NIHVIVO-2492 Modify AJAX controllers to be Actions-based.

2011-04-26 18:03:39 +00:00 · 2011-04-26 18:03:39 +00:00 · a1e87a10b9
commit a1e87a10b9
parent 50e7e2099f
8 changed files with 67 additions and 35 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@ -102,29 +102,6 @@ public class PolicyHelper {
 		Or[] or() default @Or();
 	}
 	/**
 	 * Are the actions that this servlet requires authorized for the current
 	 * user by the current policies?
 	 */
 	public static boolean isAuthorizedForServlet(HttpServletRequest req,
 			HttpServlet servlet) {
 		return isAuthorizedForServlet(req, servlet.getClass());
 	}
 	/**
 	 * Are the actions that this servlet class requires authorized for the
 	 * current user by the current policies?
 	 */
 	public static boolean isAuthorizedForServlet(HttpServletRequest req,
 			Class<? extends HttpServlet> servletClass) {
 		try {
 			return isAuthorizedForActionClauses(req,
 					ActionClauses.forServletClass(servletClass));
 		} catch (PolicyHelperException e) {
 			return false;
 		}
 	}
 	/**
 	 * Is this action class authorized for the current user by the current
 	 * policies?
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/Actions.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/Actions.java
@ -7,6 +7,7 @@ import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Set;
@ -114,12 +115,34 @@ public class Actions {
 	private static boolean isAuthorizedForAction(PolicyIface policy,
 			IdentifierBundle ids, RequestedAction action) {
 		PolicyDecision decision = policy.isAuthorized(ids, action);
-		log.debug("decision for '" + action.getClass().getName() + "' was: "
+		log.debug("decision for '" + action.getClass().getSimpleName() + "' was: "
 				+ decision);
 		return (decision != null)
 				&& (decision.getAuthorized() == Authorization.AUTHORIZED);
 	}
 	@Override
 	public String toString() {
 		StringBuffer sb = new StringBuffer("Actions[");
 		for (Iterator<Set<RequestedAction>> cit = clauseList.iterator(); cit.hasNext();) {
 			Set<RequestedAction> clause = cit.next();
 			sb.append("(");
 			for (Iterator<RequestedAction> it = clause.iterator(); it.hasNext();) {
 				RequestedAction action = it.next();
 				sb.append(action.getClass().getSimpleName());
 				if (it.hasNext()) {
 					sb.append(", ");
 				}
 			}
 			sb.append(")");
 			if (cit.hasNext()) {
 				sb.append(" or ");
 			}
 		}
 		sb.append("]");
 		return sb.toString();
 	}
 	/**
 	 * Nobody knows about this action class, so only the root user should be
 	 * authorized for it.
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/SparqlQueryAjaxController.java
@ -25,7 +25,7 @@ import com.hp.hpl.jena.query.ResultSetFormatter;
 import com.hp.hpl.jena.query.Syntax;
 import com.hp.hpl.jena.rdf.model.Model;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -35,7 +35,6 @@ import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 * 
 * The result is delivered in JSON format.
 */
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
 public class SparqlQueryAjaxController extends VitroAjaxController {
 	private static final Log log = LogFactory
 			.getLog(SparqlQueryAjaxController.class);
@ -43,6 +42,11 @@ public class SparqlQueryAjaxController extends VitroAjaxController {
 	private static final String PARAMETER_QUERY = "query";
 	private static final String RESPONSE_MIME_TYPE = "application/javascript";
    @Override
    protected Actions requiredActions(VitroRequest vreq) {
    	return new Actions(new UseBasicAjaxControllers());
    }
 	@Override
 	protected void doRequest(VitroRequest vreq, HttpServletResponse response)
 			throws ServletException, IOException {
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/ajax/VitroAjaxController.java
@ -16,6 +16,7 @@ import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerConfigurationLoader;
 import freemarker.template.Configuration;
@ -42,7 +43,7 @@ public abstract class VitroAjaxController extends HttpServlet {
 	protected final void doGet(HttpServletRequest req, HttpServletResponse resp)
 			throws ServletException, IOException {
 		VitroRequest vreq = new VitroRequest(req);
-		if (PolicyHelper.isAuthorizedForServlet(vreq, this)) {
+		if (PolicyHelper.isAuthorizedForActions(vreq, requiredActions(vreq))) {
 			doRequest(vreq, resp);
 		} else {
 			resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Not authorized");
@ -58,6 +59,17 @@ public abstract class VitroAjaxController extends HttpServlet {
 		doGet(req, resp);
 	}
    /**
     * By default, a controller requires authorization for no actions.
