Remove option to add or edit authorities

Kitodo-DataManagement/src/main/resources/db/migration/V2_126__Remove_authority_to_add_new_authority.sql

@@ -0,0 +1,32 @@
+--
+-- (c) Kitodo. Key to digital objects e. V. <[email protected]>
+--
+-- This file is part of the Kitodo project.
+--
+-- It is licensed under GNU General Public License version 3 or later.
+--
+-- For the full copyright and license information, please read the
+-- GPL3-License.txt file that was distributed with this source code.
+--
+
+--
+-- Migration: Remove authorities to add or edit authorities.
+-- 1. Switch off safe updates
+--
+SET SQL_SAFE_UPDATES = 0;
+
+-- 2. Delete authorities to add, view or edit authorities from cross table
+--
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='addAuthority_globalAssignable');
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='editAuthority_globalAssignable');
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='viewAuthority_globalAssignable');
+
+-- 3. Delete authorities to add, view or edit authorities from authorities table
+--
+DELETE FROM authority WHERE title='addAuthority_globalAssignable';
+DELETE FROM authority WHERE title='editAuthority_globalAssignable';
+DELETE FROM authority WHERE title='viewAuthority_globalAssignable';
+
+-- 4. Switch on safe updates
+--
+SET SQL_SAFE_UPDATES = 1;

Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java

@@ -191,15 +191,6 @@ public boolean hasAuthorityToAddClient() {
         return securityAccessService.hasAuthorityToAddClient();
     }
 
-    /**
-     * Check if the current user has the authority to add the authority.
-     *
-     * @return true if the current user has the authority to add the authority
-     */
-    public boolean hasAuthorityToAddAuthority() {
-        return securityAccessService.hasAuthorityToAddAuthority();
-    }
-
     /**
      * Check if current user has authority to add anything on user page. It returns
      * true if user has at least one of below given authorities.
@@ -514,15 +505,6 @@ public boolean hasAuthorityToEditClient() {
         return securityAccessService.hasAuthorityToEditClient();
     }
 
-    /**
-     * Check if the current user has the authority to edit the authority.
-     *
-     * @return true if the current user has the authority to edit the authority
-     */
-    public boolean hasAuthorityToEditAuthority() {
-        return securityAccessService.hasAuthorityToEditAuthority();
-    }
-
     /**
      * Check if the current user has the authority to edit the index.
      *
@@ -671,15 +653,6 @@ public boolean hasAuthorityToViewClient() {
         return securityAccessService.hasAuthorityToViewClient();
     }
 
-    /**
-     * Check if the current user has the authority to view the authority.
-     *
-     * @return true if the current user has the authority to view the authority
-     */
-    public boolean hasAuthorityToViewAuthority() {
-        return securityAccessService.hasAuthorityToViewAuthority();
-    }
-
     /**
      * Check if current user has authority to view process page. It returns true if
      * user has at least one of below given authorities.

Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java

@@ -202,15 +202,6 @@ public boolean hasAuthorityToAddClient() {
         return hasAuthorityGlobal("addClient");
     }
 
-    /**
-     * Check if the current user has the authority to add the authority.
-     *
-     * @return true if the current user has the authority to add the authority
-     */
-    public boolean hasAuthorityToAddAuthority() {
-        return hasAuthorityGlobal("addAuthority");
-    }
-
     /**
      * Check if current user has authority to add anything on user page. It returns
      * true if user has at least one of below given authorities.
@@ -528,15 +519,6 @@ public boolean hasAuthorityToEditClient() {
         return hasAuthorityGlobal("editClient");
     }
 
-    /**
-     * Check if the current user has the authority to edit the authority.
-     *
-     * @return true if the current user has the authority to edit the authority
-     */
-    public boolean hasAuthorityToEditAuthority() {
-        return hasAuthorityGlobal("editAuthority");
-    }
-
     /**
      * Check if the current user has the authority to edit the index.
      *
@@ -700,16 +682,6 @@ public boolean hasAuthorityToViewClient() {
         return hasAnyAuthorityGlobalOrForClient("viewClient, addClient, editClient");
     }
 
-    /**
-     * Check if the current user has the authority to view the authority. Add and
-     * edit authorities include also view.
-     *
-     * @return true if the current user has the authority to view the authority
-     */
-    public boolean hasAuthorityToViewAuthority() {
-        return hasAnyAuthorityGlobalOrForClient("viewAuthority, addAuthority, editAuthority");
-    }
-
     /**
      * Check if current user has authority to view task list. It returns true if
      * user has "viewAllTasks" authority for client.

Kitodo/src/main/resources/messages/messages_de.properties

@@ -782,7 +782,6 @@ newPassword=Neues Passwort
 newStructuralElement=Neues Strukturelement
 newStructuralElementFromPages=Neues Strukturelement aus selektierten Seiten
 new=Startbereit
-newAuthority=Neue Berechtigung
 newClient=Neuer Mandant
 newElement=Neu
 newDocket=Neuer Laufzettel
@@ -1254,7 +1253,6 @@ duplicateProject=Projekt duplizieren
 duplicateTemplate=Produktionsvorlage duplizieren
 duplicateWorkflow=Workflow duplizieren
 
-editAuthority=Berechtigung bearbeiten
 editBatch=Batch bearbeiten
 editClient=Mandant bearbeiten
 editDocket=Laufzettel bearbeiten
@@ -1304,7 +1302,6 @@ viewAllTemplates=Alle Produktionsvorlagen anzeigen
 viewAllUsers=Alle Benutzer anzeigen
 viewAllWorkflows=Alle Workflows anzeigen
 
-viewAuthority=Berechtigung anzeigen
 viewBatch=Batch anzeigen
 viewClient=Mandant anzeigen
 viewDocket=Laufzettel anzeigen

Kitodo/src/main/resources/messages/messages_en.properties

@@ -783,7 +783,6 @@ newPassword=New password
 newStructuralElement=New docstruct
 newStructuralElementFromPages=New docstruct from selected pages
 new=Ready
-newAuthority=New authority
 newClient=New client
 newDocket=New docket
 newElement=New
@@ -1255,7 +1254,6 @@ duplicateProject=Duplicate project
 duplicateTemplate=Duplicate template
 duplicateWorkflow=Duplicate workflow
 
-editAuthority=Edit authority
 editBatch=Edit batch
 editClient=Edit client
 editDocket=Edit docket
@@ -1305,7 +1303,6 @@ viewAllTemplates=View all templates
 viewAllUsers=View all users
 viewAllWorkflows=View all workflows
 
-viewAuthority=View authority
 viewBatch=View batch
 viewClient=View client
 viewDocket=View docket

Kitodo/src/main/resources/messages/messages_es.properties

@@ -779,7 +779,6 @@ newPassword=Nueva contraseña
 newStructuralElement=Nuevo elemento estructural
 newStructuralElementFromPages=Nuevo elemento estructural de las páginas seleccionadas
 new=Listo para empezar
-newAuthority=Nueva autorización
 newClient=Nuevo cliente
 newElement=Nuevo
 newDocket=Nueva hoja de ruta
@@ -1250,7 +1249,6 @@ duplicateProject=Proyecto duplicado
 duplicateTemplate=Duplicar la plantilla de producción
 duplicateWorkflow=Duplicar el flujo de trabajo
 
-editAuthority=Editar permiso
 editBatch=Editar lote
 editClient=Editar cliente
 editDocket=Editar hoja de ruta
@@ -1299,7 +1297,6 @@ viewAllTemplates=Mostrar todas las plantillas de producción
 viewAllUsers=Mostrar todos los usuarios
 viewAllWorkflows=Mostrar todos los flujos de trabajo
 
-viewAuthority=Mostrar autorización
 viewBatch=Mostrar lote
 viewClient=Mostrar cliente
 viewDocket=Mostrar hoja de ruta

Kitodo/src/main/webapp/WEB-INF/templates/includes/users/authorityList.xhtml

@@ -40,20 +40,5 @@
             <h:outputText value="#{HelperForm.getTranslated(item.type)}"
                           title="#{HelperForm.getTranslated(item.type)}"/>
         </p:column>
-        <p:column headerText="#{msgs.actions}"
-                  resizable="false"
-                  width="70"
-                  styleClass="actionsColumn">
-            <h:form id="actionForm">
-                <h:link id="viewAuthority"
-                        outcome="authorityEdit"
-                        styleClass="action"
-                        title="#{msgs.view}"
-                        rendered="#{SecurityAccessController.hasAuthorityToViewAuthority() and not SecurityAccessController.hasAuthorityToEditAuthority()}">
-                    <f:param name="id" value="#{item.id}" />
-                    <i class="fa fa-eye fa-lg"/>
-                </h:link>
-            </h:form>
-        </p:column>
     </p:dataTable>
 </ui:composition>

Kitodo/src/main/webapp/pages/users.xhtml

@@ -26,7 +26,6 @@
         <f:viewAction action="#{UserForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{RoleForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{ClientForm.resetPaginator(keepPagination)}" />
-        <f:viewAction action="#{AuthorityForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{LdapGroupForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{LdapServerForm.resetPaginator(keepPagination)}" />
     </f:metadata>
@@ -73,9 +72,6 @@
                 <p:menuitem value="#{msgs.newLdapServer}" id="newLdapServerButton" action="#{LdapServerForm.newLdapServer}"
                             rendered="#{SecurityAccessController.hasAuthorityGlobal('addLdapServer')}"
                             icon="fa fa-plus"/>
-                <p:menuitem value="#{msgs.newAuthority}" id="newAuthority" action="#{AuthorityForm.newAuthority}"
-                            rendered="#{SecurityAccessController.hasAuthorityToAddAuthority()}"
-                            icon="fa fa-plus"/>
             </p:menuButton>
         </h:form>        
     </ui:define>