ShowMediaServlet.java

/**********************************************************************************
 * $URL: https://source.sakaiproject.org/svn/sam/trunk/samigo-app/src/java/org/sakaiproject/tool/assessment/ui/servlet/delivery/ShowMediaServlet.java $
 * $Id: ShowMediaServlet.java 106463 2012-04-02 12:20:09Z david.horwitz@uct.ac.za $
 ***********************************************************************************
 *
 * Copyright (c) 2005, 2006, 2008, 2009 The Sakai Foundation
 *
 * Licensed under the Educational Community License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *       http://www.opensource.org/licenses/ECL-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 **********************************************************************************/



package org.sakaiproject.tool.assessment.ui.servlet.delivery;
import org.sakaiproject.authz.cover.SecurityService;
import org.sakaiproject.tool.assessment.services.assessment.PublishedAssessmentService;
import org.sakaiproject.tool.assessment.services.GradingService;
import org.sakaiproject.tool.assessment.data.dao.grading.MediaData;
import org.sakaiproject.tool.assessment.data.ifc.assessment.PublishedAssessmentIfc;
import org.sakaiproject.tool.assessment.data.ifc.shared.TypeIfc;
import org.sakaiproject.tool.assessment.facade.AgentFacade;
import org.sakaiproject.tool.assessment.ui.bean.shared.PersonBean;
import org.sakaiproject.tool.assessment.ui.listener.util.ContextUtil;
import java.io.*;

import javax.servlet.ServletException;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.RequestDispatcher;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * <p>Title: Samigo</p>
 * <p>Description: Sakai Assessment Manager</p>
 * @author Ed Smiley
 * @version $Id: ShowMediaServlet.java 106463 2012-04-02 12:20:09Z david.horwitz@uct.ac.za $
 */

public class ShowMediaServlet extends HttpServlet
{
  /**
	 * 
	 */
	private static final long serialVersionUID = 2203681863823855810L;
private static Log log = LogFactory.getLog(ShowMediaServlet.class);

  public ShowMediaServlet()
  {
  }

  public void doGet(HttpServletRequest req, HttpServletResponse res)
      throws ServletException, IOException
  {
    doPost(req,res);
  }

  public void doPost(HttpServletRequest req, HttpServletResponse res)
      throws ServletException, IOException
  {
	  String agentIdString = getAgentString(req, res);
	  if (agentIdString == null) {
		  String path = "/jsf/delivery/mediaAccessDenied.faces";
		  RequestDispatcher dispatcher = req.getRequestDispatcher(path);
		  dispatcher.forward(req, res);
		  return;
	  } 
	  String mediaId = req.getParameter("mediaId");
	  if (mediaId == null || mediaId.trim().equals("")) {
			  return;
	  }
	  
	// get media
    GradingService gradingService = new GradingService();
    MediaData mediaData = gradingService.getMedia(mediaId);
    String mediaLocation = mediaData.getLocation();
    int fileSize = mediaData.getFileSize().intValue();
    log.info("****1. media file size="+fileSize);

    //if setMimeType="false" in query string, implies, we want to do a forced download
    //in this case, we set contentType='application/octet-stream'
    String setMimeType = req.getParameter("setMimeType");
    log.info("****2. setMimeType="+setMimeType);

    // get assessment's ownerId
    // String assessmentCreatedBy = req.getParameter("createdBy");

    // who can access the media? You can,
    // a. if you are the creator.
    // b. if you have a assessment.grade.any or assessment.grade.own permission
    boolean accessDenied = true;
    String currentSiteId="";
    boolean isAudio = false;
    Long assessmentGradingId = mediaData.getItemGradingData().getAssessmentGradingId();
    PublishedAssessmentIfc pub = gradingService.getPublishedAssessmentByAssessmentGradingId(assessmentGradingId.toString()); 
    if (pub!=null){
      PublishedAssessmentService service = new PublishedAssessmentService();
      currentSiteId = service.getPublishedAssessmentOwner(pub.getPublishedAssessmentId());
    }

    // some log checking
    //log.debug("agentIdString ="+agentIdString);
    //log.debug("****current site Id ="+currentSiteId);
    
    boolean hasPrivilege = agentIdString !=null &&
    	(agentIdString.equals(mediaData.getCreatedBy()) // user is creator
    	 || canGrade(req, res, agentIdString, currentSiteId));
    if (hasPrivilege) {
      accessDenied = false;
    }
    if (accessDenied){
      String path = "/jsf/delivery/mediaAccessDenied.faces";
      RequestDispatcher dispatcher = req.getRequestDispatcher(path);
      dispatcher.forward(req, res);
    }
    else {
      String displayType="inline";
      if (mediaData.getMimeType()!=null && !mediaData.getMimeType().equals("application/octet-stream") && !(setMimeType!=null && ("false").equals(setMimeType))){
          res.setContentType(mediaData.getMimeType());
      }
      else {
        displayType="attachment";
        res.setContentType("application/octet-stream");
      }
      log.debug("****"+displayType+";filename=\""+mediaData.getFilename()+"\";");
      res.setHeader("Content-Disposition", displayType+";filename=\""+mediaData.getFilename()+"\";");

      res.setContentLength(fileSize);
      //** note that res.setContentType() must be called before res.getOutputStream(). see javadoc on this
      FileInputStream inputStream = null;
      BufferedInputStream buf_inputStream = null;
      ServletOutputStream outputStream = res.getOutputStream();
      BufferedOutputStream buf_outputStream = null;
      ByteArrayInputStream byteArrayInputStream = null;
      if (mediaLocation == null || (mediaLocation.trim()).equals("")){
        try{
          byte[] media = mediaData.getMedia();
          byteArrayInputStream = new ByteArrayInputStream(media);
          buf_inputStream = new BufferedInputStream(byteArrayInputStream);
          log.debug("**** media.length="+media.length);
        }
        catch(Exception e){
          log.error("****empty media save to DB="+e.getMessage());
        }
      }
      else{
    	  try{
    		  inputStream = getFileStream(mediaLocation);
    		  buf_inputStream = new BufferedInputStream(inputStream);
    	  }
    	  catch(Exception e){
    		  log.error("****empty media save to file ="+e.getMessage());
    	  }

      }

      //int count=0;
      try{
    	  
    	  buf_outputStream = new BufferedOutputStream(outputStream);
        int i=0;
        if (buf_inputStream != null)  {
        while ( (i=buf_inputStream.read()) != -1){
            //System.out.print(i);
            buf_outputStream.write(i);
            //count++;
          }
        }
        log.debug("**** mediaLocation="+mediaLocation);
        //res.setContentLength(count);
        
        res.flushBuffer();
      }
      catch(Exception e){
        log.warn(e.getMessage());
      }
      finally {
    	  if (buf_outputStream != null) {
			  try {
				  buf_outputStream.close();
			  }
			  catch(IOException e) {
				  log.error(e.getMessage());
			  }
    	  }
    	  if (buf_inputStream != null) {
			  try {
				  buf_inputStream.close();
			  }
			  catch(IOException e) {
				  log.error(e.getMessage());
			  }
    	  }
          if (inputStream != null) {
			  try {
				  inputStream.close();
			  }
			  catch(IOException e) {
				  log.error(e.getMessage());
			  }
          }
          if (outputStream != null) {
			  try {
				  outputStream.close();
			  }
			  catch(IOException e) {
				  log.error(e.getMessage());
			  }
          }
          if (byteArrayInputStream != null) {
			  try {
				  byteArrayInputStream.close();
			  }
			  catch(IOException e) {
				  log.error(e.getMessage());
			  }
          }
      }
    }
  }

  private FileInputStream getFileStream(String mediaLocation){
    FileInputStream inputStream=null;
    try{
      File media=new File(mediaLocation);
      inputStream = new FileInputStream(media);
    }
    catch (FileNotFoundException ex) {
      log.warn("file not found="+ex.getMessage());
    }
    return inputStream;
  }

  public String getAgentString(HttpServletRequest req,  HttpServletResponse res){ 
      //String agentIdString = req.getRemoteUser();
    String agentIdString = AgentFacade.getAgentString();
    if (agentIdString == null || agentIdString.equals("")){ // try this
      PersonBean person = (PersonBean) ContextUtil.lookupBeanFromExternalServlet(
			   "person", req, res);
      agentIdString = person.getAnonymousId();
    }
    return agentIdString;
  }

  public boolean canGrade(HttpServletRequest req,  HttpServletResponse res,
                          String agentId, String currentSiteId){
    boolean hasPrivilege_any = hasPrivilege(req, "grade_any_assessment", currentSiteId);
    boolean hasPrivilege_own = hasPrivilege(req, "grade_own_assessment", currentSiteId);
    log.debug("hasPrivilege_any="+hasPrivilege_any);
    log.debug("hasPrivilege_own="+hasPrivilege_own);
    boolean hasPrivilege = (hasPrivilege_any || hasPrivilege_own);
    return hasPrivilege;    

  }


  public boolean isOwner(String agentId, String ownerId){
    boolean isOwner = false;
    isOwner = agentId.equals(ownerId);
    return isOwner;
  }
  
  public boolean hasPrivilege(HttpServletRequest req, String functionKey, String context){
	  String functionName=(String)ContextUtil.getLocalizedString(req,"org.sakaiproject.tool.assessment.bundle.AuthzPermissions", functionKey);
	  boolean privilege = SecurityService.unlock(functionName, "/site/"+context);
	  return privilege;
  }
}