From 7075521489add5172a112e72d46b4fe07190f230 Mon Sep 17 00:00:00 2001
From: jeb228 <jeb228@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Fri, 28 Jan 2011 16:53:28 +0000
Subject: [PATCH] NIHVIVO-1944 If user is logged in, but not at a sufficient
 level, show the "insufficient authorization" message.

---
 .../webapp/web/jsptags/ConfirmLoginStatus.java   | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java
index 4b548fd39..699ff3fc0 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java
@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.jsptags;
 
-import java.io.IOException;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.jsp.JspException;
@@ -73,7 +71,8 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 		LogoutRedirector.recordRestrictedPageUri(getRequest());
 
 		LoginStatusBean loginBean = LoginStatusBean.getBean(getRequest());
-		boolean isLoggedIn = loginBean.isLoggedInAtLeast(level);
+		boolean isLoggedIn = loginBean.isLoggedIn();
+		boolean isSufficient = loginBean.isLoggedInAtLeast(level);
 
 		boolean isSelfEditing = VitroRequestPrep.isSelfEditing(getRequest());
 
@@ -81,9 +80,12 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 				+ ", requiredLevel=" + level + ", selfEditingAllowed="
 				+ allowSelfEditing + ", isSelfEditing=" + isSelfEditing);
 
-		if (isLoggedIn || (allowSelfEditing && isSelfEditing)) {
+		if (isSufficient || (allowSelfEditing && isSelfEditing)) {
 			log.debug("Login status confirmed.");
 			return setBeanAndReturn(loginBean);
+		} else if (isLoggedIn) {
+			log.debug("Logged in, but not sufficient.");
+			return showInsufficientAuthorizationMessage();
 		} else {
 			log.debug("Login status not confirmed.");
 			return redirectAndSkipPage();
@@ -98,6 +100,12 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 		return EVAL_PAGE;
 	}
 
+	private int showInsufficientAuthorizationMessage() {
+		VitroHttpServlet.redirectToInsufficientAuthorizationPage(getRequest(),
+				getResponse());
+		return SKIP_PAGE;
+	}
+
 	private int redirectAndSkipPage() throws JspException {
 		VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse());
 		return SKIP_PAGE;