1 2 package org.nemesis.forum.webapp.admin.action; 3 4 import java.io.InputStream ; 5 import java.io.StringWriter ; 6 import java.util.HashMap ; 7 import java.util.Iterator ; 8 import java.util.Map ; 9 10 import javax.servlet.http.HttpServletRequest ; 11 import javax.servlet.http.HttpServletResponse ; 12 import javax.xml.parsers.DocumentBuilder ; 13 import javax.xml.parsers.DocumentBuilderFactory ; 14 import javax.xml.transform.Transformer ; 15 import javax.xml.transform.TransformerFactory ; 16 import javax.xml.transform.dom.DOMSource ; 17 import javax.xml.transform.stream.StreamResult ; 18 import javax.xml.transform.stream.StreamSource ; 19 20 import org.apache.struts.action.ActionForm; 21 import org.apache.struts.action.ActionForward; 22 import org.apache.struts.action.ActionMapping; 23 import org.nemesis.forum.util.SecurityTools; 24 import org.w3c.dom.Document ; 25 import org.w3c.dom.Element ; 26 import org.w3c.dom.Node ; 27 import org.w3c.dom.NodeList ; 28 29 30 31 32 33 40 public class MenuAction extends BaseAction { 41 42 public ActionForward execute(ActionMapping mapping, 43 ActionForm form, 44 HttpServletRequest request, 45 HttpServletResponse response) 46 throws Exception { 47 48 checkUser(request); 49 50 try { 51 52 Map parameters =new HashMap (); 53 if (request.getParameter("tab")==null) 54 parameters.put("selectedTab","NULL"); 55 else 56 parameters.put("selectedTab",request.getParameter("tab")); 57 58 59 parameters.put("langage",getLocale(request)+""); 60 61 62 InputStream in = getClass().getClassLoader().getResourceAsStream("resources/menu.xml"); 63 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); 64 DocumentBuilder builder = factory.newDocumentBuilder(); 65 Document doc =builder.parse(in); 66 Element root = doc.getDocumentElement(); 67 if (parameters != null) { 68 Iterator i = parameters.keySet().iterator(); 69 while (i.hasNext()) { 70 Object key = i.next(); 71 Object value = parameters.get(key); 72 root.setAttribute(key.toString(), value.toString()); 73 } 74 } 75 76 process(doc.getDocumentElement(),request); 78 79 80 InputStream in_xsl = getClass().getClassLoader().getResourceAsStream("resources/menu.xsl"); 81 TransformerFactory tf = TransformerFactory.newInstance(); 82 Transformer t = tf.newTransformer(new StreamSource (in_xsl)); 83 84 StringWriter result = new StringWriter (); 85 t.transform(new DOMSource (doc), new StreamResult (result)); 86 87 88 request.setAttribute("menu_xml",result.toString()); 89 90 } catch (Exception e) { 91 e.printStackTrace(); 92 93 } 94 95 return (mapping.findForward("view")); 96 97 98 } 99 100 private void process(Element el,HttpServletRequest request){ 101 if(!"".equals(el.getAttribute("label"))) 102 el.setAttribute("label",getResources(request).getMessage(getLocale(request),el.getAttribute("label"))); 103 104 NodeList l =el.getChildNodes(); 105 106 for(int i=0;i<l.getLength();i++) { 107 if(l.item(i).getNodeType()!=Node.ELEMENT_NODE) continue; 108 String perms =((Element )l.item(i)).getAttribute("permission"); 109 if(! isAllowed(perms,request)){ 110 el.removeChild(l.item(i)) ; 111 } 112 } 113 114 l =el.getChildNodes(); 115 for(int i=0;i<l.getLength();i++) { 116 if(l.item(i).getNodeType()==Node.ELEMENT_NODE){ 117 process((Element )l.item(i),request); 118 } 119 120 } 121 } 122 123 private boolean isAllowed(String perms,HttpServletRequest request){ 124 if("".equals(perms))return true; 125 126 if(perms.indexOf("systemAdmin")!=-1 && SecurityTools.isSystemAdmin(getAuthToken(request))) 127 return true; 128 if(perms.indexOf("forumAdmin")!=-1 && SecurityTools.isForumAdmin(getAuthToken(request))) 129 return true; 130 if(perms.indexOf("forumModerator")!=-1 && SecurityTools.isForumModerator(getAuthToken(request))) 131 return true; 132 if(perms.indexOf("groupAdmin")!=-1 && SecurityTools.isGroupAdmin(getAuthToken(request))) 133 return true; 134 135 return false; 136 } 137 138 } 139 | Popular Tags |