NIHVIVO-2492 Modify FreemarkerHttpServlet and subclasses to be Actions-based. Remove explicit static reliance on the annotation.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java

@@ -39,8 +39,17 @@ public class PolicyHelper {
 	private static final Log log = LogFactory.getLog(PolicyHelper.class);
 
 	/**
-	 * Are the actions that this servlet requires authorized for the current
+	 * Are these actions authorized for the current user by the current
-	 * user by the current policies?
+	 * policies?
+	 */
+	public static boolean isAuthorizedForActions(HttpServletRequest req,
+			RequestedAction... actions) {
+		return isAuthorizedForActions(req, new Actions(actions));
+	}
+	
+	/**
+	 * Are these actions authorized for the current user by the current
+	 * policies?
 	 */
 	public static boolean isAuthorizedForActions(HttpServletRequest req,
 			Actions actions) {

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/Actions.java

@@ -30,8 +30,12 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
 public class Actions {
 	private static final Log log = LogFactory.getLog(Actions.class);
 
+	public static final Actions EMPTY = new Actions();
+	public static final Actions UNAUTHORIZED = new Actions(
+			new UnauthorizedAction());
+
 	public static Actions notNull(Actions actions) {
-		return (actions == null) ? new Actions() : actions;
+		return (actions == null) ? EMPTY : actions;
 	}
 
 	private final List<Set<RequestedAction>> clauseList;
@@ -60,7 +64,7 @@ public class Actions {
 	public Actions or(RequestedAction... newActions) {
 		return or(Arrays.asList(newActions));
 	}
-	
+
 	public Actions or(Collection<RequestedAction> newActions) {
 		return new Actions(this.clauseList, newActions);
 	}
@@ -76,7 +80,11 @@ public class Actions {
 
 	/** No clauses means everything is authorized */
 	public boolean isAuthorized(PolicyIface policy, IdentifierBundle ids) {
-		return clauseList.isEmpty() || isAuthorizedForClauseList(policy, ids);
+		if (clauseList.isEmpty()) {
+			log.debug("Empty Actions is authorized");
+			return true;
+		}
+		return isAuthorizedForClauseList(policy, ids);
 	}
 
 	/** Any entire clause is good enough. */
@@ -111,4 +119,12 @@ public class Actions {
 		return (decision != null)
 				&& (decision.getAuthorized() == Authorization.AUTHORIZED);
 	}
+
+	/**
+	 * Nobody knows about this action class, so only the root user should be
+	 * authorized for it.
+	 */
+	private static class UnauthorizedAction extends RequestedAction {
+		// no members
+	}
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/AllTabsForPortalListingController.java

@@ -13,7 +13,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
 import edu.cornell.mannlib.vitro.webapp.beans.Portal;
 import edu.cornell.mannlib.vitro.webapp.beans.Tab;
@@ -21,13 +21,17 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.dao.TabDao;
 
-@RequiresAuthorizationFor(UseTabEditorPages.class)
 public class AllTabsForPortalListingController extends BaseEditController {
-    
+	public static final Actions REQUIRED_ACTIONS = new Actions(new UseTabEditorPages());
-    private static final int NUM_COLS = 11;
+	
+	private static final int NUM_COLS = 11;
 
     @Override
 	public void doGet(HttpServletRequest request, HttpServletResponse response) {
+    	if (!isAuthorizedToDisplayPage(request, response, REQUIRED_ACTIONS)) {
+    		return;
+    	}
+    	
         VitroRequest vrequest = new VitroRequest(request);
         Portal portal = vrequest.getPortal();
 

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/PortalsListingController.java

@@ -10,18 +10,22 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
 import edu.cornell.mannlib.vitro.webapp.beans.Portal;
 import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.dao.PortalDao;
 
-@RequiresAuthorizationFor(UsePortalEditorPages.class)
 public class PortalsListingController extends BaseEditController {
+	public static final Actions REQUIRED_ACTIONS = new Actions(new UsePortalEditorPages());
 
     @Override
 	public void doGet(HttpServletRequest request, HttpServletResponse response) {
+    	if (!isAuthorizedToDisplayPage(request, response, REQUIRED_ACTIONS)) {
+    		return;
+    	}
+    	
         VitroRequest vrequest = new VitroRequest(request);
         Portal portal = vrequest.getPortal();
 

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/listing/UsersListingController.java

@@ -13,7 +13,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import edu.cornell.mannlib.vedit.controller.BaseEditController;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
 import edu.cornell.mannlib.vitro.webapp.beans.Portal;
 import edu.cornell.mannlib.vitro.webapp.beans.User;
@@ -21,10 +21,10 @@ import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.dao.UserDao;
 
-@RequiresAuthorizationFor(UseEditUserAccountsPages.class)
 public class UsersListingController extends BaseEditController {
+	public static final Actions REQUIRED_ACTIONS = new Actions(new UseEditUserAccountsPages());
 
-    private String[] roleNameStr = new String[51];
+	private String[] roleNameStr = new String[51];
 
     public UsersListingController() {
         roleNameStr[1] = "self editor";
@@ -35,6 +35,10 @@ public class UsersListingController extends BaseEditController {
 
     @Override
 	public void doGet(HttpServletRequest request, HttpServletResponse response) {
+    	if (!isAuthorizedToDisplayPage(request, response, REQUIRED_ACTIONS)) {
+    		return;
+    	}
+    	
         VitroRequest vrequest = new VitroRequest(request);
         Portal portal = vrequest.getPortal();
 

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java

@@ -18,6 +18,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
 import edu.cornell.mannlib.vitro.webapp.beans.DisplayMessage;
 import edu.cornell.mannlib.vitro.webapp.beans.Portal;
@@ -73,7 +74,8 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         }
     }
     
-    public void doGet( HttpServletRequest request, HttpServletResponse response )
+    @Override
+	public void doGet( HttpServletRequest request, HttpServletResponse response )
         throws IOException, ServletException {
         
         super.doGet(request,response);   
@@ -84,7 +86,15 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
 	        Configuration config = getConfig(vreq);
 	        vreq.setAttribute("freemarkerConfig", config);
 	        
-	        ResponseValues responseValues = processRequest(vreq);
+	        ResponseValues responseValues;
+	        
+	        // This method does a redirect if the required authorizations are not met, so just return.
+	    	if (!isAuthorizedToDisplayPage(request, response, requiredActions(vreq))) {
+	            return; 
+	        } else {
+	            responseValues = processRequest(vreq);
+	        }
+
 	        doResponse(vreq, response, responseValues);	 
 	        
     	} catch (TemplateProcessingException e) {
@@ -94,8 +104,9 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         }
     }
 
-    public void doPost(HttpServletRequest request, HttpServletResponse response)
+    @Override
-    throws ServletException, IOException {
+	public void doPost(HttpServletRequest request, HttpServletResponse response)
+        throws ServletException, IOException {
         doGet(request, response);
     }
    
@@ -105,6 +116,21 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
         return loader.getConfig(vreq);
     }
 
+    /**
+     * By default, a page requires authorization for no actions.
+     * Subclasses that require authorization to process their page will override 
+	 *    to return the actions that require authorization.
+	 * In some cases, the choice of actions will depend on the contents of the request.
+	 *
+     * NB This method can't be static, because then the superclass method gets called rather than
+     * the subclass method. For the same reason, it can't refer to a static or instance field
+     * REQUIRED_ACTIONS which is overridden in the subclass.
+     */
+    @SuppressWarnings("unused")
+	protected Actions requiredActions(VitroRequest vreq) {
+        return Actions.EMPTY;
+    }
+    
     // Subclasses will override
     protected ResponseValues processRequest(VitroRequest vreq) {
         return null;

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/ImageUploadController.java

@@ -16,8 +16,7 @@ import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestActionConstants;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt;
@@ -25,11 +24,9 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObject
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.EditObjPropStmt;
 import edu.cornell.mannlib.vitro.webapp.beans.Individual;
 import edu.cornell.mannlib.vitro.webapp.config.ConfigurationProperties;
-import edu.cornell.mannlib.vitro.webapp.controller.Controllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ExceptionResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ForwardResponseValues;
-import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.RedirectResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
 import edu.cornell.mannlib.vitro.webapp.dao.VitroVocabulary;
@@ -42,7 +39,6 @@ import edu.cornell.mannlib.vitro.webapp.filestorage.uploadrequest.FileUploadServ
 /**
  * Handle adding, replacing or deleting the main image on an Individual.
  */
-@RequiresAuthorizationFor(/* restricted page, but checking is done internally. */)
 public class ImageUploadController extends FreemarkerHttpServlet {
 	private static final long serialVersionUID = 1L;
 	private static final Log log = LogFactory
@@ -130,6 +126,34 @@ public class ImageUploadController extends FreemarkerHttpServlet {
 		}
 	}
 
+	/**
+	 * The required action depends on what we are trying to do.
+	 */
+	@Override
+	protected Actions requiredActions(VitroRequest vreq) {
+		try {
+			String action = vreq.getParameter(PARAMETER_ACTION);
+			Individual entity = validateEntityUri(vreq);
+			String imageUri = entity.getMainImageUri();
+
+			RequestedAction ra;
+			if (ACTION_DELETE.equals(action) || ACTION_DELETE_EDIT.equals(action)) {
+				ra = new DropObjectPropStmt(entity.getURI(),
+						VitroVocabulary.IND_MAIN_IMAGE, imageUri);
+			} else if (imageUri != null) {
+				ra = new EditObjPropStmt(entity.getURI(),
+						VitroVocabulary.IND_MAIN_IMAGE, imageUri);
+			} else {
+				ra = new AddDataPropStmt(entity.getURI(),
+						VitroVocabulary.IND_MAIN_IMAGE,
+						RequestActionConstants.SOME_LITERAL, null, null);
+			}
+			return new Actions(ra);
+		} catch (UserMistakeException e) {
+			return Actions.UNAUTHORIZED;
+		}
+	}
+	
 	/**
 	 * <p>
 	 * Parse the multi-part request, process the request, and produce the
@@ -161,13 +185,7 @@ public class ImageUploadController extends FreemarkerHttpServlet {
 				dumpRequestDetails(vreq);
 			}
 
-			// If they aren't authorized to do this, send them to login.
-			if (!checkAuthorized(vreq)) {
-				return new RedirectResponseValues(Controllers.LOGIN);
-			}
-
 			return buildTheResponse(vreq);
-
 		} catch (Exception e) {
 			// log.error("Could not produce response page", e);
 			return new ExceptionResponseValues(e);
@@ -593,39 +611,8 @@ public class ImageUploadController extends FreemarkerHttpServlet {
 		}
 	}
 
-	/**
-	 * If they are logged in as an Editor or better, they can do whatever they
-	 * want.
-	 * 
-	 * Otherwise, they will need to be self-editing, and will need to have
-	 * authorization for this specific operation they are requesting.
-	 */
-	private boolean checkAuthorized(VitroRequest vreq)
-			throws UserMistakeException {
-		String action = vreq.getParameter(PARAMETER_ACTION);
-		Individual entity = validateEntityUri(vreq);
-		String imageUri = entity.getMainImageUri();
-
-		// What are we trying to do? Check if authorized.
-		RequestedAction ra;
-		if (ACTION_DELETE.equals(action) || ACTION_DELETE_EDIT.equals(action)) {
-			ra = new DropObjectPropStmt(entity.getURI(),
-					VitroVocabulary.IND_MAIN_IMAGE, imageUri);
-		} else if (imageUri != null) {
-			ra = new EditObjPropStmt(entity.getURI(),
-					VitroVocabulary.IND_MAIN_IMAGE, imageUri);
-		} else {
-			ra = new AddDataPropStmt(entity.getURI(),
-					VitroVocabulary.IND_MAIN_IMAGE,
-					RequestActionConstants.SOME_LITERAL, null, null);
-		}
-
-		return PolicyHelper.isAuthorizedForAction(vreq, ra);
-	}
-
 	private String getDefaultNamespace() {
 		return ConfigurationProperties.getBean(getServletContext())
 				.getProperty("Vitro.defaultNamespace");
 	}
-
 }

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/MenuN3EditController.java

@@ -5,13 +5,12 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 import java.util.HashMap;
 import java.util.Map;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.TemplateResponseValues;
 
-@RequiresAuthorizationFor(UseMenuEditorPages.class)
 public class MenuN3EditController extends FreemarkerHttpServlet {
 
     protected final static String N3MENU_FORM = "menuN3Edit.ftl"; 
@@ -20,6 +19,13 @@ public class MenuN3EditController extends FreemarkerHttpServlet {
     
     protected final static String N3_PARAM = "navigationN3";
     
