Skip to content

Public permalink to private md#9059

Merged
jahow merged 47 commits intogeonetwork:mainfrom
sebr72:public_permalink_to_private_md
Feb 11, 2026
Merged

Public permalink to private md#9059
jahow merged 47 commits intogeonetwork:mainfrom
sebr72:public_permalink_to_private_md

Conversation

@cmangeat
Copy link
Copy Markdown
Contributor

@cmangeat cmangeat commented Oct 7, 2025
edited
Loading

Allow a gn admin to get a 'token' which can be used by an anonymous user to have a read access to a non published md and to its resources (for reviewing purposes). Each time the token is used once in an http session as a request parameter, it grants the session the extra authorization if not already granted.

Extra granted authorizations/tokens can be created from simple view, revoked from simple view, listed from admin menu, revoked from list.

Extra granted authorizations cannot be created for published md, publishing an md revoke its associated link if one.

Token has two parts, a "hash", stored encrypted in db, and the md uuid, so not to have to decrypt all the db stored hash when checking for validity, match is performed against the stored hash corresponding to the uuid (encryption algorithm forbid comparaison of same hash encrypted twice, encrypting the hash twice return two different results, only checking for match is possible).

published md:
published_md

private md with no right granted:
private_md_with_no_link

granting access (hash is displayed only once):
access_granted

private md with access granted:
private_md_with_access_granted

granted access list:
granted_access_list

Checklist

  • I have read the contribution guidelines
  • Pull request provided for main branch, backports managed with label
  • Good housekeeping of code, cleaning up comments, tests, and documentation
  • Clean commit history broken into understandable chucks, avoiding big commits with hundreds of files, cautious of reformatting and whitespace changes
  • Clean commit messages, longer verbose messages are encouraged
  • API Changes are identified in commit messages
  • Testing provided for features or enhancements using automatic tests
  • User documentation provided for new features or enhancements in manual
  • Build documentation provided for development instructions in README.md files
  • Library management using pom.xml dependency management. Update build documentation with intended library use and library tutorials or documentation
  • Funded by IRD

josegar74
josegar74 reviewed Oct 8, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@josegar74 josegar74 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, can you add a description to describe the change request.

@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch 5 times, most recently from a45c663 to 9040494 Compare October 15, 2025 12:06
@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch 4 times, most recently from 8a077fe to 2f4a5ab Compare October 17, 2025 14:08
@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch 2 times, most recently from 5ac61b1 to c240e76 Compare October 26, 2025 14:53
@cmangeat cmangeat marked this pull request as ready for review October 30, 2025 10:49
@jahow jahow requested a review from pmauduit December 19, 2025 14:36
pmauduit
pmauduit approved these changes Dec 19, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@pmauduit pmauduit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments here, looks good globally.

Is it on purpose that the feature is reserved to administrators ? I would have expected that some Editors, reviewers, admin_users could also have the need to share their work.

@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch 2 times, most recently from bf301e6 to 2ee7d31 Compare December 24, 2025 10:51
jodygarnett
jodygarnett requested changes Jan 5, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jodygarnett jodygarnett left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any new feature PRs requires documentation. It can be very minimal just to note the feature exists; but we want something :)

I really like this feature, when I have seen similar features in other products they may have a timeout associated with the token, or were associated with a specific email address. That may be overkill for the intension of sharing an edit already in progress.

@jodygarnett
Copy link
Copy Markdown
Contributor

jodygarnett commented Jan 5, 2026

Ideas for discussion.

Share Record Preview / Remove Record Preview

The name of the feature "createAnonymousAccess" and "deleteAnonymousAccess" obviously needs to be internationalized. May I suggest a wording change of "Share Record Preview", and "Remove Record Preview". I think that would match the intended use, and "delete" tends to indicate something is gone forever. "Share Draft Record" / "Remove Draft Record" may also work and match up with the state in the review workflow better.

Record Preview Banner

When viewing a record preview, it would be great to have an overlay or underlay indicating this is a "preview" and not official. You some times see that in documents written as "DRAFT".

@cmangeat
Copy link
Copy Markdown
Contributor Author

cmangeat commented Jan 8, 2026
edited
Loading

Taking into account https://docs.geonetwork-opensource.org/4.4/user-guide/workflow/life-cycle/#record-life-cycle, in order to avoid confusion, we choose not to use "draft" term as it could remind of workflow and we prefer "Share unpublished record preview".

@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch from 1a6fd9b to a5d99d0 Compare January 19, 2026 16:33
@sebr72 sebr72 force-pushed the public_permalink_to_private_md branch 2 times, most recently from a3a2c99 to 57295d3 Compare January 19, 2026 17:06
@cmangeat cmangeat requested a review from jodygarnett January 19, 2026 17:30
@cmangeat
Copy link
Copy Markdown
Contributor Author

cmangeat commented Jan 19, 2026

Any new feature PRs requires documentation. It can be very minimal just to note the feature exists; but we want something :)

I really like this feature, when I have seen similar features in other products they may have a timeout associated with the token, or were associated with a specific email address. That may be overkill for the intension of sharing an edit already in progress.

@cmangeat cmangeat closed this Jan 19, 2026
@cmangeat cmangeat reopened this Jan 19, 2026
cmangeat and others added 27 commits February 5, 2026 10:09
@cmangeat
add headers
a1d14b1
@cmangeat
service nominal test
46bc207
@cmangeat
always hide hash but when create
9be115d
@cmangeat
by now, api return dto, not entity
995bb11
@cmangeat
test for delete with service
2b8055b
@cmangeat
does a link exist service
763d625
@cmangeat
refactor test
bdbdfcf
@cmangeat
does a link exist api
b876ab7
@cmangeat
refactor test
ed214dd
@cmangeat
do not include null field (hash) when json serialize
440237b
@cmangeat
delete and create now take a md uuid as path param, no body to provid…
a6dbf65 
…e anymore
@cmangeat
refactor test
bebdfd7
@cmangeat
service to return links bound with md info
d1354b6
@cmangeat
fix test
d1fd5d2
@cmangeat
at this point, two links cannot give access to the same md
f7b8cde
@cmangeat
trigger link deletion when md published
64ab7ef 
not existing link deletion test
@cmangeat
make anonymous session not anonymous for httpSessionSecurityContextRe…
9be3d7a 
…pository only if viewMdAuthority is granted
@cmangeat
create anonymous access link does not operate for published md
5138012
@cmangeat
missing headers
e1d8e76
@LHBruneton-C2C @cmangeat
create and revoke anonymous access from record action menu
88b6e82
@LHBruneton-C2C @cmangeat
list anonymous accesses from tools with delete button
dea4a9a
@cmangeat
encrypt hash in db
1a98928 
choosen encryption algorithm forbid comparaison of same hash encrypted twice, have to first fecth stored crypted hash corresponding to uuid, then to check for match.
@cmangeat @pmauduit
Update swagger doc strings
df60baf 
Co-authored-by: Pierre Mauduit <pmauduit@users.noreply.github.com>

Co-authored-by: Pierre Mauduit <pmauduit@users.noreply.github.com>

Co-authored-by: Pierre Mauduit <pmauduit@users.noreply.github.com>

Co-authored-by: Pierre Mauduit <pmauduit@users.noreply.github.com>

Co-authored-by: Pierre Mauduit <pmauduit@users.noreply.github.com>
@cmangeat
hyphenated package name
dede449
@cmangeat
introduce paramCannotBeSplitIntoHashAndUuid variable
3669768
@cmangeat
Better translations (english / french)
56c4520
@sebr72 @cmangeat
Add documentation in user manual
bffca75
@cmangeat cmangeat force-pushed the public_permalink_to_private_md branch from 208a7f5 to bffca75 Compare February 5, 2026 09:11
jahow
jahow approved these changes Feb 11, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jahow jahow left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Final approval since all comments have been addressed. Thanks again for this great feature @sebr72 and @cmangeat

Note: this was discussed in today's GN4 community meeting

@jahow jahow merged commit c98c394 into geonetwork:main Feb 11, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pmauduit pmauduit pmauduit approved these changes

@jahow jahow jahow approved these changes

@fxprunayre fxprunayre Awaiting requested review from fxprunayre

@josegar74 josegar74 Awaiting requested review from josegar74

@jodygarnett jodygarnett Awaiting requested review from jodygarnett

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@cmangeat @jodygarnett @sebr72 @pmauduit @josegar74 @jahow @LHBruneton-C2C