diff --git a/annotation-service/annotation-web/src/main/resources/config/permissions.yml b/annotation-service/annotation-web/src/main/resources/config/permissions.yml index 870709c9c..8c08495a3 100644 --- a/annotation-service/annotation-web/src/main/resources/config/permissions.yml +++ b/annotation-service/annotation-web/src/main/resources/config/permissions.yml @@ -4,27 +4,24 @@ permissions: roles: - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor + - TenantPlanManager + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false # Tenants BrowseTenant: - roles: - - Admin + roles: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenant: - roles: - - Admin + roles: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false allowAuthenticated: false DeleteTenant: - roles: - - Admin + roles: [ ] claims: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -32,6 +29,7 @@ permissions: AllowNoTenant: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -39,19 +37,17 @@ permissions: # Users BrowseUser: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: true allowAuthenticated: false EditUser: - roles: - - TenantAdmin + roles: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false allowAuthenticated: false DeleteUser: - roles: - - TenantAdmin + roles: [ ] claims: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -59,6 +55,10 @@ permissions: #Annotation BrowseAnnotation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin entityAffiliated: true clients: [ ] @@ -66,6 +66,10 @@ permissions: allowAuthenticated: false NewAnnotation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin entityAffiliated: true clients: [ ] @@ -73,12 +77,20 @@ permissions: allowAuthenticated: false EditAnnotation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: true allowAuthenticated: false DeleteAnnotation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin entityAffiliated: false clients: [ ] @@ -87,12 +99,14 @@ permissions: #Tenant Configuration BrowseTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false diff --git a/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java b/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java index 35ef7c853..650794344 100644 --- a/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java +++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java @@ -40,12 +40,6 @@ public class UserCredentialEntity { public static final String _updatedAt = "updatedAt"; - @Column(name = "\"is_active\"", nullable = false) - @Convert(converter = IsActiveConverter.class) - private IsActive isActive; - - public static final String _isActive = "isActive"; - public UUID getId() { return id; } @@ -86,12 +80,4 @@ public class UserCredentialEntity { this.updatedAt = updatedAt; } - public IsActive getIsActive() { - return isActive; - } - - public void setIsActive(IsActive isActive) { - this.isActive = isActive; - } - } diff --git a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java index f894fc5f3..8375d9668 100644 --- a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java +++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java @@ -27,10 +27,6 @@ public class UserCredential { public static final String _updatedAt = "updatedAt"; - private IsActive isActive; - - public static final String _isActive = "isActive"; - public UUID getId() { return id; } @@ -70,12 +66,4 @@ public class UserCredential { public void setUpdatedAt(Instant updatedAt) { this.updatedAt = updatedAt; } - - public IsActive getIsActive() { - return isActive; - } - - public void setIsActive(IsActive isActive) { - this.isActive = isActive; - } } diff --git a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java index a1357f37d..77df59d82 100644 --- a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java +++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java @@ -62,12 +62,10 @@ public class UserCredentialDeleter implements Deleter { Instant now = Instant.now(); for (UserCredentialEntity item : data) { - logger.trace("deleting item {}", item); - item.setIsActive(IsActive.Inactive); - item.setUpdatedAt(now); - logger.trace("updating item"); - this.entityManager.merge(item); - logger.trace("updated item"); + logger.trace("deleting item {}", item.getId()); + logger.trace("deleting item"); + this.entityManager.remove(item); + logger.trace("deleted item"); } } diff --git a/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java b/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java index 08bf1ea88..c4e55a1ee 100644 --- a/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java +++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java @@ -182,9 +182,6 @@ public class UserCredentialQuery extends QueryBase { inClause.value(item); predicates.add(inClause); } - if (this.isActives != null) { - predicates.add(queryContext.Root.get(UserCredentialEntity._isActive).in(isActives)); - } if (this.userIds != null) { CriteriaBuilder.In inClause = queryContext.CriteriaBuilder.in(queryContext.Root.get(UserCredentialEntity._userId)); for (UUID item : this.userIds) @@ -225,8 +222,6 @@ public class UserCredentialQuery extends QueryBase { return UserCredentialEntity._createdAt; else if (item.match(UserCredential._updatedAt)) return UserCredentialEntity._updatedAt; - else if (item.match(UserCredential._isActive)) - return UserCredentialEntity._isActive; else return null; } @@ -239,7 +234,6 @@ public class UserCredentialQuery extends QueryBase { item.setUserId(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._userId, UUID.class)); item.setCreatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, Instant.class)); item.setUpdatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._updatedAt, Instant.class)); - item.setIsActive(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, IsActive.class)); return item; } diff --git a/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java b/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java index 9898a97dc..b99a5383c 100644 --- a/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java +++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java @@ -153,7 +153,6 @@ public class UserServiceImpl implements UserService { data.setExternalId(model.getSubjectId()); data.setCreatedAt(Instant.now()); data.setUpdatedAt(Instant.now()); - data.setIsActive(IsActive.Active); entityManager.persist(data); } updatedCreatedIds.add(data.getId()); diff --git a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java index d04203b69..133c7d9e6 100644 --- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java +++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java @@ -8,7 +8,7 @@ import java.util.List; @ConfigurationProperties(prefix = "authorization") public class AuthorizationProperties { - private String globalAdminRole; + private List globalAdminRoles; private String tenantAdminRole; private String globalUserRole; private String tenantUserRole; @@ -16,12 +16,12 @@ public class AuthorizationProperties { private List allowedTenantRoles; private List allowedGlobalRoles; - public String getGlobalAdminRole() { - return this.globalAdminRole; + public List getGlobalAdminRoles() { + return globalAdminRoles; } - public void setGlobalAdminRole(String globalAdminRole) { - this.globalAdminRole = globalAdminRole; + public void setGlobalAdminRoles(List globalAdminRoles) { + this.globalAdminRoles = globalAdminRoles; } public String getTenantAdminRole() { diff --git a/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java b/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java index a1c8039b9..5ceace429 100644 --- a/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java +++ b/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java @@ -244,4 +244,15 @@ public class ErrorThesaurusProperties { public void setTenantCodeExists(ErrorDescription tenantCodeExists) { this.tenantCodeExists = tenantCodeExists; } + + + private ErrorDescription dmpNewVersionAlreadyCreatedDraft; + + public ErrorDescription getDmpNewVersionAlreadyCreatedDraft() { + return dmpNewVersionAlreadyCreatedDraft; + } + + public void setDmpNewVersionAlreadyCreatedDraft(ErrorDescription dmpNewVersionAlreadyCreatedDraft) { + this.dmpNewVersionAlreadyCreatedDraft = dmpNewVersionAlreadyCreatedDraft; + } } diff --git a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java index af517f643..35c328a52 100644 --- a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java @@ -408,7 +408,7 @@ public class DmpServiceImpl implements DmpService { .groupIds(oldDmpEntity.getGroupId()) .isActive(IsActive.Active) .count(); - if (notFinalizedCount > 0) throw new MyValidationException(this.errors.getModelValidation().getCode(), "Already created draft for this template"); + if (notFinalizedCount > 0) throw new MyValidationException(this.errors.getDmpNewVersionAlreadyCreatedDraft().getCode(), this.errors.getDmpNewVersionAlreadyCreatedDraft().getMessage()); DmpEntity newDmp = new DmpEntity(); newDmp.setId(UUID.randomUUID()); diff --git a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java index ac5dac181..282e38962 100644 --- a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java +++ b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java @@ -165,7 +165,7 @@ public class TenantServiceImpl implements TenantService { try { this.entityManager.disableTenantFilters(); - existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRole()).collect(); + existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRoles()).collect(); userCredentialEntities = this.queryFactory.query(UserCredentialQuery.class).disableTracking().userIds(existingItems.stream().map(UserRoleEntity::getUserId).distinct().toList()).collect(); List keycloakIdsToAddToTenantGroup = new ArrayList<>(); diff --git a/backend/web/src/main/resources/config/authorization.yml b/backend/web/src/main/resources/config/authorization.yml index bcc2e9e42..c33ebe758 100644 --- a/backend/web/src/main/resources/config/authorization.yml +++ b/backend/web/src/main/resources/config/authorization.yml @@ -1,5 +1,7 @@ authorization: - globalAdminRole: Admin + globalAdminRoles: + - Admin + - InstallationAdmin tenantAdminRole: TenantAdmin globalUserRole: User tenantUserRole: TenantUser @@ -7,8 +9,9 @@ authorization: allowedTenantRoles: - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor + - TenantPlanManager + - TenantConfigManager allowedGlobalRoles: - Admin + - InstallationAdmin - User \ No newline at end of file diff --git a/backend/web/src/main/resources/config/errors.yml b/backend/web/src/main/resources/config/errors.yml index fe1b71698..8f87d368a 100644 --- a/backend/web/src/main/resources/config/errors.yml +++ b/backend/web/src/main/resources/config/errors.yml @@ -79,4 +79,7 @@ error-thesaurus: message: Multiple Tenant Configuration Type Not Allowed tenant-code-exists: code: 130 - message: Tenant code exists \ No newline at end of file + message: Tenant code exists + dmp-new-version-already-created-draft: + code: 131 + message: Already created draft for this dmp \ No newline at end of file diff --git a/backend/web/src/main/resources/config/keycloak-devel.yml b/backend/web/src/main/resources/config/keycloak-devel.yml index 1ee728d13..22df61d43 100644 --- a/backend/web/src/main/resources/config/keycloak-devel.yml +++ b/backend/web/src/main/resources/config/keycloak-devel.yml @@ -6,6 +6,8 @@ keycloak-resources: groupId: a04fd333-f127-449e-8fc2-0626570a3899 Admin: groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea + InstallationAdmin: + groupId: 88a65fff-dffe-474a-a461-252ff4230203 tenantAuthorities: TenantAdmin: parent: 1e650f57-8b7c-4f32-bf5b-e1a9147c597b @@ -13,9 +15,9 @@ keycloak-resources: TenantUser: parent: c7057c4d-e7dc-49ef-aa5d-02ad3a22bff8 roleAttributeValueStrategy: 'TenantUser:{tenantCode}' - TenantManager: - parent: d111bb2f-b4a6-4de7-ad22-5151ee1a508b - roleAttributeValueStrategy: 'TenantManager:{tenantCode}' - TenantDescriptionTemplateEditor: - parent: 55cf7b17-c025-4065-8906-49f9f430f038 - roleAttributeValueStrategy: 'TenantDescriptionTemplateEditor:{tenantCode}' \ No newline at end of file + TenantConfigManager: + parent: 09a6977b-719e-4e90-b3fc-3b394d82e05f + roleAttributeValueStrategy: 'TenantConfigManager:{tenantCode}' + TenantPlanManager: + parent: 37d1fb0e-5e03-47bf-aefc-365c0670f84e + roleAttributeValueStrategy: 'TenantPlanManager:{tenantCode}' \ No newline at end of file diff --git a/backend/web/src/main/resources/config/permissions.yml b/backend/web/src/main/resources/config/permissions.yml index 86719eda0..d36039f84 100644 --- a/backend/web/src/main/resources/config/permissions.yml +++ b/backend/web/src/main/resources/config/permissions.yml @@ -14,6 +14,7 @@ permissions: AllowNoTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -88,16 +89,24 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false - + # Deposit BrowseDeposit: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDeposit: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -110,13 +119,15 @@ permissions: allowAuthenticated: true EditNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -124,6 +135,7 @@ permissions: # TenantConfiguration BrowseTenantConfiguration: roles: + - Admin - TenantAdmin claims: [ ] clients: [ ] @@ -131,12 +143,14 @@ permissions: allowAuthenticated: false EditTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: true allowAuthenticated: true DeleteTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false @@ -149,13 +163,15 @@ permissions: allowAuthenticated: true EditLanguage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteLanguage: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -169,6 +185,10 @@ permissions: # Description BrowseDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -181,6 +201,10 @@ permissions: allowAuthenticated: false ReviewDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -192,6 +216,10 @@ permissions: allowAuthenticated: false EditDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -202,6 +230,10 @@ permissions: allowAuthenticated: false FinalizeDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -212,6 +244,10 @@ permissions: allowAuthenticated: false DeleteDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -223,6 +259,10 @@ permissions: allowAuthenticated: false CloneDescription: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -240,18 +280,30 @@ permissions: # Tag BrowseTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -261,6 +313,9 @@ permissions: BrowseUser: roles: - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false @@ -268,25 +323,32 @@ permissions: EditUser: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteUser: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false - allowAuthenticated: false + allowAuthenticated: false ExportUsers: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false BrowseDmpAssociatedUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -301,22 +363,26 @@ permissions: # DescriptionTemplateType BrowseDescriptionTemplateType: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTemplateType: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTemplateType: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -330,6 +396,10 @@ permissions: allowAuthenticated: true EditStorageFile: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -337,6 +407,10 @@ permissions: allowAuthenticated: false DeleteStorageFile: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -345,57 +419,58 @@ permissions: # DescriptionTemplate BrowseDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false CloneDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false CreateNewVersionDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false ImportDescriptionTemplate: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false ExportDescriptionTemplate: roles: - - TenantAdmin - Admin - - TenantDescriptionTemplateEditor + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -403,6 +478,10 @@ permissions: # Dmp BrowseDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -415,6 +494,10 @@ permissions: allowAuthenticated: false EditDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -424,15 +507,21 @@ permissions: allowAuthenticated: false NewDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -443,6 +532,10 @@ permissions: allowAuthenticated: false DepositDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -453,6 +546,10 @@ permissions: allowAuthenticated: false CloneDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -469,6 +566,10 @@ permissions: allowAuthenticated: true CreateNewVersionDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -479,6 +580,10 @@ permissions: allowAuthenticated: false FinalizeDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -489,6 +594,10 @@ permissions: allowAuthenticated: false UndoFinalizeDmp: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -499,6 +608,10 @@ permissions: allowAuthenticated: false AssignDmpUsers: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -509,6 +622,10 @@ permissions: allowAuthenticated: false InviteDmpUsers: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin dmp: roles: @@ -520,48 +637,55 @@ permissions: # DmpBlueprint BrowseDmpBlueprint: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false CloneDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false CreateNewVersionDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false ExportDmpBlueprint: roles: - - TenantAdmin + - TenantPlanManager - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ImportDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpBlueprint: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -569,18 +693,30 @@ permissions: # EntityDoi BrowseEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteEntityDoi: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -591,19 +727,23 @@ permissions: # Reference Permissions BrowseReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditReference: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteReference: roles: - - TenantAdmin + - Admin claims: [ ] clients: [ ] allowAnonymous: false @@ -612,18 +752,30 @@ permissions: # DmpReference Permissions BrowseDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -633,18 +785,30 @@ permissions: # DmpUser Permissions BrowseDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpUser: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -655,23 +819,25 @@ permissions: BrowseSupportiveMaterial: roles: - Admin - - User + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: yes allowAuthenticated: yes EditSupportiveMaterial: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteSupportiveMaterial: roles: - - TenantAdmin + - Admin + - TenantConfigManager claims: [ ] clients: [ ] allowAnonymous: false @@ -680,22 +846,26 @@ permissions: # ReferenceType Permissions BrowseReferenceType: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditReferenceType: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteReferenceType: roles: - - TenantAdmin + - Admin + - TenantPlanManager claims: [ ] clients: [ ] allowAnonymous: false @@ -705,18 +875,21 @@ permissions: BrowseTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenant: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTenant: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -726,21 +899,21 @@ permissions: BrowseTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteTenantUser: roles: - Admin - - TenantAdmin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -749,18 +922,30 @@ permissions: # DmpDescriptionTemplate Permissions BrowseDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDmpDescriptionTemplate: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -770,18 +955,30 @@ permissions: # DescriptionReference Permissions BrowseDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionReference: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -791,18 +988,30 @@ permissions: # DescriptionReference Permissions BrowseDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false EditDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteDescriptionTag: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin claims: [ ] clients: [ ] @@ -811,10 +1020,12 @@ permissions: # Prefilling BrowsePrefilling: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor claims: [ ] clients: [ ] allowAnonymous: false @@ -823,16 +1034,23 @@ permissions: # Lock Permissions BrowseLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser dmp: roles: - Owner @@ -844,7 +1062,12 @@ permissions: allowAuthenticated: false DeleteLock: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser dmp: roles: - Owner @@ -855,7 +1078,7 @@ permissions: clients: [ ] allowAnonymous: false allowAuthenticated: false - + # Contact Permissions SendContactSupport: roles: [] @@ -865,19 +1088,34 @@ permissions: # ActionConfirmation Permissions BrowseActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false EditActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteActionConfirmation: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin + - TenantUser claims: [ ] clients: [ ] allowAnonymous: false @@ -886,21 +1124,25 @@ permissions: # PrefillingSource Permissions BrowsePrefillingSource: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false EditPrefillingSource: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeletePrefillingSource: roles: + - Admin - TenantAdmin claims: [ ] clients: [ ] @@ -910,7 +1152,8 @@ permissions: # ViewPage Permissions ViewDescriptionTemplateTypePage: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -922,74 +1165,82 @@ permissions: allowAuthenticated: false ViewNotificationPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewNotificationTemplatePage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewSupportiveMaterialPage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewLanguagePage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewUserPage: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewTenantPage: roles: - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewPrefillingSourcePage: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewReferenceTypePage: roles: + - Admin - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewReferencePage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewEntityLockPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewDescriptionTemplatePage: roles: - - TenantAdmin - - TenantDescriptionTemplateEditor + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false ViewDmpBlueprintPage: roles: - - TenantAdmin + - Admin + - TenantPlanManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -1005,19 +1256,23 @@ permissions: allowAuthenticated: true ViewMyDescriptionPage: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false ViewMyDmpPage: roles: + - Admin + - InstallationAdmin + - TenantPlanManager + - TenantConfigManager - TenantAdmin - TenantUser - - TenantManager - - TenantDescriptionTemplateEditor clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -1033,8 +1288,8 @@ permissions: allowAuthenticated: true ViewTenantConfigurationPage: roles: - - TenantAdmin - Admin + - TenantAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false \ No newline at end of file diff --git a/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql b/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql index 9dc8332a2..2021dd5f5 100644 --- a/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql +++ b/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql @@ -11,7 +11,6 @@ CREATE TABLE IF NOT EXISTS public."ntf_UserCredential" "external_id" character varying(512) COLLATE pg_catalog."default" NOT NULL, "created_at" timestamp without time zone NOT NULL, "updated_at" timestamp without time zone NOT NULL, - "is_active" smallint NOT NULL DEFAULT 1, "data" character varying COLLATE pg_catalog."default", CONSTRAINT "ntf_UserCredential_pkey" PRIMARY KEY (id), CONSTRAINT "ntf_UserCredential_user_fkey" FOREIGN KEY ("user") diff --git a/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql b/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql index f2c9dec8f..f9e0f9219 100644 --- a/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql +++ b/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql @@ -11,7 +11,6 @@ CREATE TABLE IF NOT EXISTS public."ant_UserCredential" "external_id" character varying(512) COLLATE pg_catalog."default" NOT NULL, "created_at" timestamp without time zone NOT NULL, "updated_at" timestamp without time zone NOT NULL, - "is_active" smallint NOT NULL DEFAULT 1, "data" character varying COLLATE pg_catalog."default", CONSTRAINT "ant_UserCredential_pkey" PRIMARY KEY (id), CONSTRAINT "ant_UserCredential_user_fkey" FOREIGN KEY ("user") diff --git a/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql b/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql index 688ca8246..3ed288b3d 100644 --- a/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql +++ b/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql @@ -4,22 +4,22 @@ BEGIN PERFORM * FROM "DBVersion" WHERE version = this_version; IF FOUND THEN RETURN; END IF; -CREATE TABLE IF NOT EXISTS public."ant_UserContactInfo" -( - "id" uuid NOT NULL, - "user" uuid NOT NULL, - "ordinal" integer NOT NULL DEFAULT 0, - "type" smallint NOT NULL, - "value" character varying(512) COLLATE pg_catalog."default" NOT NULL, - "created_at" timestamp without time zone NOT NULL, - "updated_at" timestamp without time zone NOT NULL, - "is_active" smallint NOT NULL DEFAULT 1, - CONSTRAINT "ant_UserContactInfo_pkey" PRIMARY KEY (id), - CONSTRAINT "ant_UserContactInfo_user_fkey" FOREIGN KEY ("user") - REFERENCES public."ant_User" (id) MATCH SIMPLE - ON UPDATE NO ACTION - ON DELETE NO ACTION -); +-- CREATE TABLE IF NOT EXISTS public."ant_UserContactInfo" +-- ( +-- "id" uuid NOT NULL, +-- "user" uuid NOT NULL, +-- "ordinal" integer NOT NULL DEFAULT 0, +-- "type" smallint NOT NULL, +-- "value" character varying(512) COLLATE pg_catalog."default" NOT NULL, +-- "created_at" timestamp without time zone NOT NULL, +-- "updated_at" timestamp without time zone NOT NULL, +-- "is_active" smallint NOT NULL DEFAULT 1, +-- CONSTRAINT "ant_UserContactInfo_pkey" PRIMARY KEY (id), +-- CONSTRAINT "ant_UserContactInfo_user_fkey" FOREIGN KEY ("user") +-- REFERENCES public."ant_User" (id) MATCH SIMPLE +-- ON UPDATE NO ACTION +-- ON DELETE NO ACTION +-- ); INSERT INTO public."DBVersion" VALUES ('DMPDB', '00.01.058', '2024-02-28 12:00:00.000000+02', now(), 'Add table ant_UserContactInfo.'); diff --git a/dmp-frontend/src/app/core/common/enum/app-role.ts b/dmp-frontend/src/app/core/common/enum/app-role.ts index 1213fb136..aaf3f5e64 100644 --- a/dmp-frontend/src/app/core/common/enum/app-role.ts +++ b/dmp-frontend/src/app/core/common/enum/app-role.ts @@ -1,8 +1,11 @@ export enum AppRole { Admin = "Admin", + InstallationAdmin = "InstallationAdmin", User = "User", TenantAdmin = "TenantAdmin", TenantUser = "TenantUser", - TenantManager = "TenantManager", - TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor" + // TenantManager = "TenantManager", + // TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor" + TenantPlanManager = "TenantPlanManager", + TenantConfigManager = "TenantConfigManager" } diff --git a/dmp-frontend/src/app/core/common/enum/respone-error-code.ts b/dmp-frontend/src/app/core/common/enum/respone-error-code.ts index be2027f16..52fbbac10 100644 --- a/dmp-frontend/src/app/core/common/enum/respone-error-code.ts +++ b/dmp-frontend/src/app/core/common/enum/respone-error-code.ts @@ -25,4 +25,5 @@ export enum ResponseErrorCode { TenantConfigurationTypeCanNotChange = 128, MultipleTenantConfigurationTypeNotAllowed = 129, TenantCodeExists = 130, + DmpNewVersionAlreadyCreatedDraft = 131 } diff --git a/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts b/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts index 3d32e1294..7b9924c19 100644 --- a/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts +++ b/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts @@ -58,11 +58,12 @@ export class EnumUtils { toAppRoleString(status: AppRole): string { switch (status) { case AppRole.Admin: return this.language.instant('TYPES.APP-ROLE.ADMIN'); + case AppRole.InstallationAdmin: return this.language.instant('TYPES.APP-ROLE.INSTALLATION-ADMIN'); case AppRole.User: return this.language.instant('TYPES.APP-ROLE.USER'); case AppRole.TenantAdmin: return this.language.instant('TYPES.APP-ROLE.TENANT-ADMIN'); case AppRole.TenantUser: return this.language.instant('TYPES.APP-ROLE.TENANT-USER'); - case AppRole.TenantManager: return this.language.instant('TYPES.APP-ROLE.TENANT-MANAGER'); - case AppRole.TenantDescriptionTemplateEditor: return this.language.instant('TYPES.APP-ROLE.TENANT-DESCRIPTION-TEMPLATE-EDITOR'); + case AppRole.TenantPlanManager: return this.language.instant('TYPES.APP-ROLE.TENANT-PLAN-MANAGER'); + case AppRole.TenantConfigManager: return this.language.instant('TYPES.APP-ROLE.TENANT-CONFIG-MANAGER'); } } diff --git a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html index 10c4b10b9..6e244ba85 100644 --- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html +++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html @@ -4,7 +4,7 @@
- + {{enumUtils.toAppRoleString(role)}}
diff --git a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss index 5d9c920fa..6f277a8cd 100644 --- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss +++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss @@ -49,12 +49,12 @@ padding-right: 10px; } - .tenant-manager { + .tenant-plan-manager { // display: flex; // justify-content: center; // align-items: center; - min-width: 90px; - height: 28px; + min-width: 77px; + min-height: 28px; color: #568b5a; background: #9dd1a1 0% 0% no-repeat padding-box; border-radius: 44px; @@ -85,6 +85,24 @@ padding-right: 10px; } + .installation-admin { + // display: flex; + // justify-content: center; + // align-items: center; + min-width: 67px; + min-height: 28px; + color: #e75d01; + background: #dbaa4e3a 0% 0% no-repeat padding-box; + border-radius: 44px; + letter-spacing: 0.11px; + font-weight: 400; + opacity: 1; + margin-top: 0.5em; + margin-bottom: 0.5em; + padding-left: 10px; + padding-right: 10px; + } + .tenant-admin { // display: flex; // justify-content: center; @@ -103,7 +121,7 @@ padding-right: 10px; } - .tenant-description-template-editor { + .tenant-config-manager { // display: flex; // justify-content: center; // align-items: center; diff --git a/dmp-frontend/src/assets/i18n/en.json b/dmp-frontend/src/assets/i18n/en.json index 46d191984..a942fca57 100644 --- a/dmp-frontend/src/assets/i18n/en.json +++ b/dmp-frontend/src/assets/i18n/en.json @@ -54,7 +54,8 @@ "TENANT-TAMPERING": "This operation affects data from a Tenant different than your selected. Please reselect your Tenant.", "TENANT-CONFIGURATION-TYPE-CAN-NOT-CHANGE": "The configuration type for this Tenant cannot be changed.", "MULTIPLE-TENANT-CONFIGURATION-TYPE-NOT-ALLOWED": "Tenant Configuration already exists for this Tenant.", - "TENANT-CODE-EXISTS": "The Tenant code you provided already exists. Please choose a different code." + "TENANT-CODE-EXISTS": "The Tenant code you provided already exists. Please choose a different code.", + "DMP-NEW-VERSION-ALREADY-CREATED-DRAFT": "You have already created a new draft version for this plan." }, "FORM-VALIDATION-DISPLAY-DIALOG": { "WARNING": "Warning!", @@ -1787,11 +1788,12 @@ }, "APP-ROLE": { "ADMIN": "Admin", + "INSTALLATION-ADMIN": "Installation Admin", "USER": "User", "TENANT-ADMIN": "Tenant Admin", "TENANT-USER": "Tenant User", - "TENANT-MANAGER": "Manager", - "TENANT-DESCRIPTION-TEMPLATE-EDITOR": "Description Template Editor" + "TENANT-PLAN-MANAGER": "Tenant Plan Manager", + "TENANT-CONFIG-MANAGER": "Tenant Configuration Manager" }, "IS-ACTIVE": { "ACTIVE": "Active", diff --git a/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts b/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts index 9a20ceab5..c6fcddbcb 100644 --- a/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts +++ b/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts @@ -88,6 +88,9 @@ export class HttpErrorHandlingService { else if(errorResponse.error.code === ResponseErrorCode.TenantCodeExists){ this.uiNotificationService.snackBarNotification(this.language.instant("GENERAL.BACKEND-ERRORS.TENANT-CODE-EXISTS"), SnackBarNotificationLevel.Error); } + else if(errorResponse.error.code === ResponseErrorCode.DmpNewVersionAlreadyCreatedDraft){ + this.uiNotificationService.snackBarNotification(this.language.instant("GENERAL.BACKEND-ERRORS.DMP-NEW-VERSION-ALREADY-CREATED-DRAFT"), SnackBarNotificationLevel.Error); + } else if (error.statusCode === 302 || error.statusCode === 400 || error.statusCode === 404) { errorMessage ??= this.language.instant('GENERAL.SNACK-BAR.NOT-FOUND'); this.uiNotificationService.snackBarNotification(errorMessage, SnackBarNotificationLevel.Warning); diff --git a/notification-service/notification-web/src/main/resources/config/permissions.yml b/notification-service/notification-web/src/main/resources/config/permissions.yml index 1d152a075..deb2d28e9 100644 --- a/notification-service/notification-web/src/main/resources/config/permissions.yml +++ b/notification-service/notification-web/src/main/resources/config/permissions.yml @@ -4,20 +4,17 @@ permissions: # Tenants BrowseTenant: - roles: - - Admin + roles: [] clients: [ ] allowAnonymous: false allowAuthenticated: false EditTenant: - roles: - - Admin + roles: [] clients: [ "opencdmp-api-dev" ] allowAnonymous: false allowAuthenticated: false DeleteTenant: - roles: - - Admin + roles: [] claims: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -25,6 +22,7 @@ permissions: AllowNoTenant: roles: - Admin + - InstallationAdmin claims: [ ] clients: [ ] allowAnonymous: false @@ -32,19 +30,17 @@ permissions: # Users BrowseUser: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: true allowAuthenticated: false EditUser: - roles: - - TenantAdmin + roles: [] clients: [ "opencdmp-api-dev" ] allowAnonymous: false allowAuthenticated: false DeleteUser: - roles: - - TenantAdmin + roles: [] claims: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -52,19 +48,22 @@ permissions: # UserContactInfo BrowseUserContactInfo: roles: - - TenantAdmin + - Admin + - InstallationAdmin clients: [ "opencdmp-api-dev" ] allowAnonymous: true allowAuthenticated: false EditUserContactInfo: roles: - - TenantAdmin + - Admin + - InstallationAdmin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteUserContactInfo: roles: - - TenantAdmin + - Admin + - InstallationAdmin claims: [ ] clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -72,25 +71,26 @@ permissions: #Notification BrowseNotification: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: true allowAuthenticated: false EditNotification: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: true allowAuthenticated: false DeleteNotification: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false # TenantConfiguration BrowseTenantConfiguration: roles: + - Admin - TenantAdmin claims: [ ] clients: [ ] @@ -98,12 +98,14 @@ permissions: allowAuthenticated: false EditTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ "opencdmp-api-dev" ] allowAnonymous: false allowAuthenticated: false DeleteTenantConfiguration: roles: + - Admin - TenantAdmin clients: [ "opencdmp-api-dev" ] allowAnonymous: false @@ -111,13 +113,13 @@ permissions: #User Notification Preference BrowseUserNotificationPreference: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: true allowAuthenticated: false EditUserNotificationPreference: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -125,25 +127,26 @@ permissions: # ViewPage Permissions ViewNotificationPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewNotificationEventRulePage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewInAppNotificationPage: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false ViewNotificationTemplatePage: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -151,19 +154,22 @@ permissions: # Notification Template Permissions BrowseNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false EditNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteNotificationTemplate: roles: - - TenantAdmin + - Admin + - TenantConfigManager clients: [ ] allowAnonymous: false allowAuthenticated: false @@ -171,13 +177,13 @@ permissions: # In App Notification Permissions BrowseInAppNotification: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false DeleteInAppNotification: roles: - - TenantAdmin + - Admin clients: [ ] allowAnonymous: false allowAuthenticated: false \ No newline at end of file diff --git a/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java b/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java index bfd867001..71e08b15a 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java @@ -40,12 +40,6 @@ public class UserCredentialEntity { public static final String _updatedAt = "updatedAt"; - @Column(name = "\"is_active\"", nullable = false) - @Convert(converter = IsActiveConverter.class) - private IsActive isActive; - - public static final String _isActive = "isActive"; - public UUID getId() { return id; } @@ -85,13 +79,4 @@ public class UserCredentialEntity { public void setUpdatedAt(Instant updatedAt) { this.updatedAt = updatedAt; } - - public IsActive getIsActive() { - return isActive; - } - - public void setIsActive(IsActive isActive) { - this.isActive = isActive; - } - } diff --git a/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java b/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java index 826a39d20..7da0a716a 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java @@ -27,10 +27,6 @@ public class UserCredential { public static final String _updatedAt = "updatedAt"; - private IsActive isActive; - - public static final String _isActive = "isActive"; - public UUID getId() { return id; } @@ -70,12 +66,4 @@ public class UserCredential { public void setUpdatedAt(Instant updatedAt) { this.updatedAt = updatedAt; } - - public IsActive getIsActive() { - return isActive; - } - - public void setIsActive(IsActive isActive) { - this.isActive = isActive; - } } diff --git a/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java b/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java index 20b4ad8cf..0bc1c06be 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java @@ -4,6 +4,8 @@ import gr.cite.commons.web.authz.service.AuthorizationService; import gr.cite.notification.authorization.OwnedResource; import gr.cite.notification.authorization.Permission; import gr.cite.notification.convention.ConventionService; +import gr.cite.notification.model.InAppNotification; +import gr.cite.tools.data.censor.CensorFactory; import gr.cite.tools.fieldset.FieldSet; import gr.cite.tools.logging.DataLogEntry; import gr.cite.tools.logging.LoggerService; @@ -21,16 +23,20 @@ import java.util.UUID; public class InAppNotificationCensor extends BaseCensor { private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(InAppNotificationCensor.class)); private final AuthorizationService authService; + protected final CensorFactory censorFactory; @Autowired - public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService) { + public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService, CensorFactory censorFactory) { super(conventionService); this.authService = authService; + this.censorFactory = censorFactory; } public void censor(FieldSet fields, UUID userId) { logger.debug(new DataLogEntry("censoring fields", fields)); if (this.isEmpty(fields)) return; this.authService.authorizeAtLeastOneForce(userId != null ? List.of(new OwnedResource(userId)) : null, Permission.BrowseInAppNotification); + FieldSet userFields = fields.extractPrefixed(this.asIndexerPrefix(InAppNotification.Field.USER)); + this.censorFactory.censor(UserCensor.class).censor(userFields, userId); } } diff --git a/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java b/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java index e400ff201..fd9eec69b 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java @@ -62,12 +62,10 @@ public class UserCredentialDeleter implements Deleter { Instant now = Instant.now(); for (UserCredentialEntity item : data) { - logger.trace("deleting item {}", item); - item.setIsActive(IsActive.Inactive); - item.setUpdatedAt(now); - logger.trace("updating item"); - this.entityManager.merge(item); - logger.trace("updated item"); + logger.trace("deleting item {}", item.getId()); + logger.trace("deleting item"); + this.entityManager.remove(item); + logger.trace("deleted item"); } } diff --git a/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java b/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java index 2ab55d414..59f93f1be 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java @@ -28,8 +28,6 @@ public class UserCredentialQuery extends QueryBase { private Collection excludedIds; - private Collection isActives; - private Collection userIds; private Collection externalIds; @@ -75,21 +73,6 @@ public class UserCredentialQuery extends QueryBase { return this; } - public UserCredentialQuery isActive(IsActive value) { - this.isActives = List.of(value); - return this; - } - - public UserCredentialQuery isActive(IsActive... value) { - this.isActives = Arrays.asList(value); - return this; - } - - public UserCredentialQuery isActive(Collection values) { - this.isActives = values; - return this; - } - public UserCredentialQuery userIds(UUID value) { this.userIds = List.of(value); return this; @@ -182,9 +165,6 @@ public class UserCredentialQuery extends QueryBase { inClause.value(item); predicates.add(inClause); } - if (this.isActives != null) { - predicates.add(queryContext.Root.get(UserCredentialEntity._isActive).in(isActives)); - } if (this.userIds != null) { CriteriaBuilder.In inClause = queryContext.CriteriaBuilder.in(queryContext.Root.get(UserCredentialEntity._userId)); for (UUID item : this.userIds) @@ -225,8 +205,6 @@ public class UserCredentialQuery extends QueryBase { return UserCredentialEntity._createdAt; else if (item.match(UserCredential._updatedAt)) return UserCredentialEntity._updatedAt; - else if (item.match(UserCredential._isActive)) - return UserCredentialEntity._isActive; else return null; } @@ -239,7 +217,6 @@ public class UserCredentialQuery extends QueryBase { item.setUserId(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._userId, UUID.class)); item.setCreatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, Instant.class)); item.setUpdatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._updatedAt, Instant.class)); - item.setIsActive(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, IsActive.class)); return item; } diff --git a/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java b/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java index 43af4ed3f..b07727761 100644 --- a/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java +++ b/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java @@ -183,7 +183,6 @@ public class UserServiceImpl implements UserService { private void persistUserCredential(List models, UUID userId) throws InvalidApplicationException { List items = this.queryFactory.query(UserCredentialQuery.class) .userIds(userId) - .isActive(IsActive.Active) .collect(); List updatedCreatedIds = new ArrayList<>(); if (models != null) { @@ -196,7 +195,6 @@ public class UserServiceImpl implements UserService { data.setExternalId(model.getSubjectId()); data.setCreatedAt(Instant.now()); data.setUpdatedAt(Instant.now()); - data.setIsActive(IsActive.Active); entityManager.persist(data); } updatedCreatedIds.add(data.getId());