diff --git a/grails-app/assets/javascripts/profileEditor/controllers/CommentController.js b/grails-app/assets/javascripts/profileEditor/controllers/CommentController.js
index 06301df8..f1fd17ab 100644
--- a/grails-app/assets/javascripts/profileEditor/controllers/CommentController.js
+++ b/grails-app/assets/javascripts/profileEditor/controllers/CommentController.js
@@ -76,6 +76,9 @@ profileEditor.controller('CommentController', function (profileService, util, co
}
comment.children.push(data);
} else {
+ if (!Array.isArray(self.comments)) {
+ self.comments = [];
+ }
self.comments.push(data);
}
diff --git a/grails-app/assets/javascripts/profileEditor/controllers/UserAccessController.js b/grails-app/assets/javascripts/profileEditor/controllers/UserAccessController.js
index 1e1ff7b5..fb5a5f2d 100644
--- a/grails-app/assets/javascripts/profileEditor/controllers/UserAccessController.js
+++ b/grails-app/assets/javascripts/profileEditor/controllers/UserAccessController.js
@@ -80,10 +80,24 @@ profileEditor.controller('UserAccessController', function (messageService, util,
});
};
- self.privateModeChanged = function() {
+ self.privateModeChanged = function(form, isOptionChanged) {
if (self.opus.privateCollection) {
self.roles.push(userRole);
} else {
+ if (isOptionChanged) {
+ var hasRole_USER = self.users.find(it => it.role === 'ROLE_USER')
+ if (hasRole_USER) {
+ self.users = self.users.filter(it => it.role !== 'ROLE_USER')
+ var data = {privateCollection: self.opus.privateCollection, authorities: self.users};
+ var promise = profileService.updateUsers(self.opusId, data);
+ promise.then(function () {
+ form.$setPristine();
+ messageService.success("User access has been successfully updated.");
+ }, function () {
+ messageService.alert("An error has occurred while updating user access.");
+ });
+ }
+ }
self.roles.splice(4, 1)
}
};
diff --git a/grails-app/controllers/au/org/ala/profile/api/ApiController.groovy b/grails-app/controllers/au/org/ala/profile/api/ApiController.groovy
index 4141cf6c..b464416d 100644
--- a/grails-app/controllers/au/org/ala/profile/api/ApiController.groovy
+++ b/grails-app/controllers/au/org/ala/profile/api/ApiController.groovy
@@ -4,6 +4,7 @@ import au.ala.org.ws.security.RequireApiKey
import au.org.ala.profile.hub.BaseController
import au.org.ala.profile.hub.MapService
import au.org.ala.profile.hub.ProfileService
+import au.org.ala.profile.security.GrantAccess
import au.org.ala.profile.security.RequiresAccessToken
import grails.converters.JSON
@@ -24,6 +25,7 @@ import au.org.ala.plugins.openapi.Path
type = SecuritySchemeType.HTTP,
scheme = "bearer"
)
+
@RequireApiKey()
class ApiController extends BaseController {
static namespace = "v1"
@@ -106,6 +108,43 @@ class ApiController extends BaseController {
}
}
+ @GrantAccess
+ @Path("/api/opus")
+ @Operation(
+ summary = "Get all public collections",
+ operationId = "/api/opus",
+ method = "GET",
+ responses = [
+ @ApiResponse(
+ responseCode = "200",
+ content = @Content(
+ mediaType = "application/json",
+ array = @ArraySchema(
+ schema = @Schema(
+ implementation = CollectionList.class
+ )
+ )
+ )
+ ),
+ @ApiResponse(responseCode = "400",
+ description = "opusId is a required parameter"),
+ @ApiResponse(responseCode = "403",
+ description = "You do not have the necessary permissions to perform this action."),
+ @ApiResponse(responseCode = "405",
+ description = "An unexpected error has occurred while processing your request."),
+ @ApiResponse(responseCode = "404",
+ description = "Collection not found"),
+ @ApiResponse(responseCode = "500",
+ description = "An unexpected error has occurred while processing your request.")
