NIHVIVO-2492 Restrict pages by UseEditUserAccountsPages requested action.
This commit is contained in:
j2blake
parent
155ab92f51
commit
212916ebdc
7 changed files with 37 additions and 39 deletions
|
|
@ -13,6 +13,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||||
|
|
||||||
|
|
@ -41,6 +42,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
|
||||||
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
|
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
|
||||||
} else if (whatToAuth instanceof UseOntologyEditorPages) {
|
} else if (whatToAuth instanceof UseOntologyEditorPages) {
|
||||||
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
|
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
|
||||||
|
} else if (whatToAuth instanceof UseEditUserAccountsPages) {
|
||||||
|
result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
|
||||||
} else {
|
} else {
|
||||||
result = defaultDecision("Unrecognized action");
|
result = defaultDecision("Unrecognized action");
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,11 @@
|
||||||
|
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||||
|
|
||||||
|
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||||
|
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||||
|
|
||||||
|
/** Should we allow the user to edit user accounts? */
|
||||||
|
public class UseEditUserAccountsPages extends RequestedAction implements
|
||||||
|
UsePagesRequestedAction {
|
||||||
|
// no fields
|
||||||
|
}
|
||||||
|
|
@ -15,6 +15,8 @@ import org.apache.commons.logging.LogFactory;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||||
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
|
import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
|
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
|
||||||
|
|
@ -27,6 +29,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
|
||||||
|
|
||||||
|
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||||
public class UserEditController extends BaseEditController {
|
public class UserEditController extends BaseEditController {
|
||||||
|
|
||||||
private String[] roleNameStr = new String[51];
|
private String[] roleNameStr = new String[51];
|
||||||
|
|
@ -39,17 +42,8 @@ public class UserEditController extends BaseEditController {
|
||||||
roleNameStr[50] = "system administrator";
|
roleNameStr[50] = "system administrator";
|
||||||
}
|
}
|
||||||
|
|
||||||
public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException {
|
@Override
|
||||||
|
public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException {
|
||||||
if (!checkLoginStatus(request,response, LoginStatusBean.DBA))
|
|
||||||
return;
|
|
||||||
|
|
||||||
try {
|
|
||||||
super.doGet(request,response);
|
|
||||||
} catch (Exception e) {
|
|
||||||
log.error(this.getClass().getName()+" caught exception calling doGet()");
|
|
||||||
}
|
|
||||||
|
|
||||||
VitroRequest vreq = new VitroRequest(request);
|
VitroRequest vreq = new VitroRequest(request);
|
||||||
Portal portal = vreq.getPortal();
|
Portal portal = vreq.getPortal();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -27,13 +27,16 @@ import edu.cornell.mannlib.vedit.listener.ChangeListener;
|
||||||
import edu.cornell.mannlib.vedit.util.FormUtils;
|
import edu.cornell.mannlib.vedit.util.FormUtils;
|
||||||
import edu.cornell.mannlib.vedit.validator.ValidationObject;
|
import edu.cornell.mannlib.vedit.validator.ValidationObject;
|
||||||
import edu.cornell.mannlib.vedit.validator.Validator;
|
import edu.cornell.mannlib.vedit.validator.Validator;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup;
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||||
|
|
||||||
|
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||||
public class UserRetryController extends BaseEditController {
|
public class UserRetryController extends BaseEditController {
|
||||||
|
|
||||||
private static final String ROLE_PROTOCOL = "role:/"; // this is weird; need to revisit
|
private static final String ROLE_PROTOCOL = "role:/"; // this is weird; need to revisit
|
||||||
|
|
@ -43,21 +46,10 @@ public class UserRetryController extends BaseEditController {
|
||||||
public void doPost (HttpServletRequest req, HttpServletResponse response) {
|
public void doPost (HttpServletRequest req, HttpServletResponse response) {
|
||||||
|
|
||||||
VitroRequest request = new VitroRequest(req);
|
VitroRequest request = new VitroRequest(req);
|
||||||
|
|
||||||
if (!checkLoginStatus(request,response))
|
|
||||||
return;
|
|
||||||
|
|
||||||
try {
|
|
||||||
super.doGet(request,response);
|
|
||||||
} catch (Exception e) {
|
|
||||||
log.error(this.getClass().getName()+" encountered exception calling super.doGet()");
|
|
||||||
}
|
|
||||||
|
|
||||||
VitroRequest vreq = new VitroRequest(request);
|
|
||||||
|
|
||||||
//create an EditProcessObject for this and put it in the session
|
//create an EditProcessObject for this and put it in the session
|
||||||
EditProcessObject epo = super.createEpo(request);
|
EditProcessObject epo = super.createEpo(request);
|
||||||
epo.setDataAccessObject(vreq.getFullWebappDaoFactory().getVClassDao());
|
epo.setDataAccessObject(request.getFullWebappDaoFactory().getVClassDao());
|
||||||
|
|
||||||
String action = null;
|
String action = null;
|
||||||
if (epo.getAction() == null) {
|
if (epo.getAction() == null) {
|
||||||
|
|
@ -67,7 +59,7 @@ public class UserRetryController extends BaseEditController {
|
||||||
action = epo.getAction();
|
action = epo.getAction();
|
||||||
}
|
}
|
||||||
|
|
||||||
UserDao uDao = vreq.getFullWebappDaoFactory().getUserDao();
|
UserDao uDao = request.getFullWebappDaoFactory().getUserDao();
|
||||||
epo.setDataAccessObject(uDao);
|
epo.setDataAccessObject(uDao);
|
||||||
|
|
||||||
User userForEditing = null;
|
User userForEditing = null;
|
||||||
|
|
@ -90,7 +82,7 @@ public class UserRetryController extends BaseEditController {
|
||||||
userForEditing = (User) epo.getNewBean();
|
userForEditing = (User) epo.getNewBean();
|
||||||
}
|
}
|
||||||
|
|
||||||
populateBeanFromParams(userForEditing, vreq);
|
populateBeanFromParams(userForEditing, request);
|
||||||
|
|
||||||
//validators
|
//validators
|
||||||
Validator v = new PairedPasswordValidator();
|
Validator v = new PairedPasswordValidator();
|
||||||
|
|
|
||||||
|
|
@ -13,12 +13,15 @@ import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
import edu.cornell.mannlib.vedit.controller.BaseEditController;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
import edu.cornell.mannlib.vitro.webapp.beans.User;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
|
||||||
|
|
||||||
|
@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
|
||||||
public class UsersListingController extends BaseEditController {
|
public class UsersListingController extends BaseEditController {
|
||||||
|
|
||||||
private String[] roleNameStr = new String[51];
|
private String[] roleNameStr = new String[51];
|
||||||
|
|
@ -30,19 +33,11 @@ public class UsersListingController extends BaseEditController {
|
||||||
roleNameStr[50] = "system administrator";
|
roleNameStr[50] = "system administrator";
|
||||||
}
|
}
|
||||||
|
|
||||||
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
@Override
|
||||||
|
public void doGet(HttpServletRequest request, HttpServletResponse response) {
|
||||||
VitroRequest vrequest = new VitroRequest(request);
|
VitroRequest vrequest = new VitroRequest(request);
|
||||||
Portal portal = vrequest.getPortal();
|
Portal portal = vrequest.getPortal();
|
||||||
|
|
||||||
if(!checkLoginStatus(request,response))
|
|
||||||
return;
|
|
||||||
|
|
||||||
try {
|
|
||||||
super.doGet(request, response);
|
|
||||||
} catch (Throwable t) {
|
|
||||||
t.printStackTrace();
|
|
||||||
}
|
|
||||||
|
|
||||||
UserDao dao = vrequest.getFullWebappDaoFactory().getUserDao();
|
UserDao dao = vrequest.getFullWebappDaoFactory().getUserDao();
|
||||||
|
|
||||||
List<User> users = dao.getAllUsers();
|
List<User> users = dao.getAllUsers();
|
||||||
|
|
@ -119,7 +114,8 @@ public class UsersListingController extends BaseEditController {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void doPost(HttpServletRequest request, HttpServletResponse response) {
|
@Override
|
||||||
|
public void doPost(HttpServletRequest request, HttpServletResponse response) {
|
||||||
doGet(request,response);
|
doGet(request,response);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance
|
||||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||||
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
|
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||||
|
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
|
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
|
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
|
||||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
|
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
|
||||||
|
|
@ -68,8 +69,6 @@ public class SiteAdminController extends FreemarkerHttpServlet {
|
||||||
// of step with the levels required by the pages themselves. We should implement a
|
// of step with the levels required by the pages themselves. We should implement a
|
||||||
// mechanism similar to what's used on the front end to display links to Site Admin
|
// mechanism similar to what's used on the front end to display links to Site Admin
|
||||||
// and Revision Info iff the user has access to those pages.
|
// and Revision Info iff the user has access to those pages.
|
||||||
// jeb228 This could be done with
|
|
||||||
// PolicyHelper.areRequiredAuthorizationsSatisfied(req, SomeServlet.class);
|
|
||||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
|
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
|
||||||
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
||||||
}
|
}
|
||||||
|
|
@ -129,7 +128,7 @@ public class SiteAdminController extends FreemarkerHttpServlet {
|
||||||
|
|
||||||
urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
|
urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
|
||||||
|
|
||||||
if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) {
|
if (PolicyHelper.areRequiredAuthorizationsSatisfied(vreq, UsersListingController.class)) {
|
||||||
urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
|
urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,6 +6,9 @@
|
||||||
<jsp:directive.page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary"/>
|
<jsp:directive.page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary"/>
|
||||||
<jsp:directive.page import="edu.cornell.mannlib.vitro.webapp.beans.User"/>
|
<jsp:directive.page import="edu.cornell.mannlib.vitro.webapp.beans.User"/>
|
||||||
|
|
||||||
|
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||||
|
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages" />
|
||||||
|
|
||||||
<div class="editingForm">
|
<div class="editingForm">
|
||||||
|
|
||||||
<jsp:include page="/templates/edit/fetch/vertical.jsp"/>
|
<jsp:include page="/templates/edit/fetch/vertical.jsp"/>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue