Created custom css style upload

[milospp]

VIVO GitHub issue
Linked Vivo PR

What does this pull request do?

This pull request enables administrators to manage custom CSS styles directly from the Site Admin page. Admins can upload, download, and remove custom CSS styles, as well as reset styles to ensure accessibility and functionality remain intact.

What's new?

1. Added a new page for managing custom CSS styles under Site Admin > Site Information.
2. Features include:
   • Upload custom CSS files to override existing styles.
   • Download current custom CSS.
   • Remove custom CSS to revert to the default styles.
3. Added download links for CSS files used in the current theme.
4. Created a Reset button that remains visible and functional, even when styles are broken due to invalid or problematic CSS.

Additional Notes

This PR introduces ReferrerHelper.java
This util class easily retrieves the previous page from the request and uses it for the back button.
The traditional approach for handling the back button was to always navigate to the document.referrer or previously visited page. However, this strategy breaks when dealing with nested navigation flows.
Home -> Page 2 -> Page 3
when the user is on Page 3 and clicks the back button, they are correctly taken back to Page 2. But at that point, the referrer becomes Page 3 again. So if the user clicks back on Page 2, they are taken to Page 3—creating an infinite loop between Page 2 and Page 3.

This ReferrerHelper class mitigates the problem by preventing the referrer from being overwritten in such nested navigation flows.

Screenshoots

Style edit page

Example css

body {
    background: #333;
}

Broken contrast css (RESET button is still visible)

How should this be tested?

Test for every theme

Uploading regular CSS

1. Login as an admin.
2. Navigate to Site Admin > Site Information > Change CSS Styles.
3. Test downloading the default styles.
4. Upload a custom CSS file with the following content

body {
    background: red;
}

5. Clikc upload
   Expected Result: The site background should change to red.

Download Custom CSS

1. After uploading custom CSS, return to the Change CSS Styles page.
2. Click Download Custom CSS.
   Expected Result: The downloaded file should match the uploaded custom CSS.

Removing Custom CSS

After uploading custom CSS, navigate to the Change CSS Styles page.
Click Remove Custom CSS.
Expected Result: The site should revert to the default styles.

Uploading broken CSS

1. Test with CSS that introduces accessibility or visibility issues, such as
   Example:

* {
    background: white !important;
    color: white !important;
    border-color: transparent !important;
}

or

* {
    background: white !important;
    color: white !important;
    border-color: transparent !important;
    display: none !important;
    opacity: 0 !important;
    visibility: hidden !important;
}

2. Upload the CSS file and observe the Reset button.
   Reset button should still be visible and working
3. Click Reset

Additional Notes:

The custom CSS file is saved using the Vitro FileStorage class and file is stored into vivo-home/uploads.
The file's path is stored in the ApplicationBean under the key customCssPath (vitro-kb-applicationMetadata).

[balmas]

On the whole, this works as documented.

The CSS links on the Style upload page are broken when VIVO is deployed at the root and not /vivo.

Also there is some security risk with this feature as a whole, since it's possible that CSS injection could be used in the uploaded css file (or potentially other malware). I suppose this is mitigated by the fact that only an admin has access to the page, but it still feels worth pointing out.

I wonder if it would be better to allow the user to specify a remote url for css rather than uploading the file locally.

[balmas]

These links don't work if VIVO is deployed at the root instead of at /vivo

[milospp]

Great catch, I'll fix this right away

[balmas]

With the fix to the css links in place, I'm good with this PR now.

[litvinovg]

I think instead you could create a static String field initialized with the same code and updated by SiteStyleController.

[litvinovg]

Hardcoding theme paths is not an option. It will be broken once theme is renamed for customization.

[balmas]

This seems to work well enough. My review is mostly of the functionality and not of the code itself. It would be good to have someone with more familiarity with the VIVO code to confirm the code. I did have a couple of minor suggestions for wording changes for clarity but they aren't critical.

[litvinovg]

Could you fix wildcard import here?

[litvinovg]

I think it is not used.

[milospp]

Missed that one to remove. Fixed

[litvinovg]

Buttons look different

[milospp]

Fixed padding

[litvinovg]

Is there a way to avoid "null" special value?

[milospp]

It looks like this isn't used, I initially added it to improve the robustness of the function, but on closer inspection, it seems that workflow is never going to happen.
Removed that check

[litvinovg]

Is this used somewhere?

[milospp]

This is intended for direct API calls to reset CSS. It should not be used in regular workflows—only as a fallback solution.

[litvinovg]

How this html is used in direct API calls? I couldn't find the code.

[milospp]

To check what file is uploaded
http://localhost:8080/vivo/siteStyle

To remove file (works only if admin is logged in)
http://localhost:8080/vivo/siteStyle?action=remove

[milospp]

This is the same request that is sent when the user clicks on the remove button, but in case somehow this is not available, this is a workaround

[litvinovg]

Uploaded css style file is not deleted on removal.

[litvinovg]

File related triples should be removed too.

[milospp]

Added deleting file on replace or remove CSS

[litvinovg]

Text should be in translation files I think

[milospp]

Resolved, added to i18n

[litvinovg]

I suggest using log.error(e, e)

[milospp]

Repalced

[litvinovg]

I suggest using log.error(e, e)

[milospp]

Repalced

[litvinovg]

As this new js code is page specific it would be better to move js code in a separate file to be only applicable to one page.

[milospp]

Since formBasic (and scripts are generally included via controller)

Vitro/api/src/main/java/edu/cornell/mannlib/vitro/webapp/controller/edit/ApplicationBeanRetryController.java

Line 88 in aeee7e7

request.setAttribute("scripts","/templates/edit/formBasic.js");

Should I replace this formBasic.js with my custom JS or include it inside the .ftl document?

[litvinovg]

Could new js be added in applicationBean_retry.jsp ?

[milospp]

I can add a <script> tag inside applicationBean_retry.jsp, which would inject the script into the body. This approach works technically, and it aligns with how scripts are already being included in some other parts of VIVO. However, my only concern is whether it's clean practice to place script tags in the body instead of the head, as is typically recommended.

Currently in formBasic.js, there is only this code, which I think is not used in this jsp page, therefore I can also replace the script inside Controller without problems.

<!-- $This file is distributed under the terms of the license in LICENSE$ -->
<script language="JavaScript" type="text/javascript">
function confirmDelete() {
    var msg="Are you SURE you want to delete this record? If in doubt, CANCEL."
    return confirm(msg);
}
</script>

What do you think?

[litvinovg]

if it is not used on the page, then sure it should be easier to just replace formBasic.js with new js filename.

[milospp]

Split into separate parts. Please check if I didn’t accidentally introduce any issues.