NIHVIVO-3398 Protect the N3 editing controllers, so they can only be accessed if you are logged in.
This commit is contained in:
j2blake
parent
81140d1fb8
commit
b88d1d8743
5 changed files with 38 additions and 8 deletions
|
|
@ -15,6 +15,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAct
|
|||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryFullModel;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.querymodel.QueryUserAccountsModel;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.AccessSpecialDataModels;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditIndividuals;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOntology;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.EditOwnAccount;
|
||||
|
|
@ -139,6 +140,9 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
|
|||
} else if (whatToAuth instanceof QueryUserAccountsModel) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole);
|
||||
|
||||
} else if (whatToAuth instanceof DoFrontEndEditing) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.SELF, userRole);
|
||||
|
||||
} else if (whatToAuth instanceof QueryFullModel) {
|
||||
result = isAuthorized(whatToAuth, RoleLevel.PUBLIC, userRole);
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
/* $This file is distributed under the terms of the license in /doc/license.txt$ */
|
||||
|
||||
package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
|
||||
|
||||
/** Should we allow the user to use font-end editing pages (n3 editing) ? */
|
||||
public class DoFrontEndEditing extends RequestedAction implements
|
||||
UsePagesRequestedAction {
|
||||
// no fields
|
||||
}
|
||||
|
|
@ -13,8 +13,8 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import com.hp.hpl.jena.rdf.model.Model;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Property;
|
||||
|
|
@ -53,7 +53,13 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
|
|||
//TODO: Create this generator
|
||||
final String RDFS_LABEL_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.RDFSLabelGenerator";
|
||||
final String DEFAULT_DELETE_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.DefaultDeleteGenerator";
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new DoFrontEndEditing());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
|
||||
try{
|
||||
|
|
|
|||
|
|
@ -8,6 +8,8 @@ import javax.servlet.http.HttpSession;
|
|||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.UrlBuilder;
|
||||
|
|
@ -27,7 +29,12 @@ public class PostEditCleanupController extends FreemarkerHttpServlet{
|
|||
|
||||
private static Log log = LogFactory.getLog(PostEditCleanupController.class);
|
||||
|
||||
@Override
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new DoFrontEndEditing());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
doPostEditCleanup( vreq );
|
||||
return doPostEditRedirect( vreq, null);
|
||||
|
|
|
|||
|
|
@ -8,9 +8,6 @@ import java.util.HashMap;
|
|||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpSession;
|
||||
|
||||
import org.apache.commons.lang.StringUtils;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
|
|
@ -21,9 +18,10 @@ import com.hp.hpl.jena.rdf.model.Model;
|
|||
import com.hp.hpl.jena.rdf.model.Property;
|
||||
import com.hp.hpl.jena.rdf.model.ResourceFactory;
|
||||
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.Actions;
|
||||
import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.DoFrontEndEditing;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.DataPropertyStatement;
|
||||
import edu.cornell.mannlib.vitro.webapp.beans.Individual;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.FreemarkerHttpServlet;
|
||||
import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.RedirectResponseValues;
|
||||
|
|
@ -36,7 +34,6 @@ import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.AdditionsAndRetracti
|
|||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditConfigurationVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.EditSubmissionUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.FieldVTwo;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.MultiValueEditSubmission;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.N3EditUtils;
|
||||
import edu.cornell.mannlib.vitro.webapp.edit.n3editing.VTwo.ProcessRdfForm;
|
||||
|
|
@ -53,6 +50,11 @@ public class ProcessRdfFormController extends FreemarkerHttpServlet{
|
|||
|
||||
private Log log = LogFactory.getLog(ProcessRdfFormController.class);
|
||||
|
||||
@Override
|
||||
protected Actions requiredActions(VitroRequest vreq) {
|
||||
return new Actions(new DoFrontEndEditing());
|
||||
}
|
||||
|
||||
@Override
|
||||
protected ResponseValues processRequest(VitroRequest vreq) {
|
||||
//get the EditConfiguration
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue