*/
package org.wamblee.photos.wicket;
+import java.security.Principal;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import org.apache.wicket.RedirectToUrlException;
import org.apache.wicket.markup.html.CSSPackageResource;
+import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.link.Link;
import org.apache.wicket.markup.html.panel.FeedbackPanel;
import org.apache.wicket.model.IModel;
+import org.wamblee.security.authentication.UserAdministration;
import org.wamblee.wicket.behavior.TitleAttributeTooltipBehavior;
import org.wamblee.wicket.css.ResetCssBehavior;
import org.wamblee.wicket.page.ExpireBehavior;
@Inject
private HttpServletRequest request;
+ @Inject
+ private UserAdministration userAdmin;
+
private boolean isExpired = false;
public BasePage() {
public BasePage(IModel aModel) {
super(aModel);
- if (request.getUserPrincipal() == null) {
- redirectToLoginPage();
+ Principal userPrincipal = request.getUserPrincipal();
+ if (userPrincipal == null) {
+ throw redirectToLoginPage();
+ }
+ String username = userPrincipal.getName();
+ if (isAdminPage() && !isAdministrator(username)) {
+ error("Unauthorized URL accessed");
+ throw redirectToLoginPage();
}
add(new ResetCssBehavior());
throw redirectToLoginPage();
}
});
+
+ WebMarkupContainer adminAccess = new WebMarkupContainer("adminAccess");
+ if (!isAdministrator(username)) {
+ adminAccess.setVisible(false);
+ }
+ add(adminAccess);
+ }
+
+ protected boolean isAdminPage() {
+ return false;
+ }
+
+ protected boolean isAdministrator(String aUsername) {
+ return userAdmin.isInGroup(aUsername, "administrators");
}
private RedirectToUrlException redirectToLoginPage() {
git://wamblee.org / photos / blobdiff