Index: lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/AuthoringController.java
===================================================================
diff -u -r0ac951a5cbd9d468de8081247c169a6f92123126 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/AuthoringController.java (.../AuthoringController.java) (revision 0ac951a5cbd9d468de8081247c169a6f92123126)
+++ lams_tool_mindmap/src/java/org/lamsfoundation/lams/tool/mindmap/web/controller/AuthoringController.java (.../AuthoringController.java) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -51,6 +51,7 @@
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import com.fasterxml.jackson.databind.node.JsonNodeFactory;
@@ -83,10 +84,7 @@
@RequestMapping("/authoring")
public String unspecified(@ModelAttribute AuthoringForm authoringForm, HttpServletRequest request,
HttpServletResponse response) {
-
- // Extract toolContentID from parameters.
- Long toolContentID = new Long(WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID));
- String contentFolderID = WebUtil.readStrParam(request, AttributeNames.PARAM_CONTENT_FOLDER_ID);
+ Long toolContentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
ToolAccessMode mode = WebUtil.readToolAccessModeAuthorDefaulted(request);
// retrieving Mindmap with given toolContentID
@@ -109,16 +107,34 @@
mindmapService.saveMindmapNode(null, rootMindmapNode, 3l, childNodeName2, "#ffffff", null, mindmap, null);
}
- if (mode.isTeacher()) {
- // Set the defineLater flag so that learners cannot use content
- // while we are editing. This flag is released when updateContent is called.
- mindmap.setDefineLater(true);
- mindmapService.saveOrUpdateMindmap(mindmap);
+ return readDatabaseData(authoringForm, mindmap, request, mode);
+ }
+
+ /**
+ * Set the defineLater flag so that learners cannot use content while we are editing. This flag is released when
+ * updateContent is called.
+ */
+ @RequestMapping(path = "/definelater", method = RequestMethod.POST)
+ public String definelater(@ModelAttribute AuthoringForm authoringForm, HttpServletRequest request) {
+ Long toolContentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
+ Mindmap mindmap = mindmapService.getMindmapByContentId(toolContentID);
+ mindmap.setDefineLater(true);
+ mindmapService.saveOrUpdateMindmap(mindmap);
- //audit log the teacher has started editing activity in monitor
- mindmapService.auditLogStartEditingActivityInMonitor(toolContentID);
- }
+ //audit log the teacher has started editing activity in monitor
+ mindmapService.auditLogStartEditingActivityInMonitor(toolContentID);
+ return readDatabaseData(authoringForm, mindmap, request, ToolAccessMode.TEACHER);
+ }
+
+ /**
+ * Common method for "unspecified" and "defineLater"
+ */
+ private String readDatabaseData(AuthoringForm authoringForm, Mindmap mindmap, HttpServletRequest request,
+ ToolAccessMode mode) {
+ Long toolContentID = WebUtil.readLongParam(request, AttributeNames.PARAM_TOOL_CONTENT_ID);
+ String contentFolderID = WebUtil.readStrParam(request, AttributeNames.PARAM_CONTENT_FOLDER_ID);
+
/* Mindmap Attributes */
request.setAttribute("mindmapId", mindmap.getUid());
Index: lams_tool_mindmap/web/pages/monitoring/editActivity.jsp
===================================================================
diff -u -r30051fffcb1145cc1b8344135570c8266689e2fd -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_mindmap/web/pages/monitoring/editActivity.jsp (.../editActivity.jsp) (revision 30051fffcb1145cc1b8344135570c8266689e2fd)
+++ lams_tool_mindmap/web/pages/monitoring/editActivity.jsp (.../editActivity.jsp) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -29,14 +29,14 @@
-
-
-
-
-
+
-
+
Index: lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbAuthoringController.java
===================================================================
diff -u -rb3b03858efeef1c37e36993757f56374a9f2b9f3 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbAuthoringController.java (.../NbAuthoringController.java) (revision b3b03858efeef1c37e36993757f56374a9f2b9f3)
+++ lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbAuthoringController.java (.../NbAuthoringController.java) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -96,7 +96,31 @@
@RequestMapping("/authoring")
public String unspecified(@ModelAttribute NbAuthoringForm nbAuthoringForm, HttpServletRequest request,
HttpServletResponse response) {
+ ToolAccessMode mode = WebUtil.readToolAccessModeAuthorDefaulted(request);
+ return readDatabaseData(nbAuthoringForm, request, mode);
+ }
+
+ /**
+ * Set the defineLater flag so that learners cannot use content while we are editing. This flag is released when
+ * updateContent is called.
