#9179: Include editing support to allowed user groups

[dsuren1]

Description

This PR adds support to configure editingAllowedGroups to FeatureEditor and StyleEditor plugin

Please check if the PR fulfills these requirements

• The commit message follows our guidelines: https://github.com/geosolutions-it/MapStore2/blob/master/CONTRIBUTING.md
• Tests for the changes have been added (for bug fixes / features)
• Docs have been added / updated (for bug fixes / features)

What kind of change does this PR introduce? (check one with "x", remove the others)

• Feature

Issue

What is the current behavior?

• Include editing support to allowed user groups  #9179

What is the new behavior?
The edit permission configuration follows the below hierarchy (Applicable for FeatureEditor and StyleEditor plugin)

1. Allow all user to edit, when editingAllowedRoles has "ALL" configured in it
2. Allow edit, when user role and group belongs to either editingAllowedRoles or editingAllowedGroups configured for the plugin

Breaking change

Does this PR introduce a breaking change? (check one with "x", remove the other)

• Yes, and I documented them in migration notes
• No

Other useful information

[offtherailz]

Hi @dsuren1 . I tryed to suggest all the changes inline (initially only some review of code base to clarify it more) but I noticed during testing that one of the things didn't worked as expected.

In particular there is no way of allowing all logged users to be able to edit at the same time, without indicating all the groups of the system.This because the logic of the editing allowed selector for groups requires that the role is in the list.

I suggested to change this logic in the main selectorCreator used but you may need to test and check it more (and fix the unit tests).

We should handle and prioritize permissions this way:

• "editingAllowedRoles": ["ADMIN"], editingAllowedGroups: ["geosolutions"] means all admins and members of geosolutions group.
• "editingAllowedRoles": ["ADMIN", "USER"] means - all logged users (admins or users) so groups in this case are not important.
  So:
• Please check if the logic i suggested works and the documentation fits this requirement, fixing unit tests
• I wasn't able to test the styler. Please make you sure that this logic is correctly applied to the styler too.

[dsuren1]

Hi @offtherailz
Thanks for the feedback.

In particular there is no way of allowing all logged users to be able to edit at the same time, without indicating all the groups of the system.This because the logic of the editing allowed selector for groups requires that the role is in the list.

I suggested to change this logic in the main selectorCreator used but you may need to test and check it more (and fix the unit tests).

We should handle and prioritize permissions this way:

• "editingAllowedRoles": ["ADMIN"], editingAllowedGroups: ["geosolutions"] means all admins and members of geosolutions group.
• "editingAllowedRoles": ["ADMIN", "USER"] means - all logged users (admins or users) so groups in this case are not

This deviates from the requirement, the requirement was to allow ADMIN regardless of group the user belongs, and consider the group only when user is NON-ADMIN. For NON-ADMIN, default allowedGroups is everyone. With the current implementation, this configuration editingAllowedRoles: ["ADMIN", "USER"] will work for all the users of Mapstore. Kindly correct me if I'm missing something.

[offtherailz]

Ok. I can also see the requests to the rest interface for the configured group, even if he is not allowed. We may allow some special group for styler (e.g. adding a group styler and configuring members of this group) to make this feature fully testable.

[tdipisa]

@ElenaGallo please test this in DEV taking into account the comment above.