litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1150 Refactor ImageUploadController authorization-related methods to a separate AuthorizationHelper class so they can be used by other pages too.

Browse source 
Move message in classGroups template to separate template.
This commit is contained in:
rjy7 2010-09-20 16:19:04 +00:00
parent c0a8d603ed
commit 676d22b3e5
8 changed files with 126 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthorizationHelper.java Normal file
View file

@ -0,0 +1,96 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RequestPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.ImageUploadController;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
public class AuthorizationHelper {
private static final Log log = LogFactory.getLog(AuthorizationHelper.class);
private VitroRequest vreq;
public AuthorizationHelper(VitroRequest vreq) {
this.vreq = vreq;
}
public boolean isAuthorizedForRequestedAction(RequestedAction action) {
PolicyIface policy = getPolicies();
PolicyDecision dec = policy.isAuthorized(getIdentifiers(), action);
if (dec != null && dec.getAuthorized() == Authorization.AUTHORIZED) {
log.debug("Authorized because self-editing.");
return true;
} else {
log.debug("Not Authorized even though self-editing: "
+ ((dec == null) ? "null" : dec.getMessage() + ", "
+ dec.getDebuggingInfo()));
return false;
}
}
/**
* Get the policy from the request, or from the servlet context.
*/
private PolicyIface getPolicies() {
ServletContext servletContext = vreq.getSession().getServletContext();
PolicyIface policy = RequestPolicyList.getPolicies(vreq);
if (isEmptyPolicy(policy)) {
policy = ServletPolicyList.getPolicies(servletContext);
if (isEmptyPolicy(policy)) {
log.error("No policy found in request at "
+ RequestPolicyList.POLICY_LIST);
policy = new PolicyList();
}
}
return policy;
}
/**
* Is there actually a policy here?
*/
private boolean isEmptyPolicy(PolicyIface policy) {
return policy == null
|| (policy instanceof PolicyList && ((PolicyList) policy)
.size() == 0);
}
private IdentifierBundle getIdentifiers() {
HttpSession session = vreq.getSession();
ServletContext context = session.getServletContext();
IdentifierBundle ids = ServletIdentifierBundleFactory
.getIdBundleForRequest(vreq, session, context);
if (ids == null) {
return new ArrayIdentifierBundle();
} else {
return ids;
}
}
}

13
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BrowseController.java
View file

@ -83,6 +83,7 @@ public class BrowseController extends FreemarkerHttpServlet {
Map<String, Object> body = new HashMap<String, Object>();
String message = null;
String templateName = TEMPLATE_DEFAULT;
if( vreq.getParameter("clearcache") != null ) //mainly for debugging
clearGroupCache();
@ -94,22 +95,20 @@ public class BrowseController extends FreemarkerHttpServlet {
if (groups == null || groups.isEmpty()) {
message = "There are not yet any items in the system.";
}
else {
// FreeMarker will wrap vcgroups in a SimpleSequence. So do we want to create the SimpleSequence directly?
// But, makes code less portable to another system.
// SimpleSequence vcgroups = new SimpleSequence(groups.size());
else {
List<VClassGroupTemplateModel> vcgroups = new ArrayList<VClassGroupTemplateModel>(groups.size());
for (VClassGroup g: groups) {
vcgroups.add(new VClassGroupTemplateModel(g));
for (VClassGroup group : groups) {
vcgroups.add(new VClassGroupTemplateModel(group));
}
body.put("classGroups", vcgroups);
}
if (message != null) {
body.put("message", message);
templateName = Template.TITLED_MESSAGE.toString();
}
return new TemplateResponseValues(TEMPLATE_DEFAULT, body);
return new TemplateResponseValues(templateName, body);
}
public void destroy(){

3
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
View file

@ -58,8 +58,9 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
protected enum Template {
STANDARD_ERROR("error-standard.ftl"),
ERROR_MESSAGE("error-message.ftl"),
TITLED_ERROR_MESSAGE("error-titledMessage.ftl"),
TITLED_ERROR_MESSAGE("error-titled.ftl"),
MESSAGE("message.ftl"),
TITLED_MESSAGE("message-titled.ftl"),
PAGE_DEFAULT("page.ftl");
private final String filename;

68
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
View file

@ -2,10 +2,8 @@
package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Map.Entry;
@ -14,7 +12,6 @@ import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem;
@ -23,6 +20,7 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
import edu.cornell.mannlib.vitro.webapp.auth.AuthorizationHelper;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
@ -40,10 +38,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.ImageUploadHelper;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.ResponseValues;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorage;
import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorageSetup;
@ -51,7 +45,6 @@ import edu.cornell.mannlib.vitro.webapp.filestorage.model.FileInfo;
import edu.cornell.mannlib.vitro.webapp.filestorage.model.ImageInfo;
import edu.cornell.mannlib.vitro.webapp.filestorage.uploadrequest.FileUploadServletRequest;
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
import freemarker.template.Configuration;
/**
* Handle adding, replacing or deleting the main image on an Individual.
@ -636,62 +629,9 @@ public class ImageUploadController extends FreemarkerHttpServlet {
VitroVocabulary.IND_MAIN_IMAGE,
RequestActionConstants.SOME_LITERAL, null, null);
}
return checkAuthorizedForRequestedAction(vreq, ra);
}
private boolean checkAuthorizedForRequestedAction(VitroRequest vreq,
RequestedAction action) {
PolicyIface policy = getPolicies(vreq);
PolicyDecision dec = policy.isAuthorized(getIdentifiers(vreq), action);
if (dec != null && dec.getAuthorized() == Authorization.AUTHORIZED) {
log.debug("Authorized because self-editing.");
return true;
} else {
log.debug("Not Authorized even though self-editing: "
+ ((dec == null) ? "null" : dec.getMessage() + ", "
+ dec.getDebuggingInfo()));
return false;
}
}
/**
* Get the policy from the request, or from the servlet context.
*/
private PolicyIface getPolicies(VitroRequest vreq) {
ServletContext servletContext = vreq.getSession().getServletContext();
PolicyIface policy = RequestPolicyList.getPolicies(vreq);
if (isEmptyPolicy(policy)) {
policy = ServletPolicyList.getPolicies(servletContext);
if (isEmptyPolicy(policy)) {
log.error("No policy found in request at "
+ RequestPolicyList.POLICY_LIST);
policy = new PolicyList();
}
}
return policy;
}
/**
* Is there actually a policy here?
*/
private boolean isEmptyPolicy(PolicyIface policy) {
return policy == null
|| (policy instanceof PolicyList && ((PolicyList) policy)
.size() == 0);
}
private IdentifierBundle getIdentifiers(VitroRequest vreq) {
HttpSession session = vreq.getSession();
ServletContext context = session.getServletContext();
IdentifierBundle ids = ServletIdentifierBundleFactory
.getIdBundleForRequest(vreq, session, context);
if (ids == null) {
return new ArrayIdentifierBundle();
} else {
return ids;
}
AuthorizationHelper helper = new AuthorizationHelper(vreq);
return helper.isAuthorizedForRequestedAction(ra);
}
}

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/VClassTemplateModel.java
View file

@ -11,7 +11,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route;
public class VClassTemplateModel extends BaseTemplateModel {
private static final Log log = LogFactory.getLog(VClassTemplateModel.class.getName());
private static final Log log = LogFactory.getLog(VClassTemplateModel.class);
private static final String PATH = Route.INDIVIDUAL_LIST.path();
private VClass vclass;

25
webapp/web/templates/freemarker/body/classGroups.ftl
View file

@ -2,18 +2,13 @@
<#-- List class groups, and classes within each group. -->
<#if message??>
<p>${message}</p>
<#else>
<div class="siteMap">
<#list classGroups as classGroup>
<h2>${classGroup.publicName}</h2>
<ul>
<#list classGroup.classes as class>
<li><a href="${class.url}">${class.name}</a> (${class.individualCount})</li>
</#list>
</ul>
</#list>
</div>
</#if>
<div class="siteMap">
<#list classGroups as classGroup>
<h2>${classGroup.publicName}</h2>
<ul>
<#list classGroup.classes as class>
<li><a href="${class.url}">${class.name}</a> (${class.individualCount})</li>
</#list>
</ul>
</#list>
</div>

7
webapp/web/templates/freemarker/body/message/message-titled.ftl Normal file
View file

@ -0,0 +1,7 @@
<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
<#-- Standard template to display a message with a title generated from any controller. Keeps this out of individual templates. -->
<h2>${title}</h2>
<#include "message.ftl">

0
webapp/web/templates/freemarker/body/message.ftl → webapp/web/templates/freemarker/body/message/message.ftl
View file