Restructure so when you start self-editing you are no longer logged in, and when you stop you are logged in again.
This commit is contained in:
jeb228
parent
d6e507691a
commit
659a5b41df
1 changed files with 90 additions and 27 deletions
|
|
@ -13,11 +13,18 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.identifier.FakeSelfEditingIdentifierFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
|
||||
|
||||
/**
|
||||
* TODO This is caught in the middle of the transition from LoginFormBean to LoginStatusBean.
|
||||
*/
|
||||
public class FakeSelfEditController extends VitroHttpServlet {
|
||||
private static final String ATTRIBUTE_LOGIN_FORM_BEAN = "loginHandler";
|
||||
private static final String ATTRIBUTE_LOGIN_STATUS_BEAN = "loginStatus";
|
||||
private static final String ATTRIBUTE_LOGIN_FORM_SAVE = "saveLoginHandler";
|
||||
private static final String ATTRIBUTE_LOGIN_STATUS_SAVE = "saveLoginStatus";
|
||||
|
||||
private static final Log log = LogFactory
|
||||
.getLog(FakeSelfEditController.class.getName());
|
||||
|
|
@ -27,37 +34,18 @@ public class FakeSelfEditController extends VitroHttpServlet {
|
|||
|
||||
try {
|
||||
super.doGet(request, response);
|
||||
|
||||
VitroRequest vreq = new VitroRequest(request);
|
||||
HttpSession session = request.getSession();
|
||||
|
||||
if (!LoginFormBean.loggedIn(request, LoginFormBean.CURATOR)) {
|
||||
// Not logged in as site admin
|
||||
session.setAttribute("postLoginRequest", vreq.getRequestURI());
|
||||
response.sendRedirect(request.getContextPath()
|
||||
+ Controllers.LOGIN + "?login=block");
|
||||
if (!isAuthorized(session)) {
|
||||
sendToLogin(vreq, response);
|
||||
} else if (vreq.getParameter("force") != null) {
|
||||
// Logged in as site admin: Form to use netid
|
||||
VitroRequestPrep.forceToSelfEditing(request);
|
||||
String id = request.getParameter("netid");
|
||||
FakeSelfEditingIdentifierFactory.putFakeIdInSession(id, session);
|
||||
|
||||
// Remove the login bean - so we are ONLY self-editing
|
||||
session.removeAttribute("loginHandler");
|
||||
|
||||
response.sendRedirect(request.getContextPath()
|
||||
+ Controllers.ENTITY + "?netid=" + id);
|
||||
} else if (request.getParameter("stopfaking") != null) {
|
||||
// Logged in as site admin: Form to stop using netid
|
||||
VitroRequestPrep.forceOutOfSelfEditing(request);
|
||||
FakeSelfEditingIdentifierFactory.clearFakeIdInSession(session);
|
||||
response.sendRedirect(request.getContextPath() + "/");
|
||||
startFaking(vreq, response);
|
||||
} else if (vreq.getParameter("stopfaking") != null) {
|
||||
stopFaking(vreq, response, session);
|
||||
} else {
|
||||
// Logged in as site admin: Form not yet submitted
|
||||
request.setAttribute("msg", figureMessage(session));
|
||||
request.setAttribute("title", "Self-Edit Test");
|
||||
request.setAttribute("bodyJsp", "/admin/fakeselfedit.jsp");
|
||||
RequestDispatcher rd = request.getRequestDispatcher(Controllers.BASIC_JSP);
|
||||
rd.forward(request, response);
|
||||
showTheForm(vreq, response, session);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.error("FakeSelfEditController could not forward to view.");
|
||||
|
|
@ -65,6 +53,63 @@ public class FakeSelfEditController extends VitroHttpServlet {
|
|||
}
|
||||
}
|
||||
|
||||
private boolean isAuthorized(HttpSession session) {
|
||||
boolean isFakingAlready = (session.getAttribute(ATTRIBUTE_LOGIN_STATUS_SAVE) != null);
