Classgroup cache clearing prohibited unless authorized. NIHVIVO-2942

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java

@@ -10,6 +10,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.identifier.common.HasRoleLevel;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildVClassGroupCache;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.AccessSpecialDataModels;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditIndividuals;
@@ -111,6 +112,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 		} else if (whatToAuth instanceof EditOwnAccount) {
 			result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole);
 
+		} else if (whatToAuth instanceof RebuildVClassGroupCache) {
+            result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
 		} else if (whatToAuth instanceof RefreshVisualizationCacheAction) {
 			result = isAuthorized(whatToAuth, RoleLevel.DB_ADMIN, userRole);
 		} else {

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/admin/RebuildVClassGroupCache.java

@@ -0,0 +1,10 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.AdminRequestedAction;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+
+public class RebuildVClassGroupCache extends RequestedAction implements
+        AdminRequestedAction {
+
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/BrowseController.java

@@ -10,6 +10,9 @@ import java.util.Map;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildVClassGroupCache;
 import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
@@ -29,6 +32,16 @@ public class BrowseController extends FreemarkerHttpServlet {
         return "Index of Contents";
     }
     
+    
+    @Override
+    protected Actions requiredActions(VitroRequest vreq) {
+        if ( vreq.getParameter("clearcache") != null )
+            return new Actions(new RebuildVClassGroupCache() );
+        else
+            return Actions.AUTHORIZED;
+    }
+
+
     @Override
     protected ResponseValues processRequest(VitroRequest vreq) {
         
@@ -55,8 +68,12 @@ public class BrowseController extends FreemarkerHttpServlet {
             templateName = Template.TITLED_MESSAGE.toString();
         }
         
-        if ( vreq.getParameter("clearcache") != null ) //mainly for debugging
+        if ( vreq.getParameter("clearcache") != null ) {
-            clearGroupCache();
+            //mainly for debugging
+            if( PolicyHelper.isAuthorizedForActions(vreq, new RebuildVClassGroupCache()) ){
+                clearGroupCache();
+            }
+        }
         
         return new TemplateResponseValues(templateName, body);
     }