NIHVIVO-2492 restrict IndexController by requested actions. Remove the page-restriction code from FreemarkerHttpServlet, letting VitroHttpServlet handle it.
This commit is contained in:
j2blake
parent
38601a6cb0
commit
4077d66d1b
2 changed files with 4 additions and 36 deletions
|
|
@ -18,7 +18,6 @@ import org.apache.commons.lang.StringUtils;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
|
||||
|
|
@ -85,15 +84,7 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
|
|||
Configuration config = getConfig(vreq);
|
||||
vreq.setAttribute("freemarkerConfig", config);
|
||||
|
||||
ResponseValues responseValues;
|
||||
|
||||
// This method does a redirect if the required login level is not met, so just return.
|
||||
if (requiredLoginLevelNotFound(request, response)) {
|
||||
return;
|
||||
} else {
|
||||
responseValues = processRequest(vreq);
|
||||
}
|
||||
|
||||
ResponseValues responseValues = processRequest(vreq);
|
||||
doResponse(vreq, response, responseValues);
|
||||
|
||||
} catch (TemplateProcessingException e) {
|
||||
|
|
@ -114,24 +105,6 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
|
|||
return loader.getConfig(vreq);
|
||||
}
|
||||
|
||||
private boolean requiredLoginLevelNotFound(HttpServletRequest request, HttpServletResponse response) {
|
||||
int requiredLoginLevel = requiredLoginLevel();
|
||||
// checkLoginStatus() does a redirect if the user is not logged in.
|
||||
if (requiredLoginLevel > LoginStatusBean.ANYBODY && !checkLoginStatus(request, response, requiredLoginLevel)) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
protected int requiredLoginLevel() {
|
||||
// By default, user does not need to be logged in to view pages.
|
||||
// Subclasses that require login to process their page will override to return the required login level.
|
||||
// NB This method can't be static, because then the superclass method gets called rather than
|
||||
// the subclass method. For the same reason, it can't refer to a static or instance field
|
||||
// REQUIRES_LOGIN_LEVEL which is overridden in the subclass.
|
||||
return LoginStatusBean.ANYBODY;
|
||||
}
|
||||
|
||||
// Subclasses will override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@ import java.util.Map;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ExceptionResponseValues;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
|
||||
import edu.cornell.mannlib.vitro.webapp.search.IndexingException;
|
||||
import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
|
||||
|
||||
/**
|
||||
|
|
@ -29,6 +29,7 @@ import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
|
|||
*
|
||||
* @author bdc34
|
||||
*/
|
||||
@RequiresAuthorizationFor(UseMiscellaneousAdminPages.class)
|
||||
public class IndexController extends FreemarkerHttpServlet {
|
||||
|
||||
private static final Log log = LogFactory.getLog(IndexController.class);
|
||||
|
|
@ -38,12 +39,6 @@ public class IndexController extends FreemarkerHttpServlet {
|
|||
return "Full Search Index Rebuild";
|
||||
}
|
||||
|
||||
@Override
|
||||
protected int requiredLoginLevel() {
|
||||
// User must be logged in to view this page.
|
||||
return LoginStatusBean.DBA;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue