diff --git a/src/java/fr/paris/lutece/portal/business/portlet/AliasPortlet.java b/src/java/fr/paris/lutece/portal/business/portlet/AliasPortlet.java index 3ad7a6dd42..c932513115 100644 --- a/src/java/fr/paris/lutece/portal/business/portlet/AliasPortlet.java +++ b/src/java/fr/paris/lutece/portal/business/portlet/AliasPortlet.java @@ -84,6 +84,12 @@ public int getAliasId( ) @Override public boolean isContentGeneratedByXmlAndXsl( ) { + if ( getAliasId( ) == 0 ) + { + // alias Id not yet set. We don't yet know how we're generated + // saying false means we don't yet need a styleId + return false; + } Portlet portletParent = PortletHome.findByPrimaryKey( getAliasId( ) ); return portletParent.isContentGeneratedByXmlAndXsl( ); } diff --git a/src/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBean.java b/src/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBean.java index c077b84cfc..83700dc6eb 100644 --- a/src/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBean.java +++ b/src/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBean.java @@ -60,11 +60,7 @@ public class AliasPortletJspBean extends PortletJspBean // Right public static final String RIGHT_MANAGE_ADMIN_SITE = "CORE_ADMIN_SITE"; private static final long serialVersionUID = 1894295808070813451L; - private static final String PARAM_PORTLET_NAME = "portlet_name"; - private static final String PARAM_ORDER = "order"; - private static final String PARAM_COLUMN = "column"; private static final String PARAM_ALIAS_ID = "alias_id"; - private static final String PARAM_ACCEPT_ALIAS = "accept_alias"; private static final String MARK_ALIAS_PORTLETS_LIST = "alias_portlets_list"; private static final String MARK_ALIAS_PORTLET = "alias_portlet"; private static final String LABEL_ALIAS_PORTLET_NAME = "portal.site.portlet_alias.portlet.name.label"; @@ -87,33 +83,14 @@ public String doCreate( HttpServletRequest request ) { return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP ); } - - // Gets the parameters of the alias portlet posted in the request - String strName = request.getParameter( PARAM_PORTLET_NAME ); - - // mandatory field - if ( ( strName == null ) || strName.trim( ).equals( "" ) ) + String strError = setPortletCommonData( request, aliasPortlet ); + if ( strError != null ) { - return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP ); + return strError; } - String strOrder = request.getParameter( PARAM_ORDER ); - int nOrder = Integer.parseInt( strOrder ); - String strColumn = request.getParameter( PARAM_COLUMN ); - int nColumn = Integer.parseInt( strColumn ); - String strAcceptAlias = request.getParameter( PARAM_ACCEPT_ALIAS ); - int nAcceptAlias = Integer.parseInt( strAcceptAlias ); - aliasPortlet.setName( strName ); - aliasPortlet.setOrder( nOrder ); - aliasPortlet.setColumn( nColumn ); - aliasPortlet.setAcceptAlias( nAcceptAlias ); - - String strPageId = request.getParameter( PARAMETER_PAGE_ID ); - int nPageId = Integer.parseInt( strPageId ); int nAliasId = Integer.parseInt( strAliasId ); - aliasPortlet.setPageId( nPageId ); aliasPortlet.setAliasId( nAliasId ); - // gets the style of the parent portlet Portlet portlet = PortletHome.findByPrimaryKey( nAliasId ); aliasPortlet.setStyleId( portlet.getStyleId( ) ); @@ -122,7 +99,7 @@ public String doCreate( HttpServletRequest request ) AliasPortletHome.getInstance( ).create( aliasPortlet ); // Displays the page with the new portlet - return getPageUrl( nPageId ); + return getPageUrl( aliasPortlet.getPageId( ) ); } /** @@ -139,24 +116,14 @@ public String doModify( HttpServletRequest request ) String strPortletId = request.getParameter( PARAMETER_PORTLET_ID ); int nPortletId = Integer.parseInt( strPortletId ); AliasPortlet portlet = (AliasPortlet) AliasPortletHome.findByPrimaryKey( nPortletId ); - - // Gets the parameters of the alias portlet posted in the request - String strName = request.getParameter( PARAM_PORTLET_NAME ); - String strOrder = request.getParameter( PARAM_ORDER ); - int nOrder = Integer.parseInt( strOrder ); - String strColumn = request.getParameter( PARAM_COLUMN ); - int nColumn = Integer.parseInt( strColumn ); - - // mandatory field - if ( ( strName == null ) || strName.trim( ).equals( "" ) ) + // detach from previous portlet. Allows to not care about style id + portlet.setAliasId( 0 ); + String strError = setPortletCommonData( request, portlet ); + if ( strError != null ) { - return AdminMessageService.getMessageUrl( request, Messages.MANDATORY_FIELDS, AdminMessage.TYPE_STOP ); + return strError; } - portlet.setName( strName ); - portlet.setOrder( nOrder ); - portlet.setColumn( nColumn ); - String strIdAlias = request.getParameter( PARAM_ALIAS_ID ); int nIdAlias = Integer.parseInt( strIdAlias ); portlet.setAliasId( nIdAlias ); diff --git a/src/java/fr/paris/lutece/portal/web/portlet/PortletJspBean.java b/src/java/fr/paris/lutece/portal/web/portlet/PortletJspBean.java index 966dfbd729..2aa6d8741d 100644 --- a/src/java/fr/paris/lutece/portal/web/portlet/PortletJspBean.java +++ b/src/java/fr/paris/lutece/portal/web/portlet/PortletJspBean.java @@ -39,9 +39,12 @@ import fr.paris.lutece.portal.business.portlet.PortletType; import fr.paris.lutece.portal.business.portlet.PortletTypeHome; import fr.paris.lutece.portal.business.role.RoleHome; +import fr.paris.lutece.portal.service.admin.AccessDeniedException; import fr.paris.lutece.portal.service.message.AdminMessage; import fr.paris.lutece.portal.service.message.AdminMessageService; +import fr.paris.lutece.portal.service.security.SecurityTokenService; import fr.paris.lutece.portal.service.template.AppTemplateService; +import fr.paris.lutece.portal.service.util.AppException; import fr.paris.lutece.portal.service.util.AppLogService; import fr.paris.lutece.portal.service.util.AppPropertiesService; import fr.paris.lutece.portal.web.admin.AdminFeaturesPageJspBean; @@ -56,9 +59,12 @@ import javax.servlet.http.HttpServletRequest; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + /** * This class represents user interface Portlet. It is the base class of all user interface portlets. It is abstract and the implementation of the interface - * PortletJspBeanInterface is compulsary. + * PortletJspBeanInterface is compulsory. */ public abstract class PortletJspBean extends AdminFeaturesPageJspBean { @@ -240,7 +246,11 @@ protected String setPortletCommonData( HttpServletRequest request, Portlet portl return AdminMessageService.getMessageUrl( request, MESSAGE_INVALID_PAGE_ID, AdminMessage.TYPE_STOP ); } - + if ( !SecurityTokenService.getInstance( ).validate( request, TEMPLATE_CREATE_PORTLET ) ) + { + // FIXME we wrap the AccessDeniedException so as to to break the API + throw new AppException( "Invalid security token", new AccessDeniedException( "Invalid security token" ) ); + } int nOrder = Integer.parseInt( strOrder ); int nColumn = Integer.parseInt( strColumn ); int nAcceptAlias = Integer.parseInt( strAcceptAlias ); @@ -321,6 +331,7 @@ protected HtmlTemplate getCreateTemplate( String strPageId, String strPortletTyp model.put( MARK_PORTLET_COLUMNS_COMBO, getColumnsList( ) ); model.put( MARK_PORTLET_STYLES_COMBO, PortletHome.getStylesList( strPortletTypeId ) ); model.put( MARK_PORTLET_ROLES_COMBO, RoleHome.getRolesList( getUser( ) ) ); + model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( getRequest( ), TEMPLATE_CREATE_PORTLET ) ); HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_CREATE_PORTLET, locale, model ); @@ -362,6 +373,7 @@ protected HtmlTemplate getModifyTemplate( Portlet portlet, Map m putCheckBox( model, MARK_NORMAL_CHECKED, portlet.hasDeviceDisplayFlag( Portlet.FLAG_DISPLAY_ON_NORMAL_DEVICE ) ); putCheckBox( model, MARK_LARGE_CHECKED, portlet.hasDeviceDisplayFlag( Portlet.FLAG_DISPLAY_ON_LARGE_DEVICE ) ); putCheckBox( model, MARK_XLARGE_CHECKED, portlet.hasDeviceDisplayFlag( Portlet.FLAG_DISPLAY_ON_XLARGE_DEVICE ) ); + model.put( SecurityTokenService.MARK_TOKEN, SecurityTokenService.getInstance( ).getToken( getRequest( ), TEMPLATE_CREATE_PORTLET ) ); HtmlTemplate template = AppTemplateService.getTemplate( TEMPLATE_MODIFY_PORTLET, getLocale( ), model ); @@ -395,4 +407,15 @@ protected String getPageUrl( int nIdPage ) { return JSP_ADMIN_SITE + "?" + PARAMETER_PAGE_ID + "=" + nIdPage; } + + /** + * Gets the current request + * + * @return the current request + */ + private HttpServletRequest getRequest( ) + { + ServletRequestAttributes sra = ( ServletRequestAttributes ) RequestContextHolder.getRequestAttributes( ); + return sra.getRequest( ); + } } diff --git a/src/test/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBeanTest.java b/src/test/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBeanTest.java new file mode 100644 index 0000000000..e163f664e8 --- /dev/null +++ b/src/test/java/fr/paris/lutece/portal/web/portlet/AliasPortletJspBeanTest.java @@ -0,0 +1,302 @@ +/* + * Copyright (c) 2002-2017, Mairie de Paris + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright notice + * and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice + * and the following disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * License 1.0 + */ +package fr.paris.lutece.portal.web.portlet; + +import java.math.BigInteger; +import java.security.SecureRandom; +import java.util.Collection; +import java.util.Random; + +import org.springframework.mock.web.MockHttpServletRequest; + +import fr.paris.lutece.portal.business.portlet.AliasPortlet; +import fr.paris.lutece.portal.business.portlet.AliasPortletHome; +import fr.paris.lutece.portal.business.portlet.Portlet; +import fr.paris.lutece.portal.business.portlet.PortletType; +import fr.paris.lutece.portal.business.portlet.PortletTypeHome; +import fr.paris.lutece.portal.service.admin.AccessDeniedException; +import fr.paris.lutece.portal.service.security.SecurityTokenService; +import fr.paris.lutece.portal.service.util.AppException; +import fr.paris.lutece.portal.web.admin.AdminPagePortletJspBeanTest.TestPortletHome; +import fr.paris.lutece.portal.web.constants.Parameters; +import fr.paris.lutece.test.LuteceTestCase; + +public class AliasPortletJspBeanTest extends LuteceTestCase +{ + private PortletType _portletType; + private TestPortlet _portlet; + private AliasPortletJspBean _instance; + + @Override + protected void setUp( ) throws Exception + { + super.setUp( ); + _portletType = new PortletType( ); + _portletType.setId( getRandomName( ) ); + _portletType.setHomeClass( TestPortletHome.class.getName( ) ); + PortletTypeHome.create( _portletType ); + _portlet = new TestPortlet( _portletType.getId( ) ); + _portlet.setName( getRandomName( ) ); + _portlet.setHomeClassName( TestPortletHome.class.getName( ) ); + _portlet.setPageId( 1 ); + _portlet.setAcceptAlias( 1 ); + TestPortletHome _testPortletHome = new TestPortletHome( ); + _testPortletHome.create( _portlet ); + _instance = new AliasPortletJspBean( ); + } + + @Override + protected void tearDown( ) throws Exception + { + Collection aliases = AliasPortletHome.getAliasList( _portlet.getId( ) ); // only + // loads + // Ids + if ( aliases != null ) + { + for ( Portlet alias : aliases ) + { + AliasPortletHome.findByPrimaryKey( alias.getId( ) ).remove( ); + } + } + TestPortletHome _testPortletHome = new TestPortletHome( ); + _testPortletHome.remove( _portlet ); + PortletTypeHome.remove( _portletType.getId( ) ); + super.tearDown( ); + } + + private String getRandomName( ) + { + Random rand = new SecureRandom( ); + BigInteger bigInt = new BigInteger( 128, rand ); + return "junit" + bigInt.toString( 36 ); + } + + public void testDoCreate( ) + { + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) ); + + _instance.doCreate( request ); + + Collection aliases = AliasPortletHome.getAliasList( _portlet.getId( ) ); // only + // loads + // Ids + assertNotNull( aliases ); + assertEquals( 1, aliases.size( ) ); + Portlet alias = aliases.stream( ).findFirst( ).orElseThrow( IllegalStateException::new ); + alias = AliasPortletHome.findByPrimaryKey( alias.getId( ) ); + assertEquals( strName, alias.getName( ) ); + assertEquals( 2, alias.getOrder( ) ); + assertEquals( 2, alias.getColumn( ) ); + assertEquals( 0, alias.getAcceptAlias( ) ); + assertEquals( 1, alias.getDisplayPortletTitle( ) ); + } + + public void testDoCreateInvalidToken( ) + { + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) + "b" ); + + try + { + _instance.doCreate( request ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + Collection aliases = AliasPortletHome.getAliasList( _portlet.getId( ) ); + assertNotNull( aliases ); + assertEquals( 0, aliases.size( ) ); + } + } + + public void testDoCreateNoToken( ) + { + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + + try + { + _instance.doCreate( request ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + Collection aliases = AliasPortletHome.getAliasList( _portlet.getId( ) ); + assertNotNull( aliases ); + assertEquals( 0, aliases.size( ) ); + } + } + + public void testDoModify( ) + { + AliasPortlet alias = new AliasPortlet( ); + alias.setAliasId( _portlet.getId( ) ); + alias.setPageId( 1 ); + alias.setPortletTypeId( AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + AliasPortletHome.getInstance( ).create( alias ); + + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "portlet_id", Integer.toString( alias.getId( ) ) ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) ); + + _instance.doModify( request ); + + AliasPortlet stored = ( AliasPortlet ) AliasPortletHome.findByPrimaryKey( alias.getId( ) ); + assertNotNull( stored ); + assertEquals( strName, stored.getName( ) ); + assertEquals( 2, stored.getOrder( ) ); + assertEquals( 2, stored.getColumn( ) ); + assertEquals( 0, stored.getAcceptAlias( ) ); + assertEquals( 1, stored.getDisplayPortletTitle( ) ); + } + + public void testDoModifyInvalidToken( ) + { + AliasPortlet alias = new AliasPortlet( ); + alias.setAliasId( _portlet.getId( ) ); + alias.setPageId( 1 ); + alias.setPortletTypeId( AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + AliasPortletHome.getInstance( ).create( alias ); + + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "portlet_id", Integer.toString( alias.getId( ) ) ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) + "b" ); + + try + { + _instance.doModify( request ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + AliasPortlet stored = ( AliasPortlet ) AliasPortletHome.findByPrimaryKey( alias.getId( ) ); + assertNotNull( stored ); + assertNull( stored.getName( ) ); + assertEquals( 0, stored.getOrder( ) ); + assertEquals( 0, stored.getColumn( ) ); + assertEquals( 0, stored.getAcceptAlias( ) ); + assertEquals( 0, stored.getDisplayPortletTitle( ) ); + } + } + + public void testDoModifyNoToken( ) + { + AliasPortlet alias = new AliasPortlet( ); + alias.setAliasId( _portlet.getId( ) ); + alias.setPageId( 1 ); + alias.setPortletTypeId( AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + AliasPortletHome.getInstance( ).create( alias ); + + MockHttpServletRequest request = new