NIHVIVO-1430 Fix the Login redirector and associated classes to recognize 2 types of association: by SelfEditingConfig and by MayEditAs

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/Authenticator.java

@@ -67,15 +67,10 @@ public abstract class Authenticator {
 	public abstract User getUserByUsername(String username);
 
 	/**
-	 * Get the URI of the individual associated with this user, or null if no
+	 * Get the URIs of all individuals associated with this user, whether by a
-	 * such Individual exists.
+	 * self-editing property like cornellEmailNetid, or by mayEditAs.
 	 */
-	public abstract String getAssociatedIndividualUri(String username);
+	public abstract List<String> getAssociatedIndividualUris(String username);
-
-	/**
-	 * Get a list of URIs of the people that this user is allowed to edit.
-	 */
-	public abstract List<String> asWhomMayThisUserEdit(String username);
 
 	/**
 	 * Record a new password for the user.

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java

@@ -2,6 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Date;
 import java.util.List;
@@ -20,7 +21,6 @@ import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole;
 import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
 import edu.cornell.mannlib.vitro.webapp.beans.User;
-import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate;
 import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
 import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
@@ -50,7 +50,7 @@ public class BasicAuthenticator extends Authenticator {
 
 	@Override
 	public User getUserByUsername(String username) {
-		UserDao userDao = getUserDao(request);
+		UserDao userDao = getUserDao();
 		if (userDao == null) {
 			return null;
 		}
@@ -59,7 +59,7 @@ public class BasicAuthenticator extends Authenticator {
 
 	@Override
 	public boolean isCurrentPassword(String username, String clearTextPassword) {
-		User user = getUserDao(request).getUserByUsername(username);
+		User user = getUserDao().getUserByUsername(username);
 		if (user == null) {
 			log.trace("Checking password '" + clearTextPassword
 					+ "' for user '" + username + "', but user doesn't exist.");
@@ -81,7 +81,7 @@ public class BasicAuthenticator extends Authenticator {
 		}
 		user.setOldPassword(user.getMd5password());
 		user.setMd5password(Authenticate.applyMd5Encoding(newClearTextPassword));
-		getUserDao(request).updateUser(user);
+		getUserDao().updateUser(user);
 	}
 
 	@Override
@@ -133,7 +133,7 @@ public class BasicAuthenticator extends Authenticator {
 		if (user.getFirstTime() == null) { // first login
 			user.setFirstTime(new Date());
 		}
-		getUserDao(request).updateUser(user);
+		getUserDao().updateUser(user);
 	}
 
 	/**
@@ -200,20 +200,38 @@ public class BasicAuthenticator extends Authenticator {
 	}
 
 	@Override
-	public String getAssociatedIndividualUri(String username) {
+	public List<String> getAssociatedIndividualUris(String username) {
-		IndividualDao iDao = new VitroRequest(request).getWebappDaoFactory()
+		List<String> uris = new ArrayList<String>();
-				.getIndividualDao();
+		uris.addAll(getUrisAssociatedBySelfEditorConfig(username));
-		return SelfEditingConfiguration.getBean(request)
+		uris.addAll(getUrisAssociatedByMayEditAs(username));
-				.getIndividualUriFromUsername(iDao, username);
+		return uris;
 	}
 
-	@Override
+	private List<String> getUrisAssociatedBySelfEditorConfig(String username) {
-	public List<String> asWhomMayThisUserEdit(String username) {
 		if (username == null) {
 			return Collections.emptyList();
 		}
 
-		UserDao userDao = getUserDao(request);
+		IndividualDao iDao = getIndividualDao();
+		if (iDao == null) {
+			return Collections.emptyList();
+		}
+		
+		String selfEditorUri = SelfEditingConfiguration.getBean(request)
+				.getIndividualUriFromUsername(iDao, username);
+		if (selfEditorUri == null) {
+			return Collections.emptyList();
+		} else {
+			return Collections.singletonList(selfEditorUri);
+		}
+	}
+
+	private List<String> getUrisAssociatedByMayEditAs(String username) {
+		if (username == null) {
+			return Collections.emptyList();
+		}
+
+		UserDao userDao = getUserDao();
 		if (userDao == null) {
 			return Collections.emptyList();
 		}
@@ -244,7 +262,7 @@ public class BasicAuthenticator extends Authenticator {
 			return;
 		}
 
-		UserDao userDao = getUserDao(request);
+		UserDao userDao = getUserDao();
 		if (userDao == null) {
 			return;
 		}
@@ -261,19 +279,11 @@ public class BasicAuthenticator extends Authenticator {
 	}
 
 	/**
-	 * Get a reference to the {@link UserDao}, or <code>null</code>.
+	 * Get a reference to the UserDao, or null.
 	 */
-	private UserDao getUserDao(HttpServletRequest request) {
+	private UserDao getUserDao() {
-		HttpSession session = request.getSession(false);
+		WebappDaoFactory wadf = getWebappDaoFactory();
-		if (session == null) {
-			return null;
-		}
-
-		ServletContext servletContext = session.getServletContext();
-		WebappDaoFactory wadf = (WebappDaoFactory) servletContext
-				.getAttribute("webappDaoFactory");
 		if (wadf == null) {
-			log.error("getUserDao: no WebappDaoFactory");
 			return null;
 		}
 
@@ -285,6 +295,43 @@ public class BasicAuthenticator extends Authenticator {
 		return userDao;
 	}
 
+	/**
+	 * Get a reference to the IndividualDao, or null.
+	 */
+	private IndividualDao getIndividualDao() {
+		WebappDaoFactory wadf = getWebappDaoFactory();
+		if (wadf == null) {
+			return null;
+		}
+		
+		IndividualDao individualDao = wadf.getIndividualDao();
+		if (individualDao == null) {
+			log.error("getIndividualDao: no IndividualDao");
+		}
+		
+		return individualDao;
+	}
+	
+	/**
+	 * Get a reference to the WebappDaoFactory, or null.
+	 */
+	private WebappDaoFactory getWebappDaoFactory() {
+		HttpSession session = request.getSession(false);
+		if (session == null) {
+			return null;
+		}
+
+		ServletContext servletContext = session.getServletContext();
+		WebappDaoFactory wadf = (WebappDaoFactory) servletContext
+				.getAttribute("webappDaoFactory");
+		if (wadf == null) {
+			log.error("no WebappDaoFactory");
+			return null;
+		}
+
+		return wadf;
+	}
+
 	/**
 	 * Parse the role URI from User. Don't crash if it is not valid.
 	 */

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginExternalAuthReturn.java

@@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 import static edu.cornell.mannlib.vitro.webapp.controller.authenticate.LoginExternalAuthSetup.ATTRIBUTE_REFERRER;
 
 import java.io.IOException;
+import java.util.List;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -42,7 +43,8 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
 			throws ServletException, IOException {
 		String username = ExternalAuthHelper.getHelper(req)
 				.getExternalUsername(req);
-		String uri = getAuthenticator(req).getAssociatedIndividualUri(username);
+		List<String> associatedUris = getAuthenticator(req)
+				.getAssociatedIndividualUris(username);
 
 		if (username == null) {
 			log.debug("No username.");
@@ -54,8 +56,11 @@ public class LoginExternalAuthReturn extends BaseLoginServlet {
 					AuthenticationSource.EXTERNAL);
 			removeLoginProcessArtifacts(req);
 			new LoginRedirector(req, resp).redirectLoggedInUser();
-		} else if (uri != null) {
+		} else if (!associatedUris.isEmpty()) {
-			log.debug("Recognize '" + username + "' as self-editor for " + uri);
+			log.debug("Recognize '" + username + "' as self-editor for "
+					+ associatedUris);
+			String uri = associatedUris.get(0);
+
 			getAuthenticator(req).recordLoginWithoutUserAccount(username, uri,
 					AuthenticationSource.EXTERNAL);
 			removeLoginProcessArtifacts(req);

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/LoginRedirector.java

@@ -5,6 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -60,11 +61,19 @@ public class LoginRedirector {
 			return null;
 		}
 
-		String uri = Authenticator.getInstance(request)
+		List<String> uris = Authenticator.getInstance(request)
-				.getAssociatedIndividualUri(username);
+				.getAssociatedIndividualUris(username);
-		log.debug("URI of associated individual is " + uri);
+		if (uris.isEmpty()) {
+			log.debug("'" + username
+					+ "' is not associated with an individual.");
+			return null;
+		} else {
+			String uri = uris.get(0);
+			log.debug("'" + username + "' is associated with an individual: "
+					+ uri);
 			return uri;
 		}
+	}
 
 	public void redirectLoggedInUser() throws IOException {
 		if (isForcedFromRestrictedPage()) {

webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java

@@ -4,7 +4,6 @@ package edu.cornell.mannlib.vitro.webapp.controller.authenticate;
 
 import java.lang.reflect.Field;
 import java.util.ArrayList;
-import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -119,8 +118,18 @@ public class AuthenticatorStub extends Authenticator {
 	}
 
 	@Override
-	public String getAssociatedIndividualUri(String username) {
+	public List<String> getAssociatedIndividualUris(String username) {
-		return associatedUris.get(username);
+		List<String> uris = new ArrayList<String>();
+
+		if (associatedUris.containsKey(username)) {
+			uris.add(associatedUris.get(username));
+		}
+
+		if (editingPermissions.containsKey(username)) {
+			uris.addAll(editingPermissions.get(username));
+		}
+
+		return uris;
 	}
 
 	@Override
@@ -138,15 +147,6 @@ public class AuthenticatorStub extends Authenticator {
 		newPasswords.put(username, newClearTextPassword);
 	}
 
-	@Override
-	public List<String> asWhomMayThisUserEdit(String username) {
-		if (editingPermissions.containsKey(username)) {
-			return editingPermissions.get(username);
-		} else {
-			return Collections.emptyList();
-		}
-	}
-
 	@Override
 	public void recordLoginAgainstUserAccount(String username,
 			AuthenticationSource authSource) {