MoveIssueAction.java
/*
* This software was designed and created by Jason Carroll.
* Copyright (c) 2002, 2003, 2004 Jason Carroll.
* The author can be reached at jcarroll@cowsultants.com
* ITracker website: http://www.cowsultants.com
* ITracker forums: http://www.cowsultants.com/phpBB/index.php
*
* This program is free software; you can redistribute it and/or modify
* it only under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*/
package org.itracker.web.actions.project;
import org.apache.log4j.Logger;
import org.apache.struts.action.*;
import org.itracker.model.Issue;
import org.itracker.model.PermissionType;
import org.itracker.model.User;
import org.itracker.services.IssueService;
import org.itracker.model.util.UserUtilities;
import org.itracker.web.actions.base.ItrackerBaseAction;
import org.itracker.web.forms.MoveIssueForm;
import org.itracker.web.util.LoginUtilities;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;
import java.util.Set;
public class MoveIssueAction extends ItrackerBaseAction {
private static final Logger log = Logger.getLogger(MoveIssueAction.class);
private static final String UNAUTHORIZED_PAGE = "unauthorized";
private static final String VIEW_ISSUE_PAGE = "viewissue";
private static final String EDIT_ISSUE_PAGE = "editissue";
private static final String DEFAULT_PAGE = "index";
private static final String PAGE_TITLE_KEY = "itracker.web.moveissue.title";
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
ActionMessages errors = new ActionMessages();
request.setAttribute("pageTitleKey", PAGE_TITLE_KEY);
request.setAttribute("pageTitleArg", "itracker.web.generic.unknown");
if (!isValidToken(mapping, request, errors)) {
return mapping.findForward(DEFAULT_PAGE);
}
try {
IssueService issueService = getITrackerServices().getIssueService();
Integer issueId = ((MoveIssueForm) form).getIssueId();
Integer projectId = ((MoveIssueForm) form).getProjectId();
String caller = ((MoveIssueForm) form).getCaller() != null ? ((MoveIssueForm) form)
.getCaller()
: DEFAULT_PAGE;
Issue issue = issueService.getIssue(issueId);
if (issue == null) {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidissue"));
}
request.setAttribute("pageTitleArg", issue.getId());
// is already on this issue
if (issue.getProject() != null && issue.getProject().getId().equals(projectId)) {
log.error("execute: attempted to move issue to its containing project");
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.invalidproject"));
}
if (errors.isEmpty()) {
User user = LoginUtilities.getCurrentUser(request);
if (!isPermissionGranted(request, issue))
return mapping.findForward(UNAUTHORIZED_PAGE);
issueService.moveIssue(issue, projectId, user.getId());
if (caller.equals(EDIT_ISSUE_PAGE)) {
log.info("execute: go to forward editissue");
return new ActionForward(mapping.findForward(EDIT_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
} else if (caller.equals(VIEW_ISSUE_PAGE)) {
log.info("execute: go to forward viewissue");
return new ActionForward(mapping.findForward(VIEW_ISSUE_PAGE).getPath() + "?id=" + issue.getId());
} else {
return mapping.findForward(caller);
}
}
} catch (Exception e) {
log.error("execute: Exception processing form data", e);
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage("itracker.web.error.system"));
}
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
return mapping.findForward("error");
}
/**
* Validates token.
*
* @param mapping ActionMapping.
* @param request HttpServletRequest.
* @param errors ActionMessages.
* @return true if token is valid.
*/
private boolean isValidToken(ActionMapping mapping,
HttpServletRequest request, ActionMessages errors) {
if (!isTokenValid(request)) {
log.debug("Invalid request token while creating issue.");
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"itracker.web.error.transaction"));
saveErrors(request, errors);
return false;
}
resetToken(request);
return true;
}
/**
* Checks permissions.
*
* @param request HttpServletRequest.
* @param issue issue.
* @return true if permission is granted.
*/
private boolean isPermissionGranted(HttpServletRequest request, Issue issue) {
Map<Integer, Set<PermissionType>> userPermissions = getUserPermissions(request.getSession());
// TODO is seems first condition is not necessary
// TODO: return detailed messages on the missing authorization
if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), UserUtilities.PERMISSION_EDIT_FULL)) {
log.debug("User not authorized to move issue " + issue.getProject().getId());
return false;
}
if (!UserUtilities.hasPermission(userPermissions, issue.getProject().getId(), new PermissionType[]{PermissionType.ISSUE_EDIT_ALL, PermissionType.ISSUE_CREATE})) {
log.debug("User attempted to move issue " + issue.getId() + " to unauthorized project.");
return false;
}
return true;
}
}