📄 attachmentwebhandler.java
字号:
// have permission, just do nothing, that is dont check the max day contraint
} else if ( (logonMemberID==authorID) && onlineUser.isMember() ) {
// same author, but not guest
// check date here, usually must not older than 1 days
Timestamp postDate = postBean.getPostCreationDate();
/** @todo config maxDays */
int maxDays = 1;
if ( (now.getTime() - postDate.getTime()) > (DateUtil.DAY * maxDays) ) {
/** @todo choose a better Exception here */
throw new BadInputException("You cannot attach a file to a post which is older than " + maxDays + " days.");
}
/** @todo check status of this post */
/*
if (postBean.getPostStatus() == ?) {
throw new BadInputException("Cannot attach a file to disabled post.");
}*/
} else {//not an author, so this user must have Edit Permission
//@todo is this the correct permission checking ??? Igor: yes it is
permission.ensureCanEditPost(forumID);// this method ALWAYS throws AuthenticationException
}
// now all contraints/permission have been checked
// values that we can init now
String attachCreationIP = request.getRemoteAddr();
Timestamp attachCreationDate= now;
Timestamp attachModifiedDate= now;
int attachDownloadCount = 0;
int attachOption = 0;// check it
int attachStatus = 0;// check it
int attachID = DAOFactory.getAttachmentDAO().createAttachment(postID, logonMemberID, attachFilename,
attachFileSize, attachMimeType, attachDesc,
attachCreationIP, attachCreationDate, attachModifiedDate,
attachDownloadCount, attachOption, attachStatus);
try {
String filename = AttachmentUtil.getAttachFilenameOnDisk(attachID);
log.debug("Attach filename to save to file system = " + filename);
attachFileItem.write(filename);
} catch (Exception ex) {
log.error("Cannot save the attachment file", ex);
DAOFactory.getAttachmentDAO().delete(attachID);
throw new IOException("Cannot save the attachment file to the file system.");
}
// we dont want the exception to throw below this
int attachCount = DAOFactory.getAttachmentDAO().getNumberOfBeans_inPost(postID);
DAOFactory.getPostDAO().updateAttachCount(postID, attachCount);
request.setAttribute("ForumID", String.valueOf(forumID));
request.setAttribute("ThreadID", String.valueOf(postBean.getThreadID()));
request.setAttribute("PostID", String.valueOf(postID));
request.setAttribute("offset", String.valueOf(offset));
request.setAttribute("AttachMore", new Boolean(attachMore));
}
void prepareDelete(HttpServletRequest request)
throws ObjectNotFoundException, BadInputException, DatabaseException, AuthenticationException, AssertionException {
OnlineUser onlineUser = userManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
// primary key column(s)
int attachID = ParamUtil.getParameterInt(request, "attach");
AttachmentBean attachmentBean = DAOFactory.getAttachmentDAO().getBean(attachID);
int postID = attachmentBean.getPostID();
PostBean postBean = DAOFactory.getPostDAO().getPost(postID);
// now, check the permission
permission.ensureCanDeletePost(postBean.getForumID());
ForumCache.getInstance().getBean(postBean.getForumID()).ensureNotDisabledForum();
request.setAttribute("AttachmentBean", attachmentBean);
request.setAttribute("PostBean", postBean);
}
void processDelete(HttpServletRequest request)
throws BadInputException, DatabaseException, AuthenticationException, AssertionException, ObjectNotFoundException {
OnlineUser onlineUser = userManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
// user must have been authenticated before he can delete
permission.ensureIsAuthenticated();
// primary key column(s)
int attachID = ParamUtil.getParameterInt(request, "attach");
AttachmentBean attachmentBean = DAOFactory.getAttachmentDAO().getBean(attachID);
int postID = attachmentBean.getPostID();
PostBean postBean = DAOFactory.getPostDAO().getPost(postID);
ForumCache.getInstance().getBean(postBean.getForumID()).ensureNotDisabledForum();
// now, check the permission
permission.ensureCanDeletePost(postBean.getForumID());
// now check the password
MyUtil.ensureCorrectCurrentPassword(request);
// delete in database
DAOFactory.getAttachmentDAO().delete(attachID);
// delete on disk
AttachmentUtil.deleteAttachFilenameOnDisk(attachID);
// we dont want the exception to throw below this
int attachCount = DAOFactory.getAttachmentDAO().getNumberOfBeans_inPost(postID);
DAOFactory.getPostDAO().updateAttachCount(postID, attachCount);
int threadID = postBean.getThreadID();
request.setAttribute("ThreadID", String.valueOf(threadID));
}
/*
* @todo find a way to cache the file based on the http protocal
* @todo check permission
*/
void downloadAttachment(HttpServletRequest request, HttpServletResponse response)
throws BadInputException, DatabaseException, ObjectNotFoundException, IOException,
AuthenticationException, AssertionException {
OnlineUser onlineUser = userManager.getOnlineUser(request);
MVNForumPermission permission = onlineUser.getPermission();
int attachID = ParamUtil.getParameterInt(request, "attach");
AttachmentBean attachBean = DAOFactory.getAttachmentDAO().getBean(attachID);
int postID = attachBean.getPostID();
PostBean postBean = DAOFactory.getPostDAO().getPost(postID);
int forumID = postBean.getForumID();
ForumCache.getInstance().getBean(forumID).ensureNotDisabledForum();
ForumCache.getInstance().getBean(forumID).ensureNotLockedForum();
permission.ensureCanGetAttachment(forumID);
InputStream inputStream = null;
OutputStream outputStream = null;
try {
String attachFilename = AttachmentUtil.getAttachFilenameOnDisk(attachID);
try {
inputStream = new FileInputStream(attachFilename);
} catch (IOException ex) {
// we dont want to show the filename on file system in the original exception for security
log.error("Cannot open attach file on file system with attach id = " + attachID, ex);
throw new IOException("Cannot open attach file on file system with attach id = " + attachID + ". Please report this error to the Web site Administrator.");
}
byte[]buffer = FileUtil.getBytes(inputStream);
inputStream.close();
inputStream = null;// no close twice
// we should not call this method after done the outputStream
// because we dont want exception after download
DAOFactory.getAttachmentDAO().increaseDownloadCount(attachID);
outputStream = response.getOutputStream();
response.setContentType(attachBean.getAttachMimeType());
response.setHeader("Location", attachBean.getAttachFilename());
// now use Cache-Control if the MIME type are image
if (attachBean.getAttachMimeType().startsWith("image/")) {
int cacheTime = DateUtil.DAY * 30 / 1000;// 30 days
response.setHeader("Cache-Control", "max-age=" + cacheTime);
}
//added by Dejan
response.setHeader("Content-Disposition", "attachment; filename=" + attachBean.getAttachFilename());
outputStream.write(buffer);
outputStream.flush();
outputStream.close();
outputStream = null;// no close twice
} catch (IOException ex) {
throw ex;
} finally {
if (inputStream != null) {
try {
inputStream.close();
} catch (IOException ex) { }
}
if (outputStream != null) {
try {
outputStream.close();
} catch (IOException ex) { }
}
}
}
/**
* NOTE: This method should be called before any attemp to delete a post
* because it require the post is exited
* After calling this method, go ahead and delete the post
*/
static void deleteAttachments_inPost(int postID) throws DatabaseException {
// First, try to delete attachment in database
Collection attachmentBeans = DAOFactory.getAttachmentDAO().getBeans_inPost(postID);
DAOFactory.getAttachmentDAO().delete_inPost(postID);
//now delete files on disk
for (Iterator iter = attachmentBeans.iterator(); iter.hasNext(); ) {
AttachmentBean attachmentBean = (AttachmentBean)iter.next();
AttachmentUtil.deleteAttachFilenameOnDisk(attachmentBean.getAttachID());
}
}
/**
* NOTE: This method should be called before any attemp to delete a thread
* because it require the thread is exited
* After calling this method, go ahead and delete the thread
*/
static void deleteAttachments_inThread(int threadID) throws DatabaseException {
// First, try to delete attachment in database
Collection attachmentBeans = DAOFactory.getAttachmentDAO().getBeans_inThread(threadID);
//now delete files on disk
for (Iterator iter = attachmentBeans.iterator(); iter.hasNext(); ) {
AttachmentBean attachmentBean = (AttachmentBean)iter.next();
int attachID = attachmentBean.getAttachID();
AttachmentUtil.deleteAttachFilenameOnDisk(attachID);
try {
DAOFactory.getAttachmentDAO().delete(attachID);
} catch (Exception ex) {
log.warn("Cannot delete attachment (id = " + attachID + ") in database", ex);
}
}
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -