litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: allow self editors to create individuals in faux property forms (#317)

Browse source
This commit is contained in:
Georgy Litvinov 2022-07-12 09:52:18 +02:00 committed by GitHub
parent b6d3b60530
commit 1168d1961a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
View file

@ -72,12 +72,7 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
@Override
protected AuthorizationRequest requiredActions(VitroRequest vreq) {
// If request is for new individual, return simple do back end editing action permission
if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
return SimplePermission.DO_BACK_END_EDITING.ACTION;
} else if(MANAGE_MENUS_FORM.equals(vreq.getParameter("editForm"))) {
return SimplePermission.MANAGE_MENUS.ACTION;
}
if (isIndividualDeletion(vreq)) {
return SimplePermission.DO_BACK_END_EDITING.ACTION;
}
@ -93,7 +88,7 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
predicateProp.setRangeVClassURI(rangeUri);
OntModel ontModel = ModelAccess.on(vreq).getOntModel();
AbstractObjectPropertyStatementAction objectPropertyAction;
if (objectUri == null) {
if (StringUtils.isBlank(objectUri)) {
objectPropertyAction = new AddObjectPropertyStatement(ontModel, subjectUri, predicateProp, RequestedAction.SOME_URI);
} else {
if (isDeleteForm(vreq)) {
@ -105,7 +100,14 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
boolean isAuthorized = PolicyHelper.isAuthorizedForActions(vreq,
new EditDataPropertyStatement(ontModel, subjectUri, predicateUri, objectUri).
or(objectPropertyAction));
if (!isAuthorized) {
// If request is for new individual, return simple do back end editing action permission
if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
return SimplePermission.DO_BACK_END_EDITING.ACTION;
} else if (MANAGE_MENUS_FORM.equals(vreq.getParameter("editForm"))) {
return SimplePermission.MANAGE_MENUS.ACTION;
}
}
return isAuthorized? SimplePermission.DO_FRONT_END_EDITING.ACTION: AuthorizationRequest.UNAUTHORIZED;
}