+ */
+ @RequestMapping(path = "/definelater", method = RequestMethod.POST)
+ public String definelater(@ModelAttribute NbAuthoringForm nbAuthoringForm, HttpServletRequest request) {
+ Long contentId = WebUtil.readLongParam(request, NoticeboardConstants.TOOL_CONTENT_ID);
+ NoticeboardContent nb = nbService.retrieveNoticeboard(contentId);
+ nb.setDefineLater(true);
+ nbService.saveNoticeboard(nb);
+ // audit log the teacher has started editing activity in monitor
+ nbService.auditLogStartEditingActivityInMonitor(contentId);
+
+ return readDatabaseData(nbAuthoringForm, request, ToolAccessMode.TEACHER);
+ }
+
+ /**
+ * Common method for "unspecified" and "defineLater"
+ */
+ private String readDatabaseData(NbAuthoringForm nbAuthoringForm, HttpServletRequest request, ToolAccessMode mode) {
Long contentId = WebUtil.readLongParam(request, NoticeboardConstants.TOOL_CONTENT_ID);
String contentFolderId = WebUtil.readStrParam(request, NoticeboardConstants.CONTENT_FOLDER_ID);
@@ -147,14 +171,8 @@
boolean isDefineLater = Boolean.parseBoolean(nbAuthoringForm.getDefineLater());
nb.setDefineLater(isDefineLater);
nbService.saveNoticeboard(nb);
-
- if (isDefineLater) {
- request.setAttribute(AttributeNames.ATTR_MODE, ToolAccessMode.TEACHER.toString());
-
- // audit log the teacher has started editing activity in monitor
- nbService.auditLogStartEditingActivityInMonitor(contentId);
- }
}
+ request.setAttribute(AttributeNames.ATTR_MODE, mode);
request.setAttribute(FORM, nbAuthoringForm);
Index: lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbMonitoringController.java
===================================================================
diff -u -rb3b03858efeef1c37e36993757f56374a9f2b9f3 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbMonitoringController.java (.../NbMonitoringController.java) (revision b3b03858efeef1c37e36993757f56374a9f2b9f3)
+++ lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/controller/NbMonitoringController.java (.../NbMonitoringController.java) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -43,7 +43,7 @@
import org.lamsfoundation.lams.tool.noticeboard.service.INoticeboardService;
import org.lamsfoundation.lams.tool.noticeboard.util.NbApplicationException;
import org.lamsfoundation.lams.tool.noticeboard.util.NbWebUtil;
-import org.lamsfoundation.lams.tool.noticeboard.web.form.NbMonitoringForm;
+import org.lamsfoundation.lams.tool.noticeboard.web.form.MonitoringDTO;
import org.lamsfoundation.lams.util.WebUtil;
import org.lamsfoundation.lams.web.util.AttributeNames;
import org.springframework.beans.factory.annotation.Autowired;
@@ -65,11 +65,10 @@
@Autowired
private INoticeboardService nbService;
- public final static String FORM = "NbMonitoringForm";
+ public final static String FORM = "MonitoringDTO";
@RequestMapping("/monitoring")
- public String unspecified(@ModelAttribute NbMonitoringForm nbMonitoringForm, HttpServletRequest request) {
-
+ public String unspecified(HttpServletRequest request) {
Long toolContentId = NbWebUtil.convertToLong(request.getParameter(NoticeboardConstants.TOOL_CONTENT_ID));
String contentFolderID = WebUtil.readStrParam(request, NoticeboardConstants.CONTENT_FOLDER_ID);
@@ -81,14 +80,16 @@
NoticeboardContent content = nbService.retrieveNoticeboard(toolContentId);
- nbMonitoringForm.setTitle(content.getTitle());
- nbMonitoringForm.setBasicContent(content.getContent());
+ MonitoringDTO monitoringDTO = new MonitoringDTO();
+ request.setAttribute("monitoringDTO", monitoringDTO);
+ monitoringDTO.setTitle(content.getTitle());
+ monitoringDTO.setBasicContent(content.getContent());
request.setAttribute(NoticeboardConstants.TOOL_CONTENT_ID, toolContentId);
request.setAttribute(NoticeboardConstants.CONTENT_FOLDER_ID, contentFolderID);
//Get the total number of learners that have participated in this tool activity
- nbMonitoringForm.setTotalLearners(nbService.calculateTotalNumberOfUsers(toolContentId));
+ monitoringDTO.setTotalLearners(nbService.calculateTotalNumberOfUsers(toolContentId));
Set sessions = content.getNbSessions();
Iterator i = sessions.iterator();
@@ -118,8 +119,8 @@
}
}
}
- nbMonitoringForm.setGroupStatsMap(numUsersMap);
- nbMonitoringForm.setSessionIdMap(sessionIdMap);
+ monitoringDTO.setGroupStatsMap(numUsersMap);
+ monitoringDTO.setSessionIdMap(sessionIdMap);
boolean isGroupedActivity = nbService.isGroupedActivity(toolContentId);
request.setAttribute("isGroupedActivity", isGroupedActivity);
@@ -132,13 +133,13 @@
request.setAttribute("allowComments", content.isAllowComments());
String currentTab = WebUtil.readStrParam(request, AttributeNames.PARAM_CURRENT_TAB, true);
- nbMonitoringForm.setCurrentTab(currentTab != null ? currentTab : "1");
- request.setAttribute(FORM, nbMonitoringForm);
+ monitoringDTO.setCurrentTab(currentTab != null ? currentTab : "1");
+
return "/monitoring/monitoring";
}
@RequestMapping("/viewReflection")
- public String viewReflection(@ModelAttribute NbMonitoringForm nbMonitoringForm, HttpServletRequest request) {
+ public String viewReflection(HttpServletRequest request) {
Long userId = NbWebUtil.convertToLong(request.getParameter(NoticeboardConstants.USER_ID));
Long toolSessionId = NbWebUtil.convertToLong(request.getParameter(NoticeboardConstants.TOOL_SESSION_ID));
NoticeboardUser nbUser = nbService.retrieveNoticeboardUser(userId, toolSessionId);
@@ -153,8 +154,7 @@
}
@RequestMapping("/viewComments")
- public String viewComments(@ModelAttribute NbMonitoringForm nbMonitoringForm, HttpServletRequest request) {
-
+ public String viewComments(HttpServletRequest request) {
Long toolSessionID = WebUtil.readLongParam(request, NoticeboardConstants.TOOL_SESSION_ID, false);
NoticeboardContent nbContent = nbService.retrieveNoticeboardBySessionID(toolSessionID);
Index: lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/form/MonitoringDTO.java
===================================================================
diff -u
--- lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/form/MonitoringDTO.java (revision 0)
+++ lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/form/MonitoringDTO.java (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -0,0 +1,107 @@
+/****************************************************************
+ * Copyright (C) 2005 LAMS Foundation (http://lamsfoundation.org)
+ * =============================================================
+ * License Information: http://lamsfoundation.org/licensing/lams/2.0/
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2.0
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
+ * USA
+ *
+ * http://www.gnu.org/licenses/gpl.txt
+ * ****************************************************************
+ */
+
+package org.lamsfoundation.lams.tool.noticeboard.web.form;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.log4j.Logger;
+
+/**
+ * @author mtruong
+ */
+public class MonitoringDTO {
+ private String toolContentID;
+ private String currentTab;
+ /* Only valid when form just set up by Java. Values are not returned from jsp page */
+ private String title;
+ private String basicContent;
+ private Integer totalLearners;
+ private Map groupStatsMap;
+ private Map sessionIdMap;
+
+ /**
+ * @return Returns the toolContentId.
+ */
+ public String getToolContentID() {
+ return toolContentID;
+ }
+
+ /**
+ * @param toolContentId
+ * The toolContentId to set.