+    public final static Actions REQUIRED_ACTIONS = new Actions(new UseMenuEditorPages());
+    
+    @Override
+    protected Actions requiredActions(VitroRequest vreq) {
+    	return REQUIRED_ACTIONS;
+    }
+
     @Override
     protected ResponseValues processRequest(VitroRequest vreq) {
         String n3 = vreq.getParameter(N3_PARAM); 

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java

@@ -5,7 +5,7 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 import java.util.HashMap;
 import java.util.Map;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
 import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -15,11 +15,17 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem
 /**
  * Display the detailed revision information.
  */
-@RequiresAuthorizationFor(SeeRevisionInfo.class)
 public class RevisionInfoController extends FreemarkerHttpServlet {
-    private static final long serialVersionUID = 1L;
+	private static final long serialVersionUID = 1L;
     private static final String TEMPLATE_DEFAULT = "revisionInfo.ftl";
     
+    public static final Actions REQUIRED_ACTIONS = new Actions(new SeeRevisionInfo());
+    
+    @Override
+    protected Actions requiredActions(VitroRequest vreq) {
+    	return REQUIRED_ACTIONS;
+    }
+    
     @Override
     protected ResponseValues processRequest(VitroRequest vreq) {
         Map<String, Object> body = new HashMap<String, Object>();

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java

@@ -15,7 +15,7 @@ import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.util.FormUtils;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
@@ -32,14 +32,20 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener;
 
-@RequiresAuthorizationFor(UseSiteAdminPage.class)
 public class SiteAdminController extends FreemarkerHttpServlet {
 	
     private static final long serialVersionUID = 1L;
     private static final Log log = LogFactory.getLog(SiteAdminController.class);
     private static final String TEMPLATE_DEFAULT = "siteAdmin-main.ftl";
+
+    public static final Actions REQUIRED_ACTIONS = new Actions(new UseSiteAdminPage());
     
     @Override
+	protected Actions requiredActions(VitroRequest vreq) {
+    	return REQUIRED_ACTIONS;
+	}
+
+	@Override
 	public String getTitle(String siteName, VitroRequest vreq) {
         return siteName + " Site Administration";
 	}
@@ -114,25 +120,25 @@ public class SiteAdminController extends FreemarkerHttpServlet {
         Map<String, Object> map = new HashMap<String, Object>();
         Map<String, String> urls = new HashMap<String, String>();
 
-		if (PolicyHelper.isAuthorizedForServlet(vreq, AllTabsForPortalListingController.class)) {
+		if (PolicyHelper.isAuthorizedForActions(vreq, AllTabsForPortalListingController.REQUIRED_ACTIONS)) {
 			urls.put("tabs", urlBuilder.getPortalUrl("/listTabs"));
 		}
         
-        if (PolicyHelper.isAuthorizedForServlet(vreq, UsersListingController.class)) {                
+        if (PolicyHelper.isAuthorizedForActions(vreq, UsersListingController.REQUIRED_ACTIONS)) {                
             urls.put("users", urlBuilder.getPortalUrl("/listUsers"));
         }
 
-        if (PolicyHelper.isAuthorizedForServlet(vreq, PortalsListingController.class)) {
+        if (PolicyHelper.isAuthorizedForActions(vreq, PortalsListingController.REQUIRED_ACTIONS)) {
         	if ((!vreq.getFullWebappDaoFactory().getPortalDao().isSinglePortal())) {
 				urls.put("portals", urlBuilder.getPortalUrl("/listPortals"));
 			}
 		}
  
-		if (PolicyHelper.isAuthorizedForAction(vreq, UseSiteInfoEditingPage.class)) {
+		if (PolicyHelper.isAuthorizedForActions(vreq, new UseSiteInfoEditingPage())) {
 			urls.put("siteInfo", urlBuilder.getPortalUrl("/editForm", new ParamMap("controller", "Portal", "id", String.valueOf(urlBuilder.getPortalId()))));
 		}
 
-		if (PolicyHelper.isAuthorizedForServlet(vreq, MenuN3EditController.class)) {
+		if (PolicyHelper.isAuthorizedForActions(vreq, MenuN3EditController.REQUIRED_ACTIONS)) {
             urls.put("menuN3Editor", urlBuilder.getPortalUrl("/menuN3Editor"));            
         }
         

webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/IndexController.java

@@ -8,7 +8,7 @@ import java.util.Map;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
@@ -29,11 +29,15 @@ import edu.cornell.mannlib.vitro.webapp.search.indexing.IndexBuilder;
  *
  * @author bdc34
  */
-@RequiresAuthorizationFor(UseMiscellaneousAdminPages.class)
 public class IndexController extends FreemarkerHttpServlet {
 	
 	private static final Log log = LogFactory.getLog(IndexController.class);
 	
+	@Override
+	protected Actions requiredActions(VitroRequest vreq) {
+		return new Actions(new UseMiscellaneousAdminPages());
+	}
+	
     @Override
     protected String getTitle(String siteName, VitroRequest vreq) {
         return "Full Search Index Rebuild";

webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java

@@ -47,11 +47,11 @@ public class User extends BaseTemplateModel {
     }
     
     public boolean getHasSiteAdminAccess() {
-    	return PolicyHelper.isAuthorizedForServlet(vreq, SiteAdminController.class);
+    	return PolicyHelper.isAuthorizedForActions(vreq, SiteAdminController.REQUIRED_ACTIONS);
     }
     
     public boolean getHasRevisionInfoAccess() {
-    	return PolicyHelper.isAuthorizedForServlet(vreq, RevisionInfoController.class);
+    	return PolicyHelper.isAuthorizedForActions(vreq, RevisionInfoController.REQUIRED_ACTIONS);
     }
     
     public boolean getShowFlag1SearchField() {

webapp/test/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelperTest.java

@@ -54,7 +54,7 @@ public class PolicyHelperTest extends AbstractTestClass {
 	public void authorizedForActionsNull() {
 		createPolicy();
 		assertEquals("null actions", true,
-				PolicyHelper.isAuthorizedForActions(req, null));
+				PolicyHelper.isAuthorizedForActions(req, (Actions) null));
 	}
 
 	@Test
@@ -117,103 +117,103 @@ public class PolicyHelperTest extends AbstractTestClass {
 	// ----------------------------------------------------------------------
 	// ----------------------------------------------------------------------
 
