Allow different group (other then tei) for generated application

[daliboris]

The application generated by TEI Publisher relies on the fact that its owner or (logged) user is a member of the tei security group (in eXist.db). This can be a security issue for multiple applications running on the same server.

I suggest to extend the application generation dialog where you can define not only the username and password, but also the eXist-db database group (which should be created if it doesn't exist).

I tried find in the source code whre the tei group, or related settings occurs. Here are my findings:

• the login domain in the config.xqm file: declare variable $config:login-domain := "org.exist.tei-simple";
• all <pb-login> elements with @group='tei', like
  • <pb-restricted group="tei"> in the documents.html, or odd-editor.html files
  • <pb-login id="login" group="tei" login-label="Login" role="button"/> in the menu-drawer.html
• restriction in the OpenAPI definitions (modules/lib/api.json). like

      "/api/upload": {
	"post": {
	   "summary": "Upload a number of files to the top-level data collection of the app",
	    "tags": ["collection"],
	    "operationId": "capi:upload",
	    "x-constraints": {
	        "groups": ["tei"]
	    },

• the deploy:expand-repo-descriptor() function in the modules/lib/api/generate.xql file

declare function deploy:expand-repo-descriptor($meta as element(repo:meta), $json as map(*)) {
    <meta xmlns="http://exist-db.org/xquery/repo">
        <description>{$json?title}</description>
        { $meta/(repo:author|repo:status|repo:license|repo:copyright|repo:type|repo:prepare|repo:finish) }
        <target>{$json?abbrev}</target>
        <permissions user="{$json?owner}" password="{$json?password}"
            group="tei" mode="rw-r--r--"/>
    </meta>
};