Merge remote-tracking branch 'origin/development' into qu-auto/SORQA-482

# Conflicts:
#	sormas-e2e-tests/src/test/resources/features/sanity/web/Vaccination.feature

docs/SERVER_CUSTOMIZATION.md

@@ -92,13 +92,11 @@ SORMAS comes with an extensive list of user rights that are used to check which
 To cover the typical use cases, SORMAS defines a set of default user roles that are automatically created when setting up a SORMAS instance.
 
 Most user rights define an action related to an entity type, e.g. the user right *CASE_EDIT* allows users to edit case data.
-The following automatically generated document **lists and describes all user rights and the default user roles**:
-https://github.com/hzi-braunschweig/SORMAS-Project/blob/development/sormas-api/src/main/resources/doc/SORMAS_User_Rights.xlsx
+The following automatically generated documents list and describe **all user rights and the default user roles**:
+* https://github.com/hzi-braunschweig/SORMAS-Project/blob/development/sormas-api/src/main/resources/doc/SORMAS_User_Roles.xlsx
 
 User roles are fully configurable, allowing admins to create new user roles and edit existing ones, to customize the instance to the given needs and to make sure data protection requirements are fulfilled. 
 
-At this point the configuration has to be done in the database, a user interface to configure user roles will be implemented starting sprint 117 (see #4462 and #4463).
-
 ### Related topics
 
 * Epic that introduced configurable user roles: #898

sormas-api/src/main/java/de/symeda/sormas/api/EditPermissionType.java

@@ -3,5 +3,6 @@
 public enum EditPermissionType {
 	ALLOWED,
 	ARCHIVING_STATUS_ONLY,
-	REFUSED
+	REFUSED,
+	DOCUMENTS_ONLY
 }

sormas-api/src/main/java/de/symeda/sormas/api/infrastructure/country/CountryFacade.java

@@ -14,8 +14,6 @@ public interface CountryFacade extends GeoLocationFacade<CountryDto, CountryInde
 
 	List<CountryReferenceDto> getByDefaultName(String name, boolean includeArchivedEntities);
 
-	CountryDto getByIsoCode(String isoCode, boolean includeArchivedEntities);
-
 	List<CountryReferenceDto> getAllActiveBySubcontinent(String uuid);
 
 	List<CountryReferenceDto> getAllActiveByContinent(String uuid);

sormas-api/src/main/java/de/symeda/sormas/api/infrastructure/district/DistrictFacade.java

@@ -45,8 +45,6 @@ public interface DistrictFacade extends GeoLocationFacade<DistrictDto, DistrictI
 
 	List<DistrictReferenceDto> getByName(String name, RegionReferenceDto regionRef, boolean includeArchivedEntities);
 
-	List<String> getNamesByIds(List<Long> districtIds);
-
 	String getFullEpidCodeForDistrict(String districtUuid);
 
 	boolean isUsedInOtherInfrastructureData(Collection<String> districtUuids);

sormas-api/src/main/java/de/symeda/sormas/api/user/DtoViewAndEditRights.java

@@ -15,12 +15,12 @@
 
 package de.symeda.sormas.api.user;
 
-import de.symeda.sormas.api.campaign.CampaignDto;
-import de.symeda.sormas.api.campaign.data.CampaignFormDataDto;
-import de.symeda.sormas.api.campaign.form.CampaignFormMetaDto;
 import java.util.HashMap;
 import java.util.Map;
 
+import de.symeda.sormas.api.campaign.CampaignDto;
+import de.symeda.sormas.api.campaign.data.CampaignFormDataDto;
+import de.symeda.sormas.api.campaign.form.CampaignFormMetaDto;
 import de.symeda.sormas.api.caze.CaseDataDto;
 import de.symeda.sormas.api.clinicalcourse.ClinicalVisitDto;
 import de.symeda.sormas.api.contact.ContactDto;
@@ -104,8 +104,8 @@ public class DtoViewAndEditRights {
 		viewRights.put(CampaignDto.class.getSimpleName(), UserRight.CAMPAIGN_VIEW);
 		editRights.put(CampaignDto.class.getSimpleName(), UserRight.CAMPAIGN_EDIT);
 
-		viewRights.put(CampaignFormDataDto.class.getSimpleName(), UserRight.CAMPAIGN_VIEW);
-		editRights.put(CampaignFormDataDto.class.getSimpleName(), UserRight.CAMPAIGN_EDIT);
+		viewRights.put(CampaignFormDataDto.class.getSimpleName(), UserRight.CAMPAIGN_FORM_DATA_VIEW);
+		editRights.put(CampaignFormDataDto.class.getSimpleName(), UserRight.CAMPAIGN_FORM_DATA_EDIT);
 	}
 
 	public static UserRight getUserRightView(Class clazz) {

sormas-app/app/src/main/java/de/symeda/sormas/app/rest/SynchronizeDataAsync.java

@@ -284,6 +284,10 @@ private void pushNewData() throws ServerCommunicationException, ServerConnection
 		new PrescriptionDtoHelper().pushEntities(true);
 		new TreatmentDtoHelper().pushEntities(true);
 		new ClinicalVisitDtoHelper().pushEntities(true);
+
+		if (!DatabaseHelper.getFeatureConfigurationDao().isFeatureDisabled(FeatureType.CAMPAIGNS)) {
+			new CampaignFormDataDtoHelper().pushEntities(true);
+		}
 	}
 
 	@AddTrace(name = "synchronizeChangedDataTrace")

sormas-backend/src/main/java/de/symeda/sormas/backend/campaign/CampaignFacadeEjb.java

@@ -310,7 +310,7 @@ public CampaignDto toDto(Campaign source) {
 	}
 
 	@Override
-	public CampaignReferenceDto toRefDto(Campaign campaign) {
+	protected CampaignReferenceDto toRefDto(Campaign campaign) {
 		return toReferenceDto(campaign);
 	}
 

sormas-backend/src/main/java/de/symeda/sormas/backend/caze/CaseFacadeEjb.java

@@ -2945,7 +2945,7 @@ public static CaseDataDto toCaseDto(Case source) {
 	}
 
 	@Override
-	public CaseReferenceDto toRefDto(Case aCase) {
+	protected CaseReferenceDto toRefDto(Case aCase) {
 		return convertToReferenceDto(aCase);
 	}
 

sormas-backend/src/main/java/de/symeda/sormas/backend/caze/CaseService.java

@@ -24,6 +24,7 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
+import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 
@@ -170,7 +171,7 @@
 @LocalBean
 public class CaseService extends AbstractCoreAdoService<Case> {
 
-	private static final long SECONDS_30_DAYS = 30L * 24L * 60L * 60L;
+	private static final Double SECONDS_30_DAYS = Long.valueOf(TimeUnit.DAYS.toSeconds(30L)).doubleValue();
 
 	@EJB
 	private CaseListCriteriaBuilder listQueryBuilder;
@@ -1582,10 +1583,14 @@ public EditPermissionType getEditPermissionType(Case caze) {
 			return EditPermissionType.REFUSED;
 		}
 
-		if (!inJurisdictionOrOwned(caze) || sormasToSormasShareInfoService.isCaseOwnershipHandedOver(caze)) {
+		if (!inJurisdictionOrOwned(caze)) {
 			return EditPermissionType.REFUSED;
 		}
 
+		if (sormasToSormasShareInfoService.isCaseOwnershipHandedOver(caze)) {
+			return EditPermissionType.DOCUMENTS_ONLY;
+		}
+
 		return super.getEditPermissionType(caze);
 
 	}
@@ -1900,8 +1905,8 @@ public List<CaseIndexDto[]> getCasesForDuplicateMerging(CaseCriteria criteria, b
 		Predicate reportDateFilter = cb.lessThanOrEqualTo(
 			cb.abs(
 				cb.diff(
-					cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), root.get(Case.REPORT_DATE)),
-					cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), root2.get(Case.REPORT_DATE)))),
+					cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), root.get(Case.REPORT_DATE)),
+					cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), root2.get(Case.REPORT_DATE)))),
 			SECONDS_30_DAYS);
 
