litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 Restrict verbose property information by Policy instead of by login level.

Browse source
This commit is contained in:
j2blake 2011-05-09 21:20:02 +00:00
parent 99bf50e075
commit 73e0916a04
4 changed files with 20 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
View file

@ -22,6 +22,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.ManageUser
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeSiteAdminPage; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeSiteAdminPage;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeVerbosePropertyInformation;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
@ -74,6 +75,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
} else if (whatToAuth instanceof EditSiteInformation) { } else if (whatToAuth instanceof EditSiteInformation) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof SeeVerbosePropertyInformation) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof UseMiscellaneousCuratorPages) { } else if (whatToAuth instanceof UseMiscellaneousCuratorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);

10
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeVerbosePropertyInformation.java Normal file
View file

@ -0,0 +1,10 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/** Should we allow the user to see verbose property information? */
public class SeeVerbosePropertyInformation extends RequestedAction {
// no fields
}

7
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/IndividualController.java
View file

@ -29,7 +29,8 @@ import com.hp.hpl.jena.shared.Lock;
import com.hp.hpl.jena.vocabulary.RDF; import com.hp.hpl.jena.vocabulary.RDF;
import com.hp.hpl.jena.vocabulary.RDFS; import com.hp.hpl.jena.vocabulary.RDFS;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeVerbosePropertyInformation;
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
@ -154,9 +155,7 @@ public class IndividualController extends FreemarkerHttpServlet {
Map<String, Object> map = null; Map<String, Object> map = null;
LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); if (PolicyHelper.isAuthorizedForActions(vreq, new SeeVerbosePropertyInformation())) {
if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
// Get current verbose property display value // Get current verbose property display value
String verbose = vreq.getParameter("verbose"); String verbose = vreq.getParameter("verbose");
Boolean verboseValue; Boolean verboseValue;

6
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/PropertyTemplateModel.java
View file

@ -8,7 +8,8 @@ import java.util.Map;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeVerbosePropertyInformation;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.Property; import edu.cornell.mannlib.vitro.webapp.beans.Property;
@ -57,8 +58,7 @@ public abstract class PropertyTemplateModel extends BaseTemplateModel {
return; return;
} }
LoginStatusBean loginStatusBean = LoginStatusBean.getBean(vreq); if (!PolicyHelper.isAuthorizedForActions(vreq, new SeeVerbosePropertyInformation())) {
if (! loginStatusBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
return; return;
} }