From 4077d66d1bedcb63ff262c51948b3b5b39e7f67f Mon Sep 17 00:00:00 2001
From: j2blake <j2blake@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Thu, 21 Apr 2011 16:19:54 +0000
Subject: [PATCH] NIHVIVO-2492 restrict IndexController by requested actions.
 Remove the page-restriction code from FreemarkerHttpServlet, letting
 VitroHttpServlet handle it.

---
 .../freemarker/FreemarkerHttpServlet.java     | 29 +------------------
 .../search/controller/IndexController.java    | 11 ++-----
 2 files changed, 4 insertions(+), 36 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
index fd64e4104..dd77f61cc 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
@@ -18,7 +18,6 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
 import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
 import edu.cornell.mannlib.vitro.webapp.beans.Portal;
@@ -85,15 +84,7 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
 	        Configuration config = getConfig(vreq);
 	        vreq.setAttribute("freemarkerConfig", config);
 	        
-	        ResponseValues responseValues;
-	        
-	        // This method does a redirect if the required login level is not met, so just return.
-	        if (requiredLoginLevelNotFound(request, response)) {
-	            return; 
-	        } else {
-	            responseValues = processRequest(vreq);
-	        }
-
+	        ResponseValues responseValues = processRequest(vreq);
 	        doResponse(vreq, response, responseValues);	 
 	        
     	} catch (TemplateProcessingException e) {
@@ -114,24 +105,6 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         return loader.getConfig(vreq);
     }
 
-    private boolean requiredLoginLevelNotFound(HttpServletRequest request, HttpServletResponse response) {
-        int requiredLoginLevel = requiredLoginLevel();
-        // checkLoginStatus() does a redirect if the user is not logged in.
-        if (requiredLoginLevel > LoginStatusBean.ANYBODY && !checkLoginStatus(request, response, requiredLoginLevel)) {
-            return true;
-        }
-        return false;
-    }
-    
-    protected int requiredLoginLevel() {
-        // By default, user does not need to be logged in to view pages.
-        // Subclasses that require login to process their page will override to return the required login level.
-        // NB This method can't be static, because then the superclass method gets called rather than
-        // the subclass method. For the same reason, it can't refer to a static or instance field
-        // REQUIRES_LOGIN_LEVEL which is overridden in the subclass.
-        return LoginStatusBean.ANYBODY;
-    }
-    
     // Subclasses will override
     protected ResponseValues processRequest(VitroRequest vreq) {
         return null;
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
index 27c086dff..0638e40c4 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java
@@ -8,13 +8,13 @@ import java.util.Map;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ExceptionResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
-import edu.cornell.mannlib.vitro.webapp.search.IndexingException;
 import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
 
 /**
@@ -29,6 +29,7 @@ import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
  *
  * @author bdc34
  */
+@RequiresAuthorizationFor(UseMiscellaneousAdminPages.class)
 public class IndexController extends FreemarkerHttpServlet {
 	
 	private static final Log log = LogFactory.getLog(IndexController.class);
@@ -38,12 +39,6 @@ public class IndexController extends FreemarkerHttpServlet {
         return "Full Search Index Rebuild";
     }
     
-    @Override
-    protected int requiredLoginLevel() {
-        // User must be logged in to view this page.
-        return LoginStatusBean.DBA;
-    }
-    
     @Override
     protected ResponseValues processRequest(VitroRequest vreq) { 
         Map<String, Object> body = new HashMap<String, Object>();