litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change individual display so labels for moniker, blurb, citation, and description only appear if the user has edit permissions for those properties. NIHVIVO-275

Browse source
This commit is contained in:
bdc34 2010-04-02 23:13:09 +00:00
parent 4a3ef8d03d
commit 5da58324b8
4 changed files with 153 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

12
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
View file

@ -194,14 +194,14 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
if( uri == null || uri.length() == 0 ) if( uri == null || uri.length() == 0 )
return false; return false;
if( editableVitroUris.contains( uri ) )
return true;
if( prohibitedProperties.contains(uri)) { if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from self editing"); log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from self editing");
return false; return false;
} }
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri)); String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri); //Matcher match = ns.matcher(uri);
//if( match.matches() && match.groupCount() > 0){ //if( match.matches() && match.groupCount() > 0){
@ -276,7 +276,7 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
} }
//many predicates are prohibited by namespace but there are many ones that self editors need to work with //many predicates are prohibited by namespace but there are many ones that self editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) { if( prohibitedNs.contains(action.uriOfPredicate() ) ) {
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls"); log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls"); return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
} }
@ -338,11 +338,9 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
if( prohibitedNs.contains( action.getResourceUri() ) ) if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources"); return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources");
//many predicates are prohibited by namespace but there are many ones that self editors need to work with if( prohibitedProperties.contains( action.getDataPropUri() ) )
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls"); return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) ) if( !canModifyPredicate( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " + return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
"cannot modify " + action.getDataPropUri()); "cannot modify " + action.getDataPropUri());

57
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
View file

@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
@ -179,6 +180,62 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized()); Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
} }
@Test
public void testForbiddenMoniker(){
Set<String> badProps = new HashSet<String>();
badProps.add(VitroVocabulary.MONIKER);
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
RequestedAction whatToAuth = null;
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null);
PolicyDecision dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
//try where moniker is permitted
badProps = new HashSet<String>();
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.AUTHORIZED, dec.getAuthorized());
whatToAuth = new AddDataPropStmt(
UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
}
@Test @Test
public void testVisitIdentifierBundleAddObjectPropStmt() { public void testVisitIdentifierBundleAddObjectPropStmt() {
AddObjectPropStmt whatToAuth = new AddObjectPropStmt( AddObjectPropStmt whatToAuth = new AddObjectPropStmt(

118
webapp/web/templates/entity/entityBasic.jsp
View file

@ -119,10 +119,13 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
<%-- Moniker. Wrap in the div only if editing. If not editing, displays inline next to label. --%> <%-- Moniker. Wrap in the div only if editing. If not editing, displays inline next to label. --%>
<c:if test="${showEdits}"> <c:if test="${showEdits}">
<div id="dprop-vitro-moniker" class="propsItem ${editingClass}"> <c:set var="monikerEditLinks"><edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/></c:set>
<h3 class="propertyName">moniker</h3> <c:if test="${!empty monikerEditLinks }">
<edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/> <div id="dprop-vitro-moniker" class="propsItem ${editingClass}">
<h3 class="propertyName">moniker</h3>
</c:if>
</c:if> </c:if>
<c:if test="${!empty entity.moniker}"> <c:if test="${!empty entity.moniker}">
<div class="datatypeProperties"> <div class="datatypeProperties">
<div class="datatypePropertyValue" id="moniker"> <div class="datatypePropertyValue" id="moniker">
@ -136,17 +139,19 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
</div> </div>
</div> </div>
</c:if> </c:if>
<c:if test="${showEdits}"></div></c:if> <%-- end dprop-vitro-moniker --%>
<c:if test="${showEdits && !empty monikerEditLinks}"></div></c:if> <%-- end dprop-vitro-moniker --%>
</c:otherwise> </c:otherwise>
</c:choose> </c:choose>
</div> <!-- end labelAndMoniker --> </div> <!-- end labelAndMoniker -->
<%-- Links --%> <%-- Links --%>
<c:if test="${ showEdits || !empty entity.url || !empty entity.linksList }"> <c:if test="${ showEdits || !empty entity.url || !empty entity.linksList }">
<div id="dprop-vitro-links" class="propsItem ${editingClass}"> <div id="dprop-vitro-links" class="propsItem ${editingClass}">
<c:if test="${showEdits}"> <c:set var="canEditPrimaryLinks"><edLnk:editLinks item="<%= VitroVocabulary.PRIMARY_LINK %>" icons="false"/></c:set>
<c:set var="canEditAdditionalLinks"><edLnk:editLinks item="<%= VitroVocabulary.ADDITIONAL_LINK %>" icons="false"/></c:set>
<c:if test="${showEdits and !empty canEditPrimaryLinks and !empty canEditAdditionalLinks}">
<h3 class="propertyName">links</h3> <h3 class="propertyName">links</h3>
<c:choose> <c:choose>
<c:when test="${empty entity.url}"> <c:when test="${empty entity.url}">
@ -208,7 +213,8 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
<%-- Thumbnail (with citation) --%> <%-- Thumbnail (with citation) --%>
<c:if test="${showEdits || !empty entity.imageThumb}"> <c:if test="${showEdits || !empty entity.imageThumb}">
<div id="dprop-vitro-image" class="propsItem ${editingClass}"> <div id="dprop-vitro-image" class="propsItem ${editingClass}">
<c:if test="${showEdits}"> <c:set var="mayEditThumbnail"><edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" /></c:set>
<c:if test="${showEdits and !empty mayEditThumbnail}">
<h3 class="propertyName">image</h3> <h3 class="propertyName">image</h3>
<edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" /> <edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" />
</c:if> </c:if>
@ -242,55 +248,61 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
</div> </div>
</c:if> </c:if>
<p:process>
<%-- Blurb --%> <%-- Blurb --%>
<c:if test="${showEdits || !empty entity.blurb}"> <c:if test="${showEdits || !empty entity.blurb}">
<div id="dprop-vitro-blurb" class="propsItem ${editingClass}"> <div id="dprop-vitro-blurb" class="propsItem ${editingClass}">
<c:if test="${showEdits}"> <c:if test="${not empty entity.blurb }">
<h3 class="propertyName">blurb</h3> <c:set var="editLinksForExistingBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set>
<edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/> </c:if>
</c:if> <c:set var="editLinksForNewBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/></c:set>
<c:if test="${!empty entity.blurb}"> <c:if test="${showEdits || (( empty entity.blurb and not empty editLinksForNewBlurb)or( not empty entity.blurb and not empty editLinksForExistingBlurb)) }">
<div class="datatypeProperties"> <h3 class="propertyName">blurb</h3>
<div class="datatypePropertyValue"> ${editLinksForNewBlurb}
<div class="statementWrap"> </c:if>
<div class="description">${entity.blurb}</div> <c:if test="${!empty entity.blurb}">
<c:if test="${showEdits}"> <div class="datatypeProperties">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set> <div class="datatypePropertyValue">
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if> <div class="statementWrap">
</c:if> <div class="description"><p:process>${entity.blurb}</p:process></div>
</div> <c:if test="${showEdits && !empty editLinksForExistingBlurb}">
</div> <span class="editLinks">${editLinksForExistingBlurb}</span>
</div> </c:if>
</c:if> </div>
</div> </div>
</c:if> </div>
</c:if>
</div>
</c:if>
<%-- Description --%>
<c:if test="${ showEdits || !empty entity.description}">
<div id="dprop-vitro-description" class="propsItem ${editingClass}">
<c:if test="${not empty entity.description }">
<c:set var="editLinksForExisitngDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
</c:if>
<c:set var="editLinksForNewDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/></c:set>
<c:if test="${showEdits || ((empty entity.description and not empty editLinksForNewDesc)or(not empty entity.description and not empty editLinksForExisitngDesc))}">
<h3 class="propertyName">description</h3>
${editLinksForNewDesc}
</c:if>
<c:if test="${!empty entity.description}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description"><p:process>${entity.description}</p:process></div>
<c:if test="${showEdits && !empty editLinksForExisitngDesc}">
<span class="editLinks">${editLinksForExisitngDesc}</span>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
<%-- Description --%>
<c:if test="${showEdits || !empty entity.description}">
<div id="dprop-vitro-description" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<h3 class="propertyName">description</h3>
<edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/>
</c:if>
<c:if test="${!empty entity.description}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description">${entity.description}</div>
<c:if test="${showEdits}">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
</p:process>
<%-- Properties --%> <%-- Properties --%>
<c:import url="${entityMergedPropsListJsp}"> <c:import url="${entityMergedPropsListJsp}">

42
webapp/web/templates/entity/entityCitation.jsp
View file

@ -1,28 +1,30 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%> <%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@ page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary" %> <%@ page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary" %>
<%@ taglib uri="http://vitro.mannlib.cornell.edu/vitro/tags/PropertyEditLink" prefix="edLnk" %> <%@ taglib uri="http://vitro.mannlib.cornell.edu/vitro/tags/PropertyEditLink" prefix="edLnk" %>
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %> <%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
<c:if test="${showEdits || !empty entity.citation}"> <c:if test="${showEdits || !empty entity.citation}">
<div id="dprop-vitro-citation" class="propsItem ${editingClass}"> <div id="dprop-vitro-citation" class="propsItem ${editingClass}">
<c:if test="${showEdits}"> <c:if test="${not empty entity.citation }">
<h3 class="propertyName">citation</h3> <c:set var="editLinksForExisting"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set>
<edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/> </c:if>
</c:if> <c:set var="editLinksForNew"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/></c:set>
<c:if test="${!empty entity.citation}"> <c:if test="${showEdits or (( empty entity.citation and !empty editLinksForNew)or( ! empty entity.citation and !empty editLinksForExisting)) }">
<div class="datatypeProperties"> <h3 class="propertyName">citation</h3>
<div class="datatypePropertyValue"> ${editLinksForNew}
<div class="statementWrap"> </c:if>
${entity.citation} <c:if test="${!empty entity.citation}">
<c:if test="${showEdits}"> <div class="datatypeProperties">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set> <div class="datatypePropertyValue">
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if> <div class="statementWrap">
</c:if> <p:process>${entity.citation}</p:process>
</div> <c:if test="${showEdits && !empty editLinksForExisting}">
</div> <span class="editLinks">${editLinksForExisting}</span>
</div> </c:if>
</c:if> </div>
</div> </div>
</div>
</c:if>
</div>
</c:if> </c:if>