SAK-44728 Make locked and visible less confusing. (sakaiproject#8940)

https://jira.sakaiproject.org/browse/SAK-44728

announcement/announcement-tool/tool/src/java/org/sakaiproject/announcement/tool/AnnouncementAction.java

@@ -222,8 +222,6 @@ public class AnnouncementAction extends PagedResourceActionII
 
    private static final String SYNOPTIC_ANNOUNCEMENT_TOOL = "sakai.synoptic.announcement";
 
-   private static final String UPDATE_PERMISSIONS = "site.upd";
-
    public static final String SAK_PROP_ANNC_REORDER = "sakai.announcement.reorder";
    public static final boolean SAK_PROP_ANNC_REORDER_DEFAULT = true;
 
@@ -1505,7 +1503,7 @@ private boolean canViewHidden(AnnouncementMessage msg, String siteId)
 		}
 
 		boolean b = m_securityService.unlock(AnnouncementService.SECURE_ANNC_READ_DRAFT, msg.getReference())
-							 || m_securityService.unlock(UPDATE_PERMISSIONS, "/site/"+ siteId);
+							 || m_securityService.unlock(SiteService.SECURE_UPDATE_SITE, "/site/"+ siteId);
 		if (roleswap==null)
 		{
 			b = b || msg.getHeader().getFrom().getId().equals(SessionManager.getCurrentSessionUserId()) ; 

edu-services/cm-service/cm-impl/hibernate-impl/impl/src/java/org/sakaiproject/coursemanagement/impl/SiteTitleAdvisorCMS.java

@@ -40,6 +40,7 @@
 import org.sakaiproject.coursemanagement.api.Section;
 import org.sakaiproject.coursemanagement.api.exception.IdNotFoundException;
 import org.sakaiproject.site.api.Site;
+import org.sakaiproject.site.api.SiteService;
 import org.sakaiproject.site.api.SiteTitleAdvisor;
 import org.sakaiproject.user.api.User;
 import org.sakaiproject.user.api.UserDirectoryService;
@@ -63,7 +64,6 @@ public class SiteTitleAdvisorCMS implements SiteTitleAdvisor
 
     // Constants
     private static final String DEFAULT_PREFERRED_CAT = "LEC";
-    private static final String SITE_UPDATE_PERMISSION = "site.upd";
     private static final String CM_STUDENT_ROLE_KEY = "S";
 
     // sakai.properties
@@ -110,7 +110,7 @@ public String getUserSpecificSiteTitle( Site site, String userID, List<String> s
             }
 
             // Short circuit - only continue if user is not null and user does not have the site.upd permission in the given site
-            if( currentUser != null && !ss.unlock( currentUser, SITE_UPDATE_PERMISSION, site.getReference() ) )
+            if( currentUser != null && !ss.unlock( currentUser, SiteService.SECURE_UPDATE_SITE, site.getReference() ) )
             {
                 Collection<String> providerIDs = siteProviders;
                 if( providerIDs == null )

kernel/api/src/main/java/org/sakaiproject/site/api/Site.java

@@ -74,11 +74,6 @@ public interface Site extends Edit, Comparable, Serializable, AuthzGroup
 	 */
 	public final static String PROP_CUSTOM_OVERVIEW = "custom_overview";
 
-	/**
-	 * Permission for updating a site
-	 */
-	public final static String SITE_UPD = "site.upd";
-
 	/**
 	 * @return the user who created this.
 	 */

kernel/api/src/main/java/org/sakaiproject/tool/api/ToolManager.java

@@ -27,6 +27,7 @@
 import java.util.Set;
 
 import org.sakaiproject.site.api.Site;
+import org.sakaiproject.site.api.SiteService;
 import org.sakaiproject.site.api.SitePage;
 import org.sakaiproject.site.api.ToolConfiguration;
 import org.w3c.dom.Document;
@@ -41,6 +42,9 @@ public interface ToolManager
 	/** Key in the ToolConfiguration Properties for checking what permissions a tool needs in order to be visible */
 	public static final String TOOLCONFIG_REQUIRED_PERMISSIONS = "functions.require";
 
+	/** Tool placement property for visibility */
+	public static final String PORTAL_VISIBLE = "sakai-portal:visible";
+
 	/**
 	 * Add this tool to the registry.
 	 * @param tool The Tool to register.
@@ -123,7 +127,7 @@ public interface ToolManager
 	/**
 	 * Tests whether the first tool in the supplied page is visible to ANY
 	 * non-maintainer role. By non-maintainer, we mean a role without
-	 * Site.SITE_UPD.
+	 * SiteService.SECURE_UPDATE_SITE.
 	 *
 	 * @param page The site page in which to test the first tool
 	 * @return true, if any role in the site fulfils the required functions of the first tool. false otherwise.

kernel/component-manager/src/main/java/org/sakaiproject/component/api/ServerConfigurationService.java

@@ -25,6 +25,7 @@
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
+import java.util.Set;
 import java.util.regex.Pattern;
 
 import org.sakaiproject.component.locales.SakaiLocales;
@@ -381,6 +382,14 @@ public interface ServerConfigurationService
     */
    public Locale getLocaleFromString(String localeString);
 
+   /**
+    * Retrieves the string property by key, then splits it by comma. The trimmed tokens
+    * are then returned in a set. If the key isn't present, an empty set will be returned.
+    *
+    * @param key The property key
+    * @return A set of trimmed tokens from a comma separated list
+    */
+   public Set<String> getCommaSeparatedListAsSet(String key);
 
    // improved methods
 

kernel/kernel-impl/src/main/java/org/sakaiproject/component/impl/BasicConfigurationService.java

@@ -32,6 +32,8 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 import java.util.regex.PatternSyntaxException;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
 
 import lombok.extern.slf4j.Slf4j;
 
@@ -877,6 +879,9 @@ public Locale getLocaleFromString(String localeString) {
         }
     }
 
+    public Set<String> getCommaSeparatedListAsSet(String key) {
+        return Stream.of(getString(key, "").split(",")).map(t -> t.trim()).collect(Collectors.toSet());
+    }
 
     public void setSakaiProperties(SakaiProperties sakaiProperties) {
         this.sakaiProperties = sakaiProperties;

kernel/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java

@@ -8777,7 +8777,7 @@ public void contextDeleted(String context, boolean toolPlacement)
 	 */
 	protected void enableResources(String context)
 	{
-		unlockCheck(SITE_UPDATE_ACCESS, context);
+		unlockCheck(SiteService.SECURE_UPDATE_SITE, context);
 
 		// it would be called
 		String id = getSiteCollection(context);
@@ -9968,8 +9968,6 @@ else if (subMimeType != null && !subMimeType.equals(currentSubtype))
 
 	protected static final String DROPBOX_ID = " Drop Box";
 
-	public static final String SITE_UPDATE_ACCESS = "site.upd";
-
 	protected static final String GROUP_LIST = "sakai:authzGroup";
 
 	protected static final String GROUP_NAME = "sakai:group_name";

kernel/kernel-impl/src/main/java/org/sakaiproject/tool/impl/ToolComponent.java

@@ -53,6 +53,7 @@
 import org.sakaiproject.authz.api.SecurityService;
 import org.sakaiproject.site.api.Site;
 import org.sakaiproject.site.api.SitePage;
+import org.sakaiproject.site.api.SiteService;
 import org.sakaiproject.site.api.ToolConfiguration;
 import org.sakaiproject.thread_local.api.ThreadLocalManager;
 import org.sakaiproject.tool.api.Placement;
@@ -78,9 +79,6 @@ public abstract class ToolComponent implements ToolManager
 	/** Key in the ThreadLocalManager for binding our current tool. */
 	protected final static String CURRENT_TOOL = "sakai:ToolComponent:current.tool";
 
-	//Tool placement property for visibility
-	public static final String PORTAL_VISIBLE = "sakai-portal:visible";
-
 	/** The registered tools. */
 	protected Map<String,Tool> m_tools = new ConcurrentHashMap<String,Tool>();
 
@@ -586,7 +584,7 @@ public boolean isFirstToolVisibleToAnyNonMaintainerRole(SitePage page) {
 
 		// Get the non maintainer roles
 		final Set<Role> roles = page.getContainingSite().getRoles().stream()
-			.filter(r -> !r.isAllowed(Site.SITE_UPD)).collect(Collectors.toSet());
+			.filter(r -> !r.isAllowed(SiteService.SECURE_UPDATE_SITE)).collect(Collectors.toSet());
 
 		// Now check to see if these roles have the permission listed
 		// in the functions require for the tool.

lessonbuilder/tool/src/java/org/sakaiproject/lessonbuildertool/service/LessonBuilderEntityProducer.java

@@ -622,7 +622,7 @@ public String archive(String siteId, Document doc, Stack stack, String archivePa
 
 		 Properties props = config.getPlacementConfig();
 		 String roleList = StringUtils.trimToEmpty(props.getProperty("functions.require"));
-		 String pageVisibility = StringUtils.trimToEmpty(props.getProperty("sakai-portal:visible"));
+		 String pageVisibility = StringUtils.trimToEmpty(props.getProperty(ToolManager.PORTAL_VISIBLE));
 
 		 addAttr(doc, element, "functions.require", roleList);
 		 addAttr(doc, element, "pageVisibility" , pageVisibility);
@@ -1273,7 +1273,7 @@ public String merge(String siteId, Element root, String archivePath, String from
 				     tool.getPlacementConfig().setProperty("functions.require", rolelist);
 			     }
 			     if (StringUtils.isNotBlank(pageVisibility)) {
-				     tool.getPlacementConfig().setProperty("sakai-portal:visible", pageVisibility);
+				     tool.getPlacementConfig().setProperty(ToolManager.PORTAL_VISIBLE, pageVisibility);
 			     }
 			     tool.setTitle(toolTitle);
 			     page.setTitle(toolTitle);

lessonbuilder/tool/src/java/org/sakaiproject/lessonbuildertool/tool/beans/SimplePageBean.java

@@ -197,7 +197,6 @@ public enum Status {
 	public static final String GRADEBOOK_TOOL_ID = "sakai.gradebookng";
 
 	private static String PAGE = "simplepage.page";
-	private static String SITE_UPD = "site.upd";
 	private String contents = null;
 	private String pageTitle = null;
 	private String newPageTitle = null;
@@ -2462,7 +2461,7 @@ public long getCurrentPageId()  {
 		// we're only checking when you first go into a tool
 		Properties roleConfig = placement.getPlacementConfig();
 		String roleList = roleConfig.getProperty("functions.require");
-		boolean siteHidden = (roleList != null && roleList.contains(SITE_UPD));
+		boolean siteHidden = (roleList != null && roleList.contains(SiteService.SECURE_UPDATE_SITE));
 
 		// Let's go back to where we were last time.
 		Long l = (Long) sessionManager.getCurrentToolSession().getAttribute("current-pagetool-page");
@@ -4417,7 +4416,7 @@ public String editTitle()  {
 				// simplepage.upd privileges, but site.save requires site.upd.
 				SecurityAdvisor siteUpdAdvisor = new SecurityAdvisor() {
 					public SecurityAdvice isAllowed(String userId, String function, String reference) {
-						if (function.equals(SITE_UPD) && reference.equals("/site/" + getCurrentSiteId())) {
+						if (function.equals(SiteService.SECURE_UPDATE_SITE) && reference.equals("/site/" + getCurrentSiteId())) {
 							return SecurityAdvice.ALLOWED;
 						} else {
 							return SecurityAdvice.PASS;
@@ -6935,24 +6934,25 @@ private boolean pageVisibilityHelper(Site site, String pageId, boolean visible)
 			if (roleList == null) {
 				roleList = "";
 			}
-			if (!roleList.contains( SITE_UPD ) && !visible) {
+			if (!roleList.contains(SiteService.SECURE_UPDATE_SITE) && !visible) {
 				if (roleList.length() > 0) {
 					roleList += ",";
 				}
-				roleList += SITE_UPD;
+				roleList += SiteService.SECURE_UPDATE_SITE;
 				saveChanges = true;
-			} else if ((roleList.contains( SITE_UPD )) && visible) {
-				roleList = roleList.replaceAll("," + SITE_UPD, "");
-				roleList = roleList.replaceAll(SITE_UPD, "");
+			} else if ((roleList.contains( SiteService.SECURE_UPDATE_SITE )) && visible) {
+				roleList = roleList.replaceAll("," + SiteService.SECURE_UPDATE_SITE, "");
+				roleList = roleList.replaceAll(SiteService.SECURE_UPDATE_SITE, "");
 				saveChanges = true;
 			}
 
 			if (saveChanges) {
 				roleConfig.setProperty("functions.require", roleList);
-				if (visible)
-				    roleConfig.remove("sakai-portal:visible");
-				else
- 				    roleConfig.setProperty("sakai-portal:visible", "false");
+				if (visible) {
+				    roleConfig.remove(ToolManager.PORTAL_VISIBLE);
+				} else {
+					roleConfig.setProperty(ToolManager.PORTAL_VISIBLE, "false");
+				}
 
 				placement.save();
 

lessonbuilder/tool/src/java/org/sakaiproject/lessonbuildertool/tool/producers/PagePickerProducer.java

@@ -72,6 +72,7 @@
 import org.sakaiproject.lessonbuildertool.tool.beans.SimplePageBean;
 import org.sakaiproject.lessonbuildertool.tool.view.GeneralViewParameters;
 import org.sakaiproject.site.api.Site;
+import org.sakaiproject.site.api.SiteService;
 import org.sakaiproject.site.api.ToolConfiguration;
 import org.sakaiproject.site.api.SitePage;
 import org.sakaiproject.tool.api.ToolManager;
@@ -89,7 +90,6 @@
 public class PagePickerProducer implements ViewComponentProducer, NavigationCaseReporter, ViewParamsReporter {
 
     public static final String VIEW_ID = "PagePicker";
-    private static String SITE_UPD = "site.upd";
 
     private SimplePageBean simplePageBean;
     private SimplePageToolDao simplePageToolDao;
@@ -165,11 +165,11 @@ public void findAllPages(SimplePageItem pageItem, List<PageEntry>entries, Map<Lo
                     for (ToolConfiguration placement: tools) {
                         Properties roleConfig = placement.getPlacementConfig();
                         String roleList = roleConfig.getProperty("functions.require");
-                        String visibility = roleConfig.getProperty("sakai-portal:visible");
+                        String visibility = roleConfig.getProperty(ToolManager.PORTAL_VISIBLE);
                         // log.info("roles " + roleList + " visi " + visibility);
                         // doesn't require site update, so visible
                         if ((visibility == null || !visibility.equals("false")) &&
-                                (roleList == null || roleList.indexOf(SITE_UPD) < 0)) {
+                                (roleList == null || roleList.indexOf(SiteService.SECURE_UPDATE_SITE) < 0)) {
                             // only need one tool on the page to be visible
                             visible = true;
                             break;

podcasts/podcasts-api/src/java/org/sakaiproject/api/app/podcasts/PodcastPermissionsService.java

@@ -29,7 +29,6 @@
 
 public interface PodcastPermissionsService {
 	/** This string gives the update function (permission) string for checking permissions **/
-	public static final String UPDATE_PERMISSIONS = "site.upd";
 	public static final String NEW_PERMISSIONS = "content.new";
 	public static final String READ_PERMISSIONS = "content.read";
 	public static final String REVISE_ANY_PERMISSIONS = "content.revise.any";

podcasts/podcasts-api/src/java/org/sakaiproject/api/app/podcasts/PodcastService.java

@@ -68,17 +68,6 @@ public interface PodcastService // extends EntityProducer
 	/** This string is the name of the property for the title of a podcast in the feed **/
 	public static final String DISPLAY_TITLE = "displayTitle";
 