|
||||
boolean isAdmin = LoginStatusBean.getBean(session).isLoggedInAtLeast(LoginStatusBean.CURATOR);
|
||||
return isAdmin || isFakingAlready;
|
||||
}
|
||||
|
||||
private void sendToLogin(VitroRequest vreq, HttpServletResponse response)
|
||||
throws IOException {
|
||||
HttpSession session = vreq.getSession();
|
||||
session.setAttribute("postLoginRequest", vreq.getRequestURI());
|
||||
response.sendRedirect(vreq.getContextPath() + Controllers.LOGIN
|
||||
+ "?login=block");
|
||||
}
|
||||
|
||||
private void startFaking(VitroRequest vreq, HttpServletResponse response)
|
||||
throws IOException {
|
||||
HttpSession session = vreq.getSession();
|
||||
VitroRequestPrep.forceToSelfEditing(vreq);
|
||||
String id = vreq.getParameter("netid");
|
||||
FakeSelfEditingIdentifierFactory.putFakeIdInSession(id, session);
|
||||
|
||||
// Remove the login bean - so we are ONLY self-editing
|
||||
moveAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN,
|
||||
ATTRIBUTE_LOGIN_FORM_SAVE);
|
||||
moveAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN,
|
||||
ATTRIBUTE_LOGIN_STATUS_SAVE);
|
||||
|
||||
response.sendRedirect(vreq.getContextPath() + Controllers.ENTITY
|
||||
+ "?netid=" + id);
|
||||
}
|
||||
|
||||
private void stopFaking(VitroRequest request, HttpServletResponse response,
|
||||
HttpSession session) throws IOException {
|
||||
VitroRequestPrep.forceOutOfSelfEditing(request);
|
||||
FakeSelfEditingIdentifierFactory.clearFakeIdInSession(session);
|
||||
|
||||
// Restore our original login status.
|
||||
restoreAttribute(session, ATTRIBUTE_LOGIN_FORM_BEAN,
|
||||
ATTRIBUTE_LOGIN_FORM_SAVE);
|
||||
restoreAttribute(session, ATTRIBUTE_LOGIN_STATUS_BEAN,
|
||||
ATTRIBUTE_LOGIN_STATUS_SAVE);
|
||||
|
||||
response.sendRedirect(request.getContextPath() + "/");
|
||||
}
|
||||
|
||||
private void showTheForm(VitroRequest request,
|
||||
HttpServletResponse response, HttpSession session)
|
||||
throws ServletException, IOException {
|
||||
// Logged in as site admin: Form not yet submitted
|
||||
request.setAttribute("msg", figureMessage(session));
|
||||
request.setAttribute("title", "Self-Edit Test");
|
||||
request.setAttribute("bodyJsp", "/admin/fakeselfedit.jsp");
|
||||
RequestDispatcher rd = request
|
||||
.getRequestDispatcher(Controllers.BASIC_JSP);
|
||||
rd.forward(request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if already logged in from previous form submission
|
||||
*/
|
||||
|
|
@ -77,6 +122,24 @@ public class FakeSelfEditController extends VitroHttpServlet {
|
|||
}
|
||||
}
|
||||
|
||||
private void moveAttribute(HttpSession session,
|
||||
String realAttribute, String saveAttribute) {
|
||||
Object value = session.getAttribute(realAttribute);
|
||||
if (value != null) {
|
||||
session.setAttribute(saveAttribute, value);
|
||||
session.removeAttribute(realAttribute);
|
||||
}
|
||||
}
|
||||
|
||||
private void restoreAttribute(HttpSession session,
|
||||
String realAttribute, String saveAttribute) {
|
||||
Object value = session.getAttribute(saveAttribute);
|
||||
if (value != null) {
|
||||
session.setAttribute(realAttribute, value);
|
||||
session.removeAttribute(saveAttribute);
|
||||
}
|
||||
}
|
||||
|
||||
public void doPost(HttpServletRequest request, HttpServletResponse response)
|
||||
throws ServletException, IOException {
|
||||
doGet(request, response);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue