From 2e2642cb7d41f9d24fa5c7e45ddac0e2295500b8 Mon Sep 17 00:00:00 2001
From: Kevin Roast <kevin.roast@alfresco.com>
Date: Thu, 24 Jul 2008 14:44:45 +0000
Subject: [PATCH] User Profile enhancements:  - Upload of Avatar image - added
 as a child node via preferences aspect to the cm:person node for the current
 user  - Ajax update of image in profile read/edit views  - Auto generated
 thumbnail used for avatar immediately after upload Tweak of file-upload
 component to allow override of destination URL for POST of content Added new
 flag to thumbnail GET call to force thumbnail creation synchronously without
 waiting Fix to Person PUT API (Unit Test now executes correctly)

git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@10008 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
---
 .../thumbnail/thumbnail.get.desc.xml          |  4 +-
 .../repository/thumbnail/thumbnail.get.js     | 67 ++++++++------
 .../profile/uploadavatar.post.desc.xml        |  8 ++
 .../slingshot/profile/uploadavatar.post.js    | 88 +++++++++++++++++++
 .../profile/uploadavatar.post.json.ftl        |  9 ++
 .../slingshot/profile/userprofile.post.js     | 83 ++++++++++-------
 .../repo/web/scripts/person/PersonPut.java    | 45 ++++------
 7 files changed, 215 insertions(+), 89 deletions(-)
 create mode 100644 config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml
 create mode 100644 config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js
 create mode 100644 config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl

diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
index f6802c1009..c64308cb47 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
@@ -1,8 +1,8 @@
 <webscript kind="org.alfresco.repository.content.stream">
   <shortname>Thumbnails</shortname>
   <description>Get a named thumbnail for a content resource</description>
-  <url>/api/node/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;ph={placeholder?}</url>  
-  <url>/api/path/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;ph={placeholder?}</url>
+  <url>/api/node/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;fc={forcecreate?}&amp;ph={placeholder?}</url>  
+  <url>/api/path/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;fc={forcecreate?}&amp;ph={placeholder?}</url>
   <format default="">argument</format>
   <authentication>user</authentication>
   <transaction>required</transaction>
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
index d757af3072..940b4c5f35 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
@@ -4,12 +4,12 @@ function main()
    var pathSegments = url.match.split("/");
    var reference = [ url.templateArgs.store_type, url.templateArgs.store_id ].concat(url.templateArgs.id.split("/"));
    var node = search.findNode(pathSegments[2], reference);
- 
+   
    // 404 if the node to thumbnail is not found
    if (node == null)
    {
       status.setCode(status.STATUS_NOT_FOUND, "The thumbnail source node could not be found");
-	  return;
+      return;
    }
    
    // Get the thumbnail name from the JSON content 
@@ -20,7 +20,7 @@ function main()
    {
       status.setCode(status.STATUS_NOT_FOUND, "Thumbnail name was not provided");
       return;
-   }  
+   }
    
    // Get the queue create flag
    var qc = false;
@@ -30,6 +30,14 @@ function main()
       qc = utils.toBoolean(qcString);
    }
    
+   // Get the force create flag
+   var fc = false;
+   var fcString = args.fc;
+   if (fcString != null)
+   {
+      fc = utils.toBoolean(fcString);
+   }
+   
    // Get the place holder flag
    var ph = false;
    var phString = args.ph;
@@ -43,32 +51,39 @@ function main()
    if (thumbnail == null)
    {
       // Queue the creation of the thumbnail if appropriate
-      if (qc == true)
+      if (fc)
       {
-         node.createThumbnail(thumbnailName, true);
-      }		
-      
-      if (ph == true)
-      {
-         // Try and get the place holder resource
-         var phPath = thumbnailService.getPlaceHolderResourcePath(thumbnailName);
-         if (phPath == null)
-         {
-            // 404 since no thumbnail was found
-            status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found and no place holde resource set for '" + thumbnailName + "'");
-            return;
-         }
-         else
-         {
-            // Set the resouce path in the model ready for the content stream to send back to the client
-            model.contentPath = phPath;
-         }
+      	model.contentNode = node.createThumbnail(thumbnailName, false);
       }
       else
-      {         
-         // 404 since no thumbnail was found
-         status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found");
-         return;
+      {
+	      if (qc)
+	      {
+	         node.createThumbnail(thumbnailName, true);
+	      }
+	      
+	      if (ph == true)
+	      {
+	         // Try and get the place holder resource
+	         var phPath = thumbnailService.getPlaceHolderResourcePath(thumbnailName);
+	         if (phPath == null)
+	         {
+	            // 404 since no thumbnail was found
+	            status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found and no place holde resource set for '" + thumbnailName + "'");
+	            return;
+	         }
+	         else
+	         {
+	            // Set the resouce path in the model ready for the content stream to send back to the client
+	            model.contentPath = phPath;
+	         }
+	      }
+	      else
+	      {         
+	         // 404 since no thumbnail was found
+	         status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found");
+	         return;
+	      }
       }
    }
    else
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml
new file mode 100644
index 0000000000..746e52b4e6
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml
@@ -0,0 +1,8 @@
+<webscript>
+  <shortname>Avatar Upload</shortname>
+  <description>Upload avatar file content and apply to person preferences</description>
+  <format default="json" />
+  <authentication>user</authentication>
+  <transaction>required</transaction>
+  <url>/slingshot/profile/uploadavatar</url>
+</webscript>
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js
new file mode 100644
index 0000000000..7680f65b43
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js
@@ -0,0 +1,88 @@
+/**
+ * User Profile Avatar Upload method
+ * 
+ * @method POST
+ * @param username {string}
+ *        filedata {file}
+ */
+
+function main()
+{
+   var filename = null;
+   var content = null;
+   var username = null;
+   
+   // locate file attributes
+   for each (field in formdata.fields)
+   {
+      if (field.name == "filedata" && field.isFile)
+      {
+         filename = field.filename;
+         content = field.content;
+      }
+      else if (field.name == "username")
+      {
+         username = field.value;
+      }
+   }
+   
+   // ensure all mandatory attributes have been located
+   if (filename == undefined || content == undefined)
+   {
+      status.code = 400;
+      status.message = "Uploaded file cannot be located in request";
+      status.redirect = true;
+      return;
+   }
+   if (username == null || username.length == 0)
+   {
+      status.code = 500;
+      status.message = "Username parameter not supplied.";
+      status.redirect = true;
+      return;
+   }
+   
+   var user = people.getPerson(username);
+   // ensure we found a valid user and that it is the current user or we are an admin
+   if (user == null || (people.isAdmin(person) == false && username != user.properties.userName))
+   {
+      status.code = 500;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   // ensure cm:person has 'cm:preferences' aspect applied - as we want to add the avatar as
+   // the child node of the 'cm:preferenceImage' association
+   if (!user.hasAspect("cm:preferences"))
+   {
+      user.addAspect("cm:preferences");
+   }
+   
+   // remove old image child node if we already have one
+   var assocs = user.childAssocs["cm:preferenceImage"];
+   if (assocs != null && assocs.length == 1)
+   {
+      assocs[0].remove();
+   }
+   
+   // create the new image node
+   var image = user.createNode(filename, "cm:content", "cm:preferenceImage");
+   image.properties.content.write(content);
+   image.properties.content.guessMimetype(filename);
+   image.properties.content.encoding = "UTF-8";
+   image.save();
+   
+   // wire up 'cm:avatar' target association - backward compatible with JSF web-client avatar
+   assocs = user.associations["cm:avatar"];
+   if (assocs != null && assocs.length == 1)
+   {
+      user.removeAssociation(assocs[0], "cm:avatar");
+   }
+   user.createAssociation(image, "cm:avatar");
+   
+   // save ref to be returned
+   model.image = image;
+}
+
+main();
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl
new file mode 100644
index 0000000000..326c18cbc6
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl
@@ -0,0 +1,9 @@
+{
+   "nodeRef": "${image.nodeRef}",
+   "status":
+   {
+      "code": 200,
+      "name": "OK",
+      "description" : "File uploaded successfully"
+   }
+}
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
index ad61a8c25b..b6ba0a3fab 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
@@ -1,5 +1,5 @@
 /**
- * User Profile Update method
+ * User Profile REST Update method
  * 
  * @method POST
  * @param json {string}
@@ -16,51 +16,66 @@
  *    }
  */
 
