litvinovg/vitro
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

NIHVIVO-776 Allow any logged in user to access SparqlQueryServlet, because the servlet is requested via Ajax from custom forms.

Browse source
This commit is contained in:
rjy7 2010-07-13 14:35:32 +00:00
parent b0e72fb0e9
commit d653cc8744
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
webapp/src/edu/cornell/mannlib/vitro/webapp/controller/SparqlQueryServlet.java
View file

@ -114,7 +114,10 @@ public class SparqlQueryServlet extends BaseEditController {
loginHandler = ((LoginFormBean)obj); loginHandler = ((LoginFormBean)obj);
if( loginHandler == null || if( loginHandler == null ||
! "authenticated".equalsIgnoreCase(loginHandler.getLoginStatus()) || ! "authenticated".equalsIgnoreCase(loginHandler.getLoginStatus()) ||
Integer.parseInt(loginHandler.getLoginRole()) <= 5 ){ // rjy7 Allows any editor (including self-editors) access to this servlet.
// This servlet is now requested via Ajax from some custom forms, so anyone
// using the custom form needs access rights.
Integer.parseInt(loginHandler.getLoginRole()) < LoginFormBean.NON_EDITOR ){
HttpSession session = request.getSession(true); HttpSession session = request.getSession(true);
session.setAttribute("postLoginRequest", session.setAttribute("postLoginRequest",