Report of the fix of the bug #14663

Author: mmoqui

kmelia/kmelia-library/src/main/java/org/silverpeas/components/kmelia/KmeliaPublicationHelper.java

@@ -52,7 +52,7 @@ public static boolean isRemovable(String instanceId, String currentUserId, Strin
     if (hasWritePrivilege(currentUserId, profile, ownerDetail)) {
       boolean removeOnlyForAdmin = StringUtil.getBooleanValue(
           getParameterValue(instanceId, InstanceParameters.suppressionOnlyForAdmin));
-      return !removeOnlyForAdmin || "admin".equals(profile);
+      return !removeOnlyForAdmin || SilverpeasRole.ADMIN.getName().equals(profile);
     }
     return false;
   }

kmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/control/KmeliaSessionController.java

@@ -478,6 +478,14 @@ public boolean isSuppressionOnlyForAdmin() {
     return StringUtil.getBooleanValue(getComponentParameterValue("suppressionOnlyForAdmin"));
   }
 
+  public boolean isSuppressionAllowed(String profile) {
+    SilverpeasRole role = SilverpeasRole.fromString(profile);
+    boolean modifPrivilege = role == SilverpeasRole.ADMIN || role == SilverpeasRole.PUBLISHER ||
+        role == SilverpeasRole.SUPERVISOR;
+    return (!isSuppressionOnlyForAdmin() && modifPrivilege)
+        || (isSuppressionOnlyForAdmin() && role == SilverpeasRole.ADMIN);
+  }
+
   public boolean isContentEnabled() {
     String parameterValue = getComponentParameterValue("tabContent");
     if (!StringUtil.isDefined(parameterValue)) {

kmelia/kmelia-war/src/main/java/org/silverpeas/components/kmelia/servlets/JSONServlet.java

@@ -86,26 +86,18 @@ public void doPost(HttpServletRequest req, HttpServletResponse res) {
   private String getOperations(String id, KmeliaSessionController kmeliaSC) {
     return JSONCodec.encodeObject(operations -> {
 
+      String profile = kmeliaSC.getUserTopicProfile(id);
       if (KmeliaHelper.isNonVisiblePubsFolder(id)) {
-        operations.put(OP_DELETE_PUBLICATIONS, true);
+        operations.put(OP_DELETE_PUBLICATIONS, kmeliaSC.isSuppressionAllowed(profile));
         operations.put(OP_EXPORT_PUBLICATIONS, true);
       } else {
         // getting profile
-        String profile = kmeliaSC.getUserTopicProfile(id);
         NodeDetail folder = kmeliaSC.getNodeHeader(id);
-
-        // getting operations of topic according to profile and current
-        boolean isAdmin = SilverpeasRole.ADMIN.isInRole(profile);
-        boolean isPublisher = SilverpeasRole.PUBLISHER.isInRole(profile);
-        boolean isWriter = SilverpeasRole.WRITER.isInRole(profile);
-        boolean isUser = SilverpeasRole.USER.isInRole(profile);
+        Role role = new Role(profile);
         boolean isRoot = NodePK.ROOT_NODE_ID.equals(id);
         boolean isInBasket = folder.getFullPath().contains("/" + NodePK.BIN_NODE_ID + "/");
-        Role role = new Role().setAdmin(isAdmin).setPublisher(isPublisher).setWriter(isWriter)
-            .setUser(isUser);
-
         if (isInBasket) {
-          addBasketOperations(operations, role, folder);
+          addBasketOperations(kmeliaSC, operations, role, folder);
         } else if (StringUtil.isDefined(profile)) {
           UserDetail user = kmeliaSC.getUserDetail();
           // general operations
@@ -130,7 +122,8 @@ private void addPublicationOperations(final KmeliaSessionController kmeliaSC,
         !isRoot || (kmeliaSC.getNbPublicationsOnRoot() == 0 || !kmeliaSC.isTreeStructure());
     boolean addPublicationAllowed = !role.isUser() && publicationsInTopic;
     boolean operationsOnSelectionAllowed =
-        (role.isAdmin() || role.isPublisher()) && publicationsInTopic;
+        (role.isAdmin() || role.isPublisher()) && publicationsInTopic &&
+            kmeliaSC.isSuppressionAllowed(role.toString());
     boolean somePublicationsExist = ofNullable(kmeliaSC.getSessionPublicationsList())
         .filter(not(Collection::isEmpty))
         .isPresent();
@@ -161,6 +154,10 @@ private void addPublicationOperations(final KmeliaSessionController kmeliaSC,
     operations.put("topicSubscriptions", notRootNotAnonymousNotGuest);
     operations.put("favorites", notRootNotAnonymousNotGuest);
 
