Merge remote-tracking branch 'IQSS/develop' into Perf1

Author: qqmyers

doc/release-notes/10520-datasetType-enable-licenses.md

@@ -0,0 +1,8 @@
+## Dataset Types can set available Licenses
+
+Licenses (e.g. "MIT") can now be linked to dataset types (e.g. "software") using new superuser APIs. The create Dataset Type APIs have been extended to allow you to set metadata blocks and/or licenses on the creation of a Dataset Type. 
+
+If a license is not available for a given dataset type then the Create Dataset API will prevent that license from being applied to the dataset.
+Also, the UI will only show those licenses that are available to a the dataset's dataset type.
+
+For more information, see the guides ([overview](https://dataverse-guide--11385.org.readthedocs.build/en/11385/user/dataset-management.html#dataset-types), [new APIs](https://dataverse-guide--11385.org.readthedocs.build/en/11385/api/native-api.html#set-available-licenses-for-a-dataset-type)), #10519 and #11001.

doc/release-notes/10567-feat-reconcilepid.md

@@ -0,0 +1,4 @@
+Added a new API for persistent identifier reconciliation. An unpublished dataset can be updated with a new
+pidProvider. If a persistent identifier was already registered when the dataset was registered, this is undone and the
+new provider (if changed in the meantime) is used. Note that this change does not affect the storage repository where the old identifier is still
+used. See [the guides](https://dataverse-guide--10567.org.readthedocs.build/en/10567/api/native-api.html#reconcile-the-pid-of-a-dataset-if-multiple-pid-providers-are-enabled), #10501, and #10567.

doc/release-notes/11357-Payara-Update.md

@@ -0,0 +1,3 @@
+The recommended Pyara version has been updated to Payara-6.2025.3
+
+Standard Payara upgrade instructions - as in the 6.6 release notes shouldbe added.

doc/release-notes/11413-rate-limiting-statistics-api.md

@@ -0,0 +1,8 @@
+### Rate Limiting Statistics API
+
+CSV dump of Rate Limiting Cache
+
+curl http://localhost:8080/api/admin/rateLimitStats
+curl http://localhost:8080/api/admin/rateLimitStats?deltaMinutesFilter=10
+
+See also [the guides](https://dataverse-guide--11359.org.readthedocs.build/en/11359/admin/rate_limiting.html), #11413, and #11359.

doc/sphinx-guides/source/admin/index.rst

@@ -30,6 +30,7 @@ This guide documents the functionality only available to superusers (such as "da
    mail-groups
    collectionquotas
    monitoring
+   rate-limiting
    reporting-tools-and-queries
    maintenance
    backups

doc/sphinx-guides/source/admin/rate-limiting.rst

@@ -0,0 +1,47 @@
+Rate Limiting
+=============
+
+.. contents:: Contents:
+	:local:
+
+Configuration
+-------------
+
+Rate limiting is used to prevent users from over taxing the system either deliberately or by runaway automated processes.
+Rate limiting can be configured on a tier level with tier 0 being reserved for guest users and tiers 1-any for authenticated users. New users are defaulted to tier 1.
+Superuser accounts are exempt from rate limiting.
+Rate limits can be imposed on command APIs by configuring the tier, the command, and the hourly limit in the database.
+Two database settings configure the rate limiting.
+Note: If either of these settings exist in the database rate limiting will be enabled (note that a Payara restart is required for the :RateLimitingDefaultCapacityTiers setting to take effect). If neither setting exists rate limiting is disabled.
+
+- :RateLimitingDefaultCapacityTiers is the number of calls allowed per hour if the specific command is not configured. The values represent the number of calls per hour per user for tiers 0,1,...
+  A value of -1 can be used to signify no rate limit. Tiers not specified in this setting will default to `-1` (No Limit). I.e., -d "10000" is equivalent to -d "10000,-1,-1,..."
+
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/settings/:RateLimitingDefaultCapacityTiers -X PUT -d '10000,20000'
+
+- :RateLimitingCapacityByTierAndAction is a JSON object specifying the rate by tier and a list of actions (commands). This allows for more control over the rate limit of individual API command calls.
+  In the following example, calls made by a guest user (tier 0) for API GetLatestPublishedDatasetVersionCommand is further limited to only 10 calls per hour, while an authenticated user (tier 1) will be able to make 30 calls per hour to the same API.
+
+:download:`rate-limit-actions.json </_static/installation/files/examples/rate-limit-actions-setting.json>`  Example JSON for RateLimitingCapacityByTierAndAction
+
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/settings/:RateLimitingCapacityByTierAndAction -X PUT -d '[{"tier": 0, "limitPerHour": 10, "actions": ["GetLatestPublishedDatasetVersionCommand", "GetPrivateUrlCommand", "GetDatasetCommand", "GetLatestAccessibleDatasetVersionCommand"]}, {"tier": 0, "limitPerHour": 1, "actions": ["CreateGuestbookResponseCommand", "UpdateDatasetVersionCommand", "DestroyDatasetCommand", "DeleteDataFileCommand", "FinalizeDatasetPublicationCommand", "PublishDatasetCommand"]}, {"tier": 1, "limitPerHour": 30, "actions": ["CreateGuestbookResponseCommand", "GetLatestPublishedDatasetVersionCommand", "GetPrivateUrlCommand", "GetDatasetCommand", "GetLatestAccessibleDatasetVersionCommand", "UpdateDatasetVersionCommand", "DestroyDatasetCommand", "DeleteDataFileCommand", "FinalizeDatasetPublicationCommand", "PublishDatasetCommand"]}]'
+
+Statistics
+----------
+
+In order to monitor the rate limiting cache for investigative purposes there is a stats endpoint which returns CSV formatted text.
+
+The CSV contains multiple lists.
+
+- The first list contains the username:command, and number of tokens remaining. This list is sorted by the values and has the header "#<username>:<command>, <available tokens>".
+
+- The second list contains username:command, last updated timestamp in minutes, and delta minutes before now. The header for this list is "#<username>:<command>, <timestamp>, <delta minutes> ## deltaMinutesFilter=1". This list can be filtered to show only the entries with updates within the deltaMinutesFilter requested. ("## deltaMinutesFilter=n" will be added to the header when the filter is included in the call.
+
+.. code-block:: bash
+
+  curl http://localhost:8080/api/admin/rateLimitStats
+  curl http://localhost:8080/api/admin/rateLimitStats?deltaMinutesFilter=10

doc/sphinx-guides/source/admin/user-administration.rst

@@ -112,6 +112,7 @@ This enables additional settings for each user in the notifications tab of their
 * ``SUBMITTEDDS`` Submitted for review
 * ``WORKFLOW_FAILURE`` External workflow run has failed
 * ``WORKFLOW_SUCCESS`` External workflow run has succeeded
+* ``PIDRECONCILED``   Dataset persistent identifier changed
 
 After enabling this feature, all notifications are enabled by default, until this is changed by the user.