Add environmental user rights and default user [3]

[bernardsilenou]

Feature Description

Add new user rights related to the new environment entity (#11796) and a new default user role called Environmental Surveillance User that is used to manage environments and associated samples.

Added Value/Benefit

A dedicated default user for the new module will help system admins to set up users quickly. New user rights are needed in order to properly manage environment entities.

This right should be added to the flexible user role module
For jurisdiction level, validate with region and district of env
This role should be able to function without any rights to surveillance data like case, contact, person, event

Acceptance Criteria

• New user rights related to environments have been added, including appropriate captions and descriptions; add a new user right group called ENVIRONMENT (also with a caption) for them:
  • ENVIRONMENT_VIEW
  • ENVIRONMENT_CREATE
  • ENVIRONMENT_EDIT
  • ENVIRONMENT_ARCHIVE
  • ENVIRONMENT_DELETE
  • ENVIRONMENT_IMPORT (depends on create)
  • ENVIRONMENT_EXPORT
• All user rights are dependant on ENVIRONMENT_VIEW (except import)
• Add these new user rights to the default user roles Admin (all rights), National User (all rights), and National Observer (only view right)
• Protect methods introduced in Create a new Environment entity and IndexDTO [5] #11796 with these rights according to our usual patterns
• A new default user role called "Environmental Surveillance User" has been added
  • The user role has to be assigned a region and district
  • The user role has no optional health facility and is not a port health user, no supervisor and does not have an associated district user
  • The user role has no enabled notification types
  • The user role has the following user rights: PERFORM_BULK_OPERATIONS, PATHOGEN_TEST_CREATE, PATHOGEN_TEST_EDIT, TASK_VIEW, TASK_CREATE, TASK_EDIT, TASK_ASSIGN, TASK_EXPORT, SEE_SENSITIVE_DATA_IN_JURISDICTION, SORMAS_REST, SORMAS_UI, and all newly added environment rights from above
• The new user role can access the mobile app and the web app
• Ensure that the new user rights are listed in the user role edit form
• A new feature type called ENVIRONMENT_MANAGEMENT has been added which is disabled by default
• The method to test whether the environment facade is annotated in ArchitectureTest has been uncommented

Implementation Details

Make sure to add the new user rights to all relevant web.xml and glassfish-web.xml files.

Additional Information

This issue is part of the epic #11533. Sample rights have been excluded because we will likely create an individual entity for environmental samples in #11721 which will also require individual user rights.

[MateStrysewske]

@bernardsilenou I've refined the issue, does everything look fine for you?

[bernardsilenou]

@MateStrysewske

1. What about rights for:

• Import env
• export env
• merge duplicates env

2. For the new user role:

• Access sample dashboard
• Activate all newly added env user rights

[MateStrysewske]

@bernardsilenou I'll exclude the merge duplicates right for now because that will probably one of the later things that get added to the environmental module, and also the right to access the sample dashboard, because before we give these users access to the sample dashboard, we'll have to make major changes to it (e.g. they should not see samples and their counts for human samples). These should be handled in dedicated issues related to adding these features/doing these changes.

[bernardsilenou]

@MateStrysewske Nothing more to add from my side

[leventegal-she]

The new role currently has SAMPLE_VIEW and SAMPLE_EDIT rights because those are required by pathogen test related rights.

It will be changed with #11721 as decribed here: #11721 (comment)

[adinaflorea9]

Verified ticket on the local machine using the latest version of SORMAS from the development branch - 1.86.0-SNAPSHOT(db8db16).