Favorite Pages: Permissions to add/remove items

[bryanboza]

Parent Issue

#22343

Problem Statement

As a user of dotCMS, I want to be able to add a page as a favorite and remove it with the same level of permissions.

We need to add permissions to backend users in the dotFavoritePage content type as default, this allows any user that has backend permissions and also publishes permissions on any page can be able to add/remove pages from the favorite list.

Additionally, once you already have the required permissions and you add the page as a favorite, we are printing this stack trace in the log, for now, it is just noisy but we need to take look and try to clear the log.

testing_pg-dotcms-1         | 19:18:09.928  ERROR business.ESContentletAPIImpl - Could not save the permissions for: index, id: de00add59debdeed05c69aaf78a3dedd, msg: User id: dotcms.org.2795 does not have permission to alter permissions on asset de00add59debdeed05c69aaf78a3dedd
testing_pg-dotcms-1         | com.dotmarketing.exception.DotSecurityException: User id: dotcms.org.2795 does not have permission to alter permissions on asset de00add59debdeed05c69aaf78a3dedd
testing_pg-dotcms-1         | 	at com.dotmarketing.business.PermissionBitAPIImpl.save(PermissionBitAPIImpl.java:635) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at com.dotmarketing.business.PermissionBitAPIImpl.save(PermissionBitAPIImpl.java:598) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at com.dotcms.content.elasticsearch.business.ESContentletAPIImpl.lambda$handlePermissions$101(ESContentletAPIImpl.java:10007) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at com.dotmarketing.db.DotRunnableThread.internalRunner(DotRunnableThread.java:99) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at com.dotmarketing.db.LocalTransaction.wrap(LocalTransaction.java:168) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at com.dotmarketing.db.DotRunnableThread.run(DotRunnableThread.java:53) ~[dotcms_23.05_accf5f2.jar:?]
testing_pg-dotcms-1         | 	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) ~[?:?]
testing_pg-dotcms-1         | 	at java.util.concurrent.FutureTask.run(FutureTask.java:264) ~[?:?]
testing_pg-dotcms-1         | 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) ~[?:?]
testing_pg-dotcms-1         | 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) ~[?:?]
testing_pg-dotcms-1         | 	at java.lang.Thread.run(Thread.java:829) [?:?]

Steps to Reproduce

• Login as admin
• Navigate to a page in dotCMS
• Attempt to add the page as a favorite
• Make sure we are listing the page on the favorite pages porltet
• Attempt to remove the page from the favorites list
• Make sure we are not listing the page on the favorite pages porltet

Acceptance Criteria

• The dotFavoritePage content type should have backend permission by default
• Users should have Publish permissions as a minimum to be able to add a page as a favorite
• Users should be able to remove a page from the favorites list with the same level of permissions
• Adding and removing pages from the favorites list should function properly without any errors or issues

dotCMS Version

Tested on release-23.05 // Docker // FF

Proposed Objective

Quality Assurance

Proposed Priority

Priority 2 - Important

Assumptions & Initiation Needs

We need to ensure that adding and removing pages from the favorites list does not cause any conflicts with other features or functionalities.

[wezell]

What Bryan said is not quite correct - what we need here is that all dotFavoritePages have "CMS Owner + Edit Permissions" on them - like this. This permission is a special one that should allow whoever created the Favorite to also be able to see it and delete it.

This permission should not get removed, I don't think.

[fmontes]

We're closing this because is not a favorite pages issue, is a permission issue we're fixing here: #24801 and then will be doing this: #24817