MockHttpServletRequest( ); + request.setParameter( "portlet_id", Integer.toString( alias.getId( ) ) ); + request.setParameter( "alias_id", Integer.toString( _portlet.getId( ) ) ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "2" ); + request.setParameter( Parameters.COLUMN, "2" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "0" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.PORTLET_TYPE_ID, AliasPortletHome.getInstance( ).getPortletTypeId( ) ); + request.setParameter( "page_id", "1" ); + + try + { + _instance.doModify( request ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + AliasPortlet stored = ( AliasPortlet ) AliasPortletHome.findByPrimaryKey( alias.getId( ) ); + assertNotNull( stored ); + assertNull( stored.getName( ) ); + assertEquals( 0, stored.getOrder( ) ); + assertEquals( 0, stored.getColumn( ) ); + assertEquals( 0, stored.getAcceptAlias( ) ); + assertEquals( 0, stored.getDisplayPortletTitle( ) ); + } + } +} diff --git a/src/test/java/fr/paris/lutece/portal/web/portlet/PortletJspBeanTest.java b/src/test/java/fr/paris/lutece/portal/web/portlet/PortletJspBeanTest.java new file mode 100644 index 0000000000..cc5ae305df --- /dev/null +++ b/src/test/java/fr/paris/lutece/portal/web/portlet/PortletJspBeanTest.java @@ -0,0 +1,185 @@ +/* + * Copyright (c) 2002-2017, Mairie de Paris + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright notice + * and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice + * and the following disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * License 1.0 + */ +package fr.paris.lutece.portal.web.portlet; + +import java.math.BigInteger; +import java.security.SecureRandom; +import java.util.HashMap; +import java.util.Map; +import java.util.Random; + +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import fr.paris.lutece.portal.business.portlet.Portlet; +import fr.paris.lutece.portal.business.user.AdminUser; +import fr.paris.lutece.portal.service.admin.AccessDeniedException; +import fr.paris.lutece.portal.service.admin.PasswordResetException; +import fr.paris.lutece.portal.service.security.SecurityTokenService; +import fr.paris.lutece.portal.service.util.AppException; +import fr.paris.lutece.portal.web.constants.Parameters; +import fr.paris.lutece.test.LuteceTestCase; +import fr.paris.lutece.test.Utils; + +public class PortletJspBeanTest extends LuteceTestCase +{ + public void testGetCreateTemplate( ) throws PasswordResetException, AccessDeniedException + { + PortletJspBean instance = new TestPortletJspBean( ); + MockHttpServletRequest request = new MockHttpServletRequest( ); + Utils.registerAdminUserWithRigth( request, new AdminUser( ), PortletJspBean.RIGHT_MANAGE_ADMIN_SITE ); + instance.init( request, PortletJspBean.RIGHT_MANAGE_ADMIN_SITE ); + RequestContextHolder.setRequestAttributes( new ServletRequestAttributes( request ) ); + + Map model = new HashMap<>( ); + assertNotNull( instance.getCreateTemplate( "1", "ALIAS_PORTLET", model ) ); + assertTrue( model.containsKey( SecurityTokenService.MARK_TOKEN ) ); + } + + public void testGetModifyTemplateTemplate( ) throws PasswordResetException, AccessDeniedException + { + PortletJspBean instance = new TestPortletJspBean( ); + MockHttpServletRequest request = new MockHttpServletRequest( ); + Utils.registerAdminUserWithRigth( request, new AdminUser( ), PortletJspBean.RIGHT_MANAGE_ADMIN_SITE ); + instance.init( request, PortletJspBean.RIGHT_MANAGE_ADMIN_SITE ); + RequestContextHolder.setRequestAttributes( new ServletRequestAttributes( request ) ); + + Map model = new HashMap<>( ); + model.put( "alias_portlet", "1" ); + Portlet portlet = new TestPortlet( "ALIAS_PORTLET" ); + assertNotNull( instance.getModifyTemplate( portlet, model ) ); + assertTrue( model.containsKey( SecurityTokenService.MARK_TOKEN ) ); + } + + public void testSetPortletCommonData( ) + { + PortletJspBean instance = new TestPortletJspBean( ); + MockHttpServletRequest request = new MockHttpServletRequest( ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "1" ); + request.setParameter( Parameters.COLUMN, "1" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "1" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.STYLE, "1" ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) ); + Portlet portlet = new TestPortlet( "ALIAS_PORTLET" ); + instance.setPortletCommonData( request, portlet ); + + assertEquals( strName, portlet.getName( ) ); + assertEquals( 1, portlet.getOrder( ) ); + assertEquals( 1, portlet.getColumn( ) ); + assertEquals( 1, portlet.getAcceptAlias( ) ); + assertEquals( 1, portlet.getDisplayPortletTitle( ) ); + assertEquals( 1, portlet.getStyleId( ) ); + assertEquals( 1, portlet.getPageId( ) ); + } + + public void testSetPortletCommonDataInvalidToken( ) + { + PortletJspBean instance = new TestPortletJspBean( ); + MockHttpServletRequest request = new MockHttpServletRequest( ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "1" ); + request.setParameter( Parameters.COLUMN, "1" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "1" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.STYLE, "1" ); + request.setParameter( "page_id", "1" ); + request.setParameter( SecurityTokenService.PARAMETER_TOKEN, + SecurityTokenService.getInstance( ).getToken( request, "admin/portlet/create_portlet.html" ) + "b" ); + Portlet portlet = new TestPortlet( "ALIAS_PORTLET" ); + try + { + instance.setPortletCommonData( request, portlet ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertNotNull( e.getCause( ) ); + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + assertEquals( "ALIAS_PORTLET", portlet.getName( ) ); + assertEquals( 0, portlet.getOrder( ) ); + assertEquals( 0, portlet.getColumn( ) ); + assertEquals( 0, portlet.getAcceptAlias( ) ); + assertEquals( 0, portlet.getDisplayPortletTitle( ) ); + assertEquals( 0, portlet.getStyleId( ) ); + assertEquals( 0, portlet.getPageId( ) ); + } + } + + public void testSetPortletCommonDataNoToken( ) + { + PortletJspBean instance = new TestPortletJspBean( ); + MockHttpServletRequest request = new MockHttpServletRequest( ); + String strName = getRandomName( ); + request.setParameter( Parameters.PORTLET_NAME, strName ); + request.setParameter( Parameters.ORDER, "1" ); + request.setParameter( Parameters.COLUMN, "1" ); + request.setParameter( Parameters.ACCEPT_ALIAS, "1" ); + request.setParameter( Parameters.DISPLAY_PORTLET_TITLE, "1" ); + request.setParameter( Parameters.STYLE, "1" ); + request.setParameter( "page_id", "1" ); + + Portlet portlet = new TestPortlet( "ALIAS_PORTLET" ); + try + { + instance.setPortletCommonData( request, portlet ); + fail( "Should have thrown" ); + } + catch ( AppException e ) + { + assertNotNull( e.getCause( ) ); + assertTrue( e.getCause( ) instanceof AccessDeniedException ); + assertEquals( "ALIAS_PORTLET", portlet.getName( ) ); + assertEquals( 0, portlet.getOrder( ) ); + assertEquals( 0, portlet.getColumn( ) ); + assertEquals( 0, portlet.getAcceptAlias( ) ); + assertEquals( 0, portlet.getDisplayPortletTitle( ) ); + assertEquals( 0, portlet.getStyleId( ) ); + assertEquals( 0, portlet.getPageId( ) ); + } + } + + private String getRandomName( ) + { + Random rand = new SecureRandom( ); + BigInteger bigInt = new BigInteger( 128, rand ); + return "junit" + bigInt.toString( 36 ); + } +} diff --git a/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortlet.java b/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortlet.java new file mode 100644 index 0000000000..4507861f5e --- /dev/null +++ b/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortlet.java @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2002-2017, Mairie de Paris + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright notice + * and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice + * and the following disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * License 1.0 + */ +package fr.paris.lutece.portal.web.portlet; + +import javax.servlet.http.HttpServletRequest; + +import fr.paris.lutece.portal.business.portlet.Portlet; +import fr.paris.lutece.portal.service.message.SiteMessageException; + +final class TestPortlet extends Portlet +{ + public TestPortlet( String strTypeId ) + { + setPortletTypeId( strTypeId ); + setName( strTypeId ); + } + + @Override + public String getXmlDocument( HttpServletRequest request ) throws SiteMessageException + { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getXml( HttpServletRequest request ) throws SiteMessageException + { + // TODO Auto-generated method stub + return null; + } + + @Override + public void remove( ) + { + // TODO Auto-generated method stub + + } +} \ No newline at end of file diff --git a/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortletJspBean.java b/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortletJspBean.java new file mode 100644 index 0000000000..6ee3803050 --- /dev/null +++ b/src/test/java/fr/paris/lutece/portal/web/portlet/TestPortletJspBean.java @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2002-2017, Mairie de Paris + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright notice + * and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright notice + * and the following disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + * License 1.0 + */ +package fr.paris.lutece.portal.web.portlet; + +import javax.servlet.http.HttpServletRequest; + +final class TestPortletJspBean extends PortletJspBean +{ + private static final long serialVersionUID = 1L; + + @Override + public String getModify( HttpServletRequest request ) + { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getCreate( HttpServletRequest request ) + { + // TODO Auto-generated method stub + return null; + } + + @Override + public String doModify( HttpServletRequest request ) + { + // TODO Auto-generated method stub + return null; + } + + @Override + public String doCreate( HttpServletRequest request ) + { + // TODO Auto-generated method stub + return null; + } +} \ No newline at end of file diff --git a/webapp/WEB-INF/templates/admin/portlet/create_portlet.html b/webapp/WEB-INF/templates/admin/portlet/create_portlet.html index c5822b99ab..51ace24d15 100644 --- a/webapp/WEB-INF/templates/admin/portlet/create_portlet.html +++ b/webapp/WEB-INF/templates/admin/portlet/create_portlet.html @@ -1,6 +1,7 @@ <#if portletType.createScriptTemplate != "" ><#include portletType.createScriptTemplate! /> - <@tform method='post' name='form' id='form-portlet' action='jsp/admin/${portletType.doCreateUrl}' params='target="_top"'> + <@tform method='post' name='form' id='form-portlet' action='jsp/admin/${portletType.doCreateUrl}' params='target="_top"'> + <@fieldSet legend='#i18n{portal.site.portletType.labelCreate}  ${portletType.name}'> diff --git a/webapp/WEB-INF/templates/admin/portlet/modify_portlet.html b/webapp/WEB-INF/templates/admin/portlet/modify_portlet.html index 4debae754b..29f75edf40 100644 --- a/webapp/WEB-INF/templates/admin/portlet/modify_portlet.html +++ b/webapp/WEB-INF/templates/admin/portlet/modify_portlet.html @@ -1,5 +1,6 @@ <#if portletType.modifyScriptTemplate != "" ><#include portletType.modifyScriptTemplate /> <@tform method='post' id='form-portlet' name='form' action='jsp/admin/${portletType.doModifyUrl}' params='target="_top"'> + <@fieldSet legend='${portletType.name} #i18n{portal.site.portletType.labelModify}'>