NIHVIVO-2279 Remove securityLevel from LoginStatusBean

2011-06-06 15:18:37 +00:00 · 2011-06-06 15:18:37 +00:00 · ccb6cc549d
commit ccb6cc549d
parent 63078edb62
5 changed files with 92 additions and 115 deletions
--- a/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java
+++ b/webapp/src/edu/cornell/mannlib/vedit/beans/LoginStatusBean.java
@ -20,27 +20,9 @@ import edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactory;
 public class LoginStatusBean {
 	private static final Log log = LogFactory.getLog(LoginStatusBean.class);
 	/**
 	 * Security level when the user has not logged in. Also used as a minimum
 	 * level when we want to include every user, logged in or not.
 	 */
 	public static final int ANYBODY = 0;
 	/** Security level when a user with no privileges is logged in. */
 	public static final int NON_EDITOR = 1;
 	/** Security level when an authorized editor is logged in. */
 	public static final int EDITOR = 4;
 	/** Security level when an authorized curator is logged in. */
 	public static final int CURATOR = 5;
 	/** Security level when a system administrator is logged in. */
 	public static final int DBA = 50;
 	/** A bean to return when the user has not logged in. */
 	private static final LoginStatusBean DUMMY_BEAN = new LoginStatusBean("",
-			"", ANYBODY, AuthenticationSource.UNKNOWN);
+			"", AuthenticationSource.UNKNOWN);
 	/** The bean is attached to the session by this name. */
 	private static final String ATTRIBUTE_NAME = "loginStatus";
@ -137,14 +119,12 @@ public class LoginStatusBean {
 	private final String userURI;
 	private final String username;
 	private final int securityLevel;
 	private final AuthenticationSource authenticationSource;
-	public LoginStatusBean(String userURI, String username, int securityLevel,
+	public LoginStatusBean(String userURI, String username,
 			AuthenticationSource authenticationSource) {
 		this.userURI = userURI;
 		this.username = username;
 		this.securityLevel = securityLevel;
 		this.authenticationSource = authenticationSource;
 	}
@ -156,10 +136,6 @@ public class LoginStatusBean {
 		return username;
 	}
 	public int getSecurityLevel() {
 		return securityLevel;
 	}
 	public AuthenticationSource getAuthenticationSource() {
 		return authenticationSource;
 	}
@ -175,7 +151,6 @@ public class LoginStatusBean {
 	@Override
 	public String toString() {
 		return "LoginStatusBean[userURI=" + userURI + ", username=" + username
 				+ ", securityLevel=" + securityLevel
 				+ ", authenticationSource=" + authenticationSource + "]";
 	}
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java
@ -31,9 +31,6 @@ import edu.cornell.mannlib.vitro.webapp.dao.jena.LogoutEvent;
 * The "standard" implementation of Authenticator.
 */
 public class BasicAuthenticator extends Authenticator {
 	/** User roles are recorded in the model like "role:/50", etc. */
 	private static final String ROLE_NAMESPACE = "role:/";
 	private static final Log log = LogFactory.getLog(BasicAuthenticator.class);
 	private final HttpServletRequest request;
@ -105,25 +102,20 @@ public class BasicAuthenticator extends Authenticator {
 		recordLoginOnUserRecord(user);
 		String userUri = user.getURI();
-		int securityLevel = parseUserSecurityLevel(user);
+		recordLoginWithOrWithoutUserAccount(username, userUri, authSource);
 		recordLoginWithOrWithoutUserAccount(username, userUri, securityLevel,
 				authSource);
 	}
 	@Override
 	public void recordLoginWithoutUserAccount(String username,
 			String individualUri, AuthenticationSource authSource) {
-		int securityLevel = LoginStatusBean.NON_EDITOR;
+		recordLoginWithOrWithoutUserAccount(username, individualUri, authSource);
 		recordLoginWithOrWithoutUserAccount(username, individualUri, securityLevel,
 				authSource);
 	}
 	/** This much is in common on login, whether or not you have a user account. */
 	private void recordLoginWithOrWithoutUserAccount(String username,
-			String userUri, int securityLevel, AuthenticationSource authSource) {
+			String userUri, AuthenticationSource authSource) {
 		HttpSession session = request.getSession();
-		createLoginStatusBean(username, userUri, securityLevel, authSource,
+		createLoginStatusBean(username, userUri, authSource, session);
 				session);
 		setSessionTimeoutLimit(session);
 		recordInUserSessionMap(userUri, session);
 		notifyOtherUsers(userUri, session);
@ -144,10 +136,8 @@ public class BasicAuthenticator extends Authenticator {
 	 * Put the login bean into the session.
 	 */
 	private void createLoginStatusBean(String username, String userUri,
-			int securityLevel, AuthenticationSource authSource,
+			AuthenticationSource authSource, HttpSession session) {
-			HttpSession session) {
+		LoginStatusBean lsb = new LoginStatusBean(userUri, username, authSource);
 		LoginStatusBean lsb = new LoginStatusBean(userUri, username,
 				securityLevel, authSource);
 		LoginStatusBean.setBean(session, lsb);
 		log.debug("Adding status bean: " + lsb);
 	}
@ -318,23 +308,4 @@ public class BasicAuthenticator extends Authenticator {
 		return wadf;
 	}
 	/**
 	 * Parse the role URI from User. Don't crash if it is not valid.
 	 */
 	private int parseUserSecurityLevel(User user) {
 		String roleURI = user.getRoleURI();
 		try {
 			if (roleURI.startsWith(ROLE_NAMESPACE)) {
 				String roleLevel = roleURI.substring(ROLE_NAMESPACE.length());
 				return Integer.parseInt(roleLevel);
 			} else {
 				return Integer.parseInt(roleURI);
 			}
 		} catch (NumberFormatException e) {
 			log.warn("Invalid RoleURI '" + roleURI + "' for user '"
 					+ user.getURI() + "'");
 			return 1;
 		}
 	}
 }
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/authenticate/AuthenticatorStub.java
@ -153,28 +153,10 @@ public class AuthenticatorStub extends Authenticator {
 		User user = getUserByUsername(username);
 		LoginStatusBean lsb = new LoginStatusBean(user.getURI(), username,
-				parseUserSecurityLevel(user.getRoleURI()), authSource);
+				authSource);
 		LoginStatusBean.setBean(request.getSession(), lsb);
 	}
 	private static final String ROLE_NAMESPACE = "role:/";
 	/**
 	 * Parse the role URI from User. Don't crash if it is not valid.
 	 */
 	private int parseUserSecurityLevel(String roleURI) {
 		try {
 			if (roleURI.startsWith(ROLE_NAMESPACE)) {
 				String roleLevel = roleURI.substring(ROLE_NAMESPACE.length());
 				return Integer.parseInt(roleLevel);
 			} else {
 				return Integer.parseInt(roleURI);
 			}
 		} catch (NumberFormatException e) {
 			throw new IllegalArgumentException(e);
 		}
 	}
 	// ----------------------------------------------------------------------
 	// Un-implemented methods
 	// ----------------------------------------------------------------------
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/controller/edit/AuthenticateTest.java
@ -394,7 +394,8 @@ public class AuthenticateTest extends AbstractTestClass {
 		doTheRequest();
 		assertProcessBean(FORCED_PASSWORD_CHANGE, NEW_DBA_NAME, NO_MSG,
-				"Your new password cannot match the current one.", URL_LOGIN, URL_WITH_LINK);
+				"Your new password cannot match the current one.", URL_LOGIN,
 				URL_WITH_LINK);
 		assertRedirectToLoginProcessPage();
 	}
@ -415,8 +416,7 @@ public class AuthenticateTest extends AbstractTestClass {
 	@Test
 	public void alreadyLoggedIn() {
 		LoginStatusBean statusBean = new LoginStatusBean(OLD_DBA_URI,
-				OLD_DBA_NAME, OLD_DBA_SECURITY_LEVEL,
+				OLD_DBA_NAME, AuthenticationSource.INTERNAL);
 				AuthenticationSource.INTERNAL);
 		LoginStatusBean.setBean(session, statusBean);
 		setRequestFromLoginLink(URL_WITH_LINK);
--- a/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java
+++ b/webapp/test/edu/cornell/mannlib/vitro/webapp/dao/filtering/filters/HiddenFromDisplayBelowRoleLevelFilterTest.java
@ -2,10 +2,6 @@
 package edu.cornell.mannlib.vitro.webapp.dao.filtering.filters;
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.CURATOR;
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.DBA;
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.EDITOR;
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.NON_EDITOR;
 import static edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource.INTERNAL;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.fail;
@ -25,8 +21,10 @@ import org.junit.runners.Parameterized.Parameters;
 import stubs.edu.cornell.mannlib.vitro.webapp.dao.DataPropertyDaoStub;
 import stubs.edu.cornell.mannlib.vitro.webapp.dao.IndividualDaoStub;
 import stubs.edu.cornell.mannlib.vitro.webapp.dao.ObjectPropertyDaoStub;
 import stubs.edu.cornell.mannlib.vitro.webapp.dao.UserDaoStub;
 import stubs.edu.cornell.mannlib.vitro.webapp.dao.WebappDaoFactoryStub;
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource;
 import edu.cornell.mannlib.vitro.testing.AbstractTestClass;
 import edu.cornell.mannlib.vitro.webapp.beans.BaseResourceBean.RoleLevel;
 import edu.cornell.mannlib.vitro.webapp.beans.DataProperty;
@ -37,6 +35,7 @@ import edu.cornell.mannlib.vitro.webapp.beans.IndividualImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectProperty;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatement;
 import edu.cornell.mannlib.vitro.webapp.beans.ObjectPropertyStatementImpl;
 import edu.cornell.mannlib.vitro.webapp.beans.User;
 import edu.cornell.mannlib.vitro.webapp.beans.VClass;
 /**
@ -95,15 +94,49 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
 	private static final String NS = "http://someDomain/individual/";
 	private static final String ROLE_NON_EDITOR = "1";
 	private static final String ROLE_EDITOR = "4";
 	private static final String ROLE_CURATOR = "5";
 	private static final String ROLE_DBA = "50";
 	private static final User USER_SELF = user("userSelf", "self_editor",
 			ROLE_NON_EDITOR);
 	private static final User USER_EDITOR = user("userEditor", "editor",
 			ROLE_EDITOR);
 	private static final User USER_CURATOR = user("userCurator", "curator",
 			ROLE_CURATOR);
 	private static final User USER_DBA = user(NS + "userDba", "dba", ROLE_DBA);
 	/** Create a User */
 	private static User user(String uri, String username, String roleUri) {
 		User user = new User();
 		user.setURI(NS + uri);
 		user.setUsername(username);
 		user.setRoleURI(roleUri);
 		return user;
 	}
 	private static final UserDaoStub DAO_USER = userDao(USER_SELF, USER_EDITOR,
 			USER_CURATOR, USER_DBA);
 	/** Create the UserDao */
 	private static UserDaoStub userDao(User... users) {
 		UserDaoStub dao = new UserDaoStub();
 		for (User user : users) {
 			dao.addUser(user);
 		}
 		return dao;
 	}
 	private static final LoginStatusBean LOGIN_NONE = null;
-	private static final LoginStatusBean LOGIN_SELF = new LoginStatusBean(NS
+	private static final LoginStatusBean LOGIN_SELF = loginStatusBean(
-			+ "userSelf", "self_editor", NON_EDITOR, INTERNAL);
+			USER_SELF, INTERNAL);
-	private static final LoginStatusBean LOGIN_EDITOR = new LoginStatusBean(NS
+	private static final LoginStatusBean LOGIN_EDITOR = loginStatusBean(
-			+ "userEditor", "editor", EDITOR, INTERNAL);
+			USER_EDITOR, INTERNAL);
-	private static final LoginStatusBean LOGIN_CURATOR = new LoginStatusBean(NS
+	private static final LoginStatusBean LOGIN_CURATOR = loginStatusBean(
-			+ "userCurator", "curator", CURATOR, INTERNAL);
+			USER_CURATOR, INTERNAL);
-	private static final LoginStatusBean LOGIN_DBA = new LoginStatusBean(NS
+	private static final LoginStatusBean LOGIN_DBA = loginStatusBean(USER_DBA,
-			+ "userDba", "dba", DBA, INTERNAL);
+			INTERNAL);
 	private static final LoginStatusBean[] LOGINS = new LoginStatusBean[] {
 			LOGIN_NONE, LOGIN_SELF, LOGIN_EDITOR, LOGIN_CURATOR, LOGIN_DBA };
@ -135,6 +168,11 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
 		return i;
 	}
 	private static LoginStatusBean loginStatusBean(User user,
 			AuthenticationSource auth) {
 		return new LoginStatusBean(user.getURI(), user.getUsername(), auth);
 	}
 	private static final VClass PUBLIC_VCLASS = vClass("PUBLIC_vclass",
 			RoleLevel.PUBLIC);
 	private static final VClass SELF_VCLASS = vClass("SELF_vclass",
@ -739,21 +777,32 @@ public class HiddenFromDisplayBelowRoleLevelFilterTest extends
 	}
 	public static RoleLevel getRoleLevel(LoginStatusBean loginStatus) {
-		if (loginStatus != null) {
+		if (loginStatus == null) {
-			switch (loginStatus.getSecurityLevel()) {
+			return RoleLevel.PUBLIC;
-			case LoginStatusBean.NON_EDITOR:
+		}
-				return RoleLevel.SELF;
+
-			case LoginStatusBean.EDITOR:
+		String userUri = loginStatus.getUserURI();
-				return RoleLevel.EDITOR;
+		if (userUri == null) {
-			case LoginStatusBean.CURATOR:
+			return RoleLevel.PUBLIC;
-				return RoleLevel.CURATOR;
+		}
-			case LoginStatusBean.DBA:
+
-				return RoleLevel.DB_ADMIN;
+		User user = DAO_USER.getUserByURI(userUri);
-			default:
+		if (user == null) {
-				break;
+			return RoleLevel.PUBLIC;
-			}
+		}
 		String roleURI = user.getRoleURI();
 		if ("1".equals(roleURI)) {
 			return RoleLevel.SELF;
 		} else if ("4".equals(roleURI)) {
 			return RoleLevel.EDITOR;
 		} else if ("5".equals(roleURI)) {
 			return RoleLevel.CURATOR;
 		} else if ("50".equals(roleURI)) {
 			return RoleLevel.DB_ADMIN;
 		} else {
 			return RoleLevel.PUBLIC;
 		}
 		return RoleLevel.PUBLIC;
 	}
 	// ----------------------------------------------------------------------