litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-2492 isEditable() and getShowAdminPanel() should be based on Policy, not login level.

Browse source
This commit is contained in:
j2blake 2011-04-27 15:03:28 +00:00
parent 5ba66c4e9f
commit 7a87a8c8fa
3 changed files with 32 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

4
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
View file

@ -12,6 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
@ -84,6 +85,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
} else if (whatToAuth instanceof SeeRevisionInfo) { } else if (whatToAuth instanceof SeeRevisionInfo) {
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
} else if (whatToAuth instanceof SeeIndividualEditingPanel) {
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
} else if (whatToAuth instanceof UseBasicAjaxControllers) { } else if (whatToAuth instanceof UseBasicAjaxControllers) {
result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole); result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole);

10
webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeIndividualEditingPanel.java Normal file
View file

@ -0,0 +1,10 @@
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
/** Should we allow the user to see the Editing panel for an individual? */
public class SeeIndividualEditingPanel extends RequestedAction {
// no fields
}

24
webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/individual/BaseIndividualTemplateModel.java
View file

@ -10,6 +10,12 @@ import org.openrdf.model.URI;
import org.openrdf.model.impl.URIImpl; import org.openrdf.model.impl.URIImpl;
import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt;
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeIndividualEditingPanel;
import edu.cornell.mannlib.vitro.webapp.beans.Individual; import edu.cornell.mannlib.vitro.webapp.beans.Individual;
import edu.cornell.mannlib.vitro.webapp.beans.VClass; import edu.cornell.mannlib.vitro.webapp.beans.VClass;
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -17,7 +23,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder.Route;
import edu.cornell.mannlib.vitro.webapp.dao.VClassDao; import edu.cornell.mannlib.vitro.webapp.dao.VClassDao;
import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary; import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
import edu.cornell.mannlib.vitro.webapp.filters.VitroRequestPrep;
import edu.cornell.mannlib.vitro.webapp.reasoner.SimpleReasoner; import edu.cornell.mannlib.vitro.webapp.reasoner.SimpleReasoner;
import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel; import edu.cornell.mannlib.vitro.webapp.web.templatemodels.BaseTemplateModel;
@ -114,15 +119,22 @@ public abstract class BaseIndividualTemplateModel extends BaseTemplateModel {
return propertyList; return propertyList;
} }
/**
* This page is editable if the user is authorized to add a data property or
* an object property to the Individual being shown.
*/
public boolean isEditable() { public boolean isEditable() {
// RY This will be improved later. What is important is not whether the user is a self-editor, AddDataPropStmt adps = new AddDataPropStmt(individual.getURI(),
// but whether he has editing privileges on this profile. This is just a crude way of determining RequestActionConstants.SOME_URI,
// whether to even bother looking at the editing policies. RequestActionConstants.SOME_LITERAL, null, null);
return VitroRequestPrep.isSelfEditing(vreq) || loginStatusBean.isLoggedIn(); AddObjectPropStmt aops = new AddObjectPropStmt(individual.getURI(),
RequestActionConstants.SOME_URI,
RequestActionConstants.SOME_URI);
return PolicyHelper.isAuthorizedForActions(vreq, new Actions(adps).or(aops));
} }
public boolean getShowAdminPanel() { public boolean getShowAdminPanel() {
return loginStatusBean.isLoggedInAtLeast(LoginStatusBean.EDITOR); return PolicyHelper.isAuthorizedForActions(vreq, new SeeIndividualEditingPanel());
} }
/* rdfs:label needs special treatment, because it is not possible to construct a /* rdfs:label needs special treatment, because it is not possible to construct a