From ef1e8eb95ca5bb188c87700f93e541287a7cf176 Mon Sep 17 00:00:00 2001
From: j2blake <j2blake@440791e1-c2bf-4c1e-ad7c-caf3f8b0ebe8>
Date: Wed, 27 Apr 2011 14:53:09 +0000
Subject: [PATCH] NIHVIVO-2492 Fix bug - pages with an empty set of required
 actions should not be considered as restricted.

---
 .../vitro/webapp/controller/VitroHttpServlet.java   |  4 +++-
 .../freemarker/FreemarkerHttpServlet.java           | 13 +++++--------
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
index a8e4e349c..d4ff77d19 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/VitroHttpServlet.java
@@ -102,7 +102,9 @@ public class VitroHttpServlet extends HttpServlet {
 	protected boolean isAuthorizedToDisplayPage(HttpServletRequest request,
 			HttpServletResponse response, Actions actions) {
 		// Record restricted pages so we won't return to them on logout
-		LogoutRedirector.recordRestrictedPageUri(request);
+		if (!actions.isEmpty()) {
+			LogoutRedirector.recordRestrictedPageUri(request);
+		}
 
 		if (PolicyHelper.isAuthorizedForActions(request, actions)) {
 			log.debug("Servlet '" + this.getClass().getSimpleName()
diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
index 515e2224f..8257d7094 100644
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/FreemarkerHttpServlet.java
@@ -86,15 +86,12 @@ public class FreemarkerHttpServlet extends VitroHttpServlet {
 	        Configuration config = getConfig(vreq);
 	        vreq.setAttribute("freemarkerConfig", config);
 	        
-	        ResponseValues responseValues;
-	        
-	        // This method does a redirect if the required authorizations are not met, so just return.
-	    	if (!isAuthorizedToDisplayPage(request, response, requiredActions(vreq))) {
-	            return; 
-	        } else {
-	            responseValues = processRequest(vreq);
-	        }
+			// This method does a redirect if the required authorizations are not met, so just return. 
+			if (!isAuthorizedToDisplayPage(request, response, requiredActions(vreq))) {
+				return;
+			}
 
+			ResponseValues responseValues = processRequest(vreq);
 	        doResponse(vreq, response, responseValues);	 
 	        
     	} catch (TemplateProcessingException e) {