Merge pull request #3446 from AtlasOfLivingAustralia/feature/issue3440

Feature/issue3440

grails-app/controllers/au/org/ala/merit/DownloadController.groovy

@@ -4,20 +4,24 @@ import grails.core.GrailsApplication
 
 import javax.servlet.http.HttpServletResponse
 
-@PreAuthorise(accessLevel = 'siteReadOnly', redirectController = "home")
 class DownloadController {
 
     private List DOWNLOAD_EXTENSIONS = ['xls', 'xlsx', 'zip', 'json', 'xml', 'pdf', 'csv']
 
     GrailsApplication grailsApplication
     WebService webService
+    UserService userService
 
     /**
      * Deliberately not add .format in urlMapping to support file.extension on purpose
      * @param id - including extension
      * @return
      */
     def get(String id) {
+        if (!userService.userIsSiteAdmin() && !userService.userHasReadOnlyAccess()) {
+            redirect(controller:'home')
+            return
+        }
         if (!id) {
             response.setStatus(400)
             render "A download ID is required"

grails-app/controllers/au/org/ala/merit/HomeController.groovy

@@ -91,12 +91,13 @@ class HomeController {
         def facetsList = new ArrayList(SettingService.getHubConfig().availableFacets ?:[])
         def mapFacets = new ArrayList(SettingService.getHubConfig().availableMapFacets ?: [])
 
-        boolean canViewAdminFacetsAndDownloads = userService.userIsAlaOrFcAdmin() || userService.userHasReadOnlyAccess()
-        if (!canViewAdminFacetsAndDownloads) {
+        boolean canViewAdminFacets = userService.userIsAlaOrFcAdmin() || userService.userHasReadOnlyAccess()
+        if (!canViewAdminFacets) {
             List adminFacetList = SettingService.getHubConfig().adminFacets ?: []
             facetsList?.removeAll(adminFacetList)
             mapFacets?.removeAll(adminFacetList)
         }
+        boolean canViewDownloads = canViewAdminFacets || userService.userIsSiteAdmin()
         boolean canViewOfficerFacets = userService.userIsSiteAdmin() || userService.userHasReadOnlyAccess()
         if (!canViewOfficerFacets) {
             List officerFacetList = SettingService.getHubConfig().officerFacets ?: []
@@ -117,10 +118,10 @@ class HomeController {
            description: settingService.getSettingText(SettingPageType.DESCRIPTION),
            results: resp,
            projectCount: resp?.hits?.total ?: 0,
-           includeDownloads: canViewAdminFacetsAndDownloads
+           includeDownloads: canViewDownloads
         ]
 
-        if (canViewAdminFacetsAndDownloads) {
+        if (canViewAdminFacets) {
             List activityTypes = metadataService.activityTypesList()
             Map activityTypesFacet = resp?.facets?.get(ACTIVITY_TYPE_FACET_NAME)
             model.activityTypes = filterActivityTypesToProjectSelection(activityTypes, activityTypesFacet)

grails-app/controllers/au/org/ala/merit/SearchController.groovy

@@ -7,6 +7,7 @@ import org.apache.http.HttpStatus
 class SearchController {
     def searchService, webService, speciesService, commonService, documentService, reportService
     GrailsApplication grailsApplication
+    UserService userService
 
     /**
      * Main search page that takes its input from the search bar in the header
@@ -33,8 +34,11 @@ class SearchController {
         render speciesService.searchSpeciesList(sort, max, offset) as JSON
     }
 
-    @PreAuthorise(accessLevel = 'siteReadOnly', redirectController ='home', redirectAction = 'index')
     def downloadAllData() {
+        if (!userService.userIsSiteAdmin() && !userService.userHasReadOnlyAccess()) {
+            redirect(controller:'home')
+            return
+        }
         params.putAll(downloadParams())
         params.max = 10000 // The default is 5000, and some downloads require more than that.
         def response = searchService.downloadAllData(params)
@@ -78,8 +82,11 @@ class SearchController {
        searchService.downloadSummaryData(params, response)
     }
 
-    @PreAuthorise(accessLevel = 'siteReadOnly', redirectController ='home', redirectAction = 'index')
     def downloadShapefile() {
+        if (!userService.userIsSiteAdmin() && !userService.userHasReadOnlyAccess()) {
+            redirect(controller:'home')
+            return
+        }
         params.putAll(downloadParams())
         boolean success = searchService.downloadShapefile(params)
         Map resp = [status: success ? HttpStatus.SC_OK : HttpStatus.SC_INTERNAL_SERVER_ERROR]

src/main/scripts/releases/4.2/addServiceFacetAndModifyOfficerFacets.js

@@ -0,0 +1,17 @@
+let hub = db.hub.findOne({urlPath:'merit'});
+let servicesFacetIndex = hub.availableFacets.indexOf('services');
+if (servicesFacetIndex < 0) {
+    hub.availableFacets.push('services');
+}
+hub.officerFacets = ['muFacet', 'projectElectFacet', 'services'];
+
+servicesFacetIndex = hub.adminFacets.indexOf('services');
+if (servicesFacetIndex >= 0) {
+    hub.adminFacets.splice(servicesFacetIndex, 1);
+}
+let muFacetIndex = hub.adminFacets.indexOf('muFacet');
+if (muFacetIndex >= 0) {
+    hub.adminFacets.splice(muFacetIndex, 1);
+}
+
+db.hub.replaceOne({urlPath:'merit'}, hub);

src/test/groovy/au/org/ala/merit/DownloadControllerSpec.groovy

@@ -1,14 +1,17 @@
 package au.org.ala.merit
 
 import org.apache.http.HttpStatus
+import org.h2.engine.User
 import org.springframework.mock.web.MockMultipartFile
 import spock.lang.Specification
 import grails.testing.web.controllers.ControllerUnitTest
 
 class DownloadControllerSpec extends Specification implements ControllerUnitTest<DownloadController>{
 
     WebService webService = Mock(WebService)
+    UserService userService = Mock(UserService)
     def setup() {
+        controller.userService = userService
         controller.webService = webService
     }
 
@@ -20,6 +23,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest
         def resp = controller.get()
 
         then:
+        1 * userService.userIsSiteAdmin() >> true
         1 * webService.proxyGetRequest(_, {it.endsWith('download/uuid1234')}, true, true, _) >> [status:HttpStatus.SC_OK]
 
         and: "We return null to inform grails to not attempt to process a view as we are proxying a response from ecodata"
@@ -32,6 +36,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest
         controller.get()
 
         then:
+        1 * userService.userIsSiteAdmin() >> true
         response.status == HttpStatus.SC_BAD_REQUEST
     }
 
@@ -45,6 +50,7 @@ class DownloadControllerSpec extends Specification implements ControllerUnitTest
         controller.get()
 
         then:
+        1 * userService.userIsSiteAdmin() >> true
         1 * webService.proxyGetRequest(_, {it.contains('download/file')}, true, true, _) >> {
             resp, url, userId, apiKey, timeout ->
                 formatPassedToEcodata = url.endsWith(format)

src/test/groovy/au/org/ala/merit/HomeControllerSpec.groovy

@@ -217,7 +217,7 @@ class HomeControllerSpec extends Specification implements ControllerUnitTest<Hom
         false | true
     }
 
-    def "Users without MERIT admin or read only but with the hub officer role cannot view admin facets but can view officer facets"() {
+    def "Users without MERIT admin or read only but with the hub officer role cannot view admin facets but can view officer facets and downloads"() {
         setup:
         Map resp = [:]
 
@@ -228,7 +228,7 @@ class HomeControllerSpec extends Specification implements ControllerUnitTest<Hom
         then:
         1 * userService.userIsAlaOrFcAdmin() >> false
         1 * userService.userHasReadOnlyAccess() >> false
-        1 * userService.userIsSiteAdmin() >> true
+        2 * userService.userIsSiteAdmin() >> true
 
         1 * searchService.HomePageFacets(params) >> resp
         1 * settingService.getSettingText(_) >> "Project explorer description"
@@ -241,7 +241,7 @@ class HomeControllerSpec extends Specification implements ControllerUnitTest<Hom
         model.description == "Project explorer description"
         model.results == resp
         model.projectCount == 0
-        model.includeDownloads == false
+        model.includeDownloads == true
         model.activityTypes == null
 
     }
@@ -257,7 +257,7 @@ class HomeControllerSpec extends Specification implements ControllerUnitTest<Hom
         then:
         1 * userService.userIsAlaOrFcAdmin() >> false
         2 * userService.userHasReadOnlyAccess() >> false
-        1 * userService.userIsSiteAdmin() >> false
+        2 * userService.userIsSiteAdmin() >> false
         1 * searchService.HomePageFacets(params) >> resp
         1 * settingService.getSettingText(_) >> "Project explorer description"
         0 * metadataService.activityTypesList()

src/test/groovy/au/org/ala/merit/SearchControllerSpec.groovy

@@ -10,8 +10,10 @@ class SearchControllerSpec extends Specification implements ControllerUnitTest<S
     SearchService searchService = Mock(SearchService)
     WebService webService = Mock(WebService)
     CommonService commonService = Mock(CommonService)
+    UserService userService = Mock(UserService)
 
     void setup() {
+        controller.userService = userService
         controller.searchService = searchService
         controller.webService = webService
         controller.commonService = commonService
@@ -21,6 +23,7 @@ class SearchControllerSpec extends Specification implements ControllerUnitTest<S
         controller.downloadAllData()
 
         then:
+        1 * userService.userIsSiteAdmin() >> true
         1 * searchService.downloadAllData(params) >> [status:HttpStatus.SC_OK]
 
         and:
@@ -37,6 +40,7 @@ class SearchControllerSpec extends Specification implements ControllerUnitTest<S
         controller.downloadShapefile()
 
         then:
+        1 * userService.userIsSiteAdmin() >> true
         1 * searchService.downloadShapefile(params) >> true
 
         and: