NIHVIVO-2492 Restrict pages by UseEditUserAccountsPages requested action.
This commit is contained in:
j2blake
parent
155ab92f51
commit
212916ebdc
7 changed files with 37 additions and 39 deletions
|
|
@ -13,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
|
||||
|
|
@ -41,6 +42,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
|
|||
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
|
||||
} else if (whatToAuth instanceof UseOntologyEditorPages) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
|
||||
} else if (whatToAuth instanceof UseEditUserAccountsPages) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
|
||||
} else {
|
||||
result = defaultDecision("Unrecognized action");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
|
||||
/** Should we allow the user to edit user accounts? */
|
||||
public class UseEditUserAccountsPages extends RequestedAction implements
|
||||
UsePagesRequestedAction {
|
||||
// no fields
|
||||
}
|
||||
|
|
@ -15,6 +15,8 @@ import org.apache.commons.logging.LogFactory;
|
|||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
|
||||
|
|
@ -27,6 +29,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
|||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||
|
||||
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||
public class UserEditController extends BaseEditController {
|
||||
|
||||
private String[] roleNameStr = new String[51];
|
||||
|
|
@ -39,17 +42,8 @@ public class UserEditController extends BaseEditController {
|
|||
roleNameStr[50] = "system administrator";
|
||||
}
|
||||
|
||||
public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException {
|
||||
|
||||
if (!checkLoginStatus(request,response, LoginStatusBean.DBA))
|
||||
return;
|
||||
|
||||
try {
|
||||
super.doGet(request,response);
|
||||
} catch (Exception e) {
|
||||
log.error(this.getClass().getName()+" caught exception calling doGet()");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException {
|
||||
VitroRequest vreq = new VitroRequest(request);
|
||||
Portal portal = vreq.getPortal();
|
||||
|
||||
|
|
|
|||
|
|
@ -27,13 +27,16 @@ import edu.cornell.mannlib.vedit.listener.ChangeListener;
|
|||
import edu.cornell.mannlib.vedit.util.FormUtils;
|
||||
import edu.cornell.mannlib.vedit.validator.ValidationObject;
|
||||
import edu.cornell.mannlib.vedit.validator.Validator;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
|
||||
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||
public class UserRetryController extends BaseEditController {
|
||||
|
||||
private static final String ROLE_PROTOCOL = "role:/"; // this is weird; need to revisit
|
||||
|
|
@ -43,21 +46,10 @@ public class UserRetryController extends BaseEditController {
|
|||
public void doPost (HttpServletRequest req, HttpServletResponse response) {
|
||||
|
||||
VitroRequest request = new VitroRequest(req);
|
||||
|
||||
if (!checkLoginStatus(request,response))
|
||||
return;
|
||||
|
||||
try {
|
||||
super.doGet(request,response);
|
||||
} catch (Exception e) {
|
||||
log.error(this.getClass().getName()+" encountered exception calling super.doGet()");
|
||||
}
|
||||
|
||||
VitroRequest vreq = new VitroRequest(request);
|
||||
|
||||
//create an EditProcessObject for this and put it in the session
|
||||
EditProcessObject epo = super.createEpo(request);
|
||||
epo.setDataAccessObject(vreq.getFullWebappDaoFactory().getVClassDao());
|
||||
epo.setDataAccessObject(request.getFullWebappDaoFactory().getVClassDao());
|
||||
|
||||
String action = null;
|
||||
if (epo.getAction() == null) {
|
||||
|
|
@ -67,7 +59,7 @@ public class UserRetryController extends BaseEditController {
|
|||
action = epo.getAction();
|
||||
}
|
||||
|
||||
UserDao uDao = vreq.getFullWebappDaoFactory().getUserDao();
|
||||
UserDao uDao = request.getFullWebappDaoFactory().getUserDao();
|
||||
epo.setDataAccessObject(uDao);
|
||||
|
||||
User userForEditing = null;
|
||||
|
|
@ -90,7 +82,7 @@ public class UserRetryController extends BaseEditController {
|
|||
userForEditing = (User) epo.getNewBean();
|
||||
}
|
||||
|
||||
populateBeanFromParams(userForEditing, vreq);
|
||||
populateBeanFromParams(userForEditing, request);
|
||||
|
||||
//validators
|
||||
Validator v = new PairedPasswordValidator();
|
||||
|
|
|
|||
|
|
@ -13,12 +13,15 @@ import javax.servlet.http.HttpServletRequest;
|
|||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||
|
||||
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||
public class UsersListingController extends BaseEditController {
|
||||
|
||||
private String[] roleNameStr = new String[51];
|
||||
|
|
@ -30,19 +33,11 @@ public class UsersListingController extends BaseEditController {
|
|||
roleNameStr[50] = "system administrator";
|
||||
}
|
||||
|
||||
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
||||
@Override
|
||||
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
||||
VitroRequest vrequest = new VitroRequest(request);
|
||||
Portal portal = vrequest.getPortal();
|
||||
|
||||
if(!checkLoginStatus(request,response))
|
||||
return;
|
||||
|
||||
try {
|
||||
super.doGet(request, response);
|
||||
} catch (Throwable t) {
|
||||
t.printStackTrace();
|
||||
}
|
||||
|
||||
UserDao dao = vrequest.getFullWebappDaoFactory().getUserDao();
|
||||
|
||||
List<User> users = dao.getAllUsers();
|
||||
|
|
@ -119,7 +114,8 @@ public class UsersListingController extends BaseEditController {
|
|||
|
||||
}
|
||||
|
||||
public void doPost(HttpServletRequest request, HttpServletResponse response) {
|
||||
@Override
|
||||
public void doPost(HttpServletRequest request, HttpServletResponse response) {
|
||||
doGet(request,response);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
|
||||
|
|
@ -68,8 +69,6 @@ public class SiteAdminController extends FreemarkerHttpServlet {
|
|||
// of step with the levels required by the pages themselves. We should implement a
|
||||
// mechanism similar to what's used on the front end to display links to Site Admin
|
||||
// and Revision Info iff the user has access to those pages.
|
||||
// jeb228 This could be done with
|
||||
// PolicyHelper.areRequiredAuthorizationsSatisfied(req, SomeServlet.class);
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
|
||||
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
||||
}
|
||||
|
|
@ -129,7 +128,7 @@ public class SiteAdminController extends FreemarkerHttpServlet {
|
|||
|
||||
urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
|
||||
|
||||
if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) {
|
||||
if (PolicyHelper.areRequiredAuthorizationsSatisfied(vreq, UsersListingController.class)) {
|
||||
urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue