source: VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/EditVirtualCollectionPage.java @ 5540

Last change on this file since 5540 was 5540, checked in by Twan Goosen, 10 years ago

Enabled 'edit' option with confirmation dialogue for published collections (works for private collections and owner) and allowed access to edit view for non-private
Refs #600
  • Property svn:eol-style set to native
File size: 2.6 KB
Line 
1package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
2
3import eu.clarin.cmdi.virtualcollectionregistry.VirtualCollectionRegistry;
4import eu.clarin.cmdi.virtualcollectionregistry.VirtualCollectionRegistryException;
5import eu.clarin.cmdi.virtualcollectionregistry.VirtualCollectionRegistryPermissionException;
6import eu.clarin.cmdi.virtualcollectionregistry.gui.wizard.CreateVirtualCollectionWizard;
7import eu.clarin.cmdi.virtualcollectionregistry.model.VirtualCollection;
8import eu.clarin.cmdi.virtualcollectionregistry.model.VirtualCollection.State;
9import org.apache.wicket.Page;
10import org.apache.wicket.PageParameters;
11import org.apache.wicket.authorization.UnauthorizedInstantiationException;
12import org.apache.wicket.authorization.strategies.role.Roles;
13import org.apache.wicket.authorization.strategies.role.annotations.AuthorizeInstantiation;
14import org.apache.wicket.spring.injection.annot.SpringBean;
15import org.slf4j.Logger;
16import org.slf4j.LoggerFactory;
17
18@AuthorizeInstantiation(Roles.USER)
19public class EditVirtualCollectionPage extends CreateVirtualCollectionPage {
20
21    @SpringBean
22    private VirtualCollectionRegistry vcr;
23
24    private final static Logger logger = LoggerFactory.getLogger(EditVirtualCollectionPage.class);
25
26    public EditVirtualCollectionPage(PageParameters params) throws VirtualCollectionRegistryException {
27        final Long id = params.getAsLong("id");
28        final VirtualCollection vc;
29        if (id == null) {
30            vc = new VirtualCollection();
31        } else {
32            vc = vcr.retrieveVirtualCollection(id);
33            checkAccess(vc);
34        }
35        final CreateVirtualCollectionWizard wizard = createWizard(vc, null);
36        add(wizard);
37    }
38
39    private void checkAccess(final VirtualCollection vc) throws VirtualCollectionRegistryPermissionException {
40        // do not allow editing of VC's that are non-private or owned
41        // by someone else! (except for admin)
42        if (!isUserAdmin()
43                && ( //only allow editing of private & public
44                !(vc.getState() == State.PRIVATE || vc.getState() == State.PUBLIC)
45                // only allow editing by the owner
46                || !vc.getOwner().equalsPrincipal(getUser()))) {
47            logger.warn("User {} attempts to edit virtual collection {} with state {} owned by {}", new Object[]{getUser().getName(), vc.getId(), vc.getState(), vc.getOwner().getName()});
48            throw new UnauthorizedInstantiationException(EditVirtualCollectionPage.class);
49        }
50    }
51
52    EditVirtualCollectionPage(VirtualCollection vc, Page page) {
53        super(vc, page);
54    }
55}
Note: See TracBrowser for help on using the repository browser.