NIHVIVO-2492 Restrict page by SeeRevisionInfo requested action.

2011-04-19 19:09:52 +00:00 · 2011-04-19 19:09:52 +00:00 · fbd5496514
commit fbd5496514
parent ab48ef4a9c
4 changed files with 23 additions and 23 deletions
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/UseRestrictedPagesByRoleLevelPolicy.java
@ -12,6 +12,7 @@ import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision;
 import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseAdvancedDataToolsPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseEditUserAccountsPages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.UseIndividualEditorPages;
@ -59,6 +60,8 @@ public class UseRestrictedPagesByRoleLevelPolicy implements PolicyIface {
 			result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
 		} else if (whatToAuth instanceof UseSiteAdminPage) {
 			result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
 		} else if (whatToAuth instanceof SeeRevisionInfo) {
 			result = isAuthorized(whatToAuth, RoleLevel.EDITOR, userRole);
 		} else {
 			result = defaultDecision("Unrecognized action");
 		}
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeRevisionInfo.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/requestedAction/usepages/SeeRevisionInfo.java
@ -0,0 +1,16 @@
 /* $This file is distributed under the terms of the license in /doc/license.txt$ */
 package edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages;
 import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction;
 /**
 * Should we allow the user to see the RevisionInfo page?
 * 
 * Note that this will also control whether they see the revision info in the
 * footer of all pages.
 */
 public class SeeRevisionInfo extends RequestedAction implements
 		UsePagesRequestedAction {
 	// no fields
 }
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/freemarker/RevisionInfoController.java
@ -5,10 +5,8 @@ package edu.cornell.mannlib.vitro.webapp.controller.freemarker;
 import java.util.HashMap;
 import java.util.Map;
-import org.apache.commons.logging.Log;
+import edu.cornell.mannlib.vitro.webapp.auth.policy.PolicyHelper.RequiresAuthorizationFor;
-import org.apache.commons.logging.LogFactory;
+import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.usepages.SeeRevisionInfo;
 import edu.cornell.mannlib.vedit.beans.LoginStatusBean;
 import edu.cornell.mannlib.vitro.webapp.config.RevisionInfoBean;
 import edu.cornell.mannlib.vitro.webapp.controller.VitroRequest;
 import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.ResponseValues;
@ -17,25 +15,10 @@ import edu.cornell.mannlib.vitro.webapp.controller.freemarker.responsevalues.Tem
 /**
 * Display the detailed revision information.
 */
@RequiresAuthorizationFor(SeeRevisionInfo.class)
 public class RevisionInfoController extends FreemarkerHttpServlet {
    private static final long serialVersionUID = 1L;
    private static final Log log = LogFactory.getLog(RevisionInfoController.class);
    private static final String TEMPLATE_DEFAULT = "revisionInfo.ftl";
    private static final int REQUIRED_LOGIN_LEVEL = LoginStatusBean.EDITOR;
    /* requiredLoginLevel() must be an instance method, else, due to the way sublcass
     * hiding works, when called from FreemarkerHttpServlet we will get its own method,
     * rather than the subclass method. To figure out whether to display links at the
     * page level, we need another, static method.
     */
    public static int staticRequiredLoginLevel() {
        return REQUIRED_LOGIN_LEVEL;
    }
    @Override
    protected int requiredLoginLevel() {
        return staticRequiredLoginLevel();
    }
    @Override
    protected ResponseValues processRequest(VitroRequest vreq) {
@ -51,5 +34,4 @@ public class RevisionInfoController extends FreemarkerHttpServlet {
    	return "Revision Information for " + siteName;
    }
 }
--- a/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java
+++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/web/templatemodels/User.java
@ -17,7 +17,6 @@ public class User extends BaseTemplateModel {
    private static final Log log = LogFactory.getLog(User.class);
    private enum Access {
        REVISION_INFO(RevisionInfoController.staticRequiredLoginLevel()),
        FILTER_SECURITY(LoginStatusBean.EDITOR);
        private final int requiredLoginLevel;
@ -52,7 +51,7 @@ public class User extends BaseTemplateModel {
    }
    public boolean getHasRevisionInfoAccess() {
-        return loginBean.isLoggedInAtLeast(Access.REVISION_INFO.requiredLoginLevel());
+    	return PolicyHelper.isAuthorizedForServlet(vreq, RevisionInfoController.class);
    }
    public boolean getShowFlag1SearchField() {