geonetwork · ianwallen · Apr 5, 2024 · Oct 23, 2023 · Oct 30, 2023 · Oct 30, 2023
diff --git a/core/src/main/java/org/fao/geonet/kernel/setting/Settings.java b/core/src/main/java/org/fao/geonet/kernel/setting/Settings.java
@@ -139,6 +139,7 @@ public class Settings {
     public static final String METADATA_IMPORT_RESTRICT = "metadata/import/restrict";
     public static final String METADATA_IMPORT_USERPROFILE = "metadata/import/userprofile";
     public static final String METADATA_BATCH_EDITING_ACCESS_LEVEL = "metadata/batchediting/accesslevel";
+    public static final String METADATA_HISTORY_ACCESS_LEVEL = "metadata/history/accesslevel";
     public static final String METADATA_PUBLISHED_DELETE_USERPROFILE = "metadata/delete/profilePublishedMetadata";
     public static final String METADATA_PUBLISH_USERPROFILE = "metadata/publication/profilePublishMetadata";
     public static final String METADATA_UNPUBLISH_USERPROFILE = "metadata/publication/profileUnpublishMetadata";

diff --git a/services/src/main/java/org/fao/geonet/api/records/MetadataWorkflowApi.java b/services/src/main/java/org/fao/geonet/api/records/MetadataWorkflowApi.java
@@ -60,6 +60,7 @@
 import org.fao.geonet.kernel.setting.Settings;
 import org.fao.geonet.repository.*;
 import org.fao.geonet.util.MetadataPublicationMailNotifier;
+import org.fao.geonet.util.UserUtil;
 import org.fao.geonet.utils.Log;
 import org.fao.geonet.utils.Xml;
 import org.jdom.Element;
@@ -71,6 +72,7 @@
 import org.springframework.data.domain.Sort;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.hierarchicalroles.RoleHierarchy;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.*;
@@ -149,6 +151,9 @@ public class MetadataWorkflowApi {
     @Autowired
     MetadataPublicationMailNotifier metadataPublicationMailNotifier;
 
+    @Autowired
+    RoleHierarchy roleHierarchy;
+
     // The restore function currently supports these states
     static final Integer[] supportedRestoreStatuses = {
         Integer.parseInt(StatusValue.Events.RECORDUPDATED),
@@ -692,6 +697,7 @@ public List<MetadataStatusResponse> getWorkflowStatusByType(
         Integer size,
         HttpServletRequest request) throws Exception {
         ServiceContext context = ApiUtils.createServiceContext(request);
+        checkUserProfileToViewMetadataHistory(context.getUserSession());
 
         Profile profile = context.getUserSession().getProfile();
         if (profile != Profile.Administrator) {
@@ -1310,4 +1316,23 @@ private void changeMetadataStatus(ServiceContext context, AbstractMetadata metad
         listOfStatusChange.add(metadataStatusValue);
         sa.onStatusChange(listOfStatusChange);
     }
+
+
+    /**
+     * Checks if the user profile is allowed to view metadata history status.
+     *
+     * @param userSession
+     */
+    private void checkUserProfileToViewMetadataHistory(UserSession userSession) {
+        if (userSession.getProfile() != Profile.Administrator) {
+            String allowedUserProfileToImportMetadata =
+                org.apache.commons.lang.StringUtils.defaultIfBlank(settingManager.getValue(Settings.METADATA_HISTORY_ACCESS_LEVEL), Profile.Editor.toString());
+
+            // Is the user profile higher than the profile allowed?
+            if (!UserUtil.hasHierarchyRole(allowedUserProfileToImportMetadata, this.roleHierarchy)) {
+                throw new NotAllowedException("The user has no permissions to view metadata history.");
+            }
+        }
+
+    }
 }
diff --git a/services/src/main/java/org/fao/geonet/api/records/editing/BatchEditsApi.java b/services/src/main/java/org/fao/geonet/api/records/editing/BatchEditsApi.java
@@ -317,7 +317,7 @@ private void checkUserProfileToBatchEditMetadata(UserSession userSession) {
             String allowedUserProfileToImportMetadata =
                 StringUtils.defaultIfBlank(settingManager.getValue(Settings.METADATA_BATCH_EDITING_ACCESS_LEVEL), Profile.Editor.toString());
 
-            // Is the user profile is higher than the profile allowed to import metadata?
+            // Is the user profile higher than the profile allowed to import metadata?
             if (!UserUtil.hasHierarchyRole(allowedUserProfileToImportMetadata, this.roleHierarchy)) {
                 throw new NotAllowedException("The user has no permissions to batch edit metadata.");
             }

diff --git a/web-ui/src/main/resources/catalog/js/CatController.js b/web-ui/src/main/resources/catalog/js/CatController.js
@@ -1841,6 +1841,15 @@
                   : "";
             return angular.isFunction(this[fnName]) ? this[fnName]() : false;
           },
+          canViewMetadataHistory: function () {
+            var profile = gnConfig["metadata.history.accesslevel"] || 'Editor',
+              fnName =
+                profile !== ''
+                  ? 'is' + profile[0].toUpperCase() + profile.substring(1) + 'OrMore'
+                  : '';
+            console.log("User profile to view history: "+profile);
+            return angular.isFunction(this[fnName]) ? this[fnName]() : false;
+          },
           canDeletePublishedMetadata: function () {
             var profile =
                 gnConfig["metadata.delete.profilePublishedMetadata"] || "Editor",

diff --git a/web-ui/src/main/resources/catalog/locales/en-admin.json b/web-ui/src/main/resources/catalog/locales/en-admin.json
@@ -874,6 +874,9 @@
     "metadata/publication/profilePublishMetadata-help": "Minimum user profile allowed to publish metadata (Reviewer or Administrator). The default value is Reviewer.",
     "metadata/publication/profileUnpublishMetadata": "Minimum user profile allowed to un-publish metadata",
     "metadata/publication/profileUnpublishMetadata-help": "Minimum user profile allowed to un-publish metadata (Reviewer or Administrator). The default value is Reviewer.",
+    "metadata/history": "Metadata History",
+    "metadata/history/accesslevel": "Select the minimum user profile allowed to view metadata history",
+    "metadata/history/accesslevel-help": "Select the minimum user profile allowed to view metadata history (Registered User, Editor, Reviewer or Administrator). The default value is Editor.",
     "filterStatusByAuthor":"Status author",
     "filterStatusByOwner":"Status owner",
     "filterStatusByRecordId":"Record identifier",

diff --git a/web-ui/src/main/resources/catalog/templates/admin/settings/system.html b/web-ui/src/main/resources/catalog/templates/admin/settings/system.html
@@ -254,6 +254,23 @@ <h3>{{section2.name | translate}}</h3>
                         </option>
                       </select>
 
+                      <select data-ng-switch-when="metadata/history/accesslevel"
+                              class="form-control"
+                              name="{{s.name}}">
+                        <option value="RegisteredUser"
+                                ng-selected="'RegisteredUser' == s.value">{{'RegisteredUser' | translate}}
+                        </option>
+                        <option value="Editor"
+                                ng-selected="'Editor' == s.value">{{'Editor' | translate}}
+                        </option>
+                        <option value="Reviewer"
+                                ng-selected="'Reviewer' == s.value">{{'Reviewer' | translate}}
+                        </option>
+                        <option value="Administrator"
+                                ng-selected="'Administrator' == s.value">{{'Administrator' | translate}}
+                        </option>
+                      </select>
+
                       <div data-ng-switch-when="system/metadatacreate/preferredGroup">
                         <input
                           type="hidden"

diff --git a/web-ui/src/main/resources/catalog/views/default/templates/recordView/footer.html b/web-ui/src/main/resources/catalog/views/default/templates/recordView/footer.html
@@ -7,7 +7,7 @@
 <div
   class="row gn-padding-top"
   data-ng-if="isRecordHistoryEnabled
-                 && user.isEditorOrMore()
+                 && user.canViewMetadataHistory()
                  && mdView.current.record.draft != 'y'"
 >
   <div class="col-md-12">

diff --git a/web/src/main/webapp/WEB-INF/classes/setup/sql/data/data-db-default.sql b/web/src/main/webapp/WEB-INF/classes/setup/sql/data/data-db-default.sql
@@ -695,6 +695,8 @@ INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metada
 
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/batchediting/accesslevel', 'Editor', 0, 12020, 'n');
 
+INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/history/accesslevel', 'Editor', 0, 12021, 'n');
+
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/delete/profilePublishedMetadata', 'Editor', 0, 12011, 'n');
 
 INSERT INTO Settings (name, value, datatype, position, internal) VALUES ('metadata/publication/profilePublishMetadata', 'Reviewer', 0, 12021, 'n');

diff --git a/web/src/main/webapp/WEB-INF/classes/setup/sql/migrate/v440/migrate-default.sql b/web/src/main/webapp/WEB-INF/classes/setup/sql/migrate/v440/migrate-default.sql
@@ -2,3 +2,4 @@ UPDATE Settings SET value='4.4.0' WHERE name='system/platform/version';
 UPDATE Settings SET value='0' WHERE name='system/platform/subVersion';
 
 INSERT INTO Settings (name, value, datatype, position, internal) SELECT distinct 'metadata/batchediting/accesslevel', 'Editor', 0, 12020, 'n' from settings WHERE NOT EXISTS (SELECT name FROM Settings WHERE name = 'metadata/batchediting/accesslevel');
+INSERT INTO Settings (name, value, datatype, position, internal) SELECT distinct 'metadata/history/accesslevel', 'Editor', 0, 12021, 'n' from settings WHERE NOT EXISTS (SELECT name FROM Settings WHERE name = 'metadata/history/accesslevel');
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,3 +2,4 @@ UPDATE Settings SET value='4.4.0' WHERE name='system/platform/version';
		UPDATE Settings SET value='0' WHERE name='system/platform/subVersion';

		INSERT INTO Settings (name, value, datatype, position, internal) SELECT distinct 'metadata/batchediting/accesslevel', 'Editor', 0, 12020, 'n' from settings WHERE NOT EXISTS (SELECT name FROM Settings WHERE name = 'metadata/batchediting/accesslevel');
		INSERT INTO Settings (name, value, datatype, position, internal) SELECT distinct 'metadata/history/accesslevel', 'Editor', 0, 12021, 'n' from settings WHERE NOT EXISTS (SELECT name FROM Settings WHERE name = 'metadata/history/accesslevel');
Copy link Member josegar74 Nov 16, 2023 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. This change should be moved to https://github.com/geonetwork/core-geonetwork/blob/main/web/src/main/webapp/WEB-INF/classes/setup/sql/migrate/v441/migrate-default.sql Copy link Collaborator Author wangf1122 Nov 16, 2023 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others. Learn more. I moved the script to v441. I also added update statement to set the name of system/metadata/history/enabled to metadata/history/enabled as you suggested in another comment