Merge branch 'dev' into feature/issue3369

grails-app/conf/application.groovy

@@ -671,7 +671,7 @@ environments {
         ecodata.use.uuids = false
         app.external.model.dir = "./models/"
         grails.serverURL = "http://localhost:8080"
-        app.uploads.url = "${grails.serverURL}/document/download?filename="
+        app.uploads.url = "/document/download/"
 
         app.elasticsearch.indexOnGormEvents = true
         app.elasticsearch.indexAllOnStartup = true

grails-app/conf/data/mapping.json

@@ -88,6 +88,17 @@
         "dateCreatedSort" : {
           "type" : "keyword", "normalizer" : "case_insensitive_sort"
         },
+        "serviceProviderName": {
+          "type" : "text",
+          "copy_to": ["organisationName","organisationFacet", "organisationSort"]
+        },
+        "lastUpdated": {
+          "type" : "date",
+          "copy_to" : "lastUpdatedSort"
+        },
+        "lastUpdatedSort" : {
+          "type" : "keyword", "normalizer" : "case_insensitive_sort"
+        },
         "associatedOrgs": {
           "properties" : {
             "name" : {

grails-app/controllers/au/org/ala/ecodata/ApiKeyInterceptor.groovy

@@ -41,7 +41,7 @@ class ApiKeyInterceptor {
             PreAuthorise pa = method.getAnnotation(PreAuthorise) ?: controllerClass.getAnnotation(PreAuthorise)
 
             if (pa.basicAuth()) {
-                au.org.ala.web.UserDetails user = userService.getUserFromJWT()
+                def user = userService.setUser()
                 request.userId = user?.userId
                 if(permissionService.isUserAlaAdmin(request.userId)) {
                     /* Don't enforce check for ALA admin.*/

grails-app/controllers/au/org/ala/ecodata/AuditInterceptor.groovy

@@ -7,7 +7,7 @@ import grails.config.Config
 class AuditInterceptor implements GrailsConfigurationAware {
 
     int order = 100 // This needs to be after the @RequireApiKey interceptor which makes the userId available via the authService
-    String httpRequestHeaderForUserId
+    static String httpRequestHeaderForUserId
     UserService userService
     AuthService authService
 
@@ -16,21 +16,7 @@ class AuditInterceptor implements GrailsConfigurationAware {
     }
 
     boolean before() {
-        // userId is set from either the request param userId or failing that it tries to get it from
-        // the UserPrincipal (assumes ecodata is being accessed directly via admin page)
-        def userId = authService.getUserId() ?: request.getHeader(httpRequestHeaderForUserId)
-        if (userId) {
-            def userDetails = userService.setCurrentUser(userId)
-            if (userDetails) {
-                // We set the current user details in the request scope because
-                // the 'afterView' hook can be called prior to the actual rendering (despite the name)
-                // and the thread local can get clobbered before it is actually required.
-                // Consumers who have access to the request can simply extract current user details
-                // from there rather than use the service.
-                request.setAttribute(UserDetails.REQUEST_USER_DETAILS_KEY, userDetails)
-            }
-        }
-
+        userService.setUser()
         true
     }
 

grails-app/controllers/au/org/ala/ecodata/ProjectActivityController.groovy

@@ -52,7 +52,8 @@ class ProjectActivityController {
             }
 
             if (!result) {
-                result = [status: 404, text: 'Invalid id'];
+                render status: 404, text: [message:  'Invalid id', status: 404] as JSON
+                return
             }
         }
 

grails-app/services/au/org/ala/ecodata/ElasticSearchService.groovy

@@ -1129,7 +1129,7 @@ class ElasticSearchService {
         // MERIT project needs private sites to be indexed for faceting purposes but Biocollect does not require private sites.
         // Some Biocollect project have huge numbers of private sites. This will significantly hurt performance.
         // Hence the if condition.
-        if(projectMap.isMERIT){
+        if (projectMap.isMERIT) {
 
             // Allow ESP sites to be hidden, even on the project explorer.  Needs to be tided up a bit as MERIT sites were
             // already marked as private to avoid discovery via BioCollect
@@ -1166,6 +1166,17 @@ class ElasticSearchService {
             // todo: Check if BioCollect requires all sites in `sites` property. If no, merge `projectArea` with `sites`.
             projectMap.projectArea = siteService.getSimpleProjectArea(projectMap.projectSiteId)
             projectMap.containsActivity = activityService.searchAndListActivityDomainObjects([projectId: projectMap.projectId], null, null, null, [max: 1, offset: 0])?.totalCount > 0
+            projectMap.projectActivities = projectActivityService.getAllByProject(project.projectId).collect({
+                [
+                        id: it.id,
+                        projectId: it.projectId,
+                        projectActivityId: it.projectActivityId,
+                        name: it.name,
+                        startDate: it.startDate,
+                        endDate: it.endDate,
+                        published: it.published
+                ]
+            })
         }
         projectMap.sites?.each { site ->
             // Not useful for the search index and there is a bug right now that can result in invalid POI
@@ -1660,6 +1671,17 @@ class ElasticSearchService {
                 }
                 break
 
+            case 'projectactivityrecords':
+                if (projectActivityId) {
+                    if (userId && (permissionService.isUserAlaAdmin(userId) || permissionService.isUserAdminForProject(userId, projectId) || permissionService.isUserEditorForProject(userId, projectId))) {
+                        forcedQuery = '(docType:activity AND projectActivity.projectActivityId:' + projectActivityId + ')'
+                    }
+                    else {
+                        forcedQuery = '(docType:activity AND projectActivity.projectActivityId:' + projectActivityId + ' AND projectActivity.embargoed:false AND (verificationStatusFacet:approved OR verificationStatusFacet:\"not applicable\" OR (NOT _exists_:verificationStatus)))'
+                    }
+                }
+                break
+
             case 'myprojectrecords':
                 if (projectId) {
                     if (userId) {

grails-app/services/au/org/ala/ecodata/UserService.groovy

@@ -213,4 +213,31 @@ class UserService {
             return null
         }
     }
+
+    def setUser() {
+        String userId
+        GrailsWebRequest grailsWebRequest = GrailsWebRequest.lookup()
+        HttpServletRequest request = grailsWebRequest.getCurrentRequest()
+        def userDetails = request.getAttribute(UserDetails.REQUEST_USER_DETAILS_KEY)
+
+        if (userDetails)
+            return userDetails
+
+        // userId is set from either the request param userId or failing that it tries to get it from
+        // the UserPrincipal (assumes ecodata is being accessed directly via admin page)
+        userId = getUserFromJWT()?.userId ?: authService.getUserId() ?: request.getHeader(AuditInterceptor.httpRequestHeaderForUserId)
+
+        if (userId) {
+            userDetails = setCurrentUser(userId)
+            if (userDetails) {
+                // We set the current user details in the request scope because
+                // the 'afterView' hook can be called prior to the actual rendering (despite the name)
+                // and the thread local can get clobbered before it is actually required.
+                // Consumers who have access to the request can simply extract current user details
+                // from there rather than use the service.
+                request.setAttribute(UserDetails.REQUEST_USER_DETAILS_KEY, userDetails)
+                return userDetails
+            }
+        }
+    }
 }