Allow different group (other then tei) for generated application

[daliboris]

The application generated by TEI Publisher relies on the fact that its owner or (logged) user is a member of the tei security group (in eXist.db). This can be a security issue for multiple applications running on the same server.

I suggest to extend the application generation dialog where you can define not only the username and password, but also the eXist-db database group (which should be created if it doesn't exist).

I tried find in the source code whre the tei group, or related settings occurs. Here are my findings:

• the login domain in the config.xqm file: declare variable $config:login-domain := "org.exist.tei-simple";
• all <pb-login> elements with @group='tei', like
  • <pb-restricted group="tei"> in the documents.html, or odd-editor.html files
  • <pb-login id="login" group="tei" login-label="Login" role="button"/> in the menu-drawer.html
• restriction in the OpenAPI definitions (modules/lib/api.json). like

    "/api/upload": {
  "post": {
     "summary": "Upload a number of files to the top-level data collection of the app",
      "tags": ["collection"],
      "operationId": "capi:upload",
      "x-constraints": {
          "groups": ["tei"]
      },

• the deploy:expand-repo-descriptor() function in the modules/lib/api/generate.xql file

  declare function deploy:expand-repo-descriptor($meta as element(repo:meta), $json as map(*)) {
  <meta xmlns="http://exist-db.org/xquery/repo">
      <description>{$json?title}</description>
      { $meta/(repo:author|repo:status|repo:license|repo:copyright|repo:type|repo:prepare|repo:finish) }
      <target>{$json?abbrev}</target>
      <permissions user="{$json?owner}" password="{$json?password}"
          group="tei" mode="rw-r--r--"/>
  </meta>
  };