NIHVIVO-2279 Remove securityLevel from LoginStatusBean

2011-06-06 15:18:37 +00:00 · 2011-06-06 15:18:37 +00:00 · ccb6cc549d
commit ccb6cc549d
parent 63078edb62
5 changed files with 92 additions and 115 deletions
--- a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java
+++ b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java
@ -20,27 +20,9 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 public class LoginStatusBean {
 	private static final Log log = LogFactory.getLog(LoginStatusBean.class);

-	/**
-	 * Security level when the user has not logged in. Also used as a minimum
-	 * level when we want to include every user, logged in or not.
-	 */
-	public static final int ANYBODY = 0;
-
-	/** Security level when a user with no privileges is logged in. */
-	public static final int NON_EDITOR = 1;
-
-	/** Security level when an authorized editor is logged in. */
-	public static final int EDITOR = 4;
-
-	/** Security level when an authorized curator is logged in. */
-	public static final int CURATOR = 5;
-
-	/** Security level when a system administrator is logged in. */
-	public static final int DBA = 50;
-
 	/** A bean to return when the user has not logged in. */
 	private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("",
-			"", ANYBODY, AuthenticationSource.UNKNOWN);
+			"", AuthenticationSource.UNKNOWN);

 	/** The bean is attached to the session by this name. */
 	private static final String ATTRIBUTE_NAME = "loginStatus";
@ -137,14 +119,12 @@ public class LoginStatusBean {

 	private final String userURI;
 	private final String username;
-	private final int securityLevel;
 	private final AuthenticationSource authenticationSource;

-	public LoginStatusBean(String userURI, String username, int securityLevel,
+	public LoginStatusBean(String userURI, String username,
 			AuthenticationSource authenticationSource) {
 		this.userURI = userURI;
 		this.username = username;
-		this.securityLevel = securityLevel;
 		this.authenticationSource = authenticationSource;
 	}

@ -156,10 +136,6 @@ public class LoginStatusBean {
 		return username;
 	}

-	public int getSecurityLevel() {
-		return securityLevel;
-	}
-
 	public AuthenticationSource getAuthenticationSource() {
 		return authenticationSource;
 	}
@ -175,7 +151,6 @@ public class LoginStatusBean {
 	@Override
 	public String toString() {
 		return "LoginStatusBean[userURI=" + userURI + ", username=" + username
-				+ ", securityLevel=" + securityLevel
 				+ ", authenticationSource=" + authenticationSource + "]";
 	}

--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
@ -31,9 +31,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent;
 * The "standard" implementation of Authenticator.
 */
 public class BasicAuthenticator extends Authenticator {
-	/** User roles are recorded in the model like "role:/50", etc. */
-	private static final String ROLE_NAMESPACE = "role:/";
-
 	private static final Log log = LogFactory.getLog(BasicAuthenticator.class);

 	private final HttpServletRequest request;
@ -105,25 +102,20 @@ public class BasicAuthenticator extends Authenticator {
 		recordLoginOnUserRecord(user);

 		String userUri = user.getURI();
-		int securityLevel = parseUserSecurityLevel(user);
-		recordLoginWithOrWithoutUserAccount(username, userUri, securityLevel,
-				authSource);
+		recordLoginWithOrWithoutUserAccount(username, userUri, authSource);
 	}

 	@Override
 	public void recordLoginWithoutUserAccount(String username,
 			String individualUri, AuthenticationSource authSource) {
-		int securityLevel = LoginStatusBean.NON_EDITOR;
-		recordLoginWithOrWithoutUserAccount(username, individualUri, securityLevel,
-				authSource);
+		recordLoginWithOrWithoutUserAccount(username, individualUri, authSource);
 	}

 	/** This much is in common on login, whether or not you have a user account. */
 	private void recordLoginWithOrWithoutUserAccount(String username,
-			String userUri, int securityLevel, AuthenticationSource authSource) {
+			String userUri, AuthenticationSource authSource) {
 		HttpSession session = request.getSession();
-		createLoginStatusBean(username, userUri, securityLevel, authSource,
-				session);
+		createLoginStatusBean(username, userUri, authSource, session);
 		setSessionTimeoutLimit(session);
 		recordInUserSessionMap(userUri, session);
 		notifyOtherUsers(userUri, session);
@ -144,10 +136,8 @@ public class BasicAuthenticator extends Authenticator {
 	 * Put the login bean into the session.
 	 */
 	private void createLoginStatusBean(String username, String userUri,
-			int securityLevel, AuthenticationSource authSource,
-			HttpSession session) {
-		LoginStatusBean lsb = new LoginStatusBean(userUri, username,
-				securityLevel, authSource);
+			AuthenticationSource authSource, HttpSession session) {
+		LoginStatusBean lsb = new LoginStatusBean(userUri, username, authSource);
 		LoginStatusBean.setBean(session, lsb);
 		log.debug("Adding status bean: " + lsb);
 	}
@ -318,23 +308,4 @@ public class BasicAuthenticator extends Authenticator {
 		return wadf;
 	}

-	/**
-	 * Parse the role URI from User. Don't crash if it is not valid.
-	 */
-	private int parseUserSecurityLevel(User user) {
-		String roleURI = user.getRoleURI();
-		try {
-			if (roleURI.startsWith(ROLE_NAMESPACE)) {
-				String roleLevel = roleURI.substring(ROLE_NAMESPACE.length());
-				return Integer.parseInt(roleLevel);
-			} else {
-				return Integer.parseInt(roleURI);
-			}
-		} catch (NumberFormatException e) {
-			log.warn("Invalid RoleURI '" + roleURI + "' for user '"
-					+ user.getURI() + "'");
-			return 1;
-		}
-	}
-
 }