-	@Test
+//	@Test
-	public void noAnnotation() {
+//	public void noAnnotation() {
-		createPolicy();
+//		createPolicy();
-		assertExpectedAuthorization("no actions required",
+//		assertExpectedAuthorization("no actions required",
-				NoAnnotationServlet.class, true);
+//				NoAnnotationServlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void noRequirements() {
+//	public void noRequirements() {
-		createPolicy();
+//		createPolicy();
-		assertExpectedAuthorization("no actions required",
+//		assertExpectedAuthorization("no actions required",
-				NoRequirementsServlet.class, true);
+//				NoRequirementsServlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneRequirementFail() {
+//	public void oneRequirementFail() {
-		createPolicy();
+//		createPolicy();
-		assertExpectedAuthorization("requires Action1", Action1Servlet.class,
+//		assertExpectedAuthorization("requires Action1", Action1Servlet.class,
-				false);
+//				false);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneRequirementSucceed() {
+//	public void oneRequirementSucceed() {
-		createPolicy(new Action1());
+//		createPolicy(new Action1());
-		assertExpectedAuthorization("requires Action1", Action1Servlet.class,
+//		assertExpectedAuthorization("requires Action1", Action1Servlet.class,
-				true);
+//				true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void twoRequirementsFailOne() {
+//	public void twoRequirementsFailOne() {
-		createPolicy(new Action1());
+//		createPolicy(new Action1());
-		assertExpectedAuthorization("requires Actions 1 and 2",
+//		assertExpectedAuthorization("requires Actions 1 and 2",
-				Action1AndAction2Servlet.class, false);
+//				Action1AndAction2Servlet.class, false);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void twoRequirementsFailTwo() {
+//	public void twoRequirementsFailTwo() {
-		createPolicy(new Action2());
+//		createPolicy(new Action2());
-		assertExpectedAuthorization("requires Actions 1 and 2",
+//		assertExpectedAuthorization("requires Actions 1 and 2",
-				Action1AndAction2Servlet.class, false);
+//				Action1AndAction2Servlet.class, false);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void twoRequirementsSucceed() {
+//	public void twoRequirementsSucceed() {
-		createPolicy(new Action2(), new Action1());
+//		createPolicy(new Action2(), new Action1());
-		assertExpectedAuthorization("requires Actions 1 and 2",
+//		assertExpectedAuthorization("requires Actions 1 and 2",
-				Action1AndAction2Servlet.class, true);
+//				Action1AndAction2Servlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoFail() {
+//	public void oneOrTwoFail() {
-		createPolicy();
+//		createPolicy();
-		assertExpectedAuthorization("requires Action 1 or 2",
+//		assertExpectedAuthorization("requires Action 1 or 2",
-				Action1OrAction2Servlet.class, false);
+//				Action1OrAction2Servlet.class, false);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoSucceedOne() {
+//	public void oneOrTwoSucceedOne() {
-		createPolicy(new Action1());
+//		createPolicy(new Action1());
-		assertExpectedAuthorization("requires Action 1 or 2",
+//		assertExpectedAuthorization("requires Action 1 or 2",
-				Action1OrAction2Servlet.class, true);
+//				Action1OrAction2Servlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoSucceedTwo() {
+//	public void oneOrTwoSucceedTwo() {
-		createPolicy(new Action2());
+//		createPolicy(new Action2());
-		assertExpectedAuthorization("requires Action 1 or 2",
+//		assertExpectedAuthorization("requires Action 1 or 2",
-				Action1OrAction2Servlet.class, true);
+//				Action1OrAction2Servlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoOrThreeFail() {
+//	public void oneOrTwoOrThreeFail() {
-		createPolicy();
+//		createPolicy();
-		assertExpectedAuthorization("requires Action 1 or 2 or 3",
+//		assertExpectedAuthorization("requires Action 1 or 2 or 3",
-				Action1OrAction2OrAction3Servlet.class, false);
+//				Action1OrAction2OrAction3Servlet.class, false);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoOrThreeSucceedOne() {
+//	public void oneOrTwoOrThreeSucceedOne() {
-		createPolicy(new Action1());
+//		createPolicy(new Action1());
-		assertExpectedAuthorization("requires Action 1 or 2 or 3",
+//		assertExpectedAuthorization("requires Action 1 or 2 or 3",
-				Action1OrAction2OrAction3Servlet.class, true);
+//				Action1OrAction2OrAction3Servlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoOrThreeSucceedTwo() {
+//	public void oneOrTwoOrThreeSucceedTwo() {
-		createPolicy(new Action2());
+//		createPolicy(new Action2());
-		assertExpectedAuthorization("requires Action 1 or 2 or 3",
+//		assertExpectedAuthorization("requires Action 1 or 2 or 3",
-				Action1OrAction2OrAction3Servlet.class, true);
+//				Action1OrAction2OrAction3Servlet.class, true);
-	}
+//	}
-
+//
-	@Test
+//	@Test
-	public void oneOrTwoOrThreeSucceedThree() {
+//	public void oneOrTwoOrThreeSucceedThree() {
-		createPolicy(new Action3());
+//		createPolicy(new Action3());
-		assertExpectedAuthorization("requires Action 1 or 2 or 3",
+//		assertExpectedAuthorization("requires Action 1 or 2 or 3",
-				Action1OrAction2OrAction3Servlet.class, true);
+//				Action1OrAction2OrAction3Servlet.class, true);
-	}
+//	}
 
 	// ----------------------------------------------------------------------
 	// Helper methods
@@ -223,11 +223,11 @@ public class PolicyHelperTest extends AbstractTestClass {
 		ServletPolicyList.addPolicy(ctx, new MySimplePolicy(authorizedActions));
 	}
 
-	private void assertExpectedAuthorization(String label,
+//	private void assertExpectedAuthorization(String label,
-			Class<? extends VitroHttpServlet> servletClass, boolean expected) {
+//			Class<? extends VitroHttpServlet> servletClass, boolean expected) {
-		boolean actual = PolicyHelper.isAuthorizedForServlet(req, servletClass);
+//		boolean actual = PolicyHelper.isAuthorizedForServlet(req, servletClass);
-		assertEquals(label, expected, actual);
+//		assertEquals(label, expected, actual);
-	}
+//	}
 
 	// ----------------------------------------------------------------------
 	// Helper Classes