NIHVIVO-2492 Refine PolicyHelper class - create tests.

2011-04-18 15:20:40 +00:00 · 2011-04-18 15:20:40 +00:00 · e797657c8e
commit e797657c8e
parent 1943040e7d
2 changed files with 207 additions and 24 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/PolicyHelper.java
@ -60,30 +60,6 @@ public class PolicyHelper {
 		return !getRequiredAuthorizationsForServlet(servletClass).isEmpty();
 	}

-	/**
-	 * What RequestedActions does this servlet require authorization for?
-	 */
-	public static Set<RequestedAction> getRequiredAuthorizationsForServlet(
-			Class<? extends VitroHttpServlet> clazz) {
-		Set<RequestedAction> result = new HashSet<RequestedAction>();
-
-		RequiresAuthorizationFor annotation = clazz
-				.getAnnotation(RequiresAuthorizationFor.class);
-
-		if (annotation != null) {
-			for (Class<? extends RequestedAction> actionClass : annotation
-					.value()) {
-				if (NoAction.class != actionClass) {
-					RequestedAction action = instantiateAction(actionClass);
-					if (action != null) {
-						result.add(action);
-					}
-				}
-			}
-		}
-		return result;
-	}
-
 	/**
 	 * Are the actions that this servlet requires authorized for the current
 	 * user by the current policies?
@ -91,6 +67,16 @@ public class PolicyHelper {
 	public static boolean areRequiredAuthorizationsSatisfied(
 			HttpServletRequest req, VitroHttpServlet servlet) {
 		Class<? extends VitroHttpServlet> servletClass = servlet.getClass();
+		return areRequiredAuthorizationsSatisfied(req, servletClass);
+	}
+
+	/**
+	 * Are the actions that this servlet class requires authorized for the
+	 * current user by the current policies?
+	 */
+	public static boolean areRequiredAuthorizationsSatisfied(
+			HttpServletRequest req,
+			Class<? extends VitroHttpServlet> servletClass) {
 		return areRequiredAuthorizationsSatisfied(req,
 				getRequiredAuthorizationsForServlet(servletClass));
 	}
@ -157,6 +143,34 @@ public class PolicyHelper {
 				|| (decision.getAuthorized() != Authorization.AUTHORIZED);
 	}

+	/**
+	 * What RequestedActions does this servlet require authorization for?
+	 * 
+	 * Keep this private, since it reveals how the Annotation is implemented. If
+	 * we change the Annotation to include "or" and "and", then this method
+	 * becomes meaningless with its current return type.
+	 */
+	private static Set<RequestedAction> getRequiredAuthorizationsForServlet(
+			Class<? extends VitroHttpServlet> clazz) {
+		Set<RequestedAction> result = new HashSet<RequestedAction>();
+
+		RequiresAuthorizationFor annotation = clazz
+				.getAnnotation(RequiresAuthorizationFor.class);
+
+		if (annotation != null) {
+			for (Class<? extends RequestedAction> actionClass : annotation
+					.value()) {
+				if (NoAction.class != actionClass) {
+					RequestedAction action = instantiateAction(actionClass);
+					if (action != null) {
+						result.add(action);
+					}
+				}
+			}
+		}
+		return result;
+	}
+
 	/**
 	 * Instantiate actions from their classes. If any one of the classes cannot
 	 * be instantiated, return null.