From ec2d87eb2a1d2352c82071e01d5644f45d415db6 Mon Sep 17 00:00:00 2001
From: Arved Solth <solth@effective-webwork.de>
Date: Tue, 28 Nov 2023 12:52:49 +0100
Subject: [PATCH] Remove option to add or edit authorities

---
 ..._Remove_authority_to_add_new_authority.sql | 32 +++++++
 .../controller/SecurityAccessController.java  | 27 ------
 .../security/SecurityAccessService.java       | 28 ------
 .../resources/messages/messages_de.properties |  3 -
 .../resources/messages/messages_en.properties |  3 -
 .../resources/messages/messages_es.properties |  3 -
 .../includes/users/authorityList.xhtml        | 15 ----
 .../src/main/webapp/pages/authorityEdit.xhtml | 85 -------------------
 Kitodo/src/main/webapp/pages/users.xhtml      |  4 -
 9 files changed, 32 insertions(+), 168 deletions(-)
 create mode 100644 Kitodo-DataManagement/src/main/resources/db/migration/V2_126__Remove_authority_to_add_new_authority.sql
 delete mode 100644 Kitodo/src/main/webapp/pages/authorityEdit.xhtml

diff --git a/Kitodo-DataManagement/src/main/resources/db/migration/V2_126__Remove_authority_to_add_new_authority.sql b/Kitodo-DataManagement/src/main/resources/db/migration/V2_126__Remove_authority_to_add_new_authority.sql
new file mode 100644
index 00000000000..9db5f574444
--- /dev/null
+++ b/Kitodo-DataManagement/src/main/resources/db/migration/V2_126__Remove_authority_to_add_new_authority.sql
@@ -0,0 +1,32 @@
+--
+-- (c) Kitodo. Key to digital objects e. V. <contact@kitodo.org>
+--
+-- This file is part of the Kitodo project.
+--
+-- It is licensed under GNU General Public License version 3 or later.
+--
+-- For the full copyright and license information, please read the
+-- GPL3-License.txt file that was distributed with this source code.
+--
+
+--
+-- Migration: Remove authorities to add or edit authorities.
+-- 1. Switch off safe updates
+--
+SET SQL_SAFE_UPDATES = 0;
+
+-- 2. Delete authorities to add, view or edit authorities from cross table
+--
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='addAuthority_globalAssignable');
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='editAuthority_globalAssignable');
+DELETE FROM role_x_authority WHERE authority_id IN (SELECT id FROM authority WHERE title='viewAuthority_globalAssignable');
+
+-- 3. Delete authorities to add, view or edit authorities from authorities table
+--
+DELETE FROM authority WHERE title='addAuthority_globalAssignable';
+DELETE FROM authority WHERE title='editAuthority_globalAssignable';
+DELETE FROM authority WHERE title='viewAuthority_globalAssignable';
+
+-- 4. Switch on safe updates
+--
+SET SQL_SAFE_UPDATES = 1;
\ No newline at end of file
diff --git a/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java b/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java
index 032f46ef4ba..2479a825da5 100644
--- a/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java
+++ b/Kitodo/src/main/java/org/kitodo/production/controller/SecurityAccessController.java
@@ -191,15 +191,6 @@ public boolean hasAuthorityToAddClient() {
         return securityAccessService.hasAuthorityToAddClient();
     }
 
-    /**
-     * Check if the current user has the authority to add the authority.
-     *
-     * @return true if the current user has the authority to add the authority
-     */
-    public boolean hasAuthorityToAddAuthority() {
-        return securityAccessService.hasAuthorityToAddAuthority();
-    }
-
     /**
      * Check if current user has authority to add anything on user page. It returns
      * true if user has at least one of below given authorities.
@@ -514,15 +505,6 @@ public boolean hasAuthorityToEditClient() {
         return securityAccessService.hasAuthorityToEditClient();
     }
 
-    /**
-     * Check if the current user has the authority to edit the authority.
-     *
-     * @return true if the current user has the authority to edit the authority
-     */
-    public boolean hasAuthorityToEditAuthority() {
-        return securityAccessService.hasAuthorityToEditAuthority();
-    }
-
     /**
      * Check if the current user has the authority to edit the index.
      *
@@ -671,15 +653,6 @@ public boolean hasAuthorityToViewClient() {
         return securityAccessService.hasAuthorityToViewClient();
     }
 
