NIHVIVO-2492 Restrict Individual editing by UseIndividualEditorPages requested action, and use of SiteAdmin page by UseSiteAdminPage.
This commit is contained in:
j2blake
parent
4e4566c55f
commit
ab48ef4a9c
6 changed files with 38 additions and 27 deletions
|
|
@ -14,9 +14,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
|
||||
|
||||
|
|
@ -53,6 +55,10 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
|
|||
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
|
||||
} else if (whatToAuth instanceof UseTabEditorPages) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
|
||||
} else if (whatToAuth instanceof UseIndividualEditorPages) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
|
||||
} else if (whatToAuth instanceof UseSiteAdminPage) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
|
||||
} else {
|
||||
result = defaultDecision("Unrecognized action");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
|
||||
/** Should we allow the user to use the pages for editing individuals? */
|
||||
public class UseIndividualEditorPages extends RequestedAction implements
|
||||
UsePagesRequestedAction {
|
||||
// no fields
|
||||
}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
|
||||
/** Should we allow the user to use the Site Admin page? */
|
||||
public class UseSiteAdminPage extends RequestedAction implements
|
||||
UsePagesRequestedAction {
|
||||
// no fields
|
||||
}
|
||||
|
|
@ -13,11 +13,13 @@ import java.util.Set;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vedit.util.FormUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteInfoEditingPage;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
|
|
@ -30,43 +32,27 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem
|
|||
import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
|
||||
import edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener;
|
||||
|
||||
@RequiresAuthorizationFor(UseSiteAdminPage.class)
|
||||
public class SiteAdminController extends FreemarkerHttpServlet {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
private static final Log log = LogFactory.getLog(SiteAdminController.class);
|
||||
private static final String TEMPLATE_DEFAULT = "siteAdmin-main.ftl";
|
||||
private static final int REQUIRED_LOGIN_LEVEL = LoginStatusBean.EDITOR;
|
||||
|
||||
@Override
|
||||
public String getTitle(String siteName, VitroRequest vreq) {
|
||||
return siteName + " Site Administration";
|
||||
}
|
||||
|
||||
/* requiredLoginLevel() must be an instance method, else, due to the way sublcass
|
||||
* hiding works, when called from FreemarkerHttpServlet we will get its own method,
|
||||
* rather than the subclass method. To figure out whether to display links at the
|
||||
* page level, we need another, static method.
|
||||
*/
|
||||
public static int staticRequiredLoginLevel() {
|
||||
return REQUIRED_LOGIN_LEVEL;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected int requiredLoginLevel() {
|
||||
return staticRequiredLoginLevel();
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
// Note that we don't get here unless logged in at least at editor level, due
|
||||
// to requiresLoginLevel().
|
||||
LoginStatusBean loginBean = LoginStatusBean.getBean(vreq);
|
||||
|
||||
Map<String, Object> body = new HashMap<String, Object>();
|
||||
|
||||
UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal());
|
||||
|
||||
body.put("dataInput", getDataInputData(vreq));
|
||||
if (PolicyHelper.isAuthorizedForAction(vreq, UseIndividualEditorPages.class)) {
|
||||
body.put("dataInput", getDataInputData(vreq));
|
||||
}
|
||||
|
||||
body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
|
||||
|
||||
|
|
|
|||
|
|
@ -2,13 +2,11 @@
|
|||
|
||||
package edu.cornell.mannlib.vitro.webapp.web.templatemodels;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.RevisionInfoController;
|
||||
|
|
@ -19,7 +17,6 @@ public class User extends BaseTemplateModel {
|
|||
private static final Log log = LogFactory.getLog(User.class);
|
||||
|
||||
private enum Access {
|
||||
SITE_ADMIN(SiteAdminController.staticRequiredLoginLevel()),
|
||||
REVISION_INFO(RevisionInfoController.staticRequiredLoginLevel()),
|
||||
FILTER_SECURITY(LoginStatusBean.EDITOR);
|
||||
|
||||
|
|
@ -51,7 +48,7 @@ public class User extends BaseTemplateModel {
|
|||
}
|
||||
|
||||
public boolean getHasSiteAdminAccess() {
|
||||
return loginBean.isLoggedInAtLeast(Access.SITE_ADMIN.requiredLoginLevel());
|
||||
return PolicyHelper.isAuthorizedForServlet(vreq, SiteAdminController.class);
|
||||
}
|
||||
|
||||
public boolean getHasRevisionInfoAccess() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue