Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

as a Dataverse administrator, I'd like to be able to use the API to configure the default role assigned to a user creating a dataset #5307

Closed
pameyer opened this issue Nov 14, 2018 · 28 comments
Closed

as a Dataverse administrator, I'd like to be able to use the API to configure the default role assigned to a user creating a dataset #5307

pameyer opened this issue Nov 14, 2018 · 28 comments
Assignees
@kcondon
Milestone
4.10 - Additional...

Comments

@pameyer
Copy link
Contributor

pameyer commented Nov 14, 2018
edited

The "Edit Access" configuration option can be used to assign the default role for a user creating a dataset within a dataverse:
screen shot 2018-11-13 at 8 47 49 pm

It would be preferable if this could be configured by API, and support more than two hard-coded roles (Contributor and Curator).
@djbrooke
Copy link
Contributor

@pameyer - let's discuss in sprint planning today, interested in the use case and thoughts from the rest of the team.

@TaniaSchlatter
Copy link
Member

The team discussed allowing the role to be changed in the API, and adding the new role to the UI as the selected option. The user would be able to use the UI to select one of the other options.

@djbrooke djbrooke changed the title as a Dataverase administrator, I'd like to be able to configure the default roles assigned to a user creating a dataset by API as a Dataverse administrator, I'd like to be able to configure the default roles assigned to a user creating a dataset by API Nov 14, 2018
@sekmiller sekmiller self-assigned this Nov 15, 2018
sekmiller added a commit that referenced this issue Nov 15, 2018
@sekmiller
#5307 Add update ds creator default role api
05e809f
@sekmiller
Copy link
Contributor

@mheppler can you please take a look at what I did in permissions-configure and permissions-manage with respect to custom default contributors' roles. Basically, if there's a custom role I disable the option buttons and display what I can from the custom role (name and description).

Thanks!

@mheppler mheppler self-assigned this Nov 15, 2018
@mheppler
Copy link
Contributor

Sure, @sekmiller, I can take a look tomorrow. Thanks for the heads up. Are there any database update scripts that I need? Or an API command you can provide me to create the new custom role?

@pameyer
Copy link
Contributor Author

pameyer commented Nov 15, 2018

I've got a custom role API command handy: curl -H "content-type: application/json" -X POST --upload-file sys1-role.json "http://localhost:8080/api/admin/roles"

where sys1-role.json has:

{
  "alias": "sys1",
  "name": "system 1",
  "description": "restricted system role, create only",
  "permissions": [
    "AddDataset"
  ]
}

@sekmiller
Copy link
Contributor

@pameyer do we need any guardrails here? Right now I allow you to make any built-in role or custom role that belongs to the dataverse to be set as the dataset creator default role. Should there be any restrictions on the default role?

@sekmiller
Copy link
Contributor

@mheppler, for testing I created a custom role by hand, but it looks like Pete has a handy api.

@pameyer
Copy link
Contributor Author

pameyer commented Nov 16, 2018

@sekmiller Other than permissions on the API endpoint, I don't think we need any other guardrails (although I don't know if @scolapasta or others have a different opinion).

@sekmiller
Copy link
Contributor

There are permissions (ManageDataversePermissions) on the UpdateDataverseDefaultContributorRoleCommand.

@pameyer
Copy link
Contributor Author

pameyer commented Nov 16, 2018

That sounds reasonable to me - thanks!

sekmiller added a commit that referenced this issue Nov 16, 2018
@sekmiller
#5307 remove debug code
1e570cd
sekmiller added a commit that referenced this issue Nov 16, 2018
@sekmiller
#5307 Add check for dataset permissions on default role
41474d9
sekmiller added a commit that referenced this issue Nov 16, 2018
@sekmiller
#5307 display custom role as option if already selected
7306ea6
@mheppler
Copy link
Contributor

UI looks good, @sekmiller. New role name and description are displayed, as they were entered into the db using Pete's json and curl command above. (Had a few hiccups along the way related to the roles permssions, but once I was sorted out, it displayed in the properly.)

screen shot 2018-11-16 at 4 32 43 pm

@mheppler mheppler removed their assignment Nov 16, 2018
@sekmiller
Copy link
Contributor

@pameyer after talking with Gustavo he said it would make sense to limit the roles to those with permissions on datasets, so I implemented that. That logic, though doesn't allow the new api to change the default contributors role to the example you mentioned above, because AddDataset is a dataverse role not a dataset role. Could you use something like "viewUnpublished"?

@sekmiller sekmiller changed the title as a Dataverse administrator, I'd like to be able to configure the default roles assigned to a user creating a dataset by API as a Dataverse administrator, I'd like to be able to use the API to configure the default role assigned to a user creating a dataset Nov 26, 2018
sekmiller added a commit that referenced this issue Nov 26, 2018
@sekmiller
#5307 missed one hard-coded "none"
abe8cda
@kcondon kcondon self-assigned this Nov 30, 2018
@kcondon
Copy link
Contributor

kcondon commented Dec 4, 2018

Exception thrown when create a dataset with inherited role none:

Local Exception Stack:
Exception [EclipseLink-4002] (Eclipse Persistence Services - 2.5.2.v20140319-9ad6abd): org.eclipse.persistence.exceptions.DatabaseException
Internal Exception: org.postgresql.util.PSQLException: ERROR: null value in column "role_id" violates not-null constraint
Detail: Failing row contains (347, @dataverseAdmin, null, 6492, null).
Error Code: 0
Call: INSERT INTO ROLEASSIGNMENT (ASSIGNEEIDENTIFIER, PRIVATEURLTOKEN, DEFINITIONPOINT_ID, ROLE_ID) VALUES (?, ?, ?, ?)
bind => [4 parameters bound]
Query: InsertObjectQuery(RoleAssignment{id=null, assignee=@dataverseAdmin, role=null, definitionPoint=[Dataset id:6492 ]})
at org.eclipse.persistence.exceptions.DatabaseException.sqlException(DatabaseException.java:340)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.processExceptionForCommError(DatabaseAccessor.java:1611)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:898)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeNoSelect(DatabaseAccessor.java:962)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.basicExecuteCall(DatabaseAccessor.java:631)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeCall(DatabaseAccessor.java:558)
at org.eclipse.persistence.internal.sessions.AbstractSession.basicExecuteCall(AbstractSession.java:2002)
at org.eclipse.persistence.sessions.server.ClientSession.executeCall(ClientSession.java:298)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:242)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.executeCall(DatasourceCallQueryMechanism.java:228)
at org.eclipse.persistence.internal.queries.DatasourceCallQueryMechanism.insertObject(DatasourceCallQueryMechanism.java:377)
at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:165)
at org.eclipse.persistence.internal.queries.StatementQueryMechanism.insertObject(StatementQueryMechanism.java:180)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.insertObjectForWrite(DatabaseQueryMechanism.java:489)
at org.eclipse.persistence.queries.InsertObjectQuery.executeCommit(InsertObjectQuery.java:80)
at org.eclipse.persistence.queries.InsertObjectQuery.executeCommitWithChangeSet(InsertObjectQuery.java:90)
at org.eclipse.persistence.internal.queries.DatabaseQueryMechanism.executeWriteWithChangeSet(DatabaseQueryMechanism.java:301)
at org.eclipse.persistence.queries.WriteObjectQuery.executeDatabaseQuery(WriteObjectQuery.java:58)
at org.eclipse.persistence.queries.DatabaseQuery.execute(DatabaseQuery.java:899)
at org.eclipse.persistence.queries.DatabaseQuery.executeInUnitOfWork(DatabaseQuery.java:798)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWorkObjectLevelModifyQuery(ObjectLevelModifyQuery.java:108)
at org.eclipse.persistence.queries.ObjectLevelModifyQuery.executeInUnitOfWork(ObjectLevelModifyQuery.java:85)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.internalExecuteQuery(UnitOfWorkImpl.java:2896)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1804)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1786)
at org.eclipse.persistence.internal.sessions.AbstractSession.executeQuery(AbstractSession.java:1737)
at org.eclipse.persistence.internal.sessions.CommitManager.commitNewObjectsForClassWithChangeSet(CommitManager.java:226)
at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsForClassWithChangeSet(CommitManager.java:193)
at org.eclipse.persistence.internal.sessions.CommitManager.commitAllObjectsWithChangeSet(CommitManager.java:138)
at org.eclipse.persistence.internal.sessions.AbstractSession.writeAllObjectsWithChangeSet(AbstractSession.java:4207)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabase(UnitOfWorkImpl.java:1441)
at org.eclipse.persistence.internal.sessions.UnitOfWorkImpl.commitToDatabaseWithPreBuiltChangeSet(UnitOfWorkImpl.java:1587)
at org.eclipse.persistence.internal.sessions.RepeatableWriteUnitOfWork.writeChanges(RepeatableWriteUnitOfWork.java:452)
at org.eclipse.persistence.internal.jpa.EntityManagerImpl.flush(EntityManagerImpl.java:863)
at com.sun.enterprise.container.common.impl.EntityManagerWrapper.flush(EntityManagerWrapper.java:437)
at edu.harvard.iq.dataverse.engine.command.impl.AbstractCreateDatasetCommand.execute(AbstractCreateDatasetCommand.java:129)
at edu.harvard.iq.dataverse.engine.command.impl.AbstractCreateDatasetCommand.execute(AbstractCreateDatasetCommand.java:26)
at edu.harvard.iq.dataverse.EjbDataverseEngine.submit(EjbDataverseEngine.java:228)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1081)
at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1153)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4786)
at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:656)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64)
at org.jboss.weld.ejb.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:52)
at sun.reflect.GeneratedMethodAccessor115.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:608)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doCall(SystemInterceptorProxy.java:163)
at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundInvoke(SystemInterceptorProxy.java:140)
at sun.reflect.GeneratedMethodAccessor119.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:883)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:822)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:369)
at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:4758)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4746)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:212)
at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:88)
at com.sun.proxy.$Proxy296.submit(Unknown Source)
at edu.harvard.iq.dataverse.EJB31_Generated__EjbDataverseEngine__Intf____Bean.submit(Unknown Source)
at edu.harvard.iq.dataverse.DatasetPage.save(DatasetPage.java:2594)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at com.sun.el.parser.AstValue.invoke(AstValue.java:289)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:304)
at org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
at org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
at com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:105)
at javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:87)
at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
at javax.faces.component.UICommand.broadcast(UICommand.java:315)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:790)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1282)
at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:81)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:198)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:646)
at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1682)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:344)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.glassfish.tyrus.servlet.TyrusServletFilter.doFilter(TyrusServletFilter.java:295)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.ocpsoft.rewrite.servlet.RewriteFilter.doFilter(RewriteFilter.java:226)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:316)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:160)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:734)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:673)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:99)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:174)
at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:415)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:282)
at com.sun.enterprise.v3.services.impl.ContainerMapper$HttpHandlerCallable.call(ContainerMapper.java:459)
at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:167)
at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:201)
at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:175)
at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:235)
at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:284)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:201)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:133)
at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:112)
at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:561)
at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:117)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:56)
at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:137)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:565)
at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:545)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "role_id" violates not-null constraint
Detail: Failing row contains (347, @dataverseAdmin, null, 6492, null).
at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2101)
at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1834)
at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:255)
at org.postgresql.jdbc2.AbstractJdbc2Statement.execute(AbstractJdbc2Statement.java:510)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeWithFlags(AbstractJdbc2Statement.java:386)
at org.postgresql.jdbc2.AbstractJdbc2Statement.executeUpdate(AbstractJdbc2Statement.java:332)
at sun.reflect.GeneratedMethodAccessor162.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.postgresql.ds.jdbc23.AbstractJdbc23PooledConnection$StatementHandler.invoke(AbstractJdbc23PooledConnection.java:453)
at com.sun.proxy.$Proxy340.executeUpdate(Unknown Source)
at com.sun.gjc.spi.base.PreparedStatementWrapper.executeUpdate(PreparedStatementWrapper.java:125)
at org.eclipse.persistence.internal.databaseaccess.DatabaseAccessor.executeDirectNoSelect(DatabaseAccessor.java:890)
... 122 more
]]

