View Javadoc
1   /*
2    * This software was designed and created by Jason Carroll.
3    * Copyright (c) 2002, 2003, 2004 Jason Carroll.
4    * The author can be reached at jcarroll@cowsultants.com
5    * ITracker website: http://www.cowsultants.com
6    * ITracker forums: http://www.cowsultants.com/phpBB/index.php
7    *
8    * This program is free software; you can redistribute it and/or modify
9    * it only under the terms of the GNU General Public License as published by
10   * the Free Software Foundation; either version 2 of the License, or
11   * (at your option) any later version.
12   *
13   * This program is distributed in the hope that it will be useful,
14   * but WITHOUT ANY WARRANTY; without even the implied warranty of
15   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16   * GNU General Public License for more details.
17   */
18  
19  package org.itracker.web.actions.project;
20  
21  import org.apache.log4j.Logger;
22  import org.apache.struts.action.*;
23  import org.itracker.model.Issue;
24  import org.itracker.model.PermissionType;
25  import org.itracker.model.User;
26  import org.itracker.services.IssueService;
27  import org.itracker.model.util.UserUtilities;
28  import org.itracker.web.actions.base.ItrackerBaseAction;
29  import org.itracker.web.forms.MoveIssueForm;
30  import org.itracker.web.util.LoginUtilities;
31  
32  import javax.servlet.ServletException;
33  import javax.servlet.http.HttpServletRequest;
34  import javax.servlet.http.HttpServletResponse;
35  import java.io.IOException;
36  import java.util.Map;
37  import java.util.Set;
38  
39  public class MoveIssueAction extends ItrackerBaseAction {
40  
41      private static final Logger log = Logger.getLogger(MoveIssueAction.class);
42  
43      private static final String UNAUTHORIZED_PAGE = "unauthorized";
44      private static final String VIEW_ISSUE_PAGE = "viewissue";
45      private static final String EDIT_ISSUE_PAGE = "editissue";
46      private static final String DEFAULT_PAGE = "index";
47      private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
48  
49      public ActionForward execute(ActionMapping mapping, ActionForm form,
50                                   HttpServletRequest request, HttpServletResponse response)
51              throws ServletException, IOException {
52          ActionMessages errors = new ActionMessages();
53          request.setAttribute("pageTitleKey", PAGE_TITLE_KEY);
54          request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
55  
56          if (!isValidToken(mapping, request, errors)) {
57              return mapping.findForward(DEFAULT_PAGE);
58          }
59  
60          try {
61              IssueService issueService = getITrackerServices().getIssueService();
62              Integer issueId = ((MoveIssueForm) form).getIssueId();
63              Integer projectId = ((MoveIssueForm) form).getProjectId();
64              String caller = ((MoveIssueFormeForm">MoveIssueForm) form).getCaller() != null ? ((MoveIssueForm) form)
65                      .getCaller()
66                      : DEFAULT_PAGE;
67  
68              Issue issue = issueService.getIssue(issueId);
69              if (issue == null) {
70                  errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidissue"));
71              }
72  
73              request.setAttribute("pageTitleArg", issue.getId());
74  
75              // is already on this issue
76              if (issue.getProject() != null && issue.getProject().getId().equals(projectId)) {
77                  log.error("execute: attempted to move issue to its containing project");
78                  errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidproject"));
79              }
80  
81              if (errors.isEmpty()) {
82                  User user = LoginUtilities.getCurrentUser(request);
83                  if (!isPermissionGranted(request, issue))
84                      return mapping.findForward(UNAUTHORIZED_PAGE);
85  
86                  issueService.moveIssue(issue, projectId, user.getId());
87                  if (caller.equals(EDIT_ISSUE_PAGE)) {
88                      log.info("execute: go to forward editissue");
89                      return new ActionForward(mapping.findForward(EDIT_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
90                  } else if (caller.equals(VIEW_ISSUE_PAGE)) {
91                      log.info("execute: go to forward viewissue");
92                      return new ActionForward(mapping.findForward(VIEW_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
93                  } else {
94                      return mapping.findForward(caller);
95                  }
96              }
97          } catch (Exception e) {
98              log.error("execute: Exception processing form data", e);
99              errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.system"));
100         }
101 
102         if (!errors.isEmpty()) {
103             saveErrors(request, errors);
104         }
105         return mapping.findForward("error");
106     }
107 
108     /**
109      * Validates token.
110      *
111      * @param mapping ActionMapping.
112      * @param request HttpServletRequest.
113      * @param errors  ActionMessages.
114      * @return true if token is valid.
115      */
116     private boolean isValidToken(ActionMapping mapping,
117                                  HttpServletRequest request, ActionMessages errors) {
118         if (!isTokenValid(request)) {
119             log.debug("Invalid request token while creating issue.");
120             errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
121                     "itracker.web.error.transaction"));
122             saveErrors(request, errors);
123             return false;
124         }
125         resetToken(request);
126         return true;
127     }
128 
129 
130     /**
131      * Checks permissions.
132      *
133      * @param request HttpServletRequest.
134      * @param issue   issue.
135      * @return true if permission is granted.
136      */
137     private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
138         Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
139         // TODO is seems first condition is not necessary
140         // TODO: return detailed messages on the missing authorization
141         if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), UserUtilities.PERMISSION_EDIT_FULL)) {
142             log.debug("User not authorized to move issue " + issue.getProject().getId());
143             return false;
144         }
145         if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), new PermissionType[]{PermissionType.ISSUE_EDIT_ALL, PermissionType.ISSUE_CREATE})) {
146             log.debug("User attempted to move issue " + issue.getId() + " to unauthorized project.");
147             return false;
148         }
149         return true;
150     }
151 }