Add a flag to control whether read only users can see private projects …

…#2967
AtlasOfLivingAustralia · Aug 12, 2023 · 8efc297 · 8efc297
1 parent 1bb2ddf
commit 8efc297
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 3 deletions.
diff --git a/grails-app/controllers/au/org/ala/merit/ProjectController.groovy b/grails-app/controllers/au/org/ala/merit/ProjectController.groovy
@@ -56,6 +56,20 @@ class ProjectController {
                 config:config], view: 'espOverview'
     }
 
+    /**
+     * Programs can be marked as private which will restricts the ability to view the project
+     * page to users named in the Project Access section or who have a role on the MERIT hub.
+     * An additional flag can control whether users with read only access on the MERIT hub
+     * can see the project.
+     */
+    private static boolean canUserViewProject(def user, Map programConfig) {
+        boolean canView = true // By default, even un-authenticated users can view at least the project overview
+        if (programConfig?.visibility == 'private') {
+            canView = programConfig?.readOnlyUsersCanViewWhenPrivate ? user?.hasViewAccess : user?.isEditor
+        }
+        canView
+    }
+
     def index(String id) {
 
         def user = userService.getUser()
@@ -67,12 +81,12 @@ class ProjectController {
             user.hasViewAccess = projectService.canUserViewProject(user.userId, id) ?: false
         }
         def project = projectService.get(id, user,'all')
-        Map config
+        Map config = null
         if (project && !project.error) {
             config = projectService.getProgramConfiguration(project)
         }
 
-        if (!project || project.error || (config?.visibility == 'private' && !user?.hasViewAccess)) {
+        if (!project || project.error || !canUserViewProject(user, config)) {
             flash.message = "Project not found with id: ${id}"
             if (project?.error) {
                 flash.message += "<br/>${project.error}"

diff --git a/src/main/groovy/au/org/ala/merit/config/ProgramConfig.groovy b/src/main/groovy/au/org/ala/merit/config/ProgramConfig.groovy
@@ -129,10 +129,15 @@ class ProgramConfig implements Map {
     }
 
     /**
-     * This flag contruls whether a grant/project manager can return a meri plan to a project officer for further work
+     * This flag controls whether a grant/project manager can return a meri plan to a project officer for further work
      * or whether a MERIT admin needs to return it. */
     boolean requireMeritAdminToReturnMeriPlan = false
 
+    /** This flag controls whether projects under this program are visible by users without directly assigned access or an elevated role in the MERIT hub */
+    String visibility = "public"
+
+    /** This flag controls whether a user with the MERIT read only role can view projects when the visibility is set to "private" */
+    boolean readOnlyUsersCanViewWhenPrivate = false
 }