NIHVIVO-2492 restrict assorted pages by UseMiscellaneousAdminPages and UseMiscellaneousCuratorPages

This commit is contained in:
j2blake 2011-04-20 17:13:26 +00:00
parent 0669f3758a
commit da7f10cd0a
13 changed files with 65 additions and 14 deletions

View file

@ -6,7 +6,7 @@
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="CURATOR" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
<%
String conceptIdStr = request.getParameter("conceptId");

View file

@ -2,6 +2,8 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%-- doesn't use <vitro:requiresAuthorizationFor> becuase the controller does complex authorization. -->
<div id="content">
<h2>Configure Self-Edit Testing</h2>

View file

@ -6,7 +6,7 @@
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c"%>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="DBA" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
<%
if( request.getParameter("uri") != null ){

View file

@ -3,7 +3,6 @@
<%@ page import="edu.cornell.mannlib.vitro.webapp.controller.Controllers" %>
<%@ page import="org.apache.log4j.*" %>
<%@ page import="java.util.*" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<%--
This JSP will display all the log4j Logger objects, their
@ -13,7 +12,9 @@
Brian Cauros bdc34@cornell.edu
based on work by Volker Mentzner. --%>
<vitro:confirmLoginStatus level="DBA" bean="loginBean" />
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
<%
try {

View file

@ -3,7 +3,7 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="CURATOR" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
<%
if (request.getParameter("execute") != null) {

View file

@ -5,7 +5,7 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="CURATOR" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
<%
String resourceURIStr = request.getParameter("resourceURI");

View file

@ -5,6 +5,8 @@
<%@page
import="java.util.List"%>
<%-- doesn't use vitro:requiresAuthorizationFor becuase the we want to be able to see IDs for any user. --%>
<%-- uses "security through obscurity", and doesn't give away much information. --%>
<%
List idb = RequestIdentifiers.getIdBundleForRequest(request);

View file

@ -14,8 +14,7 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="DBA" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
<%!

View file

@ -10,8 +10,7 @@
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
<vitro:confirmLoginStatus level="CURATOR" />
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
<%
if( request.getParameter("force") != null ){