Merge branch 'release/29.x'

* release/29.x:
  #4215 - Ability to specify GID and UID for the user used inside the Docker image
  #4226 - Display logout button on annotation page if dashboard access is disabled
  #4215 - Ability to specify GID and UID for the user used inside the Docker image

inception/inception-api-annotation/src/main/java/de/tudarmstadt/ukp/clarin/webanno/api/annotation/actionbar/ActionBar.html

@@ -19,9 +19,9 @@
 <html xmlns:wicket="http://wicket.apache.org">
 <body>
   <wicket:panel>
-    <div wicket:id="items">
+    <wicket:container wicket:id="items">
       <wicket:container wicket:id="item"/>
-    </div>
+    </wicket:container>
   </wicket:panel>
 </body>
 </html>

inception/inception-bootstrap/src/main/ts/bootstrap/inception-actionbar.scss

@@ -26,7 +26,7 @@
   align-items: center;
 
   @include media-breakpoint-down(xl) {
-    font-size: 1vw !important;
+    font-size: 1.3vw !important;
   }
 
   @include media-breakpoint-down(xl) {
@@ -36,25 +36,6 @@
       font-size: inherit !important;
     }
   }
-
-  @include media-breakpoint-down(lg) {
-    .btn {
-      padding-left: calc($input-btn-padding-x / 2);
-      padding-right: calc($input-btn-padding-x / 2);
-    }
-  }
-
-  > * {
-    padding-left: calc($grid-gutter-width / 4);
-    padding-right: calc($grid-gutter-width / 4);
-  }
-
-  @include media-breakpoint-down(xl) {
-    > * {
-      padding-left: calc($grid-gutter-width / 8);
-      padding-right: calc($grid-gutter-width / 8);
-    }
-  }
 
   .btn-group, .input-group {
     @extend .bg-body;
@@ -65,32 +46,23 @@
 
   .btn-action-bar {
     @extend .btn-outline-secondary;
+
+    @include media-breakpoint-down(xl) {
+      --bs-btn-padding-x: 1vw !important;
+      --bs-btn-padding-y: 0.55vw !important;
+    }
   }
 
   .action-bar-group {
-    padding: 2px;
+    margin-left: 0.25rem;
+    margin-right: 0.25rem;
+    padding-top: 0.25rem;
+    padding-bottom: 0.25rem;
     background-color: var(--bs-light-border-subtle);
-    border-radius: 5px;
+    border-radius: var(--bs-border-radius);
     display: flex;
     flex-direction: row;
     align-items: center;
     flex: 0;
-
-    > * {
-      padding-left: calc($grid-gutter-width / 8);
-      padding-right: calc($grid-gutter-width / 8);
-    }
-
-    @include media-breakpoint-down(xl) {
-      > * {
-        padding-left: calc($grid-gutter-width / 16);
-        padding-right: calc($grid-gutter-width / 16);
-      }
-    }
-  }
-
-  .action-bar-group-title {
-    padding-left: calc($grid-gutter-width / 2);
-    padding-right: calc($grid-gutter-width / 2);
   }
 }

inception/inception-doc/src/main/resources/META-INF/asciidoc/admin-guide/installation_docker.adoc

@@ -105,6 +105,14 @@ annotations and knowledge bases, these are stored in files on disk). For product
 recommended to use a dedicated database server (i.e. MariaDB or compatible) instead of the embedded
 SQL database.
 
+== Customizing UID/GID
+
+By default, {product-name} runs with the UID 2000 and the GID 2000. On startup, any files belonging to {product-name} are automatically reassigned to these UID/GID, in the Docker container itself as well as in any volume potentially mounted under `/export` within the container. If you need the application to run as a different UID/GID, you can override these values when starting the container using the `APP_UID` and `APP_GID` environment variables.
+
+----
+$ docker run -it -e APP_UID=1234 -e APP_GID=4321 ghcr.io/inception-project/inception:{revnumber}
+----
+
 == Docker Compose
 
 Using Docker Compose, you can manage multiple related containers. This section illustrates how to use
@@ -190,3 +198,4 @@ Docker Compose script. To increase the available memory (RAM) to e.g. 4Gb, appen
 ----
 
 There is a lot more that you can do using Docker and Docker Compose. Please see the link:https://docs.docker.com/compose/[docker-compose reference] for details.
+

inception/inception-docker/src/main/docker/Dockerfile

@@ -8,28 +8,45 @@ FROM eclipse-temurin:17
 
 MAINTAINER INCEpTION Team
 
+# Define network ports
+EXPOSE 8080
+
 # make sure INCEpTION is running in en_US.UTF-8 locale
 RUN set -ex \
-      && DEBIAN_FRONTEND=noninteractive \
-      && apt-get update \
-      && apt-get install -y --no-install-recommends locales \
-      && apt-get upgrade -y
+    && DEBIAN_FRONTEND=noninteractive \
+    && apt-get update \
+    && apt-get install -y --no-install-recommends locales \
+    && apt-get upgrade -y
+
+# Set up language
 RUN set -ex \
-      && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
-      && dpkg-reconfigure --frontend=noninteractive locales \
-      && update-locale LANG=en_US.UTF-8
+    && sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \
+    && dpkg-reconfigure --frontend=noninteractive locales \
+    && update-locale LANG=en_US.UTF-8
 ENV LANG en_US.UTF-8
 
+# Install application JAR
 WORKDIR /opt/inception
-
 COPY @docker.jarfile@ inception-app-standalone.jar
-
-# this will be the INCEpTION home folder
+COPY launch.sh .
+
+# Set up user, group and home folder permissions
+ENV APP_USER=inception
+ENV APP_UID=2000
+ENV APP_GROUP=inception
+ENV APP_GID=2000
+RUN groupadd -g ${APP_GID} ${APP_GROUP} \ 
+    && useradd -m \
+      -d /opt/inception  \
+      -s /bin/bash  \
+      -g ${APP_GROUP} -u ${APP_UID} ${APP_USER} \
+    && chown -R ${APP_USER}:${APP_GROUP} /opt/inception \
+    && chmod +x launch.sh
+
+# Set up application data folder
 RUN mkdir /export
 VOLUME /export
 
-EXPOSE 8080
-
+# Launch application
 ENV JAVA_OPTS="-Xmx750m"
-
-CMD java ${JAVA_OPTS} -Djava.awt.headless=true -Dinception.home=/export -jar inception-app-standalone.jar
+CMD /opt/inception/launch.sh java ${JAVA_OPTS} -Djava.awt.headless=true -Dinception.home=/export -jar inception-app-standalone.jar

inception/inception-docker/src/main/docker/launch.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+# Licensed to the Technische Universität Darmstadt under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The Technische Universität Darmstadt 
+# licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.
+#  
+# http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -x
+
+# Update the user and group IDs for an existing user
+echo "Updating UID [$APP_UID] and GID [$APP_GID] for user [$APP_USER] and group [$APP_GROUP]..."
+usermod -u "$APP_UID" "$APP_USER"
+groupmod -g "$APP_GID" "$APP_GROUP"
+
+# Change the ownership of application files
+echo "Updating file ownership user inception - this may take a moment..."
+chown -R "$APP_USER":"$APP_GROUP" /opt/inception
+chown -R "$APP_USER":"$APP_GROUP" /export
+
+# Run application as the application user
+echo "Launching application..."
+COMMAND="$(which $1)" 
+shift
+ARGUMENTS="$(printf "\"%s\" " "$@")"
+exec su -l -c "${COMMAND} ${ARGUMENTS}" "$APP_USER"

inception/inception-ui-annotation/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/annotation/actionbar/closesession/CloseSessionActionBarExtension.java

@@ -0,0 +1,51 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.closesession;
+
+import org.apache.wicket.markup.html.panel.Panel;
+import org.springframework.core.annotation.Order;
+
+import de.tudarmstadt.ukp.clarin.webanno.api.annotation.actionbar.ActionBarExtension;
+import de.tudarmstadt.ukp.clarin.webanno.api.annotation.page.AnnotationPageBase;
+import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.config.AnnotationUIAutoConfiguration;
+import de.tudarmstadt.ukp.inception.ui.core.menubar.MenuBar;
+
+/**
+ * <p>
+ * This class is exposed as a Spring Component via
+ * {@link AnnotationUIAutoConfiguration#annotationCloseSessionActionBarExtension}.
+ * </p>
+ */
+@Order(10000)
+public class CloseSessionActionBarExtension
+    implements ActionBarExtension
+{
+    @Override
+    public boolean accepts(AnnotationPageBase aPage)
+    {
+        return aPage.visitChildren(MenuBar.class, (c, v) -> {
+            v.stop(!((MenuBar) c).isVisible());
+        });
+    }
+
+    @Override
+    public Panel createActionBarItem(String aId, AnnotationPageBase aPage)
+    {
+        return new CloseSessionPanel(aId, aPage);
+    }
+}

inception/inception-ui-annotation/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/annotation/actionbar/closesession/CloseSessionPanel.html

@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<!--
+  Licensed to the Technische Universität Darmstadt under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The Technische Universität Darmstadt 
+  licenses this file to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.
+   
+  http://www.apache.org/licenses/LICENSE-2.0
+  
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<html xmlns:wicket="http://wicket.apache.org">
+
+<body>
+  <wicket:panel>
+    <div class="d-flex flex-grow-1">
+      <div class="flex-grow-1" />
+      <div class="action-bar-group">
+        <div class="btn-group">
+          <button wicket:id="logoutButton" class="btn btn-action-bar" type="button" wicket:message="title:logOut">
+            <div class="text-nowrap">
+              <i class="fas fa-sign-out-alt"/>
+            </div>
+          </button>
+        </div>
+      </div>
+    </div>
+  </wicket:panel>
+</body>
+
+</html>

inception/inception-ui-annotation/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/annotation/actionbar/closesession/CloseSessionPanel.java

@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Technische Universität Darmstadt under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The Technische Universität Darmstadt 
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.
+ *  
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.closesession;
+
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.markup.html.panel.Panel;
+import org.apache.wicket.spring.injection.annot.SpringBean;
+
+import de.tudarmstadt.ukp.clarin.webanno.api.annotation.page.AnnotationPageBase;
+import de.tudarmstadt.ukp.clarin.webanno.security.config.LoginProperties;
+import de.tudarmstadt.ukp.clarin.webanno.security.config.PreauthenticationProperties;
+import de.tudarmstadt.ukp.clarin.webanno.support.lambda.LambdaAjaxLink;
+import de.tudarmstadt.ukp.clarin.webanno.ui.core.logout.LogoutPanel;
+
+public class CloseSessionPanel
+    extends Panel
+{
+    private static final long serialVersionUID = -9213541738534665790L;
+
+    private @SpringBean PreauthenticationProperties preauthenticationProperties;
+    private @SpringBean LoginProperties securityProperties;
+
+    public CloseSessionPanel(String aId, AnnotationPageBase aPage)
+    {
+        super(aId);
+        queue(new LambdaAjaxLink("logoutButton", this::actionLogout));
+    }
+
+    private void actionLogout(AjaxRequestTarget aTarget)
+    {
+        LogoutPanel.actionLogout(this, preauthenticationProperties, securityProperties);
+    }
+}

inception/inception-ui-annotation/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/annotation/config/AnnotationUIAutoConfiguration.java

@@ -30,6 +30,7 @@
 import de.tudarmstadt.ukp.clarin.webanno.api.ProjectService;
 import de.tudarmstadt.ukp.clarin.webanno.security.UserDao;
 import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.AnnotationPageMenuItem;
+import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.closesession.CloseSessionActionBarExtension;
 import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.undo.AnnotationUndoActionBarExtension;
 import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.undo.actions.ChainAnnotationActionUndoSupport;
 import de.tudarmstadt.ukp.clarin.webanno.ui.annotation.actionbar.undo.actions.FeatureValueActionUndoSupport;
@@ -85,4 +86,10 @@ public FeatureValueActionUndoSupport featureValueActionUndoSupport()
     {
         return new FeatureValueActionUndoSupport();
     }
+
+    @Bean
+    public CloseSessionActionBarExtension closeSessionActionBarExtension()
+    {
+        return new CloseSessionActionBarExtension();
+    }
 }

inception/inception-ui-core/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/core/WicketApplicationBase.properties

@@ -40,6 +40,7 @@ redo=Redo
 moveUp=Up
 moveDown=Down
 busy=Busy...
+logOut=Log out
 
 enabled=Enabled
 

inception/inception-ui-core/src/main/java/de/tudarmstadt/ukp/clarin/webanno/ui/core/login/LoginPage.java

@@ -82,7 +82,7 @@
 public class LoginPage
     extends ApplicationPageBase
 {
-    private static final String PARAM_SKIP_AUTP_LOGIN = "skipAutoLogin";
+    public static final String PARAM_SKIP_AUTO_LOGIN = "skipAutoLogin";
     private static final String PARAM_ERROR = "error";
 
     private static final String PROP_RESTORE_DEFAULT_ADMIN_ACCOUNT = "restoreDefaultAdminAccount";
@@ -124,7 +124,7 @@ public LoginPage(PageParameters aParameters)
         saml2LoginPanel.add(visibleWhen(this::isLoginAllowed));
         queue(saml2LoginPanel);
 
-        var skipAutoLogin = aParameters.get(PARAM_SKIP_AUTP_LOGIN).toBoolean(false)
+        var skipAutoLogin = aParameters.get(PARAM_SKIP_AUTO_LOGIN).toBoolean(false)
                 || tooManyUsers.getObject();
 
         // Failed OAuth2/SAML call this page with the parameter `?error` so we display a message