LutherCS · couger01 · Feb 15, 2018
diff --git a/src/main/java/com/apc/luthercourseproposal/ApcController.java b/src/main/java/com/apc/luthercourseproposal/ApcController.java
@@ -92,6 +92,7 @@ public class ApcController extends HttpServlet {
     private static final String ROLE_ADMIN = "apc_development";
     private static final String ROLE_FACULTY = "Faculty";
     private static final String ROLE_REGISTRAR = "Registrars_Office";
+    private static final String ROLE_STAFF = "apc_staff";
 
     /**
      * Handles the HTTP requests. Switches based on method type, and handles
@@ -152,6 +153,9 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
             if (request.isUserInRole(ROLE_FACULTY)) {
                 roleBuilder.add(ROLE_FACULTY);
             }
+            if (request.isUserInRole(ROLE_STAFF)) {
+                roleBuilder.add(ROLE_STAFF);
+            }
             JsonArray roles = roleBuilder.build();
 
             ServletContext sc = getServletContext();
@@ -286,11 +290,14 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
             if (request.isUserInRole(ROLE_FACULTY)) {
                 roles.add(ROLE_FACULTY);
             }
+            if (request.isUserInRole(ROLE_STAFF)) {
+                roles.add(ROLE_STAFF);
+            }
 
             switch(data.getString("q")){
                 case "create":               
                     try{
-                        if (!roles.contains(ROLE_ADMIN) && !roles.contains(ROLE_FACULTY)) {
+                        if (!roles.contains(ROLE_ADMIN) && !roles.contains(ROLE_FACULTY) && !roles.contains(ROLE_STAFF)) {
                             throw new Exception("User is not allowed to create a proposal - contact admin for priveleges.");
                         }
                         resp = this.dao.createProposal(data.getJsonObject("d"));
@@ -313,7 +320,7 @@ protected void doPost(HttpServletRequest request, HttpServletResponse response)
                     break;
                 case "save":
                     try{
-                        if (!roles.contains(ROLE_ADMIN) && !roles.contains(ROLE_FACULTY)) {
+                        if (!roles.contains(ROLE_ADMIN) && !roles.contains(ROLE_FACULTY) && !roles.contains(ROLE_STAFF)) {
                             throw new Exception("User is not allowed to update proposals - contact admin for priveleges.");
                         }
                         resp = this.dao.saveProposal(data.getJsonObject("d"));

diff --git a/src/main/webapp/META-INF/web.xml b/src/main/webapp/META-INF/web.xml
@@ -32,6 +32,7 @@
             <role-name>apc_development</role-name>
             <role-name>Faculty</role-name>
             <role-name>Registrars_Office</role-name>
+            <role-name>apc_staff</role-name>
         </auth-constraint>
     </security-constraint>
 
@@ -44,6 +45,9 @@
     <security-role>
             <role-name>Registrars_Office</role-name>
     </security-role>
+    <security-role>
+            <role-name>apc_staff</role-name>
+    </security-role>
 
     <login-config>
         <auth-method>FORM</auth-method>

diff --git a/src/main/webapp/templates/dashboard.html b/src/main/webapp/templates/dashboard.html
@@ -1,6 +1,6 @@
 <div class="dashboard container-fluid">
     <div class="col-md-6">
-        <div ng-hide="user.role.length ==1 && user.role.indexOf( 'Registrars_Office' ) != -1" class="container-fluid jumbotron">
+        <div ng-hide="user.role.length == 1 && user.role.indexOf( 'Registrars_Office' ) != -1" class="container-fluid jumbotron">
             <course-list data='myChanges' user='user' courses="courses" proposals="allProposals"></course-list>
         </div>
         <div ng-hide="user.role.length ==1 && user.role.indexOf( 'Registrars_Office' ) != -1" class="container-fluid jumbotron">