litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

VIVO-1929: patch authorizing create individual form (#206)

Browse source 
* patch authorizing create individual form

Resolves: https://jira.lyrasis.org/browse/VIVO-1929
This commit is contained in:
William Welling 2021-02-02 14:10:40 -06:00 committed by Georgy Litvinov
parent 4fdbb71fee
commit 2e0b3f0f05
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/VTwo/EditConfigurationUtils.java
View file

@ -61,6 +61,10 @@ public class EditConfigurationUtils {
return vreq.getParameter("rangeUri");
}
public static String getTypeOfNew(VitroRequest vreq) {
return vreq.getParameter("typeOfNew");
}
public static VClass getRangeVClass(VitroRequest vreq) {
// This needs a WebappDaoFactory with no filtering/RDFService
// funny business because it needs to be able to retrieve anonymous union

11
api/src/main/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
View file

@ -11,6 +11,7 @@ import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.jena.ontology.OntModel;
@ -68,9 +69,13 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
final String RDFS_LABEL_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.RDFSLabelGenerator";
final String DEFAULT_DELETE_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.DefaultDeleteGenerator";
@Override
protected AuthorizationRequest requiredActions(VitroRequest vreq) {
//Check if this statement can be edited here and return unauthorized if not
@Override
protected AuthorizationRequest requiredActions(VitroRequest vreq) {
// If request is for new individual, return simple do back end editing action permission
if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
return SimplePermission.DO_BACK_END_EDITING.ACTION;
}
// Check if this statement can be edited here and return unauthorized if not
String subjectUri = EditConfigurationUtils.getSubjectUri(vreq);
String predicateUri = EditConfigurationUtils.getPredicateUri(vreq);
String objectUri = EditConfigurationUtils.getObjectUri(vreq);