From d653cc87447090930ad6b07027c7fe10e3f8fef0 Mon Sep 17 00:00:00 2001
From: rjy7 <rjy7@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Tue, 13 Jul 2010 14:35:32 +0000
Subject: [PATCH] NIHVIVO-776 Allow any logged in user to access
 SparqlQueryServlet, because the servlet is requested via Ajax from custom
 forms.

---
 .../mannlib/vitro/webapp/controller/SparqlQueryServlet.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
index 5868d70d2..15cad6784 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
@@ -114,7 +114,10 @@ public class SparqlQueryServlet extends BaseEditController {
             loginHandler = ((LoginFormBean)obj);
         if( loginHandler == null ||
             ! "authenticated".equalsIgnoreCase(loginHandler.getLoginStatus()) ||
-             Integer.parseInt(loginHandler.getLoginRole()) <= 5 ){       
+                // rjy7 Allows any editor (including self-editors) access to this servlet.
+                // This servlet is now requested via Ajax from some custom forms, so anyone
+                // using the custom form needs access rights.
+                Integer.parseInt(loginHandler.getLoginRole()) < LoginFormBean.NON_EDITOR ){       
             HttpSession session = request.getSession(true);
             
             session.setAttribute("postLoginRequest",