Block id.kb.se and libris.kb.se datasets from being edited (#1082)

Do a simple hardcoded check for dataset URI prefixes for now. Until we have decided on an how to specify this in backend. See for example EntityContainers for Concepts. Prevents accidental editing of language, library and other definitions from externally defined datasets. There is still no access control mechanism for these in backend. This does not guard against malicious changes.
libris · Aug 5, 2024 · 77db7d4 · 77db7d4
1 parent fd9b386
commit 77db7d4
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/vue-client/src/components/inspector/toolbar.vue b/vue-client/src/components/inspector/toolbar.vue
@@ -301,6 +301,15 @@ export default {
       ).map((id) => StringUtil.getCompactUri(id, this.resources.context));
       return baseClasses.indexOf(type) > -1;
     },
+    isInReadOnlyDataset(record) {
+      // TODO: get from backend
+      // TODO: implement proper access control mechanism in backend
+      return (record.inDataset || []).find((dataset) => {
+        const id = dataset['@id'] || '';
+        return id.startsWith('https://id.kb.se/dataset/')
+          || id.startsWith('https://libris.kb.se/dataset/');
+      });
+    },
     download(text) {
       let focusId = this.inspector.data.record['@id'];
       if (this.recordType === 'Item') {
@@ -418,6 +427,9 @@ export default {
         ))) {
         return false;
       }
+      if (this.isInReadOnlyDataset(record)) {
+        return false;
+      }
       if (mainEntity['@type'] === 'ShelfMarkSequence') {
         const ownedBy = get(this.inspector, ['data', 'record', 'descriptionCreator', '@id']);
         return this.user.getActiveLibraryUri() === ownedBy;