Merge pull request #11681 from IQSS/11525-retrieve-collections-a-user-can-create-datasets-in

11525 retrieve collections a user can create datasets in

Author: ofahimIQSS

doc/release-notes/11525-retrieve-collections-a-user-can-create-datasets-in.md

@@ -0,0 +1,5 @@
+### New API to retrieve a list of collections that an authenticated user can create a dataset in
+
+The API GET /api/mydata/retrieve/collectionList will return all the dataverse objects that the user can add to
+
+See also [the guides](https://guides.dataverse.org/en/latest/api/native-api.html#mydata) and #11525.

doc/sphinx-guides/source/api/native-api.rst

@@ -7997,3 +7997,19 @@ Parameters:
 
 ``per_page`` Number of results returned per page.
 
+MyData Collection List
+----------------------
+
+The MyData Collection List API is used to get a list of the collections an authenticated user can create a Dataset in.
+Param userIdentifier={userName} is used by a superuser to get the collections for a specific user.
+
+A curl example listing collections:
+
+.. code-block:: bash
+
+  export API_TOKEN=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+  export SERVER_URL=https://demo.dataverse.org
+
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/mydata/retrieve/collectionList"
+  curl -H "X-Dataverse-key:$API_TOKEN" "$SERVER_URL/api/mydata/retrieve/collectionList?userIdentifier=anotherUser"
+

src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

@@ -95,6 +95,10 @@ public class PermissionServiceBean {
     @Inject
     DatasetVersionFilesServiceBean datasetVersionFilesServiceBean;
 
+    private static final String LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION = """
+        SELECT id, name, alias FROM DATAVERSE
+    """;
+
     private static final String LIST_ALL_DATAVERSES_USER_HAS_PERMISSION = """
             WITH grouplist AS (
                   SELECT explicitgroup_authenticateduser.explicitgroup_id as id FROM explicitgroup_authenticateduser
@@ -928,6 +932,7 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
             String ipRangeSQL = "FALSE";
             if (request != null
                     && request.getAuthenticatedUser() != null
+                    && !request.getAuthenticatedUser().isSuperuser()
                     && request.getSourceAddress() != null
                     && request.getAuthenticatedUser().getUserIdentifier().equalsIgnoreCase(user.getUserIdentifier())) {
                 IpAddress ip = request.getSourceAddress();
@@ -950,11 +955,15 @@ public List<Dataverse> findPermittedCollections(DataverseRequest request, Authen
                     }
                 }
             }
-
-            String sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
-                    .replace("@USERID", String.valueOf(user.getId()))
-                    .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
-                    .replace("@IPRANGESQL", ipRangeSQL);
+            String sqlCode;
+            if (user.isSuperuser()) {
+                sqlCode = LIST_ALL_DATAVERSES_SUPERUSER_HAS_PERMISSION;
+            } else {
+                sqlCode = LIST_ALL_DATAVERSES_USER_HAS_PERMISSION
+                        .replace("@USERID", String.valueOf(user.getId()))
+                        .replace("@PERMISSIONBIT", String.valueOf(permissionBit))
+                        .replace("@IPRANGESQL", ipRangeSQL);
+            }
             return em.createNativeQuery(sqlCode, Dataverse.class).getResultList();
         }
         return null;

src/main/java/edu/harvard/iq/dataverse/api/Users.java

@@ -5,6 +5,7 @@
  */
 package edu.harvard.iq.dataverse.api;
 
+import edu.harvard.iq.dataverse.Dataverse;
 import edu.harvard.iq.dataverse.api.auth.AuthRequired;
 import edu.harvard.iq.dataverse.authorization.users.ApiToken;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
@@ -26,6 +27,7 @@
 import java.util.logging.Logger;
 
 import edu.harvard.iq.dataverse.util.json.JsonParseException;
+import edu.harvard.iq.dataverse.util.json.JsonPrinter;
 import edu.harvard.iq.dataverse.util.json.JsonUtil;
 import jakarta.ejb.Stateless;
 import jakarta.json.JsonArray;
@@ -286,8 +288,8 @@ public Response getUserPermittedCollections(@Context ContainerRequestContext crc
         }
         try {
             AuthenticatedUser userToQuery = authSvc.getAuthenticatedUser(identifier);
-            JsonObjectBuilder jsonObj = execCommand(new GetUserPermittedCollectionsCommand(createDataverseRequest(getRequestUser(crc)), userToQuery, permission));
-            return ok(jsonObj);
+            List<Dataverse> collections = execCommand(new GetUserPermittedCollectionsCommand(createDataverseRequest(getRequestUser(crc)), userToQuery, permission));
+            return ok(JsonPrinter.jsonArray(collections));
         } catch (WrappedResponse ex) {
             return ex.getResponse();
         }

src/main/java/edu/harvard/iq/dataverse/engine/command/impl/GetUserPermittedCollectionsCommand.java

@@ -3,29 +3,44 @@
 import edu.harvard.iq.dataverse.Dataverse;
 import edu.harvard.iq.dataverse.DvObject;
 import edu.harvard.iq.dataverse.authorization.Permission;
-import edu.harvard.iq.dataverse.authorization.groups.impl.ipaddress.ip.IpAddress;
 import edu.harvard.iq.dataverse.authorization.users.AuthenticatedUser;
 import edu.harvard.iq.dataverse.engine.command.AbstractCommand;
 import edu.harvard.iq.dataverse.engine.command.CommandContext;
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.RequiredPermissions;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
-import jakarta.json.Json;
-import jakarta.json.JsonArrayBuilder;
-import jakarta.json.JsonObjectBuilder;
+import edu.harvard.iq.dataverse.engine.command.exception.InvalidCommandArgumentsException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
 
 import java.util.List;
-import java.util.logging.Logger;
-
-import static edu.harvard.iq.dataverse.util.json.JsonPrinter.json;
 
+/**
+ * Command that retrieves all {@link Dataverse} collections for which a given
+ * {@link AuthenticatedUser} has the specified permission.
+ * <p>
+ * The permission is provided as a string corresponding to one of the names
+ * in the {@link Permission} enumeration (e.g. {@code Permission.AddDataset.name()}).
+ * If the special value {@code "any"} is passed, all collections for which
+ * the user has at least one permission are returned.
+ * </p>
+ *
+ * <p>
+ * Example:
+ * <pre>
+ * new GetUserPermittedCollectionsCommand(request, user, Permission.AddDataset.name());
+ * </pre>
+ * will return the list of collections where the user can add datasets.
+ * </p>
+ */
 @RequiredPermissions({})
-public class GetUserPermittedCollectionsCommand extends AbstractCommand<JsonObjectBuilder> {
-    private static final Logger logger = Logger.getLogger(GetUserPermittedCollectionsCommand.class.getCanonicalName());
+public class GetUserPermittedCollectionsCommand extends AbstractCommand<List<Dataverse>> {
+
+    public static final String ANY_PERMISSION = "any";
+
+    private final DataverseRequest request;
+    private final AuthenticatedUser user;
+    private final String permission;
 
-    private DataverseRequest request;
-    private AuthenticatedUser user;
-    private String permission;
     public GetUserPermittedCollectionsCommand(DataverseRequest request, AuthenticatedUser user, String permission) {
         super(request, (DvObject) null);
         this.request = request;
@@ -34,28 +49,16 @@ public GetUserPermittedCollectionsCommand(DataverseRequest request, Authenticate
     }
 
     @Override
-    public JsonObjectBuilder execute(CommandContext ctxt) throws CommandException {
+    public List<Dataverse> execute(CommandContext ctxt) throws CommandException {
         if (user == null) {
-            throw new CommandException("User not found.", this);
+            throw new CommandException(BundleUtil.getStringFromBundle("getUserPermittedCollectionsCommand.errors.userNotFound"), this);
         }
         int permissionBit;
         try {
-            permissionBit = permission.equalsIgnoreCase("any") ?
-                    Integer.MAX_VALUE : (1 << Permission.valueOf(permission).ordinal());
+            permissionBit = permission.equalsIgnoreCase(ANY_PERMISSION) ? Integer.MAX_VALUE : (1 << Permission.valueOf(permission).ordinal());
         } catch (IllegalArgumentException e) {
-            throw new CommandException("Permission not valid.", this);
-        }
-        List<Dataverse> collections = ctxt.permissions().findPermittedCollections(request, user, permissionBit);
-        if (collections != null) {
-            JsonObjectBuilder job = Json.createObjectBuilder();
-            JsonArrayBuilder jab = Json.createArrayBuilder();
-            for (Dataverse dv : collections) {
-                jab.add(json(dv));
-            }
-            job.add("count", collections.size());
-            job.add("items", jab);
-            return job;
+            throw new InvalidCommandArgumentsException(BundleUtil.getStringFromBundle("getUserPermittedCollectionsCommand.errors.permissionNotValid"), this);
         }
-        return null;
+        return ctxt.permissions().findPermittedCollections(request, user, permissionBit);
     }
 }