-
Notifications
You must be signed in to change notification settings - Fork 479
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API only returns Deaccessioned Dataset Version if user has edit privileges on the version #10164
Comments
Hi @ekraffmiller 👋🏼 I have a possible solution but I wanted to check that "this is a bug not a feature" 😆. After having a fix on my environment I ran the DatasetsIT to verify that this change is not breaking any tests but I found that the following tests will show an error:
by the comments on the code:
|
@ekraffmiller - trying clarify what is needed: For an unauthorized user, you need the API call with &includeDeaccessioned=true&includeFiles=false to return the datasetversion info, but we still don't want &includeDeaccessioned=true&includeFiles=true to succeed, or for any other API that uses the includeDeaccessioned flag to succeed (like /api/datasets/id/versions/id/files)? Do you also need the {id}/versions/{versionId}/citation api to work? The reason for the question is that all of these calls use the getDatasetVersionOrDie method right now and if we need some but not all of the api calls to change behavior, we can't just let getDatasetVersionOrDie always return the deaccessioned version when asked regardless of permission. (I think trying that kind of fix is what causes the tests to fail for @jp-tosca.) If only some of the API calls change, we probably need something like a boolean flag for getDatasetVersionOrDie to ignore permissions that only works for those calls. |
This new email from Dario seems related: "Subject: Deaccessioning a dataset We still have a problem with a deaccessioned dataset. But now, the problem is still there, we cannot list the dataset in the API, because the dataverse platform won't return any answer when we issue API of the following form: At the end, can someone clear to us the following questions:
From https://groups.google.com/g/dataverse-community/c/MgkprLAlkfg/m/1Chom4dzAAAJ I'm not sure if the Search API is in scope for this issue or not. @jp-tosca specifically, perhaps as you're writing tests you could make assertions about search behavior and visibility while you're in there. Here are the rules according to the Dataverse 4.0 design doc on Deaccessioning: |
@qqmyers yes, we want &includeDeaccessioned=true&includeFiles=false to succeed. Also we need the citation ({id}/versions/{versionId}/citation api). For the View Dataset Page, we need to show the dataset version information and the citation, but not the files. |
@jp-tosca I think those calls you mention are all related to files, and since an unauthorized user doesn't have access to the deaccessioned files, then it is ok for these calls to fail, but we should check that with the rest of the team. |
What steps does it take to reproduce the issue?
http://localhost:8000/api/v1/datasets/:persistentId/versions/1.0?persistentId=doi:10.5072/FK2/VV0A0P&includeDeaccessioned=true&includeFiles=false
{"status":"ERROR","message":"Dataset version 1.0 of dataset 2 not found"}
When does this issue occur?
Using API from SPA to view Deaccessioned version
Which page(s) does it occurs on?
SPA Dataset View Page
What happens?
It shows the latest published page, or page not found
To whom does it occur (all users, curators, superusers)?
all
What did you expect to happen?
Return the Dataset Version
Which version of Dataverse are you using?
The latest unstable version from Docker Hub:
https://hub.docker.com/layers/gdcc/dataverse/unstable/images/sha256-d552309321453989fc55ddabe12c8ff996e039db77738353fe15246dc85c6aca?context=explore
Any related open or closed issues to this bug report?
no
Screenshots:
The text was updated successfully, but these errors were encountered: