litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-1150 Refactor ImageUploadController authorization-related methods to a separate AuthorizationHelper class so they can be used by other pages too.

Browse source 
Move message in classGroups template to separate template.
This commit is contained in:
rjy7 2010-09-20 16:19:04 +00:00
parent c0a8d603ed
commit 676d22b3e5
8 changed files with 126 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

96
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/AuthorizationHelper.java Normal file
View file

@ -0,0 +1,96 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.RequestPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ServletPolicyList;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.DropObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.EditObjPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.ImageUploadController;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
public class AuthorizationHelper {
private static final Log log = LogFactory.getLog(AuthorizationHelper.class);
private VitroRequest vreq;
public AuthorizationHelper(VitroRequest vreq) {
this.vreq = vreq;
}
public boolean isAuthorizedForRequestedAction(RequestedAction action) {
PolicyIface policy = getPolicies();
PolicyDecision dec = policy.isAuthorized(getIdentifiers(), action);
if (dec != null && dec.getAuthorized() == Authorization.AUTHORIZED) {
log.debug("Authorized because self-editing.");
return true;
} else {
log.debug("Not Authorized even though self-editing: "
+ ((dec == null) ? "null" : dec.getMessage() + ", "
+ dec.getDebuggingInfo()));
return false;
}
}
/**
* Get the policy from the request, or from the servlet context.
*/
private PolicyIface getPolicies() {
ServletContext servletContext = vreq.getSession().getServletContext();
PolicyIface policy = RequestPolicyList.getPolicies(vreq);
if (isEmptyPolicy(policy)) {
policy = ServletPolicyList.getPolicies(servletContext);
if (isEmptyPolicy(policy)) {
log.error("No policy found in request at "
+ RequestPolicyList.POLICY_LIST);
policy = new PolicyList();
}
}
return policy;
}
/**
* Is there actually a policy here?
*/
private boolean isEmptyPolicy(PolicyIface policy) {
return policy == null
|| (policy instanceof PolicyList && ((PolicyList) policy)
.size() == 0);
}
private IdentifierBundle getIdentifiers() {
HttpSession session = vreq.getSession();
ServletContext context = session.getServletContext();
IdentifierBundle ids = ServletIdentifierBundleFactory
.getIdBundleForRequest(vreq, session, context);
if (ids == null) {
return new ArrayIdentifierBundle();
} else {
return ids;
}
}
}

11
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BrowseController.java
View file

@ -83,6 +83,7 @@ public class BrowseController extends FreemarkerHttpServlet {
Map<String, Object> body = new HashMap<String, Object>(); Map<String, Object> body = new HashMap<String, Object>();
String message = null; String message = null;
String templateName = TEMPLATE_DEFAULT;
if( vreq.getParameter("clearcache") != null ) //mainly for debugging if( vreq.getParameter("clearcache") != null ) //mainly for debugging
clearGroupCache(); clearGroupCache();
@ -95,21 +96,19 @@ public class BrowseController extends FreemarkerHttpServlet {
message = "There are not yet any items in the system."; message = "There are not yet any items in the system.";
} }
else { else {
// FreeMarker will wrap vcgroups in a SimpleSequence. So do we want to create the SimpleSequence directly?
// But, makes code less portable to another system.
// SimpleSequence vcgroups = new SimpleSequence(groups.size());
List<VClassGroupTemplateModel> vcgroups = new ArrayList<VClassGroupTemplateModel>(groups.size()); List<VClassGroupTemplateModel> vcgroups = new ArrayList<VClassGroupTemplateModel>(groups.size());
for (VClassGroup g: groups) { for (VClassGroup group : groups) {
vcgroups.add(new VClassGroupTemplateModel(g)); vcgroups.add(new VClassGroupTemplateModel(group));
} }
body.put("classGroups", vcgroups); body.put("classGroups", vcgroups);
} }
if (message != null) { if (message != null) {
body.put("message", message); body.put("message", message);
templateName = Template.TITLED_MESSAGE.toString();
} }
return new TemplateResponseValues(TEMPLATE_DEFAULT, body); return new TemplateResponseValues(templateName, body);
} }
public void destroy(){ public void destroy(){

3
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
View file

@ -58,8 +58,9 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
protected enum Template { protected enum Template {
STANDARD_ERROR("error-standard.ftl"), STANDARD_ERROR("error-standard.ftl"),
ERROR_MESSAGE("error-message.ftl"), ERROR_MESSAGE("error-message.ftl"),
TITLED_ERROR_MESSAGE("error-titledMessage.ftl"), TITLED_ERROR_MESSAGE("error-titled.ftl"),
MESSAGE("message.ftl"), MESSAGE("message.ftl"),
TITLED_MESSAGE("message-titled.ftl"),
PAGE_DEFAULT("page.ftl"); PAGE_DEFAULT("page.ftl");
private final String filename; private final String filename;

