001/*
002 * This library is part of OpenCms -
003 * the Open Source Content Management System
004 *
005 * Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
006 *
007 * This library is free software; you can redistribute it and/or
008 * modify it under the terms of the GNU Lesser General Public
009 * License as published by the Free Software Foundation; either
010 * version 2.1 of the License, or (at your option) any later version.
011 *
012 * This library is distributed in the hope that it will be useful,
013 * but WITHOUT ANY WARRANTY; without even the implied warranty of
014 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015 * Lesser General Public License for more details.
016 *
017 * For further information about Alkacon Software, please see the
018 * company website: http://www.alkacon.com
019 *
020 * For further information about OpenCms, please see the
021 * project website: http://www.opencms.org
022 *
023 * You should have received a copy of the GNU Lesser General Public
024 * License along with this library; if not, write to the Free Software
025 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
026 */
027
028package org.opencms.ade.detailpage;
029
030import org.opencms.file.CmsObject;
031import org.opencms.file.CmsResource;
032import org.opencms.file.CmsResourceFilter;
033import org.opencms.i18n.CmsMessageContainer;
034import org.opencms.main.CmsException;
035import org.opencms.main.CmsLog;
036import org.opencms.main.CmsResourceInitException;
037import org.opencms.main.I_CmsResourceInit;
038import org.opencms.main.OpenCms;
039import org.opencms.security.CmsPermissionViolationException;
040import org.opencms.security.CmsSecurityException;
041import org.opencms.site.CmsSite;
042import org.opencms.util.CmsFileUtil;
043import org.opencms.util.CmsUUID;
044import org.opencms.workplace.CmsWorkplace;
045
046import javax.servlet.ServletRequest;
047import javax.servlet.http.HttpServletRequest;
048import javax.servlet.http.HttpServletResponse;
049
050import org.apache.commons.logging.Log;
051
052/**
053 * Resource init handler for detail-pages.<p>
054 *
055 * @since 8.0.0
056 */
057public class CmsDetailPageResourceHandler implements I_CmsResourceInit {
058
059    /** The attribute containing the detail content resource. */
060    public static final String ATTR_DETAIL_CONTENT_RESOURCE = "__opencms_detail_content_resource";
061
062    /** The log object for this class. */
063    private static final Log LOG = CmsLog.getLog(CmsDetailPageResourceHandler.class);
064
065    /**
066     * Default constructor.<p>
067     */
068    public CmsDetailPageResourceHandler() {
069
070        // empty
071    }
072
073    /**
074     * Returns the current detail content UUID, or <code>null</code> if this is not a request to a content detail page.<p>
075     *
076     * @param req the current request
077     *
078     * @return the current detail content UUID, or <code>null</code> if this is not a request to a content detail page
079     */
080    public static CmsUUID getDetailId(ServletRequest req) {
081
082        CmsResource res = getDetailResource(req);
083        return res == null ? null : res.getStructureId();
084    }
085
086    /**
087     * Returns the current detail content resource, or <code>null</code> if this is not a request to a content detail page.<p>
088     *
089     * @param req the current request
090     *
091     * @return the current detail content resource, or <code>null</code> if this is not a request to a content detail page
092     */
093    public static CmsResource getDetailResource(ServletRequest req) {
094
095        return (CmsResource)req.getAttribute(ATTR_DETAIL_CONTENT_RESOURCE);
096    }
097
098    /**
099     * @see org.opencms.main.I_CmsResourceInit#initResource(org.opencms.file.CmsResource, org.opencms.file.CmsObject, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
100     */
101    public CmsResource initResource(
102        CmsResource resource,
103        CmsObject cms,
104        HttpServletRequest req,
105        HttpServletResponse res)
106    throws CmsResourceInitException, CmsSecurityException {
107
108        // check if the resource was already found or the path starts with '/system/'
109        boolean abort = (resource != null) || cms.getRequestContext().getUri().startsWith(CmsWorkplace.VFS_PATH_SYSTEM);
110        if (abort) {
111            // skip in all cases above
112            return resource;
113        }
114        String path = cms.getRequestContext().getUri();
115        path = CmsFileUtil.removeTrailingSeparator(path);
116        try {
117            cms.readResource(path, CmsResourceFilter.IGNORE_EXPIRATION);
118        } catch (CmsSecurityException e) {
119            // It may happen that a path is both an existing VFS path and a valid detail page link.
120            // If this is the case, and the user has insufficient permissions to read the resource at the path,
121            // no resource should be displayed, even if the user would have access to the detail page.
122            return null;
123        } catch (CmsException e) {
124            // ignore
125        }
126        String detailName = CmsResource.getName(path);
127        try {
128            CmsUUID detailId = cms.readIdForUrlName(detailName);
129
130            if (detailId != null) {
131                // check existence / permissions
132                CmsResource detailRes = cms.readResource(detailId, CmsResourceFilter.ignoreExpirationOffline(cms));
133                // change OpenCms request URI to detail page
134                CmsResource detailPage = cms.readDefaultFile(CmsResource.getFolderPath(path));
135                if (!isValidDetailPage(cms, detailPage, detailRes)) {
136                    return null;
137                }
138                if (res != null) {
139                    // response will be null if this run through the init handler is only for determining the locale
140                    req.setAttribute(ATTR_DETAIL_CONTENT_RESOURCE, detailRes);
141                    cms.getRequestContext().setDetailResource(detailRes);
142                }
143                // set the resource path
144                cms.getRequestContext().setUri(cms.getSitePath(detailPage));
145                return detailPage;
146            }
147        } catch (CmsPermissionViolationException e) {
148            // trigger the permission denied handler
149            throw e;
150        } catch (CmsResourceInitException e) {
151            throw e;
152        } catch (Throwable e) {
153            String uri = cms.getRequestContext().getUri();
154            CmsMessageContainer msg = Messages.get().container(Messages.ERR_RESCOURCE_NOT_FOUND_1, uri);
155            LOG.error(msg.key(), e);
156            throw new CmsResourceInitException(msg, e);
157        }
158
159        return null;
160    }
161
162    /**
163     * Checks whether the given detail page is valid for the given resource.<p>
164     *
165     * @param cms the CMS context
166     * @param page the detail page
167     * @param detailRes the detail resource
168     *
169     * @return true if the given detail page is valid
170     */
171    protected boolean isValidDetailPage(CmsObject cms, CmsResource page, CmsResource detailRes) {
172
173        if (OpenCms.getSystemInfo().isRestrictDetailContents()) {
174            // in 'restrict detail contents mode', do not allow detail contents from a real site on a detail page of a different real site
175            CmsSite pageSite = OpenCms.getSiteManager().getSiteForRootPath(page.getRootPath());
176            CmsSite detailSite = OpenCms.getSiteManager().getSiteForRootPath(detailRes.getRootPath());
177            if ((pageSite != null)
178                && (detailSite != null)
179                && !pageSite.getSiteRoot().equals(detailSite.getSiteRoot())) {
180                return false;
181            }
182        }
183        return OpenCms.getADEManager().isDetailPage(cms, page);
184    }
185}