litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 Restrict pages by UseTabEditorPages requested action.

Browse source
This commit is contained in:
j2blake 2011-04-19 16:30:46 +00:00
parent ff5c63151c
commit 78c3294102
10 changed files with 65 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

3
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
View file

@ -16,6 +16,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
/**
@ -47,6 +48,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof UsePortalEditorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else if (whatToAuth instanceof UseTabEditorPages) {
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
} else {
result = defaultDecision("Unrecognized action");
}

11
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseTabEditorPages.java Normal file
View file

@ -0,0 +1,11 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/** Should we allow the user to use the pages for editing tabs? */
public class UseTabEditorPages extends RequestedAction implements
UsePagesRequestedAction {
// no fields
}

30
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabEditController.java
View file

@ -22,6 +22,8 @@ import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.beans.FormObject;
import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.beans.Tab;
@ -37,22 +39,14 @@ import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
import edu.cornell.mannlib.vitro.webapp.dao.VClassGroupDao;
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
@RequiresAuthorizationFor(UseTabEditorPages.class)
public class TabEditController extends BaseEditController {
private static final Log log = LogFactory.getLog(TabEditController.class.getName());
private static final int NUM_COLS = 11;
public void doPost (HttpServletRequest request, HttpServletResponse response) {
if (!checkLoginStatus(request,response))
return;
try {
super.doGet(request,response);
} catch (Exception e) {
log.error("TabEditController caught exception calling doGet()");
}
@Override
public void doPost (HttpServletRequest request, HttpServletResponse response) {
VitroRequest vreq = new VitroRequest(request);
Portal portal = vreq.getPortal();
@ -99,7 +93,7 @@ public class TabEditController extends BaseEditController {
"subcollection", "collection", "secondary tab",
"primary tab content", "primary tab"};
*/
HashMap tabTypes = new HashMap();
HashMap<Integer, String> tabTypes = new HashMap<Integer, String>();
tabTypes.put(18,"subcollection category");
tabTypes.put(20,"subcollection");
tabTypes.put(22,"collection");
@ -107,7 +101,7 @@ public class TabEditController extends BaseEditController {
tabTypes.put(26,"primary tab content");
tabTypes.put(28,"primary tab");
String tabtype = (String) tabTypes.get(t.getTabtypeId());
String tabtype = tabTypes.get(t.getTabtypeId());
results.add(tabtype!=null ? tabtype : "unspecified");
results.add(t.getEntityLinkMethod()!=null ? t.getEntityLinkMethod() : "unspecified");
results.add(String.valueOf(t.getDisplayRank()));
@ -158,12 +152,10 @@ public class TabEditController extends BaseEditController {
foo.getCheckboxLists().put("childTabs",childList);
HashMap OptionMap = new HashMap();
List classGroups = vcgDao.getPublicGroupsWithVClasses(true,false,false); // order by displayRank, include uninstantiated classes, don't get the counts of individuals
Iterator classGroupIt = classGroups.iterator();
List<VClassGroup> classGroups = vcgDao.getPublicGroupsWithVClasses(true,false,false); // order by displayRank, include uninstantiated classes, don't get the counts of individuals
ListOrderedMap optGroupMap = new ListOrderedMap();
while (classGroupIt.hasNext()) {
VClassGroup group = (VClassGroup)classGroupIt.next();
List classes = group.getVitroClassList();
for (VClassGroup group : classGroups) {
List<VClass> classes = group.getVitroClassList();
optGroupMap.put(group.getPublicName(),FormUtils.makeOptionListFromBeans(classes,"URI","Name",null,null,false));
}
OptionMap.put("VClassURI", optGroupMap);
@ -174,7 +166,7 @@ public class TabEditController extends BaseEditController {
List<String> typeURIs = tDao.getTabAutoLinkedVClassURIs(tabId);
Iterator<String> typeURIt = typeURIs.iterator();
while (typeURIt.hasNext()) {
String typeURI = (String) typeURIt.next();
String typeURI = typeURIt.next();
VClass type = vcDao.getVClassByURI(typeURI);
if (type != null) {
types.add(type);

10
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabHierarchyOperationController.java
View file

@ -9,18 +9,22 @@ import javax.servlet.http.HttpServletResponse;
import edu.cornell.mannlib.vedit.beans.EditProcessObject;
import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Tab;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
@RequiresAuthorizationFor(UseTabEditorPages.class)
public class TabHierarchyOperationController extends BaseEditController {
public void doGet(HttpServletRequest request, HttpServletResponse response) {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) {
doPost(request, response);
}
public void doPost(HttpServletRequest req, HttpServletResponse response) {
@Override
public void doPost(HttpServletRequest req, HttpServletResponse response) {
VitroRequest request = new VitroRequest(req);
String defaultLandingPage = getDefaultLandingPage(request);

18
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/TabRetryController.java
View file

@ -21,12 +21,15 @@ import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vedit.forwarder.PageForwarder;
import edu.cornell.mannlib.vedit.forwarder.impl.UrlForwarder;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.beans.Tab;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
@RequiresAuthorizationFor(UseTabEditorPages.class)
public class TabRetryController extends BaseEditController {
static final int[] tabtypeIds = {0,18,20,22,24,26,28};
@ -35,18 +38,9 @@ public class TabRetryController extends BaseEditController {
"primary tab content", "primary tab"};
private static final Log log = LogFactory.getLog(TabRetryController.class.getName());
public void doPost (HttpServletRequest req, HttpServletResponse response) {
@Override
public void doPost (HttpServletRequest req, HttpServletResponse response) {
VitroRequest request = new VitroRequest(req);
if (!checkLoginStatus(request,response))
return;
try {
super.doGet(request,response);
} catch (Exception e) {
log.error("TabRetryController encountered exception calling super.doGet()");
}
//create an EditProcessObject for this and put it in the session
EditProcessObject epo = super.createEpo(request);
@ -72,7 +66,7 @@ public class TabRetryController extends BaseEditController {
int id = Integer.parseInt(request.getParameter("id"));
if (id > 0) {
try {
tabForEditing = (Tab)tDao.getTab(id);
tabForEditing = tDao.getTab(id);
action = "update";
} catch (NullPointerException e) {
log.error("Need to implement 'record not found' error message.");

20
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/Tabs2TabsRetryController.java
View file

@ -18,31 +18,23 @@ import edu.cornell.mannlib.vedit.beans.FormObject;
import edu.cornell.mannlib.vedit.beans.Option;
import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vedit.util.FormUtils;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.beans.Tab;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
@RequiresAuthorizationFor(UseTabEditorPages.class)
public class Tabs2TabsRetryController extends BaseEditController {
private static final Log log = LogFactory.getLog(Tabs2TabsRetryController.class.getName());
public void doPost (HttpServletRequest req, HttpServletResponse response) {
@Override
public void doPost (HttpServletRequest req, HttpServletResponse response) {
VitroRequest request = new VitroRequest(req);
if(!checkLoginStatus(request,response))
return;
try {
super.doGet(request,response);
} catch (Exception e) {
log.error("Tabs2TabsRetryController encountered exception calling super.doGet()");
}
VitroRequest vreq = new VitroRequest(request);
Portal portal = vreq.getPortal();
Portal portal = request.getPortal();
//create an EditProcessObject for this and put it in the session
EditProcessObject epo = super.createEpo(request);

36
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java
View file

@ -6,7 +6,6 @@ import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.servlet.RequestDispatcher;
@ -14,31 +13,25 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import edu.cornell.mannlib.vedit.controller.BaseEditController;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.Portal;
import edu.cornell.mannlib.vitro.webapp.beans.PropertyGroup;
import edu.cornell.mannlib.vitro.webapp.beans.Tab;
import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
@RequiresAuthorizationFor(UseTabEditorPages.class)
public class AllTabsForPortalListingController extends BaseEditController {
private static final int NUM_COLS = 11;
public void doGet(HttpServletRequest request, HttpServletResponse response) {
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response) {
VitroRequest vrequest = new VitroRequest(request);
Portal portal = vrequest.getPortal();
if(!checkLoginStatus(request,response))
return;
try {
super.doGet(request, response);
} catch (Throwable t) {
t.printStackTrace();
}
HashMap types = new HashMap();
HashMap<Integer, String> types = new HashMap<Integer, String>();
types.put(18,"subcollection category");
types.put(20,"subcollection");
types.put(22,"collection");
@ -47,10 +40,10 @@ public class AllTabsForPortalListingController extends BaseEditController {
types.put(28,"primary tab");
TabDao dao = vrequest.getFullWebappDaoFactory().getTabDao();
List tabs = dao.getTabsForPortal(portal.getPortalId());
List<Tab> tabs = dao.getTabsForPortal(portal.getPortalId());
Collections.sort(tabs, new TabComparator());
ArrayList results = new ArrayList();
ArrayList<String> results = new ArrayList<String>();
results.add("XX");
results.add("title");
results.add("tab id");
@ -66,16 +59,14 @@ public class AllTabsForPortalListingController extends BaseEditController {
if (tabs != null) {
Iterator tabIt = tabs.iterator();
while (tabIt.hasNext()) {
Tab tab = (Tab) tabIt.next();
for (Tab tab : tabs) {
results.add("XX");
if (tab.getTitle() != null)
results.add("<a href=\"./tabEdit?id="+tab.getTabId()+"&amp;home="+portal.getPortalId()+"\">"+tab.getTitle()+"</a>");
else
results.add("");
results.add(String.valueOf(tab.getTabId()));
String tabtype = (String) types.get(tab.getTabtypeId());
String tabtype = types.get(tab.getTabtypeId());
results.add(tabtype!=null ? tabtype : "-");
//results.add(tab.getDescription()!=null ? tab.getDescription() : "-");
results.add(Integer.valueOf(tab.getDisplayRank()).toString());
@ -107,10 +98,9 @@ public class AllTabsForPortalListingController extends BaseEditController {
}
private class TabComparator implements Comparator {
public int compare (Object o1, Object o2) {
Tab tab1 = (Tab)o1;
Tab tab2 = (Tab)o2;
private class TabComparator implements Comparator<Tab> {
@Override
public int compare (Tab tab1, Tab tab2) {
if(tab1 == null && tab2 == null) return 0;
int diff = tab1.getTabId() - tab2.getTabId(); // tab1.getDisplayRank() - tab2.getDisplayRank()
if(diff == 0)

5
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java
View file

@ -20,6 +20,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvance
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.AllTabsForPortalListingController;
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.PortalsListingController;
import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.UsersListingController;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.ParamMap;
@ -127,7 +128,9 @@ public class SiteAdminController extends FreemarkerHttpServlet {
Map<String, Object> map = new HashMap<String, Object>();
Map<String, String> urls = new HashMap<String, String>();
urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
if (PolicyHelper.isAuthorizedForServlet(vreq, AllTabsForPortalListingController.class)) {
urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
}
if (PolicyHelper.isAuthorizedForServlet(vreq, UsersListingController.class)) {
urls.put("users", urlBuilder.getPortalUrl("/listUsers"));