diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 70b2e3b19..8293ecffb 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -15,6 +15,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** @@ -40,10 +41,12 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { PolicyDecision result; if (whatToAuth instanceof UseAdvancedDataToolsPages) { result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole); - } else if (whatToAuth instanceof UseOntologyEditorPages) { - result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); } else if (whatToAuth instanceof UseEditUserAccountsPages) { result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole); + } else if (whatToAuth instanceof UseOntologyEditorPages) { + result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); + } else if (whatToAuth instanceof UsePortalEditorPages) { + result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); } else { result = defaultDecision("Unrecognized action"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePortalEditorPages.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePortalEditorPages.java new file mode 100644 index 000000000..e91a75442 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePortalEditorPages.java @@ -0,0 +1,11 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to use the pages for editing portals? */ +public class UsePortalEditorPages extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java index 02aba0ce4..7481f20eb 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java @@ -5,9 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit; import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; -import java.util.List; import java.util.Iterator; -import java.util.ArrayList; +import java.util.List; import javax.servlet.RequestDispatcher; import javax.servlet.ServletContext; @@ -24,6 +23,8 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.forwarder.PageForwarder; import edu.cornell.mannlib.vedit.listener.ChangeListener; import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -32,21 +33,14 @@ import edu.cornell.mannlib.vitro.webapp.dao.TabDao; import edu.cornell.mannlib.vitro.webapp.filters.PortalPickerFilter; import edu.cornell.mannlib.vitro.webapp.utils.ThemeUtils; +@RequiresAuthorizationFor(UsePortalEditorPages.class) public class PortalRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(PortalRetryController.class.getName()); - public void doPost (HttpServletRequest req, HttpServletResponse response) { - + @Override + public void doPost (HttpServletRequest req, HttpServletResponse response) { VitroRequest request = new VitroRequest(req); - if (!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request,response); - } catch (Exception e) { - log.error("PortalRetryController encountered exception calling super.doGet()"); - } //create an EditProcessObject for this and put it in the session EditProcessObject epo = super.createEpo(request); @@ -66,7 +60,7 @@ public class PortalRetryController extends BaseEditController { int id = Integer.parseInt(request.getParameter("id")); if (id >= 0) { try { - portalForEditing = (Portal)pDao.getPortal(id); + portalForEditing = pDao.getPortal(id); action = "update"; } catch (NullPointerException e) { log.error("Need to implement 'record not found' error message."); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java index b75a35df6..5eaa820d5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java @@ -2,42 +2,34 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit.listing; -import java.net.URLEncoder; import java.util.ArrayList; import java.util.Collection; -import java.util.Iterator; import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.beans.Ontology; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.PortalDao; +@RequiresAuthorizationFor(UsePortalEditorPages.class) public class PortalsListingController extends BaseEditController { - public void doGet(HttpServletRequest request, HttpServletResponse response) { + @Override + public void doGet(HttpServletRequest request, HttpServletResponse response) { VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); - if(!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request, response); - } catch (Throwable t) { - t.printStackTrace(); - } - PortalDao dao = vrequest.getFullWebappDaoFactory().getPortalDao(); - Collection portals = dao.getAllPortals(); + Collection portals = dao.getAllPortals(); - ArrayList results = new ArrayList(); + ArrayList results = new ArrayList(); results.add("XX"); results.add("ID number"); results.add("Portal"); @@ -45,9 +37,7 @@ public class PortalsListingController extends BaseEditController { if (portals != null) { - Iterator portalIt = portals.iterator(); - while (portalIt.hasNext()) { - Portal p = (Portal) portalIt.next(); + for (Portal p : portals) { results.add("XX"); results.add(Integer.toString(p.getPortalId())); if (p.getAppName() != null) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index 8f3311357..78dc9b827 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.PortalsListingController; import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; @@ -132,7 +133,9 @@ public class SiteAdminController extends FreemarkerHttpServlet { urls.put("users", urlBuilder.getPortalUrl("/listUsers")); } - if (!vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal()) { + boolean multiplePortals = !vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal(); + boolean mayEditPortals = PolicyHelper.isAuthorizedForServlet(vreq, PortalsListingController.class); + if (multiplePortals && mayEditPortals) { urls.put("portals", urlBuilder.getPortalUrl("/listPortals")); } diff --git a/webapp/web/templates/edit/specific/portal_retry.jsp b/webapp/web/templates/edit/specific/portal_retry.jsp index d4c8e7148..6ff72b7c9 100644 --- a/webapp/web/templates/edit/specific/portal_retry.jsp +++ b/webapp/web/templates/edit/specific/portal_retry.jsp @@ -4,6 +4,8 @@ <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %> <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %> +<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %> +