From b3b40d780d8bd31ca9fe4dd55ab017a6ce4124cb Mon Sep 17 00:00:00 2001 From: j2blake Date: Tue, 19 Apr 2011 16:42:27 +0000 Subject: [PATCH] NIHVIVO-2492 Restrict the SiteInfoEditingPage by requested action. --- .../usepages/UseSiteInfoEditingPage.java | 11 +++++++++++ .../controller/freemarker/SiteAdminController.java | 5 ++++- 2 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteInfoEditingPage.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteInfoEditingPage.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteInfoEditingPage.java new file mode 100644 index 000000000..8145e14bf --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/UseSiteInfoEditingPage.java @@ -0,0 +1,11 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** Should we allow the user to use the page for editing the site info? */ +public class UseSiteInfoEditingPage extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java index f7dfe5454..cc1fa93cf 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/SiteAdminController.java @@ -18,6 +18,7 @@ import edu.cornell.mannlib.vedit.util.FormUtils; import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseOntologyEditorPages; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseSiteInfoEditingPage; import edu.cornell.mannlib.vitro.webapp.beans.VClassGroup; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.edit.listing.AllTabsForPortalListingController; @@ -142,7 +143,9 @@ public class SiteAdminController extends FreemarkerHttpServlet { urls.put("portals", urlBuilder.getPortalUrl("/listPortals")); } - urls.put("siteInfo", urlBuilder.getPortalUrl("/editForm", new ParamMap("controller", "Portal", "id", String.valueOf(urlBuilder.getPortalId())))); + if (PolicyHelper.isAuthorizedForAction(vreq, UseSiteInfoEditingPage.class)) { + urls.put("siteInfo", urlBuilder.getPortalUrl("/editForm", new ParamMap("controller", "Portal", "id", String.valueOf(urlBuilder.getPortalId())))); + } if (LoginStatusBean.getBean(vreq).isLoggedInAtLeast(LoginStatusBean.DBA)) { urls.put("menuN3Editor", urlBuilder.getPortalUrl("/menuN3Editor"));