tamulib / cap Goto Github PK

• Upgrade Weaver-UI-Core (use "@wvr/core": "2.2.2-rc.8" until release is available)
• Upgrade all dependencies with vulnerabilities
• Passes CI (all tests if no CI configured)
• Provides a Dockerfile based on this (rough) spec
• Replace grunt with webpack - at least requires to add or modify .wvr/build-config.js, package.json, and index.html. (blocked by TAMULib/Weaver-UI-Core#182)

If a certain dependency upgrade or deprecated code replacement ends up being large in size, create an issue.

Document procedure followed to do the upgrades on the app - insofar as it varies from the previously documented apps

The Return To Safety Link on the 403 page goes here:

• http://localhost:9000/admin/repository-view

For users who do not have access to management, this immediately redirects back to the 403.
This results in making the link appear to not do anything.

This probably should go to the home/index page rather than the management page.
Alternatively, this coudl check permissions and if they have access to management then provide a link to that URL and otherwise provide a home/index link.

At present, the app utilizes the tamuheader and tamufooter tags.
Please use CDN: https://api.library.tamu.edu/tl-components/2x/

At present, this app utilizes tamuheader and tamufooter tags.
Please utilize : CDN URLinorder to upgrade to using tl-compnents.
An issue has been created for the same:
Issue - 196

https://github.com/spring-projects/spring-boot/wiki/Spring-Boot-2.0-Migration-Guide

• Upgrade Weaver-Webservice-Core parent and dependencies (requires Java 11)
• Upgrade all dependencies with vulnerabilities
• Upgrade tests to use exclusively JUnit5
• Passes CI (all tests if no CI configured)
• Replace deprecated code
• Provides a Dockerfile

If a certain dependency upgrade or deprecated code replacement ends up being large in size, create an issue.

Document procedure followed to do the upgrades on the app - insofar as it varies from the previously documented apps.

# Circular bean dependency between appWebMvcConfig and userRepoImpl.
spring.main.allow-circular-references: true

The following may also be considered for changes:

# Bean overriding is necessary for TokenAuthorizationFilter.
spring.main.allow-bean-definition-overriding: true

These properties were introduced in #174 to resolve #153.

It should be displayed directly on the page so that I don't need to click around to a child page or copy it from Fedora proper in order to find it. This would be useful, for example, when providing ID based filters in SAGE.

Repository password is being sent along with the Repository View.

Further work could be done to secure passwords if desired.

Describe the bug
Clicking on Assume User option does not open up the modal

To Reproduce
Steps to reproduce the behavior:

1. Go to 'https://labs.library.tamu.edu/cap/'
2. Click on glyphicon dropdown icon followed by Assume User
3. We will not see modal displayed

Reason:
The assumeUserModal.html file is missing and
this code from the index.html
<modal modal-id="assumeUserModal" modal-view="views/modals/assumeUserModal.html" modal-header-class="modal-header-primary" wvr-modal-backdrop="static"></modal>

Expected behavior
A modal should pop up.

Screenshots
n/a.

The http://purl.org/dc/elements/1.1/ is now redirecting here: https://www.dublincore.org/specifications/dublin-core/dcmi-terms/#

Which within that page describes the following:

The four DCMI namespaces are:

http://purl.org/dc/elements/1.1/ The /elements/1.1/ namespace was created in 2000 for the RDF representation of the fifteen-element Dublin Core and has been widely used in data for more than twenty years. This namespace corresponds to the original scope of ISO 15836, which was published first in 2003 and last revised in 2017 as [ISO 15836-1:2017](https://www.iso.org/standard/71339.html) [ISO 15836-1:2017.
http://purl.org/dc/terms/ The /terms/ namespace was originally created in 2001 for identifying new terms coined outside of the original fifteen-element Dublin Core. In 2008, in the context of defining formal semantic constraints for DCMI metadata terms in support of RDF applications, the original fifteen elements themselves were mirrored in the /terms/ namespace. As a result, there exists both a dc:date (http://purl.org/dc/elements/1.1/date) with no formal range and a corresponding dcterms:date (http://purl.org/dc/terms/date) with a formal range of "literal". While these distinctions are significant for creators of RDF applications, most users can safely treat the fifteen parallel properties as equivalent. The most useful properties and classes of DCMI Metadata Terms have now been published as [ISO 15836-2:2019](https://www.iso.org/standard/71341.html) [ISO 15836-2:2019]. While the /elements/1.1/ namespace will be supported indefinitely, DCMI gently encourages use of the /terms/ namespace.
http://purl.org/dc/dcmitype/ The /dcmitype/ namespace was created in 2001 for the DCMI Type Vocabulary, which defines classes for basic types of thing that can be described using DCMI metadata terms.
http://purl.org/dc/dcam/ The /dcam/ namespace was created in 2008 for terms used in the description of DCMI metadata terms.

We should update our example in the code at the very least.

Preferably, we can handle HTTP 301 as a feature request.

see: https://www.iso.org/news/ref2474.html

Attempting to use: https://www.dublincore.org/specifications/dublin-core/dcmi-terms/#.
Results in:

ERROR: [line: 5, col: 56] {E201} Multiple children of property element

All of these will include badges:

• Java Build
• Node Build
• Combined Coverage
• Ensure PR checks are active

Where it is possible we should reuse workflows between repos.

Dublin Core has changed the address of dcterms, requiring the client to follow a redirect to access.

This is a regression in @wvr/core access control service.

To reproduce click Get Started from splash page.

UI needs to report information about the rollback including error codes and stacktraces from relevant services.
Potential components for this enhancement:
Annotation
Controller Advice
Service
Exception for the rollback

Need to verify/configure CAP as a message producer. This should be in the context of dev and pre.

There are some dependabot reported security issues that may or may not be reported by npm audit.

Dependebot doesn't always report the security issues but when cross-references other projects, such as SAGE, one can find the issues. Cross-reference the issues.

Review these and see if it is possible to safely update these.
These may require using overrides.
If that is the case be sure to perform extra checks for regressions.

Such cases would be, for example, minimatch where some dependencies need a 5.x version of minimatch but the overrides is set to ^3.0.0.

Cursory invetigation on patterns like "minimatch": ">=3.1.2", or "minimatch": "^3.1.2 || >=3.1.2", result in always using a 5.x version and patterns like "minimatch": "^3.1.2", result in always using a 3.x version.

When there are dependencies requiring different versions there does not seem to be a way to allow a 3.1.2 to match for 3.x version and a 5.1.1 to match for a 5.x version.

UI

1. upgrade dependencies
2. update auth service
3. update/verify build and ci

Service

1. upgrade weaver
2. update auth service
3. update/verify build and ci

Update POM repositories:

    <repository>
      <id>tamu-releases</id>
      <url>https://artifacts.library.tamu.edu/repository/maven-releases/</url>
    </repository>

    <repository>
      <id>tamu-snapshots</id>
      <url>https://artifacts.library.tamu.edu/repository/maven-snapshots/</url>
    </repository>

Update Weaver Webservice Parent:

  <parent>
    <groupId>edu.tamu.weaver</groupId>
    <artifactId>webservice-parent</artifactId>
    <version>2.0.2</version>
  </parent>

Update Weaver UI Core:

"@wvr/core": "2.0.6"

These tasks should be confirmed/performed on each Weaver/Spring Service. This note should be a template for comments of each PR into staging.

• 1. Standardize the multiple forms of gitignore
• 2. Standardize README
• 3. Standardize LICENSE, update date and update pom.xml
• 4. Standardize PR and Issue templates
• 5. Upgrade parent project to Weaver-Webservice-Core 2.1.1-RC11
• 6. Convert all application.properties to application.yml
• 7. Clean up log files of not being used and ensure used log files are accurate and consistent
• 8. Maven build utilizes jar profile mvn package -Pjar -DskipTests=true *see pom.xml
• 9. Update Dockerfile for consistency
• 10. Update Dockerfile to combine RUN commands for better layer caching
• 11. Update Dockerfile to use --non-unique to both useradd and groupadd commands.
• 12. Update Dockerfile RUN build command to utilize jar profile
• 13. Update GitHub workflow step versions
• 14. Update karma.config.js for consistency
• 15. Update karma.config.js preprocessors to include index.html app/**/*.html
• 16. Update karma.config.js using single quotes
• 17. Remove version and any references from appConfig.js.template
• 18. Refactor NPM_REGISTRY_URL to NPM_REGISTRY as not an actual URL
• 19. Should have a docker-compose.yml with .env similar to app repos

gitignore

https://github.com/github/gitignore

1. Default Java gitignore plus common docker files to ignore
2. Standalone apps (CAP, SAGE, Vireo) with Java, JavaScript gitignore plus common docker and weaver ui files to ignore
3. Standardize sections for .gitignore (community by project type, docker, application specific)

README

Create multiple md files next to primary README.

1. README.md

• badges
• name
• overview
• deployment
• API documentation
• license

2. DEPLOYMENT.md

• running for development
• docker for development
• docker for deployment

PR templates

Template defined for service and client

Issue templates

Issues regarding intended purpose of service and client repositories.

1. bug template
2. feature template

In CAP deployments, metadata edits (add, update, delete) are recorded but do not show in the UI until a page reload. There is a 500 error coming from CAP Service or Fedora.

To reproduce, visit Cushing Collections on Pre:
https://library.tamu.edu/cap/rv/Pre-Production?context=bb%2F97%2Ff2%2F3e%2Fbb97f23e-803a-4bd6-8406-06802623554c

CAP will report the 500 error. Fedora reports, e.g., this:

2022-07-13 14:09:29.608 ERROR 1159 --- [io-9000-exec-37] o.s.boot.web.support.ErrorPageFilter : Forwarding to error page from request [/repository-view-context/FEDORA/2] due to exception [Illegal character in path at index 137: https://api-pre.library.tamu.edu/fcrepo
/rest/bb/97/f2/3e/bb97f23e-803a-4bd6-8406-06802623554c/londonmaps_public_domain-2020-04-17_objects[4]/fcr:metadata]

java.net.URISyntaxException: Illegal character in path at index 137: https://api-pre.library.tamu.edu/fcrepo/rest/bb/97/f2/3e/bb97f23e-803a-4bd6-8406-06802623554c/londonmaps_public_domain-2020-04-17_objects[4]/fcr:metadata
at java.net.URI$Parser.fail(URI.java:2848) ~[na:1.8.0_172]
at java.net.URI$Parser.checkChars(URI.java:3021) ~[na:1.8.0_172]
at java.net.URI$Parser.parseHierarchical(URI.java:3105) ~[na:1.8.0_172]
at java.net.URI$Parser.parse(URI.java:3053) ~[na:1.8.0_172]
at java.net.URI.(URI.java:588) ~[na:1.8.0_172]
at edu.tamu.cap.service.repositoryview.FedoraService.getRepositoryViewContext(FedoraService.java:139) ~[classes/:na]