diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java index 5f43d383a..624cfd0cf 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java @@ -39,13 +39,13 @@ public class PrimitiveRdfEdit extends FreemarkerHttpServlet{ return "RDF edit"; } + @Override + protected int requiresLoginLevel() { + return LoginStatusBean.EDITOR; + } + @Override protected ResponseValues processRequest(VitroRequest vreq) { - boolean loggedIn = checkLoginStatus(vreq); - if( !loggedIn){ - return new RedirectResponseValues(UrlBuilder.getUrl(Route.LOGIN)); - } - return new TemplateResponseValues("primitiveRdfEdit.ftl"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java index 23a289714..2826feade 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java @@ -82,8 +82,8 @@ public class FreemarkerHttpServlet extends VitroHttpServlet { ResponseValues responseValues; - // checkLoginStatus() does a redirect if the user is not logged in. - if (requiresLogin() && !checkLoginStatus(request, response)) { + // This method does a redirect if the required login level is not met, so just return. + if (requiredLoginLevelNotFound(request, response)) { return; } else { responseValues = processRequest(vreq); @@ -106,14 +106,27 @@ public class FreemarkerHttpServlet extends VitroHttpServlet { FreemarkerConfigurationLoader.getFreemarkerConfigurationLoader(getServletContext()); return loader.getConfig(vreq); } + + private boolean requiredLoginLevelNotFound(HttpServletRequest request, HttpServletResponse response) { + int requiredLoginLevel = requiresLoginLevel(); + // checkLoginStatus() does a redirect if the user is not logged in. + if (requiredLoginLevel > LoginStatusBean.ANYBODY && !checkLoginStatus(request, response, requiredLoginLevel)) { + return true; + } + return false; + } protected boolean requiresLogin() { + return false; + } + + protected int requiresLoginLevel() { // By default, user does not need to be logged in to view pages. - // Subclasses that require login to process their page will override to return true. + // Subclasses that require login to process their page will override to return the required login level. // NB This method can't be static, because then the superclass method gets called rather than // the subclass method. For the same reason, it can't refer to a static or instance field - // REQUIRES_LOGIN which is overridden in the subclass. - return false; + // REQUIRES_LOGIN_LEVEL which is overridden in the subclass. + return LoginStatusBean.ANYBODY; } // Subclasses will override diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java index a0f8c5e5c..78bfd4202 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java @@ -8,6 +8,7 @@ import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -18,6 +19,11 @@ public class RevisionInfoController extends FreemarkerHttpServlet { private static final long serialVersionUID = 1L; private static final Log log = LogFactory.getLog(RevisionInfoController.class); private static final String TEMPLATE_DEFAULT = "revisionInfo.ftl"; + + @Override + protected int requiresLoginLevel() { + return LoginStatusBean.EDITOR; + } @Override protected ResponseValues processRequest(VitroRequest vreq) { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index 0e37399c6..8eb1c5525 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -35,36 +35,35 @@ public class SiteAdminController extends FreemarkerHttpServlet { } @Override - protected boolean requiresLogin() { + protected int requiresLoginLevel() { // User must be logged in to view this page. - return true; + return LoginStatusBean.EDITOR; } @Override protected ResponseValues processRequest(VitroRequest vreq) { - + // Note that we don't get here unless logged in at least at editor level, due + // to requiresLoginLevel(). LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); - Map body = new HashMap(); - - if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR)) { + Map body = new HashMap(); - UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal()); + UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal()); + + body.put("dataInput", getDataInputData(vreq)); + + if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { + body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder)); + body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder)); - body.put("dataInput", getDataInputData(vreq)); - - if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { - body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder)); - body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder)); + if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { + body.put("dataTools", getDataToolsData(vreq, urlBuilder)); - if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { - body.put("dataTools", getDataToolsData(vreq, urlBuilder)); - - // Only for DataStar. Should handle without needing a DataStar-specific version of this controller. - //body.put("customReports", getCustomReportsData(vreq)); - } + // Only for DataStar. Should handle without needing a DataStar-specific version of this controller. + //body.put("customReports", getCustomReportsData(vreq)); } } + return new TemplateResponseValues(TEMPLATE_DEFAULT, body); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java index 0e1f0173f..460b6ee82 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java @@ -67,15 +67,20 @@ public class IndexController extends FreemarkerHttpServlet { return "Full Search Index Rebuild"; } +// @Override +// protected int requiresLoginLevel() { +// // User must be logged in to view this page. +// return LoginStatusBean.DBA; +// } + @Override - protected ResponseValues processRequest(VitroRequest vreq) { + protected ResponseValues processRequest(VitroRequest vreq) { + // Due to requiresLoginLevel(), we don't get here unless logged in as DBA if (!LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) { return new RedirectResponseValues(UrlBuilder.getUrl(Route.LOGIN)); } - Map body = new HashMap(); - // long start = System.currentTimeMillis(); try { IndexBuilder builder = (IndexBuilder)getServletContext().getAttribute(IndexBuilder.class.getName()); if( vreq.getParameter("update") != null ){ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/widgets/LoginWidget.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/widgets/LoginWidget.java index 15099c3e5..6ad400dad 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/widgets/LoginWidget.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/widgets/LoginWidget.java @@ -12,6 +12,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean; import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State; import freemarker.core.Environment; @@ -24,6 +25,7 @@ public class LoginWidget extends Widget { private static enum Macro { LOGIN("loginForm"), FORCE_PASSWORD_CHANGE("forcePasswordChange"), + ALREADY_LOGGED_IN("alreadyLoggedIn"), SERVER_ERROR("error"); private final String macroName; @@ -71,7 +73,15 @@ public class LoginWidget extends Widget { switch (state) { case LOGGED_IN: - return null; + // On the login page itself, show a message that the user is already logged in. + // Otherwise, when redirecting to login page from a page that the logged-in user + // doesn't have access to, we would just show a blank page. + if (request.getServletPath().equals(Route.LOGIN.path())) { + values = showMessageToLoggedInUser(request); + break; + } else { + return null; + } case FORCED_PASSWORD_CHANGE: values = showPasswordChangeScreen(request); break; @@ -113,6 +123,10 @@ public class LoginWidget extends Widget { return values; } + + private WidgetTemplateValues showMessageToLoggedInUser(HttpServletRequest request) { + return new WidgetTemplateValues(Macro.ALREADY_LOGGED_IN.toString()); + } /** * The user has given the correct password, but now they are required to diff --git a/webapp/web/templates/freemarker/widgets/widget-login.ftl b/webapp/web/templates/freemarker/widgets/widget-login.ftl index 046a49023..25140f00b 100644 --- a/webapp/web/templates/freemarker/widgets/widget-login.ftl +++ b/webapp/web/templates/freemarker/widgets/widget-login.ftl @@ -78,6 +78,11 @@ +<#macro alreadyLoggedIn> +

Log in

+

You are already logged in. You may have been redirected to this page because you tried to access a page that you do not have permission to view.

+ + <#macro error>

There was an error in the system.

\ No newline at end of file