package fm.action;
import java.io.File;
import java.util.Vector;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.sql.DataSource;
import org.apache.struts.action.Action;
import org.apache.struts.action.ActionForm;
import org.apache.struts.action.ActionForward;
import org.apache.struts.action.ActionMapping;
import org.apache.struts.action.ActionMessage;
import org.apache.struts.action.ActionMessages;
import fm.Constants;
import fm.DB;
import fm.User;
import fm.UserFile;
public final class CheckPowerAction extends Action {
public ActionForward execute(ActionMapping mapping, ActionForm form,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
String functiontype = request.getParameter("functiontype");
System.out.println("functiontype==="+functiontype);
String pageForward = "ToErrorPage";
ActionMessages errors = new ActionMessages();
ServletContext context = servlet.getServletContext();
DataSource dataSource = (DataSource) context.getAttribute(Constants.DATASOURCE_KEY);
DB db = new DB(dataSource);
HttpSession session = request.getSession();
User loginuser = (User) session.getAttribute(Constants.LOGIN_USER_KEY);
if (functiontype.equals("newuser")) {
if (loginuser.getGrade().equals("admin")) {
pageForward = "ToNewUser";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.newuser.notadmin"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
} else if (functiontype.equals("deleteuser")) {
if (loginuser.getGrade().equals("admin")) {
String id = request.getParameter("id");
Vector userVector = new Vector();
String sysroot = servlet.getServletContext().getInitParameter("sysroot");
User curUser = User.search(db, id);
String curUserFolder = sysroot + "/" + curUser.getUsername();
if (curUser.delete(db, id)) {
new UserFile().deleteFile(new File(curUserFolder));
userVector = User.searchUsers(db);
session.setAttribute(Constants.USER_LIST_KEY, userVector);
pageForward = "ToUserList";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE,
new ActionMessage("error.user.delete.failed"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.deleteuser.notadmin"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
} else if (functiontype.equals("modifyuser")) {
if (loginuser.getGrade().equals("admin")) {
String id = request.getParameter("id");
User curUser = User.search(db, id);
session.setAttribute(Constants.CUR_USER_KEY, curUser);
pageForward = "ToModifyUser";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.modifyuser.notadmin"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
} else if (functiontype.equals("managerfiles")) {
String id = request.getParameter("id");
User curUser = User.search(db, id);
// 如果是管理员或者拥有者,可直接进去。或者当前目录为公有目录时。
if (loginuser.getGrade().equals("admin")
|| loginuser.getId() == Integer.parseInt(id)
|| curUser.getIfpublic() == 1) {
session.setAttribute(Constants.CUR_USER_KEY, curUser);
Vector fileVector = new UserFile().searchUserFiles(db, id);
request.setAttribute("userId", id);
session.setAttribute(Constants.FILE_LIST_KEY, fileVector);
pageForward = "ToFileList";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.managerfiles.forbidden"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
request.setAttribute("userName", curUser.getUsername());
} else if (functiontype.equals("deletefile")) {
User curUser = (User) session.getAttribute(Constants.CUR_USER_KEY);
String fileId=String.valueOf(request.getParameter("fileId"));
String userId=String.valueOf(request.getParameter("userId"));
UserFile file=new UserFile();
UserFile file2= file.searchUserFileByFileId(db, fileId);
User user=new User();
String userName=user.search(db, userId).getUsername();
String filename = file2.getFilename();//(String) request.getParameter("filename");
String location1 =file2.getLocation();// (String) request.getParameter("location");
//String servletContext = servlet.getServletContext().getRealPath("/");
String location = servlet.getServletContext().getRealPath("/")+"/" + location1;
System.out.println("delete method location=="+location);
// 只有本人或者管理员才能删除文件
if (curUser.getId() == loginuser.getId()
|| loginuser.getGrade().equals("admin")) {
Vector fileVector = new Vector();
UserFile userFile = new UserFile();
// 删除数据库中的记录及物理文件
if (userFile.delete(db, curUser.getId(), filename)) {
userFile.deleteFile(new File(location));
fileVector = new UserFile().searchUserFiles(db,new Integer(curUser.getId()).toString());
session.setAttribute(Constants.FILE_LIST_KEY, fileVector);
pageForward = "ToFileList";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE,
new ActionMessage("error.userfile.delete.failed"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.deletefile.forbidden"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
request.setAttribute("userId", userId);
request.setAttribute("userName", userName);
} else if (functiontype.equals("uploadfile")) {
User curUser = (User) session.getAttribute(Constants.CUR_USER_KEY);
// 如果是拥有者,或者当前目录允许上传文件时。
if (curUser.getId() == loginuser.getId() || curUser.getCanupload() == 1) {
pageForward = "ToUploadFile";
} else {
errors.add(ActionMessages.GLOBAL_MESSAGE, new ActionMessage(
"error.power.managerfiles.forbidden"));
if (!errors.isEmpty()) {
saveErrors(request, errors);
}
pageForward = "ToErrorPage";
}
}
db.close();
return (mapping.findForward(pageForward));
}
}
- 1
- 2
- 3
前往页