-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RestrictFileCommand: Restricting a file while creating a dataset fails #4053
Comments
As of this writing, the develop branch is on commit 7e9a09d. This bug should be exercisable with a REST Assured test: http://guides.dataverse.org/en/4.7.1/developers/testing.html#integration-tests |
I can confirm that the problem is as noted by @ferrys . I am unsure of the correct solution though. I don't think switching the permissions for RestrictFileCommand will solve it (they are currently requiring EditDataset). If we switched it to CreateDataset for example, then curators would no longer be able to restrict file access. Maybe there is a way to be more flexible with the permissions (require CreateDataset if the dataset is not yet created), maybe adding an exception to the EjbDataverseEngine for this case, or something else entirely? Things to discuss with @michbarsinai or someone else tomorrow. |
You can set the permissions dynamically by overriding a method. Let's talk tomorrow.
…Sent from my iPhone
On 10 Aug 2017, at 18:35, matthew-a-dunlap ***@***.***> wrote:
I can confirm that the problem is as noted by @ferrys . I am unsure of the correct solution though. I don't think switching the permissions for RestrictFileCommand will solve it (they are currently requiring EditDataset). If we switched it to CreateDataset for example, then curators would no longer be able to set permissions.
Maybe there is a way to be more flexible with the permissions (require CreateDataset if the dataset is not yet created), maybe adding an exception to the EjbDataverseEngine for this case, or something else entirely?
Things to discuss with @michbarsinai or someone else tomorrow.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
pull request #4069 has been created. As per @pdurbin 's recommendations, the restassured tests need to be run to confirm that nothing else has been broken, but seeing as I do not have those set-up yet and this is a high priority, I wanted to get this up if someone else can get through these steps quicker. |
Since only a JSF page was changed in the pull request above (EditDatafilesPage.java), the REST Assured tests do not apply since they only test API endpoints. I approved the pull request and moved it to QA. |
In the
develop
branch, restricting a data file during the creation of a dataset fails when using any user who is not a superuser. It fails because of a permissions check on RestrictFileCommand which requires that a user haveEditDataset
permission.Getting this error:
[2017-08-09T12:11:11.444-0400] [glassfish 4.1] [SEVERE] [] [javax.enterprise.resource.webcontainer.jsf.context] [tid: _ThreadID=28 _ThreadName=http-listener-1(2)] [timeMillis: 1502295071444] [levelValue: 1000] [[ edu.harvard.iq.dataverse.engine.command.exception.PermissionException: Can't execute command edu.harvard.iq.dataverse.engine.command.impl.RestrictFileCommand@4839d254, because request [DataverseRequest user:[AuthenticatedUser identifier:@testy]@0:0:0:0:0:0:0:1] is missing permissions [EditDataset] on Object restrict test
From some early investigation, it looks like a user is not given
EditDataset
permission until the dataset has been created as a draft.EDIT: Also, this functionality does work as the superuser, which is likely because they have
EditDataset
permissions on all created datasets.The text was updated successfully, but these errors were encountered: