Merge branch 'main' into feature/dev-2718-limit-container-memory-usage

.github/pull_request_template.md

@@ -8,17 +8,8 @@
 
 Issue Number: DEV-
 
-### Basic Requirements
-
-Please check if your PR fulfills the following requirements:
-
-- [ ] Tests for the changes have been added (for bug fixes / features)
-- [ ] Docs have been added / updated (for bug fixes / features)
-
 ### PR Type
 
-What kind of change does this PR introduce?
-
 - [ ] fix: represents bug fixes
 - [ ] refactor: represents production code refactoring
 - [ ] feat: represents a new feature
@@ -27,15 +18,17 @@ What kind of change does this PR introduce?
 - [ ] test: all about tests: adding, refactoring tests (no production code change)
 - [ ] other... Please describe:
 
+### Basic Requirements for bug fixes and features
+
+- [ ] Tests for the changes have been added
+- [ ] Docs have been added / updated
+
 ### Does this PR introduce a breaking change?
 
 <!-- If this PR contains a breaking change, please describe the impact and migration path for existing applications below. -->
 
 - [ ] Yes
-- [ ] No
-- [ ] Maybe (not 100% sure => check with FE)
 
 ### Does this PR change client-test-data?
 
-- [ ] Yes (don't forget to update the JS-LIB team about the change)
-- [ ] No
+- [ ] Yes

.github/workflows/check-pr-title.yml

@@ -2,7 +2,7 @@ name: PR Title
 
 on:
   pull_request:
-    types: [opened, edited, synchronize, reopened]
+    types: [ opened, edited, synchronize, reopened ]
 
 jobs:
   test:
@@ -11,5 +11,5 @@ jobs:
     steps:
       - uses: deepakputhraya/action-pr-title@master
         with:
-          regex: '^(feat|fix|build|chore|test|refactor|docs)(\(.+\))?!?: .+$'
+          regex: '^(feat|fix|build|chore|test|refactor|docs)(\(.+\))?!?: [A-Z].+$'
           max_length: 140

CHANGELOG.md

@@ -1,5 +1,38 @@
 # Changelog
 
+## [30.4.0](https://github.com/dasch-swiss/dsp-api/compare/v30.3.0...v30.4.0) (2023-10-12)
+
+
+### Enhancements
+
+* add default value of projectRestrictedViewSize (DEV-2626) ([#2873](https://github.com/dasch-swiss/dsp-api/issues/2873)) ([ff4d3a1](https://github.com/dasch-swiss/dsp-api/commit/ff4d3a14f9c803e56b7b4d294e9f314e512ecf6f))
+* Add maintenance service for fixing top-left dimension values DEV-2803 ([#2876](https://github.com/dasch-swiss/dsp-api/issues/2876)) ([82b715a](https://github.com/dasch-swiss/dsp-api/commit/82b715a3791ec295de49be168347c59557e04a5b))
+* Add route that sets projectRestrictedViewSetting size (DEV-2304) ([#2794](https://github.com/dasch-swiss/dsp-api/issues/2794)) ([738ab1c](https://github.com/dasch-swiss/dsp-api/commit/738ab1ccd524d6cc52e6674676ecb74e4e875723))
+* Introduce /admin/maintenance and expose fix top left maintenance action DEV-2805 ([#2877](https://github.com/dasch-swiss/dsp-api/issues/2877)) ([a6b8c2f](https://github.com/dasch-swiss/dsp-api/commit/a6b8c2f8210ea106e1cdfdb1804a46145b7ba1a2))
+
+
+### Bug Fixes
+
+* Improve performance for Gravsearch queries ([#2857](https://github.com/dasch-swiss/dsp-api/issues/2857)) ([86cc4f2](https://github.com/dasch-swiss/dsp-api/commit/86cc4f26f0ce93f7a0b51121e26a15890b7f815c))
+
+
+### Maintenance
+
+* Configure Scala Steward to produce PR with compatible title ([#2867](https://github.com/dasch-swiss/dsp-api/issues/2867)) ([fbbe5ec](https://github.com/dasch-swiss/dsp-api/commit/fbbe5ec792d0cfeb4581ad93d6fbcc85174d44c5))
+* Do not log warn message for 405 and 404 status code responses ([#2854](https://github.com/dasch-swiss/dsp-api/issues/2854)) ([d9fd81c](https://github.com/dasch-swiss/dsp-api/commit/d9fd81ce523a80c15129392eb7b535ec1d4b6c01))
+* Introduce tapir on Pekko ([#2870](https://github.com/dasch-swiss/dsp-api/issues/2870)) ([08accab](https://github.com/dasch-swiss/dsp-api/commit/08accabf8b0c5d02fe7147ffe44023878c39d047))
+* Migrate secure admin/projects endpoints to Tapir ([#2872](https://github.com/dasch-swiss/dsp-api/issues/2872)) ([9f98f7e](https://github.com/dasch-swiss/dsp-api/commit/9f98f7e1d3872b2ff273f783b4374adbfeae2b79))
+* Update dependencies DEV-2742 ([#2868](https://github.com/dasch-swiss/dsp-api/issues/2868)) ([8ba3bb5](https://github.com/dasch-swiss/dsp-api/commit/8ba3bb5c089a97249cf92b06101e2cf042c0b3ab))
+* Update dependencies fuseki and app ([#2856](https://github.com/dasch-swiss/dsp-api/issues/2856)) ([8123dbd](https://github.com/dasch-swiss/dsp-api/commit/8123dbd4667abd6191a87efcf0b5f595cdeaa69e))
+* Update Fuseki DEV-2743 ([#2869](https://github.com/dasch-swiss/dsp-api/issues/2869)) ([14f1911](https://github.com/dasch-swiss/dsp-api/commit/14f1911287ccbb819d5799b94f82d6b1242f07f9))
+* update PR template ([#2878](https://github.com/dasch-swiss/dsp-api/issues/2878)) ([6c04101](https://github.com/dasch-swiss/dsp-api/commit/6c04101c3c4e9a9b39460c9e0748eadb04ef0468))
+* Update spring-security-core to 6.1.4 ([#2865](https://github.com/dasch-swiss/dsp-api/issues/2865)) ([b75edaf](https://github.com/dasch-swiss/dsp-api/commit/b75edaf724c880ef1a4333523300468dcfa26308))
+
+
+### Documentation
+
+* remove inexisting pages from navigation bar ([#2871](https://github.com/dasch-swiss/dsp-api/issues/2871)) ([dd2dfe6](https://github.com/dasch-swiss/dsp-api/commit/dd2dfe61810bd3b1ad38731893e244ad15e30441))
+
 ## [30.3.0](https://github.com/dasch-swiss/dsp-api/compare/v30.2.1...v30.3.0) (2023-09-28)
 
 

docs/03-endpoints/api-admin/projects.md

@@ -5,29 +5,29 @@
 
 # Projects Endpoint
 
-| Scope           | Route                                                          | Operations | Explanation                                                             |
-| --------------- | -------------------------------------------------------------- |------------|-------------------------------------------------------------------------|
-| projects        | `/admin/projects`                                              | `GET`      | [get all projects](#get-all-projects)                                   |
-| projects        | `/admin/projects`                                              | `POST`     | [create a project](#create-a-new-project)                               |
-| projects        | `/admin/projects/shortname/{shortname}`                        | `GET`      | [get a single project](#get-project-by-id)                              |
-| projects        | `/admin/projects/shortcode/{shortcode}`                        | `GET`      | [get a single project](#get-project-by-id)                              |
-| projects        | `/admin/projects/iri/{iri}`                                    | `GET`      | [get a single project](#get-project-by-id)                              |
-| projects        | `/admin/projects/iri/{iri}`                                    | `PUT`      | [update a project](#update-project-information)                         |
-| projects        | `/admin/projects/iri/{iri}`                                    | `DELETE`   | [delete a project](#delete-a-project)                                   |
-| projects        | `/admin/projects/iri/{iri}/AllData`                            | `GET`      | [get all data of a project](#get-all-data-of-a-project)                 |
-| project members | `/admin/projects/shortname/{shortname}/members`                | `GET`      | [get all project members](#get-project-members-by-id)                   |
-| project members | `/admin/projects/shortcode/{shortcode}/members`                | `GET`      | [get all project members](#get-project-members-by-id)                   |
-| project members | `/admin/projects/iri/{iri}/members`                            | `GET`      | [get all project members](#get-project-members-by-id)                   |
-| project members | `/admin/projects/shortname/{shortname}/admin-members`          | `GET`      | [get all project admins](#get-project-admins-by-id)                     |
-| project members | `/admin/projects/shortcode/{shortcode}/admin-members`          | `GET`      | [get all project admins](#get-project-admins-by-id)                     |
-| project members | `/admin/projects/iri/{iri}/admin-members`                      | `GET`      | [get all project admins](#get-project-admins-by-id)                     |
-| keywords        | `/admin/projects/Keywords`                                     | `GET`      | [get all project keywords](#get-all-keywords)                           |
-| keywords        | `/admin/projects/iri/{iri}/Keywords`                           | `GET`      | [get project keywords of a single project](#get-keywords-of-a-project)  |
-| view settings   | `/admin/projects/shortname/{shortname}/RestrictedViewSettings` | `GET`      | [get restricted view settings for a project](#restricted-view-settings) |
-| view settings   | `/admin/projects/shortcode/{shortcode}/RestrictedViewSettings` | `GET`      | [get restricted view settings for a project](#restricted-view-settings) |
-| view settings   | `/admin/projects/iri/{iri}/RestrictedViewSettings`             | `GET`      | [get restricted view settings for a project](#restricted-view-settings) |
-| view settings   | `/admin/projects/iri/{iri}/RestrictedViewSettings`             | `POST`     | [set restricted view settings for a project](#restricted-view-settings) |
-| view settings   | `/admin/projects/shortcode/{shortcode}/RestrictedViewSettings` | `POST`     | [set restricted view settings for a project](#restricted-view-settings) |
+| Scope           | Route                                                          | Operations | Explanation                                                                 |
