inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
131742 rneamtu:       131742 rneamtu: SHA-1629 : Creating a link to file in a different location
            - Added support for multiple files in doclink.post webscript


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132292 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-11-03 13:56:56 +00:00
parent 74dc12f5c3
commit 53cbbd39fe
6 changed files with 776 additions and 621 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
config/alfresco/templates/webscripts/org/alfresco/repository/doclink/doclink.post.desc.xml
View File

@@ -41,12 +41,23 @@
<![CDATA[{ "destinationNodeRef" : string }]]>
</type>
</request>
<request>
<format>json</format>
<type>
<![CDATA[
{
"destinationNodeRef": string,
"multipleFiles": string
}
]]>
</type>
</request>
</requests>
<responses>
<response>
<format>json</format>
<type>
<![CDATA[{ "linkNodeRef" : string }]]>
<![CDATA[{ "result" : string }]]>
</type>
</response>
</responses>

13
config/alfresco/templates/webscripts/org/alfresco/repository/doclink/doclink.post.json.ftl
View File

@@ -1,5 +1,16 @@
<#escape x as jsonUtils.encodeJSONString(x)>
{
"linkNodeRef": "${linkNodeRef}"
"linkNodes" :
[
<#list results as result>
{
"nodeRef" : "${result.nodeRef}"
}
<#if result_has_next>,</#if>
</#list>
],
"successCount": "${successCount}",
"failureCount": "${failureCount}",
"overallSuccess": "${overallSuccess?c}"
}
</#escape>

2
config/alfresco/web-scripts-application-context.xml
View File

@@ -1846,6 +1846,7 @@
<property name="nodeService" ref="NodeService" />
<property name="siteService" ref="SiteService" />
<property name="documentLinkService" ref="DocumentLinkService" />
<property name="activityService" ref="activityService"/>
</bean>
<bean id="webscript.org.alfresco.repository.doclink.doclinks.delete"
@@ -1854,6 +1855,7 @@
<property name="nodeService" ref="NodeService" />
<property name="siteService" ref="SiteService" />
<property name="documentLinkService" ref="DocumentLinkService" />
<property name="activityService" ref="activityService"/>
</bean>
<!-- CMM - Custom model import API -->

287
source/java/org/alfresco/repo/web/scripts/doclink/AbstractDocLink.java
View File

@@ -23,122 +23,171 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.doclink;
import java.util.Map;
import java.util.StringTokenizer;
import org.alfresco.model.ContentModel;
import org.alfresco.service.cmr.repository.DocumentLinkService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
/**
* This class contains common code for doclink webscripts controllers
*
* @author Ana Bozianu
* @since 5.1
*/
public abstract class AbstractDocLink extends DeclarativeWebScript
{
private static String PARAM_STORE_TYPE = "store_type";
private static String PARAM_STORE_ID = "store_id";
private static String PARAM_ID = "id";
private static String PARAM_SITE = "site";
private static String PARAM_CONTAINER = "container";
private static String PARAM_PATH = "path";
protected NodeService nodeService;
protected SiteService siteService;
protected DocumentLinkService documentLinkService;
protected NodeRef parseNodeRefFromTemplateArgs(Map<String, String> templateVars)
{
if (templateVars == null)
{
return null;
}
String storeTypeArg = templateVars.get(PARAM_STORE_TYPE);
String storeIdArg = templateVars.get(PARAM_STORE_ID);
String idArg = templateVars.get(PARAM_ID);
if (storeTypeArg != null)
{
ParameterCheck.mandatoryString("storeTypeArg", storeTypeArg);
ParameterCheck.mandatoryString("storeIdArg", storeIdArg);
ParameterCheck.mandatoryString("idArg", idArg);
/*
* NodeRef based request
* <url>URL_BASE/{store_type}/{store_id}/{id}</url>
*/
return new NodeRef(storeTypeArg, storeIdArg, idArg);
}
else
{
String siteArg = templateVars.get(PARAM_SITE);
String containerArg = templateVars.get(PARAM_CONTAINER);
String pathArg = templateVars.get(PARAM_PATH);
if (siteArg != null)
{
ParameterCheck.mandatoryString("siteArg", siteArg);
ParameterCheck.mandatoryString("containerArg", containerArg);
/*
* Site based request <url>URL_BASE/{site}/{container}</url> or
* <url>URL_BASE/{site}/{container}/{path}</url>
*/
SiteInfo site = siteService.getSite(siteArg);
PropertyCheck.mandatory(this, "site", site);
NodeRef node = siteService.getContainer(site.getShortName(), containerArg);
if (node == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid 'container' variable");
}
if (pathArg != null)
{
// <url>URL_BASE/{site}/{container}/{path}</url>
StringTokenizer st = new StringTokenizer(pathArg, "/");
while (st.hasMoreTokens())
{
String childName = st.nextToken();
node = nodeService.getChildByName(node, ContentModel.ASSOC_CONTAINS, childName);
if (node == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid 'path' variable");
}
}
}
return node;
}
}
return null;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setDocumentLinkService(DocumentLinkService documentLinkService)
{
this.documentLinkService = documentLinkService;
}
}
package org.alfresco.repo.web.scripts.doclink;
import java.io.StringWriter;
import java.util.Map;
import java.util.StringTokenizer;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.web.scripts.links.AbstractLinksWebScript;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.repository.DocumentLinkService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ParameterCheck;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.JSONStringer;
import org.json.simple.JSONObject;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;
/**
* This class contains common code for doclink webscripts controllers
*
* @author Ana Bozianu
* @since 5.1
*/
public abstract class AbstractDocLink extends DeclarativeWebScript
{
private static String PARAM_STORE_TYPE = "store_type";
private static String PARAM_STORE_ID = "store_id";
private static String PARAM_ID = "id";
private static String PARAM_SITE = "site";
private static String PARAM_CONTAINER = "container";
private static String PARAM_PATH = "path";
private static final String ACTIVITY_TOOL = "documentLinkService";
protected NodeService nodeService;
protected SiteService siteService;
protected DocumentLinkService documentLinkService;
protected ActivityService activityService;
private static Log logger = LogFactory.getLog(AbstractDocLink.class);
protected NodeRef parseNodeRefFromTemplateArgs(Map<String, String> templateVars)
{
if (templateVars == null)
{
return null;
}
String storeTypeArg = templateVars.get(PARAM_STORE_TYPE);
String storeIdArg = templateVars.get(PARAM_STORE_ID);
String idArg = templateVars.get(PARAM_ID);
if (storeTypeArg != null)
{
ParameterCheck.mandatoryString("storeTypeArg", storeTypeArg);
ParameterCheck.mandatoryString("storeIdArg", storeIdArg);
ParameterCheck.mandatoryString("idArg", idArg);
/*
* NodeRef based request
* <url>URL_BASE/{store_type}/{store_id}/{id}</url>
*/
return new NodeRef(storeTypeArg, storeIdArg, idArg);
}
else
{
String siteArg = templateVars.get(PARAM_SITE);
String containerArg = templateVars.get(PARAM_CONTAINER);
String pathArg = templateVars.get(PARAM_PATH);
if (siteArg != null)
{
ParameterCheck.mandatoryString("siteArg", siteArg);
ParameterCheck.mandatoryString("containerArg", containerArg);
/*
* Site based request <url>URL_BASE/{site}/{container}</url> or
* <url>URL_BASE/{site}/{container}/{path}</url>
*/
SiteInfo site = siteService.getSite(siteArg);
PropertyCheck.mandatory(this, "site", site);
NodeRef node = siteService.getContainer(site.getShortName(), containerArg);
if (node == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid 'container' variable");
}
if (pathArg != null)
{
// <url>URL_BASE/{site}/{container}/{path}</url>
StringTokenizer st = new StringTokenizer(pathArg, "/");
while (st.hasMoreTokens())
{
String childName = st.nextToken();
node = nodeService.getChildByName(node, ContentModel.ASSOC_CONTAINS, childName);
if (node == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid 'path' variable");
}
}
}
return node;
}
}
return null;
}
/**
* Generates an activity entry for the link
*/
protected void addActivityEntry(String activityType, String title, String nodeRef, String site)
{
try
{
StringWriter activityJson = new StringWriter();
JSONWriter activity = new JSONWriter(activityJson);
activity.startObject();
activity.writeValue("title", title);
activity.writeValue("nodeRef", nodeRef);
activity.writeValue("page", "document-details?nodeRef=" + nodeRef);
activity.endObject();
activityService.postActivity(
activityType,
site,
ACTIVITY_TOOL,
activityJson.toString());
}
catch (Exception e)
{
// Warn, but carry on
logger.warn("Error adding link event to activities feed", e);
}
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setDocumentLinkService(DocumentLinkService documentLinkService)
{
this.documentLinkService = documentLinkService;
}
public void setActivityService(ActivityService activityService)
{
this.activityService = activityService;
}
}

266
source/java/org/alfresco/repo/web/scripts/doclink/DocLinkPost.java
View File

@@ -23,95 +23,177 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.doclink;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.ParameterCheck;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* This class is the controller for the doclink.post webscript doclink.post is a
* webscript for creating a link of a document within a target destination
*
* @author Ana Bozianu
* @since 5.1
*/
public class DocLinkPost extends AbstractDocLink
{
private static String PARAM_DESTINATION_NODE = "destinationNodeRef";
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
NodeRef sourceNodeRef = null;
NodeRef destinationNodeRef = null;
/* Parse the template vars */
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
sourceNodeRef = parseNodeRefFromTemplateArgs(templateVars);
/* Parse the JSON content */
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
try
{
json = (JSONObject) JSONValue.parseWithException(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch (ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
else
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "invalid request content type");
}
/* Parse the destination NodeRef parameter */
String destinationNodeParam = (String) json.get(PARAM_DESTINATION_NODE);
ParameterCheck.mandatoryString("destinationNodeParam", destinationNodeParam);
destinationNodeRef = new NodeRef(destinationNodeParam);
/* Create link */
NodeRef linkNodeRef = null;
try
{
linkNodeRef = documentLinkService.createDocumentLink(sourceNodeRef, destinationNodeRef);
}
catch (IllegalArgumentException ex)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid Arguments: " + ex.getMessage());
}
catch (AccessDeniedException e)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "You don't have permission to perform this operation");
}
/* Build response */
Map<String, Object> model = new HashMap<String, Object>();
model.put("linkNodeRef", linkNodeRef.toString());
return model;
}
}
package org.alfresco.repo.web.scripts.doclink;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.activities.ActivityType;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.repo.security.permissions.AccessDeniedException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.util.ParameterCheck;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.JSONValue;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
/**
* This class is the controller for the doclink.post webscript doclink.post is a
* webscript for creating a link of a document within a target destination
*
* @author Ana Bozianu
* @since 5.1
*/
public class DocLinkPost extends AbstractDocLink
{
private static final String PARAM_DESTINATION_NODE = "destinationNodeRef";
private static final String PARAM_MULTIPLE_FILES = "multipleFiles";
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req, Status status, Cache cache)
{
NodeRef sourceNodeRef = null;
NodeRef destinationNodeRef = null;
/* Parse the template vars */
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
sourceNodeRef = parseNodeRefFromTemplateArgs(templateVars);
/* Parse the JSON content */
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
try
{
json = (JSONObject) JSONValue.parseWithException(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch (ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
else
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "invalid request content type");
}
/* Parse the destination NodeRef parameter */
String destinationNodeParam = (String) json.get(PARAM_DESTINATION_NODE);
ParameterCheck.mandatoryString("destinationNodeParam", destinationNodeParam);
destinationNodeRef = new NodeRef(destinationNodeParam);
List<NodeRef> nodeRefs = new ArrayList<NodeRef>();
if (json.containsKey(PARAM_MULTIPLE_FILES))
{
JSONArray multipleFiles = (JSONArray) json.get(PARAM_MULTIPLE_FILES);
for (int i = 0; i < multipleFiles.size(); i++)
{
String nodeRefString = (String) multipleFiles.get(i);
if (nodeRefString != null)
{
try
{
NodeRef nodeRefToCreateLink = new NodeRef(nodeRefString);
nodeRefs.add(nodeRefToCreateLink);
}
catch (AlfrescoRuntimeException ex)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid Arguments: " + ex.getMessage());
}
}
}
}
else
{
nodeRefs.add(sourceNodeRef);
}
// getSite for destination folder
String siteName = siteService.getSiteShortName(destinationNodeRef);
ArrayList<Object> linksResults = new ArrayList<Object>();
Map<String, Object> linkResult = new HashMap<String, Object>();
NodeRef linkNodeRef = null;
int successCount = 0;
int failureCount = 0;
if (nodeRefs != null && nodeRefs.size() > 0)
{
for (NodeRef sourceNode : nodeRefs)
{
/* Create link */
linkNodeRef = createLink(destinationNodeRef, sourceNode);
if (linkNodeRef != null)
{
String sourceName = (String) nodeService.getProperty(sourceNode, ContentModel.PROP_NAME);
if (siteName != null)
{
addActivityEntry(ActivityType.DOCLINK_CREATED, sourceName, sourceNode.toString(), siteName);
}
linkResult.put("nodeRef", linkNodeRef.toString());
linksResults.add(linkResult);
successCount++;
}
}
}
failureCount = nodeRefs.size() - successCount;
Map<String, Object> model = new HashMap<String, Object>();
model.put("results", linksResults);
model.put("successCount", successCount);
model.put("failureCount", failureCount);
model.put("overallSuccess", failureCount == 0);
return model;
}
/**
* Create link for sourceNodeRef in destinationNodeRef location
*
* @param destinationNodeRef
* @param sourceNodeRef
* @return
*/
private NodeRef createLink(NodeRef destinationNodeRef, NodeRef sourceNodeRef)
{
NodeRef linkNodeRef = null;
try
{
linkNodeRef = documentLinkService.createDocumentLink(sourceNodeRef, destinationNodeRef);
}
catch (IllegalArgumentException ex)
{
if (ex.getMessage().contains("filelink") || ex.getMessage().contains("folderLink"))
{
return null;
}
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid Arguments: " + ex.getMessage());
}
catch (AccessDeniedException e)
{
throw new WebScriptException(Status.STATUS_FORBIDDEN, "You don't have permission to perform this operation");
}
return linkNodeRef;
}
}

816
source/java/org/alfresco/repo/web/scripts/links/AbstractLinksWebScript.java
View File

@@ -23,411 +23,411 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.links;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.alfresco.query.PagingRequest;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.links.LinksService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ScriptPagingDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;
/**
* @author Nick Burch
* @since 4.0
*/
public abstract class AbstractLinksWebScript extends DeclarativeWebScript
{
public static final String LINKS_SERVICE_ACTIVITY_APP_NAME = "links";
protected static final String PARAM_MESSAGE = "message";
protected static final String PARAM_ITEM = "item";
private static Log logger = LogFactory.getLog(AbstractLinksWebScript.class);
// Injected services
protected NodeService nodeService;
protected SiteService siteService;
protected LinksService linksService;
protected PersonService personService;
protected ActivityService activityService;
private String protocolsWhiteList = "http,https,ftp,mailto";
private ArrayList<String> allowedProtocols;
private ArrayList<Pattern> xssPatterns;
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setLinksService(LinksService linksService)
{
this.linksService = linksService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setActivityService(ActivityService activityService)
{
this.activityService = activityService;
}
public void setProtocolsWhiteList(String protocolsWhiteList)
{
this.protocolsWhiteList = protocolsWhiteList;
}
public void setXssRegexp(ArrayList<String> xssRegexp)
{
xssPatterns = new ArrayList<>(xssRegexp.size());
for (String xssRegexpStr : xssRegexp)
{
xssPatterns.add(Pattern.compile(xssRegexpStr));
}
}
private boolean isProtocolAllowed(String protocol)
{
// will be used default protocol prefix
if (protocol.length() == 0)
{
return true;
}
if (allowedProtocols == null)
{
allowedProtocols = new ArrayList<String>();
for (String delimProtocol : protocolsWhiteList.split(","))
{
if (delimProtocol.trim().length() == 0)
{
continue;
}
allowedProtocols.add(delimProtocol.trim());
}
}
return allowedProtocols.contains(protocol);
}
private boolean isPossibleXSS(String url)
{
// check for null
if (xssPatterns == null)
{
return false;
}
boolean result = false;
for (Pattern pattern : xssPatterns)
{
if (pattern.matcher(url).matches())
{
result = true;
}
}
return result;
}
private boolean isUrlCorrect(String url)
{
//default behavior if url absent
if (url == null)
{
return true;
}
if (url.trim().length() == 0 || isPossibleXSS(url))
{
return false;
}
int colonPos = url.indexOf(":");
colonPos = colonPos > 0 ? colonPos : 0;
String protocol = url.substring(0, colonPos);
boolean result = isProtocolAllowed(protocol);
//check for record host:port e.g.: localhost:8080
if (!result)
{
String secondUrlPart = url.substring(colonPos+1);
int slashPos = secondUrlPart.indexOf("/");
slashPos = slashPos > 0 ? slashPos : secondUrlPart.length();
String port = secondUrlPart.substring(0, slashPos);
Pattern p = Pattern.compile("^[0-9]*$");
if (p.matcher(port).matches())
{
result = true;
}
}
return result;
}
protected String getOrNull(JSONObject json, String key)
{
if (json.containsKey(key))
{
return (String)json.get(key);
}
return null;
}
protected List<String> getTags(JSONObject json)
{
List<String> tags = null;
if (json.containsKey("tags"))
{
// Is it "tags":"" or "tags":[...] ?
