Configure the user profile allowed to delete published metadata

geonetwork · Jun 15, 2022 · a67b903 · a67b903
1 parent 6fb3bce
commit a67b903
Show file tree

Hide file tree

Showing 8 changed files with 67 additions and 3 deletions.
diff --git a/core/src/main/java/org/fao/geonet/kernel/setting/Settings.java b/core/src/main/java/org/fao/geonet/kernel/setting/Settings.java
@@ -126,6 +126,7 @@ public class Settings {
     public static final String METADATA_LINK_EXCLUDEPATTERN = "metadata/link/excludedUrlPattern";
     public static final String METADATA_IMPORT_RESTRICT = "metadata/import/restrict";
     public static final String METADATA_IMPORT_USERPROFILE = "metadata/import/userprofile";
+    public static final String METADATA_PUBLISHED_DELETE_USERPROFILE = "metadata/delete/profilePublishedMetadata";
     public static final String METADATA_BACKUPARCHIVE_ENABLE = "metadata/backuparchive/enable";
     public static final String METADATA_VCS = "metadata/vcs/enable";
     public static final String VIRTUAL_SETTINGS_SUFFIX_ISDEFINED = "IsDefined";

diff --git a/services/src/main/java/org/fao/geonet/api/records/MetadataInsertDeleteApi.java b/services/src/main/java/org/fao/geonet/api/records/MetadataInsertDeleteApi.java
@@ -210,6 +210,11 @@ public void deleteRecord(
             approved=false;
         }
 
+        UserSession userSession = ApiUtils.getUserSession(request.getSession());
+        if (accessMan.isVisibleToAll(String.valueOf(metadata.getId())) ) {
+            checkUserProfileToDeletePublishedMetadata(userSession);
+        }
+
         store.delResources(context, metadata.getUuid(), approved);
         RecordDeletedEvent recordDeletedEvent = triggerDeletionEvent(request, metadata.getId() + "");
         metadataManager.deleteMetadata(context, metadata.getId() + "");
@@ -240,6 +245,7 @@ public SimpleMetadataProcessingReport deleteRecords(
         Store store = context.getBean("resourceStore", Store.class);
 
         Set<String> records = ApiUtils.getUuidsParameterOrSelection(uuids, bucket, ApiUtils.getUserSession(session));
+        UserSession userSession = ApiUtils.getUserSession(request.getSession());
 
         SimpleMetadataProcessingReport report = new SimpleMetadataProcessingReport();
         for (String uuid : records) {
@@ -250,6 +256,17 @@ public SimpleMetadataProcessingReport deleteRecords(
                 || metadataDraftRepository.findOneByUuid(uuid) != null) {
                 report.addNotEditableMetadataId(metadata.getId());
             } else {
+
+                if (accessMan.isVisibleToAll(String.valueOf(metadata.getId())) ) {
+                    try {
+                        checkUserProfileToDeletePublishedMetadata(userSession);
+                    } catch (NotAllowedException ex) {
+                        report.addMetadataInfos(metadata, "The user has no permissions to delete published metadata.");
+                        continue;
+                    }
+                }
+
+
                 MetadataPreRemove preRemoveEvent = new MetadataPreRemove(metadata);
                 ApplicationContextHolder.get().publishEvent(preRemoveEvent);
 
@@ -981,6 +998,24 @@ private void checkUserProfileToImportMetadata(UserSession userSession) {
 
     }
 
+    /**
+     * Checks if the user profile is allowed to import metadata.
+     *
+     * @param userSession
+     */
+    private void checkUserProfileToDeletePublishedMetadata(UserSession userSession) {
+        if (userSession.getProfile() != Profile.Administrator) {
+            String allowedUserProfileToImportMetadata =
+                StringUtils.defaultIfBlank(settingManager.getValue(Settings.METADATA_PUBLISHED_DELETE_USERPROFILE), Profile.Editor.toString());
+
+            // Is the user profile is higher than the profile allowed to import metadata?
+            if (!hasHierarchyRole(allowedUserProfileToImportMetadata, this.roleHierarchy)) {
+                throw new NotAllowedException("The user has no permissions to delete published metadata.");
+            }
+        }
+
+    }
+
     /**
      * Checks if the current user has a role using the role hierarchy.
      *

diff --git a/...c/main/resources/catalog/components/search/resultsview/partials/viewtemplates/editor.html b/...c/main/resources/catalog/components/search/resultsview/partials/viewtemplates/editor.html
@@ -66,7 +66,7 @@
               <i class="fa fa-pencil"></i>
             </a>
             <a class="btn btn-default"
-               data-ng-show="user.canEditRecord(md) && md.isTemplate != 's'
+               data-ng-show="(!md.isPublished() || (md.isPublished() && user.canDeletePublishedMetadata())) && user.canEditRecord(md) && md.isTemplate != 's'
                              && (user.isReviewerOrMore() || md.mdStatus != 4 || !isMdWorkflowEnable)
                              && md.draft != 'e'"
                data-gn-click-and-spin="deleteRecord(md)"

diff --git a/web-ui/src/main/resources/catalog/js/CatController.js b/web-ui/src/main/resources/catalog/js/CatController.js
@@ -1482,6 +1482,14 @@ goog.require('gn_alert');
                 '');
             return angular.isFunction(this[fnName]) ? this[fnName]() : false;
           },
+          canDeletePublishedMetadata: function () {
+            var profile = gnConfig['metadata.delete.profilePublishedMetadata']
+                || 'Editor',
+              fnName = (profile !== '' ?
+                ('is' + profile[0].toUpperCase() + profile.substring(1) + 'OrMore') :
+                '');
+            return angular.isFunction(this[fnName]) ? this[fnName]() : false;
+          },
 
           // The md provide the information about
           // if the current user can edit records or not

diff --git a/web-ui/src/main/resources/catalog/locales/en-admin.json b/web-ui/src/main/resources/catalog/locales/en-admin.json
@@ -1001,6 +1001,9 @@
     "metadata/import/restrict-help": "List of all allowed schemas for metadata to be imported. If the metadata schema is not allowed, then the import is not done. No value means all schemas allowed.",
     "metadata/import/userprofile": "Select the minimum user profile allowed to import metadata",
     "metadata/import/userprofile-help": "Minimum user profile allowed to import metadata (Editor, Reviewer or Administrator). The default value is Editor.",
+    "metadata/delete": "Metadata delete",
+    "metadata/delete/profilePublishedMetadata": "Select the minimum user profile allowed to delete metadata published metadata",
+    "metadata/delete/profilePublishedMetadata-help": "Minimum user profile allowed to delete published metadata (Editor, Reviewer or Administrator). The default value is Editor.",
     "filterStatusByAuthor":"Status author",
     "filterStatusByOwner":"Status owner",
     "filterStatusByRecordId":"Record identifier",

diff --git a/web-ui/src/main/resources/catalog/templates/admin/settings/system.html b/web-ui/src/main/resources/catalog/templates/admin/settings/system.html
@@ -112,7 +112,6 @@ <h1 data-translate="">settings</h1>
                   <!-- According to entry -->
                   <div class="col-sm-8" data-ng-switch="s['name']">
 
-
                     <select data-ng-switch-when="metadata/import/userprofile"
                             class="form-control"
                             name="{{s.name}}">
@@ -127,6 +126,22 @@ <h1 data-translate="">settings</h1>
                       </option>
                     </select>
 
+
+                    <select data-ng-switch-when="metadata/delete/profilePublishedMetadata"
+                            class="form-control"
+                            name="{{s.name}}">
+                      <option value="Editor"
+                              ng-selected="'Editor' == s.value">{{'Editor' | translate}}
+                      </option>
+                      <option value="Reviewer"
+                              ng-selected="'Reviewer' == s.value">{{'Reviewer' | translate}}
+                      </option>
+                      <option value="Administrator"
+                              ng-selected="'Administrator' == s.value">{{'Administrator' | translate}}
+                      </option>
+                    </select>
+
+
                     <div data-ng-switch-when="system/metadatacreate/preferredGroup">
                       <input type="hidden"
                              id="{{s.name}}"

diff --git a/web-ui/src/main/resources/catalog/views/default/templates/recordView/recordView.html b/web-ui/src/main/resources/catalog/views/default/templates/recordView/recordView.html
@@ -87,7 +87,7 @@
           <div class="btn-group pull-left" role="group">
             <a class="btn btn-default"
                href
-               data-ng-show="user.canEditRecord(mdView.current.record)
+               data-ng-show="(!mdView.current.record.isPublished() || (mdView.current.record.isPublished() && user.canDeletePublishedMetadata()) ) && user.canEditRecord(mdView.current.record)
                             && (user.isReviewerOrMore() || mdView.current.record.mdStatus != 4 || !isMdWorkflowEnable)"
                data-gn-click-and-spin="deleteRecord(mdView.current.record)"
                data-ng-init="translateValues = {resourceTitle: (mdView.current.record.resourceTitle | json)}"

diff --git a/web/src/main/webapp/WEB-INF/classes/setup/sql/data/data-db-default.sql b/web/src/main/webapp/WEB-INF/classes/setup/sql/data/data-db-default.sql
@@ -687,6 +687,8 @@ INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metada
 
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/import/userprofile', 'Editor', 0, 12001, 'n');
 
+INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/delete/profilePublishedMetadata', 'Editor', 0, 12011, 'n');
+
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/pdfReport/coverPdf', '', 0, 12500, 'y');
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/pdfReport/introPdf', '', 0, 12501, 'y');
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/pdfReport/tocPage', 'false', 2, 12502, 'y');