     * Subclasses that require authorization to process their page will override 
 	 *    to return the actions that require authorization.
 	 * In some cases, the choice of actions will depend on the contents of the request.
     */
    @SuppressWarnings("unused")
 	protected Actions requiredActions(VitroRequest vreq) {
        return Actions.EMPTY;
    }
 	/** 
 	 * Returns the current Freemarker Configuration so the controller can process
 	 * its data through a template.
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveDelete.java
@ -9,7 +9,7 @@ import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@ -17,12 +17,16 @@ import edu.cornell.mannlib.vitro.webapp.dao.IndividualDao;
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
 public class PrimitiveDelete extends VitroAjaxController {
    private static final long serialVersionUID = 1L;
    private static final Log log = LogFactory.getLog(PrimitiveDelete.class);  
    @Override
    protected Actions requiredActions(VitroRequest vreq) {
    	return new Actions(new UseBasicAjaxControllers());
    }
    @Override
    protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/PrimitiveRdfEdit.java
@ -21,7 +21,7 @@ import com.hp.hpl.jena.rdf.model.Model;
 import com.hp.hpl.jena.shared.Lock;
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@ -29,11 +29,15 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.DependentResourceDeleteJena;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.event.EditEvent;
 import edu.cornell.mannlib.vitro.webapp.edit.n3editing.EditN3Utils;
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
 public class PrimitiveRdfEdit extends VitroAjaxController {
    private static final long serialVersionUID = 1L;
    @Override
    protected Actions requiredActions(VitroRequest vreq) {
    	return new Actions(new UseBasicAjaxControllers());
    }
    @Override
    protected void doRequest(VitroRequest vreq,
            HttpServletResponse response) throws ServletException, IOException {
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/edit/ReorderController.java
@ -8,7 +8,7 @@ import org.apache.commons.httpclient.HttpStatus;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
 import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@ -24,7 +24,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 * @author rjy7
 *
 */
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
 public class ReorderController extends VitroAjaxController {
    private static final long serialVersionUID = 1L;
@ -34,6 +33,11 @@ public class ReorderController extends VitroAjaxController {
    private static String INDIVIDUAL_PREDICATE_PARAMETER_NAME = "individuals";
    @Override
    protected Actions requiredActions(VitroRequest vreq) {
    	return new Actions(new UseBasicAjaxControllers());
    }
   @Override
    protected void doRequest(VitroRequest vreq, HttpServletResponse response) {
        String errorMsg = null;
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/search/controller/AutocompleteController.java
@ -33,7 +33,7 @@ import org.json.JSONArray;
 import com.hp.hpl.jena.sparql.lib.org.json.JSONObject;
-import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseBasicAjaxControllers;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.ajax.VitroAjaxController;
@ -47,7 +47,6 @@ import edu.cornell.mannlib.vitro.webapp.search.lucene.LuceneSetup;
 * AutocompleteController generates autocomplete content
 * through a Lucene search. 
 */
@RequiresAuthorizationFor(UseBasicAjaxControllers.class)
 public class AutocompleteController extends VitroAjaxController {
    private static final long serialVersionUID = 1L;
@ -60,6 +59,11 @@ public class AutocompleteController extends VitroAjaxController {
    String NORESULT_MSG = "";    
    private int defaultMaxSearchSize= 1000;
    @Override
    protected Actions requiredActions(VitroRequest vreq) {
    	return new Actions(new UseBasicAjaxControllers());
    }
    @Override
    protected void doRequest(VitroRequest vreq, HttpServletResponse response)
        throws IOException, ServletException {