if (json.get("tags") instanceof String)
{
// This is normally an empty string, skip
String tagsS = (String)json.get("tags");
if ("".equals(tagsS))
{
// No tags were given
return null;
}
else
{
// Log, and treat as empty
// (We don't support "tags":"a,b,c" in these webscripts)
logger.warn("Unexpected tag data: " + tagsS);
return null;
}
}
else
{
tags = new ArrayList<String>();
JSONArray jsTags = (JSONArray)json.get("tags");
for (int i=0; i<jsTags.size(); i++)
{
tags.add( (String)jsTags.get(i) );
}
}
}
return tags;
}
/**
* Builds up a listing Paging request, based on the arguments
* specified in the URL
*/
protected PagingRequest buildPagingRequest(WebScriptRequest req)
{
if (req.getParameter("page") == null || req.getParameter("pageSize") == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Paging size parameters missing");
}
return new ScriptPagingDetails(req, 100);
}
/**
* Generates an activity entry for the link
*/
protected void addActivityEntry(String event, LinkInfo link, SiteInfo site,
WebScriptRequest req, JSONObject json)
{
// What page is this for?
String page = req.getParameter("page");
if (page == null && json != null)
{
if (json.containsKey("page"))
{
page = (String)json.get("page");
}
}
if (page == null)
{
// Default
page = "links";
}
try
{
StringWriter activityJson = new StringWriter();
JSONWriter activity = new JSONWriter(activityJson);
activity.startObject();
activity.writeValue("title", link.getTitle());
activity.writeValue("page", page + "?linkId=" + link.getSystemName());
activity.endObject();
activityService.postActivity(
"org.alfresco.links.link-" + event,
site.getShortName(),
LINKS_SERVICE_ACTIVITY_APP_NAME,
activityJson.toString());
}
catch (Exception e)
{
// Warn, but carry on
logger.warn("Error adding link " + event + " to activities feed", e);
}
}
protected Map<String, Object> renderLink(LinkInfo link)
{
Map<String, Object> res = new HashMap<String, Object>();
res.put("node", link.getNodeRef());
res.put("name", link.getSystemName());
res.put("title", link.getTitle());
res.put("description", link.getDescription());
res.put("url", link.getURL());
res.put("createdOn", link.getCreatedAt());
res.put("modifiedOn", link.getModifiedAt());
res.put("tags", link.getTags());
res.put("internal", link.isInternal());
// FTL needs a script node of the person, if available
String creator = link.getCreator();
Object creatorO;
if ((null == creator) || !personService.personExists(creator))
{
creatorO = "";
}
else
{
NodeRef person = personService.getPerson(creator);
creatorO = person;
}
res.put("creator", creatorO);
// We want blank instead of null
for (String key : res.keySet())
{
if (res.get(key) == null)
{
res.put(key, "");
}
}
return res;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req,
Status status, Cache cache)
{
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
if (templateVars == null)
{
String error = "No parameters supplied";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Parse the JSON, if supplied
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
JSONParser parser = new JSONParser();
try
{
json = (JSONObject)parser.parse(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch(ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
// Get the site short name. Try quite hard to do so...
String siteName = templateVars.get("site");
if (siteName == null)
{
siteName = req.getParameter("site");
}
if (siteName == null && json != null)
{
if (json.containsKey("siteid"))
{
siteName = (String)json.get("siteid");
}
else if (json.containsKey("site"))
{
siteName = (String)json.get("site");
}
}
if (siteName == null)
{
String error = "No site given";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Grab the requested site
SiteInfo site = siteService.getSite(siteName);
if (site == null)
{
String error = "Could not find site: " + siteName;
throw new WebScriptException(Status.STATUS_NOT_FOUND, error);
}
// Link name is optional
String linkName = templateVars.get("path");
//sanitise url
if (json != null)
{
String url = getOrNull(json, "url");
if (!isUrlCorrect(url))
{
String error = "Url not allowed";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
}
// Have the real work done
return executeImpl(site, linkName, req, json, status, cache);
}
protected abstract Map<String, Object> executeImpl(SiteInfo site,
String linkName, WebScriptRequest req, JSONObject json,
Status status, Cache cache);
}
package org.alfresco.repo.web.scripts.links;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.alfresco.query.PagingRequest;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.links.LinksService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ScriptPagingDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;
/**
* @author Nick Burch
* @since 4.0
*/
public abstract class AbstractLinksWebScript extends DeclarativeWebScript
{
public static final String LINKS_SERVICE_ACTIVITY_APP_NAME = "links";
protected static final String PARAM_MESSAGE = "message";
protected static final String PARAM_ITEM = "item";
private static Log logger = LogFactory.getLog(AbstractLinksWebScript.class);
// Injected services
protected NodeService nodeService;
protected SiteService siteService;
protected LinksService linksService;
protected PersonService personService;
protected ActivityService activityService;
private String protocolsWhiteList = "http,https,ftp,mailto";
private ArrayList<String> allowedProtocols;
private ArrayList<Pattern> xssPatterns;
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setLinksService(LinksService linksService)
{
this.linksService = linksService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setActivityService(ActivityService activityService)
{
this.activityService = activityService;
}
public void setProtocolsWhiteList(String protocolsWhiteList)
{
this.protocolsWhiteList = protocolsWhiteList;
}
public void setXssRegexp(ArrayList<String> xssRegexp)
{
xssPatterns = new ArrayList<>(xssRegexp.size());
for (String xssRegexpStr : xssRegexp)
{
xssPatterns.add(Pattern.compile(xssRegexpStr));
}
}
private boolean isProtocolAllowed(String protocol)
{
// will be used default protocol prefix
if (protocol.length() == 0)
{
return true;
}
if (allowedProtocols == null)
{
allowedProtocols = new ArrayList<String>();
for (String delimProtocol : protocolsWhiteList.split(","))
{
if (delimProtocol.trim().length() == 0)
{
continue;
}
allowedProtocols.add(delimProtocol.trim());
}
}
return allowedProtocols.contains(protocol);
}
private boolean isPossibleXSS(String url)
{
// check for null
if (xssPatterns == null)
{
return false;
}
boolean result = false;
for (Pattern pattern : xssPatterns)
{
if (pattern.matcher(url).matches())
{
result = true;
}
}
return result;
}
private boolean isUrlCorrect(String url)
{
//default behavior if url absent
if (url == null)
{
return true;
}
if (url.trim().length() == 0 || isPossibleXSS(url))
{
return false;
}
int colonPos = url.indexOf(":");
colonPos = colonPos > 0 ? colonPos : 0;
String protocol = url.substring(0, colonPos);
boolean result = isProtocolAllowed(protocol);
//check for record host:port e.g.: localhost:8080
if (!result)
{
String secondUrlPart = url.substring(colonPos+1);
int slashPos = secondUrlPart.indexOf("/");
slashPos = slashPos > 0 ? slashPos : secondUrlPart.length();
String port = secondUrlPart.substring(0, slashPos);
Pattern p = Pattern.compile("^[0-9]*$");
if (p.matcher(port).matches())
{
result = true;
}
}
return result;
}
protected String getOrNull(JSONObject json, String key)
{
if (json.containsKey(key))
{
return (String)json.get(key);
}
return null;
}
protected List<String> getTags(JSONObject json)
{
List<String> tags = null;
if (json.containsKey("tags"))
{
// Is it "tags":"" or "tags":[...] ?
if (json.get("tags") instanceof String)
{
// This is normally an empty string, skip
String tagsS = (String)json.get("tags");
if ("".equals(tagsS))
{
// No tags were given
return null;
}
else
{
// Log, and treat as empty
// (We don't support "tags":"a,b,c" in these webscripts)
logger.warn("Unexpected tag data: " + tagsS);
return null;
}
}
else
{
tags = new ArrayList<String>();
JSONArray jsTags = (JSONArray)json.get("tags");
for (int i=0; i<jsTags.size(); i++)
{
tags.add( (String)jsTags.get(i) );
}
}
}
return tags;
}
/**
* Builds up a listing Paging request, based on the arguments
* specified in the URL
*/
protected PagingRequest buildPagingRequest(WebScriptRequest req)
{
if (req.getParameter("page") == null || req.getParameter("pageSize") == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Paging size parameters missing");
}
return new ScriptPagingDetails(req, 100);
}
/**
* Generates an activity entry for the link
*/
protected void addActivityEntry(String event, LinkInfo link, SiteInfo site,
WebScriptRequest req, JSONObject json)
{
// What page is this for?
String page = req.getParameter("page");
if (page == null && json != null)
{
if (json.containsKey("page"))
{
page = (String)json.get("page");
}
}
if (page == null)
{
// Default
page = "links";
}
try
{
StringWriter activityJson = new StringWriter();
JSONWriter activity = new JSONWriter(activityJson);
activity.startObject();
activity.writeValue("title", link.getTitle());
activity.writeValue("page", page + "?linkId=" + link.getSystemName());
activity.endObject();
activityService.postActivity(
"org.alfresco.links.link-" + event,
site.getShortName(),
LINKS_SERVICE_ACTIVITY_APP_NAME,
activityJson.toString());
}
catch (Exception e)
{
// Warn, but carry on
logger.warn("Error adding link " + event + " to activities feed", e);
}
}
protected Map<String, Object> renderLink(LinkInfo link)
{
Map<String, Object> res = new HashMap<String, Object>();
res.put("node", link.getNodeRef());
res.put("name", link.getSystemName());
res.put("title", link.getTitle());
res.put("description", link.getDescription());
res.put("url", link.getURL());
res.put("createdOn", link.getCreatedAt());
res.put("modifiedOn", link.getModifiedAt());
res.put("tags", link.getTags());
res.put("internal", link.isInternal());
// FTL needs a script node of the person, if available
String creator = link.getCreator();
Object creatorO;
if ((null == creator) || !personService.personExists(creator))
{
creatorO = "";
}
else
{
NodeRef person = personService.getPerson(creator);
creatorO = person;
}
res.put("creator", creatorO);
// We want blank instead of null
for (String key : res.keySet())
{
if (res.get(key) == null)
{
res.put(key, "");
}
}
return res;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req,
Status status, Cache cache)
{
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
if (templateVars == null)
{
String error = "No parameters supplied";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Parse the JSON, if supplied
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
JSONParser parser = new JSONParser();
try
{
json = (JSONObject)parser.parse(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch(ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
// Get the site short name. Try quite hard to do so...
String siteName = templateVars.get("site");
if (siteName == null)
{
siteName = req.getParameter("site");
}
if (siteName == null && json != null)
{
if (json.containsKey("siteid"))
{
siteName = (String)json.get("siteid");
}
else if (json.containsKey("site"))
{
siteName = (String)json.get("site");
}
}
if (siteName == null)
{
String error = "No site given";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Grab the requested site
SiteInfo site = siteService.getSite(siteName);
if (site == null)
{
String error = "Could not find site: " + siteName;
throw new WebScriptException(Status.STATUS_NOT_FOUND, error);
}
// Link name is optional
String linkName = templateVars.get("path");
//sanitise url
if (json != null)
{
String url = getOrNull(json, "url");
if (!isUrlCorrect(url))
{
String error = "Url not allowed";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
}
// Have the real work done
return executeImpl(site, linkName, req, json, status, cache);
}
protected abstract Map<String, Object> executeImpl(SiteInfo site,
String linkName, WebScriptRequest req, JSONObject json,
Status status, Cache cache);
}