Merge r8729, r8746 from the release 1.3 maintenance branch
This commit is contained in:
j2blake
parent
5ff4bc5d6d
commit
5de98569bf
7 changed files with 167 additions and 25 deletions
|
|
@ -0,0 +1,12 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
|
||||
/**
|
||||
* Should we allow the user to edit or delete the root account?
|
||||
*/
|
||||
public class ManageRootAccount extends RequestedAction {
|
||||
// no fields
|
||||
}
|
||||
|
|
@ -82,10 +82,14 @@ public class UserAccountsAdminController extends FreemarkerHttpServlet {
|
|||
|
||||
private ResponseValues handleDeleteRequest(VitroRequest vreq) {
|
||||
UserAccountsDeleter deleter = new UserAccountsDeleter(vreq);
|
||||
Collection<String> deletedUris = deleter.delete();
|
||||
if (deleter.isBogus()) {
|
||||
return showHomePage(vreq, deleter.getBogusMessage());
|
||||
} else {
|
||||
Collection<String> deletedUris = deleter.delete();
|
||||
|
||||
UserAccountsListPage.Message.showDeletions(vreq, deletedUris);
|
||||
return redirectToList();
|
||||
UserAccountsListPage.Message.showDeletions(vreq, deletedUris);
|
||||
return redirectToList();
|
||||
}
|
||||
}
|
||||
|
||||
private ResponseValues handleListRequest(VitroRequest vreq) {
|
||||
|
|
|
|||
|
|
@ -6,48 +6,104 @@ import java.util.ArrayList;
|
|||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.accounts.UserAccountsPage;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.UserAccountsDao;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.accounts.user.UserAccountsUserController;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
|
||||
/**
|
||||
* Process a request to delete User Accounts.
|
||||
*/
|
||||
public class UserAccountsDeleter extends UserAccountsPage {
|
||||
|
||||
private static final Log log = LogFactory.getLog(UserAccountsDeleter.class);
|
||||
|
||||
private static final String PARAMETER_DELETE_ACCOUNT = "deleteAccount";
|
||||
|
||||
/** Might be empty, but never null. */
|
||||
private final String[] uris;
|
||||
|
||||
/** The result of checking whether this request is even appropriate. */
|
||||
private String bogusMessage = "";
|
||||
|
||||
public UserAccountsDeleter(VitroRequest vreq) {
|
||||
super(vreq);
|
||||
|
||||
|
||||
String[] values = vreq.getParameterValues(PARAMETER_DELETE_ACCOUNT);
|
||||
if (values == null) {
|
||||
this.uris = new String[0];
|
||||
} else {
|
||||
this.uris = values;
|
||||
}
|
||||
|
||||
WebappDaoFactory wadf = vreq.getWebappDaoFactory();
|
||||
|
||||
validateInputUris();
|
||||
}
|
||||
|
||||
private void validateInputUris() {
|
||||
UserAccount loggedInAccount = LoginStatusBean.getCurrentUser(vreq);
|
||||
if (loggedInAccount == null) {
|
||||
log.warn("Trying to delete accounts while not logged in!");
|
||||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
|
||||
for (String uri : this.uris) {
|
||||
UserAccount u = userAccountsDao.getUserAccountByUri(uri);
|
||||
|
||||
if (u == null) {
|
||||
log.warn("Delete account for '" + uri
|
||||
+ "' is bogus: no such user");
|
||||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
|
||||
if (u.getUri().equals(loggedInAccount.getUri())) {
|
||||
log.warn("'" + u.getUri()
|
||||
+ "' is trying to delete his own account.");
|
||||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
|
||||
if (u.isRootUser()
|
||||
&& (!PolicyHelper.isAuthorizedForActions(vreq,
|
||||
new ManageRootAccount()))) {
|
||||
log.warn("Attempting to delete the root account, "
|
||||
+ "but not authorized. Logged in as "
|
||||
+ LoginStatusBean.getCurrentUser(vreq));
|
||||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public Collection<String> delete() {
|
||||
List<String> deletedUris = new ArrayList<String>();
|
||||
|
||||
WebappDaoFactory wadf = vreq.getWebappDaoFactory();
|
||||
UserAccountsDao dao = wadf.getUserAccountsDao();
|
||||
|
||||
for (String uri: uris) {
|
||||
UserAccount u = dao.getUserAccountByUri(uri);
|
||||
List<String> deletedUris = new ArrayList<String>();
|
||||
|
||||
for (String uri : uris) {
|
||||
UserAccount u = userAccountsDao.getUserAccountByUri(uri);
|
||||
if (u != null) {
|
||||
dao.deleteUserAccount(uri);
|
||||
userAccountsDao.deleteUserAccount(uri);
|
||||
deletedUris.add(uri);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
return deletedUris;
|
||||
}
|
||||
|
||||
public boolean isBogus() {
|
||||
return !bogusMessage.isEmpty();
|
||||
}
|
||||
|
||||
public String getBogusMessage() {
|
||||
return bogusMessage;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,9 @@ import java.util.Set;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
|
|
@ -115,6 +118,16 @@ public class UserAccountsEditPage extends UserAccountsPage {
|
|||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
if (userAccount.isRootUser()) {
|
||||
if (!PolicyHelper.isAuthorizedForActions(vreq,
|
||||
new ManageRootAccount())) {
|
||||
log.warn("User is attempting to edit the root account, "
|
||||
+ "but is not authorized to do so. Logged in as: "
|
||||
+ LoginStatusBean.getCurrentUser(vreq));
|
||||
bogusMessage = UserAccountsUserController.BOGUS_STANDARD_MESSAGE;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public boolean isBogus() {
|
||||
|
|
|
|||
|
|
@ -18,6 +18,9 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageRootAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.PermissionSet;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
|
||||
|
|
@ -183,12 +186,38 @@ public class UserAccountsListPage extends UserAccountsPage {
|
|||
UserAccountsSelection selection) {
|
||||
List<UserAccountWrapper> list = new ArrayList<UserAccountWrapper>();
|
||||
for (UserAccount account : selection.getUserAccounts()) {
|
||||
list.add(new UserAccountWrapper(account,
|
||||
findPermissionSetLabels(account)));
|
||||
UserAccountWrapper wrapper = new UserAccountWrapper(account,
|
||||
findPermissionSetLabels(account), permittedToEdit(account),
|
||||
permittedToDelete(account));
|
||||
list.add(wrapper);
|
||||
}
|
||||
return list;
|
||||
}
|
||||
|
||||
private boolean permittedToEdit(UserAccount account) {
|
||||
if (!account.isRootUser()) {
|
||||
return true;
|
||||
}
|
||||
if (PolicyHelper.isAuthorizedForActions(vreq, new ManageRootAccount())) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
private boolean permittedToDelete(UserAccount account) {
|
||||
if (!permittedToEdit(account)) {
|
||||
return false;
|
||||
}
|
||||
UserAccount loggedInUser = LoginStatusBean.getCurrentUser(vreq);
|
||||
if (loggedInUser == null) {
|
||||
return false;
|
||||
}
|
||||
if (account.getUri().equals(loggedInUser.getUri())) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
private List<String> findPermissionSetLabels(UserAccount account) {
|
||||
List<String> labels = new ArrayList<String>();
|
||||
|
||||
|
|
@ -212,12 +241,21 @@ public class UserAccountsListPage extends UserAccountsPage {
|
|||
private final UserAccount account;
|
||||
private final List<String> permissionSets;
|
||||
private final String editUrl;
|
||||
private final boolean deletable;
|
||||
|
||||
public UserAccountWrapper(UserAccount account,
|
||||
List<String> permissionSets) {
|
||||
List<String> permissionSets, boolean showEditUrl,
|
||||
boolean permitDelete) {
|
||||
this.account = account;
|
||||
this.permissionSets = permissionSets;
|
||||
this.editUrl = UserAccountsPage.editAccountUrl(account.getUri());
|
||||
this.deletable = permitDelete;
|
||||
|
||||
if (showEditUrl) {
|
||||
this.editUrl = UserAccountsPage
|
||||
.editAccountUrl(account.getUri());
|
||||
} else {
|
||||
this.editUrl = "";
|
||||
}
|
||||
}
|
||||
|
||||
public String getUri() {
|
||||
|
|
@ -266,6 +304,10 @@ public class UserAccountsListPage extends UserAccountsPage {
|
|||
return editUrl;
|
||||
}
|
||||
|
||||
public boolean isDeletable() {
|
||||
return deletable;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -332,13 +374,14 @@ public class UserAccountsListPage extends UserAccountsPage {
|
|||
private void applyToBodyMap(Map<String, Object> body) {
|
||||
if (type == Type.NEW_ACCOUNT) {
|
||||
body.put("newUserAccount", new UserAccountWrapper(userAccount,
|
||||
Collections.<String> emptyList()));
|
||||
Collections.<String> emptyList(), true, false));
|
||||
if (emailWasSent) {
|
||||
body.put("emailWasSent", Boolean.TRUE);
|
||||
}
|
||||
} else if (type == Type.UPDATED_ACCOUNT) {
|
||||
body.put("updatedUserAccount", new UserAccountWrapper(
|
||||
userAccount, Collections.<String> emptyList()));
|
||||
userAccount, Collections.<String> emptyList(), true,
|
||||
false));
|
||||
if (emailWasSent) {
|
||||
body.put("emailWasSent", Boolean.TRUE);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ import org.apache.commons.logging.LogFactory;
|
|||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.RequestIdentifiers;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.IsRootUser;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.UserAccount.Status;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
|
|
@ -132,6 +133,11 @@ public class BasicAuthenticator extends Authenticator {
|
|||
setSessionTimeoutLimit(userAccount, session);
|
||||
recordInUserSessionMap(userAccount.getUri(), session);
|
||||
notifyOtherUsers(userAccount.getUri(), session);
|
||||
|
||||
if (IsRootUser.isRootUser(RequestIdentifiers
|
||||
.getIdBundleForRequest(request))) {
|
||||
// Insert method call here.
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue