From cf32509dac2f9fa4d44bedf7743f159c5795b7d8 Mon Sep 17 00:00:00 2001
From: Erik Brakkee <erik@brakkee.org>
Date: Fri, 27 Sep 2013 20:39:45 +0200
Subject: [PATCH] Added the basic menu structure and the EditProfile and Admin
 pages. Only administrators see the admin page and can have access to the
 admin page.

---
 .../org/wamblee/photos/wicket/AdminPage.html  | 16 ++++++
 .../org/wamblee/photos/wicket/AdminPage.java  | 44 ++++++++++++++
 .../org/wamblee/photos/wicket/BasePage.html   | 57 ++++++++++---------
 .../org/wamblee/photos/wicket/BasePage.java   | 30 +++++++++-
 .../photos/wicket/EditProfilePage.html        | 16 ++++++
 .../photos/wicket/EditProfilePage.java        | 39 +++++++++++++
 6 files changed, 174 insertions(+), 28 deletions(-)
 create mode 100644 src/main/java/org/wamblee/photos/wicket/AdminPage.html
 create mode 100644 src/main/java/org/wamblee/photos/wicket/AdminPage.java
 create mode 100644 src/main/java/org/wamblee/photos/wicket/EditProfilePage.html
 create mode 100644 src/main/java/org/wamblee/photos/wicket/EditProfilePage.java

diff --git a/src/main/java/org/wamblee/photos/wicket/AdminPage.html b/src/main/java/org/wamblee/photos/wicket/AdminPage.html
new file mode 100644
index 0000000..173e1a2
--- /dev/null
+++ b/src/main/java/org/wamblee/photos/wicket/AdminPage.html
@@ -0,0 +1,16 @@
+<html
+        xmlns:wicket="http://wicket.apache.org/dtds.data/wicket-xhtml1.4-strict.dtd">
+<head>
+    <title>Wicket Quickstart Archetype Homepage</title>
+</head>
+<body>
+<strong>Wicket Quickstart Archetype Homepage</strong>
+<br/>
+<br/>
+
+<wicket:extend>
+
+</wicket:extend>
+
+</body>
+</html>
diff --git a/src/main/java/org/wamblee/photos/wicket/AdminPage.java b/src/main/java/org/wamblee/photos/wicket/AdminPage.java
new file mode 100644
index 0000000..30737d9
--- /dev/null
+++ b/src/main/java/org/wamblee/photos/wicket/AdminPage.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wamblee.photos.wicket;
+
+import java.util.logging.Logger;
+
+import org.apache.wicket.PageParameters;
+
+/**
+ * Homepage
+ */
+public class AdminPage extends BasePage {
+
+    private static final Logger LOGGER = Logger.getLogger(AdminPage.class.getName());
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Constructor that is invoked when page is invoked without a session.
+     *
+     * @param parameters Page parameters
+     */
+    public AdminPage(final PageParameters parameters) throws Exception {
+        super();
+    }
+
+    @Override
+    protected boolean isAdminPage() {
+        return true;
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/org/wamblee/photos/wicket/BasePage.html b/src/main/java/org/wamblee/photos/wicket/BasePage.html
index 18506e3..491f6a6 100644
--- a/src/main/java/org/wamblee/photos/wicket/BasePage.html
+++ b/src/main/java/org/wamblee/photos/wicket/BasePage.html
@@ -1,37 +1,42 @@
 <html
-	xmlns:wicket="http://wicket.apache.org/dtds.data/wicket-xhtml1.4-strict.dtd">
+        xmlns:wicket="http://wicket.apache.org/dtds.data/wicket-xhtml1.4-strict.dtd">
 <head>
-<wicket:head>
-	<title wicket:id="title">Title goes here</title>
-</wicket:head>
+    <wicket:head>
+        <title wicket:id="title">Title goes here</title>
+    </wicket:head>
 </head>
 <body>
-	<div id="banner">
-		<wicket:link>
-			<img src="wamblee_logo.png" />
-		</wicket:link>
-		<span class="title">wamblee photos</span>
-	</div>
-	<div id="logout">
-		<a href="#" wicket:id="logout">Logout</a>
-	</div>
+<div id="banner">
+    <wicket:link>
+        <img src="wamblee_logo.png"/>
+    </wicket:link>
+    <span class="title">wamblee photos</span>
+</div>
+<div id="logout">
+    <a href="#" wicket:id="logout">Logout</a>
+</div>
 
 
-	<div id="menu">
-		<wicket:link>
-			<ul>
-				<li><a href="HomePage.html">Home</a></li>
-			</ul>
-		</wicket:link>
-	</div>
+<div id="menu">
+    <wicket:link>
+        <ul>
+            <li><a href="HomePage.html">Home</a></li>
+            <li><a href="EditProfilePage.html">Edit Profile</a></li>
+            <li wicket:id="adminAccess">
+                <a href="AdminPage.html">Administration</a>
+            </li>
+        </ul>
+    </wicket:link>
 
-	<div id="feedback">
-		<div wicket:id="feedback"></div>
-	</div>
+</div>
 
-	<div id="content">
-		<wicket:child />
-	</div>
+<div id="feedback">
+    <div wicket:id="feedback"></div>
+</div>
+
+<div id="content">
+    <wicket:child/>
+</div>
 
 </body>
 </html>
diff --git a/src/main/java/org/wamblee/photos/wicket/BasePage.java b/src/main/java/org/wamblee/photos/wicket/BasePage.java
index f6c63d0..8e0cc49 100644
--- a/src/main/java/org/wamblee/photos/wicket/BasePage.java
+++ b/src/main/java/org/wamblee/photos/wicket/BasePage.java
@@ -15,16 +15,19 @@
  */
 package org.wamblee.photos.wicket;
 
+import java.security.Principal;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.wicket.RedirectToUrlException;
 import org.apache.wicket.markup.html.CSSPackageResource;
+import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.model.IModel;
+import org.wamblee.security.authentication.UserAdministration;
 import org.wamblee.wicket.behavior.TitleAttributeTooltipBehavior;
 import org.wamblee.wicket.css.ResetCssBehavior;
 import org.wamblee.wicket.page.ExpireBehavior;
@@ -35,6 +38,9 @@ public class BasePage extends WebApplicationBasePage {
     @Inject
     private HttpServletRequest request;
 
+    @Inject
+    private UserAdministration userAdmin;
+
     private boolean isExpired = false;
 
     public BasePage() {
@@ -44,8 +50,14 @@ public class BasePage extends WebApplicationBasePage {
     public BasePage(IModel aModel) {
         super(aModel);
 
-        if (request.getUserPrincipal() == null) {
-            redirectToLoginPage();
+        Principal userPrincipal = request.getUserPrincipal();
+        if (userPrincipal == null) {
+            throw redirectToLoginPage();
+        }
+        String username = userPrincipal.getName();
+        if (isAdminPage() && !isAdministrator(username)) {
+            error("Unauthorized URL accessed");
+            throw redirectToLoginPage();
         }
 
         add(new ResetCssBehavior());
@@ -70,6 +82,20 @@ public class BasePage extends WebApplicationBasePage {
                 throw redirectToLoginPage();
             }
         });
+
+        WebMarkupContainer adminAccess = new WebMarkupContainer("adminAccess");
+        if (!isAdministrator(username)) {
+            adminAccess.setVisible(false);
+        }
+        add(adminAccess);
+    }
+
+    protected boolean isAdminPage() {
+        return false;
+    }
+
+    protected boolean isAdministrator(String aUsername) {
+        return userAdmin.isInGroup(aUsername, "administrators");
     }
 
     private RedirectToUrlException redirectToLoginPage() {
diff --git a/src/main/java/org/wamblee/photos/wicket/EditProfilePage.html b/src/main/java/org/wamblee/photos/wicket/EditProfilePage.html
new file mode 100644
index 0000000..173e1a2
--- /dev/null
+++ b/src/main/java/org/wamblee/photos/wicket/EditProfilePage.html
@@ -0,0 +1,16 @@
+<html
+        xmlns:wicket="http://wicket.apache.org/dtds.data/wicket-xhtml1.4-strict.dtd">
+<head>
+    <title>Wicket Quickstart Archetype Homepage</title>
+</head>
+<body>
+<strong>Wicket Quickstart Archetype Homepage</strong>
+<br/>
+<br/>
+
+<wicket:extend>
+
+</wicket:extend>
+
+</body>
+</html>
diff --git a/src/main/java/org/wamblee/photos/wicket/EditProfilePage.java b/src/main/java/org/wamblee/photos/wicket/EditProfilePage.java
new file mode 100644
index 0000000..af53c5f
--- /dev/null
+++ b/src/main/java/org/wamblee/photos/wicket/EditProfilePage.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2005-2010 the original author or authors.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.wamblee.photos.wicket;
+
+import java.util.logging.Logger;
+
+import org.apache.wicket.PageParameters;
+
+/**
+ * Homepage
+ */
+public class EditProfilePage extends BasePage {
+
+    private static final Logger LOGGER = Logger.getLogger(EditProfilePage.class.getName());
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Constructor that is invoked when page is invoked without a session.
+     *
+     * @param parameters Page parameters
+     */
+    public EditProfilePage(final PageParameters parameters) throws Exception {
+        super();
+    }
+}
\ No newline at end of file
-- 
2.31.1