From 1284598f0831e22afcc7e97e6c6c3cf343cc32c5 Mon Sep 17 00:00:00 2001
From: Georgy Litvinov <georgy.litvinov@tib.eu>
Date: Thu, 12 Dec 2024 13:39:48 +0100
Subject: [PATCH] Fixed authorization migration

---
 .../webapp/migration/auth/AnnotationMigrator.java      |  5 +----
 .../vitro/webapp/migration/auth/AuthMigrator.java      | 10 +++++++---
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
index e4cea2785c..6f420f3a19 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AnnotationMigrator.java
@@ -191,10 +191,7 @@ private static Long[] updatePolicyDatasets(AccessObjectType aot,
                     EntityPolicyController.getDataValueStatements(entityUri, aot, ao, rolesToAdd, additions);
                     Set<String> rolesToRemove = new HashSet<>(ALL_ROLES);
                     rolesToRemove.removeAll(rolesToAdd);
-                    // Don't remove public publish and update data sets, as there are no public policies for that
-                    // operation
-                    // groups
-                    if (OperationGroup.PUBLISH_GROUP.equals(og) || OperationGroup.UPDATE_GROUP.equals(og)) {
+                    if (OperationGroup.UPDATE_GROUP.equals(og)) {
                         rolesToRemove.remove(ROLE_PUBLIC_URI);
                     }
                     if (!rolesToRemove.isEmpty()) {
diff --git a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
index 4deda945a4..f41923ea41 100644
--- a/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
+++ b/api/src/main/java/edu/cornell/mannlib/vitro/webapp/migration/auth/AuthMigrator.java
@@ -32,6 +32,7 @@
 
 public class AuthMigrator implements ServletContextListener {
 
+    private static final long CURRENT_VERSION = 2;
     private static final Log log = LogFactory.getLog(AuthMigrator.class);
     protected static final Set<String> ALL_ROLES = new HashSet<String>(
             Arrays.asList(ROLE_ADMIN_URI, ROLE_CURATOR_URI, ROLE_EDITOR_URI, ROLE_SELF_EDITOR_URI, ROLE_PUBLIC_URI));
@@ -72,6 +73,10 @@ public void contextInitialized(ServletContextEvent sce) {
         if (!isMigrationRequired()) {
             return;
         }
+        runCompleteMigration(sce, begin);
+    }
+
+    private void runCompleteMigration(ServletContextEvent sce, long begin) {
         ServletContext ctx = sce.getServletContext();
         StartupStatus ss = StartupStatus.getBean(ctx);
         log.info("Started authorization configuration update");
@@ -97,7 +102,7 @@ protected void convertAuthorizationConfiguration() {
         }
         migrateSimplePermissions();
         removeVersion(getVersion());
-        setVersion(1L);
+        setVersion(CURRENT_VERSION);
     }
 
     private void migrateSimplePermissions() {
@@ -112,7 +117,7 @@ private void migrateAnnotationConfiguation() {
     }
 
     private boolean isMigrationRequired() {
-        if (getVersion() == 0L) {
+        if (getVersion() < 1) {
             return true;
         }
         return false;
@@ -120,7 +125,6 @@ private boolean isMigrationRequired() {
 
     protected long getVersion() {
         long version = 0L;
-
         try {
             ResultSet rs = RDFServiceUtils.sparqlSelectQuery(VERSION_QUERY, configurationRdfService);
             while (rs.hasNext()) {