NIHVIVO-2492 Restrict pages by UseMenuEditorPages requested action.

2011-04-19 18:20:55 +00:00 · 2011-04-19 18:20:55 +00:00 · 8986e0ccda
commit 8986e0ccda
parent b3b40d780d
4 changed files with 25 additions and 9 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
@ -14,6 +14,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
@ -44,6 +45,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 			result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
 		} else if (whatToAuth instanceof UseEditUserAccountsPages) {
 			result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
+		} else if (whatToAuth instanceof UseMenuEditorPages) {
+			result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
 		} else if (whatToAuth instanceof UseOntologyEditorPages) {
 			result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
 		} else if (whatToAuth instanceof UsePortalEditorPages) {
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMenuEditorPages.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseMenuEditorPages.java
@ -0,0 +1,11 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+
+/** Should we allow the user to use the pages for editing menus? */
+public class UseMenuEditorPages extends RequestedAction implements
+		UsePagesRequestedAction {
+	// no fields
+}
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/MenuN3EditController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/MenuN3EditController.java
@ -5,10 +5,13 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 import java.util.HashMap;
 import java.util.Map;

+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;

+@RequiresAuthorizationFor(UseMenuEditorPages.class)
 public class MenuN3EditController extends FreemarkerHttpServlet {

    protected final static String N3MENU_FORM = "menuN3Edit.ftl"; 
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java
@ -68,13 +68,12 @@ public class SiteAdminController extends FreemarkerHttpServlet {
        
        body.put("dataInput", getDataInputData(vreq));

+        body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
+
        // rjy7 There is a risk that the login levels required to show the links will get out
        // of step with the levels required by the pages themselves. We should implement a 
        // mechanism similar to what's used on the front end to display links to Site Admin
        // and Revision Info iff the user has access to those pages.
-        if (loginBean.isLoggedInAtLeast(LoginStatusBean.CURATOR)) {
-            body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
-        }
        if (PolicyHelper.isAuthorizedForAction(vreq, UseOntologyEditorPages.class)) {
        	body.put("ontologyEditor", getOntologyEditorData(vreq, urlBuilder));
        }
@ -137,17 +136,17 @@ public class SiteAdminController extends FreemarkerHttpServlet {
            urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
        }

-        boolean multiplePortals = !vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal();
-		boolean mayEditPortals = PolicyHelper.isAuthorizedForServlet(vreq, PortalsListingController.class);
-		if (multiplePortals && mayEditPortals) {
-            urls.put("portals", urlBuilder.getPortalUrl("/listPortals"));
-        }
+        if (PolicyHelper.isAuthorizedForServlet(vreq, PortalsListingController.class)) {
+        	if ((!vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal())) {
+				urls.put("portals", urlBuilder.getPortalUrl("/listPortals"));
+			}
+		}
 
 		if (PolicyHelper.isAuthorizedForAction(vreq, UseSiteInfoEditingPage.class)) {
 			urls.put("siteInfo", urlBuilder.getPortalUrl("/editForm", new ParamMap("controller", "Portal", "id", String.valueOf(urlBuilder.getPortalId()))));
 		}

-        if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) {
+		if (PolicyHelper.isAuthorizedForServlet(vreq, MenuN3EditController.class)) {
            urls.put("menuN3Editor", urlBuilder.getPortalUrl("/menuN3Editor"));            
        }