From d17d490cdf266dc2c0e8110a2f0093814db302b6 Mon Sep 17 00:00:00 2001
From: Piotr Gawron <piotr.gawron@uni.lu>
Date: Tue, 22 Aug 2017 17:00:03 +0200
Subject: [PATCH] unnecessary privileges removed

---
 .../lcsb/mapviewer/model/user/PrivilegeType.java    | 10 ----------
 persist/src/db/11.1.0/fix_db_20170822.sql           |  3 +++
 .../lcsb/mapviewer/api/users/UserController.java    |  2 +-
 .../mapviewer/services/impl/ProjectService.java     |  2 +-
 web/src/main/java/lcsb/mapviewer/bean/MapBean.java  | 13 -------------
 .../main/java/lcsb/mapviewer/bean/SearchBean.java   | 13 -------------
 6 files changed, 5 insertions(+), 38 deletions(-)
 create mode 100644 persist/src/db/11.1.0/fix_db_20170822.sql

diff --git a/model/src/main/java/lcsb/mapviewer/model/user/PrivilegeType.java b/model/src/main/java/lcsb/mapviewer/model/user/PrivilegeType.java
index 04af0ffb93..2ae29adda5 100644
--- a/model/src/main/java/lcsb/mapviewer/model/user/PrivilegeType.java
+++ b/model/src/main/java/lcsb/mapviewer/model/user/PrivilegeType.java
@@ -21,21 +21,11 @@ public enum PrivilegeType {
 	 */
 	ADD_MAP(BasicPrivilege.class, null, "Add project"),
 
-	/**
-	 * User can edit data mining information in the project.
-	 */
-	EDIT_MISSING_CONNECTIONS_PROJECT(ObjectPrivilege.class, Project.class, "Edit suggested connections"),
-
 	/**
 	 * User can edit comments in the project.
 	 */
 	EDIT_COMMENTS_PROJECT(ObjectPrivilege.class, Project.class, "Manage comments"),
 
-	/**
-	 * User has access to advanced drug targeting info.
-	 */
-	DRUG_TARGETING_ADVANCED_VIEW_PROJECT(ObjectPrivilege.class, Project.class, "Drug targeting advanced view"),
-
 	/**
 	 * User can manage projects.
 	 */
diff --git a/persist/src/db/11.1.0/fix_db_20170822.sql b/persist/src/db/11.1.0/fix_db_20170822.sql
new file mode 100644
index 0000000000..1bcbdea005
--- /dev/null
+++ b/persist/src/db/11.1.0/fix_db_20170822.sql
@@ -0,0 +1,3 @@
+--unnecessery privileges removed
+delete from privilege_table where type='DRUG_TARGETING_ADVANCED_VIEW_PROJECT' ;
+delete from privilege_table where type='EDIT_MISSING_CONNECTIONS_PROJECT' ;
\ No newline at end of file
diff --git a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
index ce38815638..afc96827ab 100644
--- a/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
+++ b/rest-api/src/main/java/lcsb/mapviewer/api/users/UserController.java
@@ -91,7 +91,7 @@ public class UserController extends BaseController {
 		return userRest.getUsers(token, columns);
 	}
 
-	@RequestMapping(value = "/users/{login}:updatePrivileges", method = { RequestMethod.POST }, produces = { MediaType.APPLICATION_JSON_VALUE })
+	@RequestMapping(value = "/users/{login}:updatePrivileges", method = { RequestMethod.PATCH }, produces = { MediaType.APPLICATION_JSON_VALUE })
 	public Map<String, Object> updatePrivileges(//
 			@RequestBody String body, //
 			@CookieValue(value = Configuration.AUTH_TOKEN) String token, //
diff --git a/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java b/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
index 4ed367e981..9739b285c9 100644
--- a/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
+++ b/service/src/main/java/lcsb/mapviewer/services/impl/ProjectService.java
@@ -586,7 +586,7 @@ public class ProjectService implements IProjectService {
 				ObjectPrivilege privilege = new ObjectPrivilege(project, 1, PrivilegeType.VIEW_PROJECT, user);
 				userService.setUserPrivilege(user, privilege);
 				if (admin) {
-					privilege = new ObjectPrivilege(project, 1, PrivilegeType.EDIT_MISSING_CONNECTIONS_PROJECT, user);
+					privilege = new ObjectPrivilege(project, 1, PrivilegeType.LAYOUT_MANAGEMENT, user);
 					userService.setUserPrivilege(user, privilege);
 					privilege = new ObjectPrivilege(project, 1, PrivilegeType.EDIT_COMMENTS_PROJECT, user);
 					userService.setUserPrivilege(user, privilege);
diff --git a/web/src/main/java/lcsb/mapviewer/bean/MapBean.java b/web/src/main/java/lcsb/mapviewer/bean/MapBean.java
index f96515e249..d8c6f2d8d8 100644
--- a/web/src/main/java/lcsb/mapviewer/bean/MapBean.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/MapBean.java
@@ -563,19 +563,6 @@ public class MapBean extends AbstractManagedBean implements Serializable {
 		return result;
 	}
 
-	/**
-	 * Check if user can edit connections.
-	 * 
-	 * @return <i>true</i> if user can edit connections,<br/>
-	 *         <i> false otherwise</i>
-	 */
-	public boolean getUserHasEditMissingConnection() {
-		Project project = getCurrentProject();
-		User user = userBean.getLoggedUser();
-		boolean result = userService.userHasPrivilege(user, PrivilegeType.EDIT_MISSING_CONNECTIONS_PROJECT, project);
-		return result;
-	}
-
 	/**
 	 * This is artifitial method called by the client side to pass some parameters
 	 * to the bean:
diff --git a/web/src/main/java/lcsb/mapviewer/bean/SearchBean.java b/web/src/main/java/lcsb/mapviewer/bean/SearchBean.java
index eca49cfa67..0129852862 100644
--- a/web/src/main/java/lcsb/mapviewer/bean/SearchBean.java
+++ b/web/src/main/java/lcsb/mapviewer/bean/SearchBean.java
@@ -336,19 +336,6 @@ public class SearchBean extends AbstractMarkerManagerBean<SearchElementResult> i
 		}
 	}
 
-	/**
-	 * Check if user can edit connections.
-	 * 
-	 * @return <i>true</i> if user can edit connections,<br/>
-	 *         <i>false</i> otherwise
-	 */
-	public boolean getUserHasEditMissingConnection() {
-		Project project = getCurrentProject();
-		User user = userBean.getLoggedUser();
-		boolean result = userService.userHasPrivilege(user, PrivilegeType.EDIT_MISSING_CONNECTIONS_PROJECT, project);
-		return result;
-	}
-
 	/**
 	 * Returns list of autocomple strings for the string query.
 	 * 
-- 
GitLab