Search in sources :

Example 21 with DataverseRole

use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.

the class ManagePermissionsPage method cloneRole.

public void cloneRole(String roleId) {
    DataverseRole clonedRole = new DataverseRole();
    clonedRole.setOwner(dvObject);
    DataverseRole originalRole = roleService.find(Long.parseLong(roleId));
    clonedRole.addPermissions(originalRole.permissions());
    setRole(clonedRole);
}
Also used : DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole)

Example 22 with DataverseRole

use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.

the class ManagePermissionsPage method saveConfiguration.

public void saveConfiguration(ActionEvent e) {
    // Set role (if any) for authenticatedUsers
    DataverseRole roleToAssign = null;
    List<String> contributorRoles = Arrays.asList(DataverseRole.FULL_CONTRIBUTOR, DataverseRole.DV_CONTRIBUTOR, DataverseRole.DS_CONTRIBUTOR);
    if (!StringUtil.isEmpty(authenticatedUsersContributorRoleAlias)) {
        roleToAssign = roleService.findBuiltinRoleByAlias(authenticatedUsersContributorRoleAlias);
    }
    // then, check current contributor role
    List<RoleAssignment> aUsersRoleAssignments = roleService.directRoleAssignments(AuthenticatedUsers.get(), dvObject);
    for (RoleAssignment roleAssignment : aUsersRoleAssignments) {
        DataverseRole currentRole = roleAssignment.getRole();
        if (contributorRoles.contains(currentRole.getAlias())) {
            if (currentRole.equals(roleToAssign)) {
                // found the role, so no need to assign
                roleToAssign = null;
            } else {
                revokeRole(roleAssignment);
            }
        }
    }
    // finally, assign role, if new
    if (roleToAssign != null) {
        assignRole(AuthenticatedUsers.get(), roleToAssign);
    }
    // set dataverse default contributor role
    if (dvObject instanceof Dataverse) {
        Dataverse dv = (Dataverse) dvObject;
        DataverseRole defaultRole = roleService.findBuiltinRoleByAlias(defaultContributorRoleAlias);
        if (!defaultRole.equals(dv.getDefaultContributorRole())) {
            try {
                commandEngine.submit(new UpdateDataverseDefaultContributorRoleCommand(defaultRole, dvRequestService.getDataverseRequest(), dv));
                JsfHelper.addSuccessMessage("The default permissions for this dataverse have been updated.");
            } catch (PermissionException ex) {
                JH.addMessage(FacesMessage.SEVERITY_ERROR, "Cannot assign default permissions.", "Permissions " + ex.getRequiredPermissions().toString() + " missing.");
            } catch (CommandException ex) {
                JH.addMessage(FacesMessage.SEVERITY_FATAL, "Cannot assign default permissions.");
                logger.log(Level.SEVERE, "Error assigning default permissions: " + ex.getMessage(), ex);
            }
        }
    }
    roleAssignments = initRoleAssignments();
    showConfigureMessages();
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) UpdateDataverseDefaultContributorRoleCommand(edu.harvard.iq.dataverse.engine.command.impl.UpdateDataverseDefaultContributorRoleCommand) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException) DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole)

Example 23 with DataverseRole

use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.

the class DeleteDataverseCommand method executeImpl.

@Override
protected void executeImpl(CommandContext ctxt) throws CommandException {
    // Make sure we don't delete root
    if (doomed.getOwner() == null) {
        throw new IllegalCommandException("Cannot delete the root dataverse", this);
    }
    // make sure the dataverse is emptyw
    if (ctxt.dvObjects().hasData(doomed)) {
        throw new IllegalCommandException("Cannot delete non-empty dataverses", this);
    }
    // ASSIGNMENTS
    for (RoleAssignment ra : ctxt.roles().directRoleAssignments(doomed)) {
        ctxt.em().remove(ra);
    }
    // ROLES
    for (DataverseRole ra : ctxt.roles().findByOwnerId(doomed.getId())) {
        ctxt.em().remove(ra);
    }
    // EXPLICIT GROUPS
    for (ExplicitGroup eg : ctxt.em().createNamedQuery("ExplicitGroup.findByOwnerId", ExplicitGroup.class).setParameter("ownerId", doomed.getId()).getResultList()) {
        ctxt.explicitGroups().removeGroup(eg);
    }
    // Input Level
    for (DataverseFieldTypeInputLevel inputLevel : doomed.getDataverseFieldTypeInputLevels()) {
        DataverseFieldTypeInputLevel merged = ctxt.em().merge(inputLevel);
        ctxt.em().remove(merged);
    }
    doomed.setDataverseFieldTypeInputLevels(new ArrayList<>());
    // DATAVERSE
    Dataverse doomedAndMerged = ctxt.em().merge(doomed);
    ctxt.em().remove(doomedAndMerged);
    // Remove from index
    ctxt.index().delete(doomed);
}
Also used : IllegalCommandException(edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) DataverseFieldTypeInputLevel(edu.harvard.iq.dataverse.DataverseFieldTypeInputLevel) Dataverse(edu.harvard.iq.dataverse.Dataverse) DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole) ExplicitGroup(edu.harvard.iq.dataverse.authorization.groups.impl.explicit.ExplicitGroup)

Example 24 with DataverseRole

use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.

the class DestroyDatasetCommand method executeImpl.

@Override
protected void executeImpl(CommandContext ctxt) throws CommandException {
    // first check if dataset is released, and if so, if user is a superuser
    if (doomed.isReleased() && (!(getUser() instanceof AuthenticatedUser) || !getUser().isSuperuser())) {
        throw new PermissionException("Destroy can only be called by superusers.", this, Collections.singleton(Permission.DeleteDatasetDraft), doomed);
    }
    // If there is a dedicated thumbnail DataFile, it needs to be reset
    // explicitly, or we'll get a constraint violation when deleting:
    doomed.setThumbnailFile(null);
    final Dataset managedDoomed = ctxt.em().merge(doomed);
    List<String> datasetAndFileSolrIdsToDelete = new ArrayList<>();
    // files need to iterate through and remove 'by hand' to avoid
    // optimistic lock issues... (plus the physical files need to be
    // deleted too!)
    Iterator<DataFile> dfIt = doomed.getFiles().iterator();
    while (dfIt.hasNext()) {
        DataFile df = dfIt.next();
        // Gather potential Solr IDs of files. As of this writing deaccessioned files are never indexed.
        String solrIdOfPublishedFile = IndexServiceBean.solrDocIdentifierFile + df.getId();
        datasetAndFileSolrIdsToDelete.add(solrIdOfPublishedFile);
        String solrIdOfDraftFile = IndexServiceBean.solrDocIdentifierFile + df.getId() + IndexServiceBean.draftSuffix;
        datasetAndFileSolrIdsToDelete.add(solrIdOfDraftFile);
        ctxt.engine().submit(new DeleteDataFileCommand(df, getRequest(), true));
        dfIt.remove();
    }
    // also, lets delete the uploaded thumbnails!
    deleteDatasetLogo(doomed);
    // ASSIGNMENTS
    for (RoleAssignment ra : ctxt.roles().directRoleAssignments(doomed)) {
        ctxt.em().remove(ra);
    }
    // ROLES
    for (DataverseRole ra : ctxt.roles().findByOwnerId(doomed.getId())) {
        ctxt.em().remove(ra);
    }
    IdServiceBean idServiceBean = IdServiceBean.getBean(ctxt);
    try {
        if (idServiceBean.alreadyExists(doomed)) {
            idServiceBean.deleteIdentifier(doomed);
        }
    } catch (Exception e) {
        logger.log(Level.WARNING, "Identifier deletion was not successfull:", e.getMessage());
    }
    Dataverse toReIndex = managedDoomed.getOwner();
    // dataset
    ctxt.em().remove(managedDoomed);
    // add potential Solr IDs of datasets to list for deletion
    String solrIdOfPublishedDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId();
    datasetAndFileSolrIdsToDelete.add(solrIdOfPublishedDatasetVersion);
    String solrIdOfDraftDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId() + IndexServiceBean.draftSuffix;
    datasetAndFileSolrIdsToDelete.add(solrIdOfDraftDatasetVersion);
    String solrIdOfDeaccessionedDatasetVersion = IndexServiceBean.solrDocIdentifierDataset + doomed.getId() + IndexServiceBean.deaccessionedSuffix;
    datasetAndFileSolrIdsToDelete.add(solrIdOfDeaccessionedDatasetVersion);
    IndexResponse resultOfSolrDeletionAttempt = ctxt.solrIndex().deleteMultipleSolrIds(datasetAndFileSolrIdsToDelete);
    logger.log(Level.FINE, "Result of attempt to delete dataset and file IDs from the search index: {0}", resultOfSolrDeletionAttempt.getMessage());
    ctxt.index().indexDataverse(toReIndex);
}
Also used : PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) Dataset(edu.harvard.iq.dataverse.Dataset) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) ArrayList(java.util.ArrayList) AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) Dataverse(edu.harvard.iq.dataverse.Dataverse) PermissionException(edu.harvard.iq.dataverse.engine.command.exception.PermissionException) CommandException(edu.harvard.iq.dataverse.engine.command.exception.CommandException) DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole) DataFile(edu.harvard.iq.dataverse.DataFile) IndexResponse(edu.harvard.iq.dataverse.search.IndexResponse) IdServiceBean(edu.harvard.iq.dataverse.IdServiceBean)

Example 25 with DataverseRole

use of edu.harvard.iq.dataverse.authorization.DataverseRole in project dataverse by IQSS.

the class CreateDataverseCommand method execute.

