Merge branch 'dmp-refactoring' of https://code-repo.d4science.org/MaDgiK-CITE/argos into dmp-refactoring

2024-06-03 15:52:36 +03:00 · 2024-06-03 15:52:36 +03:00 · 601b748388
parent c5ee926e65 104d465b6d
commit 601b748388
31 changed files with 493 additions and 256 deletions
--- a/annotation-service/annotation-web/src/main/resources/config/permissions.yml
+++ b/annotation-service/annotation-web/src/main/resources/config/permissions.yml
@ -4,27 +4,24 @@ permissions:
      roles:
        - TenantAdmin
        - TenantUser
-        - TenantManager
+        - TenantPlanManager
-        - TenantDescriptionTemplateEditor
+        - TenantConfigManager
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    # Tenants
    BrowseTenant:
-      roles:
+      roles: [ ]
        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    EditTenant:
-      roles:
+      roles: [ ]
        - Admin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteTenant:
-      roles:
+      roles: [ ]
        - Admin
      claims: [ ]
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -32,6 +29,7 @@ permissions:
    AllowNoTenant:
      roles:
        - Admin
        - InstallationAdmin
      claims: [ ]
      clients: [ ]
      allowAnonymous: false
@ -39,19 +37,17 @@ permissions:
    # Users
    BrowseUser:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    EditUser:
-      roles:
+      roles: [ ]
        - TenantAdmin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteUser:
-      roles:
+      roles: [ ]
        - TenantAdmin
      claims: [ ]
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -59,6 +55,10 @@ permissions:
    #Annotation
    BrowseAnnotation:
      roles:
        - Admin
        - InstallationAdmin
        - TenantPlanManager
        - TenantConfigManager
        - TenantAdmin
      entityAffiliated: true
      clients: [ ]
@ -66,6 +66,10 @@ permissions:
      allowAuthenticated: false
    NewAnnotation:
      roles:
        - Admin
        - InstallationAdmin
        - TenantPlanManager
        - TenantConfigManager
        - TenantAdmin
      entityAffiliated: true
      clients: [ ]
@ -73,12 +77,20 @@ permissions:
      allowAuthenticated: false
    EditAnnotation:
      roles:
        - Admin
        - InstallationAdmin
        - TenantPlanManager
        - TenantConfigManager
        - TenantAdmin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    DeleteAnnotation:
      roles:
        - Admin
        - InstallationAdmin
        - TenantPlanManager
        - TenantConfigManager
        - TenantAdmin
      entityAffiliated: false
      clients: [ ]
@ -87,12 +99,14 @@ permissions:
    #Tenant Configuration
    BrowseTenantConfiguration:
      roles:
        - Admin
        - TenantAdmin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    EditTenantConfiguration:
      roles:
        - Admin
        - TenantAdmin
      clients: [ ]
      allowAnonymous: false
--- a/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java
+++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/data/UserCredentialEntity.java
@ -40,12 +40,6 @@ public class UserCredentialEntity  {
    public static final String _updatedAt = "updatedAt";
    @Column(name = "\"is_active\"", nullable = false)
    @Convert(converter = IsActiveConverter.class)
    private IsActive isActive;
    public static final String _isActive = "isActive";
    public UUID getId() {
        return id;
    }
@ -86,12 +80,4 @@ public class UserCredentialEntity  {
        this.updatedAt = updatedAt;
    }
    public IsActive getIsActive() {
        return isActive;
    }
    public void setIsActive(IsActive isActive) {
        this.isActive = isActive;
    }
 }
--- a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java
+++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/UserCredential.java
@ -27,10 +27,6 @@ public class UserCredential {
    public static final String _updatedAt = "updatedAt";
    private IsActive isActive;
    public static final String _isActive = "isActive";
    public UUID getId() {
        return id;
    }
@ -70,12 +66,4 @@ public class UserCredential {
    public void setUpdatedAt(Instant updatedAt) {
        this.updatedAt = updatedAt;
    }
    public IsActive getIsActive() {
        return isActive;
    }
    public void setIsActive(IsActive isActive) {
        this.isActive = isActive;
    }
 }
--- a/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java
+++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/model/deleter/UserCredentialDeleter.java
@ -62,12 +62,10 @@ public class UserCredentialDeleter implements Deleter {
        Instant now = Instant.now();
        for (UserCredentialEntity item : data) {
-            logger.trace("deleting item {}", item);
+            logger.trace("deleting item {}", item.getId());
-            item.setIsActive(IsActive.Inactive);
+            logger.trace("deleting item");
-            item.setUpdatedAt(now);
+            this.entityManager.remove(item);
-            logger.trace("updating item");
+            logger.trace("deleted item");
            this.entityManager.merge(item);
            logger.trace("updated item");
        }
    }
--- a/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java
+++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/query/UserCredentialQuery.java
@ -182,9 +182,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
                inClause.value(item);
            predicates.add(inClause);
        }
        if (this.isActives != null) {
            predicates.add(queryContext.Root.get(UserCredentialEntity._isActive).in(isActives));
        }
        if (this.userIds != null) {
            CriteriaBuilder.In<UUID> inClause = queryContext.CriteriaBuilder.in(queryContext.Root.get(UserCredentialEntity._userId));
            for (UUID item : this.userIds)
@ -225,8 +222,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
            return UserCredentialEntity._createdAt;
        else if (item.match(UserCredential._updatedAt))
            return UserCredentialEntity._updatedAt;
        else if (item.match(UserCredential._isActive))
            return UserCredentialEntity._isActive;
        else
            return null;
    }
@ -239,7 +234,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
        item.setUserId(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._userId, UUID.class));
        item.setCreatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, Instant.class));
        item.setUpdatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._updatedAt, Instant.class));
        item.setIsActive(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, IsActive.class));
        return item;
    }
--- a/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java
+++ b/annotation-service/annotation/src/main/java/gr/cite/annotation/service/user/UserServiceImpl.java
@ -153,7 +153,6 @@ public class UserServiceImpl implements UserService {
                    data.setExternalId(model.getSubjectId());
                    data.setCreatedAt(Instant.now());
                    data.setUpdatedAt(Instant.now());
                    data.setIsActive(IsActive.Active);
                    entityManager.persist(data);
                }
                updatedCreatedIds.add(data.getId());
--- a/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java
+++ b/backend/core/src/main/java/org/opencdmp/authorization/AuthorizationProperties.java
@ -8,7 +8,7 @@ import java.util.List;
@ConfigurationProperties(prefix = "authorization")
 public class AuthorizationProperties {
-	private String globalAdminRole;
+	private List<String> globalAdminRoles;
 	private String tenantAdminRole;
 	private String globalUserRole;
 	private String tenantUserRole;
@ -16,12 +16,12 @@ public class AuthorizationProperties {
 	private List<String> allowedTenantRoles;
 	private List<String> allowedGlobalRoles;
-	public String getGlobalAdminRole() {
+	public List<String> getGlobalAdminRoles() {
-		return this.globalAdminRole;
+		return globalAdminRoles;
 	}
-	public void setGlobalAdminRole(String globalAdminRole) {
+	public void setGlobalAdminRoles(List<String> globalAdminRoles) {
-		this.globalAdminRole = globalAdminRole;
+		this.globalAdminRoles = globalAdminRoles;
 	}
 	public String getTenantAdminRole() {
