View Javadoc
1   /*
2    * This file is part of ***  M y C o R e  ***
3    * See http://www.mycore.de/ for details.
4    *
5    * MyCoRe is free software: you can redistribute it and/or modify
6    * it under the terms of the GNU General Public License as published by
7    * the Free Software Foundation, either version 3 of the License, or
8    * (at your option) any later version.
9    *
10   * MyCoRe is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   * GNU General Public License for more details.
14   *
15   * You should have received a copy of the GNU General Public License
16   * along with MyCoRe.  If not, see <http://www.gnu.org/licenses/>.
17   */
18  
19  package org.mycore.frontend.servlets;
20  
21  import static org.mycore.access.MCRAccessManager.PERMISSION_DELETE;
22  import static org.mycore.access.MCRAccessManager.PERMISSION_WRITE;
23  
24  import java.io.IOException;
25  import java.nio.file.Files;
26  import java.util.Locale;
27  
28  import org.mycore.access.MCRAccessException;
29  import org.mycore.access.MCRAccessManager;
30  import org.mycore.common.MCRException;
31  import org.mycore.datamodel.metadata.MCRDerivate;
32  import org.mycore.datamodel.metadata.MCRMetadataManager;
33  import org.mycore.datamodel.metadata.MCRObjectID;
34  import org.mycore.datamodel.niofs.MCRPath;
35  import org.mycore.datamodel.niofs.utils.MCRRecursiveDeleter;
36  import org.mycore.frontend.fileupload.MCRUploadHelper;
37  
38  import jakarta.servlet.http.HttpServletRequest;
39  import jakarta.servlet.http.HttpServletResponse;
40  
41  /**
42   * @author Sebastian Hofmann; Silvio Hermann; Thomas Scheffler (yagee); Sebastian Röher
43   */
44  public class MCRDerivateServlet extends MCRServlet {
45  
46      private static final long serialVersionUID = 1L;
47  
48      public static final String TODO_SMOVFILE = "smovfile";
49  
50      @Override
51      protected void doGetPost(MCRServletJob job) throws Exception {
52          HttpServletRequest request = job.getRequest();
53          HttpServletResponse response = job.getResponse();
54          checkPreConditions(request, response);
55          if (response.isCommitted()) {
56              return;
57          }
58          String derivateId = getProperty(request, "derivateid");
59          if (performTask(job, getProperty(request, "todo"), derivateId, getProperty(request, "file"),
60              getProperty(request, "file2"))) {
61              String url = request.getParameter("url");
62              if (url != null && ("".equals(url))) {
63                  response.sendError(HttpServletResponse.SC_NO_CONTENT, "Parameter 'url' is set but empty!");
64                  return;
65              }
66              if (url != null) {
67                  response.sendRedirect(response.encodeRedirectURL(url));
68                  return;
69              }
70              toReferrer(request, response,
71                  response.encodeRedirectURL(getServletBaseURL() + "MCRFileNodeServlet/" + derivateId + "/"));
72          }
73      }
74  
75      protected void checkPreConditions(HttpServletRequest request, HttpServletResponse response) throws IOException {
76          if (getProperty(request, "todo") == null) {
77              response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"todo\" is not provided");
78          } else if (getProperty(request, "derivateid") == null) {
79              response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"derivateid\" is not provided");
80          } else if (getProperty(request, "file") == null) {
81              response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"file\" is not provided");
82          } else if (getProperty(request, "todo").equals(TODO_SMOVFILE) && getProperty(request, "file2") == null) {
83              response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"file2\" is not provided");
84          }
85      }
86  
87      private boolean performTask(MCRServletJob job, String task, String myCoreDerivateId, String file, String file2)
88          throws IOException, MCRAccessException {
89          switch (task) {
90          case "ssetfile":
91              setMainFile(myCoreDerivateId, file, job.getResponse());
92              break;
93          case "sdelfile":
94              deleteFile(myCoreDerivateId, file, job.getResponse());
95              break;
96          case TODO_SMOVFILE:
97              moveFile(myCoreDerivateId, file, file2, job.getResponse());
98              break;
99          default:
100             job.getResponse()
101                 .sendError(HttpServletResponse.SC_BAD_REQUEST,
102                     String.format(Locale.ENGLISH, "The task \"%s\" is not supported.", task));
103             break;
104         }
105         return !job.getResponse().isCommitted();
106     }
107 
108     /**
109      * The method set the main file of a derivate object that is stored in the
110      * server. The method use the input parameter: <b>type</b>,<b>step</b>
111      * <b>se_mcrid</b> and <b>re_mcrid</b>. Access rights must be 'writedb'.
112      */
113     private void setMainFile(String derivateId, String file, HttpServletResponse response)
114         throws IOException, MCRAccessException {
115         if (MCRAccessManager.checkPermission(derivateId, PERMISSION_WRITE)) {
116             MCRObjectID mcrid = MCRObjectID.getInstance(derivateId);
117             MCRDerivate der = MCRMetadataManager.retrieveMCRDerivate(mcrid);
118             der.getDerivate().getInternals().setMainDoc(file);
119             MCRMetadataManager.update(der);
120         } else {
121             response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH, "User has not the \""
122                 + PERMISSION_WRITE + "\" permission on object %s.", derivateId));
123         }
124     }
125 
126     /**
127      * The method delete a file from a derivate object that is stored in the
128      * server. The method use the input parameter: <b>type</b>,<b>step</b>
129      * <b>se_mcrid</b> and <b>re_mcrid</b>. Access rights must be 'deletedb'.
130      */
131     private void deleteFile(String derivateId, String file, HttpServletResponse response) throws IOException {
132         if (MCRAccessManager.checkPermission(derivateId, PERMISSION_DELETE)) {
133             MCRPath pathToFile = MCRPath.getPath(derivateId, file);
134             if (!Files.isDirectory(pathToFile)) {
135                 Files.delete(pathToFile);
136             } else {
137                 Files.walkFileTree(pathToFile, MCRRecursiveDeleter.instance());
138             }
139         } else {
140             response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH, "User has not the \""
141                 + PERMISSION_DELETE + "\" permission on object %s.", derivateId));
142         }
143     }
144 
145     private void moveFile(String derivateId, String file, String target, HttpServletResponse response)
146         throws IOException {
147         if (!MCRAccessManager.checkPermission(derivateId, PERMISSION_DELETE)) {
148             response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH,
149                 "User has not the \"%s\" permission on object %s.", PERMISSION_DELETE, derivateId));
150             return;
151         }
152 
153         if (!MCRAccessManager.checkPermission(derivateId, PERMISSION_WRITE)) {
154             response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH,
155                 "User has not the \"%s\" permission on object %s.", PERMISSION_WRITE, derivateId));
156             return;
157         }
158         MCRPath pathFrom = MCRPath.getPath(derivateId, file);
159         MCRPath pathTo = MCRPath.getPath(derivateId, target);
160 
161         if (Files.exists(pathTo)) {
162             response.sendError(HttpServletResponse.SC_BAD_REQUEST, String.format(Locale.ENGLISH,
163                 "The File %s already exists!", pathTo));
164             return;
165         }
166 
167         if (Files.isDirectory(pathFrom)) {
168             response.sendError(HttpServletResponse.SC_BAD_REQUEST, String.format(Locale.ENGLISH,
169                 "Renaming directory %s is not supported!", pathFrom));
170             return;
171         }
172 
173         String newName = pathTo.getFileName().toString();
174         try {
175             MCRUploadHelper.checkPathName(newName);
176         } catch (MCRException ex) {
177             String message = ex.getMessage();
178             response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
179             return;
180         }
181 
182         Files.move(pathFrom, pathTo);
183     }
184 
185 }