ import org.jboss.nukes.utils.Http; import org.jboss.nukes.resources.Resource; import org.jboss.nukes.servlet.MultipartRequest; -import org.jboss.nukes.core.ejb.UserEJBLocal; import org.jboss.nukes.core.ejb.FileEJBLocalHome; import org.jboss.nukes.core.ejb.FileEJBLocal; import org.jboss.nukes.core.ejb.FileEJB; import org.jboss.nukes.core.FileException; +import org.jboss.nukes.core.FileNotFoundException; import org.jboss.mx.util.ObjectNameFactory; import org.dom4j.Document; import org.dom4j.Element; import javax.naming.InitialContext; -import javax.ejb.CreateException; import javax.ejb.FinderException; import javax.management.ObjectName; import java.util.Collection; import java.util.Iterator; import java.util.ArrayList; import java.util.List; -import java.util.LinkedList; import java.util.StringTokenizer; import java.util.Set; import java.util.HashSet; @@ -56,7 +54,7 @@ * DELETE/html::/$id:: - delete $id * * @author <a href="mailto:ju...@jb...">Julien Viet</a> - * @version $Revision: 1.64 $ + * @version $Revision: 1.65 $ */ public class HtmlModule extends ModuleSupport @@ -70,6 +68,15 @@ /** Internal constants. */ private static final String[] ACTIONS = {"rename","move","copy","view","edit","makeprod","unmakeprod","delete"}; + private static final int ACTION_RENAME = 0; + private static final int ACTION_MOVE = 1; + private static final int ACTION_COPY = 2; + private static final int ACTION_VIEW = 3; + private static final int ACTION_EDIT = 4; + private static final int ACTION_MAKEPROD = 5; + private static final int ACTION_UNMAKEPROD = 6; + private static final int ACTION_DELETE = 7; + // Attributes ---------------------------------------------------- /** FileEJB home. */ @@ -91,7 +98,7 @@ private int rows = 35; /** The templates. */ - private Template list, details, editor, css, menu; + private Template list, details, editor, css, menu, confirm; // Constructors -------------------------------------------------- @@ -240,22 +247,7 @@ editor.render(ctx, page.getNukesWriter()); } - /** - * Creates a new page. - */ - public void create(Page page) - { - String fileId = page.getParameter("id"); - String content = page.getParameter("content"); // String authid = page.getParameter("authid"); - - // Argument check - make sure that all required arguments are present - if (content == null || fileId == null) - { - page.print("${core._MODARGSERROR}"); - return; - } - // // Authorization check 1 // if (!getApi().confirmAuthKey(authid, "html")) // { @@ -263,230 +255,298 @@ // return; // } - // Authorization check 2 - if (!secAuthAction("html::", fileId + "::", Level.ACCESS_ADD)) - { - page.print("${html._HTMLPAGESNOAUTH}"); - return; - } - + /** + * Creates a new page. + */ + public void create(Page page) + { try { - FileEJBLocal fileEJB = null; - fileEJB = home.create(fileId, getApi().currentUser(), "text/html", content.getBytes()); - home.makeProd(fileEJB); + String fileId = page.getParameter("id"); + String content = page.getParameter("content"); + + // Argument check - make sure that all required arguments are present + if (content == null || fileId == null) + { + page.print("${core._MODARGSERROR}"); + return; + } + + // Authorization check + if (!secAuthAction("html::", fileId + "::", Level.ACCESS_ADD)) + { + page.print("${html._HTMLPAGESNOAUTH}"); + return; + } + + FileEJB.StoreCommand cmd = new FileEJB.StoreCommand( + fileId, + "text/html", + content, + true, + getApi().currentUser(), + true); + home.execute(cmd); notifyResourceChange(fileId); - page.sendRedirect("index.html?module=html&op=view&id=" + fileEJB.getId()); + page.sendRedirect("index.html?module=html&op=view&id=" + cmd.getTargetId()); } catch(FileException e) { page.sendError(e); } - catch(CreateException e) - { - log.error("Cannot create file", e); - page.sendError("Cannot create file"); - } } + // String authid = page.getParameter("authid"); + // if (current == null || !getApi().confirmAuthKey(authid, "html")) + // { + // page.print("${core._BADAUTHKEY}"); + // return; + // } + /** * This is a standard function that is called with the results of the * form supplied by modify() to update a current item */ public void update(Page page) { - Integer id = page.getParameterAsInteger("id"); - boolean newVersion = page.getParameterAsBoolean("newversion"); - boolean makeProd = page.getParameterAsBoolean("makeprod"); - String content = page.getParameter("content"); - // String authid = page.getParameter("authid"); - - // if (current == null || !getApi().confirmAuthKey(authid, "html")) - // { - // page.print("${core._BADAUTHKEY}"); - // return; - // } - - // Argument check - if (id == null || content == null) + try { - page.sendError("${core._MODARGSERROR}"); - return; - } + String fileId = page.getParameter("fileid", ""); + Integer id = page.getParameterAsInteger("id"); + boolean newVersion = page.getParameterAsBoolean("newversion"); + boolean makeProd = page.getParameterAsBoolean("makeprod"); + String content = page.getParameter("content"); - // Get the file - FileEJBLocal fileEJB = findByPrimaryKey(id); - if (fileEJB == null) - { - page.sendError("${html._HTMLPAGESNOSUCHITEM}"); - return; - } + // Security check + if (!secAuthAction("html::", fileId + "::", Level.ACCESS_EDIT)) + { + page.sendError("${html._HTMLPAGESNOAUTH}"); + return; + } - UserEJBLocal current = getApi().currentUser(); - String fileId = fileEJB.getFileId(); - String contentType = fileEJB.getContentType(); + // Create the command + FileEJB.StoreCommand cmd = new FileEJB.StoreCommand(fileId, id, content, newVersion, getApi().currentUser(), makeProd); - // Edit only text content - if (contentType == null || !contentType.startsWith("text/")) + // Execute it + home.execute(cmd); + + // Broadcast the change + notifyResourceChange(fileId); + + // This function generated no output, and so now it is complete we redirect + // the user to an appropriate page for them to carry on their work + page.sendRedirect("index.html?module=html&op=view&id=" + cmd.getTargetId()); + } + // page.sendError("${core._MODARGSERROR}"); + catch(FileNotFoundException e) { - page.sendError("Cannot update non text content"); - return; + page.sendError("${html._HTMLPAGESNOSUCHITEM}"); } - - // Security check - if (!secAuthAction("html::", fileId + "::", Level.ACCESS_EDIT)) + catch(FileException e) { - page.sendError("${html._HTMLPAGESNOAUTH}"); - return; + log.error("Cannot create file", e); + page.sendError("Problem during file creation : " + e.getMessage()); } + } + +// String authid = page.getParameter("authid"); +// if (!getApi().confirmAuthKey(authid, "html")) +// { +// page.print("${core._BADAUTHKEY}"); +// return; +// } - if (newVersion) + public void store(Page page) + { + try { - try - { - fileEJB = home.create(fileId, current, contentType, content.getBytes()); - } - catch(FileException e) + String fileId = page.getParameter("id"); + boolean makeprod = page.getParameterAsBoolean("makeprod"); + MultipartRequest.File parameterAsFile = page.getParameterAsFile("content"); + System.out.println("parameterAsFile = " + parameterAsFile); + MultipartRequest.File webFile = parameterAsFile; + // We need a file + if (webFile == null) { - page.sendError(e); + page.sendError("${core._MODARGSERROR}"); return; } - catch(CreateException e) + // Security check + if (!secAuthAction("html::", fileId + "::", Level.ACCESS_ADD)) { - log.error("Cannot create file", e); - page.sendError("Problem during file creation"); + page.print("${html._HTMLPAGESNOAUTH}"); return; } + FileEJB.StoreCommand cmd = new FileEJB.StoreCommand( + fileId, + webFile.getContentType(), + webFile.getContent(), + true, + getApi().currentUser(), + makeprod); + home.execute(cmd); + page.sendRedirect("index.html?module=html&op=list"); } - else - { - fileEJB.setContent(content.getBytes()); - } - - if (makeProd) + catch(FileException e) { - home.makeProd(fileEJB); + log.error("Cannot create file", e); + page.sendError("Cannot create file"); + page.sendError(e.getMessage()); + return; } - // Broadcast the change - notifyResourceChange(fileEJB.getFileId()); - - // This function generated no output, and so now it is complete we redirect - // the user to an appropriate page for them to carry on their work - page.sendRedirect("index.html?module=html&op=view&id=" + fileEJB.getId()); } public void action(Page page) { try { - String fileId = page.getParameter("id", ""); - boolean all = page.getParameterAsBoolean("all"); + // Get the source file id + String sourceFileId = page.getParameter("id", ""); + + // Get the target file id + String targetFileId = page.getParameter("dir", "") + page.getParameter("name", ""); - List selection = new LinkedList(); - selection = new LinkedList(); + // + boolean ok = page.getParameterAsBoolean("ok"); + + // The list will contains the FileEJBs that the user has selected + Integer[] ids = new Integer[0]; String[] versions = page.getParameterValues("version"); - for (int i = 0; i < versions.length; i++) + if (versions != null) { - try - { - // todo check that the version has the good file id - selection.add(home.findByPrimaryKey(new Integer(versions[i]))); - } - catch(FinderException e) + List temp = new ArrayList(versions.length); + for (int i = 0; i < versions.length; i++) { - page.sendError(e); - return; - } - catch(NumberFormatException e) - { - // not valid, just skip + try + { + temp.add(new Integer(versions[i])); + } + catch(NumberFormatException e) + { + // Not valid, just skip + } } + ids = (Integer[])temp.toArray(new Integer[temp.size()]); } - Collection files = all ? home.findByFileId(fileId) : selection; - - Level globalLevel = secGetLevel("html::", "::"); - Level localLevel = secGetLevel("html::", fileId + "::"); + // Get the security level on source and target fileId + Level sourceLevel = secGetLevel("html::", sourceFileId + "::"); + Level targetLevel = secGetLevel("html::", targetFileId + "::"); + // We make security checks switch (decode(page, ACTIONS)) { - case 0: - case 1: - case 2: - case 7: - if (globalLevel.lesser(Level.ACCESS_ADMIN)) + case ACTION_RENAME: + case ACTION_MOVE: + case ACTION_COPY: + // We must check that both source and target match security + if (sourceLevel.lesser(Level.ACCESS_EDIT)) + { + page.sendError("${html._HTMLPAGESNOAUTH}"); + return; + } + if (targetLevel.lesser(Level.ACCESS_EDIT)) { page.sendError("${html._HTMLPAGESNOAUTH}"); return; } break; - case 3: - case 4: - case 5: - if (selection.size() == 1) + case ACTION_VIEW: + case ACTION_EDIT: + case ACTION_MAKEPROD: + if (sourceLevel.lesser(Level.ACCESS_EDIT)) { - // It's ok, pass through + page.sendError("${html._HTMLPAGESNOAUTH}"); + return; } - else + if (ids.length != 1) { - page.sendError("You must select one version"); + page.sendError("You must select one version exactly"); return; } - case 6: - if (localLevel.lesser(Level.ACCESS_EDIT)) + break; + case ACTION_UNMAKEPROD: + if (sourceLevel.lesser(Level.ACCESS_EDIT)) { page.sendError("${html._HTMLPAGESNOAUTH}"); return; } break; + case ACTION_DELETE: + if (sourceLevel.lesser(Level.ACCESS_DELETE)) + { + page.sendError("${html._HTMLPAGESNOAUTH}"); + return; + } + if (!ok) + { + DelegateContext root = new DelegateContext(); + root.put("TITLE", "Confirmation"); + root.put("MESSAGE", "Are you sure that you want to delete the file " + sourceFileId); + root.put("OK_OP", "action"); + root.put("OK_SUBMIT", "delete"); + root.put("OK_LABEL", "Delete"); + root.put("OK_HIDDEN", ""); + root.put("CANCEL_OP", "list"); + root.put("CANCEL_SUBMIT", "cancel"); + root.put("CANCEL_LABEL", "Don't delete"); + root.put("CANCEL_HIDDEN", ""); + confirm.render(root, page.getNukesWriter()); + return; + } + break; default: - // error + // Error + throw new IllegalStateException(); } switch (decode(page, ACTIONS)) { - case 0: - home.rename(files, page.getParameter("name", "")); - page.sendRedirect("index.html?module=html&op=list"); + case ACTION_RENAME: + FileEJB.RenameCommand renameCmd = new FileEJB.RenameCommand(sourceFileId, page.getParameter("name", "")); + home.execute(renameCmd); + page.sendRedirect("index.html?module=html&op=details&id=" + renameCmd.getTargetFileId()); break; - case 1: - home.move(files, page.getParameter("name", "")); - page.sendRedirect("index.html?module=html&op=list"); + case ACTION_MOVE: + FileEJB.MoveCommand moveCmd = new FileEJB.MoveCommand(sourceFileId, page.getParameter("dir", "")); + home.execute(moveCmd); + page.sendRedirect("index.html?module=html&op=details&id=" + moveCmd.getTargetFileId()); break; - case 2: - home.copy(files, page.getParameter("dir", ""), page.getParameter("name", "")); - page.sendRedirect("index.html?module=html&op=details&id=" + fileId); + case ACTION_COPY: + FileEJB.CopyCommand copyCmd = new FileEJB.CopyCommand(sourceFileId, page.getParameter("dir", ""), page.getParameter("name", "")); + home.execute(copyCmd); + page.sendRedirect("index.html?module=html&op=details&id=" + copyCmd.getTargetFileId()); break; - case 3: - FileEJBLocal file = (FileEJBLocal)selection.get(0); + case ACTION_VIEW: + FileEJBLocal file = home.findByPrimaryKey(ids[0]); print(page, file.getFileId(), file.getContentType(), new String(file.getContent()), file.getId()); return; - case 4: - modify(page, (FileEJBLocal)selection.get(0)); + case ACTION_EDIT: + modify(page, home.findByPrimaryKey(ids[0])); return; - case 5: - home.makeProd((FileEJBLocal)selection.get(0)); - page.sendRedirect("index.html?module=html&op=details&id=" + fileId); + case ACTION_MAKEPROD: + home.execute(new FileEJB.MakeProdCommand(sourceFileId, ids[0])); + page.sendRedirect("index.html?module=html&op=details&id=" + sourceFileId); break; - case 6: - home.unmakeProd(selection); - page.sendRedirect("index.html?module=html&op=details&id=" + fileId); + case ACTION_UNMAKEPROD: + home.execute(new FileEJB.UnmakeProdCommand(sourceFileId, ids)); + page.sendRedirect("index.html?module=html&op=details&id=" + sourceFileId); break; - case 7: - home.delete(files); + case ACTION_DELETE: + home.execute(new FileEJB.DeleteCommand(sourceFileId)); page.sendRedirect("index.html?module=html&op=list"); break; default: // error } - // Invalide the modified file - notifyResourceChange(fileId); + // Invalidate the modified file + notifyResourceChange(sourceFileId); } catch(FinderException e) { - page.sendError(e); + // wfwefwef } catch(FileException e) { @@ -510,26 +570,27 @@ return; } - StringBuffer submit = new StringBuffer(); - StringBuffer sdir = new StringBuffer(); + StringBuffer sub = new StringBuffer(); + StringBuffer all = new StringBuffer(); // According to the security level computes user actions if (level.greaterOrEquals(Level.ACCESS_EDIT)) { - submit.append("<input type=\"submit\" name=\"view\" value=\"${html._READ}\"/>"); - submit.append("<input type=\"submit\" name=\"edit\" value=\"${html._EDIT}\"/>"); - submit.append("<input type=\"submit\" name=\"makeprod\" value=\"MakeProd\"/>"); - submit.append("<input type=\"submit\" name=\"delete\" value=\"Delete\"/>"); - sdir.append("<input type=\"submit\" name=\"move\" value=\"Move\"/>"); - sdir.append("<input type=\"submit\" name=\"copy\" value=\"Copy\"/>"); + sub.append("<input type=\"submit\" name=\"view\" value=\"${html._READ}\"/>"); + sub.append("<input type=\"submit\" name=\"edit\" value=\"${html._EDIT}\"/>"); + sub.append("<input type=\"submit\" name=\"makeprod\" value=\"MakeProd\"/>"); + sub.append("<input type=\"submit\" name=\"unmakeprod\" value=\"UnmakeProd\"/>"); + all.append("<input type=\"submit\" name=\"rename\" value=\"Rename\"/>"); + all.append("<input type=\"submit\" name=\"move\" value=\"Move\"/>"); + all.append("<input type=\"submit\" name=\"copy\" value=\"Copy\"/>"); } if (level.greaterOrEquals(Level.ACCESS_DELETE)) { - submit.append("<input type=\"submit\" name=\"delete\" value=\"Delete\"/>"); + sub.append("<input type=\"submit\" name=\"delete\" value=\"Delete\"/>"); } int count = 0; - StringBuffer versions = new StringBuffer("<select multiple=\"true\" size=\"5\" name=\"version\">"); + StringBuffer versions = new StringBuffer(); for (Iterator i = home.findByFileId(fileId).iterator();i.hasNext();) { FileEJBLocal file = (FileEJBLocal)i.next(); @@ -543,7 +604,6 @@ } if (!i.hasNext()) { - versions.append("</select>"); Matcher matcher = FileEJB.FILE.matcher(); matcher.matches(fileId); DelegateContext ctx = new DelegateContext(); @@ -552,12 +612,13 @@ ctx.put("NAME", "<input type=\"text\" name=\"name\" size=\"32\" value=\"" + matcher.group(2) + "\"/>"); ctx.put("S_NAME", "<input type=\"submit\" name=\"rename\" value=\"Rename\"/>"); ctx.put("DIR", "<input type=\"text\" name=\"dir\" size=\"32\" value=\"" + matcher.group(1) + "\"/>"); - ctx.put("S_DIR", sdir.toString()); ctx.put("CONTENT_TYPE", file.getContentType()); ctx.put("OWNER", file.getOwner().getUserName()); - ctx.put("ALL", "<input type=\"checkbox\" name=\"all\" value=\"true\" checked=\"checked\"/>"); + // seems not used anymore + // ctx.put("ALL", "<input type=\"checkbox\" name=\"all\" value=\"true\" checked=\"checked\"/>"); ctx.put("VERSIONS", versions.toString()); - ctx.put("SUBMIT", submit.toString()); + ctx.put("SUBMIT_ALL", all.toString()); + ctx.put("SUBMIT_SUB", sub.toString()); menu(page); details.render(ctx, page.getNukesWriter()); @@ -625,7 +686,7 @@ for (Iterator i = home.getDirectoriesByPrefix(prefix).iterator();i.hasNext();) { String dir = (String)i.next(); - if (dirMatcher.matches(dir) && secAuthAction("html::", dir + "::", Level.ACCESS_READ)) + if (dirMatcher.matches(dir) && secAuthAction("html::", dir + "::", Level.ACCESS_EDIT)) { DelegateContext sub = new DelegateContext(); sub.put("DIRECTORY", "<a href=\"index.html?module=html&op=list&prefix=" + dir + "\">" + dirMatcher.group(2) + "</a>"); @@ -640,7 +701,7 @@ FileEJBLocal file = (FileEJBLocal)i.next(); String fileId = file.getFileId(); publicFileIds.add(fileId); - if (fileMatcher.matches(fileId) && secAuthAction("html::", fileId + "::", Level.ACCESS_READ)) + if (fileMatcher.matches(fileId) && secAuthAction("html::", fileId + "::", Level.ACCESS_EDIT)) { String name = "<a href=\"index.html?module=html&op=details&id=" + fileId + "\">" + fileMatcher.group(2) + "</a>"; DelegateContext sub = new DelegateContext(); @@ -656,7 +717,7 @@ for (Iterator i = allNotPublicFileIds.iterator();i.hasNext();) { String fileId = (String)i.next(); - if (fileMatcher.matches(fileId) && secAuthAction("html::", fileId + "::", Level.ACCESS_READ)) + if (fileMatcher.matches(fileId) && secAuthAction("html::", fileId + "::", Level.ACCESS_EDIT)) { DelegateContext sub = new DelegateContext(); String name = "<a href=\"index.html?module=html&op=details&id=" + fileId + "\">" + fileMatcher.group(2) + "</a>"; @@ -672,7 +733,7 @@ } catch(FinderException e) { - e.printStackTrace(); //To change body of catch statement use Options | File Templates. + log.error("", e); } } @@ -743,182 +804,6 @@ editor.render(ctx, page.getNukesWriter()); } - public void store(Page page) - { - String fileId = page.getParameter("id"); - boolean makeprod = page.getParameterAsBoolean("makeprod"); -// String authid = page.getParameter("authid"); - MultipartRequest.File parameterAsFile = page.getParameterAsFile("content"); - System.out.println("parameterAsFile = " + parameterAsFile); - MultipartRequest.File webFile = parameterAsFile; - - if (webFile == null) - { - page.sendError("${core._MODARGSERROR}"); - return; - } - -// if (!getApi().confirmAuthKey(authid, "html")) -// { -// page.print("${core._BADAUTHKEY}"); -// return; -// } - - // Security check - if (!secAuthAction("html::", fileId + "::", Level.ACCESS_ADD)) - { - page.print("${html._HTMLPAGESNOAUTH}"); - return; - } - - try - { - FileEJBLocal fileEJB = home.create(fileId, getApi().currentUser(), webFile.getContentType(), webFile.getContent()); - if (makeprod) - { - home.makeProd(fileEJB); - notifyResourceChange(fileEJB.getFileId()); - } - } - catch(FileException e) - { - page.sendError(e.getMessage()); - return; - } - catch(CreateException e) - { - log.error("Cannot create file", e); - page.sendError("Cannot create file"); - return; - } - - page.sendRedirect("index.html?module=html&op=list"); - } - -// public void restore(Page page) -// { -// if (!getApi().secAuthAction("html::", "::", Constants.SEC_ACCESS_ADMIN)) -// { -// page.print("Cannot perform this operation"); -// return; -// } -// -// String fileName = page.getParameter("filename"); -// if (fileName == null) -// { -// Html html = new Html(); -// html.text("Specify a file name on local disk :"); -// html.formStart("index.html"); -// html.formHidden("module", "html"); -// html.formHidden("op", "restore"); -// html.formText("filename", "", 48); -// html.formSubmit(); -// html.formEnd(); -// html.printPage(page); -// return; -// } -// -// ZipInputStream in = null; -// -// try -// { -// in = new ZipInputStream(new FileInputStream(fileName)); -// for (ZipEntry entry = in.getNextEntry();entry != null;entry = in.getNextEntry()) -// { -// ByteArrayOutputStream out = new ByteArrayOutputStream(); -// Tools.copy(in, out); -// byte[] content = out.toByteArray(); -// String name = entry.getName(); -// name = name.substring(name.indexOf('/') + 1); -// FileEJBLocal fileEJB = home.create(name, getApi().currentUser(), "text/html", content); -// fileEJB.setCreationDate(new Date(entry.getTime())); -// } -// page.print("Restore succesfull"); -// } -// catch (Exception e) -// { -// log.error("Cannot restore backup", e); -// page.print("Backup failed"); -// } -// finally -// { -// Tools.safeClose(in); -// } -// -// for (Iterator i = getFilesAsStructure().iterator(); i.hasNext();) -// { -// List list = (List) i.next(); -// FileEJBLocal fileEJB = (FileEJBLocal) list.get(list.size() - 1); -// fileEJB.setPublic(true); -// } -// -// } - -// public void backup(Page page) -// { -// if (!getApi().secAuthAction("html::", "::", Constants.SEC_ACCESS_ADMIN)) -// { -// page.print("Cannot perform this operation"); -// return; -// } -// -// String fileName = page.getParameter("filename"); -// if (fileName == null) -// { -// Html html = new Html(); -// html.text("Specify a file name on local disk :"); -// html.formStart("index.html"); -// html.formHidden("module", "html"); -// html.formHidden("op", "backup"); -// html.formText("filename", "", 48); -// html.formSubmit(); -// html.formEnd(); -// html.printPage(page); -// return; -// } -// -// FileOutputStream out = null; -// -// try -// { -// out = new FileOutputStream(fileName); -// ZipOutputStream zip = new ZipOutputStream(out); -// List fileStruct = getFilesAsStructure(); -// if (fileStruct == null) -// { -// page.print("Backup failed"); -// return; -// } -// for (Iterator i = fileStruct.iterator(); i.hasNext();) -// { -// List files = (List) i.next(); -// int k = 0; -// for (Iterator j = files.iterator(); j.hasNext();) -// { -// FileEJBLocal fileEJB = (FileEJBLocal) j.next(); -// String name = (k++) + "/" + fileEJB.getFileId(); -// ZipEntry entry = new ZipEntry(name); -// entry.setTime(fileEJB.getCreationDate().getTime()); -// zip.putNextEntry(entry); -// zip.write(fileEJB.getContent()); -// zip.closeEntry(); -// } -// } -// zip.flush(); -// zip.close(); -// page.print("Backup succesfull"); -// } -// catch (Exception e) -// { -// log.error("An error occured during backup", e); -// page.print("Backup failed"); -// } -// finally -// { -// Tools.safeClose(out); -// } -// } - // Module overrides ---------------------------------------------- public void head(Page page) @@ -936,11 +821,13 @@ repository.addTemplate("editor", (Element)doc.selectSingleNode("/node/loop[@name='editor']/node")); repository.addTemplate("css", (Element)doc.selectSingleNode("/node/loop[@name='css']/node")); repository.addTemplate("menu", (Element)doc.selectSingleNode("/node/loop[@name='menu']/node")); + repository.addTemplate("confirm", (Element)doc.selectSingleNode("/node/loop[@name='confirm']/node")); list = repository.createTemplate("list"); details = repository.createTemplate("details"); editor = repository.createTemplate("editor"); css = repository.createTemplate("css"); menu = repository.createTemplate("menu"); + confirm = repository.createTemplate("confirm"); } public void stop() @@ -958,6 +845,11 @@ public Resource getResource(String fileId) { + if (!secAuthAction("html::", fileId + "::", Level.ACCESS_READ)) + { + return null; + } + // Look in the cache first Resource res = manager.get(fileId); if (res != null) @@ -1033,6 +925,7 @@ ctx.put("TITLE", "${html._EDITHTMLPAGES}"); ctx.put("HIDDEN_FIELDS", "<input type=\"hidden\" name=\"module\" value=\"html\"/>" + "<input type=\"hidden\" name=\"op\" value=\"update\"/>" + + "<input type=\"hidden\" name=\"fileid\" value=\"" + fileEJB.getFileId() + "\"/>" + "<input type=\"hidden\" name=\"id\" value=\"" + fileEJB.getId() + "\"/>"); // html.formHidden("authid", getApi().generateAuthKey("html")); @@ -1164,4 +1057,5 @@ } return -1; } + } |