1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.itracker.web.actions.project;
20
21 import org.apache.log4j.Logger;
22 import org.apache.struts.action.*;
23 import org.itracker.model.Issue;
24 import org.itracker.model.PermissionType;
25 import org.itracker.model.User;
26 import org.itracker.services.IssueService;
27 import org.itracker.model.util.UserUtilities;
28 import org.itracker.web.actions.base.ItrackerBaseAction;
29 import org.itracker.web.forms.MoveIssueForm;
30 import org.itracker.web.util.LoginUtilities;
31
32 import javax.servlet.ServletException;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import java.io.IOException;
36 import java.util.Map;
37 import java.util.Set;
38
39 public class MoveIssueAction extends ItrackerBaseAction {
40
41 private static final Logger log = Logger.getLogger(MoveIssueAction.class);
42
43 private static final String UNAUTHORIZED_PAGE = "unauthorized";
44 private static final String VIEW_ISSUE_PAGE = "viewissue";
45 private static final String EDIT_ISSUE_PAGE = "editissue";
46 private static final String DEFAULT_PAGE = "index";
47 private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
48
49 public ActionForward execute(ActionMapping mapping, ActionForm form,
50 HttpServletRequest request, HttpServletResponse response)
51 throws ServletException, IOException {
52 ActionMessages errors = new ActionMessages();
53 request.setAttribute("pageTitleKey", PAGE_TITLE_KEY);
54 request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
55
56 if (!isValidToken(mapping, request, errors)) {
57 return mapping.findForward(DEFAULT_PAGE);
58 }
59
60 try {
61 IssueService issueService = getITrackerServices().getIssueService();
62 Integer issueId = ((MoveIssueForm) form).getIssueId();
63 Integer projectId = ((MoveIssueForm) form).getProjectId();
64 String caller = ((MoveIssueFormeForm">MoveIssueForm) form).getCaller() != null ? ((MoveIssueForm) form)
65 .getCaller()
66 : DEFAULT_PAGE;
67
68 Issue issue = issueService.getIssue(issueId);
69 if (issue == null) {
70 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidissue"));
71 }
72
73 request.setAttribute("pageTitleArg", issue.getId());
74
75
76 if (issue.getProject() != null && issue.getProject().getId().equals(projectId)) {
77 log.error("execute: attempted to move issue to its containing project");
78 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidproject"));
79 }
80
81 if (errors.isEmpty()) {
82 User user = LoginUtilities.getCurrentUser(request);
83 if (!isPermissionGranted(request, issue))
84 return mapping.findForward(UNAUTHORIZED_PAGE);
85
86 issueService.moveIssue(issue, projectId, user.getId());
87 if (caller.equals(EDIT_ISSUE_PAGE)) {
88 log.info("execute: go to forward editissue");
89 return new ActionForward(mapping.findForward(EDIT_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
90 } else if (caller.equals(VIEW_ISSUE_PAGE)) {
91 log.info("execute: go to forward viewissue");
92 return new ActionForward(mapping.findForward(VIEW_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
93 } else {
94 return mapping.findForward(caller);
95 }
96 }
97 } catch (Exception e) {
98 log.error("execute: Exception processing form data", e);
99 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.system"));
100 }
101
102 if (!errors.isEmpty()) {
103 saveErrors(request, errors);
104 }
105 return mapping.findForward("error");
106 }
107
108
109
110
111
112
113
114
115
116 private boolean isValidToken(ActionMapping mapping,
117 HttpServletRequest request, ActionMessages errors) {
118 if (!isTokenValid(request)) {
119 log.debug("Invalid request token while creating issue.");
120 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
121 "itracker.web.error.transaction"));
122 saveErrors(request, errors);
123 return false;
124 }
125 resetToken(request);
126 return true;
127 }
128
129
130
131
132
133
134
135
136
137 private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
138 Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
139
140
141 if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), UserUtilities.PERMISSION_EDIT_FULL)) {
142 log.debug("User not authorized to move issue " + issue.getProject().getId());
143 return false;
144 }
145 if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), new PermissionType[]{PermissionType.ISSUE_EDIT_ALL, PermissionType.ISSUE_CREATE})) {
146 log.debug("User attempted to move issue " + issue.getId() + " to unauthorized project.");
147 return false;
148 }
149 return true;
150 }
151 }