-	/** This string gives the update function (permission) string for checking permissions
-	public static final String UPDATE_PERMISSIONS = "site.upd";
-	public static final String NEW_PERMISSIONS = "content.new";
-	public static final String READ_PERMISSIONS = "content.read";
-	public static final String REVISE_ANY_PERMISSIONS = "content.revise.any";
-	public static final String REVISE_OWN_PERMISSIONS = "content.revise.own";
-	public static final String DELETE_ANY_PERMISSIONS = "content.delete.any";
-	public static final String DELETE_OWN_PERMISSIONS = "content.delete.own";
-	public static final String ALL_GROUPS_PERMISSIONS = "content.all.groups";
-	public static final String HIDDEN_PERMISSIONS = "content.hidden";
- **/
 	/**
 	 * Determines if podcast folder is part of Resources of site.
 	 * If not, creates it.
@@ -324,4 +313,4 @@ public boolean isPodcastFolderHidden(String siteId)
 	 * @see #getOptions()
 	 */
 	public boolean allowOptions(int option);
-}
+}

podcasts/podcasts-impl/src/java/org/sakaiproject/component/app/podcasts/PodcastPermissionsServiceImpl.java

@@ -115,7 +115,7 @@ public boolean canUpdateSite() {
 	 * 				True if can update, False otherwise
 	 */
 	public boolean canUpdateSite(String siteId) {
-			return securityService.unlock(UPDATE_PERMISSIONS, "/site/"+ siteId);
+			return securityService.unlock(SiteService.SECURE_UPDATE_SITE, "/site/"+ siteId);
 	}
 
 	/**

portal/portal-impl/impl/src/bundle/sitenav.properties

@@ -81,8 +81,8 @@ sit_no_favorites_selected=You do not have any favorite sites. Star sites in the
 sit_autofav_description=Automatically add new sites to your favorites bar:
 sit_favorite_limit_reached=Only the first {0} sites (above) will display in your favorites bar.
 sit_open_menu=Open attached menu for {0} to access its tools
-site_tool_locked_tooltip=This tool is not available to non admin users
-site_tool_hidden_tooltip=This tool is not visible for non admin users
+site_tool_locked_tooltip=Tool is disabled for normal users
+site_tool_hidden_tooltip=Tool is hidden from normal users
 site_fav_toggle=Toggle {0} as a favorite site
 
 sit_manover = Manage Overview

portal/portal-render-engine-impl/impl/src/webapp/vm/morpheus/includePageNav.vm

@@ -25,7 +25,7 @@
 			<div class="Mrphs-toolsNav__menuitem--title">${page.pageTitle}</div>
 			#{end}
 			<div class="Mrphs-toolsNav__menuitem--status-block">
-				#if (${page.hidden})
+				#if (${page.hidden} && !${page.locked})
 				<div class="fa fa-eye-slash tool-status-icon"
                     tabindex="0"
                     title="${rloader.site_tool_hidden_tooltip}"

rubrics/api/src/main/bundle/rubrics.properties

@@ -59,3 +59,6 @@ close_dialog=Close Dialog
 search_rubrics=Search Rubrics by title, site or author:
 percent_sign=%
 draft_evaluation=Draft rubric evaluation. Save in the tool to publish the rubric to the student.
+locked_message=This tool, when locked (the default), can NOT be seen by students. Students can \
+still, however, see their rubric evaluations in tools like Assignments, Gradebook and Tests and \
+Quizzes. You DO NOT need to unlock this tool for students to see their rubric evaluations.

rubrics/tool/src/main/webapp/WEB-INF/tools/sakai.rubrics.xml

@@ -3,13 +3,10 @@
 	<tool id="sakai.rubrics"
 		title="Rubrics"
 		description="For creating grading rubrics, which can be associated with items in Gradebook and individual assessment tools.">
-		<!-- Note: Tool titles and descriptions are now internationalized and managed in the tools.properties file in the config project and will override the above values -->
 
-		<!--  This tool will be made available to the following site types via Site Info > Edit Tools -->
 		<category name="course" />
       	<category name="project" />
 
-		<!--  If the visibility/access of this tool should be dependent on a user permission, you can list that here -->
         <configuration name="functions.require" value="rubrics.editor" />
 
     </tool>