diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java index 62e705d76..efe79abe3 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java @@ -12,6 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages; import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages; @@ -59,6 +60,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface { result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); } else if (whatToAuth instanceof UseSiteAdminPage) { result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); + } else if (whatToAuth instanceof SeeRevisionInfo) { + result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole); } else { result = defaultDecision("Unrecognized action"); } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeRevisionInfo.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeRevisionInfo.java new file mode 100644 index 000000000..6dd38b3a6 --- /dev/null +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeRevisionInfo.java @@ -0,0 +1,16 @@ +/* $This file is distributed under the terms of the license in /doc/license.txt$ */ + +package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages; + +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; + +/** + * Should we allow the user to see the RevisionInfo page? + * + * Note that this will also control whether they see the revision info in the + * footer of all pages. + */ +public class SeeRevisionInfo extends RequestedAction implements + UsePagesRequestedAction { + // no fields +} diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java index f7adf924c..b7fe9e558 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java @@ -5,10 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker; import java.util.HashMap; import java.util.Map; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; +import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor; +import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo; import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean; import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest; import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues; @@ -17,25 +15,10 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem /** * Display the detailed revision information. */ +@RequiresAuthorizationFor(SeeRevisionInfo.class) public class RevisionInfoController extends FreemarkerHttpServlet { private static final long serialVersionUID = 1L; - private static final Log log = LogFactory.getLog(RevisionInfoController.class); private static final String TEMPLATE_DEFAULT = "revisionInfo.ftl"; - private static final int REQUIRED_LOGIN_LEVEL = LoginStatusBean.EDITOR; - - /* requiredLoginLevel() must be an instance method, else, due to the way sublcass - * hiding works, when called from FreemarkerHttpServlet we will get its own method, - * rather than the subclass method. To figure out whether to display links at the - * page level, we need another, static method. - */ - public static int staticRequiredLoginLevel() { - return REQUIRED_LOGIN_LEVEL; - } - - @Override - protected int requiredLoginLevel() { - return staticRequiredLoginLevel(); - } @Override protected ResponseValues processRequest(VitroRequest vreq) { @@ -51,5 +34,4 @@ public class RevisionInfoController extends FreemarkerHttpServlet { return "Revision Information for " + siteName; } - } diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java index c6124bcc7..7b4e85aed 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java @@ -17,7 +17,6 @@ public class User extends BaseTemplateModel { private static final Log log = LogFactory.getLog(User.class); private enum Access { - REVISION_INFO(RevisionInfoController.staticRequiredLoginLevel()), FILTER_SECURITY(LoginStatusBean.EDITOR); private final int requiredLoginLevel; @@ -52,7 +51,7 @@ public class User extends BaseTemplateModel { } public boolean getHasRevisionInfoAccess() { - return loginBean.isLoggedInAtLeast(Access.REVISION_INFO.requiredLoginLevel()); + return PolicyHelper.isAuthorizedForServlet(vreq, RevisionInfoController.class); } public boolean getShowFlag1SearchField() {