1 16 package com.blandware.atleap.webapp.action.news; 17 18 import com.blandware.atleap.common.NewsModuleConstants; 19 import com.blandware.atleap.model.core.Role; 20 import com.blandware.atleap.model.news.NewsItem; 21 import com.blandware.atleap.service.news.NewsManager; 22 import com.blandware.atleap.webapp.action.core.BaseAction; 23 import com.blandware.atleap.webapp.form.NewsItemForm; 24 import com.blandware.atleap.webapp.util.news.NewsModuleWebConstants; 25 import org.apache.commons.validator.GenericValidator; 26 import org.apache.struts.action.ActionForm; 27 import org.apache.struts.action.ActionForward; 28 import org.apache.struts.action.ActionMapping; 29 30 import javax.servlet.http.HttpServletRequest ; 31 import javax.servlet.http.HttpServletResponse ; 32 import java.util.Iterator ; 33 import java.util.List ; 34 35 53 public final class ShowNewsItemAction extends BaseAction { 54 63 public ActionForward execute(ActionMapping mapping, ActionForm form, 64 HttpServletRequest request, HttpServletResponse response) throws Exception { 65 NewsItemForm newsItemForm = (NewsItemForm) form; 66 Long newsItemId = null; 67 if ( !GenericValidator.isBlankOrNull(newsItemForm.getId()) ) { 68 newsItemId = Long.valueOf(newsItemForm.getId()); 69 } else if ( request.getSession().getAttribute(NewsModuleWebConstants.NEWS_ITEM_ID_KEY) != null ) { 70 newsItemId = (Long ) request.getSession().getAttribute(NewsModuleWebConstants.NEWS_ITEM_ID_KEY); 71 } else { 72 if ( log.isWarnEnabled() ) { 73 log.warn("Missing content page ID. Returning to list..."); 74 } 75 return mapping.findForward("listNewsItems"); 76 } 77 78 NewsManager newsManager = (NewsManager) getBean(NewsModuleConstants.NEWS_MANAGER_BEAN); 79 NewsItem newsItem = newsManager.retrieveNewsItem(newsItemId); 80 if ( newsItem == null ) { 81 response.sendError(HttpServletResponse.SC_NOT_FOUND); 82 return null; 83 } 84 85 if ( !newsItem.getActive().booleanValue() ) { 86 response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE); 87 return null; 88 } 89 90 List itemRoles = newsItem.getRoles(); 92 if ( itemRoles != null && !itemRoles.isEmpty() ) { 93 boolean isUserInRole = false; 94 for ( Iterator i = itemRoles.iterator(); i.hasNext(); ) { 95 Role role = (Role) i.next(); 96 isUserInRole = isUserInRole || request.isUserInRole(role.getName()); 97 } 98 99 if ( !isUserInRole ) { 100 response.sendError(HttpServletResponse.SC_FORBIDDEN); 102 return null; 103 } 104 } 105 106 request.setAttribute("newsItem", newsItem); 107 return mapping.findForward("viewNewsItem"); 108 } 109 } | Popular Tags |