File not found!"; public void init(ServletContext context) { } protected boolean objectExists(Table table, int objectId, UserWebImpl userWeb) throws Exception { QueryRequestImpl query = QueryEngine.getInstance().createRequest(userWeb.getSession()); query.setMainTable(table.getId()); query.addSelection(table.getPrimaryKey().getId()); Expression expr = new Expression(); expr.setColumnLink(table.getName() + "." + table.getPrimaryKey().getName()); expr.setCondition("=" + objectId); expr.setDescription("(" + table + ".ID=" + objectId + ")"); query.addParam(expr); QueryResult result = QueryEngine.getInstance().doQuery(query); log.debug(query.toSQL()); return result.getTotalRowCount() > 0; } protected boolean hasExtendReadPermission(Table table, int objectId, UserWebImpl userWeb) throws Exception { QueryEngine engine = QueryEngine.getInstance(); String col = (String)table.getJSONProp("user_read_column"); if(Validator.isNotNull(col)) { Column cnt = table.getColumn(col); if(cnt != null) { if(cnt.getReferenceTable() != null && cnt.getReferenceTable().getName().equals("USERS")) { int props1 = QueryEngine.getInstance().doQueryInt("select " + cnt.getName() + " from " + table.getName() + " " + table.getRealTableName() + " where id=?", new Object[]{Integer.valueOf(objectId)}); if(props1 == userWeb.getUserId()) { return true; } } else { Properties props = cnt.getProperties(); if(props != null && cnt.getDisplaySetting().getObjectType() == 12) { String tbName = props.getProperty("table"); if("USERS".equalsIgnoreCase(tbName)) { Table userTable = TableManager.getInstance().getTable("users"); Object obj = engine.doQueryOne("select " + cnt.getName() + " from " + table.getName() + " " + table.getRealTableName() + " where id=?", new Object[]{Integer.valueOf(objectId)}); if(obj != null) { String value; if(obj instanceof Clob) { value = ((Clob)obj).getSubString(1L, (int)((Clob)obj).length()); } else { if(!(obj instanceof String)) { throw new NDSException("Unsupported value for user read checking:" + table + "." + cnt + " of record id=" + objectId); } value = (String)obj; } QueryRequestImpl query = engine.createRequest(userWeb.getSession()); query.setMainTable(userTable.getId()); query.addSelection(userTable.getPrimaryKey().getId()); Expression expr = new Expression(new ColumnLink(new int[]{userTable.getPrimaryKey().getId()}), "=" + userWeb.getUserId(), (String)null); Filter fo = Filter.parse(value); expr = expr.combine(fo.getExprObject(), 1); query.addParam(expr); Object params = null; int cnt1 = engine.doQueryInt(query.toCountSQL(), (Object[])params); return cnt1 == 1; } return true; } } } } } int cnt2 = engine.doQueryInt("select count(*) from au_process where ad_table_id=? ", new Object[]{Integer.valueOf(table.getId())}); if(cnt2 > 0) { cnt2 = engine.doQueryInt("select count(*) from au_pi_user u, au_phaseinstance pi where u.ad_user_id=? and pi.ad_table_id=? and pi.record_id=? and u.au_pi_id=pi.id and rownum<2", new Object[]{Integer.valueOf(userWeb.getUserId()), Integer.valueOf(table.getId()), Integer.valueOf(objectId)}); if(cnt2 > 0) { return true; } } return false; } public static void writeFile(String fileName, String extension, int contentLength, InputStream is, HttpServletRequest request, HttpServletResponse response) throws Exception { String ct = Tools.getContentType(extension, "application/octetstream"); response.setContentType(ct + "; charset=GBK"); response.setContentLength(contentLength); response.setHeader("Content-Disposition", "inline;" + WebUtils.getContentDispositionFileName(fileName, request)); ServletOutputStream os = response.getOutputStream(); byte[] b = new byte[8192]; int bInt; while((bInt = is.read(b, 0, b.length)) != -1) { os.write(b, 0, bInt); } os.flush(); os.close(); } public void writeFileWithMoreContentType(HttpServletRequest request, HttpServletResponse response, File file, String ... fileNames) throws Exception { FileDownload fileDownload = new FileDownload(); fileDownload.processRequest(request, response, true, file, fileNames); } protected void countDownloadTimes(UserWebImpl userWeb, Column column, int objectId) { try { TableManager tx = TableManager.getInstance(); Table cdt = tx.getTable("u_attach_cnt"); if(cdt != null) { int cnt = QueryEngine.getInstance().executeUpdate("update u_attach_cnt set cnt=nvl(cnt,0)+1 where table_id=? and column_id=? and record_id=?", new Object[]{Integer.valueOf(column.getTable().getId()), Integer.valueOf(column.getId()), Integer.valueOf(objectId)}); if(cnt == 0) { QueryEngine.getInstance().executeUpdate("insert into u_attach_cnt(id,table_id,column_id,record_id,cnt) values (get_sequences(\'u_attach_cnt\'),?,?,?,1)", new Object[]{Integer.valueOf(column.getTable().getId()), Integer.valueOf(column.getId()), Integer.valueOf(objectId)}); } } } catch (Throwable var7) { log.error("fail to count download times:", var7); } } private boolean shouldCheckColumnPermission(Column col) throws Exception { return col.getJSONProps() == null || !col.getJSONProps().optBoolean("skip_permission_check", false); } public void process(HttpServletRequest request, HttpServletResponse response) throws Exception { UserWebImpl userWeb = null; userWeb = (UserWebImpl)WebUtils.getSessionContextManager(request.getSession(true)).getActor("nea.web.authorization"); String schema = ParamUtils.getAttributeOrParameter(request, "schemaName"); if(Validator.isNull(schema)) { schema = ParamUtils.getAttributeOrParameter(request, "schema"); } if(schema != null) { if(ConfigValues.get("portal.attach.lowercase", false)) { schema = schema.toLowerCase(); } userWeb.setDataSource(schema); } TableManager tableManager = TableManager.getInstance(); int tableId = ParamUtils.getIntAttributeOrParameter(request, "table", -1); int columnId = ParamUtils.getIntAttributeOrParameter(request, "column", -1); int objectId = ParamUtils.getIntAttributeOrParameter(request, "objectid", -1); int version = ParamUtils.getIntAttributeOrParameter(request, "version", -1); String size = request.getParameter("s"); if(tableId == -1) { throw new IllegalArgumentException("object type not set"); } else { Table table = tableManager.getTable(tableId); Column col = tableManager.getColumn(columnId); long time = Tools.getLong(request.getParameter("t"), -1L); AttachmentManager writer; String is; File destSize; File attDir; File destFile1; if(time > 0L) { if(this.shouldCheckColumnPermission(col) && (userWeb.getPermission(table.getSecurityDirectory()) & 1) != 1) { throw new NDSException("@no-permission@"); } writer = (AttachmentManager)WebUtils.getServletContextManager().getActor("nea.web.AttachmentManager"); String att = writer.getTimeFolderParent(userWeb, table, col, time); Attachment writer1 = writer.getAttachmentInfo(att, String.valueOf(time), version); if(writer1 != null) { this.countDownloadTimes(userWeb, col, objectId); int fileName = (int)writer1.getSize(); is = writer1.getOrigFileName(); Object file = null; destSize = writer.getAttachmentFile(writer1); if(col.getDisplaySetting().getObjectType() == 9 && Validator.isNotNull(size)) { destFile1 = new File(destSize.getParent() + File.separator + size + "_" + destSize.getName()); if(!destFile1.exists()) { file = writer.getAttachmentData(writer1); } else { file = new FileInputStream(destFile1); fileName = (int)destFile1.length(); } writeFile(is, writer1.getExtension(), fileName, (InputStream)file, request, response); } else { String destFile = ""; if(Validator.isNotNull(size)) { destFile = destSize.getParent() + File.separator + size + "_" + is; } else { destFile = destSize.getParent() + File.separator + is; } File downloadFileName = new File(destFile); if(!downloadFileName.exists()) { attDir = writer.findAttachmentDir(writer1); downloadFileName = writer.findFile(attDir, writer1); } this.writeFileWithMoreContentType(request, response, downloadFileName, new String[]{is}); } if(null != file) { ((InputStream)file).close(); } } else { PrintWriter fileName1 = response.getWriter(); fileName1.print("
File not found!"); fileName1.close(); } } else if(objectId != -1) { if(this.shouldCheckColumnPermission(col)) { boolean writer2 = this.objectExists(table, objectId, userWeb); if(writer2) { if(!userWeb.hasObjectPermission(table.getName(), objectId, 1) && !this.hasExtendReadPermission(table, objectId, userWeb)) { throw new NDSException("@no-permission@"); } } else if((userWeb.getPermission(table.getSecurityDirectory()) & 1) != 1) { throw new NDSException("@no-permission@"); } } this.countDownloadTimes(userWeb, col, objectId); writer = (AttachmentManager)WebUtils.getServletContextManager().getActor("nea.web.AttachmentManager"); Attachment att1 = writer.getAttachmentInfo(userWeb.getClientDomain() + "/" + AttachmentManager.getSchemaPath(userWeb.getDataSource()) + table.getRealTableName() + "/" + col.getName(), objectId + "", version); if(att1 != null) { if(Boolean.TRUE.equals(col.getJSONProp("swf")) && "pdf".equalsIgnoreCase(att1.getExtension())) { String writer6 = writer.getAttachmentFile(att1).getAbsolutePath(); File fileName3 = new File(writer.getAttachmentFile(att1).getAbsolutePath() + ".swf"); if(!fileName3.exists()) { CommandExecuter is2 = new CommandExecuter(fileName3.getAbsolutePath() + ".log"); String file2 = ConfigValues.get("program.swf", ConfigValues.get("dir.nea.root") + "/bin/pdf2swf"); if(SystemUtils.IS_OS_WINDOWS) { is2.run(file2 + " -f -G -t -T 9 \"" + writer6 + "\" -o \"" + writer6 + ".swf\""); } else { is2.run(file2 + " -f -G -t -T 9 " + writer6 + " -o " + writer6 + ".swf"); } } is = "/servlets/binserv/SWF?" + request.getQueryString(); response.sendRedirect("/nea/core/object/swfviewer.jsp?swf=" + URLEncoder.encode(is, "UTF-8")); } else { int writer5 = (int)att1.getSize(); String fileName2 = att1.getOrigFileName(); Object is1 = null; File file1 = writer.getAttachmentFile(att1); if(col.getDisplaySetting().getObjectType() == 9 && Validator.isNotNull(size)) { destSize = new File(file1.getParent() + File.separator + size + "_" + file1.getName()); if(!destSize.exists()) { is1 = writer.getAttachmentData(att1); } else { is1 = new FileInputStream(destSize); writer5 = (int)destSize.length(); } writeFile(fileName2, att1.getExtension(), writer5, (InputStream)is1, request, response); } else { String destSize1 = ""; if(Validator.isNotNull(size)) { destSize1 = file1.getParent() + File.separator + size + "_" + fileName2; } else { destSize1 = file1.getParent() + File.separator + fileName2; } destFile1 = new File(destSize1); String downloadFileName1 = destFile1.getName(); if(!destFile1.exists()) { attDir = writer.findAttachmentDir(att1); destFile1 = writer.findFile(attDir, att1); } this.writeFileWithMoreContentType(request, response, destFile1, new String[]{downloadFileName1}); } if(is1 != null) { ((InputStream)is1).close(); } } return; } PrintWriter writer4 = response.getWriter(); writer4.print("
File not found!"); writer4.close(); } else { PrintWriter writer3 = response.getWriter(); writer3.print("
File not found!"); writer3.close(); } } } private File findNewFile(String newTime, String fileName, Table table, Column col, UserWebImpl user) throws Exception { Calendar time = Calendar.getInstance(); time.setTimeInMillis(Tools.getLong(newTime, -1L)); int year = time.get(1); int month = time.get(2) + 1; Configurations conf = (Configurations)WebUtils.getServletContextManager().getActor("nea.configs"); String folder = conf.getProperty("upload.root", "/upload"); folder = folder + "/" + user.getClientDomain() + "/" + table.getRealTableName() + "/" + col.getName() + "/" + year + "/" + month; String codedFileName = newTime + "_" + Base64.encode(fileName.getBytes()) + "." + getFileExtension(fileName); File file = new File(folder, codedFileName); return file; } public static String getFileExtension(String filename) { String fileExt = null; int dot = filename.lastIndexOf(46); if(dot >= 0 && dot < filename.length() - 1) { fileExt = filename.substring(dot + 1); } return fileExt; } }