VIVO-761 Take advantage of the changes to simplify some logic.

2014-04-25 15:30:43 -04:00 · 2014-04-25 15:30:43 -04:00 · 78fe1bbb41
commit 78fe1bbb41
parent 4baad05643
5 changed files with 37 additions and 96 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
@ -2,7 +2,7 @@

 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;

-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;

 /**
@ -31,6 +31,6 @@ public interface RequiresActions {
     * @return Should not be null. Return Actions.AUTHORIZED
     * if no authorization is required to do use the object.
     */
-    public Actions requiredActions(VitroRequest vreq) ;
+    public AuthorizationRequest requiredActions(VitroRequest vreq) ;
    
 }
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
@ -110,18 +110,6 @@ public class VitroHttpServlet extends HttpServlet implements MultipartRequestWra
 		doGet(request, response);
 	}

-	/**
-	 * Don't display a page that the user isn't authorized to see.
-	 * 
-	 * @param actions
-	 *            the RequestedActions that must be authorized.
-	 */
-	protected boolean isAuthorizedToDisplayPage(HttpServletRequest request,
-			HttpServletResponse response, AuthorizationRequest... actions) {
-		return isAuthorizedToDisplayPage(request, response,
-				AuthorizationRequest.and(actions));
-	}
-
 	/**
 	 * Don't display a page that the user isn't authorized to see.
 	 * 
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
@ -3,7 +3,9 @@
 package edu.cornell.mannlib.vitro.webapp.controller.freemarker;


-import java.util.ArrayList;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
+
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
@ -18,8 +20,7 @@ import org.apache.commons.logging.LogFactory;

 import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
-import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequiresActions;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -51,72 +52,49 @@ public class PageController extends FreemarkerHttpServlet{
     * AND them together.
     */
    @Override
-    protected Actions requiredActions(VitroRequest vreq) {
+    protected AuthorizationRequest requiredActions(VitroRequest vreq) {
        try {
-            Actions pageActs = getActionsForPage( vreq );
-            Actions dgActs = getActionsForDataGetters( vreq );
-
-            if( pageActs == null && dgActs == null){
-                return Actions.AUTHORIZED;
-            }else if( pageActs == null ){
-                return dgActs;
-            }else if( dgActs == null ){
-            	return pageActs;
-            }else{
-                return pageActs.and(dgActs);
-            }                
-            
+			return AUTHORIZED.and(getActionsForPage(vreq)).and(
+					getActionsForDataGetters(vreq));
        } catch (Exception e) {
            log.warn(e);
-            return Actions.UNAUTHORIZED;
+            return UNAUTHORIZED;
        }                
    }

    /**
     * Get all the required actions directly required for the page.
     */
-    private Actions getActionsForPage( VitroRequest vreq ) throws Exception{
+    private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{
        List<String> simplePremUris = vreq.getWebappDaoFactory().getPageDao()
            .getRequiredActions( getPageUri(vreq) );

-        List<RequestedAction> actions = new ArrayList<RequestedAction>();
-        
+        AuthorizationRequest auth = AUTHORIZED;
        for( String uri : simplePremUris ){
-            actions.add( new SimpleRequestedAction(uri) );
+            auth = auth.and( new SimpleRequestedAction(uri) );
        }
-        
-        return new Actions( actions );
+        return auth;
    }
+    
    /**
     * Get Actions object for the data getters for the page.
     */
-    private Actions getActionsForDataGetters(VitroRequest vreq ){
+    private AuthorizationRequest getActionsForDataGetters(VitroRequest vreq ){
        try {
-            Actions dgActs = null;
-
            List<DataGetter> dgList = 
                DataGetterUtils.getDataGettersForPage(
                    vreq, vreq.getDisplayModel(), getPageUri(vreq));

+            AuthorizationRequest auth = AUTHORIZED;
            for( DataGetter dg : dgList){
                if( dg instanceof RequiresActions ){
-                    RequiresActions ra = (RequiresActions) dg;
-                    Actions newActions = ra.requiredActions(vreq);                        
-                    if( newActions != null ){
-                        if( dgActs != null ){
-                            dgActs = dgActs.and( newActions );
-                        }else{
-                            dgActs = newActions;
-                        }
-                    }
+                    auth = auth.and(((RequiresActions) dg).requiredActions(vreq));                        
                }
            }
-            
-            return dgActs;
+            return auth;
        } catch (Exception e) {
-            // TODO Auto-generated catch block
            log.debug(e);
-            return Actions.UNAUTHORIZED;
+            return UNAUTHORIZED;
        }
    }
    
@ -181,7 +159,7 @@ public class PageController extends FreemarkerHttpServlet{
        
        //Add editing link for page if authorized        
        Map<String,Object> pageMap = (Map<String, Object>) mapForTemplate.get("page");        
-        if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTIONS) ){
+        if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTION) ){
            String editPageUrl = UrlBuilder.getIndividualProfileUrl(pageUri, vreq);            
            editPageUrl = UrlBuilder.addParams(editPageUrl, DisplayVocabulary.SWITCH_TO_DISPLAY_MODEL , "1");            
            pageMap.put("URLToEditPage", editPageUrl);
@ -235,10 +213,6 @@ public class PageController extends FreemarkerHttpServlet{
     * @throws Exception 
     */
    private String getPageUri(VitroRequest vreq) throws Exception {
-        // get URL without hostname or servlet context
-        //bdc34: why are we getting this?
-        String url = vreq.getRequestURI().substring(vreq.getContextPath().length());
-        
        // Check if there is a page URI in the request.  
        // This would have been added by a servlet Filter.
        String pageURI = (String) vreq.getAttribute("pageURI");        
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
@ -2,11 +2,7 @@

 package edu.cornell.mannlib.vitro.webapp.web.jsptags;

-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
+import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;

 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -18,6 +14,7 @@ import org.apache.commons.logging.LogFactory;

 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;

@ -51,38 +48,34 @@ public class ConfirmAuthorization extends BodyTagSupport {
 	 * authorized for the actions it contains.
 	 */
 	private boolean isAuthorized() {
-		Set<RequestedAction> actionSet = getActionsFromRequestAttribute();
-		return PolicyHelper.isAuthorizedForActions(getRequest(), actionSet);
+		return PolicyHelper.isAuthorizedForActions(getRequest(),
+				getActionsFromRequestAttribute());
 	}

 	/**
 	 * The attribute may be either a single RequestedAction or an array of
-	 * RequestedActions. It may also be empty, but in that case why call this
-	 * tag?
+	 * RequestedActions. 
 	 *
 	 * When we are done, clear the attribute, so any included or forwarded page
 	 * will not see it.
 	 */
-	private Set<RequestedAction> getActionsFromRequestAttribute() {
-		Set<RequestedAction> actionSet = new HashSet<RequestedAction>();
+	private AuthorizationRequest getActionsFromRequestAttribute() {
 		Object attribute = getRequest().getAttribute("requestedActions");
 		getRequest().removeAttribute("requestedActions");

 		if (attribute == null) {
-			log.warn("<vitro:confirmAuthorization /> was called, but nothing "
-					+ "was found at request.getAttribute(\"requestedActions\")");
+			return AUTHORIZED;
 		} else if (attribute instanceof RequestedAction) {
 			RequestedAction ra = (RequestedAction) attribute;
 			log.debug("requested action was " + ra.getClass().getSimpleName());
-			actionSet.add(ra);
+			return ra;
 		} else if (attribute instanceof RequestedAction[]) {
-			RequestedAction[] array = (RequestedAction[]) attribute;
-			List<RequestedAction> raList = Arrays.asList(array);
-			if (log.isDebugEnabled()) {
-				log.debug("requested actions were "
-						+ formatRequestedActions(raList));
+			AuthorizationRequest auth = AUTHORIZED;
+			for (RequestedAction ra : (RequestedAction[]) attribute) {
+				auth = auth.and(ra);
 			}
-			actionSet.addAll(raList);
+			log.debug("requested actions were " + auth);
+			return auth;
 		} else {
 			throw new IllegalStateException(
 					"Expected request.getAttribute(\"requestedActions\") "
@ -90,20 +83,6 @@ public class ConfirmAuthorization extends BodyTagSupport {
 							+ "RequestedAction[], but found "
 							+ attribute.getClass().getCanonicalName());
 		}
-
-		return actionSet;
-	}
-
-	private String formatRequestedActions(List<RequestedAction> raList) {
-		StringBuffer buff = new StringBuffer();
-		for (Iterator<RequestedAction> it = raList.iterator(); it.hasNext();) {
-			buff.append("'").append(it.next().getClass().getSimpleName())
-					.append("'");
-			if (it.hasNext()) {
-				buff.append(", ");
-			}
-		}
-		return buff.toString();
 	}

 	private boolean isLoggedIn() {
--- a/webapp/web/templates/edit/specific/ents_edit.jsp
+++ b/webapp/web/templates/edit/specific/ents_edit.jsp
@ -12,7 +12,7 @@
 <%@page import="edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission" %>

 <%
-	if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTIONS)) {
+	if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTION)) {
 		request.setAttribute("isEditor", Boolean.TRUE);
 	}
 %>