Delete Roles via API not working

[veustp]

using
dataverse v. 4.20 build 413-4e07b62

Using the standard requests module from within a python environment (python 3.7.9):

import requests
headers = {'X-Dataverse-key':apiKeyProd,
'Content-Type':'application/json'}
r = requests.get(baseUrlProd+'/api/roles/11', headers=headers)

Getting the role works

b'{"status":"OK","data":{"alias":"rev","name":"reviewer","permissions":[],"description":"ReviewerRole","id":11,"ownerId":1}}'
Deleting the role:

r = requests.delete(baseUrlProd+'/api/roles/11', headers=headers)
b'{"status":"ERROR","message":"Command edu.harvard.iq.dataverse.engine.command.impl.DeleteRoleCommand@7bd352e6 failed: Exception thrown from bean: javax.ejb.EJBTransactionRolledbackException: Exception thrown from bean: java.lang.IllegalArgumentException: You have attempted to set a value of type class java.lang.Long for parameter roleId with expected type of class edu.harvard.iq.dataverse.authorization.DataverseRole from query string SELECT r FROM RoleAssignment r WHERE r.role=:roleId."}'
Does not work either.

Additional remark:
It was already quite difficult to get the role ID right - I expected it to be the "alias" but it needed to be the id which is nowhere displayed in the dataverse interface. It was not clear from the documentation what the ID should be that needed to be used for the API (https://guides.dataverse.org/en/latest/api/native-api.html#explicit-groups - see the Roles section)

Additional remark II: I mistakingly posted this earlier on the pydataverse repository and was requested by Danny Brooke to re-raise the issue here.

[pdurbin]

@veustp thanks for the bug report. Do you have access to server.log? That's where the details will be of why the command was rolled back. (Maybe the role is still in use?) Perhaps you can attach it here (you'll have to rename it to server.log.txt) or email it to support@dataverse.org.

Also, I checked out API test suite and we have examples of deleting role assignments but not roles themselves (from a quick look anyway). So, the definition of done for this issue should include adding some tests.

[veustp]

I did some more tests and have added the server.log file as requested.
The tests have been performed on our test system (v. 4.20 build 413-4e07b62)
I include some Python code to show what I've done.

#GETTING THE ROLES
for i in range(1, 13):
if (i != 10 and i != 11):
resp = api.get_request(baseUrl+"/api/roles/"+str(i))
x = resp.json()
print(str(x['data']['id'])+" "+x['data']['name'])

--> output:
1 Admin
2 File Downloader
3 Dataverse + Dataset Creator
4 Dataverse Creator
5 Dataset Creator
6 Contributor
7 Curator
8 Member
9 researcher
12 pdvrolename

The roles we created ourselves have an ownerId - which distinguishes them from the other (default) roles (e.g. Member below):
8 Member
{'status': 'OK', 'data': {'alias': 'member', 'name': 'Member', 'permissions': ['ViewUnpublishedDataverse', 'ViewUnpublishedDataset', 'DownloadFile'], 'description': 'A person who can view both unpublished dataverses and datasets.', 'id': 8}}
9 researcher
{'status': 'OK', 'data': {'alias': 'res', 'name': 'researcher', 'permissions': ['AddDataset', 'DownloadFile', 'EditDataset', 'ManageDatasetPermissions', 'PublishDataset', 'DeleteDatasetDraft'], 'description': 'ResearcherRole', 'id': 9, 'ownerId': 80}}
12 pdvrolename
{'status': 'OK', 'data': {'alias': 'pdvroleid', 'name': 'pdvrolename', 'permissions': ['AddDataset', 'ViewUnpublishedDataset', 'DownloadFile', 'EditDataset', 'ManageDatasetPermissions', 'PublishDataset', 'DeleteDatasetDraft'], 'description': 'pdvroledesc', 'id': 12, 'ownerId': 1}}

#TRYING TO DELETE THE ROLES THAT HAD BEEN CREATED
toDel = [9,12]
for i in toDel:
resp = api.delete_request(baseUrl+"/api/roles/9")
x = resp.json()
print(x)

--> output:
{'status': 'ERROR', 'message': 'Command edu.harvard.iq.dataverse.engine.command.impl.DeleteRoleCommand@24aa1124 failed: null'}
{'status': 'ERROR', 'message': 'Command edu.harvard.iq.dataverse.engine.command.impl.DeleteRoleCommand@77ebec0f failed: null'}

br,
Pieter
server.log.txt

[pdurbin]

@veustp thanks. I'm not sure what's going on but the problem is happening for me too on 5.3.

For anyone who picks this up, pay attention to this line:

https://github.com/IQSS/dataverse/blob/v5.3/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/DeleteRoleCommand.java#L27

In addition, the docs should be improved in the API Guide for create, show, and delete role.

[qqmyers]

FWIW: Looking at the code with java.lang.IllegalArgumentException: You have attempted to set a value of type class java.lang.Long for parameter roleId with expected type of class edu.harvard.iq.dataverse.authorization.DataverseRole from query string SELECT r FROM RoleAssignment r WHERE r.role=:roleId."}' in mind:
RoleAssignment has
private DataverseRole role;
while the query assumes role is the long id:

@NamedQuery( name  = "RoleAssignment.listByRoleId",
				 query = "SELECT r FROM RoleAssignment r WHERE r.role=:roleId" ),

[pdurbin]

@qqmyers yeah, you're right. It should probably be r.role.id=:roleId like other queries in RoleAssignment.

[sekmiller]

Expanded the scope a bit after consulting with Danny and Gustavo.

1. prevented the deletion of a built-in role via the /roles/ endpoint.
2. added an endpoint under admin to allow the deletion of built-in roles (since built in roles are created under admin)
3. allow the user to delete based on role's alias instead of id (can still delete by id)