Examples with ScriptContext javax.script.ScriptContext used on opensource projects

Example 16 with ScriptContext

use of javax.script.ScriptContext in project xwiki-platform by xwiki.

the class CreateActionRequestHandler method isTemplateProviderAllowedToCreateInCurrentSpace.

/**
 * Verifies if the creation inside the specified spaceReference is allowed by the current template provider. If the
 * creation is not allowed, an exception will be set on the context.
 *
 * @return {@code true} if the creation is allowed, {@code false} otherwise
 */
public boolean isTemplateProviderAllowedToCreateInCurrentSpace() {
    // - Set an error on the context, to be read by the create.vm
    if (templateProvider != null) {
        // Check if the creation restrictions are enforced.
        boolean creationRestrictionsEnforced = templateProvider.getIntValue(TP_CREATION_RESTRICTIONS_ARE_SUGGESTIONS_PROPERTY, 0) == 0;
        // Check using the template provider's creation restrictions, only when they are enforced.
        if (creationRestrictionsEnforced && !isTemplateProviderAllowedInSpace(templateProvider, spaceReference, TP_CREATION_RESTRICTIONS_PROPERTY)) {
            // put an exception on the context, for create.vm to know to display an error
            Object[] args = { templateProvider.getStringValue(TEMPLATE), spaceReference, name };
            XWikiException exception = new XWikiException(XWikiException.MODULE_XWIKI_STORE, XWikiException.ERROR_XWIKI_APP_TEMPLATE_NOT_AVAILABLE, "Template {0} cannot be used in space {1} when creating page {2}", null, args);
            ScriptContext scontext = getCurrentScriptContext();
            scontext.setAttribute(EXCEPTION, exception, ScriptContext.ENGINE_SCOPE);
            scontext.setAttribute("createAllowedSpaces", getTemplateProviderRestrictions(templateProvider, TP_CREATION_RESTRICTIONS_PROPERTY), ScriptContext.ENGINE_SCOPE);
            return false;
        }
    }
    // For all other cases, creation is allowed.
    return true;
}

Example 17 with ScriptContext

use of javax.script.ScriptContext in project xwiki-platform by xwiki.

the class CreateActionRequestHandler method isDocumentAlreadyExisting.

/**
 * @param newDocument the new document to check if it already exists
 * @return true if the document already exists (i.e. is not usable) and set an exception in the velocity context;
 *         false otherwise.
 */
public boolean isDocumentAlreadyExisting(XWikiDocument newDocument) {
    // re-requests the page and space, else create the document and redirect to edit
    if (!isEmptyDocument(newDocument)) {
        ScriptContext scontext = getCurrentScriptContext();
        // Expose to the template reference of the document that already exist so that it can propose to view or
        // edit it.
        scontext.setAttribute("existingDocumentReference", newDocument.getDocumentReference(), ScriptContext.ENGINE_SCOPE);
        // Throw an exception.
        Object[] args = { newDocument.getDocumentReference() };
        XWikiException documentAlreadyExists = new XWikiException(XWikiException.MODULE_XWIKI_STORE, XWikiException.ERROR_XWIKI_APP_DOCUMENT_NOT_EMPTY, "Cannot create document {0} because it already has content", null, args);
        scontext.setAttribute(EXCEPTION, documentAlreadyExists, ScriptContext.ENGINE_SCOPE);
        return true;
    }
    return false;
}

Example 18 with ScriptContext

use of javax.script.ScriptContext in project xwiki-platform by xwiki.

the class DeleteAttachmentAction method action.

@Override
public boolean action(XWikiContext context) throws XWikiException {
    // CSRF prevention
    if (!csrfTokenCheck(context)) {
        return false;
    }
    XWikiRequest request = context.getRequest();
    XWikiResponse response = context.getResponse();
    XWikiDocument doc = context.getDoc();
    XWikiAttachment attachment = null;
    XWiki xwiki = context.getWiki();
    String filename;
    // Delete from the trash
    if (request.getParameter("trashId") != null) {
        long trashId = NumberUtils.toLong(request.getParameter("trashId"));
        DeletedAttachment da = xwiki.getAttachmentRecycleBinStore().getDeletedAttachment(trashId, context, true);
        // don't try to delete it and instead redirect to the attachment list.
        if (da != null) {
            com.xpn.xwiki.api.DeletedAttachment daapi = new com.xpn.xwiki.api.DeletedAttachment(da, context);
            if (!daapi.canDelete()) {
                throw new XWikiException(XWikiException.MODULE_XWIKI_ACCESS, XWikiException.ERROR_XWIKI_ACCESS_DENIED, "You are not allowed to delete an attachment from the trash " + "immediately after it has been deleted from the wiki");
            }
            if (!da.getDocName().equals(doc.getFullName())) {
                throw new XWikiException(XWikiException.MODULE_XWIKI_APP, XWikiException.ERROR_XWIKI_APP_URL_EXCEPTION, "The specified trash entry does not match the current document");
            }
            // TODO: Add a confirmation check
            xwiki.getAttachmentRecycleBinStore().deleteFromRecycleBin(trashId, context, true);
        }
        sendRedirect(response, Utils.getRedirect("attach", context));
        return false;
    }
    if (context.getMode() == XWikiContext.MODE_PORTLET) {
        filename = request.getParameter("filename");
    } else {
        // Note: We use getRequestURI() because the spec says the server doesn't decode it, as
        // we want to use our own decoding.
        String requestUri = request.getRequestURI();
        filename = getFileName();
    }
    XWikiDocument newdoc = doc.clone();
    // An attachment can be indicated either using an id, or using the filename.
    if (request.getParameter("id") != null) {
        int id = NumberUtils.toInt(request.getParameter("id"));
        if (newdoc.getAttachmentList().size() > id) {
            attachment = newdoc.getAttachmentList().get(id);
        }
    } else {
        attachment = newdoc.getAttachment(filename);
    }
    // No such attachment
    if (attachment == null) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        ScriptContext scriptContext = getCurrentScriptContext();
        if (scriptContext != null) {
            scriptContext.setAttribute("message", localizePlainOrKey("core.action.deleteAttachment.failed", filename), ScriptContext.ENGINE_SCOPE);
            scriptContext.setAttribute("details", localizePlainOrKey("platform.core.action.deleteAttachment.noAttachment"), ScriptContext.ENGINE_SCOPE);
        }
        return true;
    }
    newdoc.setAuthorReference(context.getUserReference());
    // Set "deleted attachment" as the version comment.
    String comment;
    if (attachment.isImage(context)) {
        comment = localizePlainOrKey("core.comment.deleteImageComment", filename);
    } else {
        comment = localizePlainOrKey("core.comment.deleteAttachmentComment", filename);
    }
    try {
        newdoc.removeAttachment(attachment);
        xwiki.saveDocument(newdoc, comment, context);
    } catch (Exception ex) {
        response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        ScriptContext scriptContext = getCurrentScriptContext();
        if (scriptContext != null) {
            scriptContext.setAttribute("message", localizePlainOrKey("core.action.deleteAttachment.failed", filename), ScriptContext.ENGINE_SCOPE);
            scriptContext.setAttribute("details", ExceptionUtils.getRootCauseMessage(ex), ScriptContext.ENGINE_SCOPE);
        }
        return true;
    }
    // forward to attach page
    if (!((Boolean) context.get("ajax")).booleanValue()) {
        String redirect = Utils.getRedirect("attach", context);
        sendRedirect(response, redirect);
    }
    return false;
}

Example 19 with ScriptContext

use of javax.script.ScriptContext in project xwiki-platform by xwiki.

the class DefaultVelocityManager method getVelocityContext.

@Override
public VelocityContext getVelocityContext() {
    ScriptVelocityContext velocityContext;
    // Make sure the velocity context support ScriptContext synchronization
    VelocityContext currentVelocityContext = getCurrentVelocityContext();
    if (currentVelocityContext instanceof ScriptVelocityContext) {
        velocityContext = (ScriptVelocityContext) currentVelocityContext;
    } else {
        velocityContext = new ScriptVelocityContext(currentVelocityContext, this.reservedBindings);
        this.execution.getContext().setProperty(VelocityExecutionContextInitializer.VELOCITY_CONTEXT_ID, velocityContext);
    }
    // Synchronize with ScriptContext
    ScriptContext scriptContext = this.scriptContextManager.getScriptContext();
    velocityContext.setScriptContext(scriptContext);
    // Velocity specific bindings
    XWikiContext xcontext = this.xcontextProvider.get();
    // Add the "context" binding which is deprecated since 1.9.1.
    velocityContext.put("context", new DeprecatedContext(xcontext));
    return velocityContext;
}

Example 20 with ScriptContext

use of javax.script.ScriptContext in project xwiki-platform by xwiki.

the class XWikiScriptContextInitializer method initialize.

@Override
public void initialize(ScriptContext scriptContext) {
    XWikiContext xcontext = this.xcontextProvider.get();
    if (scriptContext.getAttribute("util") == null) {
        // Put the Util API in the Script context.
        scriptContext.setAttribute("util", new com.xpn.xwiki.api.Util(xcontext.getWiki(), xcontext), ScriptContext.ENGINE_SCOPE);
        // We put the com.xpn.xwiki.api.XWiki object into the context and not the com.xpn.xwiki.XWiki one which is
        // for internal use only. In this manner we control what the user can access.
        scriptContext.setAttribute("xwiki", new XWiki(xcontext.getWiki(), xcontext), ScriptContext.ENGINE_SCOPE);
        scriptContext.setAttribute("request", xcontext.getRequest(), ScriptContext.ENGINE_SCOPE);
        scriptContext.setAttribute("response", xcontext.getResponse(), ScriptContext.ENGINE_SCOPE);
        // We put the com.xpn.xwiki.api.Context object into the context and not the com.xpn.xwiki.XWikiContext one
        // which is for internal use only. In this manner we control what the user can access.
        // We use "xcontext" because "context" is a reserved binding in JSR-223 specifications
        scriptContext.setAttribute("xcontext", new Context(xcontext), ScriptContext.ENGINE_SCOPE);
    }
    // Current document
    Document docAPI = null;
    XWikiDocument doc = xcontext.getDoc();
    if (doc != null) {
        docAPI = setDocument(scriptContext, "doc", doc, xcontext);
        XWikiDocument tdoc = (XWikiDocument) xcontext.get("tdoc");
        if (tdoc == null) {
            try {
                tdoc = doc.getTranslatedDocument(xcontext);
            } catch (XWikiException e) {
                this.logger.warn("Failed to retrieve the translated document for [{}]. " + "Continue using the default translation.", doc.getDocumentReference(), e);
                tdoc = doc;
            }
        }
        Document tdocAPI = setDocument(scriptContext, "tdoc", tdoc, xcontext);
        XWikiDocument cdoc = (XWikiDocument) xcontext.get("cdoc");
        if (cdoc == null) {
            Document cdocAPI = tdocAPI;
            if (cdocAPI == null) {
                cdocAPI = docAPI;
            }
            scriptContext.setAttribute("cdoc", cdocAPI, ScriptContext.ENGINE_SCOPE);
        } else {
            setDocument(scriptContext, "cdoc", cdoc, xcontext);
        }
    }
    // Current secure document
    XWikiDocument sdoc = (XWikiDocument) xcontext.get("sdoc");
    if (sdoc == null) {
        scriptContext.setAttribute("sdoc", docAPI, ScriptContext.ENGINE_SCOPE);
    } else {
        setDocument(scriptContext, "sdoc", sdoc, xcontext);
    }
    // Miscellaneous
    scriptContext.setAttribute("locale", xcontext.getLocale(), ScriptContext.ENGINE_SCOPE);
}