Merge pull request #8995 from ErykKul/8994_permissions

Allow Dataset DOI in check permissions API request
IQSS · Apr 22, 2024 · 27d3767 · 27d3767
2 parents cf79282 + b67c731
commit 27d3767
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 28 deletions.
diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
@@ -5647,6 +5647,17 @@ List permissions a user (based on API Token used) has on a Dataverse collection
 
 The ``$identifier`` can be a Dataverse collection alias or database id or a dataset persistent ID or database id.
 
+.. note:: Datasets can be selected using persistent identifiers. This is done by passing the constant ``:persistentId`` where the numeric id of the dataset is expected, and then passing the actual persistent id as a query parameter with the name ``persistentId``.
+
+Example: List permissions a user (based on API Token used) has on a dataset whose DOI is *10.5072/FK2/J8SJZB*:
+
+.. code-block:: bash
+
+  export SERVER_URL=https://demo.dataverse.org
+  export PERSISTENT_IDENTIFIER=doi:10.5072/FK2/J8SJZB
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/admin/permissions/:persistentId?persistentId=$PERSISTENT_IDENTIFIER"
+
 Show Role Assignee
 ~~~~~~~~~~~~~~~~~~
 

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java b/src/main/java/edu/harvard/iq/dataverse/api/AbstractApiBean.java
@@ -42,6 +42,7 @@
 import jakarta.persistence.NoResultException;
 import jakarta.persistence.PersistenceContext;
 import jakarta.servlet.http.HttpServletRequest;
+import jakarta.validation.constraints.NotNull;
 import jakarta.ws.rs.container.ContainerRequestContext;
 import jakarta.ws.rs.core.Context;
 import jakarta.ws.rs.core.MediaType;
@@ -531,17 +532,21 @@ protected DvObject findDvo( Long id ) {
      * with that alias. If that fails, tries to get a {@link Dataset} with that global id.
      * @param id a value identifying the DvObject, either numeric of textual.
      * @return A DvObject, or {@code null}
+     * @throws WrappedResponse
      */
-	protected DvObject findDvo( String id ) {
-        if ( isNumeric(id) ) {
-            return findDvo( Long.valueOf(id)) ;
+    @NotNull
+    protected DvObject findDvo(@NotNull final String id) throws WrappedResponse {
+        DvObject d = null;
+        if (isNumeric(id)) {
+            d = findDvo(Long.valueOf(id));
         } else {
-            Dataverse d = dataverseSvc.findByAlias(id);
-            return ( d != null ) ?
-                    d : datasetSvc.findByGlobalId(id);
-
+            d = dataverseSvc.findByAlias(id);
         }
-	}
+        if (d == null) {
+            return findDatasetOrDie(id);
+        }
+        return d;
+    }
 
     protected <T> T failIfNull( T t, String errorMessage ) throws WrappedResponse {
         if ( t != null ) return t;

diff --git a/src/main/java/edu/harvard/iq/dataverse/api/Admin.java b/src/main/java/edu/harvard/iq/dataverse/api/Admin.java
@@ -1353,26 +1353,24 @@ public Response convertUserFromBcryptToSha1(String json) {
 
 	}
 
-	@Path("permissions/{dvo}")
-	@AuthRequired
-	@GET
-	public Response findPermissonsOn(@Context ContainerRequestContext crc, @PathParam("dvo") String dvo) {
-		try {
-			DvObject dvObj = findDvo(dvo);
-			if (dvObj == null) {
-				return notFound("DvObject " + dvo + " not found");
-			}
-			User aUser = getRequestUser(crc);
-			JsonObjectBuilder bld = Json.createObjectBuilder();
-			bld.add("user", aUser.getIdentifier());
-			bld.add("permissions", json(permissionSvc.permissionsFor(createDataverseRequest(aUser), dvObj)));
-			return ok(bld);
-
-		} catch (Exception e) {
-			logger.log(Level.SEVERE, "Error while testing permissions", e);
-			return error(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
-		}
-	}
+    @Path("permissions/{dvo}")
+    @AuthRequired
+    @GET
+    public Response findPermissonsOn(@Context final ContainerRequestContext crc, @PathParam("dvo") final String dvo) {
+        try {
+            final DvObject dvObj = findDvo(dvo);
+            final User aUser = getRequestUser(crc);
+            final JsonObjectBuilder bld = Json.createObjectBuilder();
+            bld.add("user", aUser.getIdentifier());
+            bld.add("permissions", json(permissionSvc.permissionsFor(createDataverseRequest(aUser), dvObj)));
+            return ok(bld);
+        } catch (WrappedResponse r) {
+            return r.getResponse();
+        } catch (Exception e) {
+            logger.log(Level.SEVERE, "Error while testing permissions", e);
+            return error(Response.Status.INTERNAL_SERVER_ERROR, e.getMessage());
+        }
+    }
 
 	@Path("assignee/{idtf}")
 	@GET