diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java index 861c39f98..3a1f93d94 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/FakeSelfEditController.java @@ -13,11 +13,18 @@ import javax.servlet.http.HttpSession; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vedit.beans.LoginFormBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.identifier.FakeSelfEditingIdentifierFactory; import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep; +/** + * TODO This is caught in the middle of the transition from LoginFormBean to LoginStatusBean. + */ public class FakeSelfEditController extends VitroHttpServlet { + private static final String ATTRIBUTE_LOGIN_FORM_BEAN = "loginHandler"; + private static final String ATTRIBUTE_LOGIN_STATUS_BEAN = "loginStatus"; + private static final String ATTRIBUTE_LOGIN_FORM_SAVE = "saveLoginHandler"; + private static final String ATTRIBUTE_LOGIN_STATUS_SAVE = "saveLoginStatus"; private static final Log log = LogFactory .getLog(FakeSelfEditController.class.getName()); @@ -27,37 +34,18 @@ public class FakeSelfEditController extends VitroHttpServlet { try { super.doGet(request, response); + VitroRequest vreq = new VitroRequest(request); HttpSession session = request.getSession(); - if (!LoginFormBean.loggedIn(request, LoginFormBean.CURATOR)) { - // Not logged in as site admin - session.setAttribute("postLoginRequest", vreq.getRequestURI()); - response.sendRedirect(request.getContextPath() - + Controllers.LOGIN + "?login=block"); + if (!isAuthorized(session)) { + sendToLogin(vreq, response); } else if (vreq.getParameter("force") != null) { - // Logged in as site admin: Form to use netid - VitroRequestPrep.forceToSelfEditing(request); - String id = request.getParameter("netid"); - FakeSelfEditingIdentifierFactory.putFakeIdInSession(id, session); - - // Remove the login bean - so we are ONLY self-editing - session.removeAttribute("loginHandler"); - - response.sendRedirect(request.getContextPath() - + Controllers.ENTITY + "?netid=" + id); - } else if (request.getParameter("stopfaking") != null) { - // Logged in as site admin: Form to stop using netid - VitroRequestPrep.forceOutOfSelfEditing(request); - FakeSelfEditingIdentifierFactory.clearFakeIdInSession(session); - response.sendRedirect(request.getContextPath() + "/"); + startFaking(vreq, response); + } else if (vreq.getParameter("stopfaking") != null) { + stopFaking(vreq, response, session); } else { - // Logged in as site admin: Form not yet submitted - request.setAttribute("msg", figureMessage(session)); - request.setAttribute("title", "Self-Edit Test"); - request.setAttribute("bodyJsp", "/admin/fakeselfedit.jsp"); - RequestDispatcher rd = request.getRequestDispatcher(Controllers.BASIC_JSP); - rd.forward(request, response); + showTheForm(vreq, response, session); } } catch (Exception e) { log.error("FakeSelfEditController could not forward to view."); @@ -65,6 +53,63 @@ public class FakeSelfEditController extends VitroHttpServlet { } } + private boolean isAuthorized(HttpSession session) { + boolean isFakingAlready = (session.getAttribute(ATTRIBUTE_LOGIN_STATUS_SAVE) != null); + boolean isAdmin = LoginStatusBean.getBean(session).isLoggedInAtLeast(LoginStatusBean.CURATOR); + return isAdmin || isFakingAlready; + } + + private void sendToLogin(VitroRequest vreq, HttpServletResponse response) + throws IOException { + HttpSession session = vreq.getSession(); + session.setAttribute("postLoginRequest", vreq.getRequestURI()); + response.sendRedirect(vreq.getContextPath() + Controllers.LOGIN + + "?login=block"); + } + + private void startFaking(VitroRequest vreq, HttpServletResponse response) + throws IOException { + HttpSession session = vreq.getSession(); + VitroRequestPrep.forceToSelfEditing(vreq); + String id = vreq.getParameter("netid"); + FakeSelfEditingIdentifierFactory.putFakeIdInSession(id, session); + + // Remove the login bean - so we are ONLY self-editing + moveAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN, + ATTRIBUTE_LOGIN_FORM_SAVE); + moveAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN, + ATTRIBUTE_LOGIN_STATUS_SAVE); + + response.sendRedirect(vreq.getContextPath() + Controllers.ENTITY + + "?netid=" + id); + } + + private void stopFaking(VitroRequest request, HttpServletResponse response, + HttpSession session) throws IOException { + VitroRequestPrep.forceOutOfSelfEditing(request); + FakeSelfEditingIdentifierFactory.clearFakeIdInSession(session); + + // Restore our original login status. + restoreAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN, + ATTRIBUTE_LOGIN_FORM_SAVE); + restoreAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN, + ATTRIBUTE_LOGIN_STATUS_SAVE); + + response.sendRedirect(request.getContextPath() + "/"); + } + + private void showTheForm(VitroRequest request, + HttpServletResponse response, HttpSession session) + throws ServletException, IOException { + // Logged in as site admin: Form not yet submitted + request.setAttribute("msg", figureMessage(session)); + request.setAttribute("title", "Self-Edit Test"); + request.setAttribute("bodyJsp", "/admin/fakeselfedit.jsp"); + RequestDispatcher rd = request + .getRequestDispatcher(Controllers.BASIC_JSP); + rd.forward(request, response); + } + /** * Check if already logged in from previous form submission */ @@ -77,6 +122,24 @@ public class FakeSelfEditController extends VitroHttpServlet { } } + private void moveAttribute(HttpSession session, + String realAttribute, String saveAttribute) { + Object value = session.getAttribute(realAttribute); + if (value != null) { + session.setAttribute(saveAttribute, value); + session.removeAttribute(realAttribute); + } + } + + private void restoreAttribute(HttpSession session, + String realAttribute, String saveAttribute) { + Object value = session.getAttribute(saveAttribute); + if (value != null) { + session.setAttribute(realAttribute, value); + session.removeAttribute(saveAttribute); + } + } + public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doGet(request, response);