Skip to content

Align frontend and backend publication checks#9300

Merged
ianwallen merged 3 commits into
geonetwork:mainfrom
tylerjmchugh:fix-publication-for-useradmin
Jun 16, 2026
Merged

Align frontend and backend publication checks#9300
ianwallen merged 3 commits into
geonetwork:mainfrom
tylerjmchugh:fix-publication-for-useradmin

Conversation

@tylerjmchugh

@tylerjmchugh tylerjmchugh commented May 28, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Following #9197 a user who is both Reviewer and User Admin cannot publish:
image

Seems to be caused by this check:

if (userSession.getProfile() == Profile.Editor || userSession.getProfile() == Profile.UserAdmin) {
    boolean hasReservedGroupPrivileges = newPrivileges.stream().anyMatch(priv -> ReservedGroup.isReserved(priv.getGroup()));

    if (hasReservedGroupPrivileges) {
        throw new NotAllowedException(String.format(
            "Publication/Unpublication of metadata is not allowed for %s", userSession.getProfile()));
    }

    return;
}

It does not consider that a user may be a reviewer as well as a user admin.

This PR aims to fix this issue by aligning permission checks performed on publication/unpublication across the ui, frontend, backend, docs and tests.

Ex. Publication:

  • If Administrator
    • Allowed
  • If user is METADATA_PUBLISH_USERPROFILE
    • Allowed
  • If user is not METADATA_PUBLISH_USERPROFILE
    • Not Allowed

Checklist

  • I have read the contribution guidelines
  • Pull request provided for main branch, backports managed with label
  • Good housekeeping of code, cleaning up comments, tests, and documentation
  • Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation

josegar74
josegar74 reviewed May 29, 2026
View reviewed changes
Comment thread core/src/main/java/org/fao/geonet/kernel/AccessManager.java Outdated
@tylerjmchugh @josegar74
Apply suggested change
79e1582 
Co-authored-by: Jose García <josegar74@gmail.com>
@josegar74 josegar74 added this to the 4.4.11 milestone Jun 1, 2026
@tylerjmchugh tylerjmchugh requested a review from josegar74 June 1, 2026 13:05
@josegar74 josegar74 modified the milestones: 4.4.11, 4.4.12 Jun 2, 2026
josegar74
josegar74 approved these changes Jun 10, 2026
View reviewed changes

@josegar74 josegar74 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and seems working fine

Comment thread services/src/test/java/org/fao/geonet/api/records/MetadataSharingApiTest.java Outdated
public void shareMetadataForPublicationAsUserAdminWithReviewerInGroup() throws Exception {
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();

// Create a user with global UserAdmin profile but per-group Reviewer in the record's group.

@josegar74 josegar74 Jun 10, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Global UserAdmin profile is not something you can create, at least from the user interface. UserAdmin is related to a group. In any case, the test seems fine.

@tylerjmchugh tylerjmchugh Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in latest push

Comment thread services/src/test/java/org/fao/geonet/api/records/MetadataSharingApiTest.java Outdated
public void shareMetadataForPublicationAsUserAdminWithoutReviewerInGroup() throws Exception {
MockMvc mockMvc = MockMvcBuilders.webAppContextSetup(this.wac).build();

// Create a user with global UserAdmin profile but only Editor membership in the record's group.

@josegar74 josegar74 Jun 10, 2026

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar as previous comment.

@tylerjmchugh tylerjmchugh Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in latest push

@ianwallen ianwallen merged commit 3f3fdac into geonetwork:main Jun 16, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@josegar74 josegar74 josegar74 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

4.4.12

Development

Successfully merging this pull request may close these issues.

3 participants

@tylerjmchugh @josegar74 @ianwallen