+ ]
+ )
+ def getListCollections () {
+ List opus = profileService.getOpus() as List
+ List filtered = opus.findAll(it-> !it.privateCollection)
+ .collect{new CollectionList(uuid: it.uuid, shortName:it.shortName, title:it.title, thumbnailUrl:it.thumbnailUrl, description:it.description)}
+ render filtered as JSON
+ }
+
@Path("/api/opus/{opusId}/profile")
@Operation(
summary = "List profiles in a collection",
diff --git a/grails-app/controllers/au/org/ala/profile/api/ApiInterceptor.groovy b/grails-app/controllers/au/org/ala/profile/api/ApiInterceptor.groovy
index 00220bff..7ed11ca5 100644
--- a/grails-app/controllers/au/org/ala/profile/api/ApiInterceptor.groovy
+++ b/grails-app/controllers/au/org/ala/profile/api/ApiInterceptor.groovy
@@ -2,6 +2,7 @@ package au.org.ala.profile.api
import au.org.ala.profile.hub.ProfileService
import au.org.ala.profile.security.RequiresAccessToken
+import au.org.ala.profile.security.GrantAccess
import au.org.ala.web.AuthService
import grails.converters.JSON
import org.apache.http.HttpStatus
@@ -38,6 +39,8 @@ class ApiInterceptor {
} else {
authorised = true
}
+ } else if (method?.isAnnotationPresent(GrantAccess)){
+ authorised = true
}
}
diff --git a/grails-app/controllers/au/org/ala/profile/hub/UrlMappings.groovy b/grails-app/controllers/au/org/ala/profile/hub/UrlMappings.groovy
index ebc56f20..7ca3f7e2 100644
--- a/grails-app/controllers/au/org/ala/profile/hub/UrlMappings.groovy
+++ b/grails-app/controllers/au/org/ala/profile/hub/UrlMappings.groovy
@@ -265,6 +265,7 @@ class UrlMappings {
get "/opus/$opusId/profile/$profileId/image/thumbnail/$imageId" (version: "1.0", controller: "api", action: "retrieveLocalThumbnailImage", namespace: "v1")
get "/opus/$opusId/profile/$profileId/attribute/$attributeId" (version: "1.0", controller: "api", action: "getAttributes", namespace: "v1")
get "/opus/$opusId/profile/$profileId/draft" (version: "1.0", controller: "api", action: "getDraftProfile", namespace: "v1")
+ get "/opus" (version: "1.0", controller: "api", action: "getListCollections", namespace: "v1")
}
"/openapi/$action?/$id?(.$format)?"(controller: "openApi")
diff --git a/grails-app/views/opus/_editAccessControl.gsp b/grails-app/views/opus/_editAccessControl.gsp
index 79ee140a..1439483f 100644
--- a/grails-app/views/opus/_editAccessControl.gsp
+++ b/grails-app/views/opus/_editAccessControl.gsp
@@ -21,12 +21,16 @@
When the collection is 'private' only people who have been added to the collection with at least the 'User' role will be allowed to view the profiles within the collection.
+
+
+ Error:When you change collection private to public, existing all users who have USER ROLE will be deleted.
+
@@ -118,8 +122,8 @@
-
+
diff --git a/src/main/groovy/au/org/ala/profile/api/CollectionList.groovy b/src/main/groovy/au/org/ala/profile/api/CollectionList.groovy
new file mode 100644
index 00000000..e5f0131b
--- /dev/null
+++ b/src/main/groovy/au/org/ala/profile/api/CollectionList.groovy
@@ -0,0 +1,12 @@
+package au.org.ala.profile.api
+
+import groovy.transform.ToString
+
+@ToString
+class CollectionList {
+ String uuid
+ String shortName
+ String title
+ String thumbnailUrl
+ String description
+}
diff --git a/src/main/groovy/au/org/ala/profile/security/GrantAccess.groovy b/src/main/groovy/au/org/ala/profile/security/GrantAccess.groovy
new file mode 100644
index 00000000..b32eb50a
--- /dev/null
+++ b/src/main/groovy/au/org/ala/profile/security/GrantAccess.groovy
@@ -0,0 +1,13 @@
+package au.org.ala.profile.security
+
+import java.lang.annotation.*
+
+/**
+ * Annotation to check that a valid collection-specific access token has been provided.
+ */
+@Target([ElementType.TYPE, ElementType.METHOD])
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+public @interface GrantAccess {
+
+}
\ No newline at end of file
diff --git a/src/test/groovy/au/org/ala/profile/api/ApiControllerSpec.groovy b/src/test/groovy/au/org/ala/profile/api/ApiControllerSpec.groovy
index b88f5f68..86d17a98 100644
--- a/src/test/groovy/au/org/ala/profile/api/ApiControllerSpec.groovy
+++ b/src/test/groovy/au/org/ala/profile/api/ApiControllerSpec.groovy
@@ -150,6 +150,7 @@ class ApiControllerSpec extends Specification implements ControllerUnitTest> [[uuid: 'abc',shortName:'alatest',title:'title1',desciption:'desc1',thubnailUrl:'test.png']]
+
+ when:
+ controller.getListCollections()
+
+ then:
+ response.status == 200
+
}
}