diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java index 625e48a80..df3e801da 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java @@ -2,7 +2,7 @@ package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; /** @@ -31,6 +31,6 @@ public interface RequiresActions { * @return Should not be null. Return Actions.AUTHORIZED * if no authorization is required to do use the object. */ - public Actions requiredActions(VitroRequest vreq) ; + public AuthorizationRequest requiredActions(VitroRequest vreq) ; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java index 932643b09..e3cb914a8 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java @@ -110,18 +110,6 @@ public class VitroHttpServlet extends HttpServlet implements MultipartRequestWra doGet(request, response); } - /** - * Don't display a page that the user isn't authorized to see. - * - * @param actions - * the RequestedActions that must be authorized. - */ - protected boolean isAuthorizedToDisplayPage(HttpServletRequest request, - HttpServletResponse response, AuthorizationRequest... actions) { - return isAuthorizedToDisplayPage(request, response, - AuthorizationRequest.and(actions)); - } - /** * Don't display a page that the user isn't authorized to see. * diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java index 54fa8bbac..f772537c7 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java @@ -3,7 +3,9 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker; -import java.util.ArrayList; +import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED; +import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED; + import java.util.HashMap; import java.util.List; import java.util.Map; @@ -18,8 +20,7 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequiresActions; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -51,72 +52,49 @@ public class PageController extends FreemarkerHttpServlet{ * AND them together. */ @Override - protected Actions requiredActions(VitroRequest vreq) { + protected AuthorizationRequest requiredActions(VitroRequest vreq) { try { - Actions pageActs = getActionsForPage( vreq ); - Actions dgActs = getActionsForDataGetters( vreq ); - - if( pageActs == null && dgActs == null){ - return Actions.AUTHORIZED; - }else if( pageActs == null ){ - return dgActs; - }else if( dgActs == null ){ - return pageActs; - }else{ - return pageActs.and(dgActs); - } - + return AUTHORIZED.and(getActionsForPage(vreq)).and( + getActionsForDataGetters(vreq)); } catch (Exception e) { log.warn(e); - return Actions.UNAUTHORIZED; + return UNAUTHORIZED; } } /** * Get all the required actions directly required for the page. */ - private Actions getActionsForPage( VitroRequest vreq ) throws Exception{ + private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{ List simplePremUris = vreq.getWebappDaoFactory().getPageDao() .getRequiredActions( getPageUri(vreq) ); - - List actions = new ArrayList(); - + + AuthorizationRequest auth = AUTHORIZED; for( String uri : simplePremUris ){ - actions.add( new SimpleRequestedAction(uri) ); + auth = auth.and( new SimpleRequestedAction(uri) ); } - - return new Actions( actions ); + return auth; } + /** * Get Actions object for the data getters for the page. */ - private Actions getActionsForDataGetters(VitroRequest vreq ){ + private AuthorizationRequest getActionsForDataGetters(VitroRequest vreq ){ try { - Actions dgActs = null; - List dgList = DataGetterUtils.getDataGettersForPage( vreq, vreq.getDisplayModel(), getPageUri(vreq)); + AuthorizationRequest auth = AUTHORIZED; for( DataGetter dg : dgList){ if( dg instanceof RequiresActions ){ - RequiresActions ra = (RequiresActions) dg; - Actions newActions = ra.requiredActions(vreq); - if( newActions != null ){ - if( dgActs != null ){ - dgActs = dgActs.and( newActions ); - }else{ - dgActs = newActions; - } - } + auth = auth.and(((RequiresActions) dg).requiredActions(vreq)); } } - - return dgActs; + return auth; } catch (Exception e) { - // TODO Auto-generated catch block log.debug(e); - return Actions.UNAUTHORIZED; + return UNAUTHORIZED; } } @@ -181,7 +159,7 @@ public class PageController extends FreemarkerHttpServlet{ //Add editing link for page if authorized Map pageMap = (Map) mapForTemplate.get("page"); - if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTIONS) ){ + if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTION) ){ String editPageUrl = UrlBuilder.getIndividualProfileUrl(pageUri, vreq); editPageUrl = UrlBuilder.addParams(editPageUrl, DisplayVocabulary.SWITCH_TO_DISPLAY_MODEL , "1"); pageMap.put("URLToEditPage", editPageUrl); @@ -235,10 +213,6 @@ public class PageController extends FreemarkerHttpServlet{ * @throws Exception */ private String getPageUri(VitroRequest vreq) throws Exception { - // get URL without hostname or servlet context - //bdc34: why are we getting this? - String url = vreq.getRequestURI().substring(vreq.getContextPath().length()); - // Check if there is a page URI in the request. // This would have been added by a servlet Filter. String pageURI = (String) vreq.getAttribute("pageURI"); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java index e0352183e..1adffa441 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java @@ -2,11 +2,7 @@ package edu.cornell.mannlib.vitro.webapp.web.jsptags; -import java.util.Arrays; -import java.util.HashSet; -import java.util.Iterator; -import java.util.List; -import java.util.Set; +import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -18,6 +14,7 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction; import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet; @@ -51,38 +48,34 @@ public class ConfirmAuthorization extends BodyTagSupport { * authorized for the actions it contains. */ private boolean isAuthorized() { - Set actionSet = getActionsFromRequestAttribute(); - return PolicyHelper.isAuthorizedForActions(getRequest(), actionSet); + return PolicyHelper.isAuthorizedForActions(getRequest(), + getActionsFromRequestAttribute()); } /** * The attribute may be either a single RequestedAction or an array of - * RequestedActions. It may also be empty, but in that case why call this - * tag? - * + * RequestedActions. + * * When we are done, clear the attribute, so any included or forwarded page * will not see it. */ - private Set getActionsFromRequestAttribute() { - Set actionSet = new HashSet(); + private AuthorizationRequest getActionsFromRequestAttribute() { Object attribute = getRequest().getAttribute("requestedActions"); getRequest().removeAttribute("requestedActions"); if (attribute == null) { - log.warn(" was called, but nothing " - + "was found at request.getAttribute(\"requestedActions\")"); + return AUTHORIZED; } else if (attribute instanceof RequestedAction) { RequestedAction ra = (RequestedAction) attribute; log.debug("requested action was " + ra.getClass().getSimpleName()); - actionSet.add(ra); + return ra; } else if (attribute instanceof RequestedAction[]) { - RequestedAction[] array = (RequestedAction[]) attribute; - List raList = Arrays.asList(array); - if (log.isDebugEnabled()) { - log.debug("requested actions were " - + formatRequestedActions(raList)); + AuthorizationRequest auth = AUTHORIZED; + for (RequestedAction ra : (RequestedAction[]) attribute) { + auth = auth.and(ra); } - actionSet.addAll(raList); + log.debug("requested actions were " + auth); + return auth; } else { throw new IllegalStateException( "Expected request.getAttribute(\"requestedActions\") " @@ -90,20 +83,6 @@ public class ConfirmAuthorization extends BodyTagSupport { + "RequestedAction[], but found " + attribute.getClass().getCanonicalName()); } - - return actionSet; - } - - private String formatRequestedActions(List raList) { - StringBuffer buff = new StringBuffer(); - for (Iterator it = raList.iterator(); it.hasNext();) { - buff.append("'").append(it.next().getClass().getSimpleName()) - .append("'"); - if (it.hasNext()) { - buff.append(", "); - } - } - return buff.toString(); } private boolean isLoggedIn() { diff --git a/webapp/web/templates/edit/specific/ents_edit.jsp b/webapp/web/templates/edit/specific/ents_edit.jsp index 6289a03f9..323d3678c 100644 --- a/webapp/web/templates/edit/specific/ents_edit.jsp +++ b/webapp/web/templates/edit/specific/ents_edit.jsp @@ -12,7 +12,7 @@ <%@page import="edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission" %> <% - if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTIONS)) { + if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTION)) { request.setAttribute("isEditor", Boolean.TRUE); } %>