X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fwamblee%2Fphotos%2Fwicket%2FBasePage.java;h=c7f8e1f0013b1a702621b8406c5d3c6b22645bde;hb=dd3886dec356fe854a8498b070ca21bdfb0d56d2;hp=f6c63d00ccd104552e5e17047c48a40f3f8de390;hpb=6c8dd0362c097e5d3e40ca066b67ce6834e555df;p=photos

diff --git a/src/main/java/org/wamblee/photos/wicket/BasePage.java b/src/main/java/org/wamblee/photos/wicket/BasePage.java
index f6c63d0..c7f8e1f 100644
--- a/src/main/java/org/wamblee/photos/wicket/BasePage.java
+++ b/src/main/java/org/wamblee/photos/wicket/BasePage.java
@@ -15,16 +15,19 @@
  */
 package org.wamblee.photos.wicket;
 
+import java.security.Principal;
 import javax.inject.Inject;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.wicket.RedirectToUrlException;
 import org.apache.wicket.markup.html.CSSPackageResource;
+import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.model.IModel;
+import org.wamblee.security.authentication.UserAdministration;
 import org.wamblee.wicket.behavior.TitleAttributeTooltipBehavior;
 import org.wamblee.wicket.css.ResetCssBehavior;
 import org.wamblee.wicket.page.ExpireBehavior;
@@ -35,6 +38,9 @@ public class BasePage extends WebApplicationBasePage {
     @Inject
     private HttpServletRequest request;
 
+    @Inject
+    private transient UserAdministration userAdmin;
+
     private boolean isExpired = false;
 
     public BasePage() {
@@ -44,8 +50,14 @@ public class BasePage extends WebApplicationBasePage {
     public BasePage(IModel aModel) {
         super(aModel);
 
-        if (request.getUserPrincipal() == null) {
-            redirectToLoginPage();
+        Principal userPrincipal = request.getUserPrincipal();
+        if (userPrincipal == null) {
+            throw redirectToLoginPage();
+        }
+        String username = userPrincipal.getName();
+        if (isAdminPage() && !isAdministrator(username)) {
+            error("Unauthorized URL accessed");
+            throw redirectToLoginPage();
         }
 
         add(new ResetCssBehavior());
@@ -70,6 +82,20 @@ public class BasePage extends WebApplicationBasePage {
                 throw redirectToLoginPage();
             }
         });
+
+        WebMarkupContainer adminAccess = new WebMarkupContainer("adminAccess");
+        if (!isAdministrator(username)) {
+            adminAccess.setVisible(false);
+        }
+        add(adminAccess);
+    }
+
+    protected boolean isAdminPage() {
+        return false;
+    }
+
+    protected boolean isAdministrator(String aUsername) {
+        return userAdmin.isInGroup(aUsername, "administrators");
     }
 
     private RedirectToUrlException redirectToLoginPage() {