NIHVIVO-2492 restrict assorted pages by UseMiscellaneousAdminPages and UseMiscellaneousCuratorPages
This commit is contained in:
parent
0669f3758a
commit
da7f10cd0a
13 changed files with 65 additions and 14 deletions
|
@ -6,7 +6,7 @@
|
|||
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="CURATOR" />
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
|
||||
|
||||
<%
|
||||
String conceptIdStr = request.getParameter("conceptId");
|
||||
|
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
|
||||
|
||||
<%-- doesn't use <vitro:requiresAuthorizationFor> becuase the controller does complex authorization. -->
|
||||
|
||||
<div id="content">
|
||||
|
||||
<h2>Configure Self-Edit Testing</h2>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<%@ taglib uri="http://java.sun.com/jstl/core" prefix="c"%>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="DBA" />
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
|
||||
|
||||
<%
|
||||
if( request.getParameter("uri") != null ){
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
<%@ page import="edu.cornell.mannlib.vitro.webapp.controller.Controllers" %>
|
||||
<%@ page import="org.apache.log4j.*" %>
|
||||
<%@ page import="java.util.*" %>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<%--
|
||||
This JSP will display all the log4j Logger objects, their
|
||||
|
@ -13,7 +12,9 @@
|
|||
Brian Cauros bdc34@cornell.edu
|
||||
based on work by Volker Mentzner. --%>
|
||||
|
||||
<vitro:confirmLoginStatus level="DBA" bean="loginBean" />
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
|
||||
|
||||
<%
|
||||
try {
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="CURATOR" />
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
|
||||
|
||||
<%
|
||||
if (request.getParameter("execute") != null) {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="CURATOR" />
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
|
||||
|
||||
<%
|
||||
String resourceURIStr = request.getParameter("resourceURI");
|
||||
|
|
|
@ -5,6 +5,8 @@
|
|||
<%@page
|
||||
import="java.util.List"%>
|
||||
|
||||
<%-- doesn't use vitro:requiresAuthorizationFor becuase the we want to be able to see IDs for any user. --%>
|
||||
<%-- uses "security through obscurity", and doesn't give away much information. --%>
|
||||
|
||||
<%
|
||||
List idb = RequestIdentifiers.getIdBundleForRequest(request);
|
||||
|
|
|
@ -14,8 +14,7 @@
|
|||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="DBA" />
|
||||
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousAdminPages" />
|
||||
|
||||
<%!
|
||||
|
||||
|
|
|
@ -10,8 +10,7 @@
|
|||
<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
|
||||
<%@ taglib prefix="vitro" uri="/WEB-INF/tlds/VitroUtils.tld" %>
|
||||
|
||||
<vitro:confirmLoginStatus level="CURATOR" />
|
||||
|
||||
<vitro:requiresAuthorizationFor classNames="edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseMiscellaneousCuratorPages" />
|
||||
|
||||
<%
|
||||
if( request.getParameter("force") != null ){
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue