diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 4df475e8b..d1fb4cc55 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -12,6 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; @@ -84,6 +85,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { } else if (whatToAuth instanceof SeeRevisionInfo) { result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); + } else if (whatToAuth instanceof SeeIndividualEditingPanel) { + result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); + } else if (whatToAuth instanceof UseBasicAjaxControllers) { result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeIndividualEditingPanel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeIndividualEditingPanel.java new file mode 100644 index 000000000..7fdac4062 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeIndividualEditingPanel.java @@ -0,0 +1,10 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to see the Editing panel for an individual? */ +public class SeeIndividualEditingPanel extends RequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java index f12736ddd..01959331b 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java @@ -10,6 +10,12 @@ import org.openrdf.model.URI; import org.openrdf.model.impl.URIImpl; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel; import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.VClass; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -17,7 +23,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route; import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; -import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep; import edu.cornell.mannlib.vitro.webapp.reasoner.SimpleReasoner; import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel; @@ -114,15 +119,22 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel { return propertyList; } + /** + * This page is editable if the user is authorized to add a data property or + * an object property to the Individual being shown. + */ public boolean isEditable() { - // RY This will be improved later. What is important is not whether the user is a self-editor, - // but whether he has editing privileges on this profile. This is just a crude way of determining - // whether to even bother looking at the editing policies. - return VitroRequestPrep.isSelfEditing(vreq) || loginStatusBean.isLoggedIn(); + AddDataPropStmt adps = new AddDataPropStmt(individual.getURI(), + RequestActionConstants.SOME_URI, + RequestActionConstants.SOME_LITERAL, null, null); + AddObjectPropStmt aops = new AddObjectPropStmt(individual.getURI(), + RequestActionConstants.SOME_URI, + RequestActionConstants.SOME_URI); + return PolicyHelper.isAuthorizedForActions(vreq, new Actions(adps).or(aops)); } public boolean getShowAdminPanel() { - return loginStatusBean.isLoggedInAtLeast(LoginStatusBean.EDITOR); + return PolicyHelper.isAuthorizedForActions(vreq, new SeeIndividualEditingPanel()); } /* rdfs:label needs special treatment, because it is not possible to construct a