From 1658d7784afe6071b3cfd5b4932e42a5b5ccbb07 Mon Sep 17 00:00:00 2001
From: Brian Caruso <bdc34@cornell.edu>
Date: Fri, 27 Sep 2013 16:04:06 -0400
Subject: [PATCH] Adding email/pw auth to sparql query page

---
 .../webapp/controller/SparqlQueryServlet.java | 20 +++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
index db668fb85..bde67c1b5 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
@@ -41,8 +41,8 @@ import com.hp.hpl.jena.vocabulary.XSD;
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.Ontology;
-import edu.cornell.mannlib.vitro.webapp.controller.individual.IndividualController;
 import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService;
 import edu.cornell.mannlib.vitro.webapp.rdfservice.RDFService.ModelSerializationFormat;
@@ -92,12 +92,20 @@ public class SparqlQueryServlet extends BaseEditController {
     protected void doGet(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException
     {    	    	   	
-		if (!isAuthorizedToDisplayPage(request, response,
-				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTIONS)) {
-    		return;
-    	}
-
         VitroRequest vreq = new VitroRequest(request);
+        
+        //first check if the email and password are just in the request
+        String email = vreq.getParameter("email");
+        String password = vreq.getParameter("password");                        
+        boolean isAuth = PolicyHelper.isAuthorizedForActions(vreq, 
+                email, password, SimplePermission.USE_SPARQL_QUERY_PAGE.ACTIONS);
+        
+        //otherwise use the normal auth mechanism
+        if( ! isAuth && 
+            !isAuthorizedToDisplayPage(request, response,
+    				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTIONS)) {
+            return;        	      
+        }
 
         Model model = vreq.getJenaOntModel(); 
         if( model == null ){