feat: permissions handling for glossaries + refactoring and todo cleanup

Author: Anty0

backend/data/src/main/kotlin/io/tolgee/model/glossary/Glossary.kt

@@ -15,15 +15,22 @@ import jakarta.persistence.JoinTable
 import jakarta.persistence.ManyToMany
 import jakarta.persistence.ManyToOne
 import jakarta.persistence.OneToMany
+import jakarta.persistence.Table
 import jakarta.persistence.Temporal
 import jakarta.persistence.TemporalType
+import jakarta.persistence.UniqueConstraint
 import jakarta.validation.constraints.Size
 import java.util.Date
 
-// TODO: unique organizationOwner+name
-
 @Entity
 @ActivityLoggedEntity
+@Table(
+  uniqueConstraints = [
+    UniqueConstraint(
+      columnNames = ["organization_owner_id", "name"],
+    ),
+  ],
+)
 class Glossary(
   @field:Size(min = 3, max = 50)
   @ActivityLoggedProp

backend/data/src/main/kotlin/io/tolgee/model/glossary/GlossaryTermTranslation.kt

@@ -11,12 +11,11 @@ import java.util.*
 @EntityListeners(GlossaryTermTranslation.Companion.GlossaryTermTranslationListener::class)
 @ActivityLoggedEntity
 @Table(
-  name = "GlossaryTermTranslation",
   indexes = [
-    Index(columnList = "textLowercased"),
+    Index(columnList = "text_lowercased"),
   ],
   uniqueConstraints = [
-    UniqueConstraint(columnNames = ["term_id", "languageTag"]),
+    UniqueConstraint(columnNames = ["term_id", "language_tag"]),
   ],
 )
 class GlossaryTermTranslation(

backend/data/src/main/resources/db/changelog/schema.xml

@@ -4297,4 +4297,7 @@
     <changeSet author="anty (generated)" id="1744881555572-11">
         <addForeignKeyConstraint baseColumnNames="organization_owner_id" baseTableName="glossary" constraintName="FKtiuusr7urs46e15gjy94jhdfm" deferrable="false" initiallyDeferred="false" referencedColumnNames="id" referencedTableName="organization" validate="true"/>
     </changeSet>
+    <changeSet author="anty (generated)" id="1746016606559-1">
+        <addUniqueConstraint columnNames="organization_owner_id, name" constraintName="UK6lhjfekqt9yfoxa2qdolqe180" tableName="glossary"/>
+    </changeSet>
 </databaseChangeLog>

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/glossary/GlossaryController.kt

@@ -45,7 +45,7 @@ class GlossaryController(
   @PostMapping
   @Operation(summary = "Create glossary")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun create(
     @PathVariable
@@ -65,7 +65,7 @@ class GlossaryController(
   @PutMapping("/{glossaryId:[0-9]+}")
   @Operation(summary = "Update glossary")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun update(
     @PathVariable
@@ -88,7 +88,7 @@ class GlossaryController(
   @DeleteMapping("/{glossaryId:[0-9]+}")
   @Operation(summary = "Delete glossary")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun delete(
     @PathVariable

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/glossary/GlossaryTermController.kt

@@ -45,7 +45,7 @@ class GlossaryTermController(
   @PostMapping("/terms")
   @Operation(summary = "Create a new glossary term")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun create(
     @PathVariable
@@ -70,7 +70,7 @@ class GlossaryTermController(
   @DeleteMapping("/terms")
   @Operation(summary = "Batch delete multiple terms")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun deleteMultiple(
     @PathVariable organizationId: Long,
@@ -88,7 +88,7 @@ class GlossaryTermController(
   @PutMapping("/terms/{termId:[0-9]+}")
   @Operation(summary = "Update glossary term")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun update(
     @PathVariable organizationId: Long,
@@ -111,7 +111,7 @@ class GlossaryTermController(
   @DeleteMapping("/terms/{termId:[0-9]+}")
   @Operation(summary = "Delete glossary term")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun delete(
     @PathVariable organizationId: Long,

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/glossary/GlossaryTermHighlightsController.kt

@@ -39,7 +39,7 @@ class GlossaryTermHighlightsController(
     text: String,
     @RequestParam("languageTag")
     languageTag: String,
-  ): CollectionModel<GlossaryTermHighlightDto> { // TODO: use CollectionModel
+  ): CollectionModel<GlossaryTermHighlightDto> {
     enabledFeaturesProvider.checkFeatureEnabled(
       organizationHolder.organization.id,
       Feature.GLOSSARY,

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/glossary/GlossaryTermTranslationController.kt

@@ -33,7 +33,7 @@ class GlossaryTermTranslationController(
   @PostMapping()
   @Operation(summary = "Set a new glossary term translation for language")
   @AllowApiAccess(AuthTokenType.ONLY_PAT)
-  @RequiresOrganizationRole(OrganizationRoleType.OWNER) // TODO special role for glossaries
+  @RequiresOrganizationRole(OrganizationRoleType.MAINTAINER)
   @Transactional
   fun update(
     @PathVariable

ee/backend/app/src/main/kotlin/io/tolgee/ee/repository/glossary/GlossaryRepository.kt

@@ -13,6 +13,8 @@ import java.util.Date
 @Repository
 @Lazy
 interface GlossaryRepository : JpaRepository<Glossary, Long> {
+  // TODO: rework - use only glossary id for query, check organization id in service?
+
   @Query(
     """
     from Glossary

ee/backend/app/src/main/kotlin/io/tolgee/ee/service/glossary/GlossaryService.kt

@@ -56,9 +56,7 @@ class GlossaryService(
         organizationOwner = organization
         baseLanguageTag = dto.baseLanguageTag
 
-        // TODO project permissions handling?
-        val projects = projectService.findAll(dto.assignedProjects ?: emptySet())
-        assignedProjects.addAll(projects)
+        updateAssignedProjects(this, dto.assignedProjects ?: emptySet())
       }
     return glossaryRepository.save(glossary)
   }
@@ -73,13 +71,26 @@ class GlossaryService(
     glossary.baseLanguageTag = dto.baseLanguageTag
     val newAssignedProjects = dto.assignedProjects
     if (newAssignedProjects != null) {
-      glossary.assignedProjects.clear()
-      val projects = projectService.findAll(newAssignedProjects)
-      glossary.assignedProjects.addAll(projects)
+      updateAssignedProjects(glossary, newAssignedProjects)
     }
     return glossaryRepository.save(glossary)
   }
 
+  private fun updateAssignedProjects(
+    glossary: Glossary,
+    newAssignedProjects: Iterable<Long>,
+  ) {
+    glossary.assignedProjects.clear()
+    val projects = projectService.findAll(newAssignedProjects)
+    projects.forEach {
+      if (it.organizationOwner.id != glossary.organizationOwner.id) {
+        // Project belongs to another organization
+        throw NotFoundException(Message.PROJECT_NOT_FOUND)
+      }
+    }
+    glossary.assignedProjects.addAll(projects)
+  }
+
   fun delete(
     organizationId: Long,
     glossaryId: Long,
@@ -92,9 +103,12 @@ class GlossaryService(
     glossaryId: Long,
     projectId: Long,
   ) {
-    // TODO project permissions handling?
     val glossary = get(organizationId, glossaryId)
     val project = projectService.get(projectId)
+    if (project.organizationOwner.id != organizationId) {
+      // Project belongs to another organization
+      throw NotFoundException(Message.PROJECT_NOT_FOUND)
+    }
     glossary.assignedProjects.add(project)
     glossaryRepository.save(glossary)
   }

webapp/src/ee/glossary/components/GlossaryBatchToolbar.tsx

@@ -15,6 +15,9 @@ import { T } from '@tolgee/react';
 import { SelectionService } from 'tg.service/useSelectionService';
 import { messageService } from 'tg.service/MessageService';
 import { TranslatedError } from 'tg.translationTools/TranslatedError';
+import { components } from 'tg.service/apiSchema.generated';
+
+type OrganizationModel = components['schemas']['OrganizationModel'];
 
 const StyledCard = styled(Card)`
   display: flex;
@@ -41,13 +44,13 @@ const StyledCheckbox = styled(Checkbox)`
 `;
 
 type Props = {
-  organizationId: number;
+  organization: OrganizationModel;
   glossaryId: number;
   selectionService: SelectionService<number>;
 };
 
 export const GlossaryBatchToolbar: React.VFC<Props> = ({
-  organizationId,
+  organization,
   glossaryId,
   selectionService,
 }) => {
@@ -71,7 +74,7 @@ export const GlossaryBatchToolbar: React.VFC<Props> = ({
         deleteSelectedMutation.mutate(
           {
             path: {
-              organizationId,
+              organizationId: organization.id,
               glossaryId,
             },
             content: {
@@ -95,6 +98,10 @@ export const GlossaryBatchToolbar: React.VFC<Props> = ({
     });
   };
 
+  const canDelete = ['OWNER', 'MAINTAINER'].includes(
+    organization.currentUserRole || ''
+  );
+
   return (
     <StyledCard
       sx={{
@@ -115,6 +122,7 @@ export const GlossaryBatchToolbar: React.VFC<Props> = ({
       </Select>
       <LoadingButton
         disableElevation
+        disabled={!canDelete}
         variant="contained"
         color="primary"
         sx={{ minWidth: 0, minHeight: 0, width: 40, height: 40, padding: 0 }}

webapp/src/ee/glossary/components/GlossaryEmptyListMessage.tsx

@@ -69,7 +69,12 @@ export const GlossaryEmptyListMessage: React.VFC<Props> = ({
           <StyledDescription variant="body1">
             <T keyName="glossary_empty_placeholder_add_term_description" />
           </StyledDescription>
-          <Button onClick={onCreate} variant="contained" color="primary">
+          <Button
+            onClick={onCreate}
+            disabled={!onCreate}
+            variant="contained"
+            color="primary"
+          >
             <T keyName="glossary_empty_placeholder_add_term_button" />
           </Button>
           <Link href="https://docs.tolgee.io/platform/projects_and_organizations/glossary">
@@ -86,7 +91,12 @@ export const GlossaryEmptyListMessage: React.VFC<Props> = ({
           <StyledDescription variant="body1">
             <T keyName="glossary_empty_placeholder_import_terms_description" />
           </StyledDescription>
-          <Button onClick={onImport} variant="contained" color="primary">
+          <Button
+            onClick={onImport}
+            disabled={!onImport}
+            variant="contained"
+            color="primary"
+          >
             <T keyName="glossary_empty_placeholder_import_terms_button" />
           </Button>
           <Link href="https://docs.tolgee.io/platform/projects_and_organizations/glossary/import/csv-format">

webapp/src/ee/glossary/components/GlossaryListItem.tsx

@@ -8,7 +8,7 @@ import { CircledLanguageIconList } from 'tg.component/languages/CircledLanguageI
 import { languageInfo } from '@tginternal/language-util/lib/generated/languageInfo';
 import { GlossaryListItemMenu } from 'tg.ee.module/glossary/components/GlossaryListItemMenu';
 
-type SimpleOrganizationModel = components['schemas']['SimpleOrganizationModel'];
+type OrganizationModel = components['schemas']['OrganizationModel'];
 type GlossaryModel = components['schemas']['GlossaryModel'];
 
 const StyledContainer = styled('div')`
@@ -70,7 +70,7 @@ const StyledNameText = styled(Typography)`
 
 type Props = {
   glossary: GlossaryModel;
-  organization: SimpleOrganizationModel;
+  organization: OrganizationModel;
 };
 
 export const GlossaryListItem: React.VFC<Props> = ({
@@ -90,8 +90,9 @@ export const GlossaryListItem: React.VFC<Props> = ({
       originalName: languageData?.originalName || languageTag,
       tag: languageTag,
     },
+    // Future improvement - display all languages used in glossary
+    // not just base language
   ];
-  // TODO: All languages used in glossary - will need backend changes
 
   return (
     <StyledContainer

webapp/src/ee/glossary/components/GlossaryListItemMenu.tsx

@@ -10,20 +10,22 @@ import { Link } from 'react-router-dom';
 import { LINKS, PARAMS } from 'tg.constants/links';
 import { GlossaryCreateEditDialog } from 'tg.ee.module/glossary/views/GlossaryCreateEditDialog';
 
-type SimpleOrganizationModel = components['schemas']['SimpleOrganizationModel'];
+type OrganizationModel = components['schemas']['OrganizationModel'];
 type GlossaryModel = components['schemas']['GlossaryModel'];
 
 type Props = {
   glossary: GlossaryModel;
-  organization: SimpleOrganizationModel;
+  organization: OrganizationModel;
 };
 
 export const GlossaryListItemMenu: FC<Props> = ({ glossary, organization }) => {
   const { t } = useTranslate();
   const [anchorEl, setAnchorEl] = React.useState<null | HTMLElement>(null);
   const [isEditing, setIsEditing] = React.useState(false);
 
-  const canManage = true; // TODO: Permissions
+  const canManage = ['OWNER', 'MAINTAINER'].includes(
+    organization.currentUserRole || ''
+  );
 
   const deleteMutation = useApiMutation({
     url: '/v2/organizations/{organizationId}/glossaries/{glossaryId}',
@@ -44,7 +46,7 @@ export const GlossaryListItemMenu: FC<Props> = ({ glossary, organization }) => {
       onConfirm() {
         deleteMutation.mutate({
           path: {
-            organizationId: organization.id,
+            organizationId: glossary.organizationOwner.id,
             glossaryId: glossary.id,
           },
         });