diff --git a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java index 4b9c5bcdb..aef9c4e38 100644 --- a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java +++ b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java @@ -121,7 +121,7 @@ public class LoginStatusBean { return securityLevel > ANYBODY; } - public boolean isLoggedInAs(int level) { + public boolean isLoggedInExactly(int level) { return securityLevel == level; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java index 0c9764508..fc1102dd5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java @@ -15,14 +15,13 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import com.hp.hpl.jena.rdf.model.Model; -import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.beans.Portal; @@ -53,7 +52,7 @@ public class FreemarkerHttpServlet extends VitroHttpServlet { private static final long serialVersionUID = 1L; private static final Log log = LogFactory.getLog(FreemarkerHttpServlet.class); - private static final int FILTER_SECURITY_LEVEL = LoginFormBean.EDITOR; + private static final int FILTER_SECURITY_LEVEL = LoginStatusBean.EDITOR; protected enum Template { STANDARD_ERROR("error-standard.ftl"), @@ -476,24 +475,13 @@ public class FreemarkerHttpServlet extends VitroHttpServlet { } private final Map getLoginValues(VitroRequest vreq) { - - String loginName = null; - int securityLevel; - - HttpSession session = vreq.getSession(); - LoginFormBean loginBean = (LoginFormBean) session.getAttribute("loginHandler"); - if (loginBean != null && loginBean.testSessionLevel(vreq) > -1) { - loginName = loginBean.getLoginName(); - securityLevel = Integer.parseInt(loginBean.getLoginRole()); - } - Map map = new HashMap(); - if (loginName != null) { - map.put("loginName", loginName); + LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); + if (loginBean.isLoggedIn()) { + map.put("loginName", loginBean.getUsername()); - securityLevel = Integer.parseInt(loginBean.getLoginRole()); - if (securityLevel >= FILTER_SECURITY_LEVEL) { + if (loginBean.isLoggedInAtLeast(FILTER_SECURITY_LEVEL)) { ApplicationBean appBean = vreq.getAppBean(); if (appBean.isFlag1Active()) { map.put("showFlag1SearchField", true); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java index f00d66ebc..62734603d 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java @@ -8,28 +8,17 @@ import java.util.Map; import java.util.Map.Entry; import javax.servlet.RequestDispatcher; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.UnavailableException; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileItem; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.auth.AuthorizationHelper; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory; -import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RequestPolicyList; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt; @@ -602,7 +591,7 @@ public class ImageUploadController extends FreemarkerHttpServlet { */ private boolean checkAuthorized(VitroRequest vreq) throws UserMistakeException { - if (LoginFormBean.loggedIn(vreq, LoginFormBean.EDITOR)) { + if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.EDITOR)) { log.debug("Authorized because logged in as Editor"); return true; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualController.java index fd7470493..104d8c624 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualController.java @@ -32,7 +32,7 @@ import com.hp.hpl.jena.shared.Lock; import com.hp.hpl.jena.vocabulary.RDF; import com.hp.hpl.jena.vocabulary.RDFS; -import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.Individual; @@ -135,20 +135,6 @@ public class IndividualController extends FreemarkerHttpServlet { EditSubmission.clearAllEditSubmissionsInSession(session); } - private int getSecurityLevel(HttpSession session) { - String loginStatus = null; - int securityLevel = LoginFormBean.ANYBODY; - LoginFormBean loginHandler = (LoginFormBean)session.getAttribute("loginHandler"); - if (loginHandler != null) { - loginStatus = loginHandler.getLoginStatus(); - if ("authenticated".equals(loginStatus)) { - securityLevel = Integer.parseInt(loginHandler.getLoginRole()); - } - } - return securityLevel; - - } - // Set template values related to access privileges // RY We may want to define an EditingIndividualTemplateModel class, with methods like getAdminPanel() and // getEditLinks(property). The constructor would take an individual and a loginFormBean object, both of which @@ -158,13 +144,13 @@ public class IndividualController extends FreemarkerHttpServlet { // which might seem opaque to template authors. private Map getEditingData(VitroRequest vreq) { - int securityLevel = getSecurityLevel(vreq.getSession()); + LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); Map editingData = new HashMap(); - editingData.put("showEditLinks", VitroRequestPrep.isSelfEditing(vreq) || securityLevel >= LoginFormBean.NON_EDITOR); + editingData.put("showEditLinks", VitroRequestPrep.isSelfEditing(vreq) || loginBean.isLoggedInAtLeast(LoginStatusBean.NON_EDITOR)); - boolean showAdminPanel = securityLevel >= LoginFormBean.EDITOR; + boolean showAdminPanel = loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR); editingData.put("showAdminPanel", showAdminPanel); return editingData; @@ -204,8 +190,6 @@ public class IndividualController extends FreemarkerHttpServlet { IndividualDao iwDao = vreq.getWebappDaoFactory().getIndividualDao(); - int securityLevel = getSecurityLevel(vreq.getSession()); - individual.setKeywords(iwDao.getKeywordsForIndividualByMode(individual.getURI(),"visible")); individual.sortForDisplay(); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index 6fa29810b..96dda13d1 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -11,7 +11,7 @@ import java.util.Map; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -37,17 +37,12 @@ public class SiteAdminController extends FreemarkerHttpServlet { @Override protected ResponseValues processRequest(VitroRequest vreq) { - String loginStatus = null; - - LoginFormBean loginHandler = (LoginFormBean)vreq.getSession().getAttribute("loginHandler"); - if (loginHandler != null) { - loginStatus = loginHandler.getLoginStatus(); - } - + LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); + Map body = new HashMap(); // NOT LOGGED IN: just show login form - if (loginHandler == null || !"authenticated".equals(loginStatus)) { + if (!loginBean.isLoggedIn()) { // Unlike the other panels on this page, we put the data directly in the body, because the templates are also used // by the JSP version, where the data is placed directly in the body map. body.putAll(getLoginPanelData(vreq)); @@ -55,19 +50,17 @@ public class SiteAdminController extends FreemarkerHttpServlet { // LOGGED IN: show editing options based on user role } else { - int securityLevel = Integer.parseInt( loginHandler.getLoginRole() ); - - if (securityLevel >= LoginFormBean.EDITOR) { + if (loginBean.isLoggedInAtLeast(LoginStatusBean.EDITOR)) { UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal()); body.put("dataInput", getDataInputData(vreq)); - if (securityLevel >= LoginFormBean.CURATOR) { - body.put("siteConfig", getSiteConfigurationData(vreq, securityLevel, urlBuilder)); + if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) { + body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder)); body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder)); - if (securityLevel >= LoginFormBean.DBA) { + if (loginBean.isLoggedInAtLeast(LoginStatusBean.DBA)) { body.put("dataTools", getDataToolsData(vreq, urlBuilder)); // Only for DataStar. Should handle without needing a DataStar-specific version of this controller. @@ -126,14 +119,14 @@ public class SiteAdminController extends FreemarkerHttpServlet { return map; } - private Map getSiteConfigurationData(VitroRequest vreq, int securityLevel, UrlBuilder urlBuilder) { + private Map getSiteConfigurationData(VitroRequest vreq, UrlBuilder urlBuilder) { Map map = new HashMap(); Map urls = new HashMap(); urls.put("tabs", urlBuilder.getPortalUrl("/listTabs")); - if (securityLevel >= LoginFormBean.DBA) { + if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) { urls.put("users", urlBuilder.getPortalUrl("/listUsers")); }