diff --git a/Kitodo-DataManagement/src/main/resources/db/migration/V2_125__Add_permission_to_link_to_processes_of_unassigend_projects.sql b/Kitodo-DataManagement/src/main/resources/db/migration/V2_125__Add_permission_to_link_to_processes_of_unassigend_projects.sql new file mode 100644 index 00000000000..7104aaf1809 --- /dev/null +++ b/Kitodo-DataManagement/src/main/resources/db/migration/V2_125__Add_permission_to_link_to_processes_of_unassigend_projects.sql @@ -0,0 +1,17 @@ +-- +-- (c) Kitodo. Key to digital objects e. V. +-- +-- This file is part of the Kitodo project. +-- +-- It is licensed under GNU General Public License version 3 or later. +-- +-- For the full copyright and license information, please read the +-- GPL3-License.txt file that was distributed with this source code. +-- + +SET SQL_SAFE_UPDATES = 0; + +-- add authorities/permission for linking to parent processes of unassigned projects +INSERT IGNORE INTO authority (title) VALUES ('linkToProcessesOfUnassignedProjects_clientAssignable'); + +SET SQL_SAFE_UPDATES = 1; diff --git a/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java b/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java index 032f46ef4ba..03c0c4a211e 100644 --- a/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java +++ b/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java @@ -1090,4 +1090,13 @@ public boolean hasAuthorityToRunKitodoScripts() { public boolean hasAuthorityToRenameMediaFiles() { return securityAccessService.hasAuthorityToRenameMediaFiles(); } + + /** + * Check if the current user has the permission to link processes to parent processes of unassigned projects. + * + * @return true if the current user has the permission to link processes to parent processes of unassigned projects. + */ + public boolean hasAuthorityToLinkToProcessesOfUnassignedProjects() { + return securityAccessService.hasAuthorityToLinkToProcessesOfUnassignedProjects(); + } } diff --git a/Kitodo/src/main/java/org/kitodo/production/forms/createprocess/TitleRecordLinkTab.java b/Kitodo/src/main/java/org/kitodo/production/forms/createprocess/TitleRecordLinkTab.java index 68fe0b8ea6d..2709d7a951d 100644 --- a/Kitodo/src/main/java/org/kitodo/production/forms/createprocess/TitleRecordLinkTab.java +++ b/Kitodo/src/main/java/org/kitodo/production/forms/createprocess/TitleRecordLinkTab.java @@ -34,6 +34,7 @@ import org.kitodo.api.dataformat.LogicalDivision; import org.kitodo.api.dataformat.Workpiece; import org.kitodo.data.database.beans.Process; +import org.kitodo.data.database.beans.User; import org.kitodo.data.database.exceptions.DAOException; import org.kitodo.data.exceptions.DataException; import org.kitodo.production.dto.ProcessDTO; @@ -160,12 +161,12 @@ public void createInsertionPositionSelectionTree() throws DAOException, DataExce priorityList); logicalStructure.setExpanded(true); - if (selectableInsertionPositions.size() > 0) { - selectedInsertionPosition = (String) ((LinkedList) selectableInsertionPositions).getLast() - .getValue(); - } else { + if (selectableInsertionPositions.isEmpty()) { selectedInsertionPosition = null; Helper.setErrorMessage("createProcessForm.titleRecordLinkTab.noInsertionPosition"); + } else { + selectedInsertionPosition = (String) ((LinkedList) selectableInsertionPositions).getLast() + .getValue(); } } @@ -315,9 +316,17 @@ public void searchForParentProcesses() { indicationOfMoreHitsVisible = processes.size() > MAXIMUM_NUMBER_OF_HITS; possibleParentProcesses = new ArrayList<>(); for (ProcessDTO process : processes.subList(0, Math.min(processes.size(), MAXIMUM_NUMBER_OF_HITS))) { - possibleParentProcesses.add(new SelectItem(process.getId().toString(), process.getTitle())); + SelectItem selectItem = new SelectItem(process.getId().toString(), process.getTitle()); + selectItem.setDisabled(!(processInAssignedProject(process.getId()) + || ServiceManager.getSecurityAccessService().hasAuthorityToLinkToProcessesOfUnassignedProjects())); + if (!processInAssignedProject(process.getId())) { + String problem = "Project not assigned to current user!"; + selectItem.setDescription(problem); + selectItem.setLabel(selectItem.getLabel() + " (" + problem + ")"); + } + possibleParentProcesses.add(selectItem); } - } catch (DataException e) { + } catch (DataException | DAOException e) { Helper.setErrorMessage("createProcessForm.titleRecordLinkTab.searchButtonClick.error", e.getMessage(), logger, e); indicationOfMoreHitsVisible = false; @@ -440,4 +449,18 @@ public void setParentAsTitleRecord(Process parentProcess) { createProcessForm.getTitleRecordLinkTab().chooseParentProcess(); Ajax.update(INSERTION_TREE); } + + private Boolean processInAssignedProject(int processId) throws DAOException { + Process process = ServiceManager.getProcessService().getById(processId); + if (Objects.nonNull(process)) { + User currentUser = ServiceManager.getUserService().getCurrentUser(); + if (currentUser.getProjects().contains(process.getProject())) { + System.out.println("Current user has access to project of selected parent process!"); + } else { + System.out.println("Current user does NOT have access to project of selected parent process!"); + } + return currentUser.getProjects().contains(process.getProject()); + } + return false; + } } diff --git a/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java b/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java index 963344c9b9d..3fd74b3853a 100644 --- a/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java +++ b/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java @@ -1077,4 +1077,13 @@ public boolean hasAuthorityToRunKitodoScripts() { public boolean hasAuthorityToRenameMediaFiles() { return hasAnyAuthorityForClient("renameMedia"); } + + /** + * Check if the current user has the permission to link processes to parent processes of unassigned projects. + * + * @return true if the current user has the permission to link processes to parent processes of unassigned projects. + */ + public boolean hasAuthorityToLinkToProcessesOfUnassignedProjects() { + return hasAnyAuthorityForClient("linkToProcessesOfUnassignedProjects"); + } } diff --git a/Kitodo/src/main/resources/messages/messages_de.properties b/Kitodo/src/main/resources/messages/messages_de.properties index 231baf4286d..23efe66f7be 100644 --- a/Kitodo/src/main/resources/messages/messages_de.properties +++ b/Kitodo/src/main/resources/messages/messages_de.properties @@ -1276,6 +1276,7 @@ superviseTask=Aufgabe beobachten renameMedia=Medien umbenennen resetWorkflow=Workflow zur\u00FCcksetzen runKitodoScript=KitodoScript ausf\u00FChren +linkToProcessesOfUnassignedProjects=Verkn\u00FCpfungen mit Vorg\u00E4ngen nicht-zugewiesener Projekte erstellen viewAllAuthorities=Alle Berechtigungen anzeigen viewAllBatches=Alle Batches anzeigen diff --git a/Kitodo/src/main/resources/messages/messages_en.properties b/Kitodo/src/main/resources/messages/messages_en.properties index 1e586e4e647..29bf2f67f85 100644 --- a/Kitodo/src/main/resources/messages/messages_en.properties +++ b/Kitodo/src/main/resources/messages/messages_en.properties @@ -1277,6 +1277,7 @@ superviseTask=Watch task resetWorkflow=Reset workflow renameMedia=Rename media runKitodoScript=Execute KitodoScript +linkToProcessesOfUnassignedProjects=Link to processes of unassigned projects viewAllAuthorities=View all authorities viewAllBatches=View all batches