diff --git a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java index ec000a661..d69f8665a 100644 --- a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java +++ b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java @@ -20,27 +20,9 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory; public class LoginStatusBean { private static final Log log = LogFactory.getLog(LoginStatusBean.class); - /** - * Security level when the user has not logged in. Also used as a minimum - * level when we want to include every user, logged in or not. - */ - public static final int ANYBODY = 0; - - /** Security level when a user with no privileges is logged in. */ - public static final int NON_EDITOR = 1; - - /** Security level when an authorized editor is logged in. */ - public static final int EDITOR = 4; - - /** Security level when an authorized curator is logged in. */ - public static final int CURATOR = 5; - - /** Security level when a system administrator is logged in. */ - public static final int DBA = 50; - /** A bean to return when the user has not logged in. */ private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("", - "", ANYBODY, AuthenticationSource.UNKNOWN); + "", AuthenticationSource.UNKNOWN); /** The bean is attached to the session by this name. */ private static final String ATTRIBUTE_NAME = "loginStatus"; @@ -137,14 +119,12 @@ public class LoginStatusBean { private final String userURI; private final String username; - private final int securityLevel; private final AuthenticationSource authenticationSource; - public LoginStatusBean(String userURI, String username, int securityLevel, + public LoginStatusBean(String userURI, String username, AuthenticationSource authenticationSource) { this.userURI = userURI; this.username = username; - this.securityLevel = securityLevel; this.authenticationSource = authenticationSource; } @@ -156,10 +136,6 @@ public class LoginStatusBean { return username; } - public int getSecurityLevel() { - return securityLevel; - } - public AuthenticationSource getAuthenticationSource() { return authenticationSource; } @@ -175,7 +151,6 @@ public class LoginStatusBean { @Override public String toString() { return "LoginStatusBean[userURI=" + userURI + ", username=" + username - + ", securityLevel=" + securityLevel + ", authenticationSource=" + authenticationSource + "]"; } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java index b5373268c..e7b44267c 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java @@ -31,9 +31,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent; * The "standard" implementation of Authenticator. */ public class BasicAuthenticator extends Authenticator { - /** User roles are recorded in the model like "role:/50", etc. */ - private static final String ROLE_NAMESPACE = "role:/"; - private static final Log log = LogFactory.getLog(BasicAuthenticator.class); private final HttpServletRequest request; @@ -105,25 +102,20 @@ public class BasicAuthenticator extends Authenticator { recordLoginOnUserRecord(user); String userUri = user.getURI(); - int securityLevel = parseUserSecurityLevel(user); - recordLoginWithOrWithoutUserAccount(username, userUri, securityLevel, - authSource); + recordLoginWithOrWithoutUserAccount(username, userUri, authSource); } @Override public void recordLoginWithoutUserAccount(String username, String individualUri, AuthenticationSource authSource) { - int securityLevel = LoginStatusBean.NON_EDITOR; - recordLoginWithOrWithoutUserAccount(username, individualUri, securityLevel, - authSource); + recordLoginWithOrWithoutUserAccount(username, individualUri, authSource); } /** This much is in common on login, whether or not you have a user account. */ private void recordLoginWithOrWithoutUserAccount(String username, - String userUri, int securityLevel, AuthenticationSource authSource) { + String userUri, AuthenticationSource authSource) { HttpSession session = request.getSession(); - createLoginStatusBean(username, userUri, securityLevel, authSource, - session); + createLoginStatusBean(username, userUri, authSource, session); setSessionTimeoutLimit(session); recordInUserSessionMap(userUri, session); notifyOtherUsers(userUri, session); @@ -144,10 +136,8 @@ public class BasicAuthenticator extends Authenticator { * Put the login bean into the session. */ private void createLoginStatusBean(String username, String userUri, - int securityLevel, AuthenticationSource authSource, - HttpSession session) { - LoginStatusBean lsb = new LoginStatusBean(userUri, username, - securityLevel, authSource); + AuthenticationSource authSource, HttpSession session) { + LoginStatusBean lsb = new LoginStatusBean(userUri, username, authSource); LoginStatusBean.setBean(session, lsb); log.debug("Adding status bean: " + lsb); } @@ -318,23 +308,4 @@ public class BasicAuthenticator extends Authenticator { return wadf; } - /** - * Parse the role URI from User. Don't crash if it is not valid. - */ - private int parseUserSecurityLevel(User user) { - String roleURI = user.getRoleURI(); - try { - if (roleURI.startsWith(ROLE_NAMESPACE)) { - String roleLevel = roleURI.substring(ROLE_NAMESPACE.length()); - return Integer.parseInt(roleLevel); - } else { - return Integer.parseInt(roleURI); - } - } catch (NumberFormatException e) { - log.warn("Invalid RoleURI '" + roleURI + "' for user '" - + user.getURI() + "'"); - return 1; - } - } - } diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java index 4d5c1e09a..40308967c 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java @@ -153,28 +153,10 @@ public class AuthenticatorStub extends Authenticator { User user = getUserByUsername(username); LoginStatusBean lsb = new LoginStatusBean(user.getURI(), username, - parseUserSecurityLevel(user.getRoleURI()), authSource); + authSource); LoginStatusBean.setBean(request.getSession(), lsb); } - private static final String ROLE_NAMESPACE = "role:/"; - - /** - * Parse the role URI from User. Don't crash if it is not valid. - */ - private int parseUserSecurityLevel(String roleURI) { - try { - if (roleURI.startsWith(ROLE_NAMESPACE)) { - String roleLevel = roleURI.substring(ROLE_NAMESPACE.length()); - return Integer.parseInt(roleLevel); - } else { - return Integer.parseInt(roleURI); - } - } catch (NumberFormatException e) { - throw new IllegalArgumentException(e); - } - } - // ---------------------------------------------------------------------- // Un-implemented methods // ---------------------------------------------------------------------- diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java index 3c220d823..2d23d45a5 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java @@ -119,10 +119,10 @@ public class AuthenticateTest extends AbstractTestClass { userDao.addUser(createUserFromUserInfo(OLD_DBA)); userDao.addUser(createUserFromUserInfo(OLD_SELF)); userDao.addUser(createUserFromUserInfo(OLD_STRANGER)); - + webappDaoFactory = new WebappDaoFactoryStub(); webappDaoFactory.setUserDao(userDao); - + servletContext = new ServletContextStub(); servletContext.setAttribute("webappDaoFactory", webappDaoFactory); @@ -394,7 +394,8 @@ public class AuthenticateTest extends AbstractTestClass { doTheRequest(); assertProcessBean(FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, NO_MSG, - "Your new password cannot match the current one.", URL_LOGIN, URL_WITH_LINK); + "Your new password cannot match the current one.", URL_LOGIN, + URL_WITH_LINK); assertRedirectToLoginProcessPage(); } @@ -415,8 +416,7 @@ public class AuthenticateTest extends AbstractTestClass { @Test public void alreadyLoggedIn() { LoginStatusBean statusBean = new LoginStatusBean(OLD_DBA_URI, - OLD_DBA_NAME, OLD_DBA_SECURITY_LEVEL, - AuthenticationSource.INTERNAL); + OLD_DBA_NAME, AuthenticationSource.INTERNAL); LoginStatusBean.setBean(session, statusBean); setRequestFromLoginLink(URL_WITH_LINK); @@ -471,14 +471,14 @@ public class AuthenticateTest extends AbstractTestClass { public void exitDbaFromLoginPage() { setProcessBean(LOGGING_IN, NO_USER, URL_LOGIN, URL_LOGIN); setLoginNameAndPassword(OLD_DBA_NAME, OLD_DBA_PW); - + doTheRequest(); - + assertNoProcessBean(); assertNewLoginSessions(OLD_DBA_NAME); assertRedirect(URL_SITE_ADMIN); } - + // ---------------------------------------------------------------------- // Helper methods // ---------------------------------------------------------------------- diff --git a/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java b/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java index 8a4c0ddf2..ca2a915c7 100644 --- a/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java +++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java @@ -2,10 +2,6 @@ package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters; -import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.CURATOR; -import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.DBA; -import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.EDITOR; -import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.NON_EDITOR; import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource.INTERNAL; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; @@ -25,8 +21,10 @@ import org.junit.runners.Parameterized.Parameters; import stubs.edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDaoStub; import stubs.edu.cornell.mannlib.vitro.webapp.dao.IndividualDaoStub; import stubs.edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDaoStub; +import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserDaoStub; import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; import edu.cornell.mannlib.vitro.testing.AbstractTestClass; import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel; import edu.cornell.mannlib.vitro.webapp.beans.DataProperty; @@ -37,6 +35,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl; import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement; import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl; +import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.beans.VClass; /** @@ -95,15 +94,49 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends private static final String NS = "http://someDomain/individual/"; + private static final String ROLE_NON_EDITOR = "1"; + private static final String ROLE_EDITOR = "4"; + private static final String ROLE_CURATOR = "5"; + private static final String ROLE_DBA = "50"; + + private static final User USER_SELF = user("userSelf", "self_editor", + ROLE_NON_EDITOR); + private static final User USER_EDITOR = user("userEditor", "editor", + ROLE_EDITOR); + private static final User USER_CURATOR = user("userCurator", "curator", + ROLE_CURATOR); + private static final User USER_DBA = user(NS + "userDba", "dba", ROLE_DBA); + + /** Create a User */ + private static User user(String uri, String username, String roleUri) { + User user = new User(); + user.setURI(NS + uri); + user.setUsername(username); + user.setRoleURI(roleUri); + return user; + } + + private static final UserDaoStub DAO_USER = userDao(USER_SELF, USER_EDITOR, + USER_CURATOR, USER_DBA); + + /** Create the UserDao */ + private static UserDaoStub userDao(User... users) { + UserDaoStub dao = new UserDaoStub(); + for (User user : users) { + dao.addUser(user); + } + return dao; + } + private static final LoginStatusBean LOGIN_NONE = null; - private static final LoginStatusBean LOGIN_SELF = new LoginStatusBean(NS - + "userSelf", "self_editor", NON_EDITOR, INTERNAL); - private static final LoginStatusBean LOGIN_EDITOR = new LoginStatusBean(NS - + "userEditor", "editor", EDITOR, INTERNAL); - private static final LoginStatusBean LOGIN_CURATOR = new LoginStatusBean(NS - + "userCurator", "curator", CURATOR, INTERNAL); - private static final LoginStatusBean LOGIN_DBA = new LoginStatusBean(NS - + "userDba", "dba", DBA, INTERNAL); + private static final LoginStatusBean LOGIN_SELF = loginStatusBean( + USER_SELF, INTERNAL); + private static final LoginStatusBean LOGIN_EDITOR = loginStatusBean( + USER_EDITOR, INTERNAL); + private static final LoginStatusBean LOGIN_CURATOR = loginStatusBean( + USER_CURATOR, INTERNAL); + private static final LoginStatusBean LOGIN_DBA = loginStatusBean(USER_DBA, + INTERNAL); private static final LoginStatusBean[] LOGINS = new LoginStatusBean[] { LOGIN_NONE, LOGIN_SELF, LOGIN_EDITOR, LOGIN_CURATOR, LOGIN_DBA }; @@ -135,6 +168,11 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends return i; } + private static LoginStatusBean loginStatusBean(User user, + AuthenticationSource auth) { + return new LoginStatusBean(user.getURI(), user.getUsername(), auth); + } + private static final VClass PUBLIC_VCLASS = vClass("PUBLIC_vclass", RoleLevel.PUBLIC); private static final VClass SELF_VCLASS = vClass("SELF_vclass", @@ -739,21 +777,32 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends } public static RoleLevel getRoleLevel(LoginStatusBean loginStatus) { - if (loginStatus != null) { - switch (loginStatus.getSecurityLevel()) { - case LoginStatusBean.NON_EDITOR: - return RoleLevel.SELF; - case LoginStatusBean.EDITOR: - return RoleLevel.EDITOR; - case LoginStatusBean.CURATOR: - return RoleLevel.CURATOR; - case LoginStatusBean.DBA: - return RoleLevel.DB_ADMIN; - default: - break; - } + if (loginStatus == null) { + return RoleLevel.PUBLIC; + } + + String userUri = loginStatus.getUserURI(); + if (userUri == null) { + return RoleLevel.PUBLIC; + } + + User user = DAO_USER.getUserByURI(userUri); + if (user == null) { + return RoleLevel.PUBLIC; + } + + String roleURI = user.getRoleURI(); + if ("1".equals(roleURI)) { + return RoleLevel.SELF; + } else if ("4".equals(roleURI)) { + return RoleLevel.EDITOR; + } else if ("5".equals(roleURI)) { + return RoleLevel.CURATOR; + } else if ("50".equals(roleURI)) { + return RoleLevel.DB_ADMIN; + } else { + return RoleLevel.PUBLIC; } - return RoleLevel.PUBLIC; } // ----------------------------------------------------------------------