litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Change individual display so labels for moniker, blurb, citation, and description only appear if the user has edit permissions for those properties. NIHVIVO-275

Browse source
This commit is contained in:
bdc34 2010-04-02 23:13:09 +00:00
parent 4a3ef8d03d
commit 5da58324b8
4 changed files with 153 additions and 84 deletions
Download patch file Download diff file Expand all files Collapse all files

12
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicy.java
View file

@ -194,13 +194,13 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
if( uri == null || uri.length() == 0 )
return false;
if( editableVitroUris.contains( uri ) )
return true;
if( prohibitedProperties.contains(uri)) {
log.debug("The uri "+uri+" represents a predicate that cannot be modified because it is on a list of properties prohibited from self editing");
return false;
}
if( editableVitroUris.contains( uri ) )
return true;
String namespace = uri.substring(0, Util.splitNamespace(uri));
//Matcher match = ns.matcher(uri);
@ -276,7 +276,7 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
}
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
if( prohibitedNs.contains(action.uriOfPredicate() ) && ! editableVitroUris.contains( action.uriOfPredicate() ) ) {
if( prohibitedNs.contains(action.uriOfPredicate() ) ) {
log.debug("SelfEditingPolicy for DropDatapropStmt is inconclusive because it does not grant access to admin controls");
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
}
@ -338,10 +338,8 @@ public class SelfEditingPolicy implements VisitingPolicyIface {
if( prohibitedNs.contains( action.getResourceUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin resources");
//many predicates are prohibited by namespace but there are many ones that self editors need to work with
if( prohibitedNs.contains(action.getDataPropUri() ) && ! editableVitroUris.contains( action.getDataPropUri() ) )
if( prohibitedProperties.contains( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin controls");
if( !canModifyPredicate( action.getDataPropUri() ) )
return new BasicPolicyDecision(this.defaultFailure,"SelfEditingPolicy does not grant access to admin predicates; " +

59
webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/SelfEditingPolicyTest.java
View file

@ -17,6 +17,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
@ -178,7 +179,63 @@ public class SelfEditingPolicyTest extends AbstractTestClass {
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
}
@Test
public void testForbiddenMoniker(){
Set<String> badProps = new HashSet<String>();
badProps.add(VitroVocabulary.MONIKER);
SelfEditingPolicy badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
RequestedAction whatToAuth = null;
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"someValue", null, null);
PolicyDecision dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
whatToAuth = new AddDataPropStmt(
SAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
DataPropertyStatement dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SELFEDITOR_URI);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
//try where moniker is permitted
badProps = new HashSet<String>();
badPropPolicy = new SelfEditingPolicy(badProps,null,null,null);
whatToAuth = new AddDataPropStmt(
SELFEDITOR_URI, VitroVocabulary.MONIKER ,"somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.AUTHORIZED, dec.getAuthorized());
whatToAuth = new AddDataPropStmt(
UNSAFE_RESOURCE ,VitroVocabulary.MONIKER , "somevalue", null, null);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
dps = new DataPropertyStatementImpl();
dps.setIndividualURI(SAFE_RESOURCE);
dps.setDatapropURI(VitroVocabulary.MONIKER);
dps.setData("some moniker");
whatToAuth = new EditDataPropStmt(dps);
dec = badPropPolicy.isAuthorized(ids, whatToAuth);
Assert.assertNotNull(dec);
Assert.assertEquals(Authorization.INCONCLUSIVE, dec.getAuthorized());
}
@Test
public void testVisitIdentifierBundleAddObjectPropStmt() {
AddObjectPropStmt whatToAuth = new AddObjectPropStmt(

124
webapp/web/templates/entity/entityBasic.jsp
View file

@ -119,10 +119,13 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
<%-- Moniker. Wrap in the div only if editing. If not editing, displays inline next to label. --%>
<c:if test="${showEdits}">
<div id="dprop-vitro-moniker" class="propsItem ${editingClass}">
<h3 class="propertyName">moniker</h3>
<edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/>
<c:set var="monikerEditLinks"><edLnk:editLinks item="<%= VitroVocabulary.MONIKER %>" icons="false"/></c:set>
<c:if test="${!empty monikerEditLinks }">
<div id="dprop-vitro-moniker" class="propsItem ${editingClass}">
<h3 class="propertyName">moniker</h3>
</c:if>
</c:if>
<c:if test="${!empty entity.moniker}">
<div class="datatypeProperties">
<div class="datatypePropertyValue" id="moniker">
@ -136,17 +139,19 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
</div>
</div>
</c:if>
<c:if test="${showEdits}"></div></c:if> <%-- end dprop-vitro-moniker --%>
<c:if test="${showEdits && !empty monikerEditLinks}"></div></c:if> <%-- end dprop-vitro-moniker --%>
</c:otherwise>
</c:choose>
</div> <!-- end labelAndMoniker -->
<%-- Links --%>
<%-- Links --%>
<c:if test="${ showEdits || !empty entity.url || !empty entity.linksList }">
<div id="dprop-vitro-links" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<c:set var="canEditPrimaryLinks"><edLnk:editLinks item="<%= VitroVocabulary.PRIMARY_LINK %>" icons="false"/></c:set>
<c:set var="canEditAdditionalLinks"><edLnk:editLinks item="<%= VitroVocabulary.ADDITIONAL_LINK %>" icons="false"/></c:set>
<c:if test="${showEdits and !empty canEditPrimaryLinks and !empty canEditAdditionalLinks}">
<h3 class="propertyName">links</h3>
<c:choose>
<c:when test="${empty entity.url}">
@ -208,7 +213,8 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
<%-- Thumbnail (with citation) --%>
<c:if test="${showEdits || !empty entity.imageThumb}">
<div id="dprop-vitro-image" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<c:set var="mayEditThumbnail"><edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" /></c:set>
<c:if test="${showEdits and !empty mayEditThumbnail}">
<h3 class="propertyName">image</h3>
<edLnk:editLinks item="<%= VitroVocabulary.IMAGETHUMB %>" icons="false" />
</c:if>
@ -242,55 +248,61 @@ if (VitroRequestPrep.isSelfEditing(request) || LoginFormBean.loggedIn(request, L
</div>
</c:if>
<p:process>
<%-- Blurb --%>
<c:if test="${showEdits || !empty entity.blurb}">
<div id="dprop-vitro-blurb" class="propsItem ${editingClass}">
<c:if test="${not empty entity.blurb }">
<c:set var="editLinksForExistingBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set>
</c:if>
<c:set var="editLinksForNewBlurb"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/></c:set>
<c:if test="${showEdits || (( empty entity.blurb and not empty editLinksForNewBlurb)or( not empty entity.blurb and not empty editLinksForExistingBlurb)) }">
<h3 class="propertyName">blurb</h3>
${editLinksForNewBlurb}
</c:if>
<c:if test="${!empty entity.blurb}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description"><p:process>${entity.blurb}</p:process></div>
<c:if test="${showEdits && !empty editLinksForExistingBlurb}">
<span class="editLinks">${editLinksForExistingBlurb}</span>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
<%-- Blurb --%>
<c:if test="${showEdits || !empty entity.blurb}">
<div id="dprop-vitro-blurb" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<h3 class="propertyName">blurb</h3>
<edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" icons="false"/>
</c:if>
<c:if test="${!empty entity.blurb}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description">${entity.blurb}</div>
<c:if test="${showEdits}">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.BLURB %>" data="${entity.blurb}" icons="false"/></c:set>
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
<%-- Description --%>
<c:if test="${showEdits || !empty entity.description}">
<div id="dprop-vitro-description" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<h3 class="propertyName">description</h3>
<edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/>
</c:if>
<c:if test="${!empty entity.description}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description">${entity.description}</div>
<c:if test="${showEdits}">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
</p:process>
<%-- Description --%>
<c:if test="${ showEdits || !empty entity.description}">
<div id="dprop-vitro-description" class="propsItem ${editingClass}">
<c:if test="${not empty entity.description }">
<c:set var="editLinksForExisitngDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" data="${entity.description}" icons="false"/></c:set>
</c:if>
<c:set var="editLinksForNewDesc"><edLnk:editLinks item="<%= VitroVocabulary.DESCRIPTION %>" icons="false"/></c:set>
<c:if test="${showEdits || ((empty entity.description and not empty editLinksForNewDesc)or(not empty entity.description and not empty editLinksForExisitngDesc))}">
<h3 class="propertyName">description</h3>
${editLinksForNewDesc}
</c:if>
<c:if test="${!empty entity.description}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<div class="description"><p:process>${entity.description}</p:process></div>
<c:if test="${showEdits && !empty editLinksForExisitngDesc}">
<span class="editLinks">${editLinksForExisitngDesc}</span>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>
<%-- Properties --%>
<c:import url="${entityMergedPropsListJsp}">

42
webapp/web/templates/entity/entityCitation.jsp
View file

@ -1,28 +1,30 @@
<%-- $This file is distributed under the terms of the license in /doc/license.txt$ --%>
<%@ page import="edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary" %>
<%@ taglib uri="http://vitro.mannlib.cornell.edu/vitro/tags/PropertyEditLink" prefix="edLnk" %>
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c" %>
<c:if test="${showEdits || !empty entity.citation}">
<div id="dprop-vitro-citation" class="propsItem ${editingClass}">
<c:if test="${showEdits}">
<h3 class="propertyName">citation</h3>
<edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/>
</c:if>
<c:if test="${!empty entity.citation}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
${entity.citation}
<c:if test="${showEdits}">
<c:set var="editLinks"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set>
<c:if test="${!empty editLinks}"><span class="editLinks">${editLinks}</span></c:if>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
<div id="dprop-vitro-citation" class="propsItem ${editingClass}">
<c:if test="${not empty entity.citation }">
<c:set var="editLinksForExisting"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" data="${entity.citation}" icons="false"/></c:set>
</c:if>
<c:set var="editLinksForNew"><edLnk:editLinks item="<%= VitroVocabulary.CITATION %>" icons="false"/></c:set>
<c:if test="${showEdits or (( empty entity.citation and !empty editLinksForNew)or( ! empty entity.citation and !empty editLinksForExisting)) }">
<h3 class="propertyName">citation</h3>
${editLinksForNew}
</c:if>
<c:if test="${!empty entity.citation}">
<div class="datatypeProperties">
<div class="datatypePropertyValue">
<div class="statementWrap">
<p:process>${entity.citation}</p:process>
<c:if test="${showEdits && !empty editLinksForExisting}">
<span class="editLinks">${editLinksForExisting}</span>
</c:if>
</div>
</div>
</div>
</c:if>
</div>
</c:if>