NIHVIVO-3706 Create a separate permission "UseSparqlQueryPage" to control the SPARQL query page. Installers may modify permission_config.n3 to make the SPARQL query page publicly accessible.

2012-03-22 17:40:21 +00:00 · 2012-03-22 17:40:21 +00:00 · 3a6a3b985a
commit 3a6a3b985a
parent 84a9b22d99
6 changed files with 23 additions and 8 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/permissions/SimplePermission.java
@ -84,6 +84,8 @@ public class SimplePermission extends Permission {
 			"UseMiscellaneousEditorPages");
 	public static final SimplePermission USE_MISCELLANEOUS_PAGES = new SimplePermission(
 			"UseMiscellaneousPages");
+	public static final SimplePermission USE_SPARQL_QUERY_PAGE = new SimplePermission(
+			"UseSparqlQueryPage");

 	public static List<SimplePermission> getAllInstances() {
 		return new ArrayList<SimplePermission>(allInstances.values());
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
@ -101,7 +101,7 @@ public class SparqlQueryServlet extends BaseEditController {
    throws ServletException, IOException
    {    	    	   	
 		if (!isAuthorizedToDisplayPage(request, response,
-				SimplePermission.USE_ADVANCED_DATA_TOOLS_PAGES.ACTIONS)) {
+				SimplePermission.USE_SPARQL_QUERY_PAGE.ACTIONS)) {
    		return;
    	}

--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BaseSiteAdminController.java
@ -198,9 +198,11 @@ public class BaseSiteAdminController extends FreemarkerHttpServlet {
            urls.put("ingest", UrlBuilder.getUrl("/ingest"));
            urls.put("rdfData", UrlBuilder.getUrl("/uploadRDFForm"));
            urls.put("rdfExport", UrlBuilder.getUrl("/export"));
-            urls.put("sparqlQuery", UrlBuilder.getUrl("/admin/sparqlquery"));
            urls.put("sparqlQueryBuilder", UrlBuilder.getUrl("/admin/sparqlquerybuilder"));
        }
+        if (PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.USE_SPARQL_QUERY_PAGE.ACTIONS)) {            
+        	urls.put("sparqlQuery", UrlBuilder.getUrl("/admin/sparqlquery"));
+        }
        
        return urls;
    }
--- a/webapp/web/WEB-INF/resources/permission_config.n3
+++ b/webapp/web/WEB-INF/resources/permission_config.n3
@ -22,6 +22,7 @@ auth:ADMIN
    auth:hasPermission simplePermission:SeeStartupStatus ;
    auth:hasPermission simplePermission:UseAdvancedDataToolsPages ;
    auth:hasPermission simplePermission:UseMiscellaneousAdminPages ;
+    auth:hasPermission simplePermission:UseSparqlQueryPage ;
    
    # permissions for CURATOR and above.
    auth:hasPermission simplePermission:EditOntology ;
--- a/webapp/web/admin/sparqlquery/sparqlForm.jsp
+++ b/webapp/web/admin/sparqlquery/sparqlForm.jsp
@ -7,7 +7,7 @@

 <%@taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
 <%@page import="edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission" %>
-<% request.setAttribute("requestedActions", SimplePermission.MANAGE_PORTALS.ACTION); %>
+<% request.setAttribute("requestedActions", SimplePermission.USE_SPARQL_QUERY_PAGE.ACTION); %>
 <vitro:confirmAuthorization />

 <body>
--- a/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-advancedDataTools.ftl
+++ b/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-advancedDataTools.ftl
@ -7,11 +7,21 @@
        <h3>Advanced Data Tools</h3>
        
        <ul role="navigation">
-            <li role="listitem"><a href="${dataTools.rdfData}" title="Add/Remove RDF data">Add/Remove RDF data</a></li>
-            <li role="listitem"><a href="${dataTools.ingest}" title="Ingest tools">Ingest tools</a></li>
-            <li role="listitem"><a href="${dataTools.rdfExport}" title="RDF export">RDF export</a></li>
-            <li role="listitem"><a href="${dataTools.sparqlQuery}" title="SPARQL query">SPARQL query</a></li>
-            <li role="listitem"><a href="${dataTools.sparqlQueryBuilder}" title="SPARQL query builder">SPARQL query builder</a></li>
+            <#if dataTools.rdfData?has_content>
+                <li role="listitem"><a href="${dataTools.rdfData}" title="Add/Remove RDF data">Add/Remove RDF data</a></li>
+            </#if>     
+            <#if dataTools.ingest?has_content>
+                <li role="listitem"><a href="${dataTools.ingest}" title="Ingest tools">Ingest tools</a></li>
+            </#if>     
+            <#if dataTools.rdfExport?has_content>
+                <li role="listitem"><a href="${dataTools.rdfExport}" title="RDF export">RDF export</a></li>
+            </#if>     
+            <#if dataTools.sparqlQuery?has_content>
+                <li role="listitem"><a href="${dataTools.sparqlQuery}" title="SPARQL query">SPARQL query</a></li>
+            </#if>     
+            <#if dataTools.sparqlQueryBuilder?has_content>
+                <li role="listitem"><a href="${dataTools.sparqlQueryBuilder}" title="SPARQL query builder">SPARQL query builder</a></li>
+            </#if>     
        </ul>
    </section>
 </#if>