@kcondon kcondon assigned sekmiller and unassigned kcondon Dec 4, 2018
@pdurbin
Copy link
Member

pdurbin commented Dec 5, 2018

Caused by: org.postgresql.util.PSQLException: ERROR: null value in column "role_id" violates not-null constraint

@kcondon the error above make me wonder if you ran the following SQL statement from the pull request:

ALTER TABLE dataverse ALTER COLUMN defaultcontributorrole_id DROP NOT NULL;

If so, my bad.

@sekmiller
Copy link
Contributor

Yes. That needs to be run:

ALTER TABLE dataverse ALTER COLUMN defaultcontributorrole_id DROP NOT NULL;

I didn't note it in the pull request originally. (I'm so used to changing deployment requirements to NONE.)

@sekmiller sekmiller removed their assignment Dec 5, 2018
@sekmiller sekmiller self-assigned this Dec 5, 2018
@kcondon
Copy link
Contributor

kcondon commented Dec 5, 2018

@pdurbin @sekmiller As discussed, I had run that sql statement but the stack trace indicates a different table so another statement is needed.

@scolapasta
Copy link
Contributor

I don't think a script is needed; it sounds like it is automatically still trying to create the default role when it is set to null, so just throwing an if around that should work.

sekmiller added a commit that referenced this issue Dec 5, 2018
@sekmiller
#5307 only add default role if it is not null
dcd83c5
@sekmiller sekmiller removed their assignment Dec 5, 2018
@kcondon kcondon self-assigned this Dec 5, 2018
@kcondon kcondon closed this as completed Dec 5, 2018
@kcondon kcondon removed the Status: QA label Dec 5, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kcondon kcondon

Labels
None yet
Projects
None yet
Milestone
4.10 - Additional Data Transfer Options
Development

No branches or pull requests
8 participants
@pdurbin @mheppler @sekmiller @scolapasta @kcondon @djbrooke @pameyer @TaniaSchlatter