+| --------------- | -------------------------------------------------------------- |------------|-----------------------------------------------------------------------------|
+| projects        | `/admin/projects`                                              | `GET`      | [get all projects](#get-all-projects)                                       |
+| projects        | `/admin/projects`                                              | `POST`     | [create a project](#create-a-new-project)                                   |
+| projects        | `/admin/projects/shortname/{shortname}`                        | `GET`      | [get a single project](#get-project-by-id)                                  |
+| projects        | `/admin/projects/shortcode/{shortcode}`                        | `GET`      | [get a single project](#get-project-by-id)                                  |
+| projects        | `/admin/projects/iri/{iri}`                                    | `GET`      | [get a single project](#get-project-by-id)                                  |
+| projects        | `/admin/projects/iri/{iri}`                                    | `PUT`      | [update a project](#update-project-information)                             |
+| projects        | `/admin/projects/iri/{iri}`                                    | `DELETE`   | [delete a project](#delete-a-project)                                       |
+| projects        | `/admin/projects/iri/{iri}/AllData`                            | `GET`      | [get all data of a project](#get-all-data-of-a-project)                     |
+| project members | `/admin/projects/shortname/{shortname}/members`                | `GET`      | [get all project members](#get-project-members-by-id)                       |
+| project members | `/admin/projects/shortcode/{shortcode}/members`                | `GET`      | [get all project members](#get-project-members-by-id)                       |
+| project members | `/admin/projects/iri/{iri}/members`                            | `GET`      | [get all project members](#get-project-members-by-id)                       |
+| project members | `/admin/projects/shortname/{shortname}/admin-members`          | `GET`      | [get all project admins](#get-project-admins-by-id)                         |
+| project members | `/admin/projects/shortcode/{shortcode}/admin-members`          | `GET`      | [get all project admins](#get-project-admins-by-id)                         |
+| project members | `/admin/projects/iri/{iri}/admin-members`                      | `GET`      | [get all project admins](#get-project-admins-by-id)                         |
+| keywords        | `/admin/projects/Keywords`                                     | `GET`      | [get all project keywords](#get-all-keywords)                               |
+| keywords        | `/admin/projects/iri/{iri}/Keywords`                           | `GET`      | [get project keywords of a single project](#get-keywords-of-a-project)      |
+| view settings   | `/admin/projects/shortname/{shortname}/RestrictedViewSettings` | `GET`      | [get restricted view settings for a project](#get-restricted-view-settings) |
+| view settings   | `/admin/projects/shortcode/{shortcode}/RestrictedViewSettings` | `GET`      | [get restricted view settings for a project](#get-restricted-view-settings) |
+| view settings   | `/admin/projects/iri/{iri}/RestrictedViewSettings`             | `GET`      | [get restricted view settings for a project](#get-restricted-view-settings) |
+| view settings   | `/admin/projects/iri/{iri}/RestrictedViewSettings`             | `POST`     | [set restricted view settings for a project](#set-restricted-view-settings) |
+| view settings   | `/admin/projects/shortcode/{shortcode}/RestrictedViewSettings` | `POST`     | [set restricted view settings for a project](#set-restricted-view-settings) |
 
 ## Project Operations
 
@@ -161,7 +161,10 @@ Errors:
 
 - `400 Bad Request` if the project already exists or any of the provided properties is invalid.
 - `401 Unauthorized` if authorization failed.
-
+
+### Default set of RestrictedViewSize
+Starting from DSP 2023.10.02 release, the creation of new project will also set the `RestrictedViewSize` to default
+value, which is: `!512,512`. It is possible to change the value using [dedicated routes](#set-restricted-view-settings).
 
