Java tutorial
/*Copyright (C) 2014 JD Software, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. You should have received a copy of the GNU Affero General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ package com.jd.survey.web.settings; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.Principal; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.validation.Valid; import org.apache.commons.lang.ArrayUtils; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.apache.velocity.app.VelocityEngine; import org.hibernate.Hibernate; import org.hibernate.proxy.HibernateProxy; import org.owasp.validator.html.AntiSamy; import org.owasp.validator.html.CleanResults; import org.owasp.validator.html.Policy; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.MessageSource; import org.springframework.security.access.annotation.Secured; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.validation.BindingResult; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.multipart.MultipartFile; import org.springframework.web.util.UriUtils; import org.springframework.web.util.WebUtils; import com.google.gson.ExclusionStrategy; import com.google.gson.FieldAttributes; import com.google.gson.Gson; import com.google.gson.JsonArray; import com.google.gson.JsonObject; import com.google.gson.TypeAdapter; import com.google.gson.TypeAdapterFactory; import com.google.gson.reflect.TypeToken; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonWriter; import com.google.zxing.BarcodeFormat; import com.google.zxing.WriterException; import com.google.zxing.client.j2se.MatrixToImageWriter; import com.google.zxing.common.BitMatrix; import com.google.zxing.qrcode.QRCodeWriter; import com.jd.survey.GlobalSettings; import com.jd.survey.domain.security.User; import com.jd.survey.domain.settings.Department; import com.jd.survey.domain.settings.Sector; import com.jd.survey.domain.settings.SurveyDefinition; import com.jd.survey.domain.settings.SurveyDefinitionStatus; import com.jd.survey.domain.settings.SurveyTemplate; import com.jd.survey.service.security.SecurityService; import com.jd.survey.service.security.UserService; import com.jd.survey.service.settings.ApplicationSettingsService; import com.jd.survey.service.settings.SurveySettingsService; import com.jd.survey.service.util.JsonHelperService; @RequestMapping("/9nowwebmanager") @Controller public class NowwebmanagerController { private static final Log log = LogFactory.getLog(NowwebmanagerController.class); //private static final String EXTERNAL_SITE_BASE_URL="external_site_base_url"; private static final long SURVEY_INVITATION_EMAIL_TEMPLATE_ID = 4; private static final long SURVEY_COMPLETED_PAGE_CONTENT_TEMPLATE_ID = 5; private static final String POLICY_FILE_LOCATION = "/antisamy-tinymce-1-4-4.xml"; @Autowired private ApplicationSettingsService applicationSettingsService; @Autowired private VelocityEngine velocityEngine; @Autowired private SecurityService securityService; @Autowired private UserService userService; @Autowired private SurveySettingsService surveySettingsService; @Autowired private JsonHelperService jsonHelperService; @Autowired private MessageSource messageSource; @Value("${external.base.url}") String externalBaseUrl; /** * Returns the survey logo image binary * @param departmentId * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/qr/{id}", produces = "text/html") public void getSurveyQRCode(@PathVariable("id") Long surveyDefinitionId, Model uiModel, Principal principal, HttpServletRequest httpServletRequest, HttpServletResponse response) { try { uiModel.asMap().clear(); User user = userService.user_findByLogin(principal.getName()); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); throw (new RuntimeException("Unauthorized access to logo")); } SurveyDefinition surveyDefinition = surveySettingsService.surveyDefinition_findById(surveyDefinitionId); //String surveyLink =messageSource.getMessage(EXTERNAL_SITE_BASE_URL, null, LocaleContextHolder.getLocale()); String surveyLink = externalBaseUrl; if (surveyDefinition.getIsPublic()) { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "open/" + surveyDefinitionId + "?list"; } else { surveyLink = surveyLink + "/open/" + surveyDefinitionId + "?list"; } } else { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "private/" + surveyDefinitionId + "?list"; } else { surveyLink = surveyLink + "/private/" + surveyDefinitionId + "?list"; } } response.setContentType("image/png"); ServletOutputStream servletOutputStream = response.getOutputStream(); QRCodeWriter writer = new QRCodeWriter(); BitMatrix bitMatrix = null; try { bitMatrix = writer.encode(surveyLink, BarcodeFormat.QR_CODE, 600, 600); MatrixToImageWriter.writeToStream(bitMatrix, "png", servletOutputStream); } catch (WriterException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } servletOutputStream.flush(); } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Returns the survey logo image binary * @param departmentId * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/logo/{id}", produces = "text/html") public void getSurveyLogo(@PathVariable("id") Long surveyDefinitionId, Model uiModel, Principal principal, HttpServletRequest httpServletRequest, HttpServletResponse response) { try { uiModel.asMap().clear(); User user = userService.user_findByLogin(principal.getName()); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); throw (new RuntimeException("Unauthorized access to logo")); } SurveyDefinition surveyDefinition = surveySettingsService.surveyDefinition_findById(surveyDefinitionId); //response.setContentType("image/png"); ServletOutputStream servletOutputStream = response.getOutputStream(); servletOutputStream.write(surveyDefinition.getLogo()); servletOutputStream.flush(); } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Prepares the page to update the survey logo * @param departmentId * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/logo", method = RequestMethod.GET, produces = "text/html") public String updateLogoPrepare(@RequestParam(value = "id", required = false) Long surveyDefinitionId, Model uiModel, Principal principal, HttpServletRequest httpServletRequest) { try { User user = userService.user_findByLogin(principal.getName()); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } uiModel.addAttribute("surveyDefinition", surveySettingsService.surveyDefinition_findById(surveyDefinitionId)); return "settings/surveyDefinitions/logo"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Updates the survey logo * @param file * @param surveyDefinitionId * @param proceed * @param principal * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/logo", method = RequestMethod.POST, produces = "text/html") public String updateLogo(@RequestParam("file") MultipartFile file, @RequestParam("id") Long surveyDefinitionId, @RequestParam(value = "_proceed", required = false) String proceed, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { User user = userService.user_findByLogin(principal.getName()); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } GlobalSettings globalSettings = applicationSettingsService.getSettings(); //validate content type if (file.isEmpty() || !globalSettings.getValidImageTypesAsList().contains(file.getContentType().toLowerCase())) { uiModel.addAttribute("surveyDefinition", surveySettingsService.surveyDefinition_findById(surveyDefinitionId)); uiModel.addAttribute("invalidFile", true); return "settings/surveyDefinitions/logo"; } surveySettingsService.surveyDefinition_updateLogo(surveyDefinitionId, file.getBytes()); uiModel.asMap().clear(); return "settings/surveyDefinitions/saved"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Renders the page for the survey definition import from a JSON file * @param departmentId * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/upload", produces = "text/html") public String uploadFromJson(@RequestParam(value = "id", required = false) Long departmentId, Model uiModel, Principal principal, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (departmentId != null && !securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } Set<Department> departments = surveySettingsService.department_findAll(user); uiModel.addAttribute("departments", departments); uiModel.addAttribute("departmentId", departmentId); uiModel.addAttribute("jsonTemplates", surveySettingsService.surveyTemplate_findAll()); return "settings/surveyDefinitions/upload"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/importtemplate", produces = "text/html") public String importTemplate(@RequestParam(value = "id", required = false) Long departmentId, @RequestParam(value = "templateId", required = false) Long templateId, Model uiModel, Principal principal, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (departmentId != null && !securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("departmentId", departmentId); uiModel.addAttribute("sectors", surveySettingsService.sector_findAll()); return "settings/surveyDefinitions/importtemplate"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/importtemplate", method = RequestMethod.POST, produces = "text/html") public String importTemplatePost(@RequestParam("id") Long departmentId, @RequestParam("secId") Long sectorId, @RequestParam(value = "_proceed", required = false) String proceed, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { uiModel.addAttribute("department", surveySettingsService.department_findById(departmentId)); uiModel.addAttribute("sector", surveySettingsService.sector_findById(sectorId)); uiModel.addAttribute("templates", surveySettingsService.surveyTemplate_findBySectorId(sectorId)); return "redirect:/settings/surveyDefinitions/browsetemplate?id=" + encodeUrlPathSegment(departmentId.toString(), httpServletRequest) + "&sid=" + encodeUrlPathSegment(sectorId.toString(), httpServletRequest); } else { //Cancel button return "settings/surveyDefinitions"; } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/browsetemplate", produces = "text/html") public String browseTemplate(@RequestParam(value = "id", required = false) Long departmentId, @RequestParam(value = "sid", required = false) Long sectorId, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } uiModel.addAttribute("department", surveySettingsService.department_findById(departmentId)); uiModel.addAttribute("sector", surveySettingsService.sector_findById(sectorId)); uiModel.addAttribute("templates", surveySettingsService.surveyTemplate_findBySectorId(sectorId)); return "settings/surveyDefinitions/browsetemplate"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/browsetemplate", method = RequestMethod.POST, produces = "text/html") public String browseTemplatePost(@RequestParam(value = "id", required = false) Long departmentId, @RequestParam(value = "secId", required = false) Long sectorId, @RequestParam(value = "tempId", required = false) Long templateId, @RequestParam("name") String surveyName, @RequestParam(value = "_proceed", required = false) String proceed, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { Department department = surveySettingsService.department_findById(departmentId); SurveyDefinition sdef = new SurveyDefinition(department, surveyName); if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(sdef)) { uiModel.addAttribute("department", surveySettingsService.department_findById(departmentId)); uiModel.addAttribute("sector", surveySettingsService.sector_findById(sectorId)); uiModel.addAttribute("templates", surveySettingsService.surveyTemplate_findBySectorId(sectorId)); uiModel.addAttribute("nameDuplicateError", true); return "settings/surveyDefinitions/browsetemplate"; } if (surveyName != null && surveyName.trim().length() > 0 && surveyName.trim().length() < 250) { SurveyTemplate st = surveySettingsService.surveyTemplate_findById(templateId); String jsonString = st.getJson(); SurveyDefinition surveyDefinition = jsonHelperService.deSerializeSurveyDefinition(jsonString); surveyDefinition.setName(surveyName); surveyDefinition = surveySettingsService.surveyDefinition_create(surveyDefinition, departmentId); uiModel.asMap().clear(); surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition); return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest); } else { uiModel.addAttribute("department", surveySettingsService.department_findById(departmentId)); uiModel.addAttribute("sector", surveySettingsService.sector_findById(sectorId)); uiModel.addAttribute("templates", surveySettingsService.surveyTemplate_findBySectorId(sectorId)); uiModel.addAttribute("nameError", true); return "settings/surveyDefinitions/browsetemplate"; } } uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("departmentId", departmentId); uiModel.addAttribute("sectors", surveySettingsService.sector_findAll()); return "settings/surveyDefinitions/importtemplate"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "savetemplate", produces = "text/html") public String saveTemplate(@PathVariable("id") Long surveyDefinitionId, Principal principal, Model uiModel, HttpServletRequest httpServletRequest, HttpServletResponse response) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); response.sendRedirect("../../accessDenied"); } Set<Sector> sectors; sectors = surveySettingsService.sector_findAll(); if (sectors.size() <= 0) { uiModel.addAttribute("noSectors", true); } uiModel.addAttribute("sectors", sectors); uiModel.addAttribute("sid", surveyDefinitionId); return "settings/surveyDefinitions/savetemplate"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/savetemplate", method = RequestMethod.POST, produces = "text/html") public String saveTemplatePost(@RequestParam("sid") Long surveyDefinitionId, @RequestParam("secId") Long sectorId, @RequestParam("name") String templateName, @RequestParam("description") String templateDesc, @RequestParam(value = "_proceed", required = false) String proceed, Principal principal, Model uiModel, HttpServletRequest httpServletRequest, HttpServletResponse response) { try { if (proceed != null) { if (templateName != null && templateName.trim().length() > 0 && templateName.trim().length() < 250) { Sector sector = surveySettingsService.sector_findById(sectorId); SurveyTemplate st = new SurveyTemplate(); SurveyDefinition surveyDefinition = surveySettingsService .surveyDefinition_findById(surveyDefinitionId); //Set the exported survey definition status to Inactive //problem: sets the published survey to incomplete. surveyDefinition.setStatus(SurveyDefinitionStatus.I); String json = jsonHelperService.serializeSurveyDefinition(surveyDefinition); st.setName(templateName); st.setSector(sector); st.setDescription(templateDesc); st.setJson(json); //Returning the original survey's status to Published. surveyDefinition.setStatus(SurveyDefinitionStatus.P); if (!surveySettingsService.surveyTemplate_ValidateNameIsUnique(st)) { uiModel.addAttribute("sectors", surveySettingsService.sector_findAll()); uiModel.addAttribute("sid", surveyDefinitionId); uiModel.addAttribute("nameDuplicateError", true); return "settings/surveyDefinitions/savetemplate"; } else { st = surveySettingsService.surveyTemplate_merge(st); uiModel.asMap().clear(); return "settings/surveyDefinitions/saved"; } } else { uiModel.addAttribute("sectors", surveySettingsService.sector_findAll()); uiModel.addAttribute("sid", surveyDefinitionId); uiModel.addAttribute("nameError", true); return "settings/surveyDefinitions/savetemplate"; } } //Cancel return "settings/surveyDefinitions/"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Imports survey definition from a JSON file, This feature may be used to migrate survey definitions from different environments, * For example from a test environment to a production environment * @param file * @param departmentId * @param surveyName * @param proceed * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/upload", method = RequestMethod.POST, produces = "text/html") public String uploadFromJsonPost(@RequestParam("file") MultipartFile file, @RequestParam("id") Long departmentId, @RequestParam("name") String surveyName, @RequestParam(value = "_proceed", required = false) String proceed, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { Long surveyDefinitionId = null; try { if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(new SurveyDefinition( surveySettingsService.department_findById(departmentId), surveyName))) { uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("nameDuplicateError", true); return "settings/surveyDefinitions/upload"; } if (!file.isEmpty()) { if (surveyName != null && surveyName.trim().length() > 0 && surveyName.trim().length() < 250) { String jsonString = new String(file.getBytes(), "UTF8"); SurveyDefinition surveyDefinition = jsonHelperService .deSerializeSurveyDefinition(jsonString); surveyDefinition.setName(surveyName); surveyDefinition = surveySettingsService.surveyDefinition_create(surveyDefinition, departmentId); surveyDefinitionId = surveyDefinition.getId(); } else { uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("nameError", true); return "settings/surveyDefinitions/upload"; } } else { uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("emptyFileError", true); return "settings/surveyDefinitions/upload"; } } catch (Exception e) { log.error(e.getMessage(), e); uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("importError", true); return "settings/surveyDefinitions/upload"; } return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinitionId.toString(), httpServletRequest); } else { return "redirect:/settings/surveyDefinitions?page=1&size=25"; } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Exports the survey definition as a JSON file * @param surveyDefinitionId * @param response */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "export", produces = "text/html") public void exportToJson(@PathVariable("id") Long surveyDefinitionId, Principal principal, HttpServletRequest httpServletRequest, HttpServletResponse response) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); response.sendRedirect("../../accessDenied"); } SurveyDefinition surveyDefinition = surveySettingsService.surveyDefinition_findById(surveyDefinitionId); //set the exported survey definition status to Inactive surveyDefinition.setStatus(SurveyDefinitionStatus.I); String json = jsonHelperService.serializeSurveyDefinition(surveyDefinition); //response.setContentType("text/html; charset=utf-8"); response.setContentType("application/octet-stream"); // Set standard HTTP/1.1 no-cache headers. response.setHeader("Cache-Control", "no-store, no-cache,must-revalidate"); // Set IE extended HTTP/1.1 no-cache headers (use addHeader). response.addHeader("Cache-Control", "post-check=0, pre-check=0"); // Set standard HTTP/1.0 no-cache header. response.setHeader("Pragma", "no-cache"); response.setHeader("Content-Disposition", "inline;filename=surveyDef" + surveyDefinitionId + ".jsn"); ServletOutputStream servletOutputStream = response.getOutputStream(); servletOutputStream.write(json.getBytes("UTF-8")); servletOutputStream.flush(); //Returning the original survey's status to Published. surveyDefinition.setStatus(SurveyDefinitionStatus.P); } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } //Exports the survey definition /** * Publishes the survey definition, this will make the survey available from the external site. * @param surveyDefinitionId * @param response * @param httpServletRequest * @param uiModel * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "publish", produces = "text/html") public String publishSurveyDefinition(@PathVariable("id") Long surveyDefinitionId, HttpServletResponse response, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } //Validate Page, questions and questions options are not empty if (!surveySettingsService.surveyDefinition_ValidateSurveydefinitionForPublishing(surveyDefinitionId)) { uiModel.addAttribute("surveyDefinition", surveySettingsService.surveyDefinition_findById(surveyDefinitionId)); uiModel.addAttribute("isNotPublishReady", true); return "settings/surveyDefinitions/show"; } else //All Pages, Questions and Question Options are valid { surveySettingsService.surveyDefinition_publish(surveyDefinitionId); return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinitionId.toString(), httpServletRequest); } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * changes the state of a previously published survey to inactive, Survey participant can no longer create new surveys of this type, * but they may however finish an existing incomplete survey * @param surveyDefinitionId * @param response * @param httpServletRequest * @param uiModel * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "unpublish", produces = "text/html") public String DeactivateSurveyDefinition(@PathVariable("id") Long surveyDefinitionId, HttpServletResponse response, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinitionId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } surveySettingsService.surveyDefinition_deactivate(surveyDefinitionId); return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinitionId.toString(), httpServletRequest); } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Prepares the page for creating a new survey definition * @param departmentId * @param principal * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "create", produces = "text/html") public String createGet(@PathVariable("id") Long departmentId, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { if (surveySettingsService.department_getCount() > 0) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); SurveyDefinition surveyDefinition; if (departmentId != null && departmentId != 0) { //Check if the user is authorized if (!securityService.userBelongsToDepartment(departmentId, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } Department department = surveySettingsService.department_findById(departmentId); surveyDefinition = new SurveyDefinition(department, surveySettingsService.velocityTemplate_findById(SURVEY_INVITATION_EMAIL_TEMPLATE_ID) .getDefinition(), surveySettingsService .velocityTemplate_findById(SURVEY_COMPLETED_PAGE_CONTENT_TEMPLATE_ID) .getDefinition()); } else { surveyDefinition = new SurveyDefinition( surveySettingsService.velocityTemplate_findById(SURVEY_INVITATION_EMAIL_TEMPLATE_ID) .getDefinition(), surveySettingsService .velocityTemplate_findById(SURVEY_COMPLETED_PAGE_CONTENT_TEMPLATE_ID) .getDefinition()); } populateEditForm(uiModel, surveyDefinition, user); return "settings/surveyDefinitions/create"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } else { return "redirect:/settings/surveyDefinitions/"; } } /** * creates a new survey definition * @param proceed * @param surveyDefinition * @param bindingResult * @param uiModel * @param httpServletRequest * @param principal * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(method = RequestMethod.POST, produces = "text/html") public String createPost(@RequestParam(value = "_proceed", required = false) String proceed, @Valid SurveyDefinition surveyDefinition, BindingResult bindingResult, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user) && !securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { if (bindingResult.hasErrors()) { populateEditForm(uiModel, surveyDefinition, user); return "settings/surveyDefinitions/create"; } if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) { bindingResult.rejectValue("name", "field_unique"); populateEditForm(uiModel, surveyDefinition, user); return "settings/surveyDefinitions/create"; } //if(surveyDefinition.getSendAutoReminders() == true){ //bindingResult.rejectValue("autoRemindersWeeklyOccurrence", "field_unique"); // } Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy emailAs = new AntiSamy(); CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy); surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML()); Policy completedSurveyPolicy = Policy .getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy completedSurveyAs = new AntiSamy(); CleanResults crCompletedSurvey = completedSurveyAs .scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy); surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML()); uiModel.asMap().clear(); surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition); return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest); } else { return "redirect:/settings/surveyDefinitions"; } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Shows a survey definition * @param id * @param uiModel * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", produces = "text/html") public String show(@PathVariable("id") Long id, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); SurveyDefinition surveyDefinition = surveySettingsService.surveyDefinition_findById(id); //String surveyLink =messageSource.getMessage(EXTERNAL_SITE_BASE_URL, null, LocaleContextHolder.getLocale()); String surveyLink = externalBaseUrl; //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(id, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (surveyDefinition.getIsPublic()) { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "open/" + id + "?list"; } else { surveyLink = surveyLink + "/open/" + id + "?list"; } } else { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "private/" + id + "?list"; } else { surveyLink = surveyLink + "/private/" + id + "?list"; } } // for (SurveyDefinitionPage page: surveyDefinition.getPages()) { // for (Question question: page.getQuestions()) { // //if (question.getType()== QuestionType.DATASET_DROP_DOWN){ // //DataSet dataset = surveySettingsService.dataset_findByName(question.getDataSetCode()); // //.addAttribute("datasetItems" + "p"+ page.getOrder() + "q"+ question.getOrder(),surveySettingsService.datasetItem_findByDataSetId(dataset.getId(), 0, 10)); // // //} // // } // } uiModel.addAttribute("surveyLink", surveyLink); uiModel.addAttribute("surveyDefinition", surveySettingsService.surveyDefinition_findById(id)); /*uiModel.addAttribute("isPublishReady", true);*/ uiModel.addAttribute("isShow", true); uiModel.addAttribute("itemId", id); return "settings/surveyDefinitions/show"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Lists survey definitions * @param page * @param size * @param uiModel * @param principal * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(produces = "text/html") public String list(@RequestParam(value = "s", required = false) Integer showPublishedSurveyDeleteFailMessage, @RequestParam(value = "page", required = false) Integer page, @RequestParam(value = "size", required = false) Integer size, Principal principal, Model uiModel) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); log.info(login); if (page != null || size != null) { int sizeNo = size == null ? 10 : size.intValue(); final int firstResult = page == null ? 0 : (page.intValue() - 1) * sizeNo; uiModel.addAttribute("surveyDefinitions", surveySettingsService.surveyDefinition_findAllInternal(user, firstResult, sizeNo)); float nrOfPages = (float) surveySettingsService.surveyDefinition_getCount() / sizeNo; uiModel.addAttribute("maxPages", (int) ((nrOfPages > (int) nrOfPages || nrOfPages == 0.0) ? nrOfPages + 1 : nrOfPages)); } else { uiModel.addAttribute("surveyDefinitions", surveySettingsService.surveyDefinition_findAllInternal(user)); } if (showPublishedSurveyDeleteFailMessage != null && showPublishedSurveyDeleteFailMessage.equals(1)) { uiModel.addAttribute("showPublishedSurveyDeleteFailMessage", true); } if (surveySettingsService.department_getCount() <= 0) { uiModel.addAttribute("noDepartments", true); } return "settings/surveyDefinitions/list"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } // @Secured({"ROLE_ADMIN","ROLE_SURVEY_ADMIN"}) @RequestMapping(value = "/surveyList/{shopid}", produces = "text/html;charset=UTF-8", method = RequestMethod.GET) @ResponseBody public String surveyList(@PathVariable("shopid") Long shopid, @RequestParam(value = "page", required = false) Integer page, @RequestParam(value = "size", required = false) Integer size, Principal principal, Model uiModel) { try { String login = null; Set<SurveyDefinition> surveys = null; if (principal == null) { login = "admin"; } else login = principal.getName(); User user = userService.user_findByLogin(login); log.info(login); // uiModel.addAttribute("surveyDefinitions", surveySettingsService.surveyDefinition_findAllInternal(user)); surveys = surveySettingsService.surveyDefinition_findAllInternal(user); JsonArray ls = new JsonArray(); for (Iterator<SurveyDefinition> iterator = surveys.iterator(); iterator.hasNext();) { SurveyDefinition pBean = iterator.next(); JsonObject jsonBean = new JsonObject(); jsonBean.addProperty("id", pBean.getId()); jsonBean.addProperty("name", pBean.getName()); String surveyLink = externalBaseUrl; if (pBean.getIsPublic()) { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "open/" + pBean.getId() + "?list"; } else { surveyLink = surveyLink + "/open/" + pBean.getId() + "?list"; } } else { if (surveyLink.endsWith("/")) { surveyLink = surveyLink + "private/" + pBean.getId() + "?list"; } else { surveyLink = surveyLink + "/private/" + pBean.getId() + "?list"; } } jsonBean.addProperty("surveyLink", surveyLink + "&shopid=" + shopid); ls.add(jsonBean); } // { // [{}] // } String rs = ls.toString(); return rs; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } public static void main(String[] args) { SurveyDefinition surveys = new SurveyDefinition(); surveys.setAllowMultipleSubmissions(true); Set<SurveyDefinition> set = new HashSet<SurveyDefinition>(); set.add(surveys); System.out.println(new Gson().toJson(set)); } /** * Updates a survey definition * @param proceed * @param surveyDefinition * @param bindingResult * @param uiModel * @param httpServletRequest * @param principal * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(method = RequestMethod.PUT, produces = "text/html") public String update(@RequestParam(value = "_proceed", required = false) String proceed, @Valid SurveyDefinition surveyDefinition, BindingResult bindingResult, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { try { String login = principal.getName(); User user = userService.user_findByLogin(login); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(surveyDefinition.getId(), user) && !securityService.userBelongsToDepartment(surveyDefinition.getDepartment().getId(), user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (proceed != null) { if (bindingResult.hasErrors()) { populateEditForm(uiModel, surveyDefinition, user); return "settings/surveyDefinitions/update"; } if (!surveySettingsService.surveyDefinition_ValidateNameIsUnique(surveyDefinition)) { bindingResult.rejectValue("name", "field_unique"); populateEditForm(uiModel, surveyDefinition, user); return "settings/surveyDefinitions/update"; } System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic()); Policy emailTemplatePolicy = Policy.getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy emailAs = new AntiSamy(); CleanResults crEmail = emailAs.scan(surveyDefinition.getEmailInvitationTemplate(), emailTemplatePolicy); surveyDefinition.setEmailInvitationTemplate(crEmail.getCleanHTML()); Policy completedSurveyPolicy = Policy .getInstance(this.getClass().getResource(POLICY_FILE_LOCATION)); AntiSamy completedSurveyAs = new AntiSamy(); CleanResults crCompletedSurvey = completedSurveyAs .scan(surveyDefinition.getCompletedSurveyTemplate(), completedSurveyPolicy); surveyDefinition.setCompletedSurveyTemplate(crCompletedSurvey.getCleanHTML()); uiModel.asMap().clear(); surveyDefinition = surveySettingsService.surveyDefinition_merge(surveyDefinition); System.out.println("!!!!!!!!! MD: " + surveyDefinition.getAllowMultipleSubmissions() + " #################### PUB: " + surveyDefinition.getIsPublic()); return "settings/surveyDefinitions/saved"; } else { return "redirect:/settings/surveyDefinitions/" + encodeUrlPathSegment(surveyDefinition.getId().toString(), httpServletRequest); } } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * * @param id * @param uiModel * @param principal * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", params = "form", produces = "text/html") public String updateForm(@PathVariable("id") Long id, Principal principal, Model uiModel) { log.info("updateForm(): id=" + id); try { User user = userService.user_findByLogin(principal.getName()); populateEditForm(uiModel, surveySettingsService.surveyDefinition_findById(id), user); return "settings/surveyDefinitions/update"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Deletes a survey definition * @param id * @param uiModel * @param httpServletRequest * @return */ @Secured({ "ROLE_ADMIN", "ROLE_SURVEY_ADMIN" }) @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = "text/html") public String delete(@PathVariable("id") Long id, Principal principal, Model uiModel, HttpServletRequest httpServletRequest) { log.info("delete(): id=" + id); try { String login = principal.getName(); User user = userService.user_findByLogin(login); SurveyDefinition surveyDefinition = surveySettingsService.surveyDefinition_findById(id); // Long departmentId = surveyDefinition.getDepartment().getId(); //Check if the user is authorized if (!securityService.userIsAuthorizedToManageSurvey(id, user)) { log.warn("Unauthorized access to url path " + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } if (surveyDefinition.getStatus().equals(SurveyDefinitionStatus.P) || surveyDefinition.getStatus().equals(SurveyDefinitionStatus.D)) { //you may not delete a survey that has been published log.warn("Attempt to delete a survey that has been published path:" + httpServletRequest.getPathInfo() + " attempted by user login:" + principal.getName() + "from IP:" + httpServletRequest.getLocalAddr()); return "accessDenied"; } surveySettingsService.surveyDefinition_remove(surveyDefinition); uiModel.asMap().clear(); return "redirect:/settings/surveyDefinitions/"; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Populates the model with the survey definition and the list of departments * @param uiModel * @param surveyDefinition * @param user * @param day * @param day */ void populateEditForm(Model uiModel, SurveyDefinition surveyDefinition, User user) { log.info("populateEditForm()"); try { if (surveyDefinition.getDepartment() != null) { surveyDefinition.setDepartment( surveySettingsService.department_findById(surveyDefinition.getDepartment().getId())); } uiModel.addAttribute("surveyDefinition", surveyDefinition); uiModel.addAttribute("departments", surveySettingsService.department_findAll(user)); uiModel.addAttribute("autoRemindersDays", surveySettingsService.day_findAll()); uiModel.addAttribute("socrataPublishDays", surveySettingsService.day_findAll()); } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /** * Encodes a string path suing the httpServletRequest Character Encoding * @param pathSegment * @param httpServletRequest * @return */ String encodeUrlPathSegment(String pathSegment, HttpServletRequest httpServletRequest) { log.info("encodeUrlPathSegment()"); try { String enc = httpServletRequest.getCharacterEncoding(); if (enc == null) { enc = WebUtils.DEFAULT_CHARACTER_ENCODING; } try { pathSegment = UriUtils.encodePathSegment(pathSegment, enc); } catch (UnsupportedEncodingException uee) { log.error(uee); } return pathSegment; } catch (Exception e) { log.error(e.getMessage(), e); throw (new RuntimeException(e)); } } /* * Handles any runtime exceptions on this controller */ @ExceptionHandler(RuntimeException.class) public String handleRuntimeException(RuntimeException ex, HttpServletRequest request) { log.error(ex); log.error("redirect to /uncaughtException"); return "redirect:/uncaughtException"; } } class HibernateProxyTypeAdapter extends TypeAdapter<HibernateProxy> { public static final TypeAdapterFactory FACTORY = new TypeAdapterFactory() { @Override @SuppressWarnings("unchecked") public <T> TypeAdapter<T> create(Gson gson, TypeToken<T> type) { return (HibernateProxy.class.isAssignableFrom(type.getRawType()) ? (TypeAdapter<T>) new HibernateProxyTypeAdapter(gson) : null); } }; private final Gson context; private HibernateProxyTypeAdapter(Gson context) { this.context = context; } @Override public HibernateProxy read(JsonReader in) throws IOException { throw new UnsupportedOperationException("Not supported"); } @SuppressWarnings({ "rawtypes", "unchecked" }) @Override public void write(JsonWriter out, HibernateProxy value) throws IOException { if (value == null) { out.nullValue(); return; } // Retrieve the original (not proxy) class Class<?> baseType = Hibernate.getClass(value); // Get the TypeAdapter of the original class, to delegate the serialization TypeAdapter delegate = context.getAdapter(TypeToken.get(baseType)); // Get a filled instance of the original class Object unproxiedValue = ((HibernateProxy) value).getHibernateLazyInitializer().getImplementation(); // Serialize the value delegate.write(out, unproxiedValue); } } class TargetStrategy implements ExclusionStrategy { private static Logger log = LoggerFactory.getLogger(TargetStrategy.class); private Class<?> target; private String[] fields; private Class<?>[] clazz; private boolean reverse; public TargetStrategy(Class<?> target) { super(); this.target = target; } @Override public boolean shouldSkipClass(Class<?> class1) { return false; } @Override public boolean shouldSkipField(FieldAttributes fieldattributes) { Class<?> owner = fieldattributes.getDeclaringClass(); Class<?> c = fieldattributes.getDeclaredClass(); String f = fieldattributes.getName(); boolean isSkip = false; if (owner == target) { if (ArrayUtils.contains(fields, f)) { log.debug("fitler field:{} for class:{}", f, owner); isSkip = true; } if (ArrayUtils.contains(clazz, c)) { log.debug("fitler class:{} for class:{}", c, owner); isSkip = true; } if (reverse) { isSkip = !isSkip; } } return isSkip; } public void setFields(String[] fields) { this.fields = fields; } public void setClazz(Class<?>[] clazz) { this.clazz = clazz; } public void setReverse(boolean reverse) { this.reverse = reverse; } }