--- a/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java
+++ b/backend/core/src/main/java/org/opencdmp/errorcode/ErrorThesaurusProperties.java
@ -244,4 +244,15 @@ public class ErrorThesaurusProperties {
    public void setTenantCodeExists(ErrorDescription tenantCodeExists) {
        this.tenantCodeExists = tenantCodeExists;
    }
    private ErrorDescription dmpNewVersionAlreadyCreatedDraft;
    public ErrorDescription getDmpNewVersionAlreadyCreatedDraft() {
        return dmpNewVersionAlreadyCreatedDraft;
    }
    public void setDmpNewVersionAlreadyCreatedDraft(ErrorDescription dmpNewVersionAlreadyCreatedDraft) {
        this.dmpNewVersionAlreadyCreatedDraft = dmpNewVersionAlreadyCreatedDraft;
    }
 }
--- a/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/dmp/DmpServiceImpl.java
@ -408,7 +408,7 @@ public class DmpServiceImpl implements DmpService {
                .groupIds(oldDmpEntity.getGroupId())
                .isActive(IsActive.Active)
                .count();
-        if (notFinalizedCount > 0) throw new MyValidationException(this.errors.getModelValidation().getCode(), "Already created draft for this template");
+        if (notFinalizedCount > 0) throw new MyValidationException(this.errors.getDmpNewVersionAlreadyCreatedDraft().getCode(), this.errors.getDmpNewVersionAlreadyCreatedDraft().getMessage());
        DmpEntity newDmp = new DmpEntity();
        newDmp.setId(UUID.randomUUID());
--- a/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java
+++ b/backend/core/src/main/java/org/opencdmp/service/tenant/TenantServiceImpl.java
@ -165,7 +165,7 @@ public class TenantServiceImpl implements TenantService {
        try {
            this.entityManager.disableTenantFilters();
-            existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRole()).collect();
+            existingItems = this.queryFactory.query(UserRoleQuery.class).disableTracking().tenantIsSet(false).roles(this.authorizationProperties.getGlobalAdminRoles()).collect();
            userCredentialEntities = this.queryFactory.query(UserCredentialQuery.class).disableTracking().userIds(existingItems.stream().map(UserRoleEntity::getUserId).distinct().toList()).collect();
            List<String> keycloakIdsToAddToTenantGroup = new ArrayList<>();
--- a/backend/web/src/main/resources/config/authorization.yml
+++ b/backend/web/src/main/resources/config/authorization.yml
@ -1,5 +1,7 @@
 authorization:
-  globalAdminRole: Admin
+  globalAdminRoles:
    - Admin
    - InstallationAdmin
  tenantAdminRole: TenantAdmin
  globalUserRole: User
  tenantUserRole: TenantUser
@ -7,8 +9,9 @@ authorization:
  allowedTenantRoles:
    - TenantAdmin
    - TenantUser
-    - TenantManager
+    - TenantPlanManager
-    - TenantDescriptionTemplateEditor
+    - TenantConfigManager
  allowedGlobalRoles:
    - Admin
    - InstallationAdmin
    - User
--- a/backend/web/src/main/resources/config/errors.yml
+++ b/backend/web/src/main/resources/config/errors.yml
@ -80,3 +80,6 @@ error-thesaurus:
  tenant-code-exists:
    code: 130
    message: Tenant code exists
  dmp-new-version-already-created-draft:
    code: 131
    message: Already created draft for this dmp
--- a/backend/web/src/main/resources/config/keycloak-devel.yml
+++ b/backend/web/src/main/resources/config/keycloak-devel.yml
@ -6,6 +6,8 @@ keycloak-resources:
      groupId: a04fd333-f127-449e-8fc2-0626570a3899
    Admin:
      groupId: 299f18fe-e271-4625-a4c1-9c3eb313b2ea
    InstallationAdmin:
      groupId: 88a65fff-dffe-474a-a461-252ff4230203
  tenantAuthorities:
    TenantAdmin:
      parent: 1e650f57-8b7c-4f32-bf5b-e1a9147c597b
@ -13,9 +15,9 @@ keycloak-resources:
    TenantUser:
      parent: c7057c4d-e7dc-49ef-aa5d-02ad3a22bff8
      roleAttributeValueStrategy: 'TenantUser:{tenantCode}'
-    TenantManager:
+    TenantConfigManager:
-      parent: d111bb2f-b4a6-4de7-ad22-5151ee1a508b
+      parent: 09a6977b-719e-4e90-b3fc-3b394d82e05f
-      roleAttributeValueStrategy: 'TenantManager:{tenantCode}'
+      roleAttributeValueStrategy: 'TenantConfigManager:{tenantCode}'
-    TenantDescriptionTemplateEditor:
+    TenantPlanManager:
-      parent: 55cf7b17-c025-4065-8906-49f9f430f038
+      parent: 37d1fb0e-5e03-47bf-aefc-365c0670f84e
-      roleAttributeValueStrategy: 'TenantDescriptionTemplateEditor:{tenantCode}'
+      roleAttributeValueStrategy: 'TenantPlanManager:{tenantCode}'
--- a/backend/web/src/main/resources/config/permissions.yml
+++ b/backend/web/src/main/resources/config/permissions.yml
--- a/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql
+++ b/dmp-db-scema/updates/00.01.034_Add_ntf_User_Credential.sql
@ -11,7 +11,6 @@ CREATE TABLE IF NOT EXISTS public."ntf_UserCredential"
    "external_id" character varying(512) COLLATE pg_catalog."default" NOT NULL,
    "created_at" timestamp without time zone NOT NULL,
    "updated_at" timestamp without time zone NOT NULL,
    "is_active" smallint NOT NULL DEFAULT 1,
    "data" character varying COLLATE pg_catalog."default",
    CONSTRAINT "ntf_UserCredential_pkey" PRIMARY KEY (id),
    CONSTRAINT "ntf_UserCredential_user_fkey" FOREIGN KEY ("user")
--- a/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql
+++ b/dmp-db-scema/updates/00.01.052_Add_ant_User_Credential.sql
@ -11,7 +11,6 @@ CREATE TABLE IF NOT EXISTS public."ant_UserCredential"
    "external_id" character varying(512) COLLATE pg_catalog."default" NOT NULL,
    "created_at" timestamp without time zone NOT NULL,
    "updated_at" timestamp without time zone NOT NULL,
    "is_active" smallint NOT NULL DEFAULT 1,
    "data" character varying COLLATE pg_catalog."default",
    CONSTRAINT "ant_UserCredential_pkey" PRIMARY KEY (id),
    CONSTRAINT "ant_UserCredential_user_fkey" FOREIGN KEY ("user")
--- a/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql
+++ b/dmp-db-scema/updates/00.01.058_Add_ant_UserContactInfo_table.sql
@ -4,22 +4,22 @@ BEGIN
   PERFORM * FROM "DBVersion" WHERE version = this_version;
   IF FOUND THEN RETURN; END IF;
-CREATE TABLE IF NOT EXISTS public."ant_UserContactInfo"
+-- CREATE TABLE IF NOT EXISTS public."ant_UserContactInfo"
-(
+-- (
-    "id" uuid NOT NULL,
+--     "id" uuid NOT NULL,
-    "user" uuid NOT NULL,
+--     "user" uuid NOT NULL,
-    "ordinal" integer NOT NULL DEFAULT 0,
+--     "ordinal" integer NOT NULL DEFAULT 0,
-    "type" smallint NOT NULL,
+--     "type" smallint NOT NULL,
-    "value" character varying(512) COLLATE pg_catalog."default" NOT NULL,
+--     "value" character varying(512) COLLATE pg_catalog."default" NOT NULL,
-    "created_at" timestamp without time zone NOT NULL,
+--     "created_at" timestamp without time zone NOT NULL,
-    "updated_at" timestamp without time zone NOT NULL,
+--     "updated_at" timestamp without time zone NOT NULL,
-    "is_active" smallint NOT NULL DEFAULT 1,
+--     "is_active" smallint NOT NULL DEFAULT 1,
-    CONSTRAINT "ant_UserContactInfo_pkey" PRIMARY KEY (id),
+--     CONSTRAINT "ant_UserContactInfo_pkey" PRIMARY KEY (id),
-    CONSTRAINT "ant_UserContactInfo_user_fkey" FOREIGN KEY ("user")
+--     CONSTRAINT "ant_UserContactInfo_user_fkey" FOREIGN KEY ("user")
-        REFERENCES public."ant_User" (id) MATCH SIMPLE
+--         REFERENCES public."ant_User" (id) MATCH SIMPLE
-        ON UPDATE NO ACTION
+--         ON UPDATE NO ACTION
-        ON DELETE NO ACTION
+--         ON DELETE NO ACTION
-);
+-- );
    INSERT INTO public."DBVersion" VALUES ('DMPDB', '00.01.058', '2024-02-28 12:00:00.000000+02', now(), 'Add table ant_UserContactInfo.');
--- a/dmp-frontend/src/app/core/common/enum/app-role.ts
+++ b/dmp-frontend/src/app/core/common/enum/app-role.ts
@ -1,8 +1,11 @@
 export enum AppRole {
 	Admin = "Admin",
 	InstallationAdmin = "InstallationAdmin",
 	User = "User",
 	TenantAdmin = "TenantAdmin",
 	TenantUser = "TenantUser",
-	TenantManager = "TenantManager",
+	// TenantManager = "TenantManager",
-	TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor"
+	// TenantDescriptionTemplateEditor = "TenantDescriptionTemplateEditor"
 	TenantPlanManager = "TenantPlanManager",
 	TenantConfigManager = "TenantConfigManager"
 }
--- a/dmp-frontend/src/app/core/common/enum/respone-error-code.ts
+++ b/dmp-frontend/src/app/core/common/enum/respone-error-code.ts
@ -25,4 +25,5 @@ export enum ResponseErrorCode {
 	TenantConfigurationTypeCanNotChange = 128,
 	MultipleTenantConfigurationTypeNotAllowed = 129,
 	TenantCodeExists = 130,
    DmpNewVersionAlreadyCreatedDraft = 131
 }
--- a/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts
+++ b/dmp-frontend/src/app/core/services/utilities/enum-utils.service.ts
@ -58,11 +58,12 @@ export class EnumUtils {
 	toAppRoleString(status: AppRole): string {
 		switch (status) {
 			case AppRole.Admin: return this.language.instant('TYPES.APP-ROLE.ADMIN');
 			case AppRole.InstallationAdmin: return this.language.instant('TYPES.APP-ROLE.INSTALLATION-ADMIN');
 			case AppRole.User: return this.language.instant('TYPES.APP-ROLE.USER');
 			case AppRole.TenantAdmin: return this.language.instant('TYPES.APP-ROLE.TENANT-ADMIN');
 			case AppRole.TenantUser: return this.language.instant('TYPES.APP-ROLE.TENANT-USER');
-			case AppRole.TenantManager: return this.language.instant('TYPES.APP-ROLE.TENANT-MANAGER');
+			case AppRole.TenantPlanManager: return this.language.instant('TYPES.APP-ROLE.TENANT-PLAN-MANAGER');
-			case AppRole.TenantDescriptionTemplateEditor: return this.language.instant('TYPES.APP-ROLE.TENANT-DESCRIPTION-TEMPLATE-EDITOR');
+			case AppRole.TenantConfigManager: return this.language.instant('TYPES.APP-ROLE.TENANT-CONFIG-MANAGER');
 		}
 	}
--- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html
+++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.html
@ -4,7 +4,7 @@
 			<div *ngIf="!this.nowEditing"class="roles col-8">
 				<div *ngFor="let role of this.formGroup.get('roles').value" class="row">
 					<div class="col-auto p-0">
-						<span class="user-role" [ngClass]="{'user': role == appRole.User, 'tenant-manager': role == appRole.TenantManager, 'admin': role == appRole.Admin, 'tenant-description-template-editor': role == appRole.TenantDescriptionTemplateEditor, 'tenant-admin': role == appRole.TenantAdmin, 'tenant-user': role == appRole.TenantUser}">
+						<span class="user-role" [ngClass]="{'user': role == appRole.User, 'tenant-plan-manager': role == appRole.TenantPlanManager, 'admin': role == appRole.Admin, 'installation-admin': role == appRole.InstallationAdmin, 'tenant-config-manager': role == appRole.TenantConfigManager, 'tenant-admin': role == appRole.TenantAdmin, 'tenant-user': role == appRole.TenantUser}">
 							{{enumUtils.toAppRoleString(role)}}
 						</span>
 					</div>
--- a/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss
+++ b/dmp-frontend/src/app/ui/admin/user/listing/role-editor/user-role-editor.component.scss
@ -49,12 +49,12 @@
 		padding-right: 10px;
 	}
-	.tenant-manager {
+	.tenant-plan-manager {
 		// display: flex;
 		// justify-content: center;
 		// align-items: center;
-		min-width: 90px;
+		min-width: 77px;
-		height: 28px;
+		min-height: 28px;
 		color: #568b5a;
 		background: #9dd1a1 0% 0% no-repeat padding-box;
 		border-radius: 44px;
@ -85,6 +85,24 @@
 		padding-right: 10px;
 	}
 	.installation-admin {
 		// display: flex;
 		// justify-content: center;
 		// align-items: center;
 		min-width: 67px;
 		min-height: 28px;
 		color: #e75d01;
 		background: #dbaa4e3a 0% 0% no-repeat padding-box;
 		border-radius: 44px;
 		letter-spacing: 0.11px;
 		font-weight: 400;
 		opacity: 1;
 		margin-top: 0.5em;
 		margin-bottom: 0.5em;
 		padding-left: 10px;
 		padding-right: 10px;
 	}
 	.tenant-admin {
 		// display: flex;
 		// justify-content: center;
@ -103,7 +121,7 @@
 		padding-right: 10px;
 	}
-	.tenant-description-template-editor {
+	.tenant-config-manager {
 		// display: flex;
 		// justify-content: center;
 		// align-items: center;
--- a/dmp-frontend/src/assets/i18n/en.json
+++ b/dmp-frontend/src/assets/i18n/en.json
@ -54,7 +54,8 @@
 			"TENANT-TAMPERING": "This operation affects data from a Tenant different than your selected. Please reselect your Tenant.",
 			"TENANT-CONFIGURATION-TYPE-CAN-NOT-CHANGE": "The configuration type for this Tenant cannot be changed.",
 			"MULTIPLE-TENANT-CONFIGURATION-TYPE-NOT-ALLOWED": "Tenant Configuration already exists for this Tenant.",
-			"TENANT-CODE-EXISTS": "The Tenant code you provided already exists. Please choose a different code."
