NIHVIVO-2492 Restrict Individual editing by UseIndividualEditorPages requested action, and use of SiteAdmin page by UseSiteAdminPage.

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java

@@ -14,9 +14,11 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMenuEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UsePortalEditorPages;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseTabEditorPages;
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 
@@ -53,6 +55,10 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 			result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
 		} else if (whatToAuth instanceof UseTabEditorPages) {
 			result = isAuthorized(whatToAuth, RoleLevel.CURATOR, userRole);
+		} else if (whatToAuth instanceof UseIndividualEditorPages) {
+			result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
+		} else if (whatToAuth instanceof UseSiteAdminPage) {
+			result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
 		} else {
 			result = defaultDecision("Unrecognized action");
 		}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseIndividualEditorPages.java

@@ -0,0 +1,11 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+
+/** Should we allow the user to use the pages for editing individuals? */
+public class UseIndividualEditorPages extends RequestedAction implements
+		UsePagesRequestedAction {
+	// no fields
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteAdminPage.java

@@ -0,0 +1,11 @@
+/* $This file is distributed under the terms of the license in /doc/license.txt$ */
+
+package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
+
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
+
+/** Should we allow the user to use the Site Admin page? */
+public class UseSiteAdminPage extends RequestedAction implements
+		UsePagesRequestedAction {
+	// no fields
+}

webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java

@@ -13,11 +13,13 @@ import java.util.Set;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
-import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vedit.util.FormUtils;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteAdminPage;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteInfoEditingPage;
 import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
@@ -30,43 +32,27 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem
 import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 import edu.cornell.mannlib.vitro.webapp.dao.jena.pellet.PelletListener;
 
+@RequiresAuthorizationFor(UseSiteAdminPage.class)
 public class SiteAdminController extends FreemarkerHttpServlet {
 	
     private static final long serialVersionUID = 1L;
     private static final Log log = LogFactory.getLog(SiteAdminController.class);
     private static final String TEMPLATE_DEFAULT = "siteAdmin-main.ftl";
-    private static final int REQUIRED_LOGIN_LEVEL = LoginStatusBean.EDITOR;
     
     @Override
 	public String getTitle(String siteName, VitroRequest vreq) {
         return siteName + " Site Administration";
 	}
 
-    /* requiredLoginLevel() must be an instance method, else, due to the way sublcass
-     * hiding works, when called from FreemarkerHttpServlet we will get its own method,
-     * rather than the subclass method. To figure out whether to display links at the
-     * page level, we need another, static method.
-     */
-    public static int staticRequiredLoginLevel() {
-        return REQUIRED_LOGIN_LEVEL;
-    }
-
-    @Override
-    protected int requiredLoginLevel() {
-        return staticRequiredLoginLevel();
-    }
-    
     @Override
     protected ResponseValues processRequest(VitroRequest vreq) {
-        // Note that we don't get here unless logged in at least at editor level, due
-        // to requiresLoginLevel().
-    	LoginStatusBean loginBean = LoginStatusBean.getBean(vreq);
-    	
         Map<String, Object> body = new HashMap<String, Object>();        
 
         UrlBuilder urlBuilder = new UrlBuilder(vreq.getPortal());
         
-        body.put("dataInput", getDataInputData(vreq));
+    	if (PolicyHelper.isAuthorizedForAction(vreq, UseIndividualEditorPages.class)) {
+    		body.put("dataInput", getDataInputData(vreq));
+    	}
 
         body.put("siteConfig", getSiteConfigurationData(vreq, urlBuilder));
 

webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java

@@ -2,13 +2,11 @@
 
 package edu.cornell.mannlib.vitro.webapp.web.templatemodels;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper;
 import edu.cornell.mannlib.vitro.webapp.beans.ApplicationBean;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.RevisionInfoController;
@@ -19,7 +17,6 @@ public class User extends BaseTemplateModel {
     private static final Log log = LogFactory.getLog(User.class);
     
     private enum Access {
-        SITE_ADMIN(SiteAdminController.staticRequiredLoginLevel()),
         REVISION_INFO(RevisionInfoController.staticRequiredLoginLevel()),
         FILTER_SECURITY(LoginStatusBean.EDITOR);
         
@@ -51,7 +48,7 @@ public class User extends BaseTemplateModel {
     }
     
     public boolean getHasSiteAdminAccess() {
-        return loginBean.isLoggedInAtLeast(Access.SITE_ADMIN.requiredLoginLevel());
+    	return PolicyHelper.isAuthorizedForServlet(vreq, SiteAdminController.class);
     }
     
     public boolean getHasRevisionInfoAccess() {

webapp/web/templates/freemarker/body/siteAdmin/siteAdmin-dataInput.ftl

@@ -4,7 +4,7 @@
 
 <#import "lib-form.ftl" as form>
 
-<#if dataInput??>
+<#if dataInput?hasContent>
     <div class="pageBodyGroup">
         
         <h3>Data Input</h3>