5583 toggle email dataverse export

doc/sphinx-guides/source/installation/config.rst

@@ -1127,7 +1127,7 @@ API users can retrieve this URL from the SWORD Service Document or the "info" se
 :ExcludeEmailFromExport
 +++++++++++++++++++++++
 
-Set ``:ExcludeEmailFromExport`` to prevent email addresses for dataset contacts from being exposed in XML or JSON representations of dataset metadata. For a list exported formats such as DDI, see the :doc:`/admin/metadataexport` section of the Admin Guide.
+Set ``:ExcludeEmailFromExport`` to prevent email addresses for contacts from being exposed in XML or JSON representations of dataset and dataverse metadata. For a list exported formats such as DDI, see the :doc:`/admin/metadataexport` section of the Admin Guide.
 
 ``curl -X PUT -d true http://localhost:8080/api/admin/settings/:ExcludeEmailFromExport``
 

src/main/java/edu/harvard/iq/dataverse/api/Dataverses.java

@@ -118,6 +118,9 @@ public class Dataverses extends AbstractApiBean {
 
     @EJB
     ImportServiceBean importService;
+
+    @EJB
+    SettingsServiceBean settingsService;
 
     @POST
     public Response addRoot(String body) {
@@ -390,8 +393,10 @@ private Dataset parseDataset(String datasetJson) throws WrappedResponse {
     @GET
     @Path("{identifier}")
     public Response viewDataverse(@PathParam("identifier") String idtf) {
-        return allowCors(response(req -> ok(json(execCommand(
-                new GetDataverseCommand(req, findDataverseOrDie(idtf)))))));
+        return allowCors(response(req -> ok(
+            json(execCommand(new GetDataverseCommand(req, findDataverseOrDie(idtf))),
+                settingsService.isTrueForKey(SettingsServiceBean.Key.ExcludeEmailFromExport, false)
+            ))));
     }
 
     @DELETE

src/main/java/edu/harvard/iq/dataverse/util/json/JsonPrinter.java

@@ -96,22 +96,23 @@ public static JsonObjectBuilder json(User u) {
     }
 
     public static JsonObjectBuilder json(AuthenticatedUser authenticatedUser) {
-        return jsonObjectBuilder()
-                .add("id", authenticatedUser.getId())
-                .add("identifier", authenticatedUser.getIdentifier())
-                .add("displayName", authenticatedUser.getDisplayInfo().getTitle())
-                .add("firstName", authenticatedUser.getFirstName())
-                .add("lastName", authenticatedUser.getLastName())
-                .add("email", authenticatedUser.getEmail())
-                .add("superuser", authenticatedUser.isSuperuser())
-                .add("affiliation", authenticatedUser.getAffiliation())
-                .add("position", authenticatedUser.getPosition())
-                .add("persistentUserId", authenticatedUser.getAuthenticatedUserLookup().getPersistentUserId())
-                .add("emailLastConfirmed", authenticatedUser.getEmailConfirmed())
-                .add("createdTime", authenticatedUser.getCreatedTime())
-                .add("lastLoginTime", authenticatedUser.getLastLoginTime())
-                .add("lastApiUseTime", authenticatedUser.getLastApiUseTime())
-                .add("authenticationProviderId", authenticatedUser.getAuthenticatedUserLookup().getAuthenticationProviderId());
+        NullSafeJsonBuilder builder = jsonObjectBuilder()
+            .add("id", authenticatedUser.getId())
+            .add("identifier", authenticatedUser.getIdentifier())
+            .add("displayName", authenticatedUser.getDisplayInfo().getTitle())
+            .add("firstName", authenticatedUser.getFirstName())
+            .add("lastName", authenticatedUser.getLastName())
+            .add("email", authenticatedUser.getEmail())
+            .add("superuser", authenticatedUser.isSuperuser())
+            .add("affiliation", authenticatedUser.getAffiliation())
+            .add("position", authenticatedUser.getPosition())
+            .add("persistentUserId", authenticatedUser.getAuthenticatedUserLookup().getPersistentUserId())
+            .add("emailLastConfirmed", authenticatedUser.getEmailConfirmed())
+            .add("createdTime", authenticatedUser.getCreatedTime())
+            .add("lastLoginTime", authenticatedUser.getLastLoginTime())
+            .add("lastApiUseTime", authenticatedUser.getLastApiUseTime())
+            .add("authenticationProviderId", authenticatedUser.getAuthenticatedUserLookup().getAuthenticationProviderId());
+        return builder;
     }
 
     public static JsonObjectBuilder json(RoleAssignment ra) {
@@ -228,15 +229,24 @@ public static JsonObjectBuilder json(Workflow wf){
 
         return bld;
     }
-
+
+    //MAD: Maybe delete this entirely so folks have to make the decision about public/private
     public static JsonObjectBuilder json(Dataverse dv) {
+        return json(dv, false);
+    }
+
+    //TODO: Once we upgrade to Java EE 8 we can remove objects from the builder, and this email removal can be done in a better place.
+    public static JsonObjectBuilder json(Dataverse dv, Boolean hideEmail) {
         JsonObjectBuilder bld = jsonObjectBuilder()
                 .add("id", dv.getId())
                 .add("alias", dv.getAlias())
                 .add("name", dv.getName())
-                .add("affiliation", dv.getAffiliation())
-                .add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()))
-                .add("permissionRoot", dv.isPermissionRoot())
+                .add("affiliation", dv.getAffiliation());
+        if(!hideEmail) { 
+            bld.add("dataverseContacts", JsonPrinter.json(dv.getDataverseContacts()));
+        }
+
+        bld.add("permissionRoot", dv.isPermissionRoot())
                 .add("description", dv.getDescription())
                 .add("dataverseType", dv.getDataverseType().name());
         if (dv.getOwner() != null) {
@@ -245,9 +255,6 @@ public static JsonObjectBuilder json(Dataverse dv) {
         if (dv.getCreateDate() != null) {
             bld.add("creationDate", Util.getDateTimeFormat().format(dv.getCreateDate()));
         }
-        if (dv.getCreator() != null) {
-            bld.add("creator", JsonPrinter.json(dv.getCreator()));
-        }
         if (dv.getDataverseTheme() != null) {
             bld.add("theme", JsonPrinter.json(dv.getDataverseTheme()));
         }
@@ -256,11 +263,12 @@ public static JsonObjectBuilder json(Dataverse dv) {
     }
 
     public static JsonArrayBuilder json(List<DataverseContact> dataverseContacts) {
-        return dataverseContacts.stream()
-                .map( dc -> jsonObjectBuilder()
-                        .add("displayOrder", dc.getDisplayOrder())
-                        .add("contactEmail", dc.getContactEmail())
-                ).collect( toJsonArray() );
+        JsonArrayBuilder bld = Json.createArrayBuilder();
+        for(DataverseContact dc : dataverseContacts) {
+            bld.add(dc.getContactEmail()); 
+        }
+
+        return bld;
     }
 
     public static JsonObjectBuilder json( DataverseTheme theme ) {

src/test/java/edu/harvard/iq/dataverse/api/DataversesIT.java

@@ -2,23 +2,29 @@
 
 import com.jayway.restassured.RestAssured;
 import static com.jayway.restassured.RestAssured.given;
+import static com.jayway.restassured.path.json.JsonPath.with;
 import com.jayway.restassured.response.Response;
 import edu.harvard.iq.dataverse.Dataverse;
+import edu.harvard.iq.dataverse.settings.SettingsServiceBean;
 import edu.harvard.iq.dataverse.util.BundleUtil;
 import java.io.FileNotFoundException;
 import java.io.FileReader;
 import java.util.Arrays;
+import java.util.List;
 import java.util.logging.Logger;
 import javax.json.Json;
 import javax.json.JsonObject;
 import static javax.ws.rs.core.Response.Status.CREATED;
 import static javax.ws.rs.core.Response.Status.INTERNAL_SERVER_ERROR;
-import static javax.ws.rs.core.Response.Status.OK;
 import javax.ws.rs.core.Response.Status;
+import static javax.ws.rs.core.Response.Status.OK;
+import static junit.framework.Assert.assertEquals;
 import org.junit.BeforeClass;
 import org.junit.Test;
-import static junit.framework.Assert.assertEquals;
 import static org.hamcrest.CoreMatchers.equalTo;
+import org.junit.AfterClass;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
 
 public class DataversesIT {
@@ -29,6 +35,11 @@ public class DataversesIT {
     public static void setUpClass() {
         RestAssured.baseURI = UtilIT.getRestAssuredBaseUri();
     }
+
+    @AfterClass
+    public static void afterClass() {
+        Response removeExcludeEmail = UtilIT.deleteSetting(SettingsServiceBean.Key.ExcludeEmailFromExport);
+    }
 
     @Test
     public void testAttemptToCreateDuplicateAlias() throws Exception {
@@ -140,6 +151,54 @@ public void testNotEnoughJson() {
                 .statusCode(INTERNAL_SERVER_ERROR.getStatusCode());
     }
 
+    //Ensure that email is not returned when the ExcludeEmailFromExport setting is set
+    @Test 
+    public void testReturnEmail() throws FileNotFoundException {        
+
+        Response setToExcludeEmailFromExport = UtilIT.setSetting(SettingsServiceBean.Key.ExcludeEmailFromExport, "true");
+        setToExcludeEmailFromExport.then().assertThat()
+            .statusCode(OK.getStatusCode());
+
+        Response createUser = UtilIT.createRandomUser();
+        createUser.prettyPrint();
+        String username = UtilIT.getUsernameFromResponse(createUser);
+        String apiToken = UtilIT.getApiTokenFromResponse(createUser);
+
+        Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken);
+        createDataverseResponse.prettyPrint();
+        createDataverseResponse.then().assertThat().statusCode(CREATED.getStatusCode());
+        String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse);
+
+        Response exportDataverseAsJson = UtilIT.exportDataverse(dataverseAlias, apiToken);
+        exportDataverseAsJson.prettyPrint();
+        exportDataverseAsJson.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        RestAssured.unregisterParser("text/plain");
+
+        List dataverseEmailNotAllowed = with(exportDataverseAsJson.body().asString())
+                .getJsonObject("data.dataverseContacts");
+        assertNull(dataverseEmailNotAllowed);
+
+        Response removeExcludeEmail = UtilIT.deleteSetting(SettingsServiceBean.Key.ExcludeEmailFromExport);
+        removeExcludeEmail.then().assertThat()
+                .statusCode(200);
+
+        Response exportDataverseAsJson2 = UtilIT.exportDataverse(dataverseAlias, apiToken);
+        exportDataverseAsJson2.prettyPrint();
+        exportDataverseAsJson2.then().assertThat()
+                .statusCode(OK.getStatusCode());
+        RestAssured.unregisterParser("text/plain");
+        List dataverseEmailAllowed = with(exportDataverseAsJson2.body().asString())
+                .getJsonObject("data.dataverseContacts");
+        assertNotNull(dataverseEmailAllowed);
+
+        Response deleteDataverse2 = UtilIT.deleteDataverse(dataverseAlias, apiToken);
+        deleteDataverse2.prettyPrint();
+        deleteDataverse2.then().assertThat().statusCode(OK.getStatusCode());        
+        Response deleteUserResponse = UtilIT.deleteUser(username);
+        deleteUserResponse.prettyPrint();
+        assertEquals(200, deleteUserResponse.getStatusCode());
+    }
 
     /**
      * Test the Dataverse page error message and link 

src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java

@@ -1380,6 +1380,12 @@ static Response exportDataset(String datasetPersistentId, String exporter, Strin
                 .get("/api/datasets/export" + "?persistentId=" + datasetPersistentId + "&exporter=" + exporter);
     }
 
+    static Response exportDataverse(String identifier, String apiToken) {
+        return given()
+                .header(API_TOKEN_HTTP_HEADER, apiToken)
+                .get("/api/dataverses/" + identifier );
+    }
+
     static Response search(String query, String apiToken, String parameterString) {
         RequestSpecification requestSpecification = given();
         if (apiToken != null) {