inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged 5.2.N (5.2.1) to HEAD (5.2)

Browse Source 
131742 rneamtu:       131742 rneamtu: SHA-1629 : Creating a link to file in a different location
            - Added support for multiple files in doclink.post webscript


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@132292 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Alan Davis
2016-11-03 13:56:56 +00:00
parent 74dc12f5c3
commit 53cbbd39fe
6 changed files with 776 additions and 621 deletions
Download Patch File Download Diff File Expand all files Collapse all files

816
source/java/org/alfresco/repo/web/scripts/links/AbstractLinksWebScript.java
View File

@@ -23,411 +23,411 @@
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.repo.web.scripts.links;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.alfresco.query.PagingRequest;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.links.LinksService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ScriptPagingDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;
/**
* @author Nick Burch
* @since 4.0
*/
public abstract class AbstractLinksWebScript extends DeclarativeWebScript
{
public static final String LINKS_SERVICE_ACTIVITY_APP_NAME = "links";
protected static final String PARAM_MESSAGE = "message";
protected static final String PARAM_ITEM = "item";
private static Log logger = LogFactory.getLog(AbstractLinksWebScript.class);
// Injected services
protected NodeService nodeService;
protected SiteService siteService;
protected LinksService linksService;
protected PersonService personService;
protected ActivityService activityService;
private String protocolsWhiteList = "http,https,ftp,mailto";
private ArrayList<String> allowedProtocols;
private ArrayList<Pattern> xssPatterns;
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setLinksService(LinksService linksService)
{
this.linksService = linksService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setActivityService(ActivityService activityService)
{
this.activityService = activityService;
}
public void setProtocolsWhiteList(String protocolsWhiteList)
{
this.protocolsWhiteList = protocolsWhiteList;
}
public void setXssRegexp(ArrayList<String> xssRegexp)
{
xssPatterns = new ArrayList<>(xssRegexp.size());
for (String xssRegexpStr : xssRegexp)
{
xssPatterns.add(Pattern.compile(xssRegexpStr));
}
}
private boolean isProtocolAllowed(String protocol)
{
// will be used default protocol prefix
if (protocol.length() == 0)
{
return true;
}
if (allowedProtocols == null)
{
allowedProtocols = new ArrayList<String>();
for (String delimProtocol : protocolsWhiteList.split(","))
{
if (delimProtocol.trim().length() == 0)
{
continue;
}
allowedProtocols.add(delimProtocol.trim());
}
}
return allowedProtocols.contains(protocol);
}
private boolean isPossibleXSS(String url)
{
// check for null
if (xssPatterns == null)
{
return false;
}
boolean result = false;
for (Pattern pattern : xssPatterns)
{
if (pattern.matcher(url).matches())
{
result = true;
}
}
return result;
}
private boolean isUrlCorrect(String url)
{
//default behavior if url absent
if (url == null)
{
return true;
}
if (url.trim().length() == 0 || isPossibleXSS(url))
{
return false;
}
int colonPos = url.indexOf(":");
colonPos = colonPos > 0 ? colonPos : 0;
String protocol = url.substring(0, colonPos);
boolean result = isProtocolAllowed(protocol);
//check for record host:port e.g.: localhost:8080
if (!result)
{
String secondUrlPart = url.substring(colonPos+1);
int slashPos = secondUrlPart.indexOf("/");
slashPos = slashPos > 0 ? slashPos : secondUrlPart.length();
String port = secondUrlPart.substring(0, slashPos);
Pattern p = Pattern.compile("^[0-9]*$");
if (p.matcher(port).matches())
{
result = true;
}
}
return result;
}
protected String getOrNull(JSONObject json, String key)
{
if (json.containsKey(key))
{
return (String)json.get(key);
}
return null;
}
protected List<String> getTags(JSONObject json)
{
List<String> tags = null;
if (json.containsKey("tags"))
{
// Is it "tags":"" or "tags":[...] ?
