use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.
the class ManagePermissionsPage method cloneRole.
public void cloneRole(String roleId) {
DataverseRole clonedRole = new DataverseRole();
clonedRole.setOwner(dvObject);
DataverseRole originalRole = roleService.find(Long.parseLong(roleId));
clonedRole.addPermissions(originalRole.permissions());
setRole(clonedRole);
}
use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.
the class ManagePermissionsPage method saveConfiguration.
public void saveConfiguration(ActionEvent e) {
// Set role (if any) for authenticatedUsers
DataverseRole roleToAssign = null;
List<String> contributorRoles = Arrays.asList(DataverseRole.FULL_CONTRIBUTOR, DataverseRole.DV_CONTRIBUTOR, DataverseRole.DS_CONTRIBUTOR);
if (!StringUtil.isEmpty(authenticatedUsersContributorRoleAlias)) {
roleToAssign = roleService.findBuiltinRoleByAlias(authenticatedUsersContributorRoleAlias);
}
// then, check current contributor role
List<RoleAssignment> aUsersRoleAssignments = roleService.directRoleAssignments(AuthenticatedUsers.get(), dvObject);
for (RoleAssignment roleAssignment : aUsersRoleAssignments) {
DataverseRole currentRole = roleAssignment.getRole();
if (contributorRoles.contains(currentRole.getAlias())) {
if (currentRole.equals(roleToAssign)) {
// found the role, so no need to assign
roleToAssign = null;
} else {
revokeRole(roleAssignment);
}
}
}
// finally, assign role, if new
if (roleToAssign != null) {
assignRole(AuthenticatedUsers.get(), roleToAssign);
}
// set dataverse default contributor role
if (dvObject instanceof Dataverse) {
Dataverse dv = (Dataverse) dvObject;
DataverseRole defaultRole = roleService.findBuiltinRoleByAlias(defaultContributorRoleAlias);
if (!defaultRole.equals(dv.getDefaultContributorRole())) {
try {
commandEngine.submit(new UpdateDataverseDefaultContributorRoleCommand(defaultRole, dvRequestService.getDataverseRequest(), dv));
JsfHelper.addSuccessMessage("The default permissions for this dataverse have been updated.");
} catch (PermissionException ex) {
JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot assign default permissions.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
} catch (CommandException ex) {
JH.addMessage(FacesMessage.SEVERITY_FATAL, "Cannot assign default permissions.");
logger.log(Level.SEVERE, "Error assigning default permissions: " + ex.getMessage(), ex);
}
}
}
roleAssignments = initRoleAssignments();
showConfigureMessages();
}
use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.
the class DeleteDataverseCommand method executeImpl.
@Override
protected void executeImpl(CommandContext ctxt) throws CommandException {
// Make sure we don't delete root
if (doomed.getOwner() == null) {
throw new IllegalCommandException("Cannot delete the root dataverse", this);
}
// make sure the dataverse is emptyw
if (ctxt.dvObjects().hasData(doomed)) {
throw new IllegalCommandException("Cannot delete non-empty dataverses", this);
}
// ASSIGNMENTS
for (RoleAssignment ra : ctxt.roles().directRoleAssignments(doomed)) {
ctxt.em().remove(ra);
}
// ROLES
for (DataverseRole ra : ctxt.roles().findByOwnerId(doomed.getId())) {
ctxt.em().remove(ra);
}
// EXPLICIT GROUPS
for (ExplicitGroup eg : ctxt.em().createNamedQuery("ExplicitGroup.findByOwnerId", ExplicitGroup.class).setParameter("ownerId", doomed.getId()).getResultList()) {
ctxt.explicitGroups().removeGroup(eg);
}
// Input Level
for (DataverseFieldTypeInputLevel inputLevel : doomed.getDataverseFieldTypeInputLevels()) {
DataverseFieldTypeInputLevel merged = ctxt.em().merge(inputLevel);
ctxt.em().remove(merged);
}
doomed.setDataverseFieldTypeInputLevels(new ArrayList<>());
// DATAVERSE
Dataverse doomedAndMerged = ctxt.em().merge(doomed);
ctxt.em().remove(doomedAndMerged);
// Remove from index
ctxt.index().delete(doomed);
}
use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.
the class DestroyDatasetCommand method executeImpl.
@Override
protected void executeImpl(CommandContext ctxt) throws CommandException {
// first check if dataset is released, and if so, if user is a superuser
if (doomed.isReleased() && (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser())) {
throw new PermissionException("Destroy can only be called by superusers.", this, Collections.singleton(Permission.DeleteDatasetDraft), doomed);
}
// If there is a dedicated thumbnail DataFile, it needs to be reset
// explicitly, or we'll get a constraint violation when deleting:
doomed.setThumbnailFile(null);
final Dataset managedDoomed = ctxt.em().merge(doomed);
List<String> datasetAndFileSolrIdsToDelete = new ArrayList<>();
// files need to iterate through and remove 'by hand' to avoid
// optimistic lock issues... (plus the physical files need to be
// deleted too!)
Iterator<DataFile> dfIt = doomed.getFiles().iterator();
while (dfIt.hasNext()) {
DataFile df = dfIt.next();
// Gather potential Solr IDs of files. As of this writing deaccessioned files are never indexed.
String solrIdOfPublishedFile = IndexServiceBean.solrDocIdentifierFile + df.getId();
datasetAndFileSolrIdsToDelete.add(solrIdOfPublishedFile);
String solrIdOfDraftFile = IndexServiceBean.solrDocIdentifierFile + df.getId() + IndexServiceBean.draftSuffix;
datasetAndFileSolrIdsToDelete.add(solrIdOfDraftFile);
ctxt.engine().submit(new DeleteDataFileCommand(df, getRequest(), true));
dfIt.remove();
}
// also, lets delete the uploaded thumbnails!
deleteDatasetLogo(doomed);
// ASSIGNMENTS
for (RoleAssignment ra : ctxt.roles().directRoleAssignments(doomed)) {
ctxt.em().remove(ra);
}
// ROLES
for (DataverseRole ra : ctxt.roles().findByOwnerId(doomed.getId())) {
ctxt.em().remove(ra);
}
IdServiceBean idServiceBean = IdServiceBean.getBean(ctxt);
try {
if (idServiceBean.alreadyExists(doomed)) {
idServiceBean.deleteIdentifier(doomed);
}
} catch (Exception e) {
logger.log(Level.WARNING, "Identifier deletion was not successfull:", e.getMessage());
}
Dataverse toReIndex = managedDoomed.getOwner();
// dataset
ctxt.em().remove(managedDoomed);
// add potential Solr IDs of datasets to list for deletion
String solrIdOfPublishedDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId();
datasetAndFileSolrIdsToDelete.add(solrIdOfPublishedDatasetVersion);
String solrIdOfDraftDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId() + IndexServiceBean.draftSuffix;
datasetAndFileSolrIdsToDelete.add(solrIdOfDraftDatasetVersion);
String solrIdOfDeaccessionedDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId() + IndexServiceBean.deaccessionedSuffix;
datasetAndFileSolrIdsToDelete.add(solrIdOfDeaccessionedDatasetVersion);
IndexResponse resultOfSolrDeletionAttempt = ctxt.solrIndex().deleteMultipleSolrIds(datasetAndFileSolrIdsToDelete);
logger.log(Level.FINE, "Result of attempt to delete dataset and file IDs from the search index: {0}", resultOfSolrDeletionAttempt.getMessage());
ctxt.index().indexDataverse(toReIndex);
}
use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.
the class CreateDataverseCommand method execute.
@Override
public Dataverse execute(CommandContext ctxt) throws CommandException {
if (created.getOwner() == null) {
if (ctxt.dataverses().isRootDataverseExists()) {
throw new IllegalCommandException("Root Dataverse already exists. Cannot create another one", this);
}
}
if (created.getCreateDate() == null) {
created.setCreateDate(new Timestamp(new Date().getTime()));
}
if (created.getCreator() == null) {
final User user = getRequest().getUser();
if (user.isAuthenticated()) {
created.setCreator((AuthenticatedUser) user);
} else {
throw new IllegalCommandException("Guest users cannot create a Dataverse.", this);
}
}
if (created.getDataverseType() == null) {
created.setDataverseType(Dataverse.DataverseType.UNCATEGORIZED);
}
if (created.getDefaultContributorRole() == null) {
created.setDefaultContributorRole(ctxt.roles().findBuiltinRoleByAlias(DataverseRole.EDITOR));
}
// @todo for now we are saying all dataverses are permission root
created.setPermissionRoot(true);
if (ctxt.dataverses().findByAlias(created.getAlias()) != null) {
throw new IllegalCommandException("A dataverse with alias " + created.getAlias() + " already exists", this);
}
// Save the dataverse
Dataverse managedDv = ctxt.dataverses().save(created);
// Find the built in admin role (currently by alias)
DataverseRole adminRole = ctxt.roles().findBuiltinRoleByAlias(DataverseRole.ADMIN);
String privateUrlToken = null;
ctxt.roles().save(new RoleAssignment(adminRole, getRequest().getUser(), managedDv, privateUrlToken));
managedDv.setPermissionModificationTime(new Timestamp(new Date().getTime()));
managedDv = ctxt.dataverses().save(managedDv);
ctxt.index().indexDataverse(managedDv);
if (facetList != null) {
ctxt.facets().deleteFacetsFor(managedDv);
int i = 0;
for (DatasetFieldType df : facetList) {
ctxt.facets().create(i++, df, managedDv);
}
}
if (inputLevelList != null) {
ctxt.fieldTypeInputLevels().deleteFacetsFor(managedDv);
for (DataverseFieldTypeInputLevel obj : inputLevelList) {
obj.setDataverse(managedDv);
ctxt.fieldTypeInputLevels().create(obj);
}
}
return managedDv;
}
Aggregations