From 659f95c80851e47aa60935259cdfdaf1fdee2359 Mon Sep 17 00:00:00 2001
From: Rick Herrick <jrherrick@wustl.edu>
Date: Wed, 13 Apr 2016 17:13:01 -0500
Subject: [PATCH] Removing duplicate session storage in security context.
---
.../org/nrg/xnat/ajax/GrantProjectAccess.java | 3 +-
.../extensions/AuthenticationRestlet.java | 6 +-
.../xnat/restlet/guard/XnatSecureGuard.java | 103 ++++++------------
.../restlet/resources/SecureResource.java | 4 +-
.../nrg/xnat/restlet/resources/UserAuth.java | 74 ++++++-------
.../xnat/restlet/resources/UserSession.java | 9 +-
.../org/nrg/xnat/security/OnXnatLogin.java | 15 +--
.../XnatBasicAuthenticationFilter.java | 23 +---
.../security/XnatExpiredPasswordFilter.java | 3 +-
.../xnat/security/XnatInitCheckFilter.java | 3 +-
.../security/XnatSessionEventPublisher.java | 26 +++--
.../modules/actions/AcceptProjectAccess.java | 3 +-
.../actions/EditImageSessionAction.java | 3 +-
.../modules/actions/ManageProjectAccess.java | 7 +-
.../screens/DefaultPipelineScreen.java | 3 -
.../modules/screens/InactiveAccount.java | 2 +-
.../xnat/turbine/modules/screens/Index.java | 2 -
.../modules/screens/PipelineScreen.java | 6 -
.../screens/RequestProjectAccessForm.java | 12 +-
.../screens/XDATScreen_EditScript.java | 7 +-
.../screens/XDATScreen_UpdateUser.java | 2 +-
.../screens/XDATScreen_prearchives.java | 28 +++--
.../xdat-templates/macros/TurbineMacros.vm | 30 ++---
.../xdat-templates/navigations/NoMenuTop.vm | 17 ++-
.../navigations/NoninteractiveTop.vm | 16 ++-
.../xdat-templates/navigations/SubMenu1.vm | 3 +-
.../xdat-templates/navigations/SubMenu3.vm | 4 +-
.../xdat-templates/screens/DefaultReport.vm | 2 +-
.../screens/XDATScreen_active_sessions.vm | 2 +-
...XDATScreen_report_xdat_element_security.vm | 2 +-
.../XDATScreen_report_xdat_infoEntry.vm | 2 +-
.../XDATScreen_report_xdat_newsEntry.vm | 2 +-
.../XDATScreen_report_xdat_stored_search.vm | 2 +-
.../XDATScreen_report_xdat_userGroup.vm | 2 +-
.../xnat-templates/navigations/DefaultTop.vm | 6 +-
.../screens/BulkDeleteActionScreen.vm | 1 -
.../xnat-templates/screens/Configuration.vm | 3 +-
.../xnat-templates/screens/EditArcSpecs.vm | 2 +-
.../xnat-templates/screens/EditScript.vm | 2 +-
.../xnat-templates/screens/PrearchiveMatch.vm | 1 -
.../screens/ProjectSelectBox.vm | 55 +++++-----
.../xnat-templates/screens/ProjectSelector.vm | 2 -
.../screens/QuickCreateProject.vm | 2 +-
.../RequestProjectAccessDenialEmail.vm | 2 +-
.../webapp/xnat-templates/screens/Scripts.vm | 2 +-
.../webapp/xnat-templates/screens/Search.vm | 2 +-
.../screens/XDATScreen_MyXNAT.vm | 2 +-
.../screens/XDATScreen_UpdateUser.vm | 2 +-
.../screens/XDATScreen_emailSpecifications.vm | 2 +-
.../XDATScreen_report_wrk_workflowData.vm | 2 +-
...XDATScreen_report_xnat_investigatorData.vm | 2 +-
.../XDATScreen_report_xnat_projectData.vm | 2 +-
.../screens/XDATScreen_search_wizard2.vm | 4 +-
.../screens/XDATScreen_validate.vm | 2 +-
.../project/widgets/project_actions_box.vm | 2 +-
.../screens/topBar/Administer.vm | 2 +-
.../screens/topBar/New/Default.vm | 2 -
.../xnat-templates/screens/workflow_alert.vm | 4 +-
.../screens/xnat_experimentData/actions.vm | 13 ++-
.../screens/xnat_imageAssessorData/actions.vm | 2 +-
.../screens/xnat_imageAssessorData/report.vm | 4 +-
.../screens/xnat_imageSessionData/actions.vm | 2 +-
.../xnat_imageSessionData/edit/edit.vm | 8 +-
.../xnat_imageSessionData_report.vm | 4 +-
.../screens/xnat_mrSessionData_search.vm | 1 -
.../actionsBox/ManageFiles.vm | 4 +-
.../xnat_projectData_summary_management.vm | 2 +-
.../screens/xnat_qcManualAssessorData/edit.vm | 2 +-
.../screens/xnat_subjectData/actions.vm | 2 +-
.../xnat_subjectData_ProjectSelector.vm | 2 -
.../xnat_subjectData_resources.vm | 21 ++--
71 files changed, 275 insertions(+), 328 deletions(-)
diff --git a/src/main/java/org/nrg/xnat/ajax/GrantProjectAccess.java b/src/main/java/org/nrg/xnat/ajax/GrantProjectAccess.java
index 87acc64c..43c0230e 100644
--- a/src/main/java/org/nrg/xnat/ajax/GrantProjectAccess.java
+++ b/src/main/java/org/nrg/xnat/ajax/GrantProjectAccess.java
@@ -22,6 +22,7 @@ import org.apache.turbine.services.velocity.TurbineVelocity;
import org.apache.turbine.util.RunData;
import org.apache.turbine.util.TurbineException;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.display.DisplayManager;
import org.nrg.xdat.om.XnatProjectdata;
import org.nrg.xdat.turbine.utils.AdminUtils;
@@ -45,7 +46,7 @@ public class GrantProjectAccess {
}
RunData data = rundataService.getRunData(req, response, sc);
Context context = TurbineVelocity.getContext(data);
- UserI user = TurbineUtils.getUser(data);
+ UserI user = XDAT.getUserDetails();
XnatProjectdata project = XnatProjectdata.getXnatProjectdatasById(projectID, user, false);
diff --git a/src/main/java/org/nrg/xnat/restlet/extensions/AuthenticationRestlet.java b/src/main/java/org/nrg/xnat/restlet/extensions/AuthenticationRestlet.java
index a93c308c..5eeb09a1 100644
--- a/src/main/java/org/nrg/xnat/restlet/extensions/AuthenticationRestlet.java
+++ b/src/main/java/org/nrg/xnat/restlet/extensions/AuthenticationRestlet.java
@@ -23,6 +23,7 @@ import org.restlet.resource.Variant;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
@@ -92,13 +93,14 @@ public class AuthenticationRestlet extends Resource {
UsernamePasswordAuthenticationToken authRequest = manager.buildUPTokenForAuthMethod(_authMethod, _username, _password);
Authentication authentication = manager.authenticate(authRequest);
if (authentication.isAuthenticated()) {
- succeed();
+ succeed(authentication);
} else {
fail();
}
}
- private void succeed() {
+ private void succeed(final Authentication authentication) {
+ SecurityContextHolder.getContext().setAuthentication(authentication);
getResponse().setStatus(Status.SUCCESS_OK, "OK");
}
diff --git a/src/main/java/org/nrg/xnat/restlet/guard/XnatSecureGuard.java b/src/main/java/org/nrg/xnat/restlet/guard/XnatSecureGuard.java
index cddb49f1..6ca69473 100644
--- a/src/main/java/org/nrg/xnat/restlet/guard/XnatSecureGuard.java
+++ b/src/main/java/org/nrg/xnat/restlet/guard/XnatSecureGuard.java
@@ -10,12 +10,6 @@
*/
package org.nrg.xnat.restlet.guard;
-import java.util.UUID;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
import org.apache.turbine.util.TurbineException;
import org.nrg.xdat.XDAT;
import org.nrg.xdat.entities.AliasToken;
@@ -26,23 +20,22 @@ import org.nrg.xdat.turbine.modules.actions.SecureAction;
import org.nrg.xft.XFT;
import org.nrg.xft.security.UserI;
import org.nrg.xnat.restlet.representations.RESTLoginRepresentation;
-import org.nrg.xnat.restlet.resources.SecureResource;
import org.nrg.xnat.restlet.util.BrowserDetector;
import org.nrg.xnat.restlet.util.BrowserDetectorI;
import org.nrg.xnat.restlet.util.RequestUtil;
import org.restlet.Filter;
-import org.restlet.data.ChallengeRequest;
-import org.restlet.data.ChallengeResponse;
-import org.restlet.data.ChallengeScheme;
-import org.restlet.data.MediaType;
-import org.restlet.data.Request;
-import org.restlet.data.Response;
-import org.restlet.data.Status;
+import org.restlet.data.*;
import org.restlet.resource.Representation;
import org.restlet.resource.StringRepresentation;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.UUID;
public class XnatSecureGuard extends Filter {
- static org.apache.log4j.Logger logger = Logger.getLogger(XnatSecureGuard.class);
+ private static final Logger logger = LoggerFactory.getLogger(XnatSecureGuard.class);
private static final String HTTP_REALM = "XNAT Protected Area";
/**
@@ -52,7 +45,7 @@ public class XnatSecureGuard extends Filter {
*/
@Override
protected int beforeHandle(Request request, Response response) {
- if (authenticate(request, response)) {
+ if (authenticate(request)) {
return CONTINUE;
} else {
unauthorized(request, response);
@@ -96,71 +89,47 @@ public class XnatSecureGuard extends Filter {
return _aliasTokenService;
}
- private boolean authenticate(Request request, Response response) {
+ private boolean authenticate(Request request) {
// THIS BREAKS THE TRADITIONAL REST MODEL
// But, if the user is already logged into the website and navigates
// to a REST GET, they shouldn't have to re-login , TO
final HttpServletRequest httpRequest = getHttpServletRequest(request);
- final UserI sessionUser = getSessionUser(httpRequest);
+ final UserI sessionUser = XDAT.getUserDetails();
if (sessionUser != null) {
- //Check for a CsrfToken if necessary.
- try {
- //isCsrfTokenOk either returns true or throws an exception...
- SecureAction.isCsrfTokenOk(httpRequest,false);
- } catch (Exception e){
- throw new RuntimeException(e);//LOL.
+ //Check for a CsrfToken if necessary.
+ try {
+ //isCsrfTokenOk either returns true or throws an exception...
+ SecureAction.isCsrfTokenOk(httpRequest, false);
+ } catch (Exception e) {
+ throw new RuntimeException(e);//LOL.
+ }
+ return true;
+ } else {
+ UserI user;
+ final ChallengeResponse challengeResponse = request.getChallengeResponse();
+ if (challengeResponse != null) {
+ user = authenticateBasic(challengeResponse);
+ if (user != null) {
+ httpRequest.getSession().setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
+ return true;
}
-
- attachUser(request, sessionUser);
- return true;
- } else {
- try {
- UserI user = null;
- final ChallengeResponse challengeResponse = request
- .getChallengeResponse();
- if (challengeResponse != null) {
- user = authenticateBasic(challengeResponse);
- if (user != null) {
- attachUser(request, user);
- httpRequest.getSession().setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
+ }
+ else if (!XFT.GetRequireLogin()) {
+ try {
+ HttpSession session = httpRequest.getSession();
+ session.removeAttribute("loggedin");
+ user=Users.getGuest();
+ if (user!=null) {
return true;
}
+ } catch (Exception e) {
+ logger.error("",e);
}
- else if (!XFT.GetRequireLogin()) {
- try {
- HttpSession session = httpRequest.getSession();
- session.removeAttribute("loggedin");
- user=Users.getGuest();
- if (user!=null) {
- attachUser(request, user);
- return true;
- }
- } catch (Exception e) {
- logger.error("",e);
- }
- }
- } catch (RuntimeException e) {
- // We let this return an error to cause a 500 to return to the user. The only other
- // option is to throw a 401. But this wouldn't inform the user that there was an error.
- throw e;
}
}
return false;
}
- private UserI getSessionUser(HttpServletRequest httpRequest) {
- if(XDAT.getUserDetails()!=null){
- return XDAT.getUserDetails();
- }
- else{
- return (UserI) httpRequest.getSession().getAttribute(SecureResource.USER_ATTRIBUTE);
- }
- }
-
- private void attachUser(Request request, UserI user) {
- request.getAttributes().put(SecureResource.USER_ATTRIBUTE, user);
- }
-
private UserI authenticateBasic(ChallengeResponse challengeResponse) {
final String username = challengeResponse.getIdentifier();
final String password = new String(challengeResponse.getSecret());
diff --git a/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java b/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
index 8b63e41e..bbea23ef 100644
--- a/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
+++ b/src/main/java/org/nrg/xnat/restlet/resources/SecureResource.java
@@ -96,8 +96,6 @@ public abstract class SecureResource extends Resource {
private static final String ACTION = "action";
- public static final String USER_ATTRIBUTE = "user";
-
public static final String HANDLER = "handler";
public static Logger logger = Logger.getLogger(SecureResource.class);
@@ -152,7 +150,7 @@ public abstract class SecureResource extends Resource {
// expects that the user exists in the session (either via traditional
// session or set via the XnatSecureGuard
- user = (UserI) getRequest().getAttributes().get(USER_ATTRIBUTE);
+ user = XDAT.getUserDetails();
filepath = getRequest().getResourceRef().getRemainingPart();
if (filepath != null) {
diff --git a/src/main/java/org/nrg/xnat/restlet/resources/UserAuth.java b/src/main/java/org/nrg/xnat/restlet/resources/UserAuth.java
index 6ed5b141..3b6a2a0e 100644
--- a/src/main/java/org/nrg/xnat/restlet/resources/UserAuth.java
+++ b/src/main/java/org/nrg/xnat/restlet/resources/UserAuth.java
@@ -10,6 +10,7 @@
*/
package org.nrg.xnat.restlet.resources;
+import org.nrg.xdat.XDAT;
import org.nrg.xft.security.UserI;
import org.restlet.Context;
import org.restlet.data.MediaType;
@@ -21,41 +22,40 @@ import org.restlet.resource.StringRepresentation;
import org.restlet.resource.Variant;
public class UserAuth extends SecureResource {
-
- public UserAuth(Context context, Request request, Response response) {
- super(context, request, response);
-
- getVariants().add(new Variant(MediaType.TEXT_PLAIN));
- }
-
- @Override
- public Representation represent(Variant variant) throws ResourceException {
- return userAuthRepresentation();
- }
-
- private Representation userAuthRepresentation() {
- UserI loggedInUser = (UserI) getRequest().getAttributes().get(USER_ATTRIBUTE);
- return new StringRepresentation(String.format("User '%s' is logged in.", loggedInUser.getUsername()),
- MediaType.TEXT_PLAIN);
- }
-
- @Override
- public boolean allowGet() {
- return true;
- }
-
- @Override
- public boolean allowDelete() {
- return false;
- }
-
- @Override
- public boolean allowPost() {
- return false;
- }
-
- @Override
- public boolean allowPut() {
- return false;
- }
+
+ public UserAuth(Context context, Request request, Response response) {
+ super(context, request, response);
+
+ getVariants().add(new Variant(MediaType.TEXT_PLAIN));
+ }
+
+ @Override
+ public Representation represent(Variant variant) throws ResourceException {
+ return userAuthRepresentation();
+ }
+
+ private Representation userAuthRepresentation() {
+ UserI loggedInUser = XDAT.getUserDetails();
+ return new StringRepresentation(String.format("User '%s' is logged in.", loggedInUser.getUsername()), MediaType.TEXT_PLAIN);
+ }
+
+ @Override
+ public boolean allowGet() {
+ return true;
+ }
+
+ @Override
+ public boolean allowDelete() {
+ return false;
+ }
+
+ @Override
+ public boolean allowPost() {
+ return false;
+ }
+
+ @Override
+ public boolean allowPut() {
+ return false;
+ }
}
diff --git a/src/main/java/org/nrg/xnat/restlet/resources/UserSession.java b/src/main/java/org/nrg/xnat/restlet/resources/UserSession.java
index 3808a7b9..6d0ba78e 100644
--- a/src/main/java/org/nrg/xnat/restlet/resources/UserSession.java
+++ b/src/main/java/org/nrg/xnat/restlet/resources/UserSession.java
@@ -10,10 +10,6 @@
*/
package org.nrg.xnat.restlet.resources;
-import java.util.UUID;
-
-import javax.servlet.http.HttpServletRequest;
-
import org.nrg.xdat.security.helpers.UserHelper;
import org.nrg.xft.security.UserI;
import org.restlet.Context;
@@ -25,6 +21,8 @@ import org.restlet.resource.ResourceException;
import org.restlet.resource.StringRepresentation;
import org.restlet.resource.Variant;
+import java.util.UUID;
+
public class UserSession extends SecureResource {
protected UserI user = null;
@@ -34,10 +32,7 @@ public class UserSession extends SecureResource {
getVariants().add(new Variant(MediaType.TEXT_PLAIN));
// copy the user from the request into the session
- getHttpSession().setAttribute(USER_ATTRIBUTE, getRequest().getAttributes().get(USER_ATTRIBUTE));
-
getHttpSession().setAttribute("userHelper", UserHelper.getUserHelperService(user));
-
getHttpSession().setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
}
diff --git a/src/main/java/org/nrg/xnat/security/OnXnatLogin.java b/src/main/java/org/nrg/xnat/security/OnXnatLogin.java
index ce210beb..f8e20eff 100644
--- a/src/main/java/org/nrg/xnat/security/OnXnatLogin.java
+++ b/src/main/java/org/nrg/xnat/security/OnXnatLogin.java
@@ -19,6 +19,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.security.helpers.UserHelper;
import org.nrg.xdat.security.helpers.Users;
import org.nrg.xdat.turbine.utils.AccessLogger;
@@ -45,19 +46,7 @@ public class OnXnatLogin extends SavedRequestAwareAuthenticationSuccessHandler {
}
try{
- SecurityContext securityContext = SecurityContextHolder.getContext();
-
- UserI user= null;
- Object principal = securityContext.getAuthentication().getPrincipal();
-
- if(principal instanceof UserI){
- user = (UserI)principal;
- }
- else if (principal instanceof String){
- user = Users.getUser((String)principal);
- }
-
- request.getSession().setAttribute("user", user);
+ final UserI user = XDAT.getUserDetails();
request.getSession().setAttribute("XNAT_CSRF", UUID.randomUUID().toString());
java.util.Date today = java.util.Calendar.getInstance(java.util.TimeZone.getDefault()).getTime();
diff --git a/src/main/java/org/nrg/xnat/security/XnatBasicAuthenticationFilter.java b/src/main/java/org/nrg/xnat/security/XnatBasicAuthenticationFilter.java
index f6665010..3f78e5c3 100644
--- a/src/main/java/org/nrg/xnat/security/XnatBasicAuthenticationFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatBasicAuthenticationFilter.java
@@ -11,8 +11,8 @@
package org.nrg.xnat.security;
import com.google.common.collect.Maps;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.security.helpers.UserHelper;
-import org.nrg.xdat.security.helpers.Users;
import org.nrg.xdat.turbine.utils.AccessLogger;
import org.nrg.xdat.turbine.utils.AdminUtils;
import org.nrg.xft.XFTItem;
@@ -25,7 +25,6 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.AuthenticationEntryPoint;
@@ -37,8 +36,6 @@ import org.springframework.security.web.authentication.www.BasicAuthenticationFi
import javax.inject.Inject;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -154,23 +151,7 @@ public class XnatBasicAuthenticationFilter extends BasicAuthenticationFilter {
protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response,
Authentication authResult) throws IOException {
try {
- SecurityContext securityContext = SecurityContextHolder.getContext();
-
- UserI user = null;
- Object principal = securityContext.getAuthentication().getPrincipal();
-
- if (principal instanceof UserI) {
- user = (UserI) principal;
- } else if (principal instanceof String) {
- user = Users.getUser((String) principal);
- }
-
- if (user == null) {
- throw new RuntimeException("Unable to find user object for principal: " + principal);
- }
-
- request.getSession().setAttribute("user", user);
-
+ final UserI user = XDAT.getUserDetails();
Object lock = locks.get(user.getID());
if (lock == null) {
locks.put(user.getID(), new Object());
diff --git a/src/main/java/org/nrg/xnat/security/XnatExpiredPasswordFilter.java b/src/main/java/org/nrg/xnat/security/XnatExpiredPasswordFilter.java
index 290dc4f5..845c9706 100644
--- a/src/main/java/org/nrg/xnat/security/XnatExpiredPasswordFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatExpiredPasswordFilter.java
@@ -14,6 +14,7 @@ import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.nrg.config.exceptions.SiteConfigurationException;
import org.nrg.config.services.SiteConfigurationService;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.entities.AliasToken;
import org.nrg.xdat.entities.UserRole;
import org.nrg.xdat.om.ArcArchivespecification;
@@ -65,7 +66,7 @@ public class XnatExpiredPasswordFilter extends GenericFilterBean {
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) req;
final HttpServletResponse response = (HttpServletResponse) res;
- UserI user = (UserI) request.getSession().getAttribute("user");
+ UserI user = XDAT.getUserDetails();
Object passwordExpired = request.getSession().getAttribute("expired");
// MIGRATION: Need to remove arcspec.
ArcArchivespecification _arcSpec = ArcSpecManager.GetInstance();
diff --git a/src/main/java/org/nrg/xnat/security/XnatInitCheckFilter.java b/src/main/java/org/nrg/xnat/security/XnatInitCheckFilter.java
index 07e932cb..cd2826f9 100644
--- a/src/main/java/org/nrg/xnat/security/XnatInitCheckFilter.java
+++ b/src/main/java/org/nrg/xnat/security/XnatInitCheckFilter.java
@@ -21,6 +21,7 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.om.ArcArchivespecification;
import org.nrg.xdat.security.helpers.Roles;
import org.nrg.xdat.turbine.utils.TurbineUtils;
@@ -43,7 +44,7 @@ public class XnatInitCheckFilter extends GenericFilterBean {
//If arc spec has already been set, do not redirect.
chain.doFilter(req, res);
} else {
- final UserI user = (UserI) request.getSession().getAttribute("user");
+ final UserI user = XDAT.getUserDetails();
final String uri = request.getRequestURI();
if (user == null) {
diff --git a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
index 438179c1..19ccdfc7 100644
--- a/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
+++ b/src/main/java/org/nrg/xnat/security/XnatSessionEventPublisher.java
@@ -11,11 +11,14 @@
package org.nrg.xnat.security;
import org.nrg.xft.security.UserI;
-import org.nrg.xnat.restlet.resources.SecureResource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.authentication.AnonymousAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.session.HttpSessionCreatedEvent;
import org.springframework.security.web.session.HttpSessionDestroyedEvent;
import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -64,13 +67,20 @@ public class XnatSessionEventPublisher implements HttpSessionListener, ServletCo
final Date today = Calendar.getInstance(TimeZone.getDefault()).getTime();
try {
- final UserI user = (UserI) event.getSession().getAttribute(SecureResource.USER_ATTRIBUTE);
- if (user != null) {
- final String userId = user.getID().toString();
- final Timestamp stamp = new Timestamp(today.getTime());
- //sessionId's aren't guaranteed to be unique forever. But, the likelihood of sessionId and userId not forming a unique combo with a null logout_date is slim.
- //noinspection SqlDialectInspection,SqlNoDataSourceInspection,SqlResolve
- _template.execute("UPDATE xdat_user_login SET logout_date='" + stamp + "' WHERE logout_date is null and session_id='" + sessionId + "' and user_xdat_user_id='" + userId + "';");
+ final Object contextCandidate = event.getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY);
+ if (contextCandidate != null && contextCandidate instanceof SecurityContext) {
+ final SecurityContext context = (SecurityContext) contextCandidate;
+ final Authentication authentication = context.getAuthentication();
+ if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
+ final Object userCandidate = authentication.getPrincipal();
+ if (userCandidate != null && userCandidate instanceof UserI) {
+ final String userId = ((UserI) userCandidate).getID().toString();
+ final Timestamp stamp = new Timestamp(today.getTime());
+ //sessionId's aren't guaranteed to be unique forever. But, the likelihood of sessionId and userId not forming a unique combo with a null logout_date is slim.
+ //noinspection SqlDialectInspection,SqlNoDataSourceInspection,SqlResolve
+ _template.execute("UPDATE xdat_user_login SET logout_date='" + stamp + "' WHERE logout_date is null and session_id='" + sessionId + "' and user_xdat_user_id='" + userId + "';");
+ }
+ }
}
} catch (Exception e) {
//remember, anonymous gets a session, too. Those won't be in the table. Fail silently.
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/actions/AcceptProjectAccess.java b/src/main/java/org/nrg/xnat/turbine/modules/actions/AcceptProjectAccess.java
index 5aeeaa47..86a61a48 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/actions/AcceptProjectAccess.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/actions/AcceptProjectAccess.java
@@ -17,6 +17,7 @@ import org.apache.log4j.Logger;
import org.apache.turbine.Turbine;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.om.XnatProjectdata;
import org.nrg.xdat.turbine.modules.actions.SecureAction;
import org.nrg.xdat.turbine.utils.TurbineUtils;
@@ -27,7 +28,7 @@ public class AcceptProjectAccess extends SecureAction {
@Override
public void doPerform(RunData data, Context context) throws Exception {
- UserI user = TurbineUtils.getUser(data);
+ UserI user = XDAT.getUserDetails();
if (user == null) {
user = (UserI) context.get("user");
}
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/actions/EditImageSessionAction.java b/src/main/java/org/nrg/xnat/turbine/modules/actions/EditImageSessionAction.java
index 0a4ca9c9..9cb143a5 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/actions/EditImageSessionAction.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/actions/EditImageSessionAction.java
@@ -12,6 +12,7 @@ package org.nrg.xnat.turbine.modules.actions;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.security.XDATUser;
import org.nrg.xft.XFTItem;
import org.slf4j.Logger;
@@ -33,7 +34,7 @@ public class EditImageSessionAction extends ModifySubjectAssessorData {
try {
// Migration: Is there a UserI-friendly version of XDATUser.clearBrowseableElementDisplays() and its kin?
- ((XDATUser) data.getSession().getAttribute("user")).clearBrowseableElementDisplays();
+ ((XDATUser) XDAT.getUserDetails()).clearBrowseableElementDisplays();
if (item.getProperty("note") == null) {
item.setProperty("note", "NULL");
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/actions/ManageProjectAccess.java b/src/main/java/org/nrg/xnat/turbine/modules/actions/ManageProjectAccess.java
index b6e41c4b..feba56fc 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/actions/ManageProjectAccess.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/actions/ManageProjectAccess.java
@@ -12,6 +12,7 @@ package org.nrg.xnat.turbine.modules.actions;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.om.XnatProjectdata;
import org.nrg.xdat.om.base.BaseXnatProjectdata;
import org.nrg.xdat.security.helpers.Groups;
@@ -86,7 +87,7 @@ public class ManageProjectAccess extends SecureAction {
PersistentWorkflowUtils.save(wrk2, c);
}
if (sendmail) {
- context.put("user", TurbineUtils.getUser(data));
+ context.put("user", XDAT.getUserDetails());
context.put("server", TurbineUtils.GetFullServerPath());
context.put("process", "Transfer to the archive.");
context.put("system", TurbineUtils.GetSystemName());
@@ -120,7 +121,7 @@ public class ManageProjectAccess extends SecureAction {
PersistentWorkflowUtils.complete(wrk2, c);
}
if (sendmail) {
- context.put("user", TurbineUtils.getUser(data));
+ context.put("user", XDAT.getUserDetails());
context.put("server", TurbineUtils.GetFullServerPath());
context.put("process", "Transfer to the archive.");
context.put("system", TurbineUtils.GetSystemName());
@@ -154,7 +155,7 @@ public class ManageProjectAccess extends SecureAction {
PersistentWorkflowUtils.complete(wrk2, c);
}
if (sendmail) {
- context.put("user", TurbineUtils.getUser(data));
+ context.put("user", XDAT.getUserDetails());
context.put("server", TurbineUtils.GetFullServerPath());
context.put("process", "Transfer to the archive.");
context.put("system", TurbineUtils.GetSystemName());
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/DefaultPipelineScreen.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/DefaultPipelineScreen.java
index 4fd7d434..db9a989c 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/DefaultPipelineScreen.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/DefaultPipelineScreen.java
@@ -158,9 +158,6 @@ public abstract class DefaultPipelineScreen extends SecureReport {
context.put("item", item.getItem());
if (XFT.VERBOSE)
System.out.println("Loaded item object (org.nrg.xft.ItemI) as context parameter 'item'.");
- context.put("user", TurbineUtils.getUser(data));
- if (XFT.VERBOSE)
- System.out.println("Loaded user object (org.nrg.xdat.security.UserI) as context parameter 'user'.");
context.put("element", SchemaElement.GetElement(item.getXSIType()));
context.put("search_element", TurbineUtils.GetPassedParameter("search_element", data));
context.put("search_field", TurbineUtils.GetPassedParameter("search_field", data));
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/InactiveAccount.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/InactiveAccount.java
index a85fd202..41e11d15 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/InactiveAccount.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/InactiveAccount.java
@@ -56,7 +56,7 @@ public class InactiveAccount extends VelocitySecureScreen {
context.put("topMessage", "Your account has been disabled due to inactivity.<br>" +
"Enter your email address to send a reactivation email.");
} else {
- UserI user = (UserI) data.getSession().getAttribute("user");
+ UserI user = XDAT.getUserDetails();
// If the user isn't already logged in...
if(user == null || user.getUsername().equals("guest")) {
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/Index.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/Index.java
index 4fcc1863..b3e67183 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/Index.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/Index.java
@@ -60,8 +60,6 @@ public class Index extends SecureScreen {
context.put("sub_count", UserHelper.getUserHelperService(user).getTotalCounts().get("xnat:subjectData"));
- context.put("user", user);
-
Long isd_count=(Long)PoolDBUtils.ReturnStatisticQuery("SELECT COUNT(*) FROM xnat_imageSessionData", "count", TurbineUtils.getUser(data).getDBName(), TurbineUtils.getUser(data).getUsername());
context.put("isd_count", isd_count);
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/PipelineScreen.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/PipelineScreen.java
index d7968268..adf02c39 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/PipelineScreen.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/PipelineScreen.java
@@ -164,12 +164,6 @@ public abstract class PipelineScreen extends SecureReport {
if(XFT.VERBOSE)System.out.println("Loaded item object (org.nrg.xft.ItemI) as context parameter 'item'.");
- context.put("user",TurbineUtils.getUser(data));
-
- if(XFT.VERBOSE)System.out.println("Loaded user object (org.nrg.xdat.security.UserI) as context parameter 'user'.");
-
-
-
context.put("element",org.nrg.xdat.schema.SchemaElement.GetElement(item.getXSIType()));
context.put("search_element",((String)org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedParameter("search_element",data)));
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/RequestProjectAccessForm.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/RequestProjectAccessForm.java
index 9305e2ea..a815bbc1 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/RequestProjectAccessForm.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/RequestProjectAccessForm.java
@@ -12,6 +12,7 @@ package org.nrg.xnat.turbine.modules.screens;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.om.XnatProjectdata;
import org.nrg.xdat.security.helpers.Permissions;
import org.nrg.xdat.security.helpers.Users;
@@ -23,8 +24,8 @@ public class RequestProjectAccessForm extends SecureScreen {
private XnatProjectdata project = null;
@Override
protected void doBuildTemplate(RunData data, Context context) throws Exception {
- String p = ((String)org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedParameter("project",data));
- UserI user = TurbineUtils.getUser(data);
+ String p = ((String) TurbineUtils.GetPassedParameter("project",data));
+ UserI user = XDAT.getUserDetails();
if (project==null){
project = XnatProjectdata.getXnatProjectdatasById(p, user, false);
}
@@ -35,8 +36,8 @@ public class RequestProjectAccessForm extends SecureScreen {
return;
}
- String access_level = ((String)org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedParameter("access_level",data));
- Integer id = ((Integer)org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedInteger("id",data));
+ String access_level = ((String) TurbineUtils.GetPassedParameter("access_level",data));
+ Integer id = TurbineUtils.GetPassedInteger("id", data);
UserI other =Users.getUser(id);
context.put("user", other);
@@ -48,7 +49,4 @@ public class RequestProjectAccessForm extends SecureScreen {
public boolean allowGuestAccess() {
return false;
}
-
-
-
}
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_EditScript.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_EditScript.java
index 8bc5eee8..018bcd21 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_EditScript.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_EditScript.java
@@ -12,17 +12,20 @@ package org.nrg.xnat.turbine.modules.screens;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.security.helpers.Roles;
import org.nrg.xdat.turbine.modules.screens.SecureScreen;
import org.nrg.xdat.turbine.utils.TurbineUtils;
+import org.nrg.xft.security.UserI;
import org.nrg.xnat.helpers.prearchive.PrearcUtils;
public class XDATScreen_EditScript extends SecureScreen {
@Override
protected void doBuildTemplate(RunData arg0, Context arg1) throws Exception {
- arg1.put("user", TurbineUtils.getUser(arg0).getUsername());
- if (Roles.isSiteAdmin(TurbineUtils.getUser(arg0))) {
+ final UserI user = XDAT.getUserDetails();
+ arg1.put("user", user.getUsername());
+ if (Roles.isSiteAdmin(user)) {
arg1.put("isAdmin","true");
}
else {
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_UpdateUser.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_UpdateUser.java
index 4049a227..77262055 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_UpdateUser.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_UpdateUser.java
@@ -52,7 +52,7 @@ public class XDATScreen_UpdateUser extends SecureScreen {
context.put("item", user);
}
} else {
- user = (UserI) data.getSession().getAttribute("user");
+ user = XDAT.getUserDetails();
// If the user isn't already logged in...
if(user == null || user.getUsername().equals("guest")) {
diff --git a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_prearchives.java b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_prearchives.java
index d1327d58..da04fce9 100644
--- a/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_prearchives.java
+++ b/src/main/java/org/nrg/xnat/turbine/modules/screens/XDATScreen_prearchives.java
@@ -12,33 +12,31 @@ package org.nrg.xnat.turbine.modules.screens;
import org.apache.turbine.util.RunData;
import org.apache.velocity.context.Context;
+import org.nrg.xdat.XDAT;
import org.nrg.xdat.security.helpers.Roles;
import org.nrg.xdat.turbine.modules.screens.SecureScreen;
-import org.nrg.xdat.turbine.utils.TurbineUtils;
import org.nrg.xnat.turbine.utils.XNATUtils;
import java.util.Hashtable;
+@SuppressWarnings("unused")
public class XDATScreen_prearchives extends SecureScreen {
/* (non-Javadoc)
* @see org.apache.turbine.modules.screens.VelocityScreen#doBuildTemplate(org.apache.turbine.util.RunData, org.apache.velocity.context.Context)
*/
protected void doBuildTemplate(final RunData data, final Context context) {
- try {
- context.put("user", TurbineUtils.getUser(data).getUsername());
- final Hashtable hash = XNATUtils.getInvestigatorsForRead("xnat:mrSessionData",data);
- context.put("investigators", hash);
+ try {
+ final Hashtable hash = XNATUtils.getInvestigatorsForRead("xnat:mrSessionData", data);
+ context.put("investigators", hash);
- if (data.getParameters().containsKey("project")) {
- context.put("project", org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedParameter("project",data));
- }
- if(Roles.isSiteAdmin(TurbineUtils.getUser(data))){
- context.put("role","admin");
+ if (data.getParameters().containsKey("project")) {
+ context.put("project", org.nrg.xdat.turbine.utils.TurbineUtils.GetPassedParameter("project", data));
+ }
+ if (Roles.isSiteAdmin(XDAT.getUserDetails())) {
+ context.put("role", "admin");
+ }
+ } catch (Exception e) {
+ log.error(e);
}
- } catch (Exception e) {
- log.error(e);
- e.printStackTrace();
- }
}
-
}
diff --git a/src/main/webapp/xdat-templates/macros/TurbineMacros.vm b/src/main/webapp/xdat-templates/macros/TurbineMacros.vm
index 8306c7ed..649c48bf 100644
--- a/src/main/webapp/xdat-templates/macros/TurbineMacros.vm
+++ b/src/main/webapp/xdat-templates/macros/TurbineMacros.vm
@@ -1640,15 +1640,15 @@ $!turbineUtils.escapeJS($s)
#if($turbineUtils.toBoolean($siteConfig.getProperty("UI.debug-extension-points","false")))document.write("<div class='extension_js'>/templates/screens/$subFolder</div>")#end
#foreach($screenProps in $turbineUtils.getTemplates($subFolder))
#set($templateFileName=$screenProps.getProperty("path"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
#if($turbineUtils.toBoolean($screenProps.getProperty("allowGuest","false")))
#parse("/screens/$templateFileName")
#end
#elseif($screenProps.getProperty("adminOnly"))
- #if($turbineUtils.toBoolean($data.getSession().getAttribute("user").checkRole("Administrator"),"false"))
+ #if($turbineUtils.isSiteAdmin($user))
#parse("/screens/$templateFileName")
#end
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
#parse("/screens/$templateFileName")
#end
#end
@@ -1659,15 +1659,15 @@ $!turbineUtils.escapeJS($s)
#if($turbineUtils.toBoolean($siteConfig.getProperty("UI.debug-extension-points","false")))document.write("<div class='extension_js'>/templates/screens/$dataType/$subFolder</div>")#end
#foreach($screenProps in $turbineUtils.getTemplates($dataType,$subFolder))
#set($templateFileName=$screenProps.getProperty("path"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
#if($turbineUtils.toBoolean($screenProps.getProperty("allowGuest","false")))
#parse("/screens/$templateFileName")
#end
#elseif($screenProps.getProperty("adminOnly"))
- #if($turbineUtils.toBoolean($data.getSession().getAttribute("user").checkRole("Administrator"),"false"))
+ #if($turbineUtils.isSiteAdmin($user))
#parse("/screens/$templateFileName")
#end
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
#parse("/screens/$templateFileName")
#end
#end
@@ -1678,15 +1678,15 @@ $!turbineUtils.escapeJS($s)
#if($turbineUtils.toBoolean($siteConfig.getProperty("UI.debug-extension-points","false")))<div class="extension">/templates/screens/$subFolder</div>#end
#foreach($screenProps in $turbineUtils.getTemplates($subFolder))
#set($templateFileName=$screenProps.getProperty("path"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
#if($turbineUtils.toBoolean($screenProps.getProperty("allowGuest","false")))
#parse("/screens/$templateFileName")
#end
#elseif($screenProps.getProperty("adminOnly"))
- #if($turbineUtils.toBoolean($data.getSession().getAttribute("user").checkRole("Administrator"),"false"))
+ #if($turbineUtils.isSiteAdmin($user))
#parse("/screens/$templateFileName")
#end
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
#parse("/screens/$templateFileName")
#end
#end
@@ -1697,15 +1697,15 @@ $!turbineUtils.escapeJS($s)
#if($turbineUtils.toBoolean($siteConfig.getProperty("UI.debug-extension-points","false")))<div class="extension">/templates/screens/$dataType/$subFolder</div>#end
#foreach($screenProps in $turbineUtils.getTemplates($dataType,$subFolder))
#set($templateFileName=$screenProps.getProperty("path"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
#if($turbineUtils.toBoolean($screenProps.getProperty("allowGuest","false")))
#parse("/screens/$templateFileName")
#end
#elseif($screenProps.getProperty("adminOnly"))
- #if($turbineUtils.toBoolean($data.getSession().getAttribute("user").checkRole("Administrator"),"false"))
+ #if($turbineUtils.isSiteAdmin($user))
#parse("/screens/$templateFileName")
#end
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
#parse("/screens/$templateFileName")
#end
#end
@@ -1715,15 +1715,15 @@ $!turbineUtils.escapeJS($s)
#set($hasCustomScreens = false)
#foreach($screenProps in $turbineUtils.getTemplates($dataType,$subFolder))
#set($templateFileName=$screenProps.getProperty("path"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
#if($turbineUtils.toBoolean($screenProps.getProperty("allowGuest","false")))
#set($hasCustomScreens = true)
#end
#elseif($screenProps.getProperty("adminOnly"))
- #if($turbineUtils.toBoolean($data.getSession().getAttribute("user").checkRole("Administrator"),"false"))
+ #if($turbineUtils.isSiteAdmin($user))
#set($hasCustomScreens = true)
#end
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
#set($hasCustomScreens = true)
#end
#end
diff --git a/src/main/webapp/xdat-templates/navigations/NoMenuTop.vm b/src/main/webapp/xdat-templates/navigations/NoMenuTop.vm
index 4279a873..89a5773d 100644
--- a/src/main/webapp/xdat-templates/navigations/NoMenuTop.vm
+++ b/src/main/webapp/xdat-templates/navigations/NoMenuTop.vm
@@ -1,16 +1,23 @@
-##Copyright 2005 Harvard University / Howard Hughes Medical Institute (HHMI) All Rights Reserved
+#* @vtlvariable name="data" type="org.apache.turbine.util.RunData" *#
+#* @vtlvariable name="turbineUtils" type="org.nrg.xdat.turbine.utils.TurbineUtils" *#
+#* @vtlvariable name="page" type="org.apache.turbine.util.template.HtmlPageAttributes" *#
+#* @vtlvariable name="last_login" type="java.util.Date" *#
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
+#* @vtlvariable name="ui" type="org.apache.turbine.services.pull.util.UIManager" *#
+#* @vtlvariable name="link" type="org.apache.turbine.services.pull.tools.TemplateLink" *#
$page.setBgColor($ui.bgcolor)
<div id="user_bar" class="no_menu">
#if($last_login)
<span id="last_login">Last login: $turbineUtils.formatDateTime($last_login)</span>
#end
- #if($data.getSession().getAttribute("user"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($user)
+ #set($username = $user.getUsername())
+ #if($turbineUtils.isGuest($user))
<span id="user_info">Logged in as: <span style="color:red;">Guest</span> <b>|</b> <a href="$link.setPage("Login.vm")">Login</a> <b>|</b> <a href="$link.setPage("Register.vm")">Register</a></span>
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($username)
## use default timout value from web.xml as the starting text in the "timeLeft" element
- <span id="user_info">Logged in as: <a href="$link.setPage("XDATScreen_UpdateUser.vm")">$!data.getSession().getAttribute("user").getUsername()</a> <b>|</b> <a href="$link.setAction("LogoutUser")">Logout</a></span>
+ <span id="user_info">Logged in as: <a href="$link.setPage("XDATScreen_UpdateUser.vm")">$!username</a> <b>|</b> <a href="$link.setAction("LogoutUser")">Logout</a></span>
#end
#end
<div class="clear"></div>
diff --git a/src/main/webapp/xdat-templates/navigations/NoninteractiveTop.vm b/src/main/webapp/xdat-templates/navigations/NoninteractiveTop.vm
index a6ace1ec..cc653ef0 100644
--- a/src/main/webapp/xdat-templates/navigations/NoninteractiveTop.vm
+++ b/src/main/webapp/xdat-templates/navigations/NoninteractiveTop.vm
@@ -1,3 +1,10 @@
+#* @vtlvariable name="data" type="org.apache.turbine.util.RunData" *#
+#* @vtlvariable name="turbineUtils" type="org.nrg.xdat.turbine.utils.TurbineUtils" *#
+#* @vtlvariable name="page" type="org.apache.turbine.util.template.HtmlPageAttributes" *#
+#* @vtlvariable name="last_login" type="java.util.Date" *#
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
+#* @vtlvariable name="ui" type="org.apache.turbine.services.pull.util.UIManager" *#
+#* @vtlvariable name="link" type="org.apache.turbine.services.pull.tools.TemplateLink" *#
<!-- BEGIN NoninteractiveTop.vm -->
$page.setBgColor($ui.bgcolor)
@@ -5,12 +12,13 @@ $page.setBgColor($ui.bgcolor)
#if($last_login)
<span id="last_login">Last login: $turbineUtils.formatDateTime($last_login)</span>
#end
- #if($data.getSession().getAttribute("user"))
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($user)
+ #set($username = $user.getUsername())
+ #if($turbineUtils.isGuest($user))
<span id="user_info">Logged in as: <span style="color:red;">Guest</span>
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($username)
## use default timout value from web.xml as the starting text in the "timeLeft" element
- <span id="user_info">Logged in as: <i>$!data.getSession().getAttribute("user").getUsername()</i> <b>|</b> <a href="$link.setAction("LogoutUser")">Logout</a></span>
+ <span id="user_info">Logged in as: <i>$!username</i> <b>|</b> <a href="$link.setAction("LogoutUser")">Logout</a></span>
#end
#end
<div class="clear"></div>
diff --git a/src/main/webapp/xdat-templates/navigations/SubMenu1.vm b/src/main/webapp/xdat-templates/navigations/SubMenu1.vm
index b836d9cf..bc9e6dca 100644
--- a/src/main/webapp/xdat-templates/navigations/SubMenu1.vm
+++ b/src/main/webapp/xdat-templates/navigations/SubMenu1.vm
@@ -1,5 +1,6 @@
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
##Copyright 2005 Harvard University / Howard Hughes Medical Institute (HHMI) All Rights Reserved
-#set ($actionObjects = $data.getSession().getAttribute("user").getActionCollection() )
+#set ($actionObjects = $user.getActionCollection() )
#if ($actionObjects.size() > 1)
<table align="left" valign="top">
<tr>
diff --git a/src/main/webapp/xdat-templates/navigations/SubMenu3.vm b/src/main/webapp/xdat-templates/navigations/SubMenu3.vm
index 3d40ee01..8cecd884 100644
--- a/src/main/webapp/xdat-templates/navigations/SubMenu3.vm
+++ b/src/main/webapp/xdat-templates/navigations/SubMenu3.vm
@@ -1,10 +1,10 @@
##Copyright 2005 Harvard University / Howard Hughes Medical Institute (HHMI) All Rights Reserved
-#if ($data.getSession().getAttribute("user").getStoredSearches().size()>0)
+#if ($user.getStoredSearches().size()>0)
<table align="left" valign="top">
<tr>
<td>
<b style="text-decoration:underline">Bundles</b><br>
- ${data.getSession().getAttribute("user").outputBundleHTMLMenu()}
+ ${user.outputBundleHTMLMenu()}
</td>
</tr>
diff --git a/src/main/webapp/xdat-templates/screens/DefaultReport.vm b/src/main/webapp/xdat-templates/screens/DefaultReport.vm
index c0cd2762..2558e1f1 100644
--- a/src/main/webapp/xdat-templates/screens/DefaultReport.vm
+++ b/src/main/webapp/xdat-templates/screens/DefaultReport.vm
@@ -8,7 +8,7 @@
$!data_item
</TD>
<td valign="top">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</td>
</TR>
</TABLE>
\ No newline at end of file
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_active_sessions.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_active_sessions.vm
index ce8d8b40..df395444 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_active_sessions.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_active_sessions.vm
@@ -12,7 +12,7 @@
#foreach($session in $sessions)
<tr>
<td NOWRAP><A name="LINK${sessionCounter}" HREF="#LINK${sessionCounter}" onClick=" return blocking($sessionCounter);">
- <img ID="IMG$sessionCounter" src="$content.getURI("images/plus.jpg")" border=0> $!session.getAttribute("user").getLogin()</A></td>
+ <img ID="IMG$sessionCounter" src="$content.getURI("images/plus.jpg")" border=0> $!user.getLogin()</A></td>
<td>$!turbineUtils.formatDateTime($session.getCreationTime())</td>
<td>$!turbineUtils.formatDateTime($session.getLastAccessedTime())</td>
<td>
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_element_security.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_element_security.vm
index c6ef1824..cfedb7ac 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_element_security.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_element_security.vm
@@ -170,7 +170,7 @@ $page.setVlinkColor($ui.vlink)
</TR>
</TABLE>
<td valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</td>
</TR>
</TABLE>
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_infoEntry.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_infoEntry.vm
index 1bb97020..77e960ca 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_infoEntry.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_infoEntry.vm
@@ -31,7 +31,7 @@ $page.setVlinkColor($ui.vlink)
</TABLE>
</TD>
<TD valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</TD>
</TR>
</TABLE>
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_newsEntry.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_newsEntry.vm
index be7aad92..28746aad 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_newsEntry.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_newsEntry.vm
@@ -31,7 +31,7 @@ $page.setVlinkColor($ui.vlink)
</TABLE>
</TD>
<TD valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</TD>
</TR>
</TABLE>
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_stored_search.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_stored_search.vm
index 580572d8..871e949d 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_stored_search.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_stored_search.vm
@@ -35,7 +35,7 @@ $page.setVlinkColor($ui.vlink)
</TABLE>
</TD>
<TD valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</TD>
</TR>
</TABLE>
diff --git a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_userGroup.vm b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_userGroup.vm
index ebb87ee2..e1a61f84 100644
--- a/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_userGroup.vm
+++ b/src/main/webapp/xdat-templates/screens/XDATScreen_report_xdat_userGroup.vm
@@ -29,7 +29,7 @@ $page.setVlinkColor($ui.vlink)
</TABLE>
</TD>
<TD valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</TD>
</TR>
</TABLE>
diff --git a/src/main/webapp/xnat-templates/navigations/DefaultTop.vm b/src/main/webapp/xnat-templates/navigations/DefaultTop.vm
index 8eebccfb..6b94dca3 100644
--- a/src/main/webapp/xnat-templates/navigations/DefaultTop.vm
+++ b/src/main/webapp/xnat-templates/navigations/DefaultTop.vm
@@ -27,14 +27,14 @@
#if($last_login)
<span id="last_login">Last login: $turbineUtils.formatDateTime($last_login)</span>
#end
- #if($data.getSession().getAttribute("user").getUsername()=="guest")
+ #if($turbineUtils.isGuest($user))
<span id="user_info">Logged in as: <span style="color:red;">Guest</span> <b>|</b> <a href="$link.setPage("Login.vm")">Login</a> <b>|</b> <a href="$link.setPage("Register.vm")">Register</a></span>
<script type="text/javascript">
Cookies.set('guest','true',{path:'/'});
</script>
- #elseif($data.getSession().getAttribute("user").getUsername())
+ #elseif($user.getUsername())
## use default timeout value from web.xml as the starting text in the "#timeLeft" element
- <span id="user_info">Logged in as: <a href="$link.setPage("XDATScreen_UpdateUser.vm")">$!data.getSession().getAttribute("user").getUsername()</a> <b>|</b><span class="tip_icon" style="margin-right:3px;left:2px;top:3px;">
+ <span id="user_info">Logged in as: <a href="$link.setPage("XDATScreen_UpdateUser.vm")">$!user.getUsername()</a> <b>|</b><span class="tip_icon" style="margin-right:3px;left:2px;top:3px;">
<span class="tip shadowed" style="top:20px;z-index:10000;white-space:normal;left:-150px;width:300px;background-color:#ffc;">Your XNAT session will auto-logout after a certain period of inactivity. You can reset that timer without reloading the page by clicking "renew."</span>
</span>
## some kind of default text needs to be there so stuff doesn't shift around before the timer functions kick in
diff --git a/src/main/webapp/xnat-templates/screens/BulkDeleteActionScreen.vm b/src/main/webapp/xnat-templates/screens/BulkDeleteActionScreen.vm
index ba2eca5f..1b15934f 100644
--- a/src/main/webapp/xnat-templates/screens/BulkDeleteActionScreen.vm
+++ b/src/main/webapp/xnat-templates/screens/BulkDeleteActionScreen.vm
@@ -1,6 +1,5 @@
## Screen is for XNAT-2408
<form name="form1" method="post" action="$link.setAction("DeleteProjectData")" ONSUBMIT="return validateForm();">
-#set($user = $data.getSession().getAttribute("user"))
#if($errMsg)
<p>$errMsg</p>
<br>
diff --git a/src/main/webapp/xnat-templates/screens/Configuration.vm b/src/main/webapp/xnat-templates/screens/Configuration.vm
index 98a21e00..f5dc001e 100755
--- a/src/main/webapp/xnat-templates/screens/Configuration.vm
+++ b/src/main/webapp/xnat-templates/screens/Configuration.vm
@@ -1,3 +1,4 @@
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
#* @vtlvariable name="turbineUtils" type="org.nrg.xdat.turbine.utils.TurbineUtils" *#
#* @vtlvariable name="siteConfig" type="java.util.Properties" *#
#* @vtlvariable name="content" type="org.apache.turbine.services.pull.tools.ContentTool" *#
@@ -21,7 +22,7 @@
##<div id="tp_fm" style="display:none"></div>
<div class="edit_header1">Configuration</div><br/>
-#if($data.getSession().getAttribute("user").checkRole("Administrator"))
+#if($turbineUtils.isSiteAdmin($user))
<script type="text/javascript" src="$content.getURI("scripts/yui/build/resize/resize-beta-min.js")"></script>
<script type="text/javascript" src="$content.getURI("scripts/yui/build/layout/layout-beta-min.js")"></script>
<script type="text/javascript" src="$content.getURI("scripts/search/tabManager.js")"></script>
diff --git a/src/main/webapp/xnat-templates/screens/EditArcSpecs.vm b/src/main/webapp/xnat-templates/screens/EditArcSpecs.vm
index 9fbb0e05..b427501d 100644
--- a/src/main/webapp/xnat-templates/screens/EditArcSpecs.vm
+++ b/src/main/webapp/xnat-templates/screens/EditArcSpecs.vm
@@ -1,6 +1,6 @@
#set ($template = $data.getTemplateInfo())
$!template.setLayoutTemplate("NoMenu.vm")
-#if($data.getSession().getAttribute("user").checkRole("Administrator"))
+#if($turbineUtils.isSiteAdmin($user))
<form name="form1" method="post" action="$link.setAction("SetArcSpecs")">
<table>
<TR>
diff --git a/src/main/webapp/xnat-templates/screens/EditScript.vm b/src/main/webapp/xnat-templates/screens/EditScript.vm
index 57b4fc97..adf2bfec 100755
--- a/src/main/webapp/xnat-templates/screens/EditScript.vm
+++ b/src/main/webapp/xnat-templates/screens/EditScript.vm
@@ -57,7 +57,7 @@
<tr>
<td colspan="3">
-#if($data.getSession().getAttribute("user").checkRole("Administrator"))
+#if($turbineUtils.isSiteAdmin($user))
#if($error)
<div id="error" class="error">There was an error, which isn't so good: $error.</div>
#else
diff --git a/src/main/webapp/xnat-templates/screens/PrearchiveMatch.vm b/src/main/webapp/xnat-templates/screens/PrearchiveMatch.vm
index 528e6c0d..4b3e520c 100644
--- a/src/main/webapp/xnat-templates/screens/PrearchiveMatch.vm
+++ b/src/main/webapp/xnat-templates/screens/PrearchiveMatch.vm
@@ -1,5 +1,4 @@
<h3>Pre-archive - Database Matches</h3><br>
-#set($user=$data.getSession().getAttribute("user"))
#set($scanTypes=$data.getSession().getAttribute("userHelper").getQueryResultsAsArrayList("SELECT DISTINCT type FROM xnat_imagescandata ORDER BY type;"))
<form method="post" action="$link.setAction("MatchPrearchiveSessions")">
<input type="hidden" name="project" value="$!project"/>
diff --git a/src/main/webapp/xnat-templates/screens/ProjectSelectBox.vm b/src/main/webapp/xnat-templates/screens/ProjectSelectBox.vm
index 55373980..e4566b6b 100644
--- a/src/main/webapp/xnat-templates/screens/ProjectSelectBox.vm
+++ b/src/main/webapp/xnat-templates/screens/ProjectSelectBox.vm
@@ -1,32 +1,33 @@
#parse("/screens/LoadProjectsJS.vm")
- #set($user=$data.getSession().getAttribute("user"))
-#set($projectMap = $data.getSession().getAttribute("userHelper").getCachedItemValuesHash("xnat:projectData",null,false,"xnat:projectData/ID","xnat:projectData/secondary_ID"))
- #if($project)
+#set($projectMap = $data.getSession().getAttribute("userHelper").getCachedItemValuesHash(
+ "xnat:projectData",null,false,"xnat:projectData/ID","xnat:projectData/secondary_ID"))
+#if($project)
<INPUT type="hidden" name="project" value="$project">
-#if($projectMap.get($project))
-$projectMap.get($project)
+ #if($projectMap.get($project))
+ $projectMap.get($project)
+ #else
+ $project
+ #end
#else
-$project
-#end
-#else
-#set($create_projects= $data.getSession().getAttribute("userHelper").getAllowedValues("xnat:subjectData","xnat:subjectData/project","create"))
+ #set($create_projects= $data.getSession().getAttribute("userHelper").getAllowedValues(
+ "xnat:subjectData","xnat:subjectData/project","create"))
-#if($create_projects.size()>0)
-<SELECT name="project">
-<option value="">(SELECT)</option>
-#foreach($proj in $create_projects)
-#if($projectMap.get($proj))
-<option value="$proj">
-$projectMap.get($proj)
-</option>
-#elseif($proj!="*")
-<option value="$proj">
-$proj
-</option>
-#end
-#end
-</SELECT>
-#else
-ERROR: No $displayManager.getPluralDisplayNameForProject().toLowerCase() exist. Please create a $displayManager.getSingularDisplayNameForProject().toLowerCase() before attempting to insert this item.
-#end
+ #if($create_projects.size()>0)
+ <SELECT name="project">
+ <option value="">(SELECT)</option>
+ #foreach($proj in $create_projects)
+ #if($projectMap.get($proj))
+ <option value="$proj">
+ $projectMap.get($proj)
+ </option>
+ #elseif($proj!="*")
+ <option value="$proj">
+ $proj
+ </option>
+ #end
+ #end
+ </SELECT>
+ #else
+ ERROR: No $displayManager.getPluralDisplayNameForProject().toLowerCase() exist. Please create a $displayManager.getSingularDisplayNameForProject().toLowerCase() before attempting to insert this item.
+ #end
#end
\ No newline at end of file
diff --git a/src/main/webapp/xnat-templates/screens/ProjectSelector.vm b/src/main/webapp/xnat-templates/screens/ProjectSelector.vm
index e16c8a33..b01b6855 100644
--- a/src/main/webapp/xnat-templates/screens/ProjectSelector.vm
+++ b/src/main/webapp/xnat-templates/screens/ProjectSelector.vm
@@ -1,6 +1,4 @@
-##REQUIRES $item=org.nrg.xft.XFTItem $user=org.nrg.xdat.security.XDATUser
<!-- BEGIN ProjectSelector.vm -->
-#set($user=$data.getSession().getAttribute("user"))
#set($create_projects= $data.getSession().getAttribute("userHelper").getAllowedValues("$item.getXSIType()","$item.getXSIType()/project","create"))
#set($projectMap = $data.getSession().getAttribute("userHelper").getCachedItemValuesHash("xnat:projectData","read",false,"xnat:projectData/ID","xnat:projectData/secondary_ID"))
#if($project)
diff --git a/src/main/webapp/xnat-templates/screens/QuickCreateProject.vm b/src/main/webapp/xnat-templates/screens/QuickCreateProject.vm
index 9b7318b7..7d856aea 100644
--- a/src/main/webapp/xnat-templates/screens/QuickCreateProject.vm
+++ b/src/main/webapp/xnat-templates/screens/QuickCreateProject.vm
@@ -27,7 +27,7 @@
<tr>
<td width="200">Manager</td>
<td width="345" valign="top" >
- <input name="manager" type="text" size="40" value="$data.getSession().getAttribute("user").getEmail()"/></td>
+ <input name="manager" type="text" size="40" value="$user.getEmail()"/></td>
</tr>
<tr>
<td valign="top">Primary Investigator</td>
diff --git a/src/main/webapp/xnat-templates/screens/RequestProjectAccessDenialEmail.vm b/src/main/webapp/xnat-templates/screens/RequestProjectAccessDenialEmail.vm
index b41ebc09..f09b10af 100644
--- a/src/main/webapp/xnat-templates/screens/RequestProjectAccessDenialEmail.vm
+++ b/src/main/webapp/xnat-templates/screens/RequestProjectAccessDenialEmail.vm
@@ -5,7 +5,7 @@
<TD><h3>$projectOM.getName() access denied.</h3></TD>
</TR>
<TR><TD>
-We regret to inform you that your request to access the $projectOM.getName() project has been denied. Please consult the project manager for additional details at <A href="mailto:$data.getSession().getAttribute("user").getEmail()">$data.getSession().getAttribute("user").getEmail()</A>.
+We regret to inform you that your request to access the $projectOM.getName() project has been denied. Please consult the project manager for additional details at <A href="mailto:$user.getEmail()">$user.getEmail()</A>.
</TD></TR>
<TR>
<TD><a href="$server/app/template/XDATScreen_report_xnat_projectData.vm/search_element/xnat:projectData/search_field/xnat:projectData.ID/search_value/$projectOM.getId()">Proceed to the site to get started reviewing/using the data.</A></TD>
diff --git a/src/main/webapp/xnat-templates/screens/Scripts.vm b/src/main/webapp/xnat-templates/screens/Scripts.vm
index 9186484e..82bb9c32 100644
--- a/src/main/webapp/xnat-templates/screens/Scripts.vm
+++ b/src/main/webapp/xnat-templates/screens/Scripts.vm
@@ -29,7 +29,7 @@
## <div id="tp_fm" style="display:none"></div>
- #if($data.getSession().getAttribute("user").checkRole("Administrator"))
+ #if($turbineUtils.isSiteAdmin($user))
<style type="text/css">
#automation-events-scripts .yui-content > div { padding: 2px; }
diff --git a/src/main/webapp/xnat-templates/screens/Search.vm b/src/main/webapp/xnat-templates/screens/Search.vm
index 44765a52..9f38970f 100644
--- a/src/main/webapp/xnat-templates/screens/Search.vm
+++ b/src/main/webapp/xnat-templates/screens/Search.vm
@@ -28,7 +28,7 @@
<script type="text/javascript">
var server = "$content.getURI("images")/";
- var user_email = "$data.getSession().getAttribute("user").getEmail()";
+ var user_email = "$user.getEmail()";
//build element_array
window.lTV = new LeftBarTreeView({ treeview: "l_tv", module: "search_tab_module", tabs: "search_tabs" });
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_MyXNAT.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_MyXNAT.vm
index 602ea05d..de26211d 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_MyXNAT.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_MyXNAT.vm
@@ -4,7 +4,7 @@ $page.setTitle("My XNAT")
<DIV class="error">$data.message</DIV><br>
#end
-#if($data.getSession().getAttribute("user").getUsername()!="guest")
+#if(!$turbineUtils.isGuest($user))
#parse("screens/XDATScreen_change_email.vm")
<br /><br />
#parse("screens/XDATScreen_password.vm")
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_UpdateUser.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_UpdateUser.vm
index dc438dc4..56955935 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_UpdateUser.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_UpdateUser.vm
@@ -7,7 +7,7 @@ $page.setTitle("My XNAT")
<DIV class="error">$data.message</DIV><br>
#end
-#if($data.getSession().getAttribute("user").getUsername()!="guest")
+#if(!$turbineUtils.isGuest($user))
#if (!$expired && !$forgot)
#parse("screens/XDATScreen_change_email.vm")
<br /><br />
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_emailSpecifications.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_emailSpecifications.vm
index fe9f75cf..27ffc35f 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_emailSpecifications.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_emailSpecifications.vm
@@ -1,4 +1,4 @@
-#if($data.getSession().getAttribute("user").checkRole("Administrator"))
+#if($turbineUtils.isSiteAdmin($user))
<style type="text/css">
#admin-email-configuration td { padding-top: 15px; padding-bottom: 15px; }
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_report_wrk_workflowData.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_report_wrk_workflowData.vm
index 2530af3a..6abd95b0 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_report_wrk_workflowData.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_report_wrk_workflowData.vm
@@ -50,7 +50,7 @@ $page.setVlinkColor($ui.vlink)
</TD>
<TD valign="top" align="right">
<!-- actions box -->
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
<script type="text/javascript">
// hack to get rid of the "Edit" link on the "Workflow Details" page
jq('#actionsMenu').find('a[href*="/xdataction/edit/"]').closest('li').remove();
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_investigatorData.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_investigatorData.vm
index 4aeb6f00..16db9be2 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_investigatorData.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_investigatorData.vm
@@ -55,7 +55,7 @@ $page.setVlinkColor($ui.vlink)
</table>
</TD>
<TD valign="top" align="right">
- #elementActionsBox($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBox($element $search_field $search_value $user $item)
</TD>
</TR>
</TABLE>
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_projectData.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_projectData.vm
index d4619b26..b505d481 100755
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_projectData.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_report_xnat_projectData.vm
@@ -1,7 +1,7 @@
#set($project=$om)
<script language="javascript">
var server = "$content.getURI("images")/";
- var user_email = "$data.getSession().getAttribute("user").getEmail()";
+ var user_email = "$user.getEmail()";
</script>
#set($subject_count=$project.getSubjectCount())
#if($om.getStudyprotocol().size() >= 1)
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_search_wizard2.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_search_wizard2.vm
index 846f8283..1ae137f8 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_search_wizard2.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_search_wizard2.vm
@@ -1,7 +1,5 @@
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
<!-- start: screens/XDATScreen_search_wizard2.vm -->
-
-#set ($user = $data.getSession().getAttribute("user"))
-
#if(!$user || !$ELEMENT_0)
## If $user or $ELEMENT_O is null, display a message explaining that the search data has expired.
## Fixes XNAT-2195
diff --git a/src/main/webapp/xnat-templates/screens/XDATScreen_validate.vm b/src/main/webapp/xnat-templates/screens/XDATScreen_validate.vm
index 012e7798..8313956e 100644
--- a/src/main/webapp/xnat-templates/screens/XDATScreen_validate.vm
+++ b/src/main/webapp/xnat-templates/screens/XDATScreen_validate.vm
@@ -13,7 +13,7 @@
</TR>
<TR>
<TD align="left">User: </TD>
- <TD align="left">$data.getSession().getAttribute("user").getLastname(), $data.getSession().getAttribute("user").getFirstname() </TD>
+ <TD align="left">$user.getLastname(), $user.getFirstname() </TD>
</TR>
<TR>
<TD align="left">Status :</TD>
diff --git a/src/main/webapp/xnat-templates/screens/project/widgets/project_actions_box.vm b/src/main/webapp/xnat-templates/screens/project/widgets/project_actions_box.vm
index f87c61c0..df3d6f48 100644
--- a/src/main/webapp/xnat-templates/screens/project/widgets/project_actions_box.vm
+++ b/src/main/webapp/xnat-templates/screens/project/widgets/project_actions_box.vm
@@ -7,7 +7,7 @@
</li>
</ul>
<ul>
- #if($data.getSession().getAttribute("user").canEdit("xnat:subjectData/project",$project.getId()))
+ #if($turbineUtils.canEdit($user, "xnat:subjectData/project", $project.getId()))
<li class="yuimenuitem">
<a class="yuimenuitemlabel" href="#insertbox">Add</a>
<DIV ID="insertbox" class="yuimenu">
diff --git a/src/main/webapp/xnat-templates/screens/topBar/Administer.vm b/src/main/webapp/xnat-templates/screens/topBar/Administer.vm
index 86751a04..f7576e0c 100644
--- a/src/main/webapp/xnat-templates/screens/topBar/Administer.vm
+++ b/src/main/webapp/xnat-templates/screens/topBar/Administer.vm
@@ -1,5 +1,5 @@
<!-- Sequence: 40 -->
-#if($data.getSession().getAttribute("user").checkRole("Administrator"))
+#if($turbineUtils.isSiteAdmin($user))
<li><a href="#adminbox">Administer</a>
<ul>
diff --git a/src/main/webapp/xnat-templates/screens/topBar/New/Default.vm b/src/main/webapp/xnat-templates/screens/topBar/New/Default.vm
index 24350a4b..26ee8c3e 100644
--- a/src/main/webapp/xnat-templates/screens/topBar/New/Default.vm
+++ b/src/main/webapp/xnat-templates/screens/topBar/New/Default.vm
@@ -3,9 +3,7 @@
#* @vtlvariable name="data" type="org.apache.turbine.util.RunData" *#
#* @vtlvariable name="link" type="org.apache.turbine.services.pull.tools.TemplateLink" *#
#* @vtlvariable name="displayManager" type="org.nrg.xdat.display.DisplayManager" *#
-#* @vtlvariable name="user" type="org.nrg.xdat.security.XDATUser" *#
#* @vtlvariable name="project" type="org.nrg.xdat.om.XnatProjectdata" *#
-#set($user = $data.getSession().getAttribute("user"))
<!-- Sequence: 10 -->
#if($siteConfig.getProperty("UI.allow-non-admin-project-creation","true").equals("true") || $data.getSession().getAttribute("userHelper").canCreate("xnat:subjectData"))
<li><a href="$link.setPage("XDATScreen_add_xnat_projectData.vm")">$displayManager.getSingularDisplayNameForProject()</a></li>
diff --git a/src/main/webapp/xnat-templates/screens/workflow_alert.vm b/src/main/webapp/xnat-templates/screens/workflow_alert.vm
index 6305c4b2..dd76edf7 100644
--- a/src/main/webapp/xnat-templates/screens/workflow_alert.vm
+++ b/src/main/webapp/xnat-templates/screens/workflow_alert.vm
@@ -13,7 +13,7 @@
<td valign="middle"><b>$workflow.getOnlyPipelineName():</b>
</td><td valign="middle">$!workflow.getStatus()</td><td valign="middle">$!workflow.getPercentagecomplete()</td>
<td valign="middle">Start Time: $!workflow.getLaunchTime()</td>
- #if($data.getSession().getAttribute("user").checkRole("Administrator"))
+ #if($turbineUtils.isSiteAdmin($user))
<td valign="middle">
<a onclick="dismissNotification('$workflow.getWorkflowId()', 'Failed')">[Mark as Failed]</a>
</td>
@@ -52,7 +52,7 @@
<td valign="middle"><b>$workflow.getOnlyPipelineName():</b>
</td><td valign="middle">$!workflow.getStatus()</td><td valign="middle">$!workflow.getPercentagecomplete()</td>
<td valign="middle">Start Time: $!workflow.getLaunchTime()</td>
- #if($data.getSession().getAttribute("user").checkRole("Administrator"))
+ #if($turbineUtils.isSiteAdmin($user))
<td valign="middle">
<a onclick="dismissNotification('$workflow.getWorkflowId()', 'Failed (Dismissed)')">[Dismiss]</a>
</td>
diff --git a/src/main/webapp/xnat-templates/screens/xnat_experimentData/actions.vm b/src/main/webapp/xnat-templates/screens/xnat_experimentData/actions.vm
index 677df52a..9bec83ee 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_experimentData/actions.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_experimentData/actions.vm
@@ -1,7 +1,14 @@
+#* @vtlvariable name="data" type="org.apache.turbine.util.RunData" *#
+#* @vtlvariable name="turbineUtils" type="org.nrg.xdat.turbine.utils.TurbineUtils" *#
+#* @vtlvariable name="page" type="org.apache.turbine.util.template.HtmlPageAttributes" *#
+#* @vtlvariable name="last_login" type="java.util.Date" *#
+#* @vtlvariable name="user" type="org.nrg.xft.security.UserI" *#
+#* @vtlvariable name="ui" type="org.apache.turbine.services.pull.util.UIManager" *#
+#* @vtlvariable name="link" type="org.apache.turbine.services.pull.tools.TemplateLink" *#
<script type="text/javascript" src="$content.getURI("scripts/BasePopup.js")"></script>
<script type="text/javascript" src="$content.getURI("scripts/FileViewer.js")"></script>
- #elementActionsBoxNoEnd($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBoxNoEnd($element $search_field $search_value $user $item)
#addCustomScreens("$element" "actionsBox")
@@ -59,12 +66,12 @@
obj.objectId = "$!om.getId()";
obj.objectType = "experiment";
- #if ($item.canEdit($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canEdit($user, $item))
obj.canEdit = true;
#else
obj.canEdit = false;
#end
- #if ($item.canDelete($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canDelete($user, $item))
obj.canDelete = true;
#else
obj.canDelete = false;
diff --git a/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/actions.vm b/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/actions.vm
index d6c7e586..c6471c78 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/actions.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/actions.vm
@@ -1,4 +1,4 @@
- #elementActionsBoxNoEnd($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBoxNoEnd($element $search_field $search_value $user $item)
#addCustomScreens("$element" "actionsBox")
</DIV>
diff --git a/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/report.vm b/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/report.vm
index 091dd659..7c4ac03e 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/report.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_imageAssessorData/report.vm
@@ -110,12 +110,12 @@ obj.categories={};
obj.categories.ids=[];
#if($item.isActive() || $item.isQuarantine())
- #if ($item.canEdit($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canEdit($user, $item))
obj.canEdit=true;
#else
obj.canEdit=false;
#end
- #if ($item.canDelete($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canDelete($user, $item))
obj.canDelete=true;
#else
obj.canDelete=false;
diff --git a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/actions.vm b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/actions.vm
index f2340493..45385196 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/actions.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/actions.vm
@@ -1,5 +1,5 @@
- #elementActionsBoxNoEnd($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+ #elementActionsBoxNoEnd($element $search_field $search_value $user $item)
#addCustomScreens("$element" "actionsBox")
#parse($turbineUtils.getTemplateName("actionsBoxAddons","$om.getXSIType()",$!project))
</ul>
diff --git a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/edit/edit.vm b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/edit/edit.vm
index a116f64c..f22d6b4c 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/edit/edit.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/edit/edit.vm
@@ -12,7 +12,7 @@
obj.categories={};
obj.categories.ids=[];
obj.canEdit=true;
- #if (!$!item.hasPK() || $item.canDelete($data.getSession().getAttribute("user")))
+ #if (!$!item.hasPK() || $turbineUtils.canDelete($user, $item))
obj.canDelete = true;
#else
obj.canDelete = false;
@@ -40,12 +40,6 @@
window.currentLabel = "$!om.getLabel()";
</script>
-#if($user)
-
-#else
- #set($user=$data.getSession().getAttribute("user"))
-#end
-
<style>
/* custom styles for inline instances */
.yui-skin-sam .yui-ac-input { position: static; width: 20em; vertical-align: middle; }
diff --git a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/xnat_imageSessionData_report.vm b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/xnat_imageSessionData_report.vm
index b0f6c8cc..b9f4d182 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/xnat_imageSessionData_report.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_imageSessionData/xnat_imageSessionData_report.vm
@@ -162,12 +162,12 @@
obj.categories.ids=[];
#if($item.isActive() || $item.isQuarantine())
- #if ($item.canEdit($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canEdit($user, $item))
obj.canEdit=true;
#else
obj.canEdit=false;
#end
- #if ($item.canDelete($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canDelete($user, $item))
obj.canDelete=true;
#else
obj.canDelete=false;
diff --git a/src/main/webapp/xnat-templates/screens/xnat_mrSessionData_search.vm b/src/main/webapp/xnat-templates/screens/xnat_mrSessionData_search.vm
index 0a4462aa..04d18ab4 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_mrSessionData_search.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_mrSessionData_search.vm
@@ -57,7 +57,6 @@
<!-- session fields -->
<h4>$displayManager.getSingularDisplayNameForImageSession() Fields</h4>
- #set($user=$data.getSession().getAttribute("user"))
<div class="search-item">
<h5>$displayManager.getSingularDisplayNameForImageSession() ID:</h5>
diff --git a/src/main/webapp/xnat-templates/screens/xnat_projectData/actionsBox/ManageFiles.vm b/src/main/webapp/xnat-templates/screens/xnat_projectData/actionsBox/ManageFiles.vm
index 89856bc5..3bc74200 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_projectData/actionsBox/ManageFiles.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_projectData/actionsBox/ManageFiles.vm
@@ -18,12 +18,12 @@
obj.objectId = "$!om.getId()";
obj.objectType = "project";
- #if ($item.canEdit($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canEdit($user, $item))
obj.canEdit=true;
#else
obj.canEdit=false;
#end
- #if ($item.canDelete($data.getSession().getAttribute("user")))
+ #if ($turbineUtils.canDelete($user, $item))
obj.canDelete=true;
#else
obj.canDelete=false;
diff --git a/src/main/webapp/xnat-templates/screens/xnat_projectData/xnat_projectData_summary_management.vm b/src/main/webapp/xnat-templates/screens/xnat_projectData/xnat_projectData_summary_management.vm
index bd4ee7ea..7e8f2d91 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_projectData/xnat_projectData_summary_management.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_projectData/xnat_projectData_summary_management.vm
@@ -3,7 +3,7 @@
#* @vtlvariable name="turbineUtils" type="org.nrg.xdat.turbine.utils.TurbineUtils" *#
#* @vtlvariable name="content" type="org.apache.turbine.services.pull.tools.ContentTool" *#
#set($showUserList = !$turbineUtils.toBoolean($siteConfig.getProperty(
- "restrictUserListAccessToAdmins", "true")) || $data.getSession().getAttribute("user").checkRole("Administrator"))
+ "restrictUserListAccessToAdmins", "true")) || $turbineUtils.isSiteAdmin($user))
<script type="text/javascript" src="$content.getURI("scripts/project/userMgmt.js")"></script>
<table class="mgmt_container">
diff --git a/src/main/webapp/xnat-templates/screens/xnat_qcManualAssessorData/edit.vm b/src/main/webapp/xnat-templates/screens/xnat_qcManualAssessorData/edit.vm
index 131cf36c..27125b6c 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_qcManualAssessorData/edit.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_qcManualAssessorData/edit.vm
@@ -66,7 +66,7 @@ $page.setVlinkColor($ui.vlink)
<td>
<div id="project_placeholder">$!om.getProjectDisplayID()</div>
</td>
- #if($!om.getPass() && $data.getSession().getAttribute("user").canDelete($om.getItem()))
+ #if($!om.getPass() && $turbineUtils.canDelete($user, $om.getItem()))
<td>
<a onclick="modifyProject();"><img border="0" src="$content.getURI("images/e.gif")"/></a>
<input type="hidden" id="$om.getXSIType()/project" name="$om.getXSIType()/project" value="$!om.getProject()"/>
diff --git a/src/main/webapp/xnat-templates/screens/xnat_subjectData/actions.vm b/src/main/webapp/xnat-templates/screens/xnat_subjectData/actions.vm
index 5b16f13d..9082e3aa 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_subjectData/actions.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_subjectData/actions.vm
@@ -1,4 +1,4 @@
-#elementActionsBoxNoEnd($element $search_field $search_value $data.getSession().getAttribute("user") $item)
+#elementActionsBoxNoEnd($element $search_field $search_value $user $item)
#addCustomScreens("$element" "actionsBox")
#parse($turbineUtils.getTemplateName("actionsBoxAddons","xnat:subjectData",$!project))
diff --git a/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_ProjectSelector.vm b/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_ProjectSelector.vm
index d65dab24..db378710 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_ProjectSelector.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_ProjectSelector.vm
@@ -1,6 +1,4 @@
-##REQUIRES $item=org.nrg.xft.XFTItem $user=org.nrg.xdat.security.XDATUser
<!-- BEGIN ProjectSelector.vm -->
-#set($user=$data.getSession().getAttribute("user"))
#set($create_projects= $data.getSession().getAttribute("userHelper").getAllowedValues("$item.getXSIType()","$item.getXSIType()/project","create"))
#set($projectMap = $data.getSession().getAttribute("userHelper").getCachedItemValuesHash("xnat:projectData","read",false,"xnat:projectData/ID","xnat:projectData/secondary_ID"))
#if($project)
diff --git a/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_resources.vm b/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_resources.vm
index feb7ac33..cd9994e0 100644
--- a/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_resources.vm
+++ b/src/main/webapp/xnat-templates/screens/xnat_subjectData/xnat_subjectData_resources.vm
@@ -20,16 +20,17 @@
obj.objectId = "$!om.getId()";
obj.objectType = "subject";
- #if ($item.canEdit($data.getSession().getAttribute("user")))
- obj.canEdit=true;
- #else
- obj.canEdit=false;
- #end
- #if ($item.canDelete($data.getSession().getAttribute("user")))
- obj.canDelete=true;
- #else
- obj.canDelete=false;
- #end
+ #if ($turbineUtils.canEdit($user, $item))
+ obj.canEdit=true;
+ #else
+ obj.canEdit=false;
+ #end
+ #if ($turbineUtils.canEdit($user, $item))
+ obj.canDelete=true;
+ #else
+ obj.canDelete=false;
+ #end
+
obj.catalogs={};
obj.catalogs.ids=[];
window.viewer=new FileViewer(obj);
--
GitLab