-    /**
-     * Check if the current user has the authority to view the authority.
-     *
-     * @return true if the current user has the authority to view the authority
-     */
-    public boolean hasAuthorityToViewAuthority() {
-        return securityAccessService.hasAuthorityToViewAuthority();
-    }
-
     /**
      * Check if current user has authority to view process page. It returns true if
      * user has at least one of below given authorities.
diff --git a/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java b/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java
index 963344c9b9d..7d403ab5e9d 100644
--- a/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java
+++ b/Kitodo/src/main/java/org/kitodo/production/services/security/SecurityAccessService.java
@@ -202,15 +202,6 @@ public boolean hasAuthorityToAddClient() {
         return hasAuthorityGlobal("addClient");
     }
 
-    /**
-     * Check if the current user has the authority to add the authority.
-     *
-     * @return true if the current user has the authority to add the authority
-     */
-    public boolean hasAuthorityToAddAuthority() {
-        return hasAuthorityGlobal("addAuthority");
-    }
-
     /**
      * Check if current user has authority to add anything on user page. It returns
      * true if user has at least one of below given authorities.
@@ -528,15 +519,6 @@ public boolean hasAuthorityToEditClient() {
         return hasAuthorityGlobal("editClient");
     }
 
-    /**
-     * Check if the current user has the authority to edit the authority.
-     *
-     * @return true if the current user has the authority to edit the authority
-     */
-    public boolean hasAuthorityToEditAuthority() {
-        return hasAuthorityGlobal("editAuthority");
-    }
-
     /**
      * Check if the current user has the authority to edit the index.
      *
@@ -700,16 +682,6 @@ public boolean hasAuthorityToViewClient() {
         return hasAnyAuthorityGlobalOrForClient("viewClient, addClient, editClient");
     }
 
-    /**
-     * Check if the current user has the authority to view the authority. Add and
-     * edit authorities include also view.
-     *
-     * @return true if the current user has the authority to view the authority
-     */
-    public boolean hasAuthorityToViewAuthority() {
-        return hasAnyAuthorityGlobalOrForClient("viewAuthority, addAuthority, editAuthority");
-    }
-
     /**
      * Check if current user has authority to view task list. It returns true if
      * user has "viewAllTasks" authority for client.
diff --git a/Kitodo/src/main/resources/messages/messages_de.properties b/Kitodo/src/main/resources/messages/messages_de.properties
index ca27ae337ec..ccd5c1d720d 100644
--- a/Kitodo/src/main/resources/messages/messages_de.properties
+++ b/Kitodo/src/main/resources/messages/messages_de.properties
@@ -782,7 +782,6 @@ newPassword=Neues Passwort
 newStructuralElement=Neues Strukturelement
 newStructuralElementFromPages=Neues Strukturelement aus selektierten Seiten
 new=Startbereit
-newAuthority=Neue Berechtigung
 newClient=Neuer Mandant
 newElement=Neu
 newDocket=Neuer Laufzettel
@@ -1254,7 +1253,6 @@ duplicateProject=Projekt duplizieren
 duplicateTemplate=Produktionsvorlage duplizieren
 duplicateWorkflow=Workflow duplizieren
 
-editAuthority=Berechtigung bearbeiten
 editBatch=Batch bearbeiten
 editClient=Mandant bearbeiten
 editDocket=Laufzettel bearbeiten
@@ -1304,7 +1302,6 @@ viewAllTemplates=Alle Produktionsvorlagen anzeigen
 viewAllUsers=Alle Benutzer anzeigen
 viewAllWorkflows=Alle Workflows anzeigen
 
-viewAuthority=Berechtigung anzeigen
 viewBatch=Batch anzeigen
 viewClient=Mandant anzeigen
 viewDocket=Laufzettel anzeigen
diff --git a/Kitodo/src/main/resources/messages/messages_en.properties b/Kitodo/src/main/resources/messages/messages_en.properties
index c0903e3af82..9c7bf402f7b 100644
--- a/Kitodo/src/main/resources/messages/messages_en.properties
+++ b/Kitodo/src/main/resources/messages/messages_en.properties
@@ -783,7 +783,6 @@ newPassword=New password
 newStructuralElement=New docstruct
 newStructuralElementFromPages=New docstruct from selected pages
 new=Ready
-newAuthority=New authority
 newClient=New client
 newDocket=New docket
 newElement=New
@@ -1255,7 +1254,6 @@ duplicateProject=Duplicate project
 duplicateTemplate=Duplicate template
 duplicateWorkflow=Duplicate workflow
 
-editAuthority=Edit authority
 editBatch=Edit batch
 editClient=Edit client
 editDocket=Edit docket
@@ -1305,7 +1303,6 @@ viewAllTemplates=View all templates
 viewAllUsers=View all users
 viewAllWorkflows=View all workflows
 
-viewAuthority=View authority
 viewBatch=View batch
 viewClient=View client
 viewDocket=View docket
diff --git a/Kitodo/src/main/resources/messages/messages_es.properties b/Kitodo/src/main/resources/messages/messages_es.properties
index 930f88eae15..f764cae1f51 100644
--- a/Kitodo/src/main/resources/messages/messages_es.properties
+++ b/Kitodo/src/main/resources/messages/messages_es.properties
@@ -779,7 +779,6 @@ newPassword=Nueva contraseña
 newStructuralElement=Nuevo elemento estructural
 newStructuralElementFromPages=Nuevo elemento estructural de las páginas seleccionadas
 new=Listo para empezar
-newAuthority=Nueva autorización
 newClient=Nuevo cliente
 newElement=Nuevo
 newDocket=Nueva hoja de ruta
@@ -1250,7 +1249,6 @@ duplicateProject=Proyecto duplicado
 duplicateTemplate=Duplicar la plantilla de producción
 duplicateWorkflow=Duplicar el flujo de trabajo
 
-editAuthority=Editar permiso
 editBatch=Editar lote
 editClient=Editar cliente
 editDocket=Editar hoja de ruta
@@ -1299,7 +1297,6 @@ viewAllTemplates=Mostrar todas las plantillas de producción
 viewAllUsers=Mostrar todos los usuarios
 viewAllWorkflows=Mostrar todos los flujos de trabajo
 
-viewAuthority=Mostrar autorización
 viewBatch=Mostrar lote
 viewClient=Mostrar cliente
 viewDocket=Mostrar hoja de ruta
diff --git a/Kitodo/src/main/webapp/WEB-INF/templates/includes/users/authorityList.xhtml b/Kitodo/src/main/webapp/WEB-INF/templates/includes/users/authorityList.xhtml
index 2c1426d06ee..e7c0c592816 100644
--- a/Kitodo/src/main/webapp/WEB-INF/templates/includes/users/authorityList.xhtml
+++ b/Kitodo/src/main/webapp/WEB-INF/templates/includes/users/authorityList.xhtml
@@ -40,20 +40,5 @@
             <h:outputText value="#{HelperForm.getTranslated(item.type)}"
                           title="#{HelperForm.getTranslated(item.type)}"/>
         </p:column>
-        <p:column headerText="#{msgs.actions}"
-                  resizable="false"
-                  width="70"
-                  styleClass="actionsColumn">
-            <h:form id="actionForm">
-                <h:link id="viewAuthority"
-                        outcome="authorityEdit"
-                        styleClass="action"
-                        title="#{msgs.view}"
-                        rendered="#{SecurityAccessController.hasAuthorityToViewAuthority() and not SecurityAccessController.hasAuthorityToEditAuthority()}">
-                    <f:param name="id" value="#{item.id}" />
-                    <i class="fa fa-eye fa-lg"/>
-                </h:link>
-            </h:form>
-        </p:column>
     </p:dataTable>
 </ui:composition>
diff --git a/Kitodo/src/main/webapp/pages/authorityEdit.xhtml b/Kitodo/src/main/webapp/pages/authorityEdit.xhtml
deleted file mode 100644
index 5370f7ff330..00000000000
--- a/Kitodo/src/main/webapp/pages/authorityEdit.xhtml
+++ /dev/null
@@ -1,85 +0,0 @@
-<!--
- *
- * (c) Kitodo. Key to digital objects e. V. <contact@kitodo.org>
- *
- * This file is part of the Kitodo project.
- *
- * It is licensed under GNU General Public License version 3 or later.
- *
- * For the full copyright and license information, please read the
- * GPL3-License.txt file that was distributed with this source code.
- *
--->
-
-<ui:composition
-        template="/WEB-INF/templates/baseEditView.xhtml"
-        xmlns:f="http://xmlns.jcp.org/jsf/core"
-        xmlns:h="http://xmlns.jcp.org/jsf/html"
-        xmlns:ui="http://xmlns.jcp.org/jsf/facelets"
-        xmlns:p="http://primefaces.org/ui">
-    <f:metadata>
-        <f:viewParam name="id"/>
-        <f:viewAction action="#{AuthorityForm.load(id)}"/>
-    </f:metadata>
-
-    <ui:param name="isEditMode"
-              value="#{AuthorityForm.authority.id ne null and SecurityAccessController.hasAuthorityToEditAuthority()}"/>
-    <ui:param name="isCreateMode"
-              value="#{AuthorityForm.authority.id eq null and SecurityAccessController.hasAuthorityToAddAuthority()}"/>
-    <ui:param name="isViewMode"
-              value="#{not isEditMode and not isCreateMode}"/>
-
-    <ui:define name="contentHeader">
-        <h:outputScript name="js/save.js" target="body" />
-        <h3 id="headerText">
-            <h:outputText value="#{msgs.editAuthority}"
-                          styleClass="shortable"
-                          rendered="#{isEditMode}"/>
-            <h:outputText value="#{msgs.newAuthority}"
-                          styleClass="shortable"
-                          rendered="#{isCreateMode}"/>
-            <h:outputText value="#{msgs.viewAuthority}"
-                          styleClass="shortable"
-                          rendered="#{isViewMode}"/>
-        </h3>
-        <p:button id="cancel"
-                  value="#{msgs.cancel}"
-                  onclick="setConfirmUnload(false);"
-                  outcome="users?keepPagination=true"
-                  icon="fa fa-times fa-lg"
-                  iconPos="right"
-                  styleClass="secondary"/>
-        <p:commandButton id="saveButtonToggler"
-                         actionListener="#{AuthorityForm.setSaveDisabled(false)}"
-                         update="save"
-                         style="display:none;"/>
-                         <p:commandButton id="save"
-                         rendered="#{isEditMode || isCreateMode}"
-                         widgetVar="save"
-                         value="#{msgs.save}"
-                         action="#{AuthorityForm.save}"
-                         update="notifications"
-                         icon="fa fa-floppy-o fa-lg"
-                         iconPos="right"
-                         disabled="#{AuthorityForm.saveDisabled}"
-                         onclick="setConfirmUnload(false);PF('notifications').renderMessage({'summary':'#{msgs.authoritySaving}','detail':'#{msgs.youWillBeRedirected}','severity':'info'});"/>
-    </ui:define>
-
-    <ui:define name="pageTabView">
-        <p:tabView id="authorityTabView">
-            <p:tab id="authorityTab" title="#{msgs.details}">
-                <ui:include src="/WEB-INF/templates/includes/authorityEdit/details.xhtml"/>
-                <ui:param name="isViewMode" value="#{isViewMode}" />
-            </p:tab>
-        </p:tabView>
-    </ui:define>
-
-    <ui:define name="breadcrumbs">
-        <p:menuitem value="#{msgs.desktop}" url="desktop.jsf" icon="fa fa-home"/>
-        <p:menuitem value="#{msgs.users}" url="users.jsf" icon="fa fa-user"/>
-        <p:menuitem value="#{msgs.editAuthority}" rendered="#{isEditMode}" icon="fa fa-cube"/>
-        <p:menuitem value="#{msgs.authorityNew}" rendered="#{isCreateMode}" icon="fa fa-cube"/>
-        <p:menuitem value="#{msgs.viewAuthority}" rendered="#{isViewMode}" icon="fa fa-cube"/>
-    </ui:define>
-
-</ui:composition>
diff --git a/Kitodo/src/main/webapp/pages/users.xhtml b/Kitodo/src/main/webapp/pages/users.xhtml
index ed4c41dca44..156085b2afa 100644
--- a/Kitodo/src/main/webapp/pages/users.xhtml
+++ b/Kitodo/src/main/webapp/pages/users.xhtml
@@ -26,7 +26,6 @@
         <f:viewAction action="#{UserForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{RoleForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{ClientForm.resetPaginator(keepPagination)}" />
-        <f:viewAction action="#{AuthorityForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{LdapGroupForm.resetPaginator(keepPagination)}" />
         <f:viewAction action="#{LdapServerForm.resetPaginator(keepPagination)}" />
     </f:metadata>
@@ -73,9 +72,6 @@
                 <p:menuitem value="#{msgs.newLdapServer}" id="newLdapServerButton" action="#{LdapServerForm.newLdapServer}"
                             rendered="#{SecurityAccessController.hasAuthorityGlobal('addLdapServer')}"
                             icon="fa fa-plus"/>
-                <p:menuitem value="#{msgs.newAuthority}" id="newAuthority" action="#{AuthorityForm.newAuthority}"
-                            rendered="#{SecurityAccessController.hasAuthorityToAddAuthority()}"
-                            icon="fa fa-plus"/>
             </p:menuButton>
         </h:form>        
     </ui:define>