66
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java
View file

@ -2,10 +2,8 @@
package edu.cornell.mannlib.vitro.webapp.controller.freemarker; package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
import java.io.IOException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.Map.Entry; import java.util.Map.Entry;
@ -14,7 +12,6 @@ import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.UnavailableException; import javax.servlet.UnavailableException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileItem;
@ -23,6 +20,7 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginFormBean; import edu.cornell.mannlib.vedit.beans.LoginFormBean;
import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties; import edu.cornell.mannlib.vitro.webapp.ConfigurationProperties;
import edu.cornell.mannlib.vitro.webapp.auth.AuthorizationHelper;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.ArrayIdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle;
import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory; import edu.cornell.mannlib.vitro.webapp.auth.identifier.ServletIdentifierBundleFactory;
@ -40,10 +38,6 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.ImageUploadHelper;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet.ResponseValues;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorage; import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorage;
import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorageSetup; import edu.cornell.mannlib.vitro.webapp.filestorage.backend.FileStorageSetup;
@ -51,7 +45,6 @@ import edu.cornell.mannlib.vitro.webapp.filestorage.model.FileInfo;
import edu.cornell.mannlib.vitro.webapp.filestorage.model.ImageInfo; import edu.cornell.mannlib.vitro.webapp.filestorage.model.ImageInfo;
import edu.cornell.mannlib.vitro.webapp.filestorage.uploadrequest.FileUploadServletRequest; import edu.cornell.mannlib.vitro.webapp.filestorage.uploadrequest.FileUploadServletRequest;
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep; import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
import freemarker.template.Configuration;
/** /**
* Handle adding, replacing or deleting the main image on an Individual. * Handle adding, replacing or deleting the main image on an Individual.
@ -636,62 +629,9 @@ public class ImageUploadController extends FreemarkerHttpServlet {
VitroVocabulary.IND_MAIN_IMAGE, VitroVocabulary.IND_MAIN_IMAGE,
RequestActionConstants.SOME_LITERAL, null, null); RequestActionConstants.SOME_LITERAL, null, null);
} }
return checkAuthorizedForRequestedAction(vreq, ra);
}
private boolean checkAuthorizedForRequestedAction(VitroRequest vreq, AuthorizationHelper helper = new AuthorizationHelper(vreq);
RequestedAction action) { return helper.isAuthorizedForRequestedAction(ra);
PolicyIface policy = getPolicies(vreq);
PolicyDecision dec = policy.isAuthorized(getIdentifiers(vreq), action);
if (dec != null && dec.getAuthorized() == Authorization.AUTHORIZED) {
log.debug("Authorized because self-editing.");
return true;
} else {
log.debug("Not Authorized even though self-editing: "
+ ((dec == null) ? "null" : dec.getMessage() + ", "
+ dec.getDebuggingInfo()));
return false;
}
}
/**
* Get the policy from the request, or from the servlet context.
*/
private PolicyIface getPolicies(VitroRequest vreq) {
ServletContext servletContext = vreq.getSession().getServletContext();
PolicyIface policy = RequestPolicyList.getPolicies(vreq);
if (isEmptyPolicy(policy)) {
policy = ServletPolicyList.getPolicies(servletContext);
if (isEmptyPolicy(policy)) {
log.error("No policy found in request at "
+ RequestPolicyList.POLICY_LIST);
policy = new PolicyList();
}
}
return policy;
}
/**
* Is there actually a policy here?
*/
private boolean isEmptyPolicy(PolicyIface policy) {
return policy == null
|| (policy instanceof PolicyList && ((PolicyList) policy)
.size() == 0);
}
private IdentifierBundle getIdentifiers(VitroRequest vreq) {
HttpSession session = vreq.getSession();
ServletContext context = session.getServletContext();
IdentifierBundle ids = ServletIdentifierBundleFactory
.getIdBundleForRequest(vreq, session, context);
if (ids == null) {
return new ArrayIdentifierBundle();
} else {
return ids;
}
} }
} }

2
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/VClassTemplateModel.java
View file

@ -11,7 +11,7 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route;
public class VClassTemplateModel extends BaseTemplateModel { public class VClassTemplateModel extends BaseTemplateModel {
private static final Log log = LogFactory.getLog(VClassTemplateModel.class.getName()); private static final Log log = LogFactory.getLog(VClassTemplateModel.class);
private static final String PATH = Route.INDIVIDUAL_LIST.path(); private static final String PATH = Route.INDIVIDUAL_LIST.path();
private VClass vclass; private VClass vclass;

25
webapp/web/templates/freemarker/body/classGroups.ftl
View file

@ -2,18 +2,13 @@
<#-- List class groups, and classes within each group. --> <#-- List class groups, and classes within each group. -->
<#if message??> <div class="siteMap">
<p>${message}</p> <#list classGroups as classGroup>
<#else> <h2>${classGroup.publicName}</h2>
<div class="siteMap"> <ul>
<#list classGroups as classGroup> <#list classGroup.classes as class>
<h2>${classGroup.publicName}</h2> <li><a href="${class.url}">${class.name}</a> (${class.individualCount})</li>
<ul> </#list>
<#list classGroup.classes as class> </ul>
<li><a href="${class.url}">${class.name}</a> (${class.individualCount})</li> </#list>
</div>
</#list>
</ul>
</#list>
</div>
</#if>

7
webapp/web/templates/freemarker/body/message/message-titled.ftl Normal file
View file

@ -0,0 +1,7 @@
<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
<#-- Standard template to display a message with a title generated from any controller. Keeps this out of individual templates. -->
<h2>${title}</h2>
<#include "message.ftl">

0
webapp/web/templates/freemarker/body/message.ftl → webapp/web/templates/freemarker/body/message/message.ftl
View file