Added code for deleting individuals #213
Conversation
There was a problem hiding this comment.
@litvinovg thanks for nice contribution. I have posted a couple of comments. Moreover, I have two additional comments here (and one in the associated GitHub issue):
- Please, consider adding <@p.deleteIndividualLink individual /> in the webapp/src/main/webapp/templates/freemarker/body/partials/individual/individual-adminPanel.ftl next to link for editing individual
- I am not sure do we need anymore Delete button in webapp/src/main/webapp/templates/edit/formBasic.jsp. If we do, it should be linked to the same code, i.e., display:hasDeleteQuery should be taken into account.
| } | ||
|
|
||
| private void deleteIndividuals(byte[] toRemove, VitroRequest vreq) { | ||
| String removingString = new String(toRemove, StandardCharsets.UTF_8); |
There was a problem hiding this comment.
Can this line be moved to the catch block?
| return type; | ||
| } | ||
|
|
||
| private byte[] getIndividualsToDelete(String targetIndividual, String deleteQuery, VitroRequest vreq) { |
There was a problem hiding this comment.
I am not sure the best return value of this function is byte[]. Can you consider encapsulating conversion of Model to byte[] and creation of InputStream within the deleteIndividuals method?
| QueryExecution qexec = QueryExecutionFactory.create(queryForTypeSpecificDeleteQuery, displayModel, initialBindings); | ||
| try { | ||
| ResultSet results = qexec.execSelect(); | ||
| while (results.hasNext()) { |
There was a problem hiding this comment.
Can here be if instead of while?
There was a problem hiding this comment.
Yes. It is more intuitive.
| String redirectUrl = vreq.getParameter("redirectUrl"); | ||
| if (redirectUrl != null) { | ||
| return redirectUrl; | ||
| } | ||
| return "/"; |
There was a problem hiding this comment.
Can confirmDeleteIndividualForm.ftl (lines 5-9) be simplified? Do we need if clause there, or
<#assign redirectUrl = editConfiguration.pageData.redirectUrl />
is enough? Or we can simplify the code here in the Java file?
There was a problem hiding this comment.
I think validation is needed as it get values from the browser in both cases. Assigning limits configuration of redirect url. I would leave it that way.
| private String propertyTemplate = "confirmDeletePropertyForm.ftl"; | ||
| private String individualTemplate = "confirmDeleteIndividualForm.ftl"; |
There was a problem hiding this comment.
Can you please correct lay outing of those two lines?
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
|
|
||
| @Override | ||
| protected AuthorizationRequest requiredActions(VitroRequest vreq) { | ||
| return SimplePermission.DO_FRONT_END_EDITING.ACTION; |
There was a problem hiding this comment.
This is something that a lot of existing controllers tend not to handle well, but which we should probably consider more closely. It seems that this controller should require the user to have permission at least for edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource for the main individualURI that is deleted. The thornier question is what to do with the related resources and (possibly the specific statements connecting them). Do we want to pre-run the deletion query and check each of the additional individual URIs it returns to see whether the user also has DropResource permissions on those? If a user has permission to drop the main resource but not some of the related individuals, do we fail on the whole operation or allow them to delete those individuals they are able to while leaving the rest behind?
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
| @@ -75,6 +75,9 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) { | |||
| if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) { | |||
| return SimplePermission.DO_BACK_END_EDITING.ACTION; | |||
| } | |||
| if (isIndividualDeletion(vreq)) { | |||
| return SimplePermission.DO_BACK_END_EDITING.ACTION; | |||
There was a problem hiding this comment.
See comment on requiredActions() in DeleteIndividualController.
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
…tic, lookup for mostSpecificTypes
litvinovg
force-pushed
the
del_individuals_main
branch
from
1ed9a27
to
bc4e93a
Compare
I added the link.
I don't think we are ready to do it now, but we should consider that later. |
|
@litvinovg thanks for addressing the first comment. For the second comment, I suggest then to open an issue about this, and to work on that in the future. |
* Added code for deleting individuals * Allow admins delete individuals * Fixed delete individual url params * Improved query safety * refact: fixed constants' names, fixed mistakes, removed useless code * refact: refactored sparql queries * fix: fixed error logging mistakes * fix: use CONSTRUCT instead of DESCRIBE as less potentionally problematic, lookup for mostSpecificTypes * feat: add delete link in vitro individual profile if individual is editable * fix: renamed individualURI to individualUri and added safety check * fix: use ABox model to construct triples to delete
JIRA Issue
Vitro-languages PR
What does this pull request do?
Adds functionality to delete individuals and specify SPARQL Query to also delete individual dependant objects.
Require documentation update to provide examples with such queries.
What's new?
DeleteIndividualController to execute deletion
Display data property display:hasDeleteQuery to specify CONSTRUCT SPARQL query for a class to get all dependant object at deletion phase.
If class has no associated delete query, then default will be used.
How should this be tested?
Add <@p.deleteIndividualLink individual /> to individual page to create a link for individual deletion. Use link to delete individual.
Write CONSTRUCT query in format display:hasDeleteQuery """ construct query text """ .
and save it to rdf/display/everytime/
Interested parties
Tag (@ mention) interested parties or, if unsure, @VIVO-project/vivo-committers