#22693

Committed 03 Jul 2024 01:09PM CUT coverage: 20.626% (-0.09%) from 20.716%

Build # #22693

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #10664 from IQSS/develop

merge develop into master for 6.3

Run Details

195 of 1852 new or added lines in 82 files covered. (10.53%)

72 existing lines in 33 files now uncovered.

17335 of 84043 relevant lines covered (20.63%)

0.21 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

78.13

/src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java

/*
 *  (C) Michael Bar-Sinai
 */
package edu.harvard.iq.dataverse.engine.command.impl;

import edu.harvard.iq.dataverse.Dataset;
import edu.harvard.iq.dataverse.Dataverse;
import edu.harvard.iq.dataverse.authorization.DataverseRole;
import edu.harvard.iq.dataverse.DvObject;
import edu.harvard.iq.dataverse.RoleAssignment;
import edu.harvard.iq.dataverse.authorization.Permission;
import edu.harvard.iq.dataverse.authorization.RoleAssignee;
import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
import edu.harvard.iq.dataverse.engine.command.CommandContext;
import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
import edu.harvard.iq.dataverse.util.BundleUtil;

import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/**
 * Assign a in a dataverse to a user.
 *
 * @author michael
 */
// no annotations here, since permissions are dynamically decided
public class AssignRoleCommand extends AbstractCommand<RoleAssignment> {

    private final DataverseRole role;
    private final RoleAssignee grantee;
    //Kept for convenience -could get this as the only DVObject AbstractCommand<>.getAffectedDvObjects() instead of having a local defPoint
    private final DvObject defPoint;
    private final String privateUrlToken;
    private boolean anonymizedAccess;

    /**
     * @param anAssignee The user being granted the role
     * @param aRole the role being granted to the user
     * @param assignmentPoint the dataverse on which the role is granted.
     * @param aRequest
     * @param privateUrlToken An optional token used by the Private Url feature.
     */
    public AssignRoleCommand(RoleAssignee anAssignee, DataverseRole aRole, DvObject assignmentPoint, DataverseRequest aRequest, String privateUrlToken) {
        // for data file check permission on owning dataset
        super(aRequest, assignmentPoint);
        role = aRole;
        grantee = anAssignee;
        defPoint = assignmentPoint;
        this.privateUrlToken = privateUrlToken;
        this.anonymizedAccess=false;
    }

    public AssignRoleCommand(PrivateUrlUser privateUrlUser, DataverseRole memberRole, Dataset dataset, DataverseRequest request, String privateUrlToken, boolean anonymizedAccess) {
        this(privateUrlUser, memberRole, dataset, request, privateUrlToken);
        this.anonymizedAccess= anonymizedAccess;
    }

    @Override
    public RoleAssignment execute(CommandContext ctxt) throws CommandException {
        if (grantee instanceof AuthenticatedUser) {
            AuthenticatedUser user = (AuthenticatedUser) grantee;
            if (user.isDeactivated()) {
                throw new IllegalCommandException("User " + user.getUserIdentifier() + " is deactivated and cannot be given a role.", this);
            }
        }
        if(isExistingRole(ctxt)){
            throw new IllegalCommandException(BundleUtil.getStringFromBundle("datasets.api.grant.role.assignee.has.role.error"), this);
        }
        // TODO make sure the role is defined on the dataverse.
        RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);
        return ctxt.roles().save(roleAssignment);
    }

    private boolean isExistingRole(CommandContext ctxt) {
        return ctxt.roles()
                .directRoleAssignments(grantee, defPoint)
                .stream()
                .map(RoleAssignment::getRole)
                .anyMatch(it -> it.equals(role));
    }

    @Override
    public Map<String, Set<Permission>> getRequiredPermissions() {
        // for data file check permission on owning dataset
        Set<Permission> requiredPermissions = new HashSet<Permission>();

        if (defPoint instanceof Dataverse) {
            requiredPermissions.add(Permission.ManageDataversePermissions);
        } else if (defPoint instanceof Dataset) {
            requiredPermissions.add(Permission.ManageDatasetPermissions);
        } else {
            requiredPermissions.add(Permission.ManageFilePermissions);
        }

        requiredPermissions.addAll(role.permissions());

        return Collections.singletonMap("", requiredPermissions);
    }

    @Override
    public String describe() {
        return grantee + " has been given " + role + " on " + defPoint.accept(DvObject.NameIdPrinter);
    }

}

1	/*
2	* (C) Michael Bar-Sinai
3	*/
4	package edu.harvard.iq.dataverse.engine.command.impl;
5
6	import edu.harvard.iq.dataverse.Dataset;
7	import edu.harvard.iq.dataverse.Dataverse;
8	import edu.harvard.iq.dataverse.authorization.DataverseRole;
9	import edu.harvard.iq.dataverse.DvObject;
10	import edu.harvard.iq.dataverse.RoleAssignment;
11	import edu.harvard.iq.dataverse.authorization.Permission;
12	import edu.harvard.iq.dataverse.authorization.RoleAssignee;
13	import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
14	import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
15	import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
16	import edu.harvard.iq.dataverse.engine.command.CommandContext;
17	import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
18	import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
19	import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
20	import edu.harvard.iq.dataverse.util.BundleUtil;
21
22	import java.util.Collections;
23	import java.util.HashSet;
24	import java.util.Map;
25	import java.util.Set;
26
27	/**
28	* Assign a in a dataverse to a user.
29	*
30	* @author michael
31	*/
32	// no annotations here, since permissions are dynamically decided
33	public class AssignRoleCommand extends AbstractCommand<RoleAssignment> {
34
35	private final DataverseRole role;
36	private final RoleAssignee grantee;
37	//Kept for convenience -could get this as the only DVObject AbstractCommand<>.getAffectedDvObjects() instead of having a local defPoint
38	private final DvObject defPoint;
39	private final String privateUrlToken;
40	private boolean anonymizedAccess;
41
42	/**
43	* @param anAssignee The user being granted the role
44	* @param aRole the role being granted to the user
45	* @param assignmentPoint the dataverse on which the role is granted.
46	* @param aRequest
47	* @param privateUrlToken An optional token used by the Private Url feature.
48	*/
49	public AssignRoleCommand(RoleAssignee anAssignee, DataverseRole aRole, DvObject assignmentPoint, DataverseRequest aRequest, String privateUrlToken) {
50	// for data file check permission on owning dataset
51	super(aRequest, assignmentPoint);	1✔
52	role = aRole;	1✔
53	grantee = anAssignee;	1✔
54	defPoint = assignmentPoint;	1✔
55	this.privateUrlToken = privateUrlToken;	1✔
56	this.anonymizedAccess=false;	1✔
57	}	1✔
58
59	public AssignRoleCommand(PrivateUrlUser privateUrlUser, DataverseRole memberRole, Dataset dataset, DataverseRequest request, String privateUrlToken, boolean anonymizedAccess) {
60	this(privateUrlUser, memberRole, dataset, request, privateUrlToken);	1✔
61	this.anonymizedAccess= anonymizedAccess;	1✔
62	}	1✔
63
64	@Override
65	public RoleAssignment execute(CommandContext ctxt) throws CommandException {
66	if (grantee instanceof AuthenticatedUser) {	1✔
67	AuthenticatedUser user = (AuthenticatedUser) grantee;	×
68	if (user.isDeactivated()) {	×
69	throw new IllegalCommandException("User " + user.getUserIdentifier() + " is deactivated and cannot be given a role.", this);	×
70	}
71	}
72	if(isExistingRole(ctxt)){	1✔
NEW 73	throw new IllegalCommandException(BundleUtil.getStringFromBundle("datasets.api.grant.role.assignee.has.role.error"), this);	×
74	}
75	// TODO make sure the role is defined on the dataverse.
76	RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);	1✔
77	return ctxt.roles().save(roleAssignment);	1✔
78	}
79
80	private boolean isExistingRole(CommandContext ctxt) {
81	return ctxt.roles()	1✔
82	.directRoleAssignments(grantee, defPoint)	1✔
83	.stream()	1✔
84	.map(RoleAssignment::getRole)	1✔
85	.anyMatch(it -> it.equals(role));	1✔
86	}
87
88	@Override
89	public Map<String, Set<Permission>> getRequiredPermissions() {
90	// for data file check permission on owning dataset
91	Set<Permission> requiredPermissions = new HashSet<Permission>();	1✔
92
93	if (defPoint instanceof Dataverse) {	1✔
94	requiredPermissions.add(Permission.ManageDataversePermissions);	×
95	} else if (defPoint instanceof Dataset) {	1✔
96	requiredPermissions.add(Permission.ManageDatasetPermissions);	1✔
97	} else {
98	requiredPermissions.add(Permission.ManageFilePermissions);	×
99	}
100
101	requiredPermissions.addAll(role.permissions());	1✔
102
103	return Collections.singletonMap("", requiredPermissions);	1✔
104	}
105
106	@Override
107	public String describe() {
108	return grantee + " has been given " + role + " on " + defPoint.accept(DvObject.NameIdPrinter);	×
109	}
110
111	}

IQSS / dataverse / #22693

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous