diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java index bbfd84f75..d875dbedc 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java @@ -2,11 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.auth.policy; -import java.lang.annotation.ElementType; -import java.lang.annotation.Retention; -import java.lang.annotation.RetentionPolicy; -import java.lang.annotation.Target; - import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; @@ -45,50 +40,6 @@ public class PolicyHelper { return Actions.notNull(actions).isAuthorized(policy, ids); } - // ---------------------------------------------------------------------- - // ---------------------------------------------------------------------- - // ---------------------------------------------------------------------- - // Obsolete ???????? - // ---------------------------------------------------------------------- - // ---------------------------------------------------------------------- - // ---------------------------------------------------------------------- - - /** - * A subclass of VitroHttpServlet may be annotated to say what actions - * should be checked for authorization before permitting the user to view - * the page that the servlet would create. - * - * Any RequestedAction can be specified, but the most common use will be to - * specify implementations of UsePagesRequestedAction. - * - * Note that a combination of AND and OR relationships can be created - * (at-signs converted to #-signs, so Javadoc won't try to actually apply - * the annotations): - * - * 
-	 * #RequiresAuthorizationFor(This.class)
-	 * #RequiresAuthorizationFor({This.class, That.class})
-	 * #RequiresAuthorizationFor(value=This.class, or=#Or(That.class))
-	 * #RequiresAuthorizationFor(or={#Or(One_A.class, One_B.class), #Or(Two.class)})
-	 *
- */ - @Retention(RetentionPolicy.RUNTIME) - @Target(ElementType.TYPE) - public static @interface RequiresAuthorizationFor { - static class NoAction extends RequestedAction { - /* no fields */ - } - - @Retention(RetentionPolicy.RUNTIME) - public static @interface Or { - Class[] value() default NoAction.class; - } - - Class[] value() default NoAction.class; - - Or[] or() default @Or(); - } - /** * No need to instantiate this helper class - all methods are static. */ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java index 80a50ae42..6f000044c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java @@ -15,7 +15,6 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.FakeSelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages; /** diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java index 9b33654b0..3b6748ef2 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryBuilderServlet.java @@ -19,7 +19,7 @@ import com.hp.hpl.jena.rdf.model.Model; import com.hp.hpl.jena.sparql.resultset.ResultSetFormat; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -28,7 +28,6 @@ import edu.cornell.mannlib.vitro.webapp.beans.Portal; * This servlet works as a RequestDispatcher to direct to the sparl query builder page. * @author yuysun */ -@RequiresAuthorizationFor(UseAdvancedDataToolsPages.class) public class SparqlQueryBuilderServlet extends BaseEditController { private static final Log log = LogFactory.getLog(SparqlQueryBuilderServlet.class.getName()); @@ -75,7 +74,11 @@ public class SparqlQueryBuilderServlet extends BaseEditController { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - VitroRequest vreq = new VitroRequest(request); + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseAdvancedDataToolsPages()))) { + return; + } + + VitroRequest vreq = new VitroRequest(request); Model model = vreq.getJenaOntModel(); // getModel() if( model == null ){ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java index 30af4db6e..ae738550b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java @@ -46,7 +46,7 @@ import com.hp.hpl.jena.sparql.resultset.ResultSetFormat; import com.hp.hpl.jena.vocabulary.XSD; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.beans.Ontology; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -60,7 +60,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; * @author bdc34 * */ -@RequiresAuthorizationFor(UseAdvancedDataToolsPages.class) public class SparqlQueryServlet extends BaseEditController { private static final Log log = LogFactory.getLog(SparqlQueryServlet.class.getName()); @@ -106,6 +105,10 @@ public class SparqlQueryServlet extends BaseEditController { protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseAdvancedDataToolsPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); Model model = vreq.getJenaOntModel(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java index 7481f20eb..cd6256e4b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PortalRetryController.java @@ -23,7 +23,7 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.forwarder.PageForwarder; import edu.cornell.mannlib.vedit.listener.ChangeListener; import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; @@ -33,13 +33,16 @@ import edu.cornell.mannlib.vitro.webapp.dao.TabDao; import edu.cornell.mannlib.vitro.webapp.filters.PortalPickerFilter; import edu.cornell.mannlib.vitro.webapp.utils.ThemeUtils; -@RequiresAuthorizationFor(UsePortalEditorPages.class) public class PortalRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(PortalRetryController.class.getName()); @Override public void doPost (HttpServletRequest req, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(req, response, new Actions(new UsePortalEditorPages()))) { + return; + } + VitroRequest request = new VitroRequest(req); //create an EditProcessObject for this and put it in the session diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java index dbf4f9530..5776633e5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java @@ -22,7 +22,7 @@ import edu.cornell.mannlib.vedit.beans.EditProcessObject; import edu.cornell.mannlib.vedit.beans.FormObject; import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -39,7 +39,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; import edu.cornell.mannlib.vitro.webapp.dao.VClassGroupDao; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; -@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabEditController extends BaseEditController { private static final Log log = LogFactory.getLog(TabEditController.class.getName()); @@ -47,6 +46,10 @@ public class TabEditController extends BaseEditController { @Override public void doPost (HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseTabEditorPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); Portal portal = vreq.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java index 27fcb0473..d24e36f39 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java @@ -9,13 +9,12 @@ import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.beans.EditProcessObject; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Tab; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; -@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabHierarchyOperationController extends BaseEditController { @Override @@ -25,6 +24,9 @@ public class TabHierarchyOperationController extends BaseEditController { @Override public void doPost(HttpServletRequest req, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(req, response, new Actions(new UseTabEditorPages()))) { + return; + } VitroRequest request = new VitroRequest(req); String defaultLandingPage = getDefaultLandingPage(request); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java index c54b73059..4b7031329 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java @@ -21,7 +21,7 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.forwarder.PageForwarder; import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Tab; @@ -29,7 +29,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; -@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabRetryController extends BaseEditController { static final int[] tabtypeIds = {0,18,20,22,24,26,28}; @@ -40,6 +39,10 @@ public class TabRetryController extends BaseEditController { @Override public void doPost (HttpServletRequest req, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(req, response, new Actions(new UseTabEditorPages()))) { + return; + } + VitroRequest request = new VitroRequest(req); //create an EditProcessObject for this and put it in the session diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java index 5c0566b9b..c8744a16f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java @@ -18,7 +18,7 @@ import edu.cornell.mannlib.vedit.beans.FormObject; import edu.cornell.mannlib.vedit.beans.Option; import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.util.FormUtils; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Tab; @@ -26,13 +26,16 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; -@RequiresAuthorizationFor(UseTabEditorPages.class) public class Tabs2TabsRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(Tabs2TabsRetryController.class.getName()); @Override public void doPost (HttpServletRequest req, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(req, response, new Actions(new UseTabEditorPages()))) { + return; + } + VitroRequest request = new VitroRequest(req); Portal portal = request.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserEditController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserEditController.java index bec79d310..b5195c9fa 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserEditController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserEditController.java @@ -13,9 +13,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; @@ -29,7 +28,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.UserDao; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; -@RequiresAuthorizationFor(UseEditUserAccountsPages.class) public class UserEditController extends BaseEditController { private String[] roleNameStr = new String[51]; @@ -44,6 +42,10 @@ public class UserEditController extends BaseEditController { @Override public void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseEditUserAccountsPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); Portal portal = vreq.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java index 4f5217d20..d0d210537 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/UserRetryController.java @@ -27,8 +27,8 @@ import edu.cornell.mannlib.vedit.listener.ChangeListener; import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vedit.validator.ValidationObject; import edu.cornell.mannlib.vedit.validator.Validator; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; import edu.cornell.mannlib.vitro.webapp.auth.policy.setup.SelfEditingPolicySetup; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.User; @@ -36,7 +36,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.UserDao; -@RequiresAuthorizationFor(UseEditUserAccountsPages.class) public class UserRetryController extends BaseEditController { private static final String ROLE_PROTOCOL = "role:/"; // this is weird; need to revisit @@ -44,6 +43,9 @@ public class UserRetryController extends BaseEditController { @Override public void doPost (HttpServletRequest req, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(req, response, new Actions(new UseEditUserAccountsPages()))) { + return; + } VitroRequest request = new VitroRequest(req); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllClassGroupsListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllClassGroupsListingController.java index ae246712b..24632917b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllClassGroupsListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllClassGroupsListingController.java @@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.VClass; @@ -23,13 +23,16 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.VClassGroupDao; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class AllClassGroupsListingController extends BaseEditController { private static final long serialVersionUID = 1L; @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); Portal portal = vreq.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ClassHierarchyListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ClassHierarchyListingController.java index 2ea6fa15b..7d58f1629 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ClassHierarchyListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ClassHierarchyListingController.java @@ -23,7 +23,7 @@ import com.hp.hpl.jena.vocabulary.RDFS; import edu.cornell.mannlib.vedit.beans.ButtonForm; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Ontology; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -38,7 +38,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.VitroModelProperties; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; import edu.cornell.mannlib.vitro.webapp.dao.jena.WebappDaoFactoryJena; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class ClassHierarchyListingController extends BaseEditController { private static final Log log = LogFactory.getLog(ClassHierarchyListingController.class.getName()); @@ -50,6 +49,10 @@ public class ClassHierarchyListingController extends BaseEditController { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/DataPropertyHierarchyListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/DataPropertyHierarchyListingController.java index e2e590378..d0470395a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/DataPropertyHierarchyListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/DataPropertyHierarchyListingController.java @@ -21,7 +21,7 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.ButtonForm; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.Datatype; @@ -35,7 +35,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.DatatypeDao; import edu.cornell.mannlib.vitro.webapp.dao.PropertyGroupDao; import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class DataPropertyHierarchyListingController extends BaseEditController { private static final Log log = LogFactory.getLog(DataPropertyHierarchyListingController.class.getName()); @@ -50,6 +49,10 @@ public class DataPropertyHierarchyListingController extends BaseEditController { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); try { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ObjectPropertyHierarchyListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ObjectPropertyHierarchyListingController.java index badcc6498..b19fb8a02 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ObjectPropertyHierarchyListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/ObjectPropertyHierarchyListingController.java @@ -22,7 +22,7 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.ButtonForm; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -34,7 +34,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDao; import edu.cornell.mannlib.vitro.webapp.dao.PropertyGroupDao; import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class ObjectPropertyHierarchyListingController extends BaseEditController { private static final Log log = LogFactory.getLog(ObjectPropertyHierarchyListingController.class.getName()); @@ -48,6 +47,10 @@ public class ObjectPropertyHierarchyListingController extends BaseEditController @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); try { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/OntologiesListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/OntologiesListingController.java index e0c0055e9..cf746c81a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/OntologiesListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/OntologiesListingController.java @@ -11,7 +11,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Ontology; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -19,11 +19,14 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.OntologyDao; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class OntologiesListingController extends BaseEditController { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PropertyGroupsListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PropertyGroupsListingController.java index 1408543b2..a856be43f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PropertyGroupsListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PropertyGroupsListingController.java @@ -14,7 +14,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; @@ -25,11 +25,14 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.PropertyGroupDao; -@RequiresAuthorizationFor(UseOntologyEditorPages.class) public class PropertyGroupsListingController extends BaseEditController { @Override public void doGet(HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseOntologyEditorPages()))) { + return; + } + VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java index 47fa100ff..5313c0acf 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaExportController.java @@ -19,8 +19,7 @@ import com.hp.hpl.jena.rdf.model.ModelFactory; import com.hp.hpl.jena.shared.Lock; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor.Or; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; @@ -29,11 +28,16 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.JenaModelUtils; import edu.cornell.mannlib.vitro.webapp.dao.jena.ModelContext; import edu.cornell.mannlib.vitro.webapp.servlet.setup.JenaDataSourceSetupBase; -@RequiresAuthorizationFor(or={@Or(UseAdvancedDataToolsPages.class), @Or(UseOntologyEditorPages.class)}) public class JenaExportController extends BaseEditController { + private static final Actions REQUIRED_ACTIONS = new Actions( + new UseAdvancedDataToolsPages()).or(new UseOntologyEditorPages()); @Override public void doGet( HttpServletRequest request, HttpServletResponse response ) { + if (!isAuthorizedToDisplayPage(request, response, REQUIRED_ACTIONS)) { + return; + } + VitroRequest vreq = new VitroRequest(request); if ( vreq.getRequestURL().indexOf("/download/") > -1 ) { diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaIngestController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaIngestController.java index 03d6d090d..7d69508ec 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaIngestController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/JenaIngestController.java @@ -61,7 +61,7 @@ import com.hp.hpl.jena.util.ResourceUtils; import com.hp.hpl.jena.util.iterator.ClosableIterator; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.beans.Ontology; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -80,7 +80,6 @@ import edu.cornell.mannlib.vitro.webapp.utils.jena.JenaIngestUtils; import edu.cornell.mannlib.vitro.webapp.utils.jena.JenaIngestWorkflowProcessor; import edu.cornell.mannlib.vitro.webapp.utils.jena.WorkflowOntology; -@RequiresAuthorizationFor(UseAdvancedDataToolsPages.class) public class JenaIngestController extends BaseEditController { private static final Log log = LogFactory.getLog(JenaIngestController.class); @@ -113,6 +112,10 @@ public class JenaIngestController extends BaseEditController { @Override public void doGet (HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseAdvancedDataToolsPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); ModelMaker maker = getVitroJenaModelMaker(vreq); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/RDFUploadFormController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/RDFUploadFormController.java index f3c17501f..e9e0b2458 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/RDFUploadFormController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/jena/RDFUploadFormController.java @@ -10,19 +10,22 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.controller.BaseEditController; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; -@RequiresAuthorizationFor(UseAdvancedDataToolsPages.class) public class RDFUploadFormController extends BaseEditController { private static final Log log = LogFactory.getLog(RDFUploadFormController.class.getName()); @Override public void doPost (HttpServletRequest request, HttpServletResponse response) { + if (!isAuthorizedToDisplayPage(request, response, new Actions(new UseAdvancedDataToolsPages()))) { + return; + } + VitroRequest vreq = new VitroRequest(request); Portal portal = vreq.getPortal();