+			"TENANT-CODE-EXISTS": "The Tenant code you provided already exists. Please choose a different code.",
 			"DMP-NEW-VERSION-ALREADY-CREATED-DRAFT": "You have already created a new draft version for this plan."
 		},
 		"FORM-VALIDATION-DISPLAY-DIALOG": {
 			"WARNING": "Warning!",
@ -1787,11 +1788,12 @@
 		},
 		"APP-ROLE": {
 			"ADMIN": "Admin",
 			"INSTALLATION-ADMIN": "Installation Admin",
 			"USER": "User",
 			"TENANT-ADMIN": "Tenant Admin",
 			"TENANT-USER": "Tenant User",
-			"TENANT-MANAGER": "Manager",
+			"TENANT-PLAN-MANAGER": "Tenant Plan Manager",
-			"TENANT-DESCRIPTION-TEMPLATE-EDITOR": "Description Template Editor"
+			"TENANT-CONFIG-MANAGER": "Tenant Configuration Manager"
 		},
 		"IS-ACTIVE": {
 			"ACTIVE": "Active",
--- a/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts
+++ b/dmp-frontend/src/common/modules/errors/error-handling/http-error-handling.service.ts
@ -88,6 +88,9 @@ export class HttpErrorHandlingService {
 		else if(errorResponse.error.code === ResponseErrorCode.TenantCodeExists){
 			this.uiNotificationService.snackBarNotification(this.language.instant("GENERAL.BACKEND-ERRORS.TENANT-CODE-EXISTS"), SnackBarNotificationLevel.Error);
 		} 
 		else if(errorResponse.error.code === ResponseErrorCode.DmpNewVersionAlreadyCreatedDraft){
 			this.uiNotificationService.snackBarNotification(this.language.instant("GENERAL.BACKEND-ERRORS.DMP-NEW-VERSION-ALREADY-CREATED-DRAFT"), SnackBarNotificationLevel.Error);
 		} 
 		else if (error.statusCode === 302 || error.statusCode === 400 || error.statusCode === 404) {
 			errorMessage ??= this.language.instant('GENERAL.SNACK-BAR.NOT-FOUND');
 			this.uiNotificationService.snackBarNotification(errorMessage, SnackBarNotificationLevel.Warning);
--- a/notification-service/notification-web/src/main/resources/config/permissions.yml
+++ b/notification-service/notification-web/src/main/resources/config/permissions.yml
@ -4,20 +4,17 @@ permissions:
    # Tenants
    BrowseTenant:
-      roles:
+      roles: []
        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    EditTenant:
-      roles:
+      roles: []
        - Admin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteTenant:
-      roles:
+      roles: []
        - Admin
      claims: [ ]
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -25,6 +22,7 @@ permissions:
    AllowNoTenant:
      roles:
        - Admin
        - InstallationAdmin
      claims: [ ]
      clients: [ ]
      allowAnonymous: false
@ -32,19 +30,17 @@ permissions:
    # Users
    BrowseUser:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    EditUser:
-      roles:
+      roles: []
        - TenantAdmin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteUser:
-      roles:
+      roles: []
        - TenantAdmin
      claims: [ ]
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -52,19 +48,22 @@ permissions:
    # UserContactInfo
    BrowseUserContactInfo:
      roles:
-        - TenantAdmin
+        - Admin
        - InstallationAdmin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: true
      allowAuthenticated: false
    EditUserContactInfo:
      roles:
-        - TenantAdmin
+        - Admin
        - InstallationAdmin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteUserContactInfo:
      roles:
-        - TenantAdmin
+        - Admin
        - InstallationAdmin
      claims: [ ]
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -72,25 +71,26 @@ permissions:
    #Notification
    BrowseNotification:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    EditNotification:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    DeleteNotification:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    # TenantConfiguration
    BrowseTenantConfiguration:
      roles:
        - Admin
        - TenantAdmin
      claims: [ ]
      clients: [ ]
@ -98,12 +98,14 @@ permissions:
      allowAuthenticated: false
    EditTenantConfiguration:
      roles:
        - Admin
        - TenantAdmin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteTenantConfiguration:
      roles:
        - Admin
        - TenantAdmin
      clients: [ "opencdmp-api-dev" ]
      allowAnonymous: false
@ -111,13 +113,13 @@ permissions:
    #User Notification Preference
    BrowseUserNotificationPreference:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: true
      allowAuthenticated: false
    EditUserNotificationPreference:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
@ -125,25 +127,26 @@ permissions:
    # ViewPage Permissions
    ViewNotificationPage:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    ViewNotificationEventRulePage:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    ViewInAppNotificationPage:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    ViewNotificationTemplatePage:
      roles:
-        - TenantAdmin
+        - Admin
        - TenantConfigManager
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
@ -151,19 +154,22 @@ permissions:
    # Notification Template Permissions
    BrowseNotificationTemplate:
      roles:
-        - TenantAdmin
+        - Admin
        - TenantConfigManager
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    EditNotificationTemplate:
      roles:
-        - TenantAdmin
+        - Admin
        - TenantConfigManager
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteNotificationTemplate:
      roles:
-        - TenantAdmin
+        - Admin
        - TenantConfigManager
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
@ -171,13 +177,13 @@ permissions:
    # In App Notification Permissions
    BrowseInAppNotification:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
    DeleteInAppNotification:
      roles:
-        - TenantAdmin
+        - Admin
      clients: [ ]
      allowAnonymous: false
      allowAuthenticated: false
--- a/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/data/UserCredentialEntity.java
@ -40,12 +40,6 @@ public class UserCredentialEntity {
    public static final String _updatedAt = "updatedAt";
    @Column(name = "\"is_active\"", nullable = false)
    @Convert(converter = IsActiveConverter.class)
    private IsActive isActive;
    public static final String _isActive = "isActive";
    public UUID getId() {
        return id;
    }
@ -85,13 +79,4 @@ public class UserCredentialEntity {
    public void setUpdatedAt(Instant updatedAt) {
        this.updatedAt = updatedAt;
    }
    public IsActive getIsActive() {
        return isActive;
    }
    public void setIsActive(IsActive isActive) {
        this.isActive = isActive;
    }
 }
--- a/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/model/UserCredential.java
@ -27,10 +27,6 @@ public class UserCredential {
    public static final String _updatedAt = "updatedAt";
    private IsActive isActive;
    public static final String _isActive = "isActive";
    public UUID getId() {
        return id;
    }
@ -70,12 +66,4 @@ public class UserCredential {
    public void setUpdatedAt(Instant updatedAt) {
        this.updatedAt = updatedAt;
    }
    public IsActive getIsActive() {
        return isActive;
    }
    public void setIsActive(IsActive isActive) {
        this.isActive = isActive;
    }
 }
--- a/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/model/censorship/InAppNotificationCensor.java
@ -4,6 +4,8 @@ import gr.cite.commons.web.authz.service.AuthorizationService;
 import gr.cite.notification.authorization.OwnedResource;
 import gr.cite.notification.authorization.Permission;
 import gr.cite.notification.convention.ConventionService;
 import gr.cite.notification.model.InAppNotification;
 import gr.cite.tools.data.censor.CensorFactory;
 import gr.cite.tools.fieldset.FieldSet;
 import gr.cite.tools.logging.DataLogEntry;
 import gr.cite.tools.logging.LoggerService;
@ -21,16 +23,20 @@ import java.util.UUID;
 public class InAppNotificationCensor extends BaseCensor {
 	private static final LoggerService logger = new LoggerService(LoggerFactory.getLogger(InAppNotificationCensor.class));
 	private final AuthorizationService authService;
 	protected final CensorFactory censorFactory;
 	@Autowired
-	public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService) {
+	public InAppNotificationCensor(ConventionService conventionService, AuthorizationService authService, CensorFactory censorFactory) {
 		super(conventionService);
 		this.authService = authService;
 		this.censorFactory = censorFactory;
 	}
 	public void censor(FieldSet fields, UUID userId) {
 		logger.debug(new DataLogEntry("censoring fields", fields));
 		if (this.isEmpty(fields)) return;
 		this.authService.authorizeAtLeastOneForce(userId != null ? List.of(new OwnedResource(userId)) : null, Permission.BrowseInAppNotification);
