VIVO-1929: patch authorizing create individual form (#206)

* patch authorizing create individual form Resolves: https://jira.lyrasis.org/browse/VIVO-1929
vivo-project · Feb 2, 2021 · 2b31000 · 2b31000
1 parent 1614563
commit 2b31000
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/...ain/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/VTwo/EditConfigurationUtils.java b/...ain/java/edu/cornell/mannlib/vitro/webapp/edit/n3editing/VTwo/EditConfigurationUtils.java
@@ -62,6 +62,10 @@ public static String getRangeUri(VitroRequest vreq) {
         return vreq.getParameter("rangeUri");
     }
 
+    public static String getTypeOfNew(VitroRequest vreq) {
+        return vreq.getParameter("typeOfNew");
+    }
+
     public static VClass getRangeVClass(VitroRequest vreq) {
         WebappDaoFactory ctxDaoFact = ModelAccess.on(
                 vreq.getSession().getServletContext()).getWebappDaoFactory();

diff --git a/...cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java b/...cornell/mannlib/vitro/webapp/edit/n3editing/controller/EditRequestDispatchController.java
@@ -11,6 +11,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.jena.ontology.OntModel;
@@ -68,9 +69,13 @@ public class EditRequestDispatchController extends FreemarkerHttpServlet {
     final String RDFS_LABEL_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.RDFSLabelGenerator";
     final String DEFAULT_DELETE_FORM = "edu.cornell.mannlib.vitro.webapp.edit.n3editing.configuration.generators.DefaultDeleteGenerator";
 
-    @Override
-    protected AuthorizationRequest requiredActions(VitroRequest vreq) {
-    	//Check if this statement can be edited here and return unauthorized if not
+	@Override
+	protected AuthorizationRequest requiredActions(VitroRequest vreq) {
+		// If request is for new individual, return simple do back end editing action permission
+		if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) {
+			return SimplePermission.DO_BACK_END_EDITING.ACTION;
+		}
+		// Check if this statement can be edited here and return unauthorized if not
 		String subjectUri = EditConfigurationUtils.getSubjectUri(vreq);
 		String predicateUri = EditConfigurationUtils.getPredicateUri(vreq);
 		String objectUri = EditConfigurationUtils.getObjectUri(vreq);