1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.mycore.frontend.servlets;
20
21 import static org.mycore.access.MCRAccessManager.PERMISSION_DELETE;
22 import static org.mycore.access.MCRAccessManager.PERMISSION_WRITE;
23
24 import java.io.IOException;
25 import java.nio.file.Files;
26 import java.util.Locale;
27
28 import org.mycore.access.MCRAccessException;
29 import org.mycore.access.MCRAccessManager;
30 import org.mycore.common.MCRException;
31 import org.mycore.datamodel.metadata.MCRDerivate;
32 import org.mycore.datamodel.metadata.MCRMetadataManager;
33 import org.mycore.datamodel.metadata.MCRObjectID;
34 import org.mycore.datamodel.niofs.MCRPath;
35 import org.mycore.datamodel.niofs.utils.MCRRecursiveDeleter;
36 import org.mycore.frontend.fileupload.MCRUploadHelper;
37
38 import jakarta.servlet.http.HttpServletRequest;
39 import jakarta.servlet.http.HttpServletResponse;
40
41
42
43
44 public class MCRDerivateServlet extends MCRServlet {
45
46 private static final long serialVersionUID = 1L;
47
48 public static final String TODO_SMOVFILE = "smovfile";
49
50 @Override
51 protected void doGetPost(MCRServletJob job) throws Exception {
52 HttpServletRequest request = job.getRequest();
53 HttpServletResponse response = job.getResponse();
54 checkPreConditions(request, response);
55 if (response.isCommitted()) {
56 return;
57 }
58 String derivateId = getProperty(request, "derivateid");
59 if (performTask(job, getProperty(request, "todo"), derivateId, getProperty(request, "file"),
60 getProperty(request, "file2"))) {
61 String url = request.getParameter("url");
62 if (url != null && ("".equals(url))) {
63 response.sendError(HttpServletResponse.SC_NO_CONTENT, "Parameter 'url' is set but empty!");
64 return;
65 }
66 if (url != null) {
67 response.sendRedirect(response.encodeRedirectURL(url));
68 return;
69 }
70 toReferrer(request, response,
71 response.encodeRedirectURL(getServletBaseURL() + "MCRFileNodeServlet/" + derivateId + "/"));
72 }
73 }
74
75 protected void checkPreConditions(HttpServletRequest request, HttpServletResponse response) throws IOException {
76 if (getProperty(request, "todo") == null) {
77 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"todo\" is not provided");
78 } else if (getProperty(request, "derivateid") == null) {
79 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"derivateid\" is not provided");
80 } else if (getProperty(request, "file") == null) {
81 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"file\" is not provided");
82 } else if (getProperty(request, "todo").equals(TODO_SMOVFILE) && getProperty(request, "file2") == null) {
83 response.sendError(HttpServletResponse.SC_BAD_REQUEST, "Parameter \"file2\" is not provided");
84 }
85 }
86
87 private boolean performTask(MCRServletJob job, String task, String myCoreDerivateId, String file, String file2)
88 throws IOException, MCRAccessException {
89 switch (task) {
90 case "ssetfile":
91 setMainFile(myCoreDerivateId, file, job.getResponse());
92 break;
93 case "sdelfile":
94 deleteFile(myCoreDerivateId, file, job.getResponse());
95 break;
96 case TODO_SMOVFILE:
97 moveFile(myCoreDerivateId, file, file2, job.getResponse());
98 break;
99 default:
100 job.getResponse()
101 .sendError(HttpServletResponse.SC_BAD_REQUEST,
102 String.format(Locale.ENGLISH, "The task \"%s\" is not supported.", task));
103 break;
104 }
105 return !job.getResponse().isCommitted();
106 }
107
108
109
110
111
112
113 private void setMainFile(String derivateId, String file, HttpServletResponse response)
114 throws IOException, MCRAccessException {
115 if (MCRAccessManager.checkPermission(derivateId, PERMISSION_WRITE)) {
116 MCRObjectID mcrid = MCRObjectID.getInstance(derivateId);
117 MCRDerivate der = MCRMetadataManager.retrieveMCRDerivate(mcrid);
118 der.getDerivate().getInternals().setMainDoc(file);
119 MCRMetadataManager.update(der);
120 } else {
121 response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH, "User has not the \""
122 + PERMISSION_WRITE + "\" permission on object %s.", derivateId));
123 }
124 }
125
126
127
128
129
130
131 private void deleteFile(String derivateId, String file, HttpServletResponse response) throws IOException {
132 if (MCRAccessManager.checkPermission(derivateId, PERMISSION_DELETE)) {
133 MCRPath pathToFile = MCRPath.getPath(derivateId, file);
134 if (!Files.isDirectory(pathToFile)) {
135 Files.delete(pathToFile);
136 } else {
137 Files.walkFileTree(pathToFile, MCRRecursiveDeleter.instance());
138 }
139 } else {
140 response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH, "User has not the \""
141 + PERMISSION_DELETE + "\" permission on object %s.", derivateId));
142 }
143 }
144
145 private void moveFile(String derivateId, String file, String target, HttpServletResponse response)
146 throws IOException {
147 if (!MCRAccessManager.checkPermission(derivateId, PERMISSION_DELETE)) {
148 response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH,
149 "User has not the \"%s\" permission on object %s.", PERMISSION_DELETE, derivateId));
150 return;
151 }
152
153 if (!MCRAccessManager.checkPermission(derivateId, PERMISSION_WRITE)) {
154 response.sendError(HttpServletResponse.SC_FORBIDDEN, String.format(Locale.ENGLISH,
155 "User has not the \"%s\" permission on object %s.", PERMISSION_WRITE, derivateId));
156 return;
157 }
158 MCRPath pathFrom = MCRPath.getPath(derivateId, file);
159 MCRPath pathTo = MCRPath.getPath(derivateId, target);
160
161 if (Files.exists(pathTo)) {
162 response.sendError(HttpServletResponse.SC_BAD_REQUEST, String.format(Locale.ENGLISH,
163 "The File %s already exists!", pathTo));
164 return;
165 }
166
167 if (Files.isDirectory(pathFrom)) {
168 response.sendError(HttpServletResponse.SC_BAD_REQUEST, String.format(Locale.ENGLISH,
169 "Renaming directory %s is not supported!", pathFrom));
170 return;
171 }
172
173 String newName = pathTo.getFileName().toString();
174 try {
175 MCRUploadHelper.checkPathName(newName);
176 } catch (MCRException ex) {
177 String message = ex.getMessage();
178 response.sendError(HttpServletResponse.SC_BAD_REQUEST, message);
179 return;
180 }
181
182 Files.move(pathFrom, pathTo);
183 }
184
185 }