if (json.get("tags") instanceof String)
{
// This is normally an empty string, skip
String tagsS = (String)json.get("tags");
if ("".equals(tagsS))
{
// No tags were given
return null;
}
else
{
// Log, and treat as empty
// (We don't support "tags":"a,b,c" in these webscripts)
logger.warn("Unexpected tag data: " + tagsS);
return null;
}
}
else
{
tags = new ArrayList<String>();
JSONArray jsTags = (JSONArray)json.get("tags");
for (int i=0; i<jsTags.size(); i++)
{
tags.add( (String)jsTags.get(i) );
}
}
}
return tags;
}
/**
* Builds up a listing Paging request, based on the arguments
* specified in the URL
*/
protected PagingRequest buildPagingRequest(WebScriptRequest req)
{
if (req.getParameter("page") == null || req.getParameter("pageSize") == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Paging size parameters missing");
}
return new ScriptPagingDetails(req, 100);
}
/**
* Generates an activity entry for the link
*/
protected void addActivityEntry(String event, LinkInfo link, SiteInfo site,
WebScriptRequest req, JSONObject json)
{
// What page is this for?
String page = req.getParameter("page");
if (page == null && json != null)
{
if (json.containsKey("page"))
{
page = (String)json.get("page");
}
}
if (page == null)
{
// Default
page = "links";
}
try
{
StringWriter activityJson = new StringWriter();
JSONWriter activity = new JSONWriter(activityJson);
activity.startObject();
activity.writeValue("title", link.getTitle());
activity.writeValue("page", page + "?linkId=" + link.getSystemName());
activity.endObject();
activityService.postActivity(
"org.alfresco.links.link-" + event,
site.getShortName(),
LINKS_SERVICE_ACTIVITY_APP_NAME,
activityJson.toString());
}
catch (Exception e)
{
// Warn, but carry on
logger.warn("Error adding link " + event + " to activities feed", e);
}
}
protected Map<String, Object> renderLink(LinkInfo link)
{
Map<String, Object> res = new HashMap<String, Object>();
res.put("node", link.getNodeRef());
res.put("name", link.getSystemName());
res.put("title", link.getTitle());
res.put("description", link.getDescription());
res.put("url", link.getURL());
res.put("createdOn", link.getCreatedAt());
res.put("modifiedOn", link.getModifiedAt());
res.put("tags", link.getTags());
res.put("internal", link.isInternal());
// FTL needs a script node of the person, if available
String creator = link.getCreator();
Object creatorO;
if ((null == creator) || !personService.personExists(creator))
{
creatorO = "";
}
else
{
NodeRef person = personService.getPerson(creator);
creatorO = person;
}
res.put("creator", creatorO);
// We want blank instead of null
for (String key : res.keySet())
{
if (res.get(key) == null)
{
res.put(key, "");
}
}
return res;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req,
Status status, Cache cache)
{
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
if (templateVars == null)
{
String error = "No parameters supplied";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Parse the JSON, if supplied
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
JSONParser parser = new JSONParser();
try
{
json = (JSONObject)parser.parse(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch(ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
// Get the site short name. Try quite hard to do so...
String siteName = templateVars.get("site");
if (siteName == null)
{
siteName = req.getParameter("site");
}
if (siteName == null && json != null)
{
if (json.containsKey("siteid"))
{
siteName = (String)json.get("siteid");
}
else if (json.containsKey("site"))
{
siteName = (String)json.get("site");
}
}
if (siteName == null)
{
String error = "No site given";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Grab the requested site
SiteInfo site = siteService.getSite(siteName);
if (site == null)
{
String error = "Could not find site: " + siteName;
throw new WebScriptException(Status.STATUS_NOT_FOUND, error);
}
// Link name is optional
String linkName = templateVars.get("path");
//sanitise url
if (json != null)
{
String url = getOrNull(json, "url");
if (!isUrlCorrect(url))
{
String error = "Url not allowed";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
}
// Have the real work done
return executeImpl(site, linkName, req, json, status, cache);
}
protected abstract Map<String, Object> executeImpl(SiteInfo site,
String linkName, WebScriptRequest req, JSONObject json,
Status status, Cache cache);
}
package org.alfresco.repo.web.scripts.links;
import java.io.IOException;
import java.io.StringWriter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import org.alfresco.query.PagingRequest;
import org.alfresco.repo.content.MimetypeMap;
import org.alfresco.service.cmr.activities.ActivityService;
import org.alfresco.service.cmr.links.LinkInfo;
import org.alfresco.service.cmr.links.LinksService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.cmr.site.SiteInfo;
import org.alfresco.service.cmr.site.SiteService;
import org.alfresco.util.ScriptPagingDetails;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.json.simple.JSONArray;
import org.json.simple.JSONObject;
import org.json.simple.parser.JSONParser;
import org.json.simple.parser.ParseException;
import org.springframework.extensions.webscripts.Cache;
import org.springframework.extensions.webscripts.DeclarativeWebScript;
import org.springframework.extensions.webscripts.Status;
import org.springframework.extensions.webscripts.WebScriptException;
import org.springframework.extensions.webscripts.WebScriptRequest;
import org.springframework.extensions.webscripts.json.JSONWriter;
/**
* @author Nick Burch
* @since 4.0
*/
public abstract class AbstractLinksWebScript extends DeclarativeWebScript
{
public static final String LINKS_SERVICE_ACTIVITY_APP_NAME = "links";
protected static final String PARAM_MESSAGE = "message";
protected static final String PARAM_ITEM = "item";
private static Log logger = LogFactory.getLog(AbstractLinksWebScript.class);
// Injected services
protected NodeService nodeService;
protected SiteService siteService;
protected LinksService linksService;
protected PersonService personService;
protected ActivityService activityService;
private String protocolsWhiteList = "http,https,ftp,mailto";
private ArrayList<String> allowedProtocols;
private ArrayList<Pattern> xssPatterns;
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSiteService(SiteService siteService)
{
this.siteService = siteService;
}
public void setLinksService(LinksService linksService)
{
this.linksService = linksService;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setActivityService(ActivityService activityService)
{
this.activityService = activityService;
}
public void setProtocolsWhiteList(String protocolsWhiteList)
{
this.protocolsWhiteList = protocolsWhiteList;
}
public void setXssRegexp(ArrayList<String> xssRegexp)
{
xssPatterns = new ArrayList<>(xssRegexp.size());
for (String xssRegexpStr : xssRegexp)
{
xssPatterns.add(Pattern.compile(xssRegexpStr));
}
}
private boolean isProtocolAllowed(String protocol)
{
// will be used default protocol prefix
if (protocol.length() == 0)
{
return true;
}
if (allowedProtocols == null)
{
allowedProtocols = new ArrayList<String>();
for (String delimProtocol : protocolsWhiteList.split(","))
{
if (delimProtocol.trim().length() == 0)
{
continue;
}
allowedProtocols.add(delimProtocol.trim());
}
}
return allowedProtocols.contains(protocol);
}
private boolean isPossibleXSS(String url)
{
// check for null
if (xssPatterns == null)
{
return false;
}
boolean result = false;
for (Pattern pattern : xssPatterns)
{
if (pattern.matcher(url).matches())
{
result = true;
}
}
return result;
}
private boolean isUrlCorrect(String url)
{
//default behavior if url absent
if (url == null)
{
return true;
}
if (url.trim().length() == 0 || isPossibleXSS(url))
{
return false;
}
int colonPos = url.indexOf(":");
colonPos = colonPos > 0 ? colonPos : 0;
String protocol = url.substring(0, colonPos);
boolean result = isProtocolAllowed(protocol);
//check for record host:port e.g.: localhost:8080
if (!result)
{
String secondUrlPart = url.substring(colonPos+1);
int slashPos = secondUrlPart.indexOf("/");
slashPos = slashPos > 0 ? slashPos : secondUrlPart.length();
String port = secondUrlPart.substring(0, slashPos);
Pattern p = Pattern.compile("^[0-9]*$");
if (p.matcher(port).matches())
{
result = true;
}
}
return result;
}
protected String getOrNull(JSONObject json, String key)
{
if (json.containsKey(key))
{
return (String)json.get(key);
}
return null;
}
protected List<String> getTags(JSONObject json)
{
List<String> tags = null;
if (json.containsKey("tags"))
{
// Is it "tags":"" or "tags":[...] ?
if (json.get("tags") instanceof String)
{
// This is normally an empty string, skip
String tagsS = (String)json.get("tags");
if ("".equals(tagsS))
{
// No tags were given
return null;
}
else
{
// Log, and treat as empty
// (We don't support "tags":"a,b,c" in these webscripts)
logger.warn("Unexpected tag data: " + tagsS);
return null;
}
}
else
{
tags = new ArrayList<String>();
JSONArray jsTags = (JSONArray)json.get("tags");
for (int i=0; i<jsTags.size(); i++)
{
tags.add( (String)jsTags.get(i) );
}
}
}
return tags;
}
/**
* Builds up a listing Paging request, based on the arguments
* specified in the URL
*/
protected PagingRequest buildPagingRequest(WebScriptRequest req)
{
if (req.getParameter("page") == null || req.getParameter("pageSize") == null)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Paging size parameters missing");
}
return new ScriptPagingDetails(req, 100);
}
/**
* Generates an activity entry for the link
*/
protected void addActivityEntry(String event, LinkInfo link, SiteInfo site,
WebScriptRequest req, JSONObject json)
{
// What page is this for?
String page = req.getParameter("page");
if (page == null && json != null)
{
if (json.containsKey("page"))
{
page = (String)json.get("page");
}
}
if (page == null)
{
// Default
page = "links";
}
try
{
StringWriter activityJson = new StringWriter();
JSONWriter activity = new JSONWriter(activityJson);
activity.startObject();
activity.writeValue("title", link.getTitle());
activity.writeValue("page", page + "?linkId=" + link.getSystemName());
activity.endObject();
activityService.postActivity(
"org.alfresco.links.link-" + event,
site.getShortName(),
LINKS_SERVICE_ACTIVITY_APP_NAME,
activityJson.toString());
}
catch (Exception e)
{
// Warn, but carry on
logger.warn("Error adding link " + event + " to activities feed", e);
}
}
protected Map<String, Object> renderLink(LinkInfo link)
{
Map<String, Object> res = new HashMap<String, Object>();
res.put("node", link.getNodeRef());
res.put("name", link.getSystemName());
res.put("title", link.getTitle());
res.put("description", link.getDescription());
res.put("url", link.getURL());
res.put("createdOn", link.getCreatedAt());
res.put("modifiedOn", link.getModifiedAt());
res.put("tags", link.getTags());
res.put("internal", link.isInternal());
// FTL needs a script node of the person, if available
String creator = link.getCreator();
Object creatorO;
if ((null == creator) || !personService.personExists(creator))
{
creatorO = "";
}
else
{
NodeRef person = personService.getPerson(creator);
creatorO = person;
}
res.put("creator", creatorO);
// We want blank instead of null
for (String key : res.keySet())
{
if (res.get(key) == null)
{
res.put(key, "");
}
}
return res;
}
@Override
protected Map<String, Object> executeImpl(WebScriptRequest req,
Status status, Cache cache)
{
Map<String, String> templateVars = req.getServiceMatch().getTemplateVars();
if (templateVars == null)
{
String error = "No parameters supplied";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Parse the JSON, if supplied
JSONObject json = null;
String contentType = req.getContentType();
if (contentType != null && contentType.indexOf(';') != -1)
{
contentType = contentType.substring(0, contentType.indexOf(';'));
}
if (MimetypeMap.MIMETYPE_JSON.equals(contentType))
{
JSONParser parser = new JSONParser();
try
{
json = (JSONObject)parser.parse(req.getContent().getContent());
}
catch (IOException io)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + io.getMessage());
}
catch(ParseException pe)
{
throw new WebScriptException(Status.STATUS_BAD_REQUEST, "Invalid JSON: " + pe.getMessage());
}
}
// Get the site short name. Try quite hard to do so...
String siteName = templateVars.get("site");
if (siteName == null)
{
siteName = req.getParameter("site");
}
if (siteName == null && json != null)
{
if (json.containsKey("siteid"))
{
siteName = (String)json.get("siteid");
}
else if (json.containsKey("site"))
{
siteName = (String)json.get("site");
}
}
if (siteName == null)
{
String error = "No site given";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
// Grab the requested site
SiteInfo site = siteService.getSite(siteName);
if (site == null)
{
String error = "Could not find site: " + siteName;
throw new WebScriptException(Status.STATUS_NOT_FOUND, error);
}
// Link name is optional
String linkName = templateVars.get("path");
//sanitise url
if (json != null)
{
String url = getOrNull(json, "url");
if (!isUrlCorrect(url))
{
String error = "Url not allowed";
throw new WebScriptException(Status.STATUS_BAD_REQUEST, error);
}
}
// Have the real work done
return executeImpl(site, linkName, req, json, status, cache);
}
protected abstract Map<String, Object> executeImpl(SiteInfo site,
String linkName, WebScriptRequest req, JSONObject json,
Status status, Cache cache);
}