+    addPublicationSelectionOperation(kmeliaSC, operations, operationsOnSelectionAllowed);
+  }
+
+  private static void addPublicationSelectionOperation(KmeliaSessionController kmeliaSC, JSONCodec.JSONObject operations, boolean operationsOnSelectionAllowed) {
     if (kmeliaSC.isAllPublicationsListSelected()) {
       operations.put("unselectAllPublications", operationsOnSelectionAllowed);
     } else {
@@ -216,15 +213,17 @@ private void addGeneralOperations(final KmeliaSessionController kmeliaSC,
     operations.put("responsibles", !user.isAnonymous());
   }
 
-  private void addBasketOperations(final JSONCodec.JSONObject operations, final Role role,
+  private void addBasketOperations(final KmeliaSessionController kmeliaSc,
+      final JSONCodec.JSONObject operations, final Role role,
       NodeDetail node) {
     boolean binOperationsAllowed = role.isAdmin() || role.isPublisher() || role.isWriter();
     boolean isAdmin = role.isAdmin();
-    operations.put("emptyTrash", binOperationsAllowed);
+    boolean suppressionAllowed = kmeliaSc.isSuppressionAllowed(role.toString());
+    operations.put("emptyTrash", binOperationsAllowed && suppressionAllowed);
     operations.put(OP_EXPORT_PUBLICATIONS, binOperationsAllowed);
     operations.put("copyPublications", binOperationsAllowed);
     operations.put("cutPublications", binOperationsAllowed);
-    operations.put(OP_DELETE_PUBLICATIONS, binOperationsAllowed);
+    operations.put(OP_DELETE_PUBLICATIONS, binOperationsAllowed && suppressionAllowed);
     if (!node.isBin()) {
       operations.put("deleteTopic", isAdmin);
       operations.put("copyTopic", isAdmin);
@@ -234,45 +233,32 @@ private void addBasketOperations(final JSONCodec.JSONObject operations, final Ro
 
   private static class Role {
 
-    private boolean admin;
-    private boolean publisher;
-    private boolean writer;
-    private boolean user;
+    private final SilverpeasRole silverRole;
 
-    public boolean isAdmin() {
-      return admin;
+    public Role(final String profile) {
+      this.silverRole = SilverpeasRole.fromString(profile);
     }
 
-    public Role setAdmin(final boolean admin) {
-      this.admin = admin;
-      return this;
+    public boolean isAdmin() {
+      return silverRole == SilverpeasRole.ADMIN;
     }
 
     public boolean isPublisher() {
-      return publisher;
+      return this.silverRole == SilverpeasRole.PUBLISHER;
     }
 
-    public Role setPublisher(final boolean publisher) {
-      this.publisher = publisher;
-      return this;
-    }
 
     public boolean isWriter() {
-      return writer;
-    }
-
-    public Role setWriter(final boolean writer) {
-      this.writer = writer;
-      return this;
+      return this.silverRole == SilverpeasRole.WRITER;
     }
 
     public boolean isUser() {
-      return user;
+      return this.silverRole == SilverpeasRole.USER;
     }
 
-    public Role setUser(final boolean user) {
-      this.user = user;
-      return this;
+    @Override
+    public String toString() {
+      return silverRole.getName();
     }
   }
 }

kmelia/kmelia-war/src/main/webapp/kmelia/jsp/basket.jsp

@@ -97,8 +97,9 @@ $(document).ready(function() {
 
 	//Display operations
 	OperationPane operationPane = window.getOperationPane();
-	operationPane.addOperation("useless", resources.getString("EmptyBasket"), "javascript:onClick=emptyTrash()");
-
+	if (kmeliaScc.isSuppressionAllowed(kmeliaScc.getProfile())) {
+		operationPane.addOperation("useless", resources.getString("EmptyBasket"), "javascript:onClick=emptyTrash()");
+	}
     out.println(window.printBefore());
 %>
 	<view:frame>

kmelia/kmelia-war/src/main/webapp/kmelia/jsp/publicationManager.jsp

@@ -41,6 +41,7 @@
 <%@ page import="java.util.Date" %>
 <%@ page import="java.util.StringTokenizer" %>
 <%@ page import="org.silverpeas.core.contribution.model.Thumbnail" %>
+<%@ page import="org.silverpeas.components.kmelia.KmeliaPublicationHelper" %>
 
 <c:set var="userLanguage" value="${requestScope.resources.language}"/>
 <fmt:setLocale value="${userLanguage}"/>
@@ -138,19 +139,11 @@
         action = "UpdateView";
         isOwner = true;
       } else {
-        if (profile.equals("admin") || profile.equals("publisher") || profile.equals("supervisor") || (ownerDetail != null && kmeliaScc.getUserDetail().getId().equals(ownerDetail.getId()) && profile.equals("writer"))) {
-          isOwner = true;
-
-          if (!kmeliaScc.isSuppressionOnlyForAdmin() || (profile.equals("admin") && kmeliaScc.isSuppressionOnlyForAdmin())) {
-            // suppressionAllowed = true car si c'est un redacteur, c'est le proprietaire de la publication
-            suppressionAllowed = true;
-          }
-        } else if (!profile.equals("user") && kmeliaScc.isCoWritingEnable()) {
-          // si publication en co-redaction, considerer qu'elle appartient aux co-redacteur au meme titre qu'au proprietaire
-          // mais suppressionAllowed = false pour que le co-redacteur ne puisse pas supprimer la publication
-          isOwner = true;
-          suppressionAllowed = false;
-        }
+          isOwner = (ownerDetail != null &&
+                  kmeliaScc.getUserDetail().getId().equals(ownerDetail.getId()))
+                  || (!profile.equals("user") && kmeliaScc.isCoWritingEnable());
+          suppressionAllowed = KmeliaPublicationHelper.isRemovable(kmeliaScc.getComponentId(),
+                  kmeliaScc.getUserId(), profile, ownerDetail);
 
           //modification pour acceder a l'onglet voir aussi
           kmeliaScc.setSessionOwner(isOwner);

kmelia/kmelia-war/src/main/webapp/kmelia/jsp/simpleListOfPublications.jsp

@@ -189,7 +189,9 @@
           operationPane.addOperation("useless", resources.getString("kmelia.operation.copyPublications"), "javascript:onclick=copyPublications()");
           operationPane.addOperation("useless", resources.getString("kmelia.operation.cutPublications"), "javascript:onclick=cutPublications()");
           operationPane.addOperation(resources.getIcon("kmelia.paste"), resources.getString("GML.paste"), "javascript:onClick=pasteFromOperations()");
-          operationPane.addOperation("useless", resources.getString("kmelia.operation.deletePublications"), "javascript:onclick=deletePublications()");
+          if (kmeliaScc.isSuppressionAllowed(profile)) {
+            operationPane.addOperation("useless", resources.getString("kmelia.operation.deletePublications"), "javascript:onclick=deletePublications()");
+          }
           operationPane.addLine();
         }
 

kmelia/kmelia-war/src/main/webapp/kmelia/jsp/treeview.jsp

@@ -48,18 +48,18 @@
 
 <fmt:message key="GML.ForbiddenAccessContent" var="labelForbiddenAccess"/>
 
-<c:set var="folderId" value="${request.CurrentFolderId}"/>
+<c:set var="folderId" value="${requestScope.CurrentFolderId}"/>
 <c:if test="${silfn:isNotDefined(folderId)}">
   <c:set var="folderId" value="0"/>
 </c:if>
 
 <%
-  String 	profile			= (String) request.getAttribute("Profile");
-  String  translation 	= (String) request.getAttribute("Language");
+  String profile			= (String) request.getAttribute("Profile");
+  String translation 	= (String) request.getAttribute("Language");
   boolean displayNBPublis = (Boolean) request.getAttribute("DisplayNBPublis");
   Boolean rightsOnTopics  = (Boolean) request.getAttribute("RightsOnTopicsEnabled");
   SearchContext searchContext = (SearchContext) request.getAttribute("SearchContext");
-  int		currentPageIndex = (Integer) request.getAttribute("PageIndex");
+  int currentPageIndex = (Integer) request.getAttribute("PageIndex");
 
   String pubIdToHighlight	= (String) request.getAttribute("PubIdToHighlight"); //used when we have found publication from search (only toolbox)
 
@@ -69,6 +69,7 @@
 
   boolean userCanManageRoot = "admin".equalsIgnoreCase(profile);
   boolean userCanManageTopics = rightsOnTopics || "admin".equalsIgnoreCase(profile) || kmeliaScc.isTopicManagementDelegated();
+  boolean userCanEmptyTrash = kmeliaScc.isSuppressionAllowed(profile);
 %>
 <view:sp-page>
 <view:sp-head-part withCheckFormScript="true">
@@ -88,6 +89,11 @@
   <script type="text/javascript">
     let isSearchTopicEnabled = ${displaySearch};
 
+    function canEmptyTrash(nodeType) {
+      const isUserCanEmptyTrash = <%= userCanEmptyTrash %>;
+      return nodeType === "bin" && isUserCanEmptyTrash;
+    }
+
     function topicGoTo(id) {
       closeWindows();
       displayTopicContent(id);
@@ -145,7 +151,7 @@
       return <%=KmeliaPublicationHelper.isPublicationsOnRootAllowed(componentId)%>;
     }
 
-    const icons = new Object();
+    const icons = {};
     icons["permalink"] = "<%=resources.getIcon("kmelia.link")%>";
     icons["operation.addTopic"] = "<%=resources.getIcon("kmelia.operation.addTopic")%>";
     icons["operation.addPubli"] = "<%=resources.getIcon("kmelia.operation.addPubli")%>";
@@ -154,7 +160,7 @@
     icons["operation.subscribe"] = "<%=resources.getIcon("kmelia.operation.subscribe")%>";
     icons["operation.favorites"] = "<%=resources.getIcon("kmelia.operation.favorites")%>";
 
-    const params = new Object();
+    const params = {};
     params["rightsOnTopic"] = <%=rightsOnTopics.booleanValue()%>;
     params["i18n"] = <%=I18NHelper.isI18nContentActivated%>;
     params["nbPublisDisplayed"] = <%=displayNBPublis%>;
@@ -479,16 +485,15 @@
     }
     if (isSpecialFolder(nodeType)) {
       return false;
-    } else if (nodeType === "bin") {
-      const binItems = {
+    } else if (canEmptyTrash(nodeType)) {
+      return {
         emptyItem: {
           label: "<%=resources.getString("EmptyBasket")%>",
           action: function () {
             emptyTrash();
           }
         }
       };
-      return binItems;
     }
 
     // The default set of all items