From ed57f849f204eee0a3074c1acb7c290ef20ada3a Mon Sep 17 00:00:00 2001 From: =?utf8?q?David=20=E2=80=98Bombe=E2=80=99=20Roden?= Date: Sat, 7 May 2011 02:13:38 +0200 Subject: [PATCH] Implement full access requirement in all pages. --- .../java/net/pterodactylus/sone/web/CreateSonePage.java | 3 +++ src/main/java/net/pterodactylus/sone/web/LoginPage.java | 3 +++ src/main/java/net/pterodactylus/sone/web/LogoutPage.java | 3 +++ .../net/pterodactylus/sone/web/SoneTemplatePage.java | 11 +++++++++++ .../java/net/pterodactylus/sone/web/ajax/JsonPage.java | 3 +++ .../pterodactylus/sone/web/page/FreenetTemplatePage.java | 16 +++++++++++++++- 6 files changed, 38 insertions(+), 1 deletion(-) diff --git a/src/main/java/net/pterodactylus/sone/web/CreateSonePage.java b/src/main/java/net/pterodactylus/sone/web/CreateSonePage.java index 2e2fc41..3f940a3 100644 --- a/src/main/java/net/pterodactylus/sone/web/CreateSonePage.java +++ b/src/main/java/net/pterodactylus/sone/web/CreateSonePage.java @@ -129,6 +129,9 @@ public class CreateSonePage extends SoneTemplatePage { */ @Override public boolean isEnabled(ToadletContext toadletContext) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !toadletContext.isAllowedFullAccess()) { + return false; + } return (getCurrentSone(toadletContext, false) == null) || (webInterface.getCore().getLocalSones().size() == 1); } diff --git a/src/main/java/net/pterodactylus/sone/web/LoginPage.java b/src/main/java/net/pterodactylus/sone/web/LoginPage.java index 321193b..8e612ea 100644 --- a/src/main/java/net/pterodactylus/sone/web/LoginPage.java +++ b/src/main/java/net/pterodactylus/sone/web/LoginPage.java @@ -103,6 +103,9 @@ public class LoginPage extends SoneTemplatePage { */ @Override public boolean isEnabled(ToadletContext toadletContext) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !toadletContext.isAllowedFullAccess()) { + return false; + } return getCurrentSone(toadletContext, false) == null; } diff --git a/src/main/java/net/pterodactylus/sone/web/LogoutPage.java b/src/main/java/net/pterodactylus/sone/web/LogoutPage.java index 4510bc1..7cd0587 100644 --- a/src/main/java/net/pterodactylus/sone/web/LogoutPage.java +++ b/src/main/java/net/pterodactylus/sone/web/LogoutPage.java @@ -57,6 +57,9 @@ public class LogoutPage extends SoneTemplatePage { */ @Override public boolean isEnabled(ToadletContext toadletContext) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !toadletContext.isAllowedFullAccess()) { + return false; + } return (getCurrentSone(toadletContext, false) != null) && (webInterface.getCore().getLocalSones().size() != 1); } diff --git a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java index 7392de4..42c0129 100644 --- a/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/SoneTemplatePage.java @@ -296,7 +296,18 @@ public class SoneTemplatePage extends FreenetTemplatePage { * {@inheritDoc} */ @Override + protected boolean isFullAccessOnly() { + return webInterface.getCore().getPreferences().isRequireFullAccess(); + } + + /** + * {@inheritDoc} + */ + @Override public boolean isEnabled(ToadletContext toadletContext) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !toadletContext.isAllowedFullAccess()) { + return false; + } if (requiresLogin()) { return getCurrentSone(toadletContext, false) != null; } diff --git a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java index 8d48bce..893b7ae 100644 --- a/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java +++ b/src/main/java/net/pterodactylus/sone/web/ajax/JsonPage.java @@ -188,6 +188,9 @@ public abstract class JsonPage implements Page { */ @Override public Response handleRequest(Request request) { + if (webInterface.getCore().getPreferences().isRequireFullAccess() && !request.getToadletContext().isAllowedFullAccess()) { + return new Response(401, "Not authorized", "application/json", JsonUtils.format(new JsonObject().put("success", false).put("error", "auth-required"))); + } if (needsFormPassword()) { String formPassword = request.getHttpRequest().getParam("formPassword"); if (!webInterface.getFormPassword().equals(formPassword)) { diff --git a/src/main/java/net/pterodactylus/sone/web/page/FreenetTemplatePage.java b/src/main/java/net/pterodactylus/sone/web/page/FreenetTemplatePage.java index 6e7812f..5831a1b 100644 --- a/src/main/java/net/pterodactylus/sone/web/page/FreenetTemplatePage.java +++ b/src/main/java/net/pterodactylus/sone/web/page/FreenetTemplatePage.java @@ -109,6 +109,9 @@ public class FreenetTemplatePage implements Page, LinkEnabledCallback { return new RedirectResponse(redirectTarget); } + if (isFullAccessOnly() && !request.getToadletContext().isAllowedFullAccess()) { + return new Response(401, "Not authorized", "text/html", "Not authorized"); + } ToadletContext toadletContext = request.getToadletContext(); if (request.getMethod() == Method.POST) { /* require form password. */ @@ -227,6 +230,17 @@ public class FreenetTemplatePage implements Page, LinkEnabledCallback { return Collections.emptyList(); } + /** + * Returns whether this page should only be allowed for requests from hosts + * with full access. + * + * @return {@code true} if this page should only be allowed for hosts with + * full access, {@code false} to allow this page for any host + */ + protected boolean isFullAccessOnly() { + return false; + } + // // INTERFACE LinkEnabledCallback // @@ -236,7 +250,7 @@ public class FreenetTemplatePage implements Page, LinkEnabledCallback { */ @Override public boolean isEnabled(ToadletContext toadletContext) { - return true; + return !isFullAccessOnly(); } /** -- 2.7.4