@Override protected void doRequest(VitroRequest vreq, HttpServletResponse resp) throws ServletException, IOException { DeveloperSettings settings = DeveloperSettings.getBean(vreq); /* * Are they allowed to control the panel? */ if (isAuthorized(vreq)) { // Update the settings. settings.updateFromRequest(vreq.getParameterMap()); } else { log.debug("Not authorized to update settings."); } /* * Build the response. */ try { Map<String, Object> bodyMap = buildBodyMap(isAuthorized(vreq), settings); String rendered = renderTemplate(vreq, bodyMap); resp.getWriter().write(rendered); } catch (Exception e) { doError(resp, e.toString(), 500); } }
private Map<String, Object> buildBodyMap(boolean authorized, DeveloperSettings settings) { Map<String, Object> settingsMap = new HashMap<>(); settingsMap.putAll(settings.getSettingsMap()); settingsMap.put("mayControl", authorized); Map<String, Object> bodyMap = new HashMap<>(); bodyMap.put("settings", settingsMap); return bodyMap; }
private boolean isAuthorized(VitroRequest vreq) { boolean authBySetting = DeveloperSettings.getBean(vreq).getBoolean(PERMIT_ANONYMOUS_CONTROL); boolean authByPolicy = PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.ENABLE_DEVELOPER_PANEL.ACTION); return authBySetting || authByPolicy; }