1. Project Clover database Tue Dec 20 2016 21:24:09 CET
  2. Package com.xpn.xwiki.web

File CommentSaveAction.java

 

Coverage histogram

../../../../img/srcFileCovDistChart0.png
83% of files have more coverage

Code metrics

12
30
2
1
137
71
10
0.33
15
2
5

Classes

Class Line # Actions
CommentSaveAction 45 30 0% 10 44
0.00%
 

Contributing tests

No tests hitting this source file were found.

Source view

1    /*
2    * See the NOTICE file distributed with this work for additional
3    * information regarding copyright ownership.
4    *
5    * This is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU Lesser General Public License as
7    * published by the Free Software Foundation; either version 2.1 of
8    * the License, or (at your option) any later version.
9    *
10    * This software is distributed in the hope that it will be useful,
11    * but WITHOUT ANY WARRANTY; without even the implied warranty of
12    * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13    * Lesser General Public License for more details.
14    *
15    * You should have received a copy of the GNU Lesser General Public
16    * License along with this software; if not, write to the Free
17    * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
18    * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
19    */
20    package com.xpn.xwiki.web;
21   
22    import java.util.Enumeration;
23    import java.util.regex.Matcher;
24    import java.util.regex.Pattern;
25   
26    import org.xwiki.localization.ContextualLocalizationManager;
27    import org.xwiki.model.reference.DocumentReference;
28    import org.xwiki.model.reference.DocumentReferenceResolver;
29    import org.xwiki.security.authorization.AuthorizationManager;
30    import org.xwiki.security.authorization.Right;
31   
32    import com.xpn.xwiki.XWiki;
33    import com.xpn.xwiki.XWikiContext;
34    import com.xpn.xwiki.XWikiException;
35    import com.xpn.xwiki.doc.XWikiDocument;
36    import com.xpn.xwiki.objects.BaseObject;
37   
38    /**
39    * Action used to edit+save an existing comment in a page, saves the comment
40    * object in the document, requires comment right but not edit right.
41    *
42    * @version $Id: eb37c23a292e7df7317bcce2290daf00dff091ed $
43    * @since 8.4RC1
44    */
 
45    public class CommentSaveAction extends CommentAddAction
46    {
47    private static final String COMMENT_FIELD_NAME = "comment";
48   
49    /**
50    * Entity reference resolver.
51    */
52    private DocumentReferenceResolver<String> documentReferenceResolver =
53    Utils.getComponent(DocumentReferenceResolver.TYPE_STRING, "current");
54   
55    /**
56    * Authorization manager.
57    */
58    private AuthorizationManager authorizationManager = Utils.getComponent(AuthorizationManager.class);
59   
60    /**
61    * Localization manager.
62    */
63    private ContextualLocalizationManager localizationManager = Utils.getComponent(ContextualLocalizationManager.class);
64   
65    /**
66    * Pattern to get the comment's number.
67    */
68    private final Pattern pattern = Pattern.compile("XWiki.XWikiComments_(\\d+)_comment");
69   
 
70  0 toggle private int getCommentIdFromRequest(XWikiRequest request) throws XWikiException
71    {
72    // Get the comment object
73  0 Enumeration parameterNames = request.getParameterNames();
74  0 while (parameterNames.hasMoreElements()) {
75  0 String parameterName = (String) parameterNames.nextElement();
76    // Matcher
77  0 Matcher m = pattern.matcher(parameterName);
78  0 if (m.find()) {
79  0 String number = m.group(1);
80  0 return Integer.parseInt(number);
81    }
82    }
83  0 throw new XWikiException("Failed to find the comment to save.", null);
84    }
85   
 
86  0 toggle @Override
87    public boolean action(XWikiContext context) throws XWikiException
88    {
89    // Get the XWiki utilities
90  0 XWiki xwiki = context.getWiki();
91  0 XWikiResponse response = context.getResponse();
92  0 XWikiRequest request = context.getRequest();
93  0 XWikiDocument doc = context.getDoc();
94   
95  0 if (!csrfTokenCheck(context) || doc.isNew()) {
96  0 return false;
97    }
98   
99    // Comment class reference
100  0 DocumentReference commentClass = new DocumentReference(context.getWikiId(), XWiki.SYSTEM_SPACE,
101    XWikiDocument.COMMENTSCLASS_REFERENCE.getName());
102   
103    // Edit comment
104  0 int commentId = getCommentIdFromRequest(request);
105  0 BaseObject commentObj = doc.getXObject(commentClass, commentId);
106  0 if (commentObj == null) {
107  0 return false;
108    }
109   
110    // Check if the author is the current user or if the current user has the ADMIN right
111  0 String commentAuthor = commentObj.getStringValue("author");
112  0 DocumentReference authorReference = documentReferenceResolver.resolve(commentAuthor);
113  0 if (!authorReference.equals(context.getUserReference())
114    && !authorizationManager.hasAccess(Right.ADMIN, context.getUserReference(),
115    context.getDoc().getDocumentReference())) {
116  0 return false;
117    }
118   
119    // Edit the comment
120  0 commentObj.set(COMMENT_FIELD_NAME, request.getParameter(
121    String.format("XWiki.XWikiComments_%d_comment", commentId)), context);
122   
123    // Save it
124  0 xwiki.saveDocument(doc, localizationManager.getTranslationPlain("core.comment.editComment"),
125    true, context);
126   
127    // If xpage is specified then allow the specified template to be parsed.
128  0 if (context.getRequest().get("xpage") != null) {
129  0 return true;
130    }
131   
132    // forward to edit
133  0 String redirect = Utils.getRedirect("edit", context);
134  0 sendRedirect(response, redirect);
135  0 return false;
136    }
137    }