@Override
protected void doRequest(VitroRequest vreq, HttpServletResponse resp)
throws ServletException, IOException {
DeveloperSettings settings = DeveloperSettings.getBean(vreq);
/*
* Are they allowed to control the panel?
*/
if (isAuthorized(vreq)) {
// Update the settings.
settings.updateFromRequest(vreq.getParameterMap());
} else {
log.debug("Not authorized to update settings.");
}
/*
* Build the response.
*/
try {
Map<String, Object> bodyMap = buildBodyMap(isAuthorized(vreq), settings);
String rendered = renderTemplate(vreq, bodyMap);
resp.getWriter().write(rendered);
} catch (Exception e) {
doError(resp, e.toString(), 500);
}
}
private Map<String, Object> buildBodyMap(boolean authorized, DeveloperSettings settings) {
Map<String, Object> settingsMap = new HashMap<>();
settingsMap.putAll(settings.getSettingsMap());
settingsMap.put("mayControl", authorized);
Map<String, Object> bodyMap = new HashMap<>();
bodyMap.put("settings", settingsMap);
return bodyMap;
}
private boolean isAuthorized(VitroRequest vreq) {
boolean authBySetting = DeveloperSettings.getBean(vreq).getBoolean(PERMIT_ANONYMOUS_CONTROL);
boolean authByPolicy =
PolicyHelper.isAuthorizedForActions(vreq, SimplePermission.ENABLE_DEVELOPER_PANEL.ACTION);
return authBySetting || authByPolicy;
}