@Override
public Dataverse execute(CommandContext ctxt) throws CommandException {
    if (created.getOwner() == null) {
        if (ctxt.dataverses().isRootDataverseExists()) {
            throw new IllegalCommandException("Root Dataverse already exists. Cannot create another one", this);
        }
    }
    if (created.getCreateDate() == null) {
        created.setCreateDate(new Timestamp(new Date().getTime()));
    }
    if (created.getCreator() == null) {
        final User user = getRequest().getUser();
        if (user.isAuthenticated()) {
            created.setCreator((AuthenticatedUser) user);
        } else {
            throw new IllegalCommandException("Guest users cannot create a Dataverse.", this);
        }
    }
    if (created.getDataverseType() == null) {
        created.setDataverseType(Dataverse.DataverseType.UNCATEGORIZED);
    }
    if (created.getDefaultContributorRole() == null) {
        created.setDefaultContributorRole(ctxt.roles().findBuiltinRoleByAlias(DataverseRole.EDITOR));
    }
    // @todo for now we are saying all dataverses are permission root
    created.setPermissionRoot(true);
    if (ctxt.dataverses().findByAlias(created.getAlias()) != null) {
        throw new IllegalCommandException("A dataverse with alias " + created.getAlias() + " already exists", this);
    }
    // Save the dataverse
    Dataverse managedDv = ctxt.dataverses().save(created);
    // Find the built in admin role (currently by alias)
    DataverseRole adminRole = ctxt.roles().findBuiltinRoleByAlias(DataverseRole.ADMIN);
    String privateUrlToken = null;
    ctxt.roles().save(new RoleAssignment(adminRole, getRequest().getUser(), managedDv, privateUrlToken));
    managedDv.setPermissionModificationTime(new Timestamp(new Date().getTime()));
    managedDv = ctxt.dataverses().save(managedDv);
    ctxt.index().indexDataverse(managedDv);
    if (facetList != null) {
        ctxt.facets().deleteFacetsFor(managedDv);
        int i = 0;
        for (DatasetFieldType df : facetList) {
            ctxt.facets().create(i++, df, managedDv);
        }
    }
    if (inputLevelList != null) {
        ctxt.fieldTypeInputLevels().deleteFacetsFor(managedDv);
        for (DataverseFieldTypeInputLevel obj : inputLevelList) {
            obj.setDataverse(managedDv);
            ctxt.fieldTypeInputLevels().create(obj);
        }
    }
    return managedDv;
}
Also used : AuthenticatedUser(edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser) User(edu.harvard.iq.dataverse.authorization.users.User) IllegalCommandException(edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException) RoleAssignment(edu.harvard.iq.dataverse.RoleAssignment) DataverseFieldTypeInputLevel(edu.harvard.iq.dataverse.DataverseFieldTypeInputLevel) Timestamp(java.sql.Timestamp) Dataverse(edu.harvard.iq.dataverse.Dataverse) DatasetFieldType(edu.harvard.iq.dataverse.DatasetFieldType) Date(java.util.Date) DataverseRole(edu.harvard.iq.dataverse.authorization.DataverseRole)

Aggregations

DataverseRole (edu.harvard.iq.dataverse.authorization.DataverseRole)44 RoleAssignment (edu.harvard.iq.dataverse.RoleAssignment)23 RoleAssignee (edu.harvard.iq.dataverse.authorization.RoleAssignee)19 Test (org.junit.Test)19 PrivateUrlUser (edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser)18 Dataset (edu.harvard.iq.dataverse.Dataset)16 DvObject (edu.harvard.iq.dataverse.DvObject)12 Dataverse (edu.harvard.iq.dataverse.Dataverse)9 AuthenticatedUser (edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser)8 DatasetVersion (edu.harvard.iq.dataverse.DatasetVersion)6 DataverseRequest (edu.harvard.iq.dataverse.engine.command.DataverseRequest)6 ArrayList (java.util.ArrayList)5 User (edu.harvard.iq.dataverse.authorization.users.User)4 DataverseRoleServiceBean (edu.harvard.iq.dataverse.DataverseRoleServiceBean)3 Permission (edu.harvard.iq.dataverse.authorization.Permission)3 TestCommandContext (edu.harvard.iq.dataverse.engine.TestCommandContext)3 TestDataverseEngine (edu.harvard.iq.dataverse.engine.TestDataverseEngine)3 IllegalCommandException (edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException)3 PrivateUrl (edu.harvard.iq.dataverse.privateurl.PrivateUrl)3 Timestamp (java.sql.Timestamp)3