From 4ebfb22791223df32ec6e784606dbd10b107edd5 Mon Sep 17 00:00:00 2001
From: Moss <htmoss2@fa20-cs427-075.cs.illinois.edu>
Date: Mon, 30 Nov 2020 15:57:32 -0600
Subject: [PATCH] [security] allowed for admin and tester to access
 viewTransationLogs.jsp from their respective menu pages

---
 iTrust/WebRoot/WEB-INF/web.xml      | 2 ++
 iTrust/WebRoot/auth/admin/menu.jsp  | 1 +
 iTrust/WebRoot/auth/tester/menu.jsp | 1 +
 3 files changed, 4 insertions(+)

diff --git a/iTrust/WebRoot/WEB-INF/web.xml b/iTrust/WebRoot/WEB-INF/web.xml
index aa258d6..7966ebc 100644
--- a/iTrust/WebRoot/WEB-INF/web.xml
+++ b/iTrust/WebRoot/WEB-INF/web.xml
@@ -246,10 +246,12 @@
 			</web-resource-name>
 			<!-- Define the context-relative URL(s) to be protected -->
 			<url-pattern>/auth/admin/*</url-pattern>
+			<url-pattern>/auth/tester/*</url-pattern>
 		</web-resource-collection>
 		<auth-constraint>
 			<!-- Anyone with one of the listed roles may access this area -->
 			<role-name>admin</role-name>
+			<role-name>tester</role-name>
 		</auth-constraint>
 	</security-constraint>
 
diff --git a/iTrust/WebRoot/auth/admin/menu.jsp b/iTrust/WebRoot/auth/admin/menu.jsp
index 8ceae79..72d4d82 100644
--- a/iTrust/WebRoot/auth/admin/menu.jsp
+++ b/iTrust/WebRoot/auth/admin/menu.jsp
@@ -44,6 +44,7 @@
 			<li><a href="/iTrust/auth/admin/sessionTimeout.jsp">Change Global Session Timeout </a></li>
 			<li><a href="/iTrust/auth/surveyResults.jsp">Satisfaction Survey Results</a></li>
 			<li><a href="/iTrust/auth/admin/activatePatient.jsp">Activate Patient</a></li>
+			<li><a href="/iTrust/auth/admin/viewTransactionLogs.jsp">View Transaction Logs</a></li>
 		</ul>
 	</div>
 </div>
\ No newline at end of file
diff --git a/iTrust/WebRoot/auth/tester/menu.jsp b/iTrust/WebRoot/auth/tester/menu.jsp
index 4333be9..f243696 100644
--- a/iTrust/WebRoot/auth/tester/menu.jsp
+++ b/iTrust/WebRoot/auth/tester/menu.jsp
@@ -5,6 +5,7 @@
 	<div class="panel-body" id="view-menu">
 		<ul class="nav nav-sidebar">
 			<li><a href="/iTrust/auth/tester/home.jsp">Operational Profile</a></li>
+			<li><a href="/iTrust/auth/admin/viewTransactionLogs.jsp">View Transaction Logs</a></li>
 		</ul>
 	</div>
 </div>
\ No newline at end of file
-- 
GitLab