Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RestrictFileCommand: Restricting a file while creating a dataset fails #4053

Closed
ferrys opened this issue Aug 9, 2017 · 5 comments
Closed
Assignees

Comments

@ferrys
Copy link
Contributor

ferrys commented Aug 9, 2017

In the develop branch, restricting a data file during the creation of a dataset fails when using any user who is not a superuser. It fails because of a permissions check on RestrictFileCommand which requires that a user have EditDataset permission.

Getting this error:
[2017-08-09T12:11:11.444-0400] [glassfish 4.1] [SEVERE] [] [javax.enterprise.resource.webcontainer.jsf.context] [tid: _ThreadID=28 _ThreadName=http-listener-1(2)] [timeMillis: 1502295071444] [levelValue: 1000] [[ edu.harvard.iq.dataverse.engine.command.exception.PermissionException: Can't execute command edu.harvard.iq.dataverse.engine.command.impl.RestrictFileCommand@4839d254, because request [DataverseRequest user:[AuthenticatedUser identifier:@testy]@0:0:0:0:0:0:0:1] is missing permissions [EditDataset] on Object restrict test

From some early investigation, it looks like a user is not given EditDataset permission until the dataset has been created as a draft.

EDIT: Also, this functionality does work as the superuser, which is likely because they have EditDataset permissions on all created datasets.

@pdurbin
Copy link
Member

pdurbin commented Aug 9, 2017

As of this writing, the develop branch is on commit 7e9a09d. This bug should be exercisable with a REST Assured test: http://guides.dataverse.org/en/4.7.1/developers/testing.html#integration-tests

@matthew-a-dunlap matthew-a-dunlap self-assigned this Aug 10, 2017
@djbrooke djbrooke added this to the 4.8 - Large Data Upload Integration milestone Aug 10, 2017
@matthew-a-dunlap
Copy link
Contributor

matthew-a-dunlap commented Aug 10, 2017

I can confirm that the problem is as noted by @ferrys . I am unsure of the correct solution though. I don't think switching the permissions for RestrictFileCommand will solve it (they are currently requiring EditDataset). If we switched it to CreateDataset for example, then curators would no longer be able to restrict file access.

Maybe there is a way to be more flexible with the permissions (require CreateDataset if the dataset is not yet created), maybe adding an exception to the EjbDataverseEngine for this case, or something else entirely?

Things to discuss with @michbarsinai or someone else tomorrow.

@michbarsinai
Copy link
Member

michbarsinai commented Aug 10, 2017 via email

@matthew-a-dunlap
Copy link
Contributor

pull request #4069 has been created. As per @pdurbin 's recommendations, the restassured tests need to be run to confirm that nothing else has been broken, but seeing as I do not have those set-up yet and this is a high priority, I wanted to get this up if someone else can get through these steps quicker.

@pdurbin
Copy link
Member

pdurbin commented Aug 14, 2017

pull request #4069 has been created. As per @pdurbin 's recommendations, the restassured tests need to be run to confirm that nothing else has been broken

Since only a JSF page was changed in the pull request above (EditDatafilesPage.java), the REST Assured tests do not apply since they only test API endpoints. I approved the pull request and moved it to QA.

@kcondon kcondon self-assigned this Aug 14, 2017
@kcondon kcondon closed this as completed Aug 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants