Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Setting to configure whether editor users who are metadata owners can edit their metadata when they do not have editing privileges for the metadata. #8631

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Setting to configure whether editor users who are metadata owners can edit their metadata when they do not have editing privileges for the metadata. #8631

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 24 additions & 11 deletions core/src/main/java/org/fao/geonet/kernel/AccessManager.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
//=============================================================================
//=== Copyright (C) 2001-2007 Food and Agriculture Organization of the
//=== Copyright (C) 2001-2025 Food and Agriculture Organization of the
//=== United Nations (FAO-UN), United Nations World Food Programme (WFP)
//=== and United Nations Environment Programme (UNEP)
//===
Expand Down Expand Up @@ -46,6 +46,7 @@

import static org.fao.geonet.kernel.setting.Settings.SYSTEM_INTRANET_IP_SEPARATOR;
import static org.fao.geonet.kernel.setting.Settings.SYSTEM_METADATAPRIVS_PUBLICATIONBYGROUPOWNERONLY;
import static org.fao.geonet.kernel.setting.Settings.SYSTEM_METADATAPRIVS_USER_ALWAYS_CAN_EDIT_OWNED_METADATA;
import static org.fao.geonet.repository.specification.OperationAllowedSpecs.hasMetadataId;
import static org.fao.geonet.repository.specification.OperationAllowedSpecs.hasOperation;
import static org.springframework.data.jpa.domain.Specification.where;
Expand Down Expand Up @@ -114,7 +115,7 @@ public Set<Operation> getOperations(ServiceContext context, String mdId, String
}

public Set<String> getOperationNames(ServiceContext context, String mdId, String ip, Collection<Operation> operations) throws Exception {
Set<String> names = new HashSet<String>();
Set<String> names = new HashSet<>();

for (Operation op : getOperations(context, mdId, ip, operations)) {
names.add(op.getName());
Expand All @@ -127,7 +128,7 @@ public Set<String> getOperationNames(ServiceContext context, String mdId, String
* Returns all operations permitted by the user on a particular metadata.
*/
public Set<Operation> getAllOperations(ServiceContext context, String mdId, String ip) throws Exception {
HashSet<Operation> operations = new HashSet<Operation>();
HashSet<Operation> operations = new HashSet<>();
Set<Integer> groups = getUserGroups(context.getUserSession(),
ip, false);
for (OperationAllowed opAllow : operationAllowedRepository.findByMetadataId(mdId)) {
Expand All @@ -146,7 +147,7 @@ public Set<Operation> getAllOperations(ServiceContext context, String mdId, Stri
public Set<Integer> getUserGroups(UserSession usrSess, String ip, boolean editingGroupsOnly) throws Exception {
final ConfigurableApplicationContext applicationContext = ApplicationContextHolder.get();

Set<Integer> hs = new HashSet<Integer>();
Set<Integer> hs = new HashSet<>();

// add All (1) network group
hs.add(ReservedGroup.all.getId());
Expand Down Expand Up @@ -193,7 +194,7 @@ public static List<Integer> getGroups(UserSession session, Profile profile) thro
}

public Set<Integer> getReviewerGroups(UserSession usrSess) throws Exception {
Set<Integer> hs = new HashSet<Integer>();
Set<Integer> hs = new HashSet<>();

// get other groups
if ((usrSess != null) && usrSess.isAuthenticated()) {
Expand All @@ -214,7 +215,7 @@ public Set<Integer> getReviewerGroups(UserSession usrSess) throws Exception {
* @param userId the id of the user
*/
public Set<Integer> getVisibleGroups(final int userId) throws Exception {
Set<Integer> hs = new HashSet<Integer>();
Set<Integer> hs = new HashSet<>();

Optional<User> user = userRepository.findById(userId);

Expand Down Expand Up @@ -243,10 +244,22 @@ public Set<Integer> getVisibleGroups(final int userId) throws Exception {
* <li>the user has edit rights over the metadata</li>
* </ul>
*
* If the setting to allow edit always to the metadata the owner (independently of the edit privilege in
* the group owner of the metadata) is disabled, only the edit privileges are checked, except for Administrators.
*
* @param id The metadata internal identifier
*/
public boolean canEdit(final ServiceContext context, final String id) throws Exception {
return isOwner(context, id) || hasEditPermission(context, id);
UserSession us = context.getUserSession();
final Profile profile = us.getProfile();

if ((profile == Profile.Administrator) || settingManager.getValueAsBool(SYSTEM_METADATAPRIVS_USER_ALWAYS_CAN_EDIT_OWNED_METADATA, true)) {
return isOwner(context, id) || hasEditPermission(context, id);
} else {
// Ownership is not checked.. If the user is Editor and is the metadata owner,
// can only edit the metadata if has edit privileges for the metadata.
return hasEditPermission(context, id);
}
}

/**
Expand Down Expand Up @@ -429,9 +442,9 @@ public boolean hasReviewPermission(final ServiceContext context, final String id
return hasReviewPermission(context, info);
}

private String GROUPOWNERONLY_STRATEGY =
private static final String GROUPOWNERONLY_STRATEGY =
"api.metadata.share.strategy.groupOwnerOnly";
private String REVIEWERINGROUP_STRATEGY =
private static final String REVIEWERINGROUP_STRATEGY =
"api.metadata.share.strategy.reviewerInGroup";

public String getReviewerRule() {
Expand Down Expand Up @@ -497,9 +510,9 @@ private boolean hasEditingPermissionWithProfile(final ServiceContext context, fi
return false;
}

Specification spec = where(UserGroupSpecs.hasProfile(profile)).and(UserGroupSpecs.hasUserId(us.getUserIdAsInt()));
Specification<UserGroup> spec = where(UserGroupSpecs.hasProfile(profile)).and(UserGroupSpecs.hasUserId(us.getUserIdAsInt()));

List<Integer> opAlloweds = new ArrayList<Integer>();
List<Integer> opAlloweds = new ArrayList<>();
for (OperationAllowed opAllowed : allOpAlloweds) {
opAlloweds.add(opAllowed.getId().getGroupId());
}
Expand Down
1 change: 1 addition & 0 deletions core/src/main/java/org/fao/geonet/kernel/setting/Settings.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ public class Settings {
public static final String SYSTEM_METADATAPRIVS_PUBLICATIONNOTIFICATION_EMAILS = "system/metadataprivs/publication/notificationEmails";
public static final String SYSTEM_METADATAPRIVS_PUBLICATION_NOTIFICATIONLEVEL = "system/metadataprivs/publication/notificationLevel";
public static final String SYSTEM_METADATAPRIVS_PUBLICATION_NOTIFICATIONGROUPS = "system/metadataprivs/publication/notificationGroups";
public static final String SYSTEM_METADATAPRIVS_USER_ALWAYS_CAN_EDIT_OWNED_METADATA = "system/metadataprivs/userAlwaysCanEditOwnedMetadata";
public static final String SYSTEM_INSPIRE_ATOM_PROTOCOL = "system/inspire/atomProtocol";
public static final String SYSTEM_HARVESTING_MAIL_RECIPIENT = "system/harvesting/mail/recipient";
public static final String SYSTEM_HARVESTING_MAIL_LEVEL3 = "system/harvesting/mail/level3";
Expand Down
Loading