Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Enhancement #481] Allow disabling public view of all vocabularies/ vocabulary #603

Merged
merged 3 commits into from
Jan 30, 2025
Merged

[Enhancement #481] Allow disabling public view of all vocabularies/ vocabulary #603

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ce78f12
[Enhancement #481] Update AccessControlRecordForm to reflect maximal …
lukaskabc Dec 28, 2024
2031932
[Fix] Fix typo in czech administration.maintenance.clearLongRunningTa…
lukaskabc Jan 28, 2025
ddae729
Merge branch 'development' into lukaskabc/Enhancement-481
lukaskabc Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
70 changes: 45 additions & 25 deletions src/component/vocabulary/acl/AccessControlRecordForm.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import AccessControlHolderSelector from "./AccessControlHolderSelector";
import Utils from "../../../util/Utils";
import classNames from "classnames";
import { AssetData } from "../../../model/Asset";
import AccessLevel, { hasAccess } from "../../../model/acl/AccessLevel";

interface AccessControlRecordFormProps {
record: AccessControlRecord<any>;
Expand All @@ -26,6 +27,8 @@ interface AccessControlRecordFormProps {
onChange: (change: Partial<AccessControlRecord<any>>) => void;
}

const accessGreaterThan = (a: AccessLevel, b?: string) => hasAccess(a, b);

const HOLDER_TYPES = {
"type.user": VocabularyUtils.USER,
"type.usergroup": VocabularyUtils.USER_GROUP,
Expand All @@ -44,46 +47,63 @@ function resolveHolderType(record: AccessControlRecord<any>): string {
}

/**
* The following holder types cannot have the maximum access level.
*/
const RESTRICTED_HOLDER_TYPES = [
VocabularyUtils.USER_RESTRICTED,
VocabularyUtils.USER_GROUP,
];
/**
* The following holder IRI (Restricted user role) cannot have the maximum access level.
* The following holder types cannot have the specified access levels or greater.
*/
const RESTRICTED_HOLDER_IRI =
VocabularyUtils.NS_TERMIT + "omezen\u00fd-u\u017eivatel-termitu";

const MAX_ACCESS_LEVEL =
VocabularyUtils.NS_TERMIT +
"\u00farove\u0148-p\u0159\u00edstupov\u00fdch-opr\u00e1vn\u011bn\u00ed/spr\u00e1va";
const LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE = {
[VocabularyUtils.USER_ANONYMOUS]: AccessLevel.WRITE,
[VocabularyUtils.USER_RESTRICTED]: AccessLevel.SECURITY,
[VocabularyUtils.USER_GROUP]: AccessLevel.SECURITY,
};

function filterAccessLevels(accessLevels: RdfsResource[], holder?: AssetData) {
if (!holder) {
return accessLevels;
}
const types = Utils.sanitizeArray(holder.types);
const shouldRestrict =
holder.iri === RESTRICTED_HOLDER_IRI ||
types.some((t) => RESTRICTED_HOLDER_TYPES.indexOf(t) !== -1);
return shouldRestrict
? accessLevels.filter((r) => r.iri !== MAX_ACCESS_LEVEL)
let limitedAccessLevel: AccessLevel | undefined;
if (holder.types == null) {
return accessLevels;
}

const types = [...Utils.sanitizeArray(holder.types)];
// add the holder iri to the types
if (holder.iri) {
types.push(holder.iri);
}

types.forEach((type) => {
// if the type is in the limited access level list
if (LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE[type]) {
if (limitedAccessLevel) {
// compare the current max access level with the type max access level
// and set the higher one
limitedAccessLevel = accessGreaterThan(
limitedAccessLevel,
LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE[type]
)
? limitedAccessLevel
: LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE[type];
} else {
// if no max access level is set, set it to the type max access level
limitedAccessLevel = LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE[type];
}
}
});

return limitedAccessLevel
? accessLevels.filter((r) => !accessGreaterThan(limitedAccessLevel!, r.iri))
: accessLevels;
}

function shouldResetAccessLevel(
holder?: AccessHolderType,
currentAccessLevel?: string
) {
if (currentAccessLevel !== MAX_ACCESS_LEVEL || !holder) {
if (!holder || !currentAccessLevel || !holder.iri) {
return false;
}
return (
Utils.sanitizeArray(holder.types).some(
(t) => RESTRICTED_HOLDER_TYPES.indexOf(t) !== -1
) || holder.iri === RESTRICTED_HOLDER_IRI
return accessGreaterThan(
LIMITED_ACCESS_LEVEL_BY_HOLDER_TYPE[holder.iri],
currentAccessLevel
);
}

Expand Down
2 changes: 1 addition & 1 deletion src/i18n/cs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,7 @@ const cs = {
"administration.maintenance.invalidateCaches.success":
"Cache úspěšně vyprázdněna.",
"administration.maintenance.clearLongRunningTasksQueue":
"Vyprádznit frontu procesů na pozadí",
"Vyprázdnit frontu procesů na pozadí",
"administration.maintenance.clearLongRunningTasksQueue.tooltip":
"Vyprázdnit frontu procesů čekajících na zpracování na pozadí",
"administration.maintenance.clearLongRunningTasksQueue.success":
Expand Down
1 change: 1 addition & 0 deletions src/util/VocabularyUtils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ const VocabularyUtils = {
USER_ADMIN: _NS_TERMIT + "administrátor-termitu",
USER_LOCKED: _NS_TERMIT + "uzam\u010den\u00fd-u\u017eivatel-termitu",
USER_DISABLED: _NS_TERMIT + "zablokovan\u00fd-u\u017eivatel-termitu",
USER_ANONYMOUS: _NS_TERMIT + "anonymn\u00ed-u\u017eivatel-termitu",
USER_RESTRICTED: _NS_TERMIT + "omezen\u00fd-u\u017eivatel-termitu",
USER_EDITOR: _NS_TERMIT + "pln\u00fd-u\u017eivatel-termitu",
USER_GROUP: _NS_SIOC + "Usergroup",
Expand Down