AjaxFilter.java

/**********************************************************************************
 * $URL: 
 * $Id: 
 ***********************************************************************************
 *
 * Author: Charles Hedrick, hedrick@rutgers.edu
 *
 * Copyright (c) 2012 Rutgers, the State University of New Jersey
 *
 * Licensed under the Educational Community License, Version 2.0 (the "License");                                                                
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.opensource.org/licenses/ECL-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 **********************************************************************************/

package org.sakaiproject.lessonbuildertool;
 
import javax.servlet.*;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.site.api.ToolConfiguration; 
import org.sakaiproject.tool.api.Tool;
import org.sakaiproject.site.api.Site;
import org.sakaiproject.site.cover.SiteService;
import org.sakaiproject.user.cover.UserDirectoryService;

public class AjaxFilter implements javax.servlet.Filter
{
    private FilterConfig filterConfig;
 
    public void doFilter(ServletRequest request, ServletResponse response,
			 FilterChain chain) 
	throws java.io.IOException, javax.servlet.ServletException
    {
	// rsf does this:
	//Tool tool = (Tool) request.getAttribute("sakai.tool");
	//placement = (Placement) request.getAttribute("sakai.tool.placement");
	// we need to set it.

	String placementId = request.getParameter("placementId");
	ToolConfiguration placement = SiteService.findTool(placementId);
	String siteId = placement.getSiteId();
	// there was some concern whether it's safe to set up a placement to which the
	// user doesn't have access. So check whether the user is in the associated site
	// the user ID comes from requestfilter, which is run before this
	try {
	    Site site = SiteService.getSite(siteId);
	    String currentUserId = UserDirectoryService.getCurrentUser().getId();
	    Tool tool = placement.getTool();
	    if (site != null && site.getUserRole(currentUserId) != null) {
		request.setAttribute("sakai.tool", tool);
		request.setAttribute("sakai.tool.placement", placement);
	    }
	} catch (Exception impossible) {
	}
	chain.doFilter(request, response);
    }
 
    public void init(final FilterConfig filterConfig)
    {
        this.filterConfig = filterConfig;
    }
 
    public void destroy()
    {
        filterConfig = null;
    }
}