From 9478caa13eda109cf353abdc6394e19d3036ffe5 Mon Sep 17 00:00:00 2001 From: Stephen Kraffmiller Date: Thu, 6 Feb 2020 14:32:16 -0500 Subject: [PATCH] #6524 fix required permissions add tests --- .../command/impl/GetDatasetStorageSizeCommand.java | 2 +- .../java/edu/harvard/iq/dataverse/api/FilesIT.java | 14 +++++++++++++- .../java/edu/harvard/iq/dataverse/api/UtilIT.java | 6 ++++++ 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageSizeCommand.java b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageSizeCommand.java index 271c9f214fb..f1f27fdcee2 100644 --- a/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageSizeCommand.java +++ b/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetDatasetStorageSizeCommand.java @@ -77,7 +77,7 @@ public Long execute(CommandContext ctxt) throws CommandException { public Map> getRequiredPermissions() { // for data file check permission on owning dataset return Collections.singletonMap("", - mode != null && mode.equals("storage") ? Collections.singleton(Permission.ViewUnpublishedDataset) + mode != null && mode.equals(Mode.STORAGE) ? Collections.singleton(Permission.ViewUnpublishedDataset) : version !=null && version.isDraft() ? Collections.singleton(Permission.ViewUnpublishedDataset) : Collections.emptySet()); } diff --git a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java index 5a1e3b3fcdd..fbd030ab109 100644 --- a/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java +++ b/src/test/java/edu/harvard/iq/dataverse/api/FilesIT.java @@ -26,6 +26,7 @@ import static javax.ws.rs.core.Response.Status.NOT_FOUND; import static javax.ws.rs.core.Response.Status.NO_CONTENT; import static javax.ws.rs.core.Response.Status.OK; +import static javax.ws.rs.core.Response.Status.UNAUTHORIZED; import static junit.framework.Assert.assertEquals; import org.hamcrest.CoreMatchers; import static org.hamcrest.CoreMatchers.equalTo; @@ -1325,7 +1326,11 @@ public void testDataSizeInDataverse() throws InterruptedException { Response publishDataversetResp = UtilIT.publishDataverseViaSword(dataverseAlias, apiToken); publishDataversetResp.then().assertThat() .statusCode(OK.getStatusCode()); + String apiTokenRando = createUserGetToken(); + Response datasetStorageSizeResponseDraft = UtilIT.findDatasetDownloadSize(datasetId.toString(), ":draft", apiTokenRando); + datasetStorageSizeResponseDraft.prettyPrint(); + assertEquals(UNAUTHORIZED.getStatusCode(), datasetStorageSizeResponseDraft.getStatusCode()); Response publishDatasetResp = UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken); //msg(publishDatasetResp.body().asString()); publishDatasetResp.then().assertThat() @@ -1345,9 +1350,16 @@ public void testDataSizeInDataverse() throws InterruptedException { magicControlString = MessageFormat.format(BundleUtil.getStringFromBundle("datasets.api.datasize.storage"), magicSizeNumber); - Response datasetStorageSizeResponse = UtilIT.findDatasetStorageSize(datasetId.toString(), apiToken); + //no perms + + Response datasetStorageSizeResponse = UtilIT.findDatasetStorageSize(datasetId.toString(), apiTokenRando); datasetStorageSizeResponse.prettyPrint(); + assertEquals(UNAUTHORIZED.getStatusCode(), datasetStorageSizeResponse.getStatusCode()); + //has perms + datasetStorageSizeResponse = UtilIT.findDatasetStorageSize(datasetId.toString(), apiToken); + datasetStorageSizeResponse.prettyPrint(); + assertEquals(magicControlString, JsonPath.from(datasetStorageSizeResponse.body().asString()).getString("data.message")); magicControlString = MessageFormat.format(BundleUtil.getStringFromBundle("datasets.api.datasize.download"), magicSizeNumber); diff --git a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java index 73612ed0169..a744bcd0ba5 100644 --- a/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java +++ b/src/test/java/edu/harvard/iq/dataverse/api/UtilIT.java @@ -2315,4 +2315,10 @@ static Response findDatasetDownloadSize(String datasetId) { .get("/api/datasets/" + datasetId + "/versions/:latest/downloadsize"); } + static Response findDatasetDownloadSize(String datasetId, String version, String apiToken) { + return given() + .header(API_TOKEN_HTTP_HEADER, apiToken) + .get("/api/datasets/" + datasetId + "/versions/" + version + "/downloadsize"); + } + }