NIHVIVO-2492 convert JSPs from <vitro:requiresAuthorizationFor> and <vitro:confirmLoginStatus> to <vitro:confirmAuthorization>

This commit is contained in:
j2blake 2011-04-27 20:20:25 +00:00
parent 3d70274c78
commit 5610249bbc
50 changed files with 349 additions and 408 deletions

View file

@ -16,47 +16,15 @@
-->
<tag>
<name>confirmLoginStatus</name>
<display-name>Confirm that the user is logged in as required</display-name>
<description>
Check to see that the user is logged in (optionally at a certain minimum level).
If not, then redirect them to the login page, with the current request stored as
a post-login destination.
If "level" is specified, then the user must be logged in at least at that level
in order to avoid being redirected. "level" may be a String like "DBA" or "EDITOR",
or it may be an integer like 50 or 4.
If "bean" is specified, it is taken as the name of a request attribute where the
LoginStatusBean will be stored.
</description>
<tag-class>edu.cornell.mannlib.vitro.webapp.web.jsptags.ConfirmLoginStatus</tag-class>
<body-content>empty</body-content>
<attribute>
<name>level</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>allowSelfEditing</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
<attribute>
<name>bean</name>
<required>false</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
<tag>
<name>requiresAuthorizationFor</name>
<name>confirmAuthorization</name>
<display-name>Confirm that the user is authorized for the actions that this page requires.</display-name>
<description>
Confirm that the user is authorized to perform all of the RequestedActions that
this page requires. A check is done for each such action, to see whether the
current policy will authorize that action for the current user. If any of the
actions is not authorized, the user will be redirected to the appropriate page.
this page requires. If any of the actions is not authorized, the user will be
redirected to the appropriate page.
The actions must be found in the "requestedActions" attribute of the request.
The attribute may be a RequestedAction or an array of RequestedActions.
If the user is not authorized because he is not logged in, he will be directed
to the login page, with the current request stored as a post-login destination.
@ -64,18 +32,9 @@
If the user is logged in but without sufficient authorization, he will be
directed to the home page, which will display an "insufficient authorization"
message.
The requested actions are specified as a comma delimited list of class names.
These must be RequestedAction classes, each with a no-argument public
constructor.
</description>
<tag-class>edu.cornell.mannlib.vitro.webapp.web.jsptags.RequiresAuthorizationFor</tag-class>
<tag-class>edu.cornell.mannlib.vitro.webapp.web.jsptags.ConfirmAuthorization</tag-class>
<body-content>empty</body-content>
<attribute>
<name>classNames</name>
<required>true</required>
<rtexprvalue>true</rtexprvalue>
</attribute>
</tag>
</taglib>