Create Permissions (#1692)

* feature (createPermissions) twirl template to create a new administrative permission

* feature (createPermissions) add request and response messages for create permission

* feature (createPermissions) route for create permissions and getting all permissions of a project and getting a permission with its IRI

* feature (createPermission) check that all necessary info is provided and is valid

* refactor (createPermissions) the routes to retrieve all project permissions and getting permissions with iri should not be part of this PR

* feature (createPermission) responder to create administrative permission

* fix (createPermission) add the IRI lock

* feature (createPermission) add validations to messages

* fix (createPermissions) build errors fixed

* fix (createPermission) build problems in specs fixed

* feature (createPermissions) validations added to messages + tests

* fix (createPermissions) remove the validations that cause errors

* refactor (createPermission) remove the check of requesting user in comparison with target user

* refactor (createPermissions) permissionsADME2ESpec is fixed together with get permissions route

* fix (createPermission) groupIri should not always be an IRI can be also type

* feature (createPermission) complete the createAdministrativePermission + unit test for it

* feature (createPermission) check the parameters given in DefaultObjectAccessCreateRequest + tests

* feature (createPermission) additional checks for DefaultObjectAccessPermissionsStringForPropertyGetADM & DefaultObjectAccessPermissionsStringForResourceClassGetADM

* feature (createPermission) validation of DefaultObjectAccessGet parameters

* feature (createPermission) added responder and unit tests for DefaultObjectAccessCreation

* fix (createPermission) E2E test to get permissons

* test (createPermission) E2E tests

* feature (createPermission) test data

* feature (createPermission) create permissions with custom IRI

* feature (createPermission) E2E tests and test data for permission creation with a custom IRI

* fix (createPermission) add the missing validations and test for them

* refactor (createPermission) rename E2E test

webapi/src/main/scala/org/knora/webapi/messages/OntologyConstants.scala

@@ -493,6 +493,12 @@ object OntologyConstants {
 
         /* Permissions */
         val Permission: IRI = KnoraAdminPrefixExpansion + "Permission"
+        val AdministrativePermission: IRI = KnoraAdminPrefixExpansion + "AdministrativePermission"
+        val DefaultObjectAccessPermission: IRI = KnoraAdminPrefixExpansion + "DefaultObjectAccessPermission"
+        val ForProject: IRI = KnoraAdminPrefixExpansion + "forProject"
+        val ForGroup: IRI = KnoraAdminPrefixExpansion + "forGroup"
+        val ForResourceClass: IRI = KnoraAdminPrefixExpansion + "forResourceClass"
+        val ForProperty: IRI = KnoraAdminPrefixExpansion + "forProperty"
 
         val ProjectResourceCreateAllPermission: String = "ProjectResourceCreateAllPermission"
         val ProjectResourceCreateRestrictedPermission: String = "ProjectResourceCreateRestrictedPermission"
@@ -524,13 +530,6 @@ object OntologyConstants {
             HasDefaultChangeRightsPermission
         )
 
-        val AdministrativePermission: IRI = KnoraAdminPrefixExpansion + "AdministrativePermission"
-        val DefaultObjectAccessPermission: IRI = KnoraAdminPrefixExpansion + "DefaultObjectAccessPermission"
-        val ForProject: IRI = KnoraAdminPrefixExpansion + "forProject"
-        val ForGroup: IRI = KnoraAdminPrefixExpansion + "forGroup"
-        val ForResourceClass: IRI = KnoraAdminPrefixExpansion + "forResourceClass"
-        val ForProperty: IRI = KnoraAdminPrefixExpansion + "forProperty"
-
         val SystemProject: IRI = KnoraAdminPrefixExpansion + "SystemProject"
         val DefaultSharedOntologiesProject: IRI = KnoraAdminPrefixExpansion + "DefaultSharedOntologiesProject"
 

webapi/src/main/scala/org/knora/webapi/messages/StringFormatter.scala

@@ -1725,6 +1725,16 @@ class StringFormatter private(val maybeSettings: Option[KnoraSettingsImpl] = Non
         isIri(iri) && iri.startsWith("http://" + IriDomain + "/groups/")
     }
 
+    /**
+     * Returns `true` if an IRI string looks like a Knora permission IRI.
+     *
+     * @param iri the IRI to be checked.
+     */
+    def isKnoraPermissionIriStr(iri: IRI): Boolean = {
+        isIri(iri) && iri.startsWith("http://" + IriDomain + "/permissions/")
+    }
+
+
     /**
      * Checks that a string represents a valid resource identifier in a standoff link.
      *
@@ -2600,6 +2610,33 @@ class StringFormatter private(val maybeSettings: Option[KnoraSettingsImpl] = Non
         }
     }
 
+    /**
+     * Given the permission IRI, checks if it is in a valid format.
+     *
+     * @param iri the permission's IRI.
+     * @return the IRI of the list.
+     */
+    def validatePermissionIri(iri: IRI, errorFun: => Nothing): IRI = {
+        if (isKnoraPermissionIriStr(iri)) {
+            iri
+        } else {
+            errorFun
+        }
+    }
+
+    /**
+     * Given the optional permission IRI, checks if it is in a valid format.
+     *
+     * @param maybeIri the optional permission's IRI to be checked.
+     * @return the same optional IRI.
+     */
+    def validateOptionalPermissionIri(maybeIri: Option[IRI], errorFun: => Nothing): Option[IRI] = {
+        maybeIri match {
+            case Some(iri) => Some(validatePermissionIri(iri, errorFun))
+            case None => None
+        }
+    }
+
     /**
      * Check that the supplied IRI represents a valid user IRI.
      *

webapi/src/main/scala/org/knora/webapi/messages/util/PermissionUtilADM.scala

@@ -637,12 +637,12 @@ object PermissionUtilADM extends LazyLogging {
                     }
 
                     /* Sort permissions in descending order */
-                    val sortedPermissions = groupedPermissions.toArray.sortWith {
+                    val sortedPermissions: Array[(String, String)] = groupedPermissions.toArray.sortWith {
                         (left, right) => permissionStringsToPermissionLevels(left._1) > permissionStringsToPermissionLevels(right._1)
                     }
 
                     /* create the permissions string */
-                    sortedPermissions.foldLeft("") { (acc, perm) =>
+                    sortedPermissions.foldLeft("") { (acc, perm: (String, String)) =>
                         if (acc.isEmpty) {
                             acc + perm._1 + " " + perm._2
                         } else {
@@ -652,6 +652,24 @@ object PermissionUtilADM extends LazyLogging {
                 } else {
                     throw InconsistentTriplestoreDataException("Permissions cannot be empty")
                 }
+            case PermissionType.AP =>
+
+                if (permissions.nonEmpty) {
+
+                    val permNames: Set[String] = permissions.map(_.name)
+
+                    /* creates the permissions string. something like "ProjectResourceCreateAllPermission|ProjectAdminAllPermission" */
+                    permNames.foldLeft("") { (acc, perm: String) =>
+                        if (acc.isEmpty) {
+                            acc + perm
+                        } else {
+                            acc + OntologyConstants.KnoraBase.PermissionListDelimiter + perm
+                        }
+                    }
+
+                } else {
+                    throw InconsistentTriplestoreDataException("Permissions cannot be empty")
+                }
         }
     }