diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 8293ecffb..5d7db69b5 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -16,6 +16,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; /** @@ -47,6 +48,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); } else if (whatToAuth instanceof UsePortalEditorPages) { result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); + } else if (whatToAuth instanceof UseTabEditorPages) { + result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); } else { result = defaultDecision("Unrecognized action"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseTabEditorPages.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseTabEditorPages.java new file mode 100644 index 000000000..31487a858 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseTabEditorPages.java @@ -0,0 +1,11 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to use the pages for editing tabs? */ +public class UseTabEditorPages extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java index f9ec5172f..dbf4f9530 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java @@ -22,6 +22,8 @@ import edu.cornell.mannlib.vedit.beans.EditProcessObject; import edu.cornell.mannlib.vedit.beans.FormObject; import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Tab; @@ -37,22 +39,14 @@ import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; import edu.cornell.mannlib.vitro.webapp.dao.VClassGroupDao; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; +@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabEditController extends BaseEditController { private static final Log log = LogFactory.getLog(TabEditController.class.getName()); private static final int NUM_COLS = 11; - public void doPost (HttpServletRequest request, HttpServletResponse response) { - - if (!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request,response); - } catch (Exception e) { - log.error("TabEditController caught exception calling doGet()"); - } - + @Override + public void doPost (HttpServletRequest request, HttpServletResponse response) { VitroRequest vreq = new VitroRequest(request); Portal portal = vreq.getPortal(); @@ -99,7 +93,7 @@ public class TabEditController extends BaseEditController { "subcollection", "collection", "secondary tab", "primary tab content", "primary tab"}; */ - HashMap tabTypes = new HashMap(); + HashMap tabTypes = new HashMap(); tabTypes.put(18,"subcollection category"); tabTypes.put(20,"subcollection"); tabTypes.put(22,"collection"); @@ -107,7 +101,7 @@ public class TabEditController extends BaseEditController { tabTypes.put(26,"primary tab content"); tabTypes.put(28,"primary tab"); - String tabtype = (String) tabTypes.get(t.getTabtypeId()); + String tabtype = tabTypes.get(t.getTabtypeId()); results.add(tabtype!=null ? tabtype : "unspecified"); results.add(t.getEntityLinkMethod()!=null ? t.getEntityLinkMethod() : "unspecified"); results.add(String.valueOf(t.getDisplayRank())); @@ -158,12 +152,10 @@ public class TabEditController extends BaseEditController { foo.getCheckboxLists().put("childTabs",childList); HashMap OptionMap = new HashMap(); - List classGroups = vcgDao.getPublicGroupsWithVClasses(true,false,false); // order by displayRank, include uninstantiated classes, don't get the counts of individuals - Iterator classGroupIt = classGroups.iterator(); + List classGroups = vcgDao.getPublicGroupsWithVClasses(true,false,false); // order by displayRank, include uninstantiated classes, don't get the counts of individuals ListOrderedMap optGroupMap = new ListOrderedMap(); - while (classGroupIt.hasNext()) { - VClassGroup group = (VClassGroup)classGroupIt.next(); - List classes = group.getVitroClassList(); + for (VClassGroup group : classGroups) { + List classes = group.getVitroClassList(); optGroupMap.put(group.getPublicName(),FormUtils.makeOptionListFromBeans(classes,"URI","Name",null,null,false)); } OptionMap.put("VClassURI", optGroupMap); @@ -174,7 +166,7 @@ public class TabEditController extends BaseEditController { List typeURIs = tDao.getTabAutoLinkedVClassURIs(tabId); Iterator typeURIt = typeURIs.iterator(); while (typeURIt.hasNext()) { - String typeURI = (String) typeURIt.next(); + String typeURI = typeURIt.next(); VClass type = vcDao.getVClassByURI(typeURI); if (type != null) { types.add(type); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java index 6e3fe849d..27fcb0473 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java @@ -9,18 +9,22 @@ import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.beans.EditProcessObject; import edu.cornell.mannlib.vedit.controller.BaseEditController; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Tab; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; +@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabHierarchyOperationController extends BaseEditController { - - public void doGet(HttpServletRequest request, HttpServletResponse response) { + @Override + public void doGet(HttpServletRequest request, HttpServletResponse response) { doPost(request, response); } - public void doPost(HttpServletRequest req, HttpServletResponse response) { + @Override + public void doPost(HttpServletRequest req, HttpServletResponse response) { VitroRequest request = new VitroRequest(req); String defaultLandingPage = getDefaultLandingPage(request); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java index 6967de270..c54b73059 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java @@ -21,12 +21,15 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.forwarder.PageForwarder; import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder; import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Tab; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; +@RequiresAuthorizationFor(UseTabEditorPages.class) public class TabRetryController extends BaseEditController { static final int[] tabtypeIds = {0,18,20,22,24,26,28}; @@ -35,18 +38,9 @@ public class TabRetryController extends BaseEditController { "primary tab content", "primary tab"}; private static final Log log = LogFactory.getLog(TabRetryController.class.getName()); - public void doPost (HttpServletRequest req, HttpServletResponse response) { - + @Override + public void doPost (HttpServletRequest req, HttpServletResponse response) { VitroRequest request = new VitroRequest(req); - - if (!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request,response); - } catch (Exception e) { - log.error("TabRetryController encountered exception calling super.doGet()"); - } //create an EditProcessObject for this and put it in the session EditProcessObject epo = super.createEpo(request); @@ -72,7 +66,7 @@ public class TabRetryController extends BaseEditController { int id = Integer.parseInt(request.getParameter("id")); if (id > 0) { try { - tabForEditing = (Tab)tDao.getTab(id); + tabForEditing = tDao.getTab(id); action = "update"; } catch (NullPointerException e) { log.error("Need to implement 'record not found' error message."); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java index 86a48a6b3..5c0566b9b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java @@ -18,31 +18,23 @@ import edu.cornell.mannlib.vedit.beans.FormObject; import edu.cornell.mannlib.vedit.beans.Option; import edu.cornell.mannlib.vedit.controller.BaseEditController; import edu.cornell.mannlib.vedit.util.FormUtils; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.beans.Tab; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; +@RequiresAuthorizationFor(UseTabEditorPages.class) public class Tabs2TabsRetryController extends BaseEditController { private static final Log log = LogFactory.getLog(Tabs2TabsRetryController.class.getName()); - public void doPost (HttpServletRequest req, HttpServletResponse response) { - + @Override + public void doPost (HttpServletRequest req, HttpServletResponse response) { VitroRequest request = new VitroRequest(req); - - if(!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request,response); - } catch (Exception e) { - log.error("Tabs2TabsRetryController encountered exception calling super.doGet()"); - } - - VitroRequest vreq = new VitroRequest(request); - Portal portal = vreq.getPortal(); + Portal portal = request.getPortal(); //create an EditProcessObject for this and put it in the session EditProcessObject epo = super.createEpo(request); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java index e9922d900..93a216083 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java @@ -6,7 +6,6 @@ import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import javax.servlet.RequestDispatcher; @@ -14,31 +13,25 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import edu.cornell.mannlib.vedit.controller.BaseEditController; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.Portal; -import edu.cornell.mannlib.vitro.webapp.beans.PropertyGroup; import edu.cornell.mannlib.vitro.webapp.beans.Tab; import edu.cornell.mannlib.vitro.webapp.controller.Controllers; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.dao.TabDao; +@RequiresAuthorizationFor(UseTabEditorPages.class) public class AllTabsForPortalListingController extends BaseEditController { private static final int NUM_COLS = 11; - public void doGet(HttpServletRequest request, HttpServletResponse response) { + @Override + public void doGet(HttpServletRequest request, HttpServletResponse response) { VitroRequest vrequest = new VitroRequest(request); Portal portal = vrequest.getPortal(); - if(!checkLoginStatus(request,response)) - return; - - try { - super.doGet(request, response); - } catch (Throwable t) { - t.printStackTrace(); - } - - HashMap types = new HashMap(); + HashMap types = new HashMap(); types.put(18,"subcollection category"); types.put(20,"subcollection"); types.put(22,"collection"); @@ -47,10 +40,10 @@ public class AllTabsForPortalListingController extends BaseEditController { types.put(28,"primary tab"); TabDao dao = vrequest.getFullWebappDaoFactory().getTabDao(); - List tabs = dao.getTabsForPortal(portal.getPortalId()); + List tabs = dao.getTabsForPortal(portal.getPortalId()); Collections.sort(tabs, new TabComparator()); - ArrayList results = new ArrayList(); + ArrayList results = new ArrayList(); results.add("XX"); results.add("title"); results.add("tab id"); @@ -66,16 +59,14 @@ public class AllTabsForPortalListingController extends BaseEditController { if (tabs != null) { - Iterator tabIt = tabs.iterator(); - while (tabIt.hasNext()) { - Tab tab = (Tab) tabIt.next(); + for (Tab tab : tabs) { results.add("XX"); if (tab.getTitle() != null) results.add(""+tab.getTitle()+""); else results.add(""); results.add(String.valueOf(tab.getTabId())); - String tabtype = (String) types.get(tab.getTabtypeId()); + String tabtype = types.get(tab.getTabtypeId()); results.add(tabtype!=null ? tabtype : "-"); //results.add(tab.getDescription()!=null ? tab.getDescription() : "-"); results.add(Integer.valueOf(tab.getDisplayRank()).toString()); @@ -107,10 +98,9 @@ public class AllTabsForPortalListingController extends BaseEditController { } - private class TabComparator implements Comparator { - public int compare (Object o1, Object o2) { - Tab tab1 = (Tab)o1; - Tab tab2 = (Tab)o2; + private class TabComparator implements Comparator { + @Override + public int compare (Tab tab1, Tab tab2) { if(tab1 == null && tab2 == null) return 0; int diff = tab1.getTabId() - tab2.getTabId(); // tab1.getDisplayRank() - tab2.getDisplayRank() if(diff == 0) diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index 78dc9b827..f7dfe5454 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; +import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.AllTabsForPortalListingController; import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.PortalsListingController; import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap; @@ -127,7 +128,9 @@ public class SiteAdminController extends FreemarkerHttpServlet { Map map = new HashMap(); Map urls = new HashMap(); - urls.put("tabs", urlBuilder.getPortalUrl("/listTabs")); + if (PolicyHelper.isAuthorizedForServlet(vreq, AllTabsForPortalListingController.class)) { + urls.put("tabs", urlBuilder.getPortalUrl("/listTabs")); + } if (PolicyHelper.isAuthorizedForServlet(vreq, UsersListingController.class)) { urls.put("users", urlBuilder.getPortalUrl("/listUsers")); diff --git a/webapp/web/templates/edit/specific/tabs2tabs_retry.jsp b/webapp/web/templates/edit/specific/tabs2tabs_retry.jsp index d748c39bc..b937f4e3e 100644 --- a/webapp/web/templates/edit/specific/tabs2tabs_retry.jsp +++ b/webapp/web/templates/edit/specific/tabs2tabs_retry.jsp @@ -2,6 +2,8 @@ <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> +<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %> +
diff --git a/webapp/web/templates/edit/specific/tabs_edit.jsp b/webapp/web/templates/edit/specific/tabs_edit.jsp index 5d4d439d1..6a535e1b3 100644 --- a/webapp/web/templates/edit/specific/tabs_edit.jsp +++ b/webapp/web/templates/edit/specific/tabs_edit.jsp @@ -2,6 +2,8 @@ <%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %> <%@ taglib prefix="form" uri="http://vitro.mannlib.cornell.edu/edit/tags" %> +<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %> +