VIVO-761 Take advantage of the changes to simplify some logic.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java

@@ -2,7 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
 
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 
 /**
@@ -31,6 +31,6 @@ public interface RequiresActions {
      * @return Should not be null. Return Actions.AUTHORIZED
      * if no authorization is required to do use the object.
      */
-    public Actions requiredActions(VitroRequest vreq) ;
+    public AuthorizationRequest requiredActions(VitroRequest vreq) ;
     
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java

@@ -110,18 +110,6 @@ public class VitroHttpServlet extends HttpServlet implements MultipartRequestWra
 		doGet(request, response);
 	}
 
-	/**
-	 * Don't display a page that the user isn't authorized to see.
-	 * 
-	 * @param actions
-	 *            the RequestedActions that must be authorized.
-	 */
-	protected boolean isAuthorizedToDisplayPage(HttpServletRequest request,
-			HttpServletResponse response, AuthorizationRequest... actions) {
-		return isAuthorizedToDisplayPage(request, response,
-				AuthorizationRequest.and(actions));
-	}
-
 	/**
 	 * Don't display a page that the user isn't authorized to see.
 	 * 

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java

@@ -3,7 +3,9 @@
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 
 
-import java.util.ArrayList;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
+
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@@ -18,8 +20,7 @@ import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequiresActions;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -51,72 +52,49 @@ public class PageController extends FreemarkerHttpServlet{
      * AND them together.
      */
     @Override
-    protected Actions requiredActions(VitroRequest vreq) {
+    protected AuthorizationRequest requiredActions(VitroRequest vreq) {
         try {
-            Actions pageActs = getActionsForPage( vreq );
+			return AUTHORIZED.and(getActionsForPage(vreq)).and(
-            Actions dgActs = getActionsForDataGetters( vreq );
+					getActionsForDataGetters(vreq));
-
-            if( pageActs == null && dgActs == null){
-                return Actions.AUTHORIZED;
-            }else if( pageActs == null ){
-                return dgActs;
-            }else if( dgActs == null ){
-            	return pageActs;
-            }else{
-                return pageActs.and(dgActs);
-            }                
-            
         } catch (Exception e) {
             log.warn(e);
-            return Actions.UNAUTHORIZED;
+            return UNAUTHORIZED;
         }                
     }
 
     /**
      * Get all the required actions directly required for the page.
      */
-    private Actions getActionsForPage( VitroRequest vreq ) throws Exception{
+    private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{
         List<String> simplePremUris = vreq.getWebappDaoFactory().getPageDao()
             .getRequiredActions( getPageUri(vreq) );
 
-        List<RequestedAction> actions = new ArrayList<RequestedAction>();
+        AuthorizationRequest auth = AUTHORIZED;
-        
         for( String uri : simplePremUris ){
-            actions.add( new SimpleRequestedAction(uri) );
+            auth = auth.and( new SimpleRequestedAction(uri) );
+        }
+        return auth;
     }
     
-        return new Actions( actions );
-    }
     /**
      * Get Actions object for the data getters for the page.
      */
-    private Actions getActionsForDataGetters(VitroRequest vreq ){
+    private AuthorizationRequest getActionsForDataGetters(VitroRequest vreq ){
         try {
-            Actions dgActs = null;
-
             List<DataGetter> dgList = 
                 DataGetterUtils.getDataGettersForPage(
                     vreq, vreq.getDisplayModel(), getPageUri(vreq));
 
+            AuthorizationRequest auth = AUTHORIZED;
             for( DataGetter dg : dgList){
                 if( dg instanceof RequiresActions ){
-                    RequiresActions ra = (RequiresActions) dg;
+                    auth = auth.and(((RequiresActions) dg).requiredActions(vreq));                        
-                    Actions newActions = ra.requiredActions(vreq);                        
-                    if( newActions != null ){
-                        if( dgActs != null ){
-                            dgActs = dgActs.and( newActions );
-                        }else{
-                            dgActs = newActions;
                 }
             }
-                }
+            return auth;
-            }
-            
-            return dgActs;
         } catch (Exception e) {
-            // TODO Auto-generated catch block
             log.debug(e);
-            return Actions.UNAUTHORIZED;
+            return UNAUTHORIZED;
         }
     }
     
