NIHVIVO-1944 If user is logged in, but not at a sufficient level, show the "insufficient authorization" message.

webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmLoginStatus.java

@@ -2,8 +2,6 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.jsptags;
 
-import java.io.IOException;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.jsp.JspException;
@@ -73,7 +71,8 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 		LogoutRedirector.recordRestrictedPageUri(getRequest());
 
 		LoginStatusBean loginBean = LoginStatusBean.getBean(getRequest());
-		boolean isLoggedIn = loginBean.isLoggedInAtLeast(level);
+		boolean isLoggedIn = loginBean.isLoggedIn();
+		boolean isSufficient = loginBean.isLoggedInAtLeast(level);
 
 		boolean isSelfEditing = VitroRequestPrep.isSelfEditing(getRequest());
 
@@ -81,9 +80,12 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 				+ ", requiredLevel=" + level + ", selfEditingAllowed="
 				+ allowSelfEditing + ", isSelfEditing=" + isSelfEditing);
 
-		if (isLoggedIn || (allowSelfEditing && isSelfEditing)) {
+		if (isSufficient || (allowSelfEditing && isSelfEditing)) {
 			log.debug("Login status confirmed.");
 			return setBeanAndReturn(loginBean);
+		} else if (isLoggedIn) {
+			log.debug("Logged in, but not sufficient.");
+			return showInsufficientAuthorizationMessage();
 		} else {
 			log.debug("Login status not confirmed.");
 			return redirectAndSkipPage();
@@ -98,6 +100,12 @@ public class ConfirmLoginStatus extends BodyTagSupport {
 		return EVAL_PAGE;
 	}
 
+	private int showInsufficientAuthorizationMessage() {
+		VitroHttpServlet.redirectToInsufficientAuthorizationPage(getRequest(),
+				getResponse());
+		return SKIP_PAGE;
+	}
+
 	private int redirectAndSkipPage() throws JspException {
 		VitroHttpServlet.redirectToLoginPage(getRequest(), getResponse());
 		return SKIP_PAGE;