+ */
+ public void setToolContentID(String toolContentId) {
+ this.toolContentID = toolContentId;
+ }
+
+ public String getCurrentTab() {
+ return currentTab;
+ }
+
+ public void setCurrentTab(String currentTab) {
+ this.currentTab = currentTab;
+ }
+
+ public String getBasicContent() {
+ return basicContent;
+ }
+
+ public String getTitle() {
+ return title;
+ }
+
+ public void setBasicContent(String basicContent) {
+ this.basicContent = basicContent;
+ }
+
+ public void setTitle(String title) {
+ this.title = title;
+ }
+
+ public Map getGroupStatsMap() {
+ return groupStatsMap;
+ }
+
+ public void setGroupStatsMap(Map groupStatsMap) {
+ this.groupStatsMap = groupStatsMap;
+ }
+
+ public Integer getTotalLearners() {
+ return totalLearners;
+ }
+
+ public void setTotalLearners(Integer totalLearners) {
+ this.totalLearners = totalLearners;
+ }
+
+ public Map getSessionIdMap() {
+ return sessionIdMap;
+ }
+
+ public void setSessionIdMap(Map sessionIdMap) {
+ this.sessionIdMap = sessionIdMap;
+ }
+}
Fisheye: Tag 7b3ea39ddf6e10186cf9916562121c205bb0e5ad refers to a dead (removed) revision in file `lams_tool_nb/src/java/org/lamsfoundation/lams/tool/noticeboard/web/form/NbMonitoringForm.java'.
Fisheye: No comparison available. Pass `N' to diff?
Index: lams_tool_nb/web/WEB-INF/tlds/security/csrfguard.tld
===================================================================
diff -u
--- lams_tool_nb/web/WEB-INF/tlds/security/csrfguard.tld (revision 0)
+++ lams_tool_nb/web/WEB-INF/tlds/security/csrfguard.tld (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -0,0 +1,70 @@
+
+
+
+ 1.2
+ 2.0
+ Owasp CsrfGuard Tag Library
+ http://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project/Owasp.CsrfGuard.tld
+
+ token
+ org.owasp.csrfguard.tag.TokenTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ tokenname
+ org.owasp.csrfguard.tag.TokenNameTag
+ empty
+
+
+ tokenvalue
+ org.owasp.csrfguard.tag.TokenValueTag
+ empty
+
+ uri
+ false
+ true
+
+
+
+ a
+ org.owasp.csrfguard.tag.ATag
+ true
+
+
+ form
+ org.owasp.csrfguard.tag.FormTag
+ true
+
+
Index: lams_tool_nb/web/WEB-INF/web.xml
===================================================================
diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_nb/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785)
+++ lams_tool_nb/web/WEB-INF/web.xml (.../web.xml) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -57,6 +57,10 @@
UTF-8
+
+ CSRFGuard
+ org.owasp.csrfguard.CsrfGuardFilter
+
hibernateFilter
@@ -70,6 +74,10 @@
LocaleFilter
/*
+
+ CSRFGuard
+ *.do
+
spring
@@ -164,6 +172,13 @@
tags-lams
/WEB-INF/tlds/lams/lams.tld
+
+
+
+
+ csrfguard
+ /WEB-INF/tlds/security/csrfguard.tld
+
Index: lams_tool_nb/web/includes/taglibs.jsp
===================================================================
diff -u -r69473b66bf1e9e304407c33f92791924ea9eefd2 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_nb/web/includes/taglibs.jsp (.../taglibs.jsp) (revision 69473b66bf1e9e304407c33f92791924ea9eefd2)
+++ lams_tool_nb/web/includes/taglibs.jsp (.../taglibs.jsp) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -1,5 +1,5 @@
<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%>
-
+<%@ taglib uri="csrfguard" prefix="csrf" %>
<%@ taglib uri="tags-function" prefix="fn" %>
<%@ taglib uri="tags-core" prefix="c"%>
<%@ taglib uri="tags-fmt" prefix="fmt"%>
Index: lams_tool_nb/web/monitoring/m_EditActivity.jsp
===================================================================
diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r7b3ea39ddf6e10186cf9916562121c205bb0e5ad
--- lams_tool_nb/web/monitoring/m_EditActivity.jsp (.../m_EditActivity.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80)
+++ lams_tool_nb/web/monitoring/m_EditActivity.jsp (.../m_EditActivity.jsp) (revision 7b3ea39ddf6e10186cf9916562121c205bb0e5ad)
@@ -2,7 +2,7 @@
-
+
@@ -14,26 +14,27 @@
|
-
+
|