NIHVIVO-1379 If not sufficiently authorized to view a restricted page, redirect to home page with a message.

webapp/config/web.xml

@@ -400,10 +400,6 @@
     <servlet-name>EmptyController</servlet-name>
     <url-pattern>/login</url-pattern>
   </servlet-mapping>
-  <servlet-mapping>
-    <servlet-name>EmptyController</servlet-name>
-    <url-pattern>/insufficientAuthorization</url-pattern>
-  </servlet-mapping>
   
   <servlet>
     <servlet-name>RevisionInfoController</servlet-name>

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/Controllers.java

@@ -44,7 +44,6 @@ public class Controllers {
 
     public static final String LOGIN_JSP = "/login";
     public static final String LOGOUT_JSP = "/logout";
-	public static final String INSUFFICIENT_AUTHORIZATION = "/insufficientAuthorization";
     
     public static final String BASIC_JSP = "/templates/page/basicPage.jsp";
     public static final String DEBUG_JSP = "/templates/page/debug.jsp";

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java

@@ -21,6 +21,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
 import edu.cornell.mannlib.vitro.webapp.controller.authenticate.LogoutRedirector;
 import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean;
 import edu.cornell.mannlib.vitro.webapp.controller.login.LoginProcessBean.State;
@@ -43,6 +44,15 @@ public class VitroHttpServlet extends HttpServlet {
 	public final static String TTL_MIMETYPE = "text/turtle"; // unofficial and
 																// unregistered
 
+	/**
+	 * Show this to the user if they are logged in, but still not authorized to
+	 * view the page.
+	 */
+	private static final String INSUFFICIENT_AUTHORIZATION_MESSAGE = "We're sorry, "
+			+ "but you are not authorized to view the page you requested. "
+			+ "If you think this is an error, "
+			+ "please contact us and we'll be happy to help.";
+
 	/**
 	 * Setup the auth flag, portal flag and portal bean objects. Put them in the
 	 * request attributes.
@@ -108,15 +118,15 @@ public class VitroHttpServlet extends HttpServlet {
 
 	/**
 	 * Logged in, but with insufficent authorization. Send them to the
-	 * corresponding page. They won't be coming back.
+	 * home page with a message. They won't be coming back.
 	 */
-	public static void redirectToInsufficientAuthorizationPage(
+	private static void redirectToInsufficientAuthorizationPage(
 			HttpServletRequest request, HttpServletResponse response) {
 		try {
-			response.sendRedirect(request.getContextPath()
-					+ Controllers.INSUFFICIENT_AUTHORIZATION);
+			DisplayMessage.setMessage(request, INSUFFICIENT_AUTHORIZATION_MESSAGE);
+			response.sendRedirect(request.getContextPath());
 		} catch (IOException e) {
-			log.error("Could not redirect to insufficient authorization page.");
+			log.error("Could not redirect to show insufficient authorization.");
 		}
 	}
 	

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/EmptyController.java

@@ -24,7 +24,6 @@ public class EmptyController extends FreemarkerHttpServlet {
     private static final Map<String, String> urlsToTemplates = new HashMap<String, String>(){
         {
             put("/login", "login.ftl");
-            put("/insufficientAuthorization", "insufficientAuthorization.ftl");
         }
     };
 

webapp/web/templates/freemarker/body/insufficientAuthorization.ftl

@@ -1,11 +0,0 @@
-<#-- $This file is distributed under the terms of the license in /doc/license.txt$ -->
-
-<#-- Template for the insufficient authorization page -->
-
-<section role="region">
-    <h2>Houston...we have a problem</h2>
-    
-    <p>We're sorry, but you are not authorized to view the page you requested. If you think this is an error, please <a href="${urls.contact}" title="Send us a message">contact us</a> and we'll be happy to help.</p>
-
-    <p>Return to the <a href="${urls.home}" title="Head back home">home page</a>.</p>
-</section>