litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 Restrict pages by UsePortalEditorPages requested action.

Browse source
This commit is contained in:
j2blake 2011-04-19 14:49:55 +00:00
parent f2269120d7
commit 11e19ce19a
6 changed files with 37 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

7
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
View file

@ -15,6 +15,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
/**
@ -40,10 +41,12 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
PolicyDecision result;
if (whatToAuth instanceof UseAdvancedDataToolsPages) {
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
} else if (whatToAuth instanceof UseOntologyEditorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof UseEditUserAccountsPages) {
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
} else if (whatToAuth instanceof UseOntologyEditorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof UsePortalEditorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else {
result = defaultDecision("Unrecognized action");
}

11
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UsePortalEditorPages.java Normal file
View file

@ -0,0 +1,11 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/** Should we allow the user to use the pages for editing portals? */
public class UsePortalEditorPages extends RequestedAction implements
UsePagesRequestedAction {
// no fields
}

20
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java
View file

@ -5,9 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.controller.edit;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Iterator;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext;
@ -24,6 +23,8 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.listener.ChangeListener;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -32,21 +33,14 @@ import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
import edu.cornell.mannlib.vitro.webapp.filters.PortalPickerFilter;
import edu.cornell.mannlib.vitro.webapp.utils.ThemeUtils;
@RequiresAuthorizationFor(UsePortalEditorPages.class)
public class PortalRetryController extends BaseEditController {
private static final Log log = LogFactory.getLog(PortalRetryController.class.getName());
public void doPost (HttpServletRequest req, HttpServletResponse response) {
@Override
public void doPost (HttpServletRequest req, HttpServletResponse response) {
VitroRequest request = new VitroRequest(req);
if (!checkLoginStatus(request,response))
return;
try {
super.doGet(request,response);
} catch (Exception e) {
log.error("PortalRetryController encountered exception calling super.doGet()");
}
//create an EditProcessObject for this and put it in the session
EditProcessObject epo = super.createEpo(request);
@ -66,7 +60,7 @@ public class PortalRetryController extends BaseEditController {
int id = Integer.parseInt(request.getParameter("id"));
if (id >= 0) {
try {
portalForEditing = (Portal)pDao.getPortal(id);
portalForEditing = pDao.getPortal(id);
action = "update";
} catch (NullPointerException e) {
log.error("Need to implement 'record not found' error message.");

26
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java
View file

@ -2,42 +2,34 @@
package edu.cornell.mannlib.vitro.webapp.controller.edit.listing;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vitro.webapp.beans.Ontology;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.PortalDao;
@RequiresAuthorizationFor(UsePortalEditorPages.class)
public class PortalsListingController extends BaseEditController {
public void doGet(HttpServletRequest request, HttpServletResponse response) {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) {
VitroRequest vrequest = new VitroRequest(request);
Portal portal = vrequest.getPortal();
if(!checkLoginStatus(request,response))
return;
try {
super.doGet(request, response);
} catch (Throwable t) {
t.printStackTrace();
}
PortalDao dao = vrequest.getFullWebappDaoFactory().getPortalDao();
Collection portals = dao.getAllPortals();
Collection<Portal> portals = dao.getAllPortals();
ArrayList results = new ArrayList();
ArrayList<String> results = new ArrayList<String>();
results.add("XX");
results.add("ID number");
results.add("Portal");
@ -45,9 +37,7 @@ public class PortalsListingController extends BaseEditController {
if (portals != null) {
Iterator portalIt = portals.iterator();
while (portalIt.hasNext()) {
Portal p = (Portal) portalIt.next();
for (Portal p : portals) {
results.add("XX");
results.add(Integer.toString(p.getPortalId()));
if (p.getAppName() != null)

5
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java
View file

@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.PortalsListingController;
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
@ -132,7 +133,9 @@ public class SiteAdminController extends FreemarkerHttpServlet {
urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
}
if (!vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal()) {
boolean multiplePortals = !vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal();
boolean mayEditPortals = PolicyHelper.isAuthorizedForServlet(vreq, PortalsListingController.class);
if (multiplePortals && mayEditPortals) {
urls.put("portals", urlBuilder.getPortalUrl("/listPortals"));
}