New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added code for deleting individuals #213
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@litvinovg thanks for nice contribution. I have posted a couple of comments. Moreover, I have two additional comments here (and one in the associated GitHub issue):
- Please, consider adding <@p.deleteIndividualLink individual /> in the webapp/src/main/webapp/templates/freemarker/body/partials/individual/individual-adminPanel.ftl next to link for editing individual
- I am not sure do we need anymore Delete button in webapp/src/main/webapp/templates/edit/formBasic.jsp. If we do, it should be linked to the same code, i.e., display:hasDeleteQuery should be taken into account.
} | ||
|
||
private void deleteIndividuals(byte[] toRemove, VitroRequest vreq) { | ||
String removingString = new String(toRemove, StandardCharsets.UTF_8); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can this line be moved to the catch block?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
return type; | ||
} | ||
|
||
private byte[] getIndividualsToDelete(String targetIndividual, String deleteQuery, VitroRequest vreq) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure the best return value of this function is byte[]. Can you consider encapsulating conversion of Model to byte[] and creation of InputStream within the deleteIndividuals method?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure
QueryExecution qexec = QueryExecutionFactory.create(queryForTypeSpecificDeleteQuery, displayModel, initialBindings); | ||
try { | ||
ResultSet results = qexec.execSelect(); | ||
while (results.hasNext()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can here be if instead of while?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. It is more intuitive.
String redirectUrl = vreq.getParameter("redirectUrl"); | ||
if (redirectUrl != null) { | ||
return redirectUrl; | ||
} | ||
return "/"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can confirmDeleteIndividualForm.ftl (lines 5-9) be simplified? Do we need if clause there, or
<#assign redirectUrl = editConfiguration.pageData.redirectUrl />
is enough? Or we can simplify the code here in the Java file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think validation is needed as it get values from the browser in both cases. Assigning limits configuration of redirect url. I would leave it that way.
private String propertyTemplate = "confirmDeletePropertyForm.ftl"; | ||
private String individualTemplate = "confirmDeleteIndividualForm.ftl"; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you please correct lay outing of those two lines?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sure
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great addition. Just a few little things to tweak and then a slightly bigger question about how we want to handle the permissions.
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
|
||
@Override | ||
protected AuthorizationRequest requiredActions(VitroRequest vreq) { | ||
return SimplePermission.DO_FRONT_END_EDITING.ACTION; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is something that a lot of existing controllers tend not to handle well, but which we should probably consider more closely. It seems that this controller should require the user to have permission at least for edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource for the main individualURI that is deleted. The thornier question is what to do with the related resources and (possibly the specific statements connecting them). Do we want to pre-run the deletion query and check each of the additional individual URIs it returns to see whether the user also has DropResource permissions on those? If a user has permission to drop the main resource but not some of the related individuals, do we fail on the whole operation or allow them to delete those individuals they are able to while leaving the rest behind?
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
@@ -75,6 +75,9 @@ protected AuthorizationRequest requiredActions(VitroRequest vreq) { | |||
if (StringUtils.isNotEmpty(EditConfigurationUtils.getTypeOfNew(vreq))) { | |||
return SimplePermission.DO_BACK_END_EDITING.ACTION; | |||
} | |||
if (isIndividualDeletion(vreq)) { | |||
return SimplePermission.DO_BACK_END_EDITING.ACTION; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See comment on requiredActions() in DeleteIndividualController.
.../java/edu/cornell/mannlib/vitro/webapp/controller/freemarker/DeleteIndividualController.java
Outdated
Show resolved
Hide resolved
…tic, lookup for mostSpecificTypes
1ed9a27
to
bc4e93a
Compare
I added the link.
I don't think we are ready to do it now, but we should consider that later. |
|
@litvinovg thanks for addressing the first comment. For the second comment, I suggest then to open an issue about this, and to work on that in the future. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. Confirmed that it logs an error and uses the default deletion behavior if the ?individualUri query is not present. Query works when correct variable name is used.
* Added code for deleting individuals * Allow admins delete individuals * Fixed delete individual url params * Improved query safety * refact: fixed constants' names, fixed mistakes, removed useless code * refact: refactored sparql queries * fix: fixed error logging mistakes * fix: use CONSTRUCT instead of DESCRIBE as less potentionally problematic, lookup for mostSpecificTypes * feat: add delete link in vitro individual profile if individual is editable * fix: renamed individualURI to individualUri and added safety check * fix: use ABox model to construct triples to delete
JIRA Issue
Vitro-languages PR
What does this pull request do?
Adds functionality to delete individuals and specify SPARQL Query to also delete individual dependant objects.
Require documentation update to provide examples with such queries.
What's new?
DeleteIndividualController to execute deletion
Display data property display:hasDeleteQuery to specify CONSTRUCT SPARQL query for a class to get all dependant object at deletion phase.
If class has no associated delete query, then default will be used.
How should this be tested?
Add <@p.deleteIndividualLink individual /> to individual page to create a link for individual deletion. Use link to delete individual.
Write CONSTRUCT query in format display:hasDeleteQuery """ construct query text """ .
and save it to rdf/display/everytime/
Interested parties
Tag (@ mention) interested parties or, if unsure, @VIVO-project/vivo-committers