1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.itracker.web.actions.project;
20
21 import org.apache.log4j.Logger;
22 import org.apache.struts.action.*;
23 import org.itracker.model.Issue;
24 import org.itracker.model.PermissionType;
25 import org.itracker.model.Project;
26 import org.itracker.model.util.UserUtilities;
27 import org.itracker.services.IssueService;
28 import org.itracker.services.ProjectService;
29 import org.itracker.web.actions.base.ItrackerBaseAction;
30 import org.itracker.web.forms.MoveIssueForm;
31 import org.itracker.web.util.RequestHelper;
32 import org.itracker.web.util.ServletContextUtils;
33
34 import javax.servlet.ServletException;
35 import javax.servlet.http.HttpServletRequest;
36 import javax.servlet.http.HttpServletResponse;
37 import java.io.IOException;
38 import java.util.*;
39
40 public class MoveIssueFormAction extends ItrackerBaseAction {
41
42 private static final Logger log = Logger.getLogger(MoveIssueFormAction.class);
43
44 private static final String UNAUTHORIZED_PAGE = "unauthorized";
45 private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
46
47
48 public ActionForward execute(ActionMapping mapping, ActionForm form,
49 HttpServletRequest request, HttpServletResponse response)
50 throws ServletException, IOException {
51
52 ActionMessages errors = new ActionMessages();
53 request.setAttribute("pageTitleKey", PAGE_TITLE_KEY);
54 request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
55
56 try {
57 IssueService issueService = ServletContextUtils.getItrackerServices().getIssueService();
58 ProjectService projectService = ServletContextUtils.getItrackerServices()
59 .getProjectService();
60
61 Integer issueId = Integer
62 .valueOf((request.getParameter("id") == null ? "-1"
63 : (request.getParameter("id"))));
64 Issue issue = issueService.getIssue(issueId);
65 if (issue == null) {
66 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
67 "itracker.web.error.invalidissue"));
68 } else {
69 request.setAttribute("pageTitleArg", issue.getId());
70
71 if (errors.isEmpty()) {
72 if (!isPermissionGranted(request, issue)) {
73 return mapping.findForward(UNAUTHORIZED_PAGE);
74 }
75
76 List<Project> projects = projectService.getAllAvailableProjects();
77 if (projects.size() == 0) {
78 return mapping.findForward(UNAUTHORIZED_PAGE);
79 }
80
81 List<Project> availableProjects = getAvailableProjects(request,
82 projects, issue);
83 if (availableProjects.size() == 0) {
84 errors.add(ActionMessages.GLOBAL_MESSAGE,
85 new ActionMessage("itracker.web.error.noprojects"));
86 }
87
88 if (errors.isEmpty()) {
89 setupMoveIssueForm(request, form, issue, availableProjects);
90 return mapping.getInputForward();
91 }
92 }
93 }
94 } catch (RuntimeException e) {
95 log.error("Exception while creating move issue form.", e);
96 errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
97 "itracker.web.error.system"));
98 }
99 if (!errors.isEmpty()) {
100 saveErrors(request, errors);
101 }
102 return mapping.findForward("error");
103 }
104
105
106
107
108
109
110
111
112
113 private void setupMoveIssueForm(HttpServletRequest request, ActionForm form, Issue issue, List<Project> availableProjects) {
114 MoveIssueForm/org/itracker/web/forms/MoveIssueForm.html#MoveIssueForm">MoveIssueForm moveIssueForm = (MoveIssueForm) form;
115 if (moveIssueForm == null) {
116 moveIssueForm = new MoveIssueForm();
117 }
118 moveIssueForm.setIssueId(issue.getId());
119 moveIssueForm.setCaller(request.getParameter("caller"));
120
121 request.setAttribute("moveIssueForm", moveIssueForm);
122 request.setAttribute("projects", availableProjects);
123 request.setAttribute("issue", issue);
124 saveToken(request);
125 log.info("No errors while moving issue. Forwarding to move issue form.");
126 }
127
128
129
130
131
132
133
134
135
136 private List<Project> getAvailableProjects(HttpServletRequest request, List<Project> projects,
137 Issue issue) {
138 Map<Integer, Set<PermissionType>> userPermissions = RequestHelper.getUserPermissions(request.getSession());
139 List<Project> availableProjects = new ArrayList<Project>();
140 for (int i = 0; i < projects.size(); i++) {
141 if (projects.get(i).getId() != null
142 && !projects.get(i).equals(issue.getProject())) {
143 if (UserUtilities.hasPermission(userPermissions,
144 projects.get(i).getId(), new PermissionType[]{
145 PermissionType.ISSUE_EDIT_ALL,
146 PermissionType.ISSUE_CREATE})) {
147 availableProjects.add(projects.get(i));
148 }
149 }
150 }
151 Collections.sort(availableProjects, new Project.ProjectComparator());
152 return availableProjects;
153 }
154
155
156
157
158
159
160
161
162 private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
163 Map<Integer, Set<PermissionType>> userPermissions = RequestHelper.getUserPermissions(request.getSession());
164
165 if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), UserUtilities.PERMISSION_EDIT)) {
166 log.debug("Unauthorized user requested access to move issue for issue "
167 + issue.getId());
168 return false;
169 }
170 return true;
171 }
172 }