 #### Default set of permissions for a new project:
 When a new project is created, following default permissions are added to its admins and members:

docs/03-endpoints/api-v2/authentication.md

@@ -5,48 +5,27 @@
 
 # Authentication
 
-Access to the DSP-API can for certain operations require a user to authenticate.
-Authentication can be performed in two ways:
+Certain routes are secured and require authentication.
+When accessing any secured route we support three options for authentication:
 
-1. By providing *password credentials*, which are a combination of a *identifier* and
-   *password*. The user *identifier* can be one of the following:
-    - the user's IRI,
-    - the user's Email, or
-    - the user's Username.
+- **Preferred method**: For each request an [Access Token](#Access-Token-/-Login-and-Logout) is sent in the HTTP
+  authorization
+  header with the
+  [HTTP bearer scheme](https://tools.ietf.org/html/rfc6750#section-2.1).
+- **Deprecated method**: For each request an [Access Token](#Access-Token-/-Login-and-Logout) is provided as a cookie in
+  the HTTP request.
+- **Deprecated method**: [HTTP basic authentication](https://en.wikipedia.org/wiki/Basic_access_authentication), where
+  the username is the user's `email`.
 
-2. By providing an *access token*
+## Access Token / Login and Logout
 
-## Submitting Password Credentials
-
-When accessing any route and password credentials would need to be sent,
-we support two options to do so:
-
-- in the URL submitting the parameters `iri` / `email` / `username` and `password`
-  (e.g., <http://knora-host/v1/resources/resIri?email=userUrlEncodedIdentifier&password=pw>), and
-- in the HTTP header ([HTTP basic
-  authentication](https://en.wikipedia.org/wiki/Basic_access_authentication)), where the
-  identifier can be the user's `email` (IRI and username not supported).
-
-When using Python's module `requests`, the credentials can simply be submitted as a tuple with
-each request using the param `auth` ([python requests](http://docs.python-requests.org/en/master/user/authentication/#basic-authentication)).
-
-## Access Token / Session / Login and Logout
-
-A client can generate an *access token* by sending a POST request (e.g., `{"identifier_type":"identifier_value",
+A client can obtain an *access token* by sending a POST request (e.g., `{"identifier_type":"identifier_value",
 "password":"password_value"}`) to the **/v2/authentication** route with
 *identifier* and *password* in the body. The `identifier_type` can be `iri`, `email`, or `username`.
 If the credentials are valid, a [JSON WEB Token](https://jwt.io) (JWT) will be sent back in the
 response (e.g., `{"token": "eyJ0eXAiOiJ..."}`). Additionally, for web browser clients a session cookie
 containing the JWT token is also created, containing `KnoraAuthentication=eyJ0eXAiOiJ...`.
 
-When accessing any route, the *access token* would need to be supplied, we support three options to do so:
-
-- the session cookie,
-- in the URL submitting the parameter `token` (e.g., <http://knora-host/v1/resources/resIri?token=1234567890>), and
-- in the HTTP authorization header with the [HTTP bearer scheme](https://tools.ietf.org/html/rfc6750#section-2.1).
-
-If the token is successfully validated, then the user is deemed authenticated.
-
 To **logout**, the client sends a DELETE request to the same route **/v2/authentication** and
 the *access token* in one of the three described ways. This will invalidate the access token,
 thus not allowing further request that would supply the invalidated token.
@@ -58,5 +37,5 @@ supplied as URL parameters or HTTP authentication headers as described before.
 
 ## Usage Scenarios
 
-1.  Create token by logging-in, send token on each subsequent request, and logout when finished.
-2.  Send email/password credentials on every request.
+1. Create token by logging-in, send token on each subsequent request, and logout when finished.
+2. Send email/password credentials on every request.

docs/05-internals/design/api-admin/administration.md

@@ -194,15 +194,6 @@ values can be used:
       - usage: used as a value for the *knora-base:hasPermissions*
         property.
 
-3.  Ontology Administration Permissions:
-
-    1)  **ProjectAdminOntologyAllPermission**:
-
-      - description: gives the user the permission to administrate
-        the project ontologies
-      - usage: used as a value for the *knora-base:hasPermissions*
-        property.
-
 The administrative permissions are stored in a compact format in a
 single string, which is the object of the predicate
 `knora-base:hasPermissions` attached to an instance of the
@@ -462,8 +453,7 @@ and the same as RDF:
                                 ProjectAdminAllPermission|
                                 ProjectAdminGroupAllPermission|
                                 ProjectAdminGroupRestrictedPermission "<http://rdfh.ch/groups/[shortcode]/[UUID]>, <http://rdfh.ch/groups/[shortcode]/[UUID]>"|
-                                ProjectAdminRightsAllPermission|
-                                ProjectAdminOntologyAllPermission"^^xsd:string .
+                                ProjectAdminRightsAllPermission"^^xsd:string .
 ```
 
 **Default Object Access Permission Structure**: