Commit 854e524d authored by Piotr Gawron's avatar Piotr Gawron
Browse files

Merge branch '979-curator-can-add-overlay-if-granted-with-view-project-only' into 'master'

Resolve "Curator can add overlay if granted with View project only"

Closes #979

See merge request minerva/core!956
parents e194c9cc 75bc1b6b
minerva (14.0.0~beta.2) unstable; urgency=low
minerva (14.0.0) stable; urgency=medium
* Feature removal: BioCompendium annotator removed (#32)
* Feature removal: support for tomcat7 removed (#828)
* Feature: security layer redesigned - privilege types and scope changed
(#636, #624)
* Feature: log4j is replaced with log4j2 logging mechanism (#291)
* Feature: database installed via debian package is done via dbconfig-commons
(#469)
* Feature: Replaced connection pool manager C3P0 with better maintained
Hikari - restart of postgresql database doesn't require restart of tomcat
(#564)
* Small improvement: debian package can be installed on debian:buster (#879)
* Small improvement: info window contains information about overlay No (#919)
* Small improvement: curator without write access to project has info about
it when editing project (#940)
* Small improvement: when revoking view access to project, revoke
automatically write access to it (#920)
* Bug fix: exported SBML passes online validation (#831)
* Bug fix: changing owner of data overlay should change order index (#945)
* Bug fix: allow user to remove own comments (#931)
* Bug fix: validation of project name length is provided (#950)
* Bug fix: after reducing privileges on himself interface is refreshed (#948)
* Bug fix: list of "Copy from" elements in "Select valid annotations" dialog
is shortened to used bio entity typrd (#911)
* Bug fix: removing overlays as curator in admin panel fixed (#944)
* Bug fix: information about deprecated column is more clear about column
names (#838)
* Bug fix: version of the project is limited to 20 characters (#951)
* Bug fix: link to comment on map from admin panel was broken (#941)
* Bug fix: hide glyphs tab when necessary (#949)
* Bug fix: user with write access but without can_create_privileges cannot
create data overlay (#939)
* Bug fix: export to CD could misalign reaction lines that were imported from
format that didn't require reaction line to be attached to the species (#933)
* Bug fix: problem with migration of default privileges (#902)
* Bug fix: some project privileges were not migrated properly (#902)
* Bug fix: problem with uploading data_overlays with type included in header
(#936)
-- Piotr Gawron <piotr.gawron@uni.lu> Mon, 18 Sep 2019 19:00:00 +0200
minerva (14.0.0~beta.1) unstable; urgency=low
* Bug fix: problem with changing user role (#932)
-- Piotr Gawron <piotr.gawron@uni.lu> Tue, 3 Aug 2019 21:00:00 +0200
minerva (14.0.0~beta.0) unstable; urgency=low
* Small improvement: sorting by columns that doesn't make sense in admin
panel is disabled (#895)
* Small improvement: version of minerva is visible in map browser panel
* Small improvement: small info about annotator details is available in
select anntoators dialog (#923)
select annotators dialog (#923)
* Small improvement: CellDesigner layers are always visualized as pathways
(#813)
* Small improvement: setting "Modify project| checkbox automatically select
"View project" checkbox when editing privileges (#920)
* Small improvement: notification email uses minerva name and id of affected
project (#926)
* Small improvement: information about person who uploaded project is visible
in list of projects (#927)
* Small improvement: user role introduced in edit user dialog (#924)
* Small improvement: tab with list of glyps is available when adding project
* Small improvement: tab with list of glyphs is available when adding project
with glyphs (#925)
* Small improvement: BackgroundColor parameter should be assigned using ":"
character (#929)
* Small improvement: anonymous login is no longer required - each API query
outside session is authorized with anonymous user privileges (#629)
* Small improvement: bcrypt is used for password encryption (#387)
* Small improvement: caching is active by default for new users when
uploading project (#202)
* Small improvement: when removing overlay in admin panel there is a
confirmation dialog (#696)
* Small improvement: overlay name is obligatory (#698)
* Small improvement: list of projects in admin panel contains creation date
(#447)
* Small improvement: links in list of publications open in new tab (#447)
* Small improvement: target gene in search panel contains also information
about type of database that identifies the target (#66)
* Small improvement: redundant 'references' field in gene variants data
overlay is now deprecated (#850)
* Small improvement: information about deprecated columns in data overlay is
visible in overlay list (#838)
* Small improvement: publication list is resizeable (#740)
* Small improvement: user list on project edit dialog is sortable (#808)
* Bug fix: exported SBML passes online validation (#831)
* Bug fix: allow user to remove own comments (#931)
* Bug fix: validation of project name length is provided (#950)
* Bug fix: list of "Copy from" elements in "Select valid annotations" dialog
is shortened to used bio entity types (#911)
* Bug fix: version of the project is limited to 20 characters (#951)
* Bug fix: export to CD could misalign reaction lines that were imported from
format that didn't require reaction line to be attached to the species (#933)
* Bug fix: problem with uploading data_overlays with type included in header
(#936)
* Bug fix: work on FF Private Window mode could cause logout or raise an
error on when opening new tab with minerva (#892)
* Bug fix: fetching list of miRnas resulted sometimes in "Internal Server
Error" (#889)
* Bug fix: user without admin right can accept terms of service (#893)
* Bug fix: edit project dialog verifies organism id (#914)
* Bug fix: user without admin or curator privileges shouldn't be able to
check logs (#894)
* Bug fix: user without admin or curator privileges had issues with accesing
and removing data overlays (#897, #898, #899, #903)
* Bug fix: privilege checking on updating privileges, data overlays were not
sufficient and could lead to access escalation
* Bug fix: user without privileges had edit map input options enabled
* Bug fix: user without privileges had edit map input options for managing
project users
* Bug fix: curator couldn't update data overlay in some situations (#905)
* Bug fix: alignment of tabs fixed for dialogs: "Add Project", "Edit Genome",
"Edit Project", "Edit User" (#881)
* Bug fix: all colors in boolean reaction (from CellDesigner) are processed
properly (#907)
* Bug fix: proper line type for boolean reaction is used on the whole
reaction (#908)
* Bug fix: user with modify access to the project can edit it in admin panel
(#901)
* Bug fix: creating project with too long name hung (#916)
* Bug fix: too long user login thrown an error (#915)
* Bug fix: width of info window adjust to the content size (#903)
* Bug fix: creating project with too long name hung upload (#916)
* Bug fix: too long user login threw an error (#915)
* Bug fix: when uploading generic data overlay the type was not updated in
case the type was not specified in the input file (#906)
* Bug fix: list of types when copying from annotators contains only types
that are selectable in the dialog (#911)
* Bug fix: remove of data overlay didn't update numbering of data overlays
that are still in the system (#918)
* Bug fix: too long name for data overlay in info window is trimmed (#919)
* Bug fix: too long name in general overlay list is wrapped (#857)
* Bug fix: after genome is removed list of genomes is refreshed (#922)
* Bug fix: when session expired anonymous user could access admin panel with
very limited access (#928)
* Bug fix: migrating from old minerva will grant WRITE_PROJECT privilege to
users who have manage comments or manage overlays privilege (#902)
-- Piotr Gawron <piotr.gawron@uni.lu> Wed, 28 Aug 2019 21:00:00 +0200
minerva (14.0.0~alpha.1) unstable; urgency=low
* Feature removal: support for tomcat7 removed (#828)
* Small improvement: debian package can be installed on debian:buster (#879)
* Bug fix: REST API bioEntities:search method didn't limit results to the
submodel id (#860)
* Bug fix: Empty Overlay colours were not preserved during export to
CellDesigner (#714)
* Bug fix: some project couldn't be accessed due to problem with migration of
reaction with unknown boolean operator (#880)
* Bug fix: problem with unloading plugin is properly handled (#884)
* Bug fix: upload of invalid plugin doesn't add it to plugin tab and list of
loaded plugins (#885)
* Bug fix: link to molart was brokwn (#886)
* Bug fix: context menu visualization fixed
* Bug fix: problem with uploading projects (#887)
-- Piotr Gawron <piotr.gawron@uni.lu> Mon, 13 Aug 2019 21:00:00 +0200
minerva (14.0.0~alpha.0) unstable; urgency=low
* Feature: security layer redesigned - privilege types and scope changed
(#636, #624)
* Feature: log4j is replaced with log4j2 logging mechanism (#291)
* Feature: database installed via debian package is done via dbconfig-commons
(#469)
* Feature: Replaced connection pool manager C3P0 with better maintained
Hikari - restart of postgresql database doesn't require restart of tomcat
(#564)
* Feature removal: BioCompendium annotator removed (#32)
* Small improvement: anonymous login is no longer required - each API query
outside session is authorized with anonymous user privileges (#629)
* Small improvement: bcrypt is used for password encryption (#387)
* Small improvement: caching is active by default for new users when
uploading project (#202)
* Small improvement: when removing overlay in admin panel there is a
confirmation dialog (#696)
* Small improvement: overlay name is obligatory (#698)
* Small improvement: list of projects in admin panel contains creation date
(#447)
* Small improvement: links in list of publications open in new tab (#447)
* Small improvement: target gene in search panel contains also information
about type of database that identifies the target (#66)
* Small improvement: redundant 'references' field in gene variants data
overlay is now deprecated (#850)
* Small improvement: information about deprecated columns in data overlay is
visible in overlay list (#838)
* Small improvement: publication list is resizeable (#740)
* Small improvement: user list on project edit dialog is sortable (#808)
* Bug fix: export to CellDesigner of reaction with two modifiers connected
with boolean operator resulted was skipping some layout information
* Bug fix: reaction in SBGNML file containing two products was improperly
......@@ -156,7 +93,7 @@ minerva (14.0.0~alpha.0) unstable; urgency=low
* Bug fix: Search drug by target element did not return values when this
element was annotated automatically (#216)
-- Piotr Gawron <piotr.gawron@uni.lu> Fri, 09 Aug 2019 10:00:00 +0200
-- Piotr Gawron <piotr.gawron@uni.lu> Wed, 09 Oct 2019 12:00:00 +0200
minerva (13.2.0) stable; urgency=medium
* Small improvement: MolArt v1.4 is used which provide information from
......
......@@ -102,6 +102,7 @@ public class OverlayController extends BaseController {
@PreAuthorize("hasAuthority('IS_ADMIN')" +
" or (hasAuthority('IS_CURATOR') and hasAuthority('WRITE_PROJECT:' + #projectId))" +
" or (hasAuthority('IS_CURATOR') and hasAuthority('READ_PROJECT:' + #projectId))" +
" or (hasAuthority('READ_PROJECT:' + #projectId) and hasAuthority('CAN_CREATE_OVERLAYS'))")
@PostMapping(value = "/")
public Map<String, Object> addOverlay(
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment