dataverse
dataverse copied to clipboard
IQSS
API Update global role + fixed issue with GUI custom role edition
What this PR does / why we need it:
- Global role can now be updated via API
- Customised role can now be edited via GUI
PR is in Draft mode waiting for an answer. Guide to Create Global Role and to Delete a Global Role suggest to use $API_TOKEN. As a matter of fact you don't need it. Question is : Should we add SuperAdmin authorization on create, update and delete of a Global Role ? I would say yes but I want your opinion.
Which issue(s) this PR closes:
- Fixes #8808
- Closes #10575
Special notes for your reviewer:
I removed a comment @todo update permissionModificationTime here. as it is handled later/deeper here : DvObject savedDvObject = dvObjectService.updatePermissionIndexTime(dvObject);
Demos:
- Global role can now be updated via API
https://github.com/IQSS/dataverse/assets/83018819/d32cf934-7f86-440f-8e8c-d45061bc6900
- Customised role can now be edited via GUI
https://github.com/IQSS/dataverse/assets/83018819/51edd6e0-cfbd-49c5-a0ec-86bc54cc0357
Suggestions on how to test this: Play around roles and permissions. Ex : roles.json
{
"alias":"sys1",
"name":"Restricted System Role",
"description":"A person who may only add datasets.",
"permissions":[
"AddDataset"
]
}
Create a new global role :
curl -H 'Content-Type: application/json' -X POST "http://localhost:8080/api/admin/roles" --upload-file roles.json
Change roles.json :
{
"alias":"sys1",
"name":"Restricted System Role 23",
"description":"A person who may only add datasets.",
"permissions":[
"AddDataset"
]
}
Update Role (Try to change name) :
curl -H 'Content-Type: application/json' -X PUT "http://localhost:8080/api/admin/roles/15" --upload-file roles.json
OK
Try to update Curator role (change permissions) :
{
"alias":"curator",
"name":"Curator",
"permissions":[
"ViewUnpublishedDataverse",
"ViewUnpublishedDataset",
"DownloadFile",
"EditDataset",
"ManageDatasetPermissions",
"ManageFilePermissions",
"PublishDataset",
"DeleteDatasetDraft"
],
"description":"For datasets, a person who can edit License + Terms, edit Permissions, and publish datasets."
}
curl -H 'Content-Type: application/json' -X PUT "http://localhost:8080/api/admin/roles/7" --upload-file roles.json
OK
coverage: 20.57% (-0.003%) from 20.573% when pulling c29a9af03f955807b2b6bee411eb1ac3303db52e on Recherche-Data-Gouv:8808-10575-update-global-role into 3c55c3fa503b200fbe3b20e8d7d8965424e71160 on IQSS:develop.
coverage: 20.57% (-0.003%) from 20.573% when pulling 7d55ae17b4f6a4ae74d7118d17817e0f3e27b9a4 on Recherche-Data-Gouv:8808-10575-update-global-role into 3c55c3fa503b200fbe3b20e8d7d8965424e71160 on IQSS:develop.
PR is in Draft mode waiting for an answer. Guide to Create Global Role and to Delete a Global Role suggest to use
$API_TOKEN. As a matter of fact you don't need it. Question is : Should we add SuperAdmin authorization on create, update and delete of a Global Role ? I would say yes but I want your opinion.
These are both under /api/admin so I think it's ok to leave them as non-superuser because /api/admin should be blocked.
coverage: 20.571% (-0.002%) from 20.573% when pulling 9d0004dbea2625ecd7382af6ad30eac898c33a5d on Recherche-Data-Gouv:8808-10575-update-global-role into 3c55c3fa503b200fbe3b20e8d7d8965424e71160 on IQSS:develop.
@pdurbin @poikilotherm Guide is updated (sorry for the force-push fixing git bad manipulation).
coverage: 20.571% (-0.003%) from 20.574% when pulling 1b115dcf03d8709c1b855dbcc7e9fa70c3f12763 on Recherche-Data-Gouv:8808-10575-update-global-role into 5bf6b6defb1c22971951233f30b679d762496832 on IQSS:develop.
coverage: 20.571% (-0.003%) from 20.574% when pulling 1b115dcf03d8709c1b855dbcc7e9fa70c3f12763 on Recherche-Data-Gouv:8808-10575-update-global-role into 5bf6b6defb1c22971951233f30b679d762496832 on IQSS:develop.
coverage: 20.571% (-0.003%) from 20.574% when pulling 1b115dcf03d8709c1b855dbcc7e9fa70c3f12763 on Recherche-Data-Gouv:8808-10575-update-global-role into 5bf6b6defb1c22971951233f30b679d762496832 on IQSS:develop.
@gwendoux suggested this for 6.4 and I agree if would be nice.
@luddaniel the plan is to not require superuser right? The API endpoints are safe under /api/admin. Can you please merge the latest from develop and mark this pull request as non-draft if you're ready? Thanks!
Yep, someone needs to fix the problem I described at https://github.com/IQSS/dataverse/pull/10612#discussion_r1761720666 before this PR can move forward. In short, it doesn't work with a new installation that gets freshly bootstrapped, I believe.
coverage: 22.691% (-0.004%) from 22.695% when pulling 7e220f1dd81e2214055c92b0fa14445970c2b104 on Recherche-Data-Gouv:8808-10575-update-global-role into 825ab15220800dc8053d3e6731b62f3a933b0a17 on IQSS:develop.
@cmbz @scolapasta I looked at 3acd516 (didn't run it) and it looks like a good fix. I'm ready to move this to "ready for QA" if you are.
Can we please bump the version to 6.5 in pom.xml - additionally, there are conflicts to resolve.
