diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java index af54bc268..9e2fadf87 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/beans/BaseResourceBean.java @@ -2,13 +2,14 @@ package edu.cornell.mannlib.vitro.webapp.beans; +import javax.servlet.http.HttpServletRequest; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.openrdf.model.impl.URIImpl; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; -import edu.cornell.mannlib.vitro.webapp.flags.AuthFlag; public class BaseResourceBean implements ResourceBean { @@ -67,8 +68,8 @@ public class BaseResourceBean implements ResourceBean { return RoleLevel.values()[0]; } - public static RoleLevel getRoleFromAuth(AuthFlag ar){ - int level = ar.getUserSecurityLevel(); + public static RoleLevel getRoleFromLoginStatus(HttpServletRequest req) { + int level = LoginStatusBean.getBean(req).getSecurityLevel(); if( level == LoginStatusBean.ANYBODY) // 0 return PUBLIC; if( level == LoginStatusBean.NON_EDITOR) // 1 @@ -80,7 +81,7 @@ public class BaseResourceBean implements ResourceBean { if( level == LoginStatusBean.DBA ) // 50 return DB_ADMIN; else - return null; + return PUBLIC; } } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroRequest.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroRequest.java index 30b19b90a..b85d50f8f 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroRequest.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroRequest.java @@ -6,7 +6,6 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.Principal; -import java.util.Collection; import java.util.Enumeration; import java.util.HashMap; import java.util.Iterator; @@ -26,7 +25,6 @@ import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.beans.Portal; import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; import edu.cornell.mannlib.vitro.webapp.dao.jena.JenaBaseDao; -import edu.cornell.mannlib.vitro.webapp.flags.AuthFlag; import edu.cornell.mannlib.vitro.webapp.flags.PortalFlag; import edu.cornell.mannlib.vitro.webapp.flags.SunsetFlag; @@ -190,13 +188,6 @@ public class VitroRequest implements HttpServletRequest { setAttribute("appBean",ab); } - public AuthFlag getAuthFlag(){ - return (AuthFlag)getAttribute("authFlag"); - } - public void setAuthFlag(AuthFlag af){ - setAttribute("authFlag",af); - } - /* These methods are overridden so that we might convert URL-encoded request parameters to UTF-8 * Call static method setConvertParameterEncoding(false) to disable conversion. */ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java index 6841f64fb..ea28872cd 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/filters/VitroRequestPrep.java @@ -35,13 +35,10 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; import edu.cornell.mannlib.vitro.webapp.dao.filtering.WebappDaoFactoryFiltering; import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.FilterFactory; import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.HiddenFromDisplayBelowRoleLevelFilter; -import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.VitroFilterUtils; import edu.cornell.mannlib.vitro.webapp.dao.filtering.filters.VitroFilters; import edu.cornell.mannlib.vitro.webapp.dao.jena.WebappDaoFactoryJena; -import edu.cornell.mannlib.vitro.webapp.flags.AuthFlag; import edu.cornell.mannlib.vitro.webapp.flags.FlagException; import edu.cornell.mannlib.vitro.webapp.flags.PortalFlag; -import edu.cornell.mannlib.vitro.webapp.flags.RequestToAuthFlag; import edu.cornell.mannlib.vitro.webapp.flags.SunsetFlag; /** @@ -83,26 +80,28 @@ public class VitroRequestPrep implements Filter { ServletResponse response, FilterChain chain) throws IOException, ServletException { + // If this isn't an HttpServletRequest, we might as well fail now. + HttpServletRequest req = (HttpServletRequest) request; //don't waste time running this filter again. - if( request.getAttribute("VitroRequestPrep.setup") != null ){ + if( req.getAttribute("VitroRequestPrep.setup") != null ){ log.debug("VitroRequestPrep has already been executed at least once, not re-executing."); - Integer a =(Integer) request.getAttribute("VitroRequestPrep.setup"); - request.setAttribute("VitroRequestPrep.setup", new Integer( a + 1 ) ); - chain.doFilter(request, response); + Integer a =(Integer) req.getAttribute("VitroRequestPrep.setup"); + req.setAttribute("VitroRequestPrep.setup", new Integer( a + 1 ) ); + chain.doFilter(req, response); return; } for( Pattern skipPattern : skipPatterns){ - Matcher match =skipPattern.matcher( ((HttpServletRequest)request).getRequestURI() ); + Matcher match =skipPattern.matcher( req.getRequestURI() ); if( match.matches() ){ log.debug("request matched a skipPattern, skipping VitroRequestPrep"); - chain.doFilter(request, response); + chain.doFilter(req, response); return; } } - VitroRequest vreq = new VitroRequest((HttpServletRequest)request); + VitroRequest vreq = new VitroRequest(req); if (log.isDebugEnabled()) { try { @@ -120,10 +119,6 @@ public class VitroRequestPrep implements Filter { //-- setup appBean --// vreq.setAppBean(_appbean); - //-- setup Authorization flag --/ - AuthFlag authFlag = RequestToAuthFlag.makeAuthFlag((HttpServletRequest)request); - vreq.setAuthFlag(authFlag); - //-- setup sunserFlag --// SunsetFlag sunsetFlag = new SunsetFlag(); if( _appbean != null ) @@ -139,30 +134,25 @@ public class VitroRequestPrep implements Filter { PortalFlag portalFlag = null; PortalDao portalDao = wdf.getPortalDao(); try{ - if( request instanceof HttpServletRequest){ - portal = getCurrentPortalBean((HttpServletRequest)request, true, portalDao); - if ( (portal == null) && (response instanceof HttpServletResponse) ) { - ((HttpServletResponse)response).sendError(404); - return; - } - vreq.setPortal(portal); - portalFlag = new PortalFlag((HttpServletRequest)request,_appbean, portal, wdf); - vreq.setPortalFlag(portalFlag); + portal = getCurrentPortalBean(req, true, portalDao); + if ( (portal == null) && (response instanceof HttpServletResponse) ) { + ((HttpServletResponse)response).sendError(404); + return; } + vreq.setPortal(portal); + portalFlag = new PortalFlag(req,_appbean, portal, wdf); + vreq.setPortalFlag(portalFlag); }catch(FlagException ex){ System.out.println("could not make portal flag" + ex); } WebappDaoFactory sessionDaoFactory = null; - if (request instanceof HttpServletRequest) { - Object o = ((HttpServletRequest)request).getSession().getAttribute("webappDaoFactory"); - if ( (o != null) && (o instanceof WebappDaoFactory) ) { - sessionDaoFactory = (WebappDaoFactory) o; - } - } + Object o = req.getSession().getAttribute("webappDaoFactory"); + if ( (o != null) && (o instanceof WebappDaoFactory) ) { + sessionDaoFactory = (WebappDaoFactory) o; + } - RoleLevel role = RoleLevel.getRoleFromAuth(authFlag); - role = role!=null ? role : RoleLevel.PUBLIC; + RoleLevel role = RoleLevel.getRoleFromLoginStatus(req); log.debug("setting role to "+role.getShorthand()); if (sessionDaoFactory != null) { @@ -174,7 +164,7 @@ public class VitroRequestPrep implements Filter { } else { VitroFilters filters = null; - filters = getFiltersFromContextFilterFactory((HttpServletRequest)request, wdf); + filters = getFiltersFromContextFilterFactory(req, wdf); /* bdc34:to be removed in vivo 1.3 if( wdf.getApplicationDao().isFlag1Active() && (portalFlag != null) ){ @@ -194,6 +184,7 @@ public class VitroRequestPrep implements Filter { } /* display filtering happens now at any level, all the time; editing pages get their WebappDaoFactories differently */ + // TODO -- We can put a HidenFromDisplayByPolicyFilter here, since ID bundles are available from ActiveIdenfierBundleFactor and Policy is available from ServletPolicyList WebappDaoFactory roleFilteredFact = new WebappDaoFactoryFiltering(wdf, new HiddenFromDisplayBelowRoleLevelFilter( role, wdf )); wdf = roleFilteredFact; @@ -208,8 +199,8 @@ public class VitroRequestPrep implements Filter { vreq.setDataset(dataset); } - request.setAttribute("VitroRequestPrep.setup", new Integer(1)); - chain.doFilter(request, response); + req.setAttribute("VitroRequestPrep.setup", new Integer(1)); + chain.doFilter(req, response); } private WebappDaoFactory getWebappDaoFactory(VitroRequest vreq){ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/AuthFlag.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/AuthFlag.java deleted file mode 100644 index 6361a4bf2..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/AuthFlag.java +++ /dev/null @@ -1,15 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.flags; - - -public class AuthFlag { - private boolean filterByAuthLevel = true; - public boolean isFilterByAuthLevel() { return filterByAuthLevel;} - public void setFilterByAuthLevel(boolean b) { this.filterByAuthLevel = b; } - - private int userSecurityLevel = -1; - public void setUserSecurityLevel(int i){ userSecurityLevel = i;} - public int getUserSecurityLevel() { return userSecurityLevel; } - -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToAuthFlag.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToAuthFlag.java deleted file mode 100644 index 8b5ae1f8d..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToAuthFlag.java +++ /dev/null @@ -1,22 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.flags; - -import javax.servlet.http.HttpServletRequest; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; - -/** - * Created by IntelliJ IDEA. - * User: bdc34 - * Date: Apr 5, 2007 - * Time: 11:12:38 AM - * To change this template use File | Settings | File Templates. - */ -public class RequestToAuthFlag { - public static AuthFlag makeAuthFlag(HttpServletRequest request){ - AuthFlag authFlag = new AuthFlag(); - authFlag.setUserSecurityLevel(LoginStatusBean.getBean(request).getSecurityLevel()); - return authFlag; - } -} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToPortalFlag.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToPortalFlag.java index 11f03dff7..6299edb28 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToPortalFlag.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/flags/RequestToPortalFlag.java @@ -172,16 +172,7 @@ public class RequestToPortalFlag { return; } - /* JCR 1/30/2007 pulled user auth level out here so always show full array - * of choices for filtering to editors when logged in */ - /* BDC 12/18/2008 editors no longer automatically get SHOW_ALL_PORTALS */ - int currentUserSecurityLevel=0; - AuthFlag authFlag=(AuthFlag)request.getAttribute("authFlag"); - if (authFlag!=null) { - currentUserSecurityLevel=authFlag.getUserSecurityLevel(); - } else { - currentUserSecurityLevel=LoginStatusBean.getBean(request).getSecurityLevel(); - } + int currentUserSecurityLevel=LoginStatusBean.getBean(request).getSecurityLevel(); if (portalFlag.isFilteringActive() ){ // flag1