Permissions Messaging and Documentation [#2653]

doc/sphinx-guides/source/api/dataaccess.rst

@@ -10,7 +10,7 @@ More advanced features of the Access API include format-specific transformations
 Basic File Access
 -----------------
 
-Basic acces URI: 
+Basic access URI: 
 
 ``/api/access/datafile/$id``
 

doc/sphinx-guides/source/developers/dev-environment.rst

@@ -236,7 +236,7 @@ You can check the current SMTP server with the ``asadmin`` command:
 
 ``asadmin get server.resources.mail-resource.mail/notifyMailSession.host``
 
-This command helps verify what host your domain is using to send mail. Even if it's the correct hostname, you may still need to adjust settings. If all else fails, there are some free SMTP service options available such as Gmail and MailGun. Let's find where we can configure it.
+This command helps verify what host your domain is using to send mail. Even if it's the correct hostname, you may still need to adjust settings. If all else fails, there are some free SMTP service options available such as Gmail and MailGun. This can be configured from the GlassFish console or the command line.
 
 1. First, navigate to your Glassfish admin console: http://localhost:4848
 2. From the left-side panel, select **JavaMail Sessions**
@@ -270,6 +270,11 @@ mail.smtp.socketFactory.class			javax.net.ssl.SSLSocketFactory
 
 Save these changes at the top of the page and restart your Glassfish server to try it out.
 
+The mail session can also be set from command line. To use this method, you will need to delete your notifyMailSession and create a new one. See the below example:
+
+- Delete: ``asadmin delete-javamail-resource mail/MyMailSession``
+- Create (remove brackets and replace the variables inside): ``asadmin create-javamail-resource --mailhost [smtp.gmail.com] --mailuser [test\@test\.com] --fromaddress [test\@test\.com] --property mail.smtp.auth=[true]:mail.smtp.password=[password]:mail.smtp.port=[465]:mail.smtp.socketFactory.port=[465]:mail.smtp.socketFactory.fallback=[false]:mail.smtp.socketFactory.class=[javax.net.ssl.SSLSocketFactory] mail/notifyMailSession``
+
 These properties can be tailored to your own preferred mail service, but if all else fails these settings work fine with Dataverse development environments for your localhost.
 
 + If you're seeing a "Relay access denied" error in your Glassfish logs when your app attempts to send an email, double check your user/password credentials for the Mail Host you're using.

doc/sphinx-guides/source/installation/config.rst

@@ -1194,4 +1194,13 @@ This setting is experimental and related to Repository Storage Abstraction Layer
 
 Limit on how many guestbook entries to display on the guestbook-responses page. By default, only the 5000 most recent entries will be shown. Use the standard settings API in order to change the limit. For example, to set it to 10,000, make the following API call: 
 
-``curl -X PUT -d 10000 http://localhost:8080/api/admin/settings/:GuestbookResponsesPageDisplayLimit`` 
+``curl -X PUT -d 10000 http://localhost:8080/api/admin/settings/:GuestbookResponsesPageDisplayLimit``
+
+:CustomDatasetSummaryFields
++++++++++++++++++++++++++++++
+
+You can replace the default dataset metadata fields that are displayed above files table on the dataset page with a custom list separated by commas using the curl command below.
+
+``curl http://localhost:8080/api/admin/settings/:CustomDatasetSummaryFields -X PUT -d 'producer,subtitle,alternativeTitle'``
+
+You have to put the datasetFieldType name attribute in the :CustomDatasetSummaryFields setting for this to work. 

doc/sphinx-guides/source/installation/installation-main.rst

@@ -126,9 +126,9 @@ If your mail host requires a username/password for access, continue to the next
 Mail Host Configuration & Authentication
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 
-If you need to alter your mail host address, user, or provide a password to connect with, these settings are easily changed in the Glassfish admin console. 
+If you need to alter your mail host address, user, or provide a password to connect with, these settings are easily changed in the Glassfish admin console or via command line. 
 
-In a browser, with your domain online, navigate to http://localhost:4848 and on the side panel find JavaMail Sessions. By default, Dataverse uses a session named mail/notifyMailSession for routing outgoing emails. Click this mail session in the window to modify it.
+For the Glassfish console, load a browser with your domain online, navigate to http://localhost:4848 and on the side panel find JavaMail Sessions. By default, Dataverse uses a session named mail/notifyMailSession for routing outgoing emails. Click this mail session in the window to modify it.
 
 When fine tuning your JavaMail Session, there are a number of fields you can edit. The most important are:
 
@@ -163,6 +163,11 @@ mail.smtp.socketFactory.fallback		false
 mail.smtp.socketFactory.class			javax.net.ssl.SSLSocketFactory
 ======================================	==============================
 
+The mail session can also be set from command line. To use this method, you will need to delete your notifyMailSession and create a new one. See the below example:
+
+- Delete: ``asadmin delete-javamail-resource mail/MyMailSession``
+- Create (remove brackets and replace the variables inside): ``asadmin create-javamail-resource --mailhost [smtp.gmail.com] --mailuser [test\@test\.com] --fromaddress [test\@test\.com] --property mail.smtp.auth=[true]:mail.smtp.password=[password]:mail.smtp.port=[465]:mail.smtp.socketFactory.port=[465]:mail.smtp.socketFactory.fallback=[false]:mail.smtp.socketFactory.class=[javax.net.ssl.SSLSocketFactory] mail/notifyMailSession``
+
 Be sure you save the changes made here and then restart your Glassfish server to test it out.
 
 UnknownHostException While Deploying

doc/sphinx-guides/source/user/dataset-management.rst

@@ -243,26 +243,30 @@ This is where you will enable a particular Guestbook for your dataset, which is
 
 .. _permissions:
 
-Permissions
-===========
+Roles & Permissions
+=====================
 
 Dataset-Level 
 -------------
 
-Dataset permissions can be found from the dataset by clicking the "Edit" button and from the dropdown list selecting "Permissions".
+Admins or curators of a dataset can assign roles and permissions to the users of that dataset. If you are an admin or curator of a dataset, then you can get to the dataset permissions page by clicking the "Edit" button, highlighting "Permissions" from the dropdown list, and clicking "Dataset".
 
-The dataset permissions page has two sections: Users/Groups and Roles. In the top, "Users/Groups" panel, you can find all the users and groups that have access to your dataset. To give someone access to view your unpublished dataset or edit your published or unpublished dataset, click on the "Assign Roles to Users/Groups" button in the Users/Groups section.
+When you access a dataset's permissions page, you will see two sections:
 
-The panel below that is "Roles", where you can find all the roles set up in your dataverse, which you can assign to users and groups. These roles are set at your dataverse-level and are displayed here at the dataset-level as a reference for when you are granting permission to users and/or groups.
+**Users/Groups:** Here you can assign roles to specific users or groups of users, determining which actions they are permitted to take on your dataset. You can also reference a list of all users who have roles assigned to them for your dataset and remove their roles if you please. Some of the users listed may have roles assigned at the dataverse level, in which case those roles can only be removed from the dataverse permissions page.
+
+**Roles:** Here you can reference a full list of roles that can be assigned to users of your dataset. Each role lists the permissions that it offers.
 
 File-Level
 ----------
 
-If you have restricted specific files, the file-level permissions is where you will need to go to grant users/groups access to
-specific restricted files. Dataset file permissions are located under Permissions in the Edit button on a dataset page. 
-The file permissions page has two sections: Users/Groups and Files.
+If you have restricted access to specific files in your dataset, you can grant specific users or groups access to those files while still keeping them restricted to the general public. If you are an admin or curator of a dataset, then you can get to the file-level permissions page by clicking the "Edit" button, highlighting "Permissions" from the dropdown list, and clicking "File".
+
+When you access a dataset's file-level permissions page, you will see two sections:
+
+**Users/Groups:** Here you can see which users or groups have been granted access to which files. You can click the "Grant Access to Users/Groups" button to see a box where you can grant access to specific files within your dataset to specific users or groups. If any users have requested access to a file in your dataset, you can grant or reject their access request here.
 
-To give someone access to your restricted files, click on the Grant Access to Users/Groups button in the Users/Groups section. 
+**Restricted Files:** In this section, you can see the same information, but broken down by each individual file in your dataset. For each file, you can click the "Assign Access" button to see a box where you can grant access to that file to specific users.
 
 .. _thumbnails-widgets:
 

doc/sphinx-guides/source/user/dataverse-management.rst

@@ -90,35 +90,53 @@ Adding Widgets to an OpenScholar Website
 
 .. _dataverse-permissions:
 
-Permissions 
+Roles & Permissions 
 =======================================================
-When you access a dataverse's permissions page, you will see there are three sections: Permissions, Users/Groups, and Roles. 
+Admins of a dataverse can assign roles and permissions to the users of that dataverse. If you are an admin on a dataverse, then you will find the link to the Permissions page under the Edit dropdown on the dataverse page. 
 
 |image2|
 
 Clicking on Permissions will bring you to this page:
 
 |image3|
 
-By clicking on the Edit Access button, you are able to change the settings allowing no one or anyone to add either dataverses or datasets to a dataverse.
+When you access a dataverse's permissions page, you will see three sections:
+
+**Permissions:** Here you can decide the requirements that determine which types of users can add datasets and sub dataverses to your dataverse, and what permissions they'll be granted when they do so.
+
+**Users/Groups:** Here you can assign roles to specific users or groups of users, determining which actions they are permitted to take on your dataverse. You can also reference a list of all users who have roles assigned to them for your dataverse and remove their roles if you please.
+
+**Roles:** Here you can reference a full list of roles that can be assigned to users of your dataverse. Each role lists the permissions that it offers.
+
+Setting Access Configurations
+---------------------------------------------
+Under the Permissions tab, you can click the "Edit Access" button to open a box where you can add to your dataverse and what permissions are granted to those who add to your dataverse.
 
 |image4|
 
-The Edit Access pop up allows you to also select if someone adding a dataset to this dataverse should be allowed to publish it (Curator role) or if the dataset will be submitted to the administrator of this dataverse to be reviewed then published (Contributor role). These Access settings can be changed at any time.
+The first question on this page allows you to determine how open your dataverse is to new additions - you can set whether or not the entire userbase (all logged in users) has the ability to add datasets or sub dataverses to your dataverse. 
 
-Assign Role
------------------------
-You can also give access to a Dataverse user to allow them to access an unpublished dataverse as well as other roles. To do this, click on the Assign Roles to Users/Groups button in the Users/Groups section. You can also give multiple users the same role at one time. This roles can be removed at any time.
+The second question on this page allows you to choose the role (and thus the permissions) granted to users who add a dataset to your dataverse. The role you select will be automatically granted to any user who creates a dataset on your dataverse, on that dataset, at the moment that he or she creates it. The role the user is given determines his or her permissions for the dataset they've created. The key difference between the two roles is that curators can publish their own datasets, while contributors must submit the dataset to be reviewed before publication. Additionally, curators can manage dataset permissions. Note that this setting does not retroactively apply roles to users who have previously added datasets to your dataverse; it only applies to users adding new datasets going forward.
+
+Both of these settings can be changed at any time.
+
+Assigning Roles to Users and Groups
+------------------------------------------
+Under the Users/Groups tab, you can add, edit, or remove the roles granted to users and groups on your dataverse. A role is a set of permissions granted to a user or group when they're using your dataverse. For example, giving your research assistant the "Contributor" role would give him the following self-explanatory permissions on your dataverse and all datasets within your dataverse: "ViewUnpublishedDataset", "DownloadFile", "EditDataset", and "DeleteDatasetDraft". He would, however, lack the "PublishDataset" permission, and thus would be unable to publish datasets on your dataverse. If you wanted to give him that permission, you would give him a role with that permission, like the Curator role. Users and groups can hold multiple roles at the same time if needed. Roles can be removed at any time. All roles and their associated permissions are listed under the "Roles" tab of the same page.
 
 |image5|
 
+Note that the Dataset Creator role and Contributor role are sometimes confused. The Dataset Creator role is assigned at the dataverse level and allows a user to create new datasets in that dataverse. The Contributor role can be assigned at the dataset level, granting a user the ability to edit *that specific* dataset. Alternatively, the Contributor role can be assigned at the dataverse level, granting the user the ability to edit *all* datasets in that dataverse.
+
 |image6|
 
+Note: If you need to assign a role to ALL Dataverse user accounts, you can assign the role to the ":authenticated-users" group.
+
 .. _dataset-templates: 
 
 Dataset Templates
 ======================
-Templates are useful when you have several datasets that have the same information in multiple metadata fields that you would prefer not to have to keep manually typing in, or if you want to use a custom set of Terms of Use and Access for multiple datasets in a dataverse. In Dataverse 4.0, templates are created at the dataverse level, can be deleted (so it does not show for future datasets), set to default (not required), or can be copied so you do not have to start over when creating a new template with similiar metadata from another template. When a template is deleted, it does not impact the datasets that have used the template already.
+Templates are useful when you have several datasets that have the same information in multiple metadata fields that you would prefer not to have to keep manually typing in, or if you want to use a custom set of Terms of Use and Access for multiple datasets in a dataverse. In Dataverse 4.0, templates are created at the dataverse level, can be deleted (so it does not show for future datasets), set to default (not required), or can be copied so you do not have to start over when creating a new template with similar metadata from another template. When a template is deleted, it does not impact the datasets that have used the template already.
 
 How do you create a template? 
 

src/main/java/Bundle.properties

@@ -888,7 +888,7 @@ dataverse.permissions.Q1.answer1=Anyone adding to this dataverse needs to be giv
 dataverse.permissions.Q1.answer2=Anyone with a Dataverse account can add sub dataverses
 dataverse.permissions.Q1.answer3=Anyone with a Dataverse account can add datasets
 dataverse.permissions.Q1.answer4=Anyone with a Dataverse account can add sub dataverses and datasets
-dataverse.permissions.Q2=What should be the default role for someone adding datasets to this dataverse?
+dataverse.permissions.Q2=When a user adds a new dataset to this dataverse, which role should be automatically assigned to them on that dataset?
 dataverse.permissions.Q2.answer.editor.description=- Edit metadata, upload files, and edit files, edit Terms, Guestbook, Submit datasets for review
 dataverse.permissions.Q2.answer.manager.description=- Edit metadata, upload files, and edit files, edit Terms, Guestbook, File Restrictions (Files Access + Use)
 dataverse.permissions.Q2.answer.curator.description=- Edit metadata, upload files, and edit files, edit Terms, Guestbook, File Restrictions (Files Access + Use), Edit Permissions/Assign Roles + Publish
@@ -1683,3 +1683,16 @@ citationFrame.banner.message.here=here
 citationFrame.banner.closeIcon=Close this message, go to dataset
 citationFrame.banner.countdownMessage= This message will close in 
 citationFrame.banner.countdownMessage.seconds=seconds
+
+# Friendly AuthenticationProvider names
+authenticationProvider.name.builtin=Dataverse
+authenticationProvider.name.null=(provider is unknown)
+authenticationProvider.name.github=GitHub
+authenticationProvider.name.google=Google
+authenticationProvider.name.orcid=ORCiD
+authenticationProvider.name.orcid-sandbox=ORCiD Sandbox
+authenticationProvider.name.shib=Shibboleth
+ingest.csv.invalidHeader=Invalid header row. One of the cells is empty.
+ingest.csv.lineMismatch=Mismatch between line counts in first and final passes!, {0} found on first pass, but {1} found on second.
+ingest.csv.recordMismatch=Reading mismatch, line {0} of the Data file: {1} delimited values expected, {2} found.
+ingest.csv.nullStream=Stream can't be null.