SAK-38431: Add role checks and redirects to all gradebook pages

Author: plukasew

gradebookng/tool/src/java/org/sakaiproject/gradebookng/GradebookNgApplication.java

@@ -26,6 +26,7 @@
 import org.apache.wicket.spring.injection.annot.SpringComponentInjector;
 
 import org.sakaiproject.gradebookng.framework.GradebookNgStringResourceLoader;
+import org.sakaiproject.gradebookng.tool.pages.AccessDeniedPage;
 import org.sakaiproject.gradebookng.tool.pages.ErrorPage;
 import org.sakaiproject.gradebookng.tool.pages.GradebookPage;
 import org.sakaiproject.gradebookng.tool.pages.ImportExportPage;
@@ -51,6 +52,8 @@ public void init() {
 		mountPage("/importexport", ImportExportPage.class);
 		mountPage("/permissions", PermissionsPage.class);
 		mountPage("/gradebook", StudentPage.class);
+		mountPage("/accessdenied", AccessDeniedPage.class);
+		mountPage("/error", ErrorPage.class);
 
 		// remove the version number from the URL so that browser refreshes re-render the page
 		getRequestCycleSettings().setRenderStrategy(RenderStrategy.ONE_PASS_RENDER);

gradebookng/tool/src/java/org/sakaiproject/gradebookng/GradebookNgApplication.properties

@@ -316,8 +316,6 @@ importExport.export.csv.headers.example.ignore = This column will be ignored
 # Student ID and Student Name are not here because they are a special string. 
 # To i18n these, the import helper would need to be made to look for columns by position instead of by column title
 
-role.none=You do not have permission to view the gradebook.
-
 assignment.option.edit = Edit Item Details
 assignment.option.viewgradestatistics = View Grade Statistics
 assignment.option.moveleft = Move Left

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/BasePage.java

@@ -79,6 +79,7 @@ public BasePage() {
 
 		// setup some data that can be shared across all pages
 		this.currentUserUuid = this.businessService.getCurrentUser().getId();
+		role = GbRole.NONE;
 		try {
 			this.role = this.businessService.getUserRole();
 		} catch (final GbAccessDeniedException e) {
@@ -229,7 +230,7 @@ public void renderHead(final IHeaderResponse response) {
 	/**
 	 * Helper to disable a link. Add the Sakai class 'current'.
 	 */
-	protected void disableLink(final Link<Void> l) {
+	protected final void disableLink(final Link<Void> l) {
 		l.add(new AttributeAppender("class", new Model<String>("current"), " "));
 		l.replace(new Label("screenreaderlabel", getString("link.screenreader.tabselected")));
 		l.setEnabled(false);
@@ -280,7 +281,7 @@ public void setUserPreferredLocale() {
 	 * 
 	 * @param message the message
 	 */
-	public void sendToAccessDeniedPage(final String message) {
+	public final void sendToAccessDeniedPage(final String message) {
 		final PageParameters params = new PageParameters();
 		params.add("message", message);
 		log.debug("Redirecting to AccessDeniedPage: " + message);
@@ -290,4 +291,24 @@ public void sendToAccessDeniedPage(final String message) {
 	public GbRole getCurrentRole() {
 		return BasePage.this.role;
 	}
+
+	/**
+	 * Performs role checks for instructor-only pages and redirects users to appropriate pages based on their role.
+	 * No role -> AccessDeniedPage. Student -> StudentPage. TA -> GradebookPage.
+	 */
+	protected final void defaultRoleChecksForInstructorOnlyPage()
+	{
+		switch (role)
+		{
+			case NONE:
+				sendToAccessDeniedPage(getString("error.role"));
+				break;
+			case STUDENT:
+				throw new RestartResponseException(StudentPage.class);
+			case TA:
+				throw new RestartResponseException(GradebookPage.class);
+			default:
+				break;
+		}
+	}
 }

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/GradebookPage.java

@@ -119,7 +119,7 @@ public class GradebookPage extends BasePage {
 	public GradebookPage() {
 		disableLink(this.gradebookPageLink);
 
-		if (this.role == null) {
+		if (this.role == GbRole.NONE) {
 			sendToAccessDeniedPage(getString("error.role"));
 		}
 

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/ImportExportPage.java

@@ -15,7 +15,6 @@
  */
 package org.sakaiproject.gradebookng.tool.pages;
 
-import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.feedback.ExactLevelFeedbackMessageFilter;
 import org.apache.wicket.feedback.FeedbackMessage;
@@ -24,10 +23,8 @@
 import org.apache.wicket.markup.head.IHeaderResponse;
 import org.apache.wicket.markup.head.JavaScriptHeaderItem;
 import org.apache.wicket.markup.html.WebMarkupContainer;
-import org.apache.wicket.request.mapper.parameter.PageParameters;
 
 import org.sakaiproject.component.cover.ServerConfigurationService;
-import org.sakaiproject.gradebookng.business.GbRole;
 import org.sakaiproject.gradebookng.tool.component.GbFeedbackPanel;
 import org.sakaiproject.gradebookng.tool.panels.importExport.GradeImportUploadStep;
 
@@ -56,18 +53,10 @@ public boolean accept(FeedbackMessage message) {
 	public final GbFeedbackPanel errorFeedbackPanel = (GbFeedbackPanel) new GbFeedbackPanel("errorFeedbackPanel").setFilter(new ExactLevelFeedbackMessageFilter(FeedbackMessage.ERROR));
 
 	public ImportExportPage() {
-		disableLink(this.importExportPageLink);
 
-		if (role == GbRole.NONE) {
-			final PageParameters params = new PageParameters();
-			params.add("message", getString("role.none"));
-			throw new RestartResponseException(AccessDeniedPage.class, params);
-		}
+		defaultRoleChecksForInstructorOnlyPage();
 
-		// students cannot access this page; redirect to the StudentPage
-		if (this.role == GbRole.STUDENT) {
-			throw new RestartResponseException(StudentPage.class);
-		}
+		disableLink(this.importExportPageLink);
 
 		container = new WebMarkupContainer("gradebookImportExportContainer");
 		container.setOutputMarkupId(true);

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/PermissionsPage.java

@@ -72,6 +72,9 @@ public class PermissionsPage extends BasePage {
 	private final Long ALL_CATEGORIES = new Long(-1);
 
 	public PermissionsPage() {
+
+		defaultRoleChecksForInstructorOnlyPage();
+
 		disableLink(this.permissionsPageLink);
 	}
 

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/SettingsPage.java

@@ -66,18 +66,22 @@ public class SettingsPage extends BasePage {
 	SettingsGradingSchemaPanel gradingSchemaPanel;
 
 	public SettingsPage() {
+
+		defaultRoleChecksForInstructorOnlyPage();
+
 		disableLink(this.settingsPageLink);
 		setShowGradeEntryToNonAdmins();
 	}
 
 	public SettingsPage(final boolean gradeEntryExpanded, final boolean gradeReleaseExpanded,
 			final boolean categoryExpanded, final boolean gradingSchemaExpanded) {
-		disableLink(this.settingsPageLink);
+
+		this();
+
 		this.gradeEntryExpanded = gradeEntryExpanded;
 		this.gradeReleaseExpanded = gradeReleaseExpanded;
 		this.categoryExpanded = categoryExpanded;
 		this.gradingSchemaExpanded = gradingSchemaExpanded;
-		setShowGradeEntryToNonAdmins();
 	}
 
 	private void setShowGradeEntryToNonAdmins() {

gradebookng/tool/src/java/org/sakaiproject/gradebookng/tool/pages/StudentPage.java

@@ -25,6 +25,7 @@
 import org.apache.wicket.model.Model;
 import org.apache.wicket.model.StringResourceModel;
 import org.sakaiproject.component.cover.ServerConfigurationService;
+import org.sakaiproject.gradebookng.business.GbRole;
 import org.sakaiproject.gradebookng.tool.panels.StudentGradeSummaryGradesPanel;
 import org.sakaiproject.user.api.User;
 
@@ -41,6 +42,10 @@ public class StudentPage extends BasePage {
 
 	public StudentPage() {
 
+		if (role == GbRole.NONE) {
+			sendToAccessDeniedPage(getString("error.role"));
+		}
+
 		final User u = this.businessService.getCurrentUser();
 
 		final Map<String, Object> userData = new HashMap<>();