 		// // todo this should use PersonService.buildSimilarityCriteriaFilter
@@ -1929,8 +1934,8 @@ public List<CaseIndexDto[]> getCasesForDuplicateMerging(CaseCriteria criteria, b
 			cb.lessThanOrEqualTo(
 				cb.abs(
 					cb.diff(
-						cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), symptoms.get(Symptoms.ONSET_DATE)),
-						cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), symptoms2.get(Symptoms.ONSET_DATE)))),
+						cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), symptoms.get(Symptoms.ONSET_DATE)),
+						cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), symptoms2.get(Symptoms.ONSET_DATE)))),
 				SECONDS_30_DAYS));
 
 		Predicate creationDateFilter = cb.or(
@@ -2079,7 +2084,7 @@ private List<Case> getCasesSetAsDuplicate(Long caseId) {
 		CriteriaQuery<Case> cq = cb.createQuery(Case.class);
 		Root<Case> root = cq.from(Case.class);
 
-		cq.where(cb.equal(root.get(Case.DUPLICATE_OF), caseId));
+		cq.where(cb.equal(root.get(Case.DUPLICATE_OF).get(Case.ID), caseId));
 		return em.createQuery(cq).getResultList();
 	}
 
@@ -2105,7 +2110,9 @@ public void updateVaccinationStatuses(Long personId, Disease disease, Vaccinatio
 
 		Predicate datePredicate = vaccinationService.getRelevantVaccinationPredicate(root, cu, cb, vaccination);
 
-		cu.where(CriteriaBuilderHelper.and(cb, cb.equal(root.get(Case.PERSON), personId), cb.equal(root.get(Case.DISEASE), disease), datePredicate));
+		cu.where(
+			CriteriaBuilderHelper
+				.and(cb, cb.equal(root.get(Case.PERSON).get(Person.ID), personId), cb.equal(root.get(Case.DISEASE), disease), datePredicate));
 
 		em.createQuery(cu).executeUpdate();
 	}

sormas-backend/src/main/java/de/symeda/sormas/backend/common/AbstractBaseEjb.java

@@ -86,5 +86,5 @@ public List<String> getObsoleteUuidsSince(Date since) {
 
 	public abstract DTO toDto(ADO ado);
 
-	public abstract REF_DTO toRefDto(ADO ado);
+	protected abstract REF_DTO toRefDto(ADO ado);
 }

sormas-backend/src/main/java/de/symeda/sormas/backend/contact/ContactFacadeEjb.java

@@ -217,7 +217,7 @@ public class ContactFacadeEjb
 	extends AbstractCoreFacadeEjb<Contact, ContactDto, ContactIndexDto, ContactReferenceDto, ContactService, ContactCriteria>
 	implements ContactFacade {
 
-	private static final long SECONDS_30_DAYS = TimeUnit.DAYS.toSeconds(30L);
+	private static final Double SECONDS_30_DAYS = Long.valueOf(TimeUnit.DAYS.toSeconds(30L)).doubleValue();
 
 	private final Logger logger = LoggerFactory.getLogger(getClass());
 
@@ -1732,7 +1732,7 @@ public static ContactDto toContactDto(Contact source) {
 	}
 
 	@Override
-	public ContactReferenceDto toRefDto(Contact contact) {
+	protected ContactReferenceDto toRefDto(Contact contact) {
 		return convertToReferenceDto(contact);
 	}
 
@@ -2065,8 +2065,8 @@ public List<MergeContactIndexDto[]> getContactsForDuplicateMerging(ContactCriter
 		Predicate reportDateFilter = cb.lessThanOrEqualTo(
 			cb.abs(
 				cb.diff(
-					cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), root.get(Contact.REPORT_DATE_TIME)),
-					cb.function("date_part", Long.class, cb.parameter(String.class, "date_type"), root2.get(Contact.REPORT_DATE_TIME)))),
+					cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), root.get(Contact.REPORT_DATE_TIME)),
+					cb.function("date_part", Double.class, cb.parameter(String.class, "date_type"), root2.get(Contact.REPORT_DATE_TIME)))),
 			SECONDS_30_DAYS);
 		// Sex filter: only when sex is filled in for both cases
 		Predicate sexFilter = cb.or(

sormas-backend/src/main/java/de/symeda/sormas/backend/contact/ContactService.java

@@ -1551,7 +1551,7 @@ private void deleteContactFromDuplicateOf(Contact contact) {
 		CriteriaUpdate<Contact> cu = cb.createCriteriaUpdate(Contact.class);
 		Root<Contact> root = cu.from(Contact.class);
 
