Changeset 5504

Timestamp:

07/31/14 09:29:31 (10 years ago)

Author:

Twan Goosen

Message:

Access to view or edit page for any collection allowed to admin
Refs #589

Location:

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui

Files:

• Application.java (modified) (1 diff)
• pages/BasePage.java (modified) (2 diffs)
• pages/EditVirtualCollectionPage.java (modified) (1 diff)
• pages/VirtualCollectionDetailsPage.java (modified) (1 diff)

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/Application.java

@@ -117 +117 @@
     }
 
-    boolean isAdmin(String user) {
+    public boolean isAdmin(String user) {
         return adminUsers.contains(user);
     }

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/BasePage.java

@@ -1 +1 @@
 package eu.clarin.cmdi.virtualcollectionregistry.gui.pages;
 
+import eu.clarin.cmdi.virtualcollectionregistry.gui.Application;
+import eu.clarin.cmdi.virtualcollectionregistry.gui.ApplicationSession;
 import java.security.Principal;
-
 import javax.servlet.http.HttpServletRequest;
-
 import org.apache.wicket.RestartResponseException;
+import org.apache.wicket.WicketRuntimeException;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.model.IModel;
 import org.apache.wicket.model.Model;
-
-import eu.clarin.cmdi.virtualcollectionregistry.gui.ApplicationSession;
-import org.apache.wicket.WicketRuntimeException;
 
 public class BasePage extends WebPage {
@@ -82 +80 @@
         return principal;
     }
-
+    
+    protected boolean isUserAdmin() {
+        final String userName = getUser().getName();
+        return userName != null && ((Application)getApplication()).isAdmin(userName);
+    }
+    
     @Override
     public ApplicationSession getSession() {

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/EditVirtualCollectionPage.java

@@ -39 +39 @@
     private void checkAccess(final VirtualCollection vc) throws VirtualCollectionRegistryPermissionException {
         // do not allow editing of VC's that are non-private or owned
-        // by someone else!
-        if (vc.getState() != State.PRIVATE
-                || !vc.getOwner().equalsPrincipal(getUser())) {
+        // by someone else! (except for admin)
+        if (!isUserAdmin() && 
+                (vc.getState() != State.PRIVATE
+                || !vc.getOwner().equalsPrincipal(getUser()))) {
             logger.warn("User {} attempts to edit virtual collection {} with state {} owned by {}", new Object[]{getUser().getName(), vc.getId(), vc.getState(), vc.getOwner().getName()});
             throw new UnauthorizedInstantiationException(EditVirtualCollectionPage.class);

VirtualCollectionRegistry/trunk/VirtualCollectionRegistry/src/main/java/eu/clarin/cmdi/virtualcollectionregistry/gui/pages/VirtualCollectionDetailsPage.java

@@ -360 +360 @@
     private void checkAccess(final VirtualCollection vc) throws UnauthorizedActionException {
         if (vc.isPrivate()
+                && !isUserAdmin()
                 && !getSession().isCurrentUser(vc.getOwner())) {
             // user trying to access other user's collection