/* 
    P/P   *  Method: net.sourceforge.pebble.web.action.SaveBlogSecurityAction__static_init
          */
     1  /*
     2   * Copyright (c) 2003-2006, Simon Brown
     3   * All rights reserved.
     4   *
     5   * Redistribution and use in source and binary forms, with or without
     6   * modification, are permitted provided that the following conditions are met:
     7   *
     8   *   - Redistributions of source code must retain the above copyright
     9   *     notice, this list of conditions and the following disclaimer.
    10   *
    11   *   - Redistributions in binary form must reproduce the above copyright
    12   *     notice, this list of conditions and the following disclaimer in
    13   *     the documentation and/or other materials provided with the
    14   *     distribution.
    15   *
    16   *   - Neither the name of Pebble nor the names of its contributors may
    17   *     be used to endorse or promote products derived from this software
    18   *     without specific prior written permission.
    19   *
    20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
    21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
    24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
    25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    30   * POSSIBILITY OF SUCH DAMAGE.
    31   */
    32  package net.sourceforge.pebble.web.action;
    33  
    34  import net.sourceforge.pebble.Constants;
    35  import net.sourceforge.pebble.domain.Blog;
    36  import net.sourceforge.pebble.domain.BlogServiceException;
    37  import net.sourceforge.pebble.web.security.RequireSecurityToken;
    38  import net.sourceforge.pebble.web.view.RedirectView;
    39  import net.sourceforge.pebble.web.view.View;
    40  
         /* 
    P/P   *  Method: void net.sourceforge.pebble.web.action.SaveBlogSecurityAction()
          */
    41  import javax.servlet.ServletException;
    42  import javax.servlet.http.HttpServletRequest;
    43  import javax.servlet.http.HttpServletResponse;
    44  
    45  /**
    46   * Saves the security properties associated with the current Blog.
    47   *
    48   * @author    Simon Brown
    49   */
    50  @RequireSecurityToken
    51  public class SaveBlogSecurityAction extends SecureAction {
    52  
    53    /**
    54     * Peforms the processing associated with this action.
    55     *
    56     * @param request  the HttpServletRequest instance
    57     * @param response the HttpServletResponse instance
    58     * @return the name of the next view
    59     */
    60    public View process(HttpServletRequest request, HttpServletResponse response) throws ServletException {
             /* 
    P/P       *  Method: View process(HttpServletRequest, HttpServletResponse)
              * 
              *  Preconditions:
              *    request != null
              *    this.model != null
              *    this.model.data != null
              * 
              *  Presumptions:
              *    java.util.HashMap:get(...)@63 != null
              *    values.length@66 <= 232-1
              *    values.length@76 <= 232-1
              *    values.length@86 <= 232-1
              *    values.length@96 <= 232-1
              * 
              *  Postconditions:
              *    return_value == &new RedirectView(process#6)
              *    new RedirectView(process#6) num objects == 1
              * 
              *  Test Vectors:
              *    javax.servlet.http.HttpServletRequest:getParameterValues(...)@66: Addr_Set{null}, Inverse{null}
              *    javax.servlet.http.HttpServletRequest:getParameterValues(...)@76: Addr_Set{null}, Inverse{null}
              *    javax.servlet.http.HttpServletRequest:getParameterValues(...)@86: Addr_Set{null}, Inverse{null}
              *    javax.servlet.http.HttpServletRequest:getParameterValues(...)@96: Addr_Set{null}, Inverse{null}
              */
    61      Blog blog = (Blog)getModel().get(Constants.BLOG_KEY);
    62  
    63      String privateBlog = request.getParameter("private");
    64      blog.setProperty(Blog.PRIVATE_KEY, privateBlog);
    65  
    66      String values[] = request.getParameterValues("blogOwners");
    67      StringBuffer blogOwners = new StringBuffer();
    68      if (values != null) {
    69        for (String value : values) {
    70          blogOwners.append(value);
    71          blogOwners.append(",");
    72        }
    73      }
    74      blog.setProperty(Blog.BLOG_OWNERS_KEY, blogOwners.toString());
    75  
    76      values = request.getParameterValues("blogPublishers");
    77      StringBuffer blogPublishers = new StringBuffer();
    78      if (values != null) {
    79        for (String value : values) {
    80          blogPublishers.append(value);
    81          blogPublishers.append(",");
    82        }
    83      }
    84      blog.setProperty(Blog.BLOG_PUBLISHERS_KEY, blogPublishers.toString());
    85  
    86      values = request.getParameterValues("blogContributors");
    87      StringBuffer blogContributors = new StringBuffer();
    88      if (values != null) {
    89        for (String value : values) {
    90          blogContributors.append(value);
    91          blogContributors.append(",");
    92        }
    93      }
    94      blog.setProperty(Blog.BLOG_CONTRIBUTORS_KEY, blogContributors.toString());
    95  
    96      values = request.getParameterValues("blogReaders");
    97      StringBuffer blogReaders = new StringBuffer();
    98      if (values != null) {
    99        for (String value : values) {
   100          blogReaders.append(value);
   101          blogReaders.append(",");
   102        }
   103      }
   104      blog.setProperty(Blog.BLOG_READERS_KEY, blogReaders.toString());
   105  
   106      try {
   107        blog.storeProperties();
   108        blog.info("Blog security settings saved.");
   109      } catch (BlogServiceException e) {
   110        throw new ServletException(e);
   111      }
   112  
   113      return new RedirectView(blog.getUrl() + "viewBlogSecurity.secureaction");
   114    }
   115  
   116    /**
   117     * Gets a list of all roles that are allowed to access this action.
   118     *
   119     * @return  an array of Strings representing role names
   120     * @param request   the originating request
   121     */
   122    public String[] getRoles(HttpServletRequest request) {
             /* 
    P/P       *  Method: String[] getRoles(HttpServletRequest)
              * 
              *  Presumptions:
              *    init'ed(net.sourceforge.pebble.Constants.BLOG_ADMIN_ROLE)
              *    init'ed(net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE)
              * 
              *  Postconditions:
              *    return_value == &new String[](getRoles#1)
              *    new String[](getRoles#1) num objects == 1
              *    return_value.length == 2
              *    return_value[0] == net.sourceforge.pebble.Constants.BLOG_ADMIN_ROLE
              *    (soft) init'ed(return_value[0])
              *    return_value[1] == net.sourceforge.pebble.Constants.BLOG_OWNER_ROLE
              *    (soft) init'ed(return_value[1])
              */
   123      return new String[]{
   124          Constants.BLOG_ADMIN_ROLE,
   125          Constants.BLOG_OWNER_ROLE
   126      };
   127    }
   128  
   129  }