-		cu.where(cb.equal(root.get(Contact.DUPLICATE_OF), contact.getId()));
+		cu.where(cb.equal(root.get(Contact.DUPLICATE_OF).get(Contact.ID), contact.getId()));
 		cu.set(Contact.DUPLICATE_OF, null);
 
 		em.createQuery(cu).executeUpdate();
@@ -1635,10 +1635,14 @@ public EditPermissionType isEditAllowed(Contact contact) {
 			return EditPermissionType.REFUSED;
 		}
 
-		if (!inJurisdictionOrOwned(contact).getInJurisdiction() || sormasToSormasShareInfoService.isContactOwnershipHandedOver(contact)) {
+		if (!inJurisdictionOrOwned(contact).getInJurisdiction()) {
 			return EditPermissionType.REFUSED;
 		}
 
+		if (sormasToSormasShareInfoService.isContactOwnershipHandedOver(contact)) {
+			return EditPermissionType.DOCUMENTS_ONLY;
+		}
+
 		return getEditPermissionType(contact);
 	}
 
@@ -1715,7 +1719,8 @@ public void updateVaccinationStatuses(Long personId, Disease disease, Date vacci
 			: null;
 
 		cu.where(
-			CriteriaBuilderHelper.and(cb, cb.equal(root.get(Contact.PERSON), personId), cb.equal(root.get(Contact.DISEASE), disease), datePredicate));
+			CriteriaBuilderHelper
+				.and(cb, cb.equal(root.get(Contact.PERSON).get(Person.ID), personId), cb.equal(root.get(Contact.DISEASE), disease), datePredicate));
 
 		em.createQuery(cu).executeUpdate();
 	}

sormas-backend/src/main/java/de/symeda/sormas/backend/event/EventFacadeEjb.java

@@ -1139,7 +1139,7 @@ public static EventDto toEventDto(Event source) {
 	}
 
 	@Override
-	public EventReferenceDto toRefDto(Event event) {
+	protected EventReferenceDto toRefDto(Event event) {
 		return toReferenceDto(event);
 	}
 

sormas-backend/src/main/java/de/symeda/sormas/backend/event/EventParticipantFacadeEjb.java

@@ -1036,7 +1036,7 @@ public static EventParticipantDto toEventParticipantDto(EventParticipant source)
 	}
 
 	@Override
-	public EventParticipantReferenceDto toRefDto(EventParticipant eventParticipant) {
+	protected EventParticipantReferenceDto toRefDto(EventParticipant eventParticipant) {
 		return toReferenceDto(eventParticipant);
 	}
 

sormas-backend/src/main/java/de/symeda/sormas/backend/event/EventParticipantService.java

@@ -613,7 +613,7 @@ public void updateVaccinationStatuses(Long personId, Disease disease, Date vacci
 		cu.set(root.get(EventParticipant.VACCINATION_STATUS), VaccinationStatus.VACCINATED);
 		cu.set(root.get(AbstractDomainObject.CHANGE_DATE), new Date());
 
-		cu.where(cb.and(cb.equal(root.get(EventParticipant.PERSON), personId), cb.isNotNull(eventSq.getSelection())));
+		cu.where(cb.and(cb.equal(root.get(EventParticipant.PERSON).get(Person.ID), personId), cb.isNotNull(eventSq.getSelection())));
 
 		em.createQuery(cu).executeUpdate();
 	}

sormas-backend/src/main/java/de/symeda/sormas/backend/exposure/ExposureService.java

@@ -22,6 +22,7 @@
 import javax.persistence.criteria.Root;
 
 import de.symeda.sormas.backend.common.BaseAdoService;
+import de.symeda.sormas.backend.contact.Contact;
 
 @Stateless
 @LocalBean
@@ -36,7 +37,7 @@ public void removeContactFromExposures(Long contactId) {
 		CriteriaUpdate<Exposure> cu = cb.createCriteriaUpdate(getElementClass());
 		Root<Exposure> root = cu.from(getElementClass());
 
-		cu.where(cb.equal(root.get(Exposure.CONTACT_TO_CASE), contactId));
+		cu.where(cb.equal(root.get(Exposure.CONTACT_TO_CASE).get(Contact.ID), contactId));
 		cu.set(Exposure.CONTACT_TO_CASE, null);
 
 		em.createQuery(cu).executeUpdate();

sormas-backend/src/main/java/de/symeda/sormas/backend/immunization/ImmunizationFacadeEjb.java

