boardpermissioninterceptor.java

一个jsp写的bbs

package com.laoer.bbscs.web.interceptor;

import net.sf.struts.saif.ActionHaveForwardInterceptor;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionForm;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import javax.servlet.ServletException;
import org.apache.commons.lang.StringUtils;
import javax.servlet.http.HttpSession;
import com.laoer.bbscs.comm.Constant;
import com.laoer.bbscs.web.servlet.UserSession;
import org.apache.commons.lang.math.NumberUtils;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.context.WebApplicationContext;
import com.laoer.bbscs.service.BoardService;
import java.util.Map;
import com.laoer.bbscs.comm.BBSCSUtil;
import com.laoer.bbscs.bean.Permission;
import java.util.Iterator;
import java.util.Set;
import com.laoer.bbscs.bean.Board;
import com.laoer.bbscs.bean.BoardMaster;
import com.laoer.bbscs.comm.AjaxMessagesXML;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import com.laoer.bbscs.web.action.ActionUtils;
import com.laoer.bbscs.service.BoardAuthUserService;
import com.laoer.bbscs.bean.UserOnline;
import com.laoer.bbscs.service.UserOnlineService;
import com.laoer.bbscs.exception.*;
import org.apache.commons.logging.LogFactory;
import org.apache.commons.logging.Log;

/**
 * <p>Title: Tianyi BBS</p>
 *
 * <p>Description: BBSCS</p>
 *
 * <p>Copyright: Copyright (c) 2006</p>
 *
 * <p>Company: Laoer.com</p>
 *
 * @author Gong Tianyi
 * @version 7.0
 */
public class BoardPermissionInterceptor
    implements ActionHaveForwardInterceptor {

  private static final Log logger = LogFactory.getLog(BoardPermissionInterceptor.class);

  public BoardPermissionInterceptor() {
  }

  /**
   * beforeAction
   *
   * @param action Action
   * @param actionMapping ActionMapping
   * @param actionForm ActionForm
   * @param httpServletRequest HttpServletRequest
   * @param httpServletResponse HttpServletResponse
   * @return ActionForward
   * @throws IOException
   * @throws ServletException
   * @todo Implement this net.sf.struts.saif.ActionHaveForwardInterceptor method
   */
  public ActionForward beforeAction(Action action, ActionMapping actionMapping,
                                    ActionForm actionForm, HttpServletRequest httpServletRequest,
                                    HttpServletResponse httpServletResponse) throws IOException,
      ServletException {
    HttpSession session = httpServletRequest.getSession();
    String ajax = httpServletRequest.getParameter("ajax");
    if (StringUtils.isBlank(ajax)) {
      ajax = "html";
    }
    UserSession us = (UserSession) session.getAttribute(Constant.USER_SESSION_KEY);
    WebApplicationContext wc = WebApplicationContextUtils.getWebApplicationContext(action.
        getServlet().getServletContext());
    long bid = NumberUtils.toLong(httpServletRequest.getParameter("bid"), 0); //取得版区ID
    if (bid == 0) { //版区ID错误
      if (ajax.equalsIgnoreCase("html")) {
        ActionMessages errors = new ActionMessages();
        errors.add("error.board.id", new ActionMessage("error.board.id"));
        ActionUtils.addErrors(httpServletRequest, errors);

        return actionMapping.findForward("error");
      }
      else if (ajax.equalsIgnoreCase("shtml")) {
        ActionMessages errors = new ActionMessages();
        errors.add("error.board.id", new ActionMessage("error.board.id"));
        ActionUtils.addErrors(httpServletRequest, errors);

        return actionMapping.findForward("htmlError");
      }
      else {
        AjaxMessagesXML ajaxMessagesXML = (AjaxMessagesXML) wc.getBean("ajaxMessagesXML");
        ajaxMessagesXML.setMessage(Constant.CODEID_BOARDID_ERROR,
                                   Constant.MESSAGE.getMessage(httpServletRequest.getLocale(),
            "error.board.id"));
        httpServletRequest.setAttribute("xmlo", ajaxMessagesXML.getXmlo());
        httpServletRequest.setAttribute("messagesDocument", ajaxMessagesXML.getMessagesDocument());
        return actionMapping.findForward("ajaxjsp");
      }
    }

    BoardService boardService = (BoardService) wc.getBean("boardService");

    Board board = boardService.getBoardByID(bid);
    if (board == null) { //版区不存在
      if (ajax.equalsIgnoreCase("html")) {
        //System.out.println("html");
        ActionMessages errors = new ActionMessages();
        errors.add("error.board.id", new ActionMessage("error.board.id"));
        ActionUtils.addErrors(httpServletRequest, errors);

        return actionMapping.findForward("error");
      }
      else if (ajax.equalsIgnoreCase("shtml")) {
        ActionMessages errors = new ActionMessages();
        errors.add("error.board.id", new ActionMessage("error.board.id"));
        ActionUtils.addErrors(httpServletRequest, errors);

        return actionMapping.findForward("htmlError");
      }
      else {
        //System.out.println("xml");

        AjaxMessagesXML ajaxMessagesXML = (AjaxMessagesXML) wc.getBean("ajaxMessagesXML");
        ajaxMessagesXML.setMessage(Constant.CODEID_BOARDID_ERROR,
                                   Constant.MESSAGE.getMessage(httpServletRequest.getLocale(),
            "error.board.id"));
        httpServletRequest.setAttribute("xmlo", ajaxMessagesXML.getXmlo());
        httpServletRequest.setAttribute("messagesDocument", ajaxMessagesXML.getMessagesDocument());
        return actionMapping.findForward("ajaxjsp");
      }
    }

    httpServletRequest.setAttribute(Constant.BOARD_REQUEST_KEY, board); //将board对象放入request

    if (us.getBid() != bid) {//说明用户改变版区，重写权限
      us.getBoardPermission().clear();
      us.getBoardSpecialPermission().clear();
      us.setBid(bid);
      us.setBoardPass("");
      Map[] maps = boardService.getBoardPermission(bid, us.getGroupID()); //取得版区用户组权限

      Set pset = maps[0].entrySet();
      Iterator it = pset.iterator();
      while (it.hasNext()) {
        Map.Entry p = (Map.Entry) it.next();
        Permission permission = (Permission) p.getValue();
        String[] actions = permission.getAction().split(",");
        for (int i = 0; i < actions.length; i++) {
          String[] resources = ( (String) p.getKey()).split(",");
          us.getBoardPermission().put(BBSCSUtil.getActionMappingURL(resources[0],
              httpServletRequest) + "?action=" + actions[i], p.getValue());
        }
      }
      //us.setBoardSpecialPermission(maps[1]);
      Set gbspset = maps[1].entrySet();
      Iterator gbspit = gbspset.iterator();
      while (gbspit.hasNext()) {
        Map.Entry p = (Map.Entry) gbspit.next();
        us.getBoardSpecialPermission().put(p.getKey(), p.getValue());
      }

      BoardMaster bm = (BoardMaster) board.getBoardMaster().get(us.getUserName());
      if (bm != null) { //是斑竹
        Map[] bmpMap = boardService.getBoardMasterPermission(bm.getRoleID()); //取得斑竹权限
        Set bpset = bmpMap[0].entrySet(); //版主普通权限
        Iterator bpit = bpset.iterator();
        while (bpit.hasNext()) {
          Map.Entry p = (Map.Entry) bpit.next();
          Permission permission = (Permission) p.getValue();
          String[] actions = permission.getAction().split(",");
          for (int i = 0; i < actions.length; i++) {
            String[] resources = ( (String) p.getKey()).split(",");
            us.getBoardPermission().put(BBSCSUtil.getActionMappingURL(resources[0],
                httpServletRequest) + "?action=" + actions[i], p.getValue());
          }
        }