Change from boolean requiresLogin() to requiresLoginLevel() so that pages can require a specific login level. Remove login level checks from Freemarker controllers and handle using requiresLoginLevel() instead. If a user is already logged in and navigates or gets redirected to login page, show a message instead of a blank page.
This commit is contained in:
rjy7
parent
279c083d89
commit
2b2d522f45
7 changed files with 74 additions and 32 deletions
|
|
@ -39,13 +39,13 @@ public class PrimitiveRdfEdit extends FreemarkerHttpServlet{
|
|||
return "RDF edit";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected int requiresLoginLevel() {
|
||||
return LoginStatusBean.EDITOR;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
boolean loggedIn = checkLoginStatus(vreq);
|
||||
if( !loggedIn){
|
||||
return new RedirectResponseValues(UrlBuilder.getUrl(Route.LOGIN));
|
||||
}
|
||||
|
||||
return new TemplateResponseValues("primitiveRdfEdit.ftl");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -82,8 +82,8 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
|
|||
|
||||
ResponseValues responseValues;
|
||||
|
||||
// checkLoginStatus() does a redirect if the user is not logged in.
|
||||
if (requiresLogin() && !checkLoginStatus(request, response)) {
|
||||
// This method does a redirect if the required login level is not met, so just return.
|
||||
if (requiredLoginLevelNotFound(request, response)) {
|
||||
return;
|
||||
} else {
|
||||
responseValues = processRequest(vreq);
|
||||
|
|
@ -106,14 +106,27 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
|
|||
FreemarkerConfigurationLoader.getFreemarkerConfigurationLoader(getServletContext());
|
||||
return loader.getConfig(vreq);
|
||||
}
|
||||
|
||||
private boolean requiredLoginLevelNotFound(HttpServletRequest request, HttpServletResponse response) {
|
||||
int requiredLoginLevel = requiresLoginLevel();
|
||||
// checkLoginStatus() does a redirect if the user is not logged in.
|
||||
if (requiredLoginLevel > LoginStatusBean.ANYBODY && !checkLoginStatus(request, response, requiredLoginLevel)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected boolean requiresLogin() {
|
||||
return false;
|
||||
}
|
||||
|
||||
protected int requiresLoginLevel() {
|
||||
// By default, user does not need to be logged in to view pages.
|
||||
// Subclasses that require login to process their page will override to return true.
|
||||
// Subclasses that require login to process their page will override to return the required login level.
|
||||
// NB This method can't be static, because then the superclass method gets called rather than
|
||||
// the subclass method. For the same reason, it can't refer to a static or instance field
|
||||
// REQUIRES_LOGIN which is overridden in the subclass.
|
||||
return false;
|
||||
// REQUIRES_LOGIN_LEVEL which is overridden in the subclass.
|
||||
return LoginStatusBean.ANYBODY;
|
||||
}
|
||||
|
||||
// Subclasses will override
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ import java.util.Map;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
||||
|
|
@ -18,6 +19,11 @@ public class RevisionInfoController extends FreemarkerHttpServlet {
|
|||
private static final long serialVersionUID = 1L;
|
||||
private static final Log log = LogFactory.getLog(RevisionInfoController.class);
|
||||
private static final String TEMPLATE_DEFAULT = "revisionInfo.ftl";
|
||||
|
||||
@Override
|
||||
protected int requiresLoginLevel() {
|
||||
return LoginStatusBean.EDITOR;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
|
|
|
|||
|
|
@ -35,36 +35,35 @@ public class SiteAdminController extends FreemarkerHttpServlet {
|
|||
}
|
||||
|
||||
@Override
|
||||
protected boolean requiresLogin() {
|
||||
protected int requiresLoginLevel() {
|
||||
// User must be logged in to view this page.
|
||||
return true;
|
||||
return LoginStatusBean.EDITOR;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
|
||||
// Note that we don't get here unless logged in at least at editor level, due
|
||||
// to requiresLoginLevel().
|
||||
LoginStatusBean loginBean = LoginStatusBean.getBean(vreq);
|
||||
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR)) {
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
|
||||
UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal());
|
||||
UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal());
|
||||
|
||||
body.put("dataInput", getDataInputData(vreq));
|
||||
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
|
||||
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
||||
body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder));
|
||||
|
||||
body.put("dataInput", getDataInputData(vreq));
|
||||
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
|
||||
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
||||
body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder));
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) {
|
||||
body.put("dataTools", getDataToolsData(vreq, urlBuilder));
|
||||
|
||||
if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) {
|
||||
body.put("dataTools", getDataToolsData(vreq, urlBuilder));
|
||||
|
||||
// Only for DataStar. Should handle without needing a DataStar-specific version of this controller.
|
||||
//body.put("customReports", getCustomReportsData(vreq));
|
||||
}
|
||||
// Only for DataStar. Should handle without needing a DataStar-specific version of this controller.
|
||||
//body.put("customReports", getCustomReportsData(vreq));
|
||||
}
|
||||
}
|
||||
|
||||
return new TemplateResponseValues(TEMPLATE_DEFAULT, body);
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -67,15 +67,20 @@ public class IndexController extends FreemarkerHttpServlet {
|
|||
return "Full Search Index Rebuild";
|
||||
}
|
||||
|
||||
// @Override
|
||||
// protected int requiresLoginLevel() {
|
||||
// // User must be logged in to view this page.
|
||||
// return LoginStatusBean.DBA;
|
||||
// }
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
// Due to requiresLoginLevel(), we don't get here unless logged in as DBA
|
||||
if (!LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) {
|
||||
return new RedirectResponseValues(UrlBuilder.getUrl(Route.LOGIN));
|
||||
}
|
||||
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
|
||||
// long start = System.currentTimeMillis();
|
||||
try {
|
||||
IndexBuilder builder = (IndexBuilder)getServletContext().getAttribute(IndexBuilder.class.getName());
|
||||
if( vreq.getParameter("update") != null ){
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import org.apache.commons.logging.Log;
|
|||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State;
|
||||
import freemarker.core.Environment;
|
||||
|
|
@ -24,6 +25,7 @@ public class LoginWidget extends Widget {
|
|||
private static enum Macro {
|
||||
LOGIN("loginForm"),
|
||||
FORCE_PASSWORD_CHANGE("forcePasswordChange"),
|
||||
ALREADY_LOGGED_IN("alreadyLoggedIn"),
|
||||
SERVER_ERROR("error");
|
||||
|
||||
private final String macroName;
|
||||
|
|
@ -71,7 +73,15 @@ public class LoginWidget extends Widget {
|
|||
|
||||
switch (state) {
|
||||
case LOGGED_IN:
|
||||
return null;
|
||||
// On the login page itself, show a message that the user is already logged in.
|
||||
// Otherwise, when redirecting to login page from a page that the logged-in user
|
||||
// doesn't have access to, we would just show a blank page.
|
||||
if (request.getServletPath().equals(Route.LOGIN.path())) {
|
||||
values = showMessageToLoggedInUser(request);
|
||||
break;
|
||||
} else {
|
||||
return null;
|
||||
}
|
||||
case FORCED_PASSWORD_CHANGE:
|
||||
values = showPasswordChangeScreen(request);
|
||||
break;
|
||||
|
|
@ -113,6 +123,10 @@ public class LoginWidget extends Widget {
|
|||
|
||||
return values;
|
||||
}
|
||||
|
||||
private WidgetTemplateValues showMessageToLoggedInUser(HttpServletRequest request) {
|
||||
return new WidgetTemplateValues(Macro.ALREADY_LOGGED_IN.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* The user has given the correct password, but now they are required to
|
||||
|
|
|
|||
|
|
@ -78,6 +78,11 @@
|
|||
</section>
|
||||
</#macro>
|
||||
|
||||
<#macro alreadyLoggedIn>
|
||||
<h2>Log in</h2>
|
||||
<p>You are already logged in. You may have been redirected to this page because you tried to access a page that you do not have permission to view.</p>
|
||||
</#macro>
|
||||
|
||||
<#macro error>
|
||||
<p>There was an error in the system.</p>
|
||||
</#macro>
|
||||
Loading…
Add table
Reference in a new issue