UI: settings show/hide update display

[Ludy87]

Description

This PR replaces the PR #1003

In this PR, the visual for available update is added to the foreground.

There are new settings to generally show/hide the update display, and only administrators receive the update display.

Checklist:

• I have read the Contribution Guidelines
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• My changes generate no new warnings

Contributor License Agreement

By submitting this pull request, I acknowledge and agree that my contributions will be included in Stirling-PDF and that they can be relicensed in the future under the MPL 2.0 (Mozilla Public License Version 2.0) license.

(This does not change the general open-source nature of Stirling-PDF, simply moving from one license to another license)

[Frooodle]

Having this in the security folder means non security enabled jars will have build issues

[Frooodle]

Also adding it as parameter to all view files isnt a good solution personally i prefer doing it via bean such as the global properties in
https://github.com/Stirling-Tools/Stirling-PDF/blob/main/src/main/java/stirling/software/SPDF/config/AppConfig.java

[Ludy87]

in AppConfig.java I cannot query the user's status, as in the case of whether he is an admin or not

[Frooodle]

I dont mean placing in AppConfig but that @bean(name = "appName") is a nicer way

[Ludy87]

Ok I will try to use it 😅

[Ludy87]

 ./gradlew  compileJava

> Configure project :
0.22.1

BUILD SUCCESSFUL in 6s
4 actionable tasks: 2 executed, 2 up-to-date

[sbplat]

Everything else looks good!

[sbplat]

I think we should call this shouldShow.

[sbplat]

Maybe we should have a check for this and return it immediately since it's used in every branch?

[Ludy87]

Everything else looks good!

There will be problems, and unfortunately I can't find a solution if the condition is correct

Stirling-PDF/build.gradle

Line 30 in ace4e20

if (System.getenv('DOCKER_ENABLE_SECURITY') == 'false') {

[Frooodle]

I can help with that, I'll take a look tonight

[Frooodle]

I cant commit to this PR but basically something like

@Service
class AppUpdateService {

    @Autowired private ApplicationProperties applicationProperties;

    @Autowired(required = false)
    ShowAdminInterface showAdmin;

    @Bean
    public boolean isShow() {
        boolean showUpdate = applicationProperties.getSystem().getShowUpdate();
        boolean showAdminResult = (showAdmin != null) ? showAdmin.getShowUpdateOnlyAdmin() : true;
        return showUpdate && showAdminResult;
    }
}

public interface ShowAdminInterface {
    default boolean getShowUpdateOnlyAdmin() {
        return true;
    }
}

This class is in the security package, and is the only thing containing security stuff

@Service
class AppUpdateAuthService implements ShowAdminInterface {

    @Autowired private UserRepository userRepository;
    @Autowired private ApplicationProperties applicationProperties;

    public boolean getShowUpdateOnlyAdmin() {
        boolean showUpdateOnlyAdmin = applicationProperties.getSystem().getShowUpdateOnlyAdmin();
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

        if (authentication == null || !authentication.isAuthenticated()) {
            return !showUpdateOnlyAdmin;
        }

        if (authentication.getName().equalsIgnoreCase("anonymousUser")) {
            return !showUpdateOnlyAdmin;
        }

        Optional<User> user = userRepository.findByUsername(authentication.getName());
        if (user.isPresent() && showUpdateOnlyAdmin) {
            return "ROLE_ADMIN".equals(user.get().getRolesAsString());
        }

        return false;
    }
}

[Frooodle]

Naming and things might be garbage, change whatever, but thats the basic idea

[Ludy87]

Thanks for the code, there is the problem that AppUpdateAuthService is already called when the user is not logged in yet or it is not called again.

[Frooodle]

Could do something like

@Bean
    @Scope("request")
    public boolean isShow() {
        boolean showUpdate = applicationProperties.getSystem().getShowUpdate();
        boolean showAdminResult = (showAdmin != null) ? showAdmin.getShowUpdateOnlyAdmin() : true;
        return showUpdate && showAdminResult;
    }

with
org.springframework.context.annotation.Scope

[Frooodle]

AppUpdateAuthService.java needs moving to security folder

[Ludy87]

Then the ShowAdminInterface.java shouldn't be in the repository folder, right?

[Frooodle]

LGTM

[sonarcloud]

Quality Gate passed

Issues
12 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

[Frooodle]

Good to merge?

[Ludy87]

The birth was difficult. You can merge.