moumiKnu/src_bak/kr/co/kihyun/beans/totsys/doc/HttpDocDeleter.java

/*************************************************************************************************
 * 프로그램명 : HttpDocDeleter.java 프로그램설명 : 집계 문서 삭제 파라미터 작성자 : 작성일 : 2004-12-22 변경일 :
 **************************************************************************************************/

package kr.co.kihyun.beans.totsys.doc;

import java.io.IOException;
import java.io.PrintWriter;

import javax.jdo.PersistenceManager;
import javax.jdo.Transaction;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import kr.co.kihyun.beans.entity.TotDoc;
import kr.co.kihyun.beans.entity.util.*;
import kr.co.kihyun.beans.user.HttpSSOLogin;
import kr.co.kihyun.lang.Encoder;
import kr.co.kihyun.moumi.MoumiConfig;
import kr.co.kihyun.text.html.ServletUtil;
import kr.co.kihyun.lang.MLong;
import kr.co.kihyun.lang.MString;
import kr.co.kihyun.lang.MInteger;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@WebServlet("/servlet/kr.co.kihyun.beans.totsys.doc.HttpDocDeleter")
public class HttpDocDeleter extends HttpServlet {

	/**
	 *
	 */
	private static final long serialVersionUID = 1L;
	private static final Logger LOG = LoggerFactory.getLogger(HttpDocDeleter.class);

	public void doPost(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException {
		res.setContentType("text/html;charset=UTF-8");
		PrintWriter out = res.getWriter();
		req.getSession(true);

		/*********** User HttpLogin check ***********/
		if (!HttpSSOLogin.isLogin(req)) {
			// login 성공후 되돌아올 주소
			String connURL = "location='/totsys/login/login.jsp';";
			out.println(ServletUtil.getJavaScript(connURL));
			return;
		}
		String usID = HttpSSOLogin.getLoginID(req);
		int sysAuth = HttpSSOLogin.getSysAuth(req);

		String docID = Encoder.toJava(req.getParameter("docID"));
		String userID = Encoder.toJava(req.getParameter("userID"));
		String url = Encoder.toJava(req.getParameter("url"));
		String findOption = Encoder.toJava(MString.checkNull(req.getParameter("findOption")));
		String findWord = Encoder.toJava(MString.checkNull(req.getParameter("findWord")));
		int accAuth = MInteger.parseInt(req.getParameter("accAuth"));

		PersistenceManager pm = new MPersistenceManager(PMF.get().getPersistenceManager());
		Transaction tx = pm.currentTransaction();
		TotDoc totDoc = null;
		String[] docIDList = null;
		docIDList = docID.split(",");

		try {
			tx.begin();
			for (int i = 0; i < docIDList.length; i++) {
				totDoc = pm.getObjectById(TotDoc.class, MLong.parseLong(docIDList[i]));
				if (sysAuth > MoumiConfig.TOTPER) {
					totDoc.setDeleted("Y");
					if (totDoc.getMasterTotDoc() != null)
						totDoc.setMasterTotDoc(null);
				} else {
					if (userID.equals(totDoc.getUser(pm).getId())) {
						totDoc.setDeleted("Y");
						if (totDoc.getMasterTotDoc() != null)
							totDoc.setMasterTotDoc(null);
					}
				}
				pm.makePersistent(totDoc);
			}
			tx.commit();
			LOG.info(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.formDoc") + MoumiConfig.getMessageBundle().getString("moumi.message.tot_report.delete") + MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.success") +" {}, {}, {}",
			new Object[] { usID, req.getRemoteAddr(), docID });
			if ("form".equals(url)) {
				out.println(ServletUtil
						.getJavaScript("document.location='/totsys/totper/mydocbox/formbox/doc_list.jsp?docID=" + docID
								+ "';"));
			} else if ("reuseform".equals(url)) {
				out.println(ServletUtil
						.getJavaScript("document.location='/totsys/totper/mydocbox/regbox/popup_form_list.jsp?findOption="
								+ findOption + "&findWord=" + findWord + "&accAuth=" + accAuth + "';"));
			}
		} catch (Exception e) {
			e.printStackTrace();
			LOG.error(MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.formDoc") + MoumiConfig.getMessageBundle().getString("moumi.message.tot_report.delete") + MoumiConfig.getMessageBundle().getString("moumi.message.tot_doc.fail") +" {}, {}, {}",
					new Object[] { usID, req.getRemoteAddr(), docID });
			out.println(ServletUtil.alert(MoumiConfig.getMessageBundle().getString("moumi.message.popup.deleteAuth")));
			if ("form".equals(url)) {
				out.println(ServletUtil
						.getJavaScript("document.location='/totsys/totper/mydocbox/formbox/doc_list.jsp?docID=" + docID
								+ "';"));
			} else if ("reuseform".equals(url)) {
                                //v2. 9.크로스사이트 스크립트 (PrintWrier) : Update by KWON,HAN
//				out.println(ServletUtil
//						.getJavaScript("document.location='/totsys/totper/mydocbox/regbox/popup_form_list.jsp?findOption="
//								+ findOption + "&findWord=" + findWord + "&accAuth=" + accAuth + "';"));

                                // 수정 : 외부 입력값 필터링
                                String callbackFunc = "document.location='/totsys/totper/mydocbox/regbox/popup_form_list.jsp?findOption="
								+ findOption + "&findWord=" + findWord + "&accAuth=" + accAuth + "';";
                                String filtered_callbackFunc = callbackFunc.replaceAll("<","").replaceAll(">","").replaceAll(",","");
                                LOG.debug("v2 9.크로스사이트 스크립트 (PrintWrier) : HttpDocDeleter.doPost() filtered_callbackFunc={}, Not Test", filtered_callbackFunc);
				out.println(ServletUtil.getJavaScript(filtered_callbackFunc));
                                //============================================================
			}
		} finally {
			if (tx.isActive())
				tx.rollback();
			pm.close();
		}
	}
}