@@ -181,7 +159,7 @@ public class PageController extends FreemarkerHttpServlet{
         
         //Add editing link for page if authorized        
         Map<String,Object> pageMap = (Map<String, Object>) mapForTemplate.get("page");        
-        if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTIONS) ){
+        if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTION) ){
             String editPageUrl = UrlBuilder.getIndividualProfileUrl(pageUri, vreq);            
             editPageUrl = UrlBuilder.addParams(editPageUrl, DisplayVocabulary.SWITCH_TO_DISPLAY_MODEL , "1");            
             pageMap.put("URLToEditPage", editPageUrl);
@@ -235,10 +213,6 @@ public class PageController extends FreemarkerHttpServlet{
      * @throws Exception 
      */
     private String getPageUri(VitroRequest vreq) throws Exception {
-        // get URL without hostname or servlet context
-        //bdc34: why are we getting this?
-        String url = vreq.getRequestURI().substring(vreq.getContextPath().length());
-        
         // Check if there is a page URI in the request.  
         // This would have been added by a servlet Filter.
         String pageURI = (String) vreq.getAttribute("pageURI");        

webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java

@@ -2,11 +2,7 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.jsptags;
 
-import java.util.Arrays;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -18,6 +14,7 @@ import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
 
@@ -51,38 +48,34 @@ public class ConfirmAuthorization extends BodyTagSupport {
 	 * authorized for the actions it contains.
 	 */
 	private boolean isAuthorized() {
-		Set<RequestedAction> actionSet = getActionsFromRequestAttribute();
+		return PolicyHelper.isAuthorizedForActions(getRequest(),
-		return PolicyHelper.isAuthorizedForActions(getRequest(), actionSet);
+				getActionsFromRequestAttribute());
 	}
 
 	/**
 	 * The attribute may be either a single RequestedAction or an array of
-	 * RequestedActions. It may also be empty, but in that case why call this
+	 * RequestedActions. 
-	 * tag?
 	 *
 	 * When we are done, clear the attribute, so any included or forwarded page
 	 * will not see it.
 	 */
-	private Set<RequestedAction> getActionsFromRequestAttribute() {
+	private AuthorizationRequest getActionsFromRequestAttribute() {
-		Set<RequestedAction> actionSet = new HashSet<RequestedAction>();
 		Object attribute = getRequest().getAttribute("requestedActions");
 		getRequest().removeAttribute("requestedActions");
 
 		if (attribute == null) {
-			log.warn("<vitro:confirmAuthorization /> was called, but nothing "
+			return AUTHORIZED;
-					+ "was found at request.getAttribute(\"requestedActions\")");
 		} else if (attribute instanceof RequestedAction) {
 			RequestedAction ra = (RequestedAction) attribute;
 			log.debug("requested action was " + ra.getClass().getSimpleName());
-			actionSet.add(ra);
+			return ra;
 		} else if (attribute instanceof RequestedAction[]) {
-			RequestedAction[] array = (RequestedAction[]) attribute;
+			AuthorizationRequest auth = AUTHORIZED;
-			List<RequestedAction> raList = Arrays.asList(array);
+			for (RequestedAction ra : (RequestedAction[]) attribute) {
-			if (log.isDebugEnabled()) {
+				auth = auth.and(ra);
-				log.debug("requested actions were "
-						+ formatRequestedActions(raList));
 			}
-			actionSet.addAll(raList);
+			log.debug("requested actions were " + auth);
+			return auth;
 		} else {
 			throw new IllegalStateException(
 					"Expected request.getAttribute(\"requestedActions\") "
@@ -90,20 +83,6 @@ public class ConfirmAuthorization extends BodyTagSupport {
 							+ "RequestedAction[], but found "
 							+ attribute.getClass().getCanonicalName());
 		}
-
-		return actionSet;
-	}
-
-	private String formatRequestedActions(List<RequestedAction> raList) {
-		StringBuffer buff = new StringBuffer();
-		for (Iterator<RequestedAction> it = raList.iterator(); it.hasNext();) {
-			buff.append("'").append(it.next().getClass().getSimpleName())
-					.append("'");
-			if (it.hasNext()) {
-				buff.append(", ");
-			}
-		}
-		return buff.toString();
 	}
 
 	private boolean isLoggedIn() {

webapp/web/templates/edit/specific/ents_edit.jsp

@@ -12,7 +12,7 @@
 <%@page import="edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission" %>
 
 <%
-	if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTIONS)) {
+	if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTION)) {
 		request.setAttribute("isEditor", Boolean.TRUE);
 	}
 %>