Change individual display so labels for moniker, blurb, citation, and description only appear if the user has edit permissions for those properties. NIHVIVO-275
This commit is contained in:
bdc34
parent
4a3ef8d03d
commit
5da58324b8
4 changed files with 153 additions and 84 deletions
|
|
@ -194,14 +194,14 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
if( uri == null || uri.length() == 0 )
|
||||
return false;
|
||||
|
||||
if( editableVitroUris.contains( uri ) )
|
||||
return true;
|
||||
|
||||
if( prohibitedProperties.contains(uri)) {
|
||||
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from self editing");
|
||||
return false;
|
||||
}
|
||||
|
||||
if( editableVitroUris.contains( uri ) )
|
||||
return true;
|
||||
|
||||
String namespace = uri.substring(0, Util.splitNamespace(uri));
|
||||
//Matcher match = ns.matcher(uri);
|
||||
//if( match.matches() && match.groupCount() > 0){
|
||||
|
|
@ -276,7 +276,7 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
}
|
||||
|
||||
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
|
||||
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
|
||||
if( prohibitedNs.contains(action.uriOfPredicate() ) ) {
|
||||
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
|
||||
}
|
||||
|
|
@ -338,11 +338,9 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
|
|||
if( prohibitedNs.contains( action.getResourceUri() ) )
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources");
|
||||
|
||||
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
|
||||
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
|
||||
if( prohibitedProperties.contains( action.getDataPropUri() ) )
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
|
||||
|
||||
|
||||
if( !canModifyPredicate( action.getDataPropUri() ) )
|
||||
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +
|
||||
"cannot modify " + action.getDataPropUri());
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
|
||||
|
|
@ -179,6 +180,62 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
|
|||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testForbiddenMoniker(){
|
||||
Set<String> badProps = new HashSet<String>();
|
||||
badProps.add(VitroVocabulary.MONIKER);
|
||||
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
|
||||
|
||||
RequestedAction whatToAuth = null;
|
||||
|
||||
whatToAuth = new AddDataPropStmt(
|
||||
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null);
|
||||
PolicyDecision dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
|
||||
whatToAuth = new AddDataPropStmt(
|
||||
SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
|
||||
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
|
||||
DataPropertyStatement dps = new DataPropertyStatementImpl();
|
||||
dps.setIndividualURI(SELFEDITOR_URI);
|
||||
dps.setDatapropURI(VitroVocabulary.MONIKER);
|
||||
dps.setData("some moniker");
|
||||
whatToAuth = new EditDataPropStmt(dps);
|
||||
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
|
||||
|
||||
//try where moniker is permitted
|
||||
badProps = new HashSet<String>();
|
||||
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
|
||||
|
||||
whatToAuth = new AddDataPropStmt(
|
||||
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);
|
||||
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.AUTHORIZED, dec.getAuthorized());
|
||||
|
||||
whatToAuth = new AddDataPropStmt(
|
||||
UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
|
||||
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
|
||||
dps = new DataPropertyStatementImpl();
|
||||
dps.setIndividualURI(SAFE_RESOURCE);
|
||||
dps.setDatapropURI(VitroVocabulary.MONIKER);
|
||||
dps.setData("some moniker");
|
||||
whatToAuth = new EditDataPropStmt(dps);
|
||||
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
|
||||
Assert.assertNotNull(dec);
|
||||
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testVisitIdentifierBundleAddObjectPropStmt() {
|
||||
AddObjectPropStmt whatToAuth = new AddObjectPropStmt(
|
||||
|
|
|
|||
|
|
@ -119,10 +119,13 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
|
||||
<%-- Moniker. Wrap in the div only if editing. If not editing, displays inline next to label. --%>
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="monikerEditLinks"><edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/></c:set>
|
||||
<c:if test="${!empty monikerEditLinks }">
|
||||
<div id="dprop-vitro-moniker" class="propsItem ${editingClass}">
|
||||
<h3 class="propertyName">moniker</h3>
|
||||
<edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/>
|
||||
</c:if>
|
||||
</c:if>
|
||||
|
||||
<c:if test="${!empty entity.moniker}">
|
||||
<div class="datatypeProperties">
|
||||
<div class="datatypePropertyValue" id="moniker">
|
||||
|
|
@ -136,17 +139,19 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
</div>
|
||||
</div>
|
||||
</c:if>
|
||||
<c:if test="${showEdits}"></div></c:if> <%-- end dprop-vitro-moniker --%>
|
||||
|
||||
<c:if test="${showEdits && !empty monikerEditLinks}"></div></c:if> <%-- end dprop-vitro-moniker --%>
|
||||
|
||||
</c:otherwise>
|
||||
</c:choose>
|
||||
</div> <!-- end labelAndMoniker -->
|
||||
|
||||
<%-- Links --%>
|
||||
|
||||
<c:if test="${ showEdits || !empty entity.url || !empty entity.linksList }">
|
||||
<div id="dprop-vitro-links" class="propsItem ${editingClass}">
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="canEditPrimaryLinks"><edLnk:editLinks item="<%= VitroVocabulary.PRIMARY_LINK %>" icons="false"/></c:set>
|
||||
<c:set var="canEditAdditionalLinks"><edLnk:editLinks item="<%= VitroVocabulary.ADDITIONAL_LINK %>" icons="false"/></c:set>
|
||||
<c:if test="${showEdits and !empty canEditPrimaryLinks and !empty canEditAdditionalLinks}">
|
||||
<h3 class="propertyName">links</h3>
|
||||
<c:choose>
|
||||
<c:when test="${empty entity.url}">
|
||||
|
|
@ -208,7 +213,8 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
<%-- Thumbnail (with citation) --%>
|
||||
<c:if test="${showEdits || !empty entity.imageThumb}">
|
||||
<div id="dprop-vitro-image" class="propsItem ${editingClass}">
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="mayEditThumbnail"><edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" /></c:set>
|
||||
<c:if test="${showEdits and !empty mayEditThumbnail}">
|
||||
<h3 class="propertyName">image</h3>
|
||||
<edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" />
|
||||
</c:if>
|
||||
|
|
@ -242,23 +248,25 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
</div>
|
||||
</c:if>
|
||||
|
||||
<p:process>
|
||||
|
||||
<%-- Blurb --%>
|
||||
<c:if test="${showEdits || !empty entity.blurb}">
|
||||
<div id="dprop-vitro-blurb" class="propsItem ${editingClass}">
|
||||
<c:if test="${showEdits}">
|
||||
<c:if test="${not empty entity.blurb }">
|
||||
<c:set var="editLinksForExistingBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set>
|
||||
</c:if>
|
||||
<c:set var="editLinksForNewBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/></c:set>
|
||||
<c:if test="${showEdits || (( empty entity.blurb and not empty editLinksForNewBlurb)or( not empty entity.blurb and not empty editLinksForExistingBlurb)) }">
|
||||
<h3 class="propertyName">blurb</h3>
|
||||
<edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/>
|
||||
${editLinksForNewBlurb}
|
||||
</c:if>
|
||||
<c:if test="${!empty entity.blurb}">
|
||||
<div class="datatypeProperties">
|
||||
<div class="datatypePropertyValue">
|
||||
<div class="statementWrap">
|
||||
<div class="description">${entity.blurb}</div>
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set>
|
||||
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
|
||||
<div class="description"><p:process>${entity.blurb}</p:process></div>
|
||||
<c:if test="${showEdits && !empty editLinksForExistingBlurb}">
|
||||
<span class="editLinks">${editLinksForExistingBlurb}</span>
|
||||
</c:if>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -270,18 +278,22 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
<%-- Description --%>
|
||||
<c:if test="${ showEdits || !empty entity.description}">
|
||||
<div id="dprop-vitro-description" class="propsItem ${editingClass}">
|
||||
<c:if test="${showEdits}">
|
||||
<c:if test="${not empty entity.description }">
|
||||
<c:set var="editLinksForExisitngDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
|
||||
</c:if>
|
||||
<c:set var="editLinksForNewDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/></c:set>
|
||||
|
||||
<c:if test="${showEdits || ((empty entity.description and not empty editLinksForNewDesc)or(not empty entity.description and not empty editLinksForExisitngDesc))}">
|
||||
<h3 class="propertyName">description</h3>
|
||||
<edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/>
|
||||
${editLinksForNewDesc}
|
||||
</c:if>
|
||||
<c:if test="${!empty entity.description}">
|
||||
<div class="datatypeProperties">
|
||||
<div class="datatypePropertyValue">
|
||||
<div class="statementWrap">
|
||||
<div class="description">${entity.description}</div>
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
|
||||
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
|
||||
<div class="description"><p:process>${entity.description}</p:process></div>
|
||||
<c:if test="${showEdits && !empty editLinksForExisitngDesc}">
|
||||
<span class="editLinks">${editLinksForExisitngDesc}</span>
|
||||
</c:if>
|
||||
</div>
|
||||
</div>
|
||||
|
|
@ -290,7 +302,7 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
|
|||
</div>
|
||||
</c:if>
|
||||
|
||||
</p:process>
|
||||
|
||||
|
||||
<%-- Properties --%>
|
||||
<c:import url="${entityMergedPropsListJsp}">
|
||||
|
|
|
|||
|
|
@ -1,24 +1,26 @@
|
|||
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
|
||||
|
||||
<%@ page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary" %>
|
||||
|
||||
<%@ taglib uri="http://vitro.mannlib.cornell.edu/vitro/tags/PropertyEditLink" prefix="edLnk" %>
|
||||
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
|
||||
|
||||
<c:if test="${showEdits || !empty entity.citation}">
|
||||
<div id="dprop-vitro-citation" class="propsItem ${editingClass}">
|
||||
<c:if test="${showEdits}">
|
||||
<c:if test="${not empty entity.citation }">
|
||||
<c:set var="editLinksForExisting"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set>
|
||||
</c:if>
|
||||
<c:set var="editLinksForNew"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/></c:set>
|
||||
<c:if test="${showEdits or (( empty entity.citation and !empty editLinksForNew)or( ! empty entity.citation and !empty editLinksForExisting)) }">
|
||||
<h3 class="propertyName">citation</h3>
|
||||
<edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/>
|
||||
${editLinksForNew}
|
||||
</c:if>
|
||||
<c:if test="${!empty entity.citation}">
|
||||
<div class="datatypeProperties">
|
||||
<div class="datatypePropertyValue">
|
||||
<div class="statementWrap">
|
||||
${entity.citation}
|
||||
<c:if test="${showEdits}">
|
||||
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set>
|
||||
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
|
||||
<p:process>${entity.citation}</p:process>
|
||||
<c:if test="${showEdits && !empty editLinksForExisting}">
|
||||
<span class="editLinks">${editLinksForExisting}</span>
|
||||
</c:if>
|
||||
</div>
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue