/*
* Copyright 2000-2013 Enonic AS
* http://www.enonic.com/license
*/
package com.enonic.cms.server.service.admin.mvc.controller;
import java.io.IOException;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.AbstractController;
import com.enonic.cms.framework.util.HttpServletUtil;
import com.enonic.cms.core.content.access.ContentAccessResolver;
import com.enonic.cms.core.image.ImageRequest;
import com.enonic.cms.core.image.ImageRequestParser;
import com.enonic.cms.core.image.ImageResponse;
import com.enonic.cms.core.portal.image.ImageProcessorException;
import com.enonic.cms.core.portal.image.ImageRequestAccessResolver;
import com.enonic.cms.core.portal.image.ImageService;
import com.enonic.cms.core.portal.rendering.tracing.RenderTrace;
import com.enonic.cms.core.security.SecurityService;
import com.enonic.cms.core.security.user.User;
import com.enonic.cms.core.security.user.UserEntity;
import com.enonic.cms.store.dao.ContentDao;
import com.enonic.cms.store.dao.GroupDao;
public final class ImageController
extends AbstractController
{
private static final Logger LOG = LoggerFactory.getLogger( ImageController.class );
private ImageService imageService;
private boolean disableParamEncoding = true;
private final ImageRequestParser requestParser = new ImageRequestParser( true );
private SecurityService securityService;
private ContentDao contentDao;
private GroupDao groupDao;
public final ModelAndView handleRequestInternal( HttpServletRequest request, HttpServletResponse response )
throws Exception
{
ImageRequest imageRequest = createImageRequest( request );
process( imageRequest, response );
return null;
}
private ImageRequest createImageRequest( HttpServletRequest request )
{
HashMap<String, String> params = new HashMap<String, String>();
Enumeration e = request.getParameterNames();
while ( e.hasMoreElements() )
{
String key = (String) e.nextElement();
params.put( key, request.getParameter( key ) );
}
boolean encodeParams = !( this.disableParamEncoding || RenderTrace.isTraceOn() );
ImageRequest imageRequest = this.requestParser.parse( request.getPathInfo(), params, encodeParams );
imageRequest.setRequester( resolveRequester() );
imageRequest.setRequestDateTime( new DateTime() );
return imageRequest;
}
private User resolveRequester()
{
return securityService.getLoggedInAdminConsoleUser();
}
private void process( ImageRequest req, HttpServletResponse res )
throws IOException
{
if ( !hasRequestAccess( req ) )
{
res.sendError( HttpServletResponse.SC_NOT_FOUND );
return;
}
try
{
ImageResponse imageResponse = this.imageService.process( req );
if ( imageResponse.isImageNotFound() )
{
res.sendError( HttpServletResponse.SC_NOT_FOUND );
}
else
{
res.setContentType( imageResponse.getMimeType() );
res.setContentLength( imageResponse.getSize() );
HttpServletUtil.copyNoCloseOut( imageResponse.getDataAsStream(), res.getOutputStream() );
}
}
catch ( ImageProcessorException e )
{
LOG.warn( e.getMessage(), e );
res.sendError( HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.getMessage() );
}
}
private boolean hasRequestAccess( final ImageRequest imageRequest )
{
final UserEntity loggedInPortalUser = securityService.getLoggedInAdminConsoleUserAsEntity();
ImageRequestAccessResolver.Access access =
new ImageRequestAccessResolver( contentDao, new ContentAccessResolver( groupDao ) ).imageRequester(
loggedInPortalUser ).isAccessible( imageRequest );
return access == ImageRequestAccessResolver.Access.OK;
}
@Autowired
public void setImageService( ImageService imageService )
{
this.imageService = imageService;
}
public void setDisableParamEncoding( boolean disableParamEncoding )
{
this.disableParamEncoding = disableParamEncoding;
}
@Autowired
public void setSecurityService( SecurityService securityService )
{
this.securityService = securityService;
}
@Autowired
public void setContentDao( ContentDao contentDao )
{
this.contentDao = contentDao;
}
@Autowired
public void setGroupDao( GroupDao groupDao )
{
this.groupDao = groupDao;
}
}