Skip to content

Commit

Permalink
Merge pull request #11080 from IQSS/11076-access-previewUrl-with-perms
Browse files Browse the repository at this point in the history
#11076 Allow User with View Unpublished Dataset Perms to access Preview URL without becoming Preview URL User
  • Loading branch information
ofahimIQSS authored Dec 10, 2024
2 parents 206d8f0 + 853ced6 commit 6e3a250
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 4 deletions.
Original file line number Diff line number Diff line change
@@ -1,6 +1,10 @@
package edu.harvard.iq.dataverse.privateurl;

import edu.harvard.iq.dataverse.Dataset;
import edu.harvard.iq.dataverse.DatasetServiceBean;
import edu.harvard.iq.dataverse.DataverseRequestServiceBean;
import edu.harvard.iq.dataverse.DataverseSession;
import edu.harvard.iq.dataverse.PermissionsWrapper;
import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
import java.io.Serializable;
import java.util.logging.Logger;
Expand All @@ -20,8 +24,14 @@ public class PrivateUrlPage implements Serializable {

@EJB
PrivateUrlServiceBean privateUrlService;
@EJB
DatasetServiceBean datasetServiceBean;
@Inject
DataverseSession session;
@Inject
PermissionsWrapper permissionsWrapper;
@Inject
DataverseRequestServiceBean dvRequestService;

/**
* The unique string used to look up a PrivateUrlUser and the associated
Expand All @@ -34,7 +44,16 @@ public String init() {
PrivateUrlRedirectData privateUrlRedirectData = privateUrlService.getPrivateUrlRedirectDataFromToken(token);
String draftDatasetPageToBeRedirectedTo = privateUrlRedirectData.getDraftDatasetPageToBeRedirectedTo() + "&faces-redirect=true";
PrivateUrlUser privateUrlUser = privateUrlRedirectData.getPrivateUrlUser();
session.setUser(privateUrlUser);
boolean sessionUserCanViewUnpublishedDataset = false;
if (session.getUser().isAuthenticated()){
Long datasetId = privateUrlUser.getDatasetId();
Dataset dataset = datasetServiceBean.find(datasetId);
sessionUserCanViewUnpublishedDataset = permissionsWrapper.canViewUnpublishedDataset(dvRequestService.getDataverseRequest(), dataset);
}
if(!sessionUserCanViewUnpublishedDataset){
//Only Reset if user cannot view this Draft Version
session.setUser(privateUrlUser);
}
logger.info("Redirecting PrivateUrlUser '" + privateUrlUser.getIdentifier() + "' to " + draftDatasetPageToBeRedirectedTo);
return draftDatasetPageToBeRedirectedTo;
} catch (Exception ex) {
Expand Down
6 changes: 3 additions & 3 deletions src/main/webapp/dataset.xhtml
Original file line number Diff line number Diff line change
Expand Up @@ -1193,7 +1193,7 @@
<p>#{bundle['dataset.privateurl.general.description']}</p>
<p:commandButton styleClass="btn btn-default"
value="#{bundle['dataset.privateurl.general.button.label']}"
action="#{DatasetPage.createPrivateUrl(false)}" update="privateUrlPanel,:messagePanel"
action="#{DatasetPage.createPrivateUrl(false)}" update="privateUrlPanel,:messagePanel,disablePrivateUrlConfirmation"
disabled="#{(!empty(DatasetPage.privateUrl) and DatasetPage.anonymizedPrivateUrl)}"
rendered="#{empty(DatasetPage.privateUrl) or (!empty(DatasetPage.privateUrl) and DatasetPage.anonymizedPrivateUrl) }"/>
<p:fragment rendered="#{!empty(DatasetPage.privateUrl) and !DatasetPage.anonymizedPrivateUrl}">
Expand All @@ -1213,7 +1213,7 @@
<button class="btn btn-default btn-copy" data-clipboard-text="#{DatasetPage.getPrivateUrlLink(DatasetPage.privateUrl)}" jsf:rendered="#{!empty(DatasetPage.privateUrl)}" type="button">
#{bundle['copyClipboard']}
</button>
<p:commandButton styleClass="btn btn-default" value="#{bundle['dataset.privateurl.disableGeneralPreviewUrl']}" action="#{DatasetPage.setPrivateUrlJustCreatedToFalse()}" oncomplete="PF('privateUrlConfirmation').hide();PF('disablePrivateUrlConfirmation').show()" rendered="#{!empty(DatasetPage.privateUrl)}" update="privateUrlPanel,:messagePanel"/>
<p:commandButton styleClass="btn btn-default" value="#{bundle['dataset.privateurl.disableGeneralPreviewUrl']}" action="#{DatasetPage.setPrivateUrlJustCreatedToFalse()}" oncomplete="PF('privateUrlConfirmation').hide();PF('disablePrivateUrlConfirmation').show()" rendered="#{!empty(DatasetPage.privateUrl)}" update="privateUrlPanel,:messagePanel,disablePrivateUrlConfirmation"/>
</div>
</p:fragment>

Expand Down Expand Up @@ -1252,7 +1252,7 @@
<button class="btn btn-default btn-copy" data-clipboard-text="#{DatasetPage.getPrivateUrlLink(DatasetPage.privateUrl)}" jsf:rendered="#{!empty(DatasetPage.privateUrl)}" type="button">
#{bundle['copyClipboard']}
</button>
<p:commandButton styleClass="btn btn-default" value="#{bundle['dataset.privateurl.disableAnonPreviewUrl']}" action="#{DatasetPage.setPrivateUrlJustCreatedToFalse()}" oncomplete="PF('privateUrlConfirmation').hide();PF('disablePrivateUrlConfirmation').show()" rendered="#{!empty(DatasetPage.privateUrl)}" update="privateUrlPanel,:messagePanel"/>
<p:commandButton styleClass="btn btn-default" value="#{bundle['dataset.privateurl.disableAnonPreviewUrl']}" action="#{DatasetPage.setPrivateUrlJustCreatedToFalse()}" oncomplete="PF('privateUrlConfirmation').hide();PF('disablePrivateUrlConfirmation').show()" rendered="#{!empty(DatasetPage.privateUrl)}" update="privateUrlPanel,:messagePanel,disablePrivateUrlConfirmation"/>
</div>
</p:fragment>
<ui:remove>
Expand Down

0 comments on commit 6e3a250

Please sign in to comment.