From ab48ef4a9c4672e6a260946a5a6761c3b5095f62 Mon Sep 17 00:00:00 2001 From: j2blake Date: Tue, 19 Apr 2011 18:49:17 +0000 Subject: [PATCH] NIHVIVO-2492 Restrict Individual editing by UseIndividualEditorPages requested action, and use of SiteAdmin page by UseSiteAdminPage. --- .../UseRestrictedPagesByRoleLevelPolicy.java | 6 ++++ .../usepages/UseIndividualEditorPages.java | 11 ++++++++ .../usepages/UseSiteAdminPage.java | 11 ++++++++ .../freemarker/SiteAdminController.java | 28 +++++-------------- .../vitro/webapp/web/templatemodels/User.java | 7 ++--- .../body/siteAdmin/siteAdmin-dataInput.ftl | 2 +- 6 files changed, 38 insertions(+), 27 deletions(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseIndividualEditorPages.java create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteAdminPage.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 20c593d89..62e705d76 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -14,9 +14,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; @@ -53,6 +55,10 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); } else if (whatToAuth instanceof UseTabEditorPages) { result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole); + } else if (whatToAuth instanceof UseIndividualEditorPages) { + result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); + } else if (whatToAuth instanceof UseSiteAdminPage) { + result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); } else { result = defaultDecision("Unrecognized action"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseIndividualEditorPages.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseIndividualEditorPages.java new file mode 100644 index 000000000..7d195ce40 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseIndividualEditorPages.java @@ -0,0 +1,11 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to use the pages for editing individuals? */ +public class UseIndividualEditorPages extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteAdminPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteAdminPage.java new file mode 100644 index 000000000..32731bd8f --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteAdminPage.java @@ -0,0 +1,11 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to use the Site Admin page? */ +public class UseSiteAdminPage extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index 4205d8759..40b63a772 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -13,11 +13,13 @@ import java.util.Set; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteInfoEditingPage; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; @@ -30,43 +32,27 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; import edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener; +@RequiresAuthorizationFor(UseSiteAdminPage.class) public class SiteAdminController extends FreemarkerHttpServlet { private static final long serialVersionUID = 1L; private static final Log log = LogFactory.getLog(SiteAdminController.class); private static final String TEMPLATE_DEFAULT = "siteAdmin-main.ftl"; - private static final int REQUIRED_LOGIN_LEVEL = LoginStatusBean.EDITOR; @Override public String getTitle(String siteName, VitroRequest vreq) { return siteName + " Site Administration"; } - /* requiredLoginLevel() must be an instance method, else, due to the way sublcass - * hiding works, when called from FreemarkerHttpServlet we will get its own method, - * rather than the subclass method. To figure out whether to display links at the - * page level, we need another, static method. - */ - public static int staticRequiredLoginLevel() { - return REQUIRED_LOGIN_LEVEL; - } - - @Override - protected int requiredLoginLevel() { - return staticRequiredLoginLevel(); - } - @Override protected ResponseValues processRequest(VitroRequest vreq) { - // Note that we don't get here unless logged in at least at editor level, due - // to requiresLoginLevel(). - LoginStatusBean loginBean = LoginStatusBean.getBean(vreq); - Map body = new HashMap(); UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal()); - body.put("dataInput", getDataInputData(vreq)); + if (PolicyHelper.isAuthorizedForAction(vreq, UseIndividualEditorPages.class)) { + body.put("dataInput", getDataInputData(vreq)); + } body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder)); diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java index fec37139c..c6124bcc7 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java @@ -2,13 +2,11 @@ package edu.cornell.mannlib.vitro.webapp.web.templatemodels; -import java.util.HashMap; -import java.util.Map; - import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.RevisionInfoController; @@ -19,7 +17,6 @@ public class User extends BaseTemplateModel { private static final Log log = LogFactory.getLog(User.class); private enum Access { - SITE_ADMIN(SiteAdminController.staticRequiredLoginLevel()), REVISION_INFO(RevisionInfoController.staticRequiredLoginLevel()), FILTER_SECURITY(LoginStatusBean.EDITOR); @@ -51,7 +48,7 @@ public class User extends BaseTemplateModel { } public boolean getHasSiteAdminAccess() { - return loginBean.isLoggedInAtLeast(Access.SITE_ADMIN.requiredLoginLevel()); + return PolicyHelper.isAuthorizedForServlet(vreq, SiteAdminController.class); } public boolean getHasRevisionInfoAccess() { diff --git a/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-dataInput.ftl b/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-dataInput.ftl index bfb94af0c..bbb2cb894 100644 --- a/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-dataInput.ftl +++ b/webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-dataInput.ftl @@ -4,7 +4,7 @@ <#import "lib-form.ftl" as form> -<#if dataInput??> +<#if dataInput?hasContent>

Data Input