1. Project Clover database Sat Feb 2 2019 06:45:20 CET
  2. Package com.xpn.xwiki.web

File DeleteAttachmentAction.java

 

Coverage histogram

../../../../img/srcFileCovDistChart5.png
76% of files have more coverage

Code metrics

26
59
3
1
176
116
17
0.29
19.67
3
5.67

Classes

Class Line # Actions
DeleteAttachmentAction 44 59 0% 17 50
0.431818243.2%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.web;
21   
22    import javax.script.ScriptContext;
23    import javax.servlet.http.HttpServletResponse;
24   
25    import org.apache.commons.lang3.exception.ExceptionUtils;
26    import org.apache.commons.lang3.math.NumberUtils;
27    import org.xwiki.model.EntityType;
28    import org.xwiki.resource.ResourceReference;
29    import org.xwiki.resource.ResourceReferenceManager;
30    import org.xwiki.resource.entity.EntityResourceReference;
31   
32    import com.xpn.xwiki.XWiki;
33    import com.xpn.xwiki.XWikiContext;
34    import com.xpn.xwiki.XWikiException;
35    import com.xpn.xwiki.doc.DeletedAttachment;
36    import com.xpn.xwiki.doc.XWikiAttachment;
37    import com.xpn.xwiki.doc.XWikiDocument;
38   
39    /**
40    * Delete attachment xwiki action.
41    *
42    * @version $Id: 866a938baccb7e64d4b4e5c5c1a33905181ca5d6 $
43    */
 
44    public class DeleteAttachmentAction extends XWikiAction
45    {
 
46  4 toggle @Override
47    public boolean action(XWikiContext context) throws XWikiException
48    {
49    // CSRF prevention
50  4 if (!csrfTokenCheck(context)) {
51  0 return false;
52    }
53   
54  4 XWikiRequest request = context.getRequest();
55  4 XWikiResponse response = context.getResponse();
56  4 XWikiDocument doc = context.getDoc();
57  4 XWikiAttachment attachment = null;
58  4 XWiki xwiki = context.getWiki();
59  4 String filename;
60   
61    // Delete from the trash
62  4 if (request.getParameter("trashId") != null) {
63  0 long trashId = NumberUtils.toLong(request.getParameter("trashId"));
64  0 DeletedAttachment da = xwiki.getAttachmentRecycleBinStore().getDeletedAttachment(trashId, context, true);
65    // If the attachment hasn't been previously deleted (i.e. it's not in the deleted attachment store) then
66    // don't try to delete it and instead redirect to the attachment list.
67  0 if (da != null) {
68  0 com.xpn.xwiki.api.DeletedAttachment daapi = new com.xpn.xwiki.api.DeletedAttachment(da, context);
69  0 if (!daapi.canDelete()) {
70  0 throw new XWikiException(XWikiException.MODULE_XWIKI_ACCESS,
71    XWikiException.ERROR_XWIKI_ACCESS_DENIED,
72    "You are not allowed to delete an attachment from the trash "
73    + "immediately after it has been deleted from the wiki");
74    }
75  0 if (!da.getDocName().equals(doc.getFullName())) {
76  0 throw new XWikiException(XWikiException.MODULE_XWIKI_APP,
77    XWikiException.ERROR_XWIKI_APP_URL_EXCEPTION,
78    "The specified trash entry does not match the current document");
79    }
80    // TODO: Add a confirmation check
81  0 xwiki.getAttachmentRecycleBinStore().deleteFromRecycleBin(trashId, context, true);
82    }
83  0 sendRedirect(response, Utils.getRedirect("attach", context));
84  0 return false;
85    }
86   
87  4 if (context.getMode() == XWikiContext.MODE_PORTLET) {
88  0 filename = request.getParameter("filename");
89    } else {
90    // Note: We use getRequestURI() because the spec says the server doesn't decode it, as
91    // we want to use our own decoding.
92  4 String requestUri = request.getRequestURI();
93  4 filename = getFileName();
94    }
95   
96  4 XWikiDocument newdoc = doc.clone();
97   
98    // An attachment can be indicated either using an id, or using the filename.
99  4 if (request.getParameter("id") != null) {
100  0 int id = NumberUtils.toInt(request.getParameter("id"));
101  0 if (newdoc.getAttachmentList().size() > id) {
102  0 attachment = newdoc.getAttachmentList().get(id);
103    }
104    } else {
105  4 attachment = newdoc.getAttachment(filename);
106    }
107   
108    // No such attachment
109  4 if (attachment == null) {
110  0 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
111   
112  0 ScriptContext scriptContext = getCurrentScriptContext();
113  0 if (scriptContext != null) {
114  0 scriptContext.setAttribute("message",
115    localizePlainOrKey("core.action.deleteAttachment.failed", filename), ScriptContext.ENGINE_SCOPE);
116  0 scriptContext.setAttribute("details",
117    localizePlainOrKey("platform.core.action.deleteAttachment.noAttachment"),
118    ScriptContext.ENGINE_SCOPE);
119    }
120   
121  0 return true;
122    }
123   
124  4 newdoc.setAuthorReference(context.getUserReference());
125   
126    // Set "deleted attachment" as the version comment.
127  4 String comment;
128  4 if (attachment.isImage(context)) {
129  0 comment = localizePlainOrKey("core.comment.deleteImageComment", filename);
130    } else {
131  4 comment = localizePlainOrKey("core.comment.deleteAttachmentComment", filename);
132    }
133   
134  4 try {
135  4 newdoc.removeAttachment(attachment);
136  4 xwiki.saveDocument(newdoc, comment, context);
137    } catch (Exception ex) {
138  0 response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
139   
140  0 ScriptContext scriptContext = getCurrentScriptContext();
141  0 if (scriptContext != null) {
142  0 scriptContext.setAttribute("message",
143    localizePlainOrKey("core.action.deleteAttachment.failed", filename), ScriptContext.ENGINE_SCOPE);
144  0 scriptContext.setAttribute("details", ExceptionUtils.getRootCauseMessage(ex),
145    ScriptContext.ENGINE_SCOPE);
146    }
147   
148  0 return true;
149    }
150   
151    // forward to attach page
152  4 if (!((Boolean) context.get("ajax")).booleanValue()) {
153  4 String redirect = Utils.getRedirect("attach", context);
154  4 sendRedirect(response, redirect);
155    }
156   
157  4 return false;
158    }
159   
 
160  0 toggle @Override
161    public String render(XWikiContext context)
162    {
163  0 return "error";
164    }
165   
166    /**
167    * @return the filename of the attachment.
168    */
 
169  4 toggle private String getFileName()
170    {
171    // Extract the Attachment file name from the parsed request URL that was done before this Action is called
172  4 ResourceReference resourceReference = Utils.getComponent(ResourceReferenceManager.class).getResourceReference();
173  4 EntityResourceReference entityResource = (EntityResourceReference) resourceReference;
174  4 return entityResource.getEntityReference().extractReference(EntityType.ATTACHMENT).getName();
175    }
176    }