litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

VIVO-761 Take advantage of the changes to simplify some logic.

Browse source
This commit is contained in:
Jim Blake 2014-04-25 15:30:43 -04:00
parent 4baad05643
commit 78fe1bbb41
5 changed files with 37 additions and 96 deletions
Download patch file Download diff file Expand all files Collapse all files

4
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/ifaces/RequiresActions.java
View file

@ -2,7 +2,7 @@
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
/**
@ -31,6 +31,6 @@ public interface RequiresActions {
* @return Should not be null. Return Actions.AUTHORIZED
* if no authorization is required to do use the object.
*/
public Actions requiredActions(VitroRequest vreq) ;
public AuthorizationRequest requiredActions(VitroRequest vreq) ;
}

12
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
View file

@ -110,18 +110,6 @@ public class VitroHttpServlet extends HttpServlet implements MultipartRequestWra
doGet(request, response);
}
/**
* Don't display a page that the user isn't authorized to see.
*
* @param actions
* the RequestedActions that must be authorized.
*/
protected boolean isAuthorizedToDisplayPage(HttpServletRequest request,
HttpServletResponse response, AuthorizationRequest... actions) {
return isAuthorizedToDisplayPage(request, response,
AuthorizationRequest.and(actions));
}
/**
* Don't display a page that the user isn't authorized to see.
*

66
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/PageController.java
View file

@ -3,7 +3,9 @@
package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
import java.util.ArrayList;
import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.UNAUTHORIZED;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@ -18,8 +20,7 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.SimpleRequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequiresActions;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -51,72 +52,49 @@ public class PageController extends FreemarkerHttpServlet{
* AND them together.
*/
@Override
protected Actions requiredActions(VitroRequest vreq) {
protected AuthorizationRequest requiredActions(VitroRequest vreq) {
try {
Actions pageActs = getActionsForPage( vreq );
Actions dgActs = getActionsForDataGetters( vreq );
if( pageActs == null && dgActs == null){
return Actions.AUTHORIZED;
}else if( pageActs == null ){
return dgActs;
}else if( dgActs == null ){
return pageActs;
}else{
return pageActs.and(dgActs);
}
return AUTHORIZED.and(getActionsForPage(vreq)).and(
getActionsForDataGetters(vreq));
} catch (Exception e) {
log.warn(e);
return Actions.UNAUTHORIZED;
return UNAUTHORIZED;
}
}
/**
* Get all the required actions directly required for the page.
*/
private Actions getActionsForPage( VitroRequest vreq ) throws Exception{
private AuthorizationRequest getActionsForPage( VitroRequest vreq ) throws Exception{
List<String> simplePremUris = vreq.getWebappDaoFactory().getPageDao()
.getRequiredActions( getPageUri(vreq) );
List<RequestedAction> actions = new ArrayList<RequestedAction>();
AuthorizationRequest auth = AUTHORIZED;
for( String uri : simplePremUris ){
actions.add( new SimpleRequestedAction(uri) );
auth = auth.and( new SimpleRequestedAction(uri) );
}
return new Actions( actions );
return auth;
}
/**
* Get Actions object for the data getters for the page.
*/
private Actions getActionsForDataGetters(VitroRequest vreq ){
private AuthorizationRequest getActionsForDataGetters(VitroRequest vreq ){
try {
Actions dgActs = null;
List<DataGetter> dgList =
DataGetterUtils.getDataGettersForPage(
vreq, vreq.getDisplayModel(), getPageUri(vreq));
AuthorizationRequest auth = AUTHORIZED;
for( DataGetter dg : dgList){
if( dg instanceof RequiresActions ){
RequiresActions ra = (RequiresActions) dg;
Actions newActions = ra.requiredActions(vreq);
if( newActions != null ){
if( dgActs != null ){
dgActs = dgActs.and( newActions );
}else{
dgActs = newActions;
}
}
auth = auth.and(((RequiresActions) dg).requiredActions(vreq));
}
}
return dgActs;
return auth;
} catch (Exception e) {
// TODO Auto-generated catch block
log.debug(e);
return Actions.UNAUTHORIZED;
return UNAUTHORIZED;
}
}
@ -181,7 +159,7 @@ public class PageController extends FreemarkerHttpServlet{
//Add editing link for page if authorized
Map<String,Object> pageMap = (Map<String, Object>) mapForTemplate.get("page");
if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTIONS) ){
if( PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.MANAGE_MENUS.ACTION) ){
String editPageUrl = UrlBuilder.getIndividualProfileUrl(pageUri, vreq);
editPageUrl = UrlBuilder.addParams(editPageUrl, DisplayVocabulary.SWITCH_TO_DISPLAY_MODEL , "1");
pageMap.put("URLToEditPage", editPageUrl);
@ -235,10 +213,6 @@ public class PageController extends FreemarkerHttpServlet{
* @throws Exception
*/
private String getPageUri(VitroRequest vreq) throws Exception {
// get URL without hostname or servlet context
//bdc34: why are we getting this?
String url = vreq.getRequestURI().substring(vreq.getContextPath().length());
// Check if there is a page URI in the request.
// This would have been added by a servlet Filter.
String pageURI = (String) vreq.getAttribute("pageURI");

49
webapp/src/edu/cornell/mannlib/vitro/webapp/web/jsptags/ConfirmAuthorization.java
View file

@ -2,11 +2,7 @@
package edu.cornell.mannlib.vitro.webapp.web.jsptags;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import static edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest.AUTHORIZED;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@ -18,6 +14,7 @@ import org.apache.commons.logging.LogFactory;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.AuthorizationRequest;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.controller.VitroHttpServlet;
@ -51,38 +48,34 @@ public class ConfirmAuthorization extends BodyTagSupport {
* authorized for the actions it contains.
*/
private boolean isAuthorized() {
Set<RequestedAction> actionSet = getActionsFromRequestAttribute();
return PolicyHelper.isAuthorizedForActions(getRequest(), actionSet);
return PolicyHelper.isAuthorizedForActions(getRequest(),
getActionsFromRequestAttribute());
}
/**
* The attribute may be either a single RequestedAction or an array of
* RequestedActions. It may also be empty, but in that case why call this
* tag?
*
* RequestedActions.
*
* When we are done, clear the attribute, so any included or forwarded page
* will not see it.
*/
private Set<RequestedAction> getActionsFromRequestAttribute() {
Set<RequestedAction> actionSet = new HashSet<RequestedAction>();
private AuthorizationRequest getActionsFromRequestAttribute() {
Object attribute = getRequest().getAttribute("requestedActions");
getRequest().removeAttribute("requestedActions");
if (attribute == null) {
log.warn("<vitro:confirmAuthorization /> was called, but nothing "
+ "was found at request.getAttribute(\"requestedActions\")");
return AUTHORIZED;
} else if (attribute instanceof RequestedAction) {
RequestedAction ra = (RequestedAction) attribute;
log.debug("requested action was " + ra.getClass().getSimpleName());
actionSet.add(ra);
return ra;
} else if (attribute instanceof RequestedAction[]) {
RequestedAction[] array = (RequestedAction[]) attribute;
List<RequestedAction> raList = Arrays.asList(array);
if (log.isDebugEnabled()) {
log.debug("requested actions were "
+ formatRequestedActions(raList));
AuthorizationRequest auth = AUTHORIZED;
for (RequestedAction ra : (RequestedAction[]) attribute) {
auth = auth.and(ra);
}
actionSet.addAll(raList);
log.debug("requested actions were " + auth);
return auth;
} else {
throw new IllegalStateException(
"Expected request.getAttribute(\"requestedActions\") "
@ -90,20 +83,6 @@ public class ConfirmAuthorization extends BodyTagSupport {
+ "RequestedAction[], but found "
+ attribute.getClass().getCanonicalName());
}
return actionSet;
}
private String formatRequestedActions(List<RequestedAction> raList) {
StringBuffer buff = new StringBuffer();
for (Iterator<RequestedAction> it = raList.iterator(); it.hasNext();) {
buff.append("'").append(it.next().getClass().getSimpleName())
.append("'");
if (it.hasNext()) {
buff.append(", ");
}
}
return buff.toString();
}
private boolean isLoggedIn() {

2
webapp/web/templates/edit/specific/ents_edit.jsp
View file

@ -12,7 +12,7 @@
<%@page import="edu.cornell.mannlib.vitro.webapp.auth.permissions.SimplePermission" %>
<%
if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTIONS)) {
if (PolicyHelper.isAuthorizedForActions(request, SimplePermission.USE_INDIVIDUAL_CONTROL_PANEL.ACTION)) {
request.setAttribute("isEditor", Boolean.TRUE);
}
%>