From 74b425171a2866f3499400859435abde6835d542 Mon Sep 17 00:00:00 2001
From: j2blake <j2blake@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Wed, 13 Jul 2011 14:48:42 +0000
Subject: [PATCH] NIHVIVO-2885 Only show the My Account link if the user is
 authorized to edit her account.

---
 .../controller/freemarker/FreemarkerHttpServlet.java       | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
index 91494235f..da376a3fb 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
@@ -18,7 +18,9 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOwnAccount;
 import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
 import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
 import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean;
@@ -261,7 +263,6 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         urls.put("termsOfUse", UrlBuilder.getUrl(Route.TERMS_OF_USE));  
         urls.put("login", UrlBuilder.getLoginUrl());          
         urls.put("logout", UrlBuilder.getLogoutUrl());       
-        urls.put("myAccount", UrlBuilder.getUrl("/accounts/myAccount"));       
         urls.put("siteAdmin", UrlBuilder.getUrl(Route.SITE_ADMIN));  
         urls.put("themeImages", UrlBuilder.getUrl(themeDir + "/images"));
         urls.put("images", UrlBuilder.getUrl("/images"));
@@ -269,6 +270,10 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         urls.put("index", UrlBuilder.getUrl("/browse"));   
         urls.put("currentPage", getCurrentPageUrl(vreq));
         
+		if (PolicyHelper.isAuthorizedForActions(vreq, new EditOwnAccount())) {
+			urls.put("myAccount", UrlBuilder.getUrl("/accounts/myAccount"));
+		}
+        
         return urls;
     }