 		FieldSet userFields = fields.extractPrefixed(this.asIndexerPrefix(InAppNotification.Field.USER));
 		this.censorFactory.censor(UserCensor.class).censor(userFields, userId);
 	}
 }
--- a/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/model/deleter/UserCredentialDeleter.java
@ -62,12 +62,10 @@ public class UserCredentialDeleter implements Deleter {
        Instant now = Instant.now();
        for (UserCredentialEntity item : data) {
-            logger.trace("deleting item {}", item);
+            logger.trace("deleting item {}", item.getId());
-            item.setIsActive(IsActive.Inactive);
+            logger.trace("deleting item");
-            item.setUpdatedAt(now);
+            this.entityManager.remove(item);
-            logger.trace("updating item");
+            logger.trace("deleted item");
            this.entityManager.merge(item);
            logger.trace("updated item");
        }
    }
--- a/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/query/UserCredentialQuery.java
@ -28,8 +28,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
    private Collection<UUID> excludedIds;
    private Collection<IsActive> isActives;
    private Collection<UUID> userIds;
    private Collection<String> externalIds;
@ -75,21 +73,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
        return this;
    }
    public UserCredentialQuery isActive(IsActive value) {
        this.isActives = List.of(value);
        return this;
    }
    public UserCredentialQuery isActive(IsActive... value) {
        this.isActives = Arrays.asList(value);
        return this;
    }
    public UserCredentialQuery isActive(Collection<IsActive> values) {
        this.isActives = values;
        return this;
    }
    public UserCredentialQuery userIds(UUID value) {
        this.userIds = List.of(value);
        return this;
@ -182,9 +165,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
                inClause.value(item);
            predicates.add(inClause);
        }
        if (this.isActives != null) {
            predicates.add(queryContext.Root.get(UserCredentialEntity._isActive).in(isActives));
        }
        if (this.userIds != null) {
            CriteriaBuilder.In<UUID> inClause = queryContext.CriteriaBuilder.in(queryContext.Root.get(UserCredentialEntity._userId));
            for (UUID item : this.userIds)
@ -225,8 +205,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
            return UserCredentialEntity._createdAt;
        else if (item.match(UserCredential._updatedAt))
            return UserCredentialEntity._updatedAt;
        else if (item.match(UserCredential._isActive))
            return UserCredentialEntity._isActive;
        else
            return null;
    }
@ -239,7 +217,6 @@ public class UserCredentialQuery extends QueryBase<UserCredentialEntity> {
        item.setUserId(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._userId, UUID.class));
        item.setCreatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, Instant.class));
        item.setUpdatedAt(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._updatedAt, Instant.class));
        item.setIsActive(QueryBase.convertSafe(tuple, columns, UserCredentialEntity._createdAt, IsActive.class));
        return item;
    }
--- a/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java
+++ b/notification-service/notification/src/main/java/gr/cite/notification/service/user/UserServiceImpl.java
@ -183,7 +183,6 @@ public class UserServiceImpl implements UserService {
    private void persistUserCredential(List<UserTouchedIntegrationEvent.UserCredential> models, UUID userId) throws InvalidApplicationException {
        List<UserCredentialEntity> items = this.queryFactory.query(UserCredentialQuery.class)
                .userIds(userId)
                .isActive(IsActive.Active)
                .collect();
        List<UUID> updatedCreatedIds = new ArrayList<>();
        if (models != null) {
@ -196,7 +195,6 @@ public class UserServiceImpl implements UserService {
                    data.setExternalId(model.getSubjectId());
                    data.setCreatedAt(Instant.now());
                    data.setUpdatedAt(Instant.now());
                    data.setIsActive(IsActive.Active);
                    entityManager.persist(data);
                }
                updatedCreatedIds.add(data.getId());