-model.success = false;
-var username = json.get("username");
-if (username != null)
+function main()
 {
-   var person = people.getPerson(username);
-   // ensure we found a valid person and that it is the current user or an admin
-   if (person != null && (username == person.properties.userName || people.isAdmin(person)))
+   model.success = false;
+   var username = json.get("username");
+   if (username == null)
    {
-      if (json.has("properties"))
+      status.code = 400;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   var user = people.getPerson(username);
+   // ensure we found a valid user and that it is the current user or we are an admin
+   if (user == null || (people.isAdmin(person) == false && username != user.properties.userName))
+   {
+      status.code = 500;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   if (json.has("properties"))
+   {
+      var props = json.get("properties");
+      if (props != null)
       {
-         var props = json.get("properties");
-         if (props != null)
+         var names = props.names();
+         for (var i=0; i<props.length(); i++)
          {
-            var names = props.names();
-            for (var i=0; i<props.length(); i++)
-            {
-               var propname = names.get(i);
-               var propval = props.get(propname);
-               
-               // set simple text properties
-               person.properties[propname] = propval;
-            }
+            var propname = names.get(i);
+            var propval = props.get(propname);
+            
+            // set simple text properties
+            user.properties[propname] = propval;
          }
       }
-      
-      if (json.has("content"))
+   }
+   
+   if (json.has("content"))
+   {
+      var props = json.get("content");
+      if (props != null)
       {
-         var props = json.get("content");
-         if (props != null)
+         var names = props.names();
+         for (var i=0; i<props.length(); i++)
          {
-            var names = props.names();
-            for (var i=0; i<props.length(); i++)
-            {
-               var propname = names.get(i);
-               var propval = props.get(propname);
-               
-               // set content property
-               person.properties[propname].content = propval;
-            }
+            var propname = names.get(i);
+            var propval = props.get(propname);
+            
+            // set content property
+            user.properties[propname].content = propval;
          }
       }
       
       // TODO: AVATAR?
       
-      person.save();
+      user.save();
       model.success = true;
    }
-}
\ No newline at end of file
+}
+
+main();
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java b/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
index 70c5828374..a7ede2a01d 100644
--- a/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
+++ b/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
@@ -33,12 +33,12 @@ import org.alfresco.repo.jscript.ScriptNode;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.util.Content;
 import org.alfresco.web.scripts.DeclarativeWebScript;
 import org.alfresco.web.scripts.Status;
@@ -46,6 +46,7 @@ import org.alfresco.web.scripts.WebScriptException;
 import org.alfresco.web.scripts.WebScriptRequest;
 import org.json.JSONObject;
 
+
 /**
  * Web Script to update a person's details
  * 
@@ -75,35 +76,25 @@ public class PersonPut extends DeclarativeWebScript
         {
             // get references to services
             NodeService nodeService = PersonPut.this.serviceRegistry.getNodeService();
-            PermissionService permissionService = PersonPut.this.serviceRegistry.getPermissionService();
             
-            // Can only update the given person node's properties if the
-            // currently logged in user is the system user or,
-            // already has write permissions on the person node or,
-            // matches the user name property of that person node
-            String currentUserName = AuthenticationUtil.getCurrentUserName();
-            String personUserName = (String) nodeService.getProperty(person,
-                    ContentModel.PROP_USERNAME);
-            if (PersonPut.this.authenticationComponent.isSystemUserName(currentUserName) == true
-                    || (permissionService.hasPermission(
-                            this.person, PermissionService.WRITE) == AccessStatus.ALLOWED)
-                    || personUserName.equals(currentUserName) == true)
+            // Update the given person node's properties
+            Map<QName, Serializable> props = new HashMap<QName, Serializable>(16);
+            props.put(ContentModel.PROP_USERNAME, (Serializable) personProps.get("userName"));
+            props.put(ContentModel.PROP_TITLE, (Serializable) personProps.get("title"));
+            props.put(ContentModel.PROP_FIRSTNAME, (Serializable) personProps.get("firstName"));
+            props.put(ContentModel.PROP_LASTNAME, (Serializable) personProps.get("lastName"));
+            props.put(ContentModel.PROP_ORGANIZATION, (Serializable) personProps.get("organisation"));
+            props.put(ContentModel.PROP_JOBTITLE, (Serializable) personProps.get("jobtitle"));
+            props.put(ContentModel.PROP_EMAIL, (Serializable) personProps.get("email"));
+            try
             {
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_TITLE, (Serializable) personProps.get("title"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_FIRSTNAME, (Serializable) personProps.get("firstName"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_LASTNAME, (Serializable) personProps.get("lastName"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_ORGANIZATION, (Serializable) personProps.get("organisation"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_JOBTITLE, (Serializable) personProps.get("jobtitle"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_EMAIL, (Serializable) personProps.get("email"));
+                nodeService.setProperties(this.person, props);
             }
-            else
+            catch (AccessDeniedException err)
             {
+                // catch security exception if the user does not have permissions
+                String currentUserName = AuthenticationUtil.getCurrentUserName();
+                String personUserName = (String)nodeService.getProperty(person, ContentModel.PROP_USERNAME);
                 throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Current user: "
                         + currentUserName + " does not have the appropriate permissons to update "
                         + " person node with userName: " + personUserName);