@@ -461,7 +461,7 @@ public List<String> deleteImmunizations(List<String> immunizationUuids, Deletion
 	}
 
 	@Override
-	public ImmunizationReferenceDto toRefDto(Immunization immunization) {
+	protected ImmunizationReferenceDto toRefDto(Immunization immunization) {
 		return toReferenceDto(immunization);
 	}
 

sormas-backend/src/main/java/de/symeda/sormas/backend/infrastructure/AbstractInfrastructureFacadeEjb.java

@@ -51,16 +51,23 @@ protected AbstractInfrastructureFacadeEjb(
 	}
 
 	@Override
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_CREATE,
+		UserRight._INFRASTRUCTURE_EDIT })
 	public DTO save(@Valid @NotNull DTO dtoToSave) {
 		return save(dtoToSave, false);
 	}
 
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_CREATE,
+		UserRight._INFRASTRUCTURE_EDIT })
 	public DTO save(DTO dto, boolean allowMerge) {
 		checkInfraDataLocked();
 		// default behaviour is to include archived data and check for the change date
 		return doSave(dto, allowMerge, true, true, duplicateErrorMessageProperty);
 	}
 
+	@RightsAllowed(UserRight._SYSTEM)
 	public DTO saveFromCentral(DTO dtoToSave) {
 		// merge, but do not include archived data (we consider archive data to be completely broken)
 		// also ignore change date as merging will always cause the date to be newer to what is present in central
@@ -116,6 +123,7 @@ protected DTO mergeAndPersist(DTO dtoToSave, List<ADO> duplicates, boolean check
 	}
 
 	@Override
+	@RightsAllowed(UserRight._INFRASTRUCTURE_ARCHIVE)
 	public void archive(String uuid) {
 		// todo this should be really in the parent but right now there the setter for archived is not available there
 		checkInfraDataLocked();
@@ -126,6 +134,7 @@ public void archive(String uuid) {
 		}
 	}
 
+	@RightsAllowed(UserRight._INFRASTRUCTURE_ARCHIVE)
 	public void dearchive(String uuid) {
 		checkInfraDataLocked();
 		ADO ado = service.getByUuid(uuid);
@@ -166,14 +175,21 @@ protected void checkInfraDataLocked() {
 	}
 
 	// todo this can be moved up
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_VIEW,
+		UserRight._SYSTEM })
 	public long count(CRITERIA criteria) {
 		return service.count((cb, root) -> service.buildCriteriaFilter(criteria, cb, root));
 	}
 
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_VIEW })
 	public boolean isUsedInOtherInfrastructureData(Collection<String> uuids) {
 		return false;
 	}
 
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_VIEW })
 	public boolean hasArchivedParentInfrastructure(Collection<String> uuids) {
 		return false;
 	}
@@ -183,6 +199,8 @@ public boolean hasArchivedParentInfrastructure(Collection<String> uuids) {
 	// todo implement toDto() here
 
 	@Override
+	@RightsAllowed({
+		UserRight._INFRASTRUCTURE_VIEW })
 	public void validate(@Valid DTO dto) throws ValidationRuntimeException {
 		// todo we do not run any generic validation logic for infra yet
 	}

sormas-backend/src/main/java/de/symeda/sormas/backend/infrastructure/ClientInfraSyncFacadeEjb.java

@@ -1,5 +1,6 @@
 package de.symeda.sormas.backend.infrastructure;
 
+import javax.annotation.security.PermitAll;
 import javax.ejb.EJB;
 import javax.ejb.Stateless;
 
@@ -70,6 +71,7 @@ public class ClientInfraSyncFacadeEjb implements ClientInfraSyncFacade {
 	private CampaignFormMetaFacadeEjb.CampaignFormMetaFacadeEjbLocal campaignFormMetaFacade;
 
 	@Override
+	@PermitAll
 	public InfrastructureSyncDto getInfrastructureSyncData(InfrastructureChangeDatesDto changeDates) {
 
 		InfrastructureSyncDto sync = new InfrastructureSyncDto();