diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java index 01e61420eec..61ec8cfde14 100644 --- a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java +++ b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java @@ -70,8 +70,8 @@ public class DatasetsIT { @BeforeAll public static void setUpClass() { - - + + RestAssured.baseURI = UtilIT.getRestAssuredBaseUri(); Response removeIdentifierGenerationStyle = UtilIT.deleteSetting(SettingsServiceBean.Key.IdentifierGenerationStyle); @@ -128,20 +128,20 @@ public static void afterClass() { .statusCode(200); */ } - + @Test - public void testCollectionSchema(){ - + public void testCollectionSchema() { + Response createUser = UtilIT.createRandomUser(); createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); - - Response getCollectionSchemaResponse = UtilIT.getCollectionSchema(dataverseAlias, apiToken); + + Response getCollectionSchemaResponse = UtilIT.getCollectionSchema(dataverseAlias, apiToken); getCollectionSchemaResponse.prettyPrint(); getCollectionSchemaResponse.then().assertThat() .statusCode(200); @@ -153,33 +153,33 @@ public void testCollectionSchema(){ } assertEquals(JsonUtil.prettyPrint(expectedSchema), JsonUtil.prettyPrint(getCollectionSchemaResponse.body().asString())); - + String expectedJson = UtilIT.getDatasetJson("scripts/search/tests/data/dataset-finch1.json"); - + Response validateDatasetJsonResponse = UtilIT.validateDatasetJson(dataverseAlias, expectedJson, apiToken); validateDatasetJsonResponse.prettyPrint(); validateDatasetJsonResponse.then().assertThat() .statusCode(200); - - - String pathToJsonFile = "scripts/search/tests/data/datasetMissingReqFields.json"; - + + + String pathToJsonFile = "scripts/search/tests/data/datasetMissingReqFields.json"; + String jsonIn = UtilIT.getDatasetJson(pathToJsonFile); - + Response validateBadDatasetJsonResponse = UtilIT.validateDatasetJson(dataverseAlias, jsonIn, apiToken); validateBadDatasetJsonResponse.prettyPrint(); validateBadDatasetJsonResponse.then().assertThat() .statusCode(200); - + validateBadDatasetJsonResponse.then().assertThat() .statusCode(OK.getStatusCode()) .body(containsString("failed validation")); - + Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken); deleteDataverseResponse.prettyPrint(); assertEquals(200, deleteDataverseResponse.getStatusCode()); - + } @Test @@ -189,7 +189,7 @@ public void testCreateDataset() { createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); @@ -201,28 +201,28 @@ public void testCreateDataset() { Response datasetAsJson = UtilIT.nativeGet(datasetId, apiToken); datasetAsJson.then().assertThat() .statusCode(OK.getStatusCode()); - + String identifier = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.identifier"); assertEquals(10, identifier.length()); Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); - + // Now, let's allow anyone with a Dataverse account (any "random user") // to create datasets in this dataverse: - + Response grantRole = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR, AuthenticatedUsers.get().getIdentifier(), apiToken); grantRole.prettyPrint(); assertEquals(OK.getStatusCode(), grantRole.getStatusCode()); - + // Create another random user: - + Response createRandomUser = UtilIT.createRandomUser(); createRandomUser.prettyPrint(); String randomUsername = UtilIT.getUsernameFromResponse(createRandomUser); String randomUserApiToken = UtilIT.getApiTokenFromResponse(createRandomUser); - + // This random user should be able to create a dataset in the dataverse // above, because we've set it up so, right? - Not exactly: the dataverse // hasn't been published yet! So if this random user tries to create @@ -233,7 +233,7 @@ public void testCreateDataset() { assertEquals(UNAUTHORIZED.getStatusCode(), createDatasetResponse.getStatusCode()); */ // Now, let's publish this dataverse... - + Response publishDataverse = UtilIT.publishDataverseViaSword(dataverseAlias, apiToken); assertEquals(OK.getStatusCode(), publishDataverse.getStatusCode()); @@ -242,12 +242,13 @@ public void testCreateDataset() { try { Thread.sleep(1000l); - } catch (InterruptedException iex) {} + } catch (InterruptedException iex) { + } // ... And now that it's published, try to create a dataset again, // as the "random", not specifically authorized user: // (this time around, it should work!) - + createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, randomUserApiToken); createDatasetResponse.prettyPrint(); datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse); @@ -257,11 +258,11 @@ public void testCreateDataset() { .statusCode(OK.getStatusCode()); // OK, let's delete this dataset as well, and then delete the dataverse... - + deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); - + Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken); deleteDataverseResponse.prettyPrint(); assertEquals(200, deleteDataverseResponse.getStatusCode()); @@ -271,7 +272,7 @@ public void testCreateDataset() { assertEquals(200, deleteUserResponse.getStatusCode()); } - + @Test public void testAddUpdateDatasetViaNativeAPI() { @@ -279,7 +280,7 @@ public void testAddUpdateDatasetViaNativeAPI() { createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); @@ -291,43 +292,41 @@ public void testAddUpdateDatasetViaNativeAPI() { Response datasetAsJson = UtilIT.nativeGet(datasetId, apiToken); datasetAsJson.then().assertThat() .statusCode(OK.getStatusCode()); - + String identifier = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.identifier"); - + //Test Add Data - - + + Response getDatasetJsonBeforePublishing = UtilIT.nativeGet(datasetId, apiToken); getDatasetJsonBeforePublishing.prettyPrint(); String protocol = JsonPath.from(getDatasetJsonBeforePublishing.getBody().asString()).getString("data.protocol"); String authority = JsonPath.from(getDatasetJsonBeforePublishing.getBody().asString()).getString("data.authority"); - + String datasetPersistentId = protocol + ":" + authority + "/" + identifier; String pathToJsonFile = "doc/sphinx-guides/source/_static/api/dataset-add-metadata.json"; Response addSubjectViaNative = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat() .statusCode(OK.getStatusCode()); - - + RestAssured.registerParser("text/plain", Parser.JSON); Response exportDatasetAsJson = UtilIT.exportDataset(datasetPersistentId, "dataverse_json", apiToken); exportDatasetAsJson.prettyPrint(); - + pathToJsonFile = "doc/sphinx-guides/source/_static/api/dataset-add-subject-metadata.json"; addSubjectViaNative = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat() .statusCode(OK.getStatusCode()).body(containsString("Mathematical Sciences")); - + String pathToJsonFileSingle = "doc/sphinx-guides/source/_static/api/dataset-simple-update-metadata.json"; Response addSubjectSingleViaNative = UtilIT.updateFieldLevelDatasetMetadataViaNative(datasetPersistentId, pathToJsonFileSingle, apiToken); String responseString = addSubjectSingleViaNative.prettyPrint(); addSubjectSingleViaNative.then().assertThat() .statusCode(OK.getStatusCode()).body(containsString("Mathematical Sciences")).body(containsString("Social Sciences")); - //Trying to blank out required field should fail... @@ -338,12 +337,12 @@ public void testAddUpdateDatasetViaNativeAPI() { Response publishDataverse = UtilIT.publishDataverseViaSword(dataverseAlias, apiToken); - + Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); //post publish update - String pathToJsonFilePostPub= "doc/sphinx-guides/source/_static/api/dataset-add-metadata-after-pub.json"; - Response addDataToPublishedVersion = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFilePostPub, apiToken); + String pathToJsonFilePostPub = "doc/sphinx-guides/source/_static/api/dataset-add-metadata-after-pub.json"; + Response addDataToPublishedVersion = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFilePostPub, apiToken); addDataToPublishedVersion.prettyPrint(); addDataToPublishedVersion.then().assertThat().statusCode(OK.getStatusCode()); @@ -353,34 +352,34 @@ public void testAddUpdateDatasetViaNativeAPI() { String pathToJsonFileBadDataSubtitle = "doc/sphinx-guides/source/_static/api/dataset-edit-metadata-subtitle.json"; Response addDataToBadData = UtilIT.updateFieldLevelDatasetMetadataViaNative(datasetPersistentId, pathToJsonFileBadDataSubtitle, apiToken); addDataToBadData.prettyPrint(); - + addDataToBadData.then().assertThat() .body("message", equalToCI("Error parsing dataset update: Invalid value submitted for Subtitle. It should be a single value.")) .statusCode(400); - - addSubjectViaNative = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFile, apiToken); + + addSubjectViaNative = UtilIT.addDatasetMetadataViaNative(datasetPersistentId, pathToJsonFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat() .statusCode(OK.getStatusCode()); - - String pathToJsonDeleteFile = "doc/sphinx-guides/source/_static/api/dataset-delete-subject-metadata.json"; + + String pathToJsonDeleteFile = "doc/sphinx-guides/source/_static/api/dataset-delete-subject-metadata.json"; addSubjectViaNative = UtilIT.deleteDatasetMetadataViaNative(datasetPersistentId, pathToJsonDeleteFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat() .statusCode(OK.getStatusCode()); - + pathToJsonDeleteFile = "doc/sphinx-guides/source/_static/api/dataset-delete-author-metadata.json"; addSubjectViaNative = UtilIT.deleteDatasetMetadataViaNative(datasetPersistentId, pathToJsonDeleteFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat() .statusCode(OK.getStatusCode()); - + pathToJsonDeleteFile = "doc/sphinx-guides/source/_static/api/dataset-delete-author-no-match.json"; addSubjectViaNative = UtilIT.deleteDatasetMetadataViaNative(datasetPersistentId, pathToJsonDeleteFile, apiToken); addSubjectViaNative.prettyPrint(); addSubjectViaNative.then().assertThat().body("message", equalTo("Delete metadata failed: Author: Spruce, Sabrina not found.")) .statusCode(400); - + publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); //6078 @@ -388,11 +387,11 @@ public void testAddUpdateDatasetViaNativeAPI() { Response editPublishedVersion = UtilIT.updateFieldLevelDatasetMetadataViaNative(datasetPersistentId, pathToJsonFileEditPostPub, apiToken); editPublishedVersion.prettyPrint(); editPublishedVersion.then().assertThat().statusCode(OK.getStatusCode()); - + publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); //"Delete metadata failed: " + updateField.getDatasetFieldType().getDisplayName() + ": " + displayValue + " not found." } - + @Test public void testAddEmptyDatasetViaNativeAPI() { @@ -400,27 +399,27 @@ public void testAddEmptyDatasetViaNativeAPI() { createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); - String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); - + String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); + String pathToJsonFile = "scripts/search/tests/data/emptyDataset.json"; Response createDatasetResponse = UtilIT.createDatasetViaNativeApi(dataverseAlias, pathToJsonFile, apiToken); createDatasetResponse.prettyPrint(); createDatasetResponse.then().assertThat() .statusCode(FORBIDDEN.getStatusCode()) - .body("message", startsWith("Validation Failed: ")); - - pathToJsonFile = "scripts/search/tests/data/datasetMissingReqFields.json"; + .body("message", startsWith("Validation Failed: ")); + + pathToJsonFile = "scripts/search/tests/data/datasetMissingReqFields.json"; createDatasetResponse = UtilIT.createDatasetViaNativeApi(dataverseAlias, pathToJsonFile, apiToken); createDatasetResponse.prettyPrint(); - + createDatasetResponse.then().assertThat() .statusCode(FORBIDDEN.getStatusCode()) .body("message", startsWith("Validation Failed: ")); - + } /** @@ -436,10 +435,10 @@ public void testCreatePublishDestroyDataset() { String apiToken = UtilIT.getApiTokenFromResponse(createUser); Response makeSuperUser = UtilIT.makeSuperUser(username); assertEquals(200, makeSuperUser.getStatusCode()); - + Response createNoAccessUser = UtilIT.createRandomUser(); createNoAccessUser.prettyPrint(); - String apiTokenNoAccess= UtilIT.getApiTokenFromResponse(createNoAccessUser); + String apiTokenNoAccess = UtilIT.getApiTokenFromResponse(createNoAccessUser); Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); @@ -455,11 +454,11 @@ public void testCreatePublishDestroyDataset() { String authority = JsonPath.from(getDatasetJsonBeforePublishing.getBody().asString()).getString("data.authority"); String identifier = JsonPath.from(getDatasetJsonBeforePublishing.getBody().asString()).getString("data.identifier"); String datasetPersistentId = protocol + ":" + authority + "/" + identifier; - + Response datasetAsJsonNoAccess = UtilIT.nativeGet(datasetId, apiTokenNoAccess); datasetAsJsonNoAccess.then().assertThat() - .statusCode(UNAUTHORIZED.getStatusCode()); - + .statusCode(UNAUTHORIZED.getStatusCode()); + Response publishDataverse = UtilIT.publishDataverseViaSword(dataverseAlias, apiToken); assertEquals(200, publishDataverse.getStatusCode()); Response attemptToPublishZeroDotOne = UtilIT.publishDatasetViaNativeApiDeprecated(datasetPersistentId, "minor", apiToken); @@ -468,7 +467,7 @@ public void testCreatePublishDestroyDataset() { attemptToPublishZeroDotOne.then().assertThat() .body("message", equalTo("Cannot publish as minor version. Re-try as major release.")) .statusCode(403); - + logger.info("Attempting to publish a major version"); // Return random sleep 9/13/2019 // Without it we've seen some DB deadlocks @@ -476,7 +475,8 @@ public void testCreatePublishDestroyDataset() { try { Thread.sleep(3000l); - } catch (InterruptedException iex) {} + } catch (InterruptedException iex) { + } Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); @@ -489,10 +489,10 @@ public void testCreatePublishDestroyDataset() { // FIXME: make this less brittle by removing "2" and "0". See also test below. .body("data.latestVersion.metadataBlocks.citation.fields[2].value[0].datasetContactEmail.value", equalTo("finch@mailinator.com")) .statusCode(OK.getStatusCode()); - + Response datasetAsJsonNoAccessPostPublish = UtilIT.nativeGet(datasetId, apiTokenNoAccess); datasetAsJsonNoAccessPostPublish.then().assertThat() - .statusCode(OK.getStatusCode()); + .statusCode(OK.getStatusCode()); assertTrue(datasetAsJsonNoAccessPostPublish.body().asString().contains(identifier)); List datasetContactsFromNativeGet = with(getDatasetJsonAfterPublishing.body().asString()).param("datasetContact", "datasetContact") @@ -596,10 +596,10 @@ public void testCreatePublishDestroyDataset() { /** * The apis (/api/datasets/{id}/versions and /api/datasets/{id}/versions/{vid} - * are already called from other RestAssured tests, in this class and also in FilesIT. - * But this test is dedicated to this api specifically, and focuses on the - * functionality added to it in 6.1. - */ + * are already called from other RestAssured tests, in this class and also in FilesIT. + * But this test is dedicated to this api specifically, and focuses on the + * functionality added to it in 6.1. + */ @Test public void testDatasetVersionsAPI() { // Create user @@ -623,13 +623,13 @@ public void testDatasetVersionsAPI() { String pathToFile = "src/main/webapp/resources/images/dataverseproject.png"; Response uploadResponse = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFile, apiToken); uploadResponse.then().assertThat().statusCode(OK.getStatusCode()); - + // Check that the file we just uploaded is shown by the versions api: Response unpublishedDraft = UtilIT.getDatasetVersion(datasetPid, ":draft", apiToken); unpublishedDraft.prettyPrint(); unpublishedDraft.then().assertThat() .statusCode(OK.getStatusCode()); - + // Now check that the file is NOT shown, when we ask the versions api to // skip files: boolean excludeFiles = true; @@ -692,7 +692,7 @@ public void testDatasetVersionsAPI() { .body("data.latestVersionPublishingState", equalTo("DRAFT")); // We should now have a published version, and a draft. - + // Call /versions api, *with the owner api token*, make sure both // versions are listed; also check that the correct numbers of files // are shown in each version (2 in the draft, 1 in the published). @@ -716,7 +716,7 @@ public void testDatasetVersionsAPI() { .body("data.size()", equalTo(1)) .body("data.versionState[0]", equalTo("DRAFT")) .body("data[0].files.size()", equalTo(2)); - + // And now call it with an un-privileged token, to make sure only one // (the published) version is shown: versionsResponse = UtilIT.getDatasetVersions(datasetPid, apiTokenNoPerms); @@ -725,7 +725,7 @@ public void testDatasetVersionsAPI() { .statusCode(OK.getStatusCode()) .body("data.versionState[0]", not("DRAFT")) .body("data.size()", equalTo(1)); - + // And now call the "short", no-files version of the same api excludeFiles = true; versionsResponse = UtilIT.getDatasetVersions(datasetPid, apiTokenNoPerms, excludeFiles); @@ -735,58 +735,54 @@ public void testDatasetVersionsAPI() { .body("data[0].files", equalTo(null)); - - - - excludeFiles = true; //Latest published authorized token //Latest published requested, draft exists and user has access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files", equalTo(null)); //Latest published unauthorized token //Latest published requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files", equalTo(null)); //Latest authorized token //Latest requested, draft exists and user has access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files", equalTo(null)); //Latest unauthorized token //Latest requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files", equalTo(null)); //Specific version authorized token //Specific version requested, draft exists and user has access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files", equalTo(null)); //Specific version unauthorized token //Specific version requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files", equalTo(null)); excludeFiles = false; @@ -795,48 +791,48 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files.size()", equalTo(1)); //Latest published unauthorized token //Latest published requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files.size()", equalTo(1)); //Latest authorized token, user is authenticated should get the Draft version //Latest requested, draft exists and user has access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files.size()", equalTo(2)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files.size()", equalTo(2)); //Latest unauthorized token, user has no permissions should get the latest Published version //Latest requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files.size()", equalTo(1)); //Specific version authorized token //Specific version requested, draft exists and user has access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files.size()", equalTo(1)); //Specific version unauthorized token //Specific version requested, draft exists but user doesn't have access to draft datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("RELEASED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("RELEASED")) + .body("data.files.size()", equalTo(1)); //We deaccession the dataset Response deaccessionDatasetResponse = UtilIT.deaccessionDataset(datasetId, DS_VERSION_LATEST_PUBLISHED, "Test deaccession reason.", null, apiToken); @@ -851,8 +847,8 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files.size()", equalTo(1)); //Latest published requesting files, one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiTokenNoPerms, excludeFiles, includeDeaccessioned); @@ -863,8 +859,8 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files.size()", equalTo(2)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files.size()", equalTo(2)); //Latest unauthorized token requesting files, one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); @@ -875,8 +871,8 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files.size()", equalTo(1)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files.size()", equalTo(1)); //Specific version unauthorized token requesting files, one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets. datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiTokenNoPerms, excludeFiles, includeDeaccessioned); @@ -890,48 +886,48 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files", equalTo(null)); //Latest published exclude files, should get the DEACCESSIONED version //Latest published requested, that version was deaccessioned but a draft exist but the user doesn't have access to it. datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST_PUBLISHED, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files", equalTo(null)); //Latest authorized token should get the DRAFT version with no files //Latest requested there is a draft and the user has access to it. datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files", equalTo(null)); //Latest unauthorized token excluding files, one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets //Latest requested and latest version is deaccessioned and the user doesn't have access to the draft. datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files", equalTo(null)); //Specific version authorized token //Specific version requested (deaccesioned), the latest version is on draft amd the user has access to it. datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files", equalTo(null)); //Specific version unauthorized token requesting files, one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets. //Specific version requested (deaccesioned), the latest version is on draft but the user doesn't have access to it. datasetVersion = UtilIT.getDatasetVersion(datasetPid, specificVersion, apiTokenNoPerms, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DEACCESSIONED")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DEACCESSIONED")) + .body("data.files", equalTo(null)); //Set of test when we have a deaccessioned dataset but we don't include deaccessioned includeDeaccessioned = false; @@ -952,8 +948,8 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files.size()", equalTo(2)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files.size()", equalTo(2)); //Latest unauthorized token one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); @@ -986,8 +982,8 @@ public void testDatasetVersionsAPI() { datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiToken, excludeFiles, includeDeaccessioned); datasetVersion.prettyPrint(); datasetVersion.then().assertThat().statusCode(OK.getStatusCode()) - .body("data.versionState", equalTo("DRAFT")) - .body("data.files", equalTo(null)); + .body("data.versionState", equalTo("DRAFT")) + .body("data.files", equalTo(null)); //Latest unauthorized token one version is DEACCESSIONED the second is DRAFT so shouldn't get any datasets datasetVersion = UtilIT.getDatasetVersion(datasetPid, DS_VERSION_LATEST, apiTokenNoPerms, excludeFiles, includeDeaccessioned); @@ -1006,7 +1002,7 @@ public void testDatasetVersionsAPI() { } - + /** * This test requires the root dataverse to be published to pass. */ @@ -1052,7 +1048,8 @@ public void testExport() { try { Thread.sleep(3000l); - } catch (InterruptedException iex) {} + } catch (InterruptedException iex) { + } Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); @@ -1190,7 +1187,8 @@ public void testExcludeEmail() { try { Thread.sleep(3000l); - } catch (InterruptedException iex) {} + } catch (InterruptedException iex) { + } Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); @@ -1305,9 +1303,11 @@ public void testStoredProcGeneratedAsIdentifierGenerationStyle() { try { Thread.sleep(3000l); - } catch (Exception ex) {logger.warning("failed to execute sleep 3 sec.");} + } catch (Exception ex) { + logger.warning("failed to execute sleep 3 sec."); + } + - Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); @@ -1429,14 +1429,14 @@ public void testPrivateUrl() { * asadmin create-jvm-options * "-Ddataverse.siteUrl=http\://localhost\:8080" */ - - /* - * Attempt to follow the private link url; as a user not otherwise + + /* + * Attempt to follow the private link url; as a user not otherwise * authorized to view the draft - and make sure they get the dataset page: - * + * * MAKE SURE TO READ the note below, about jsessions and cookies! - */ - + */ + Response getDatasetAsUserWhoClicksPrivateUrl = given() .header(API_TOKEN_HTTP_HEADER, apiToken) .get(urlWithToken); @@ -1507,7 +1507,7 @@ public void testPrivateUrl() { assertEquals("Darwin's Finches - " + dataverseAlias, title); */ - + Response junkPrivateUrlToken = given() .header(API_TOKEN_HTTP_HEADER, apiToken) .get("/privateurl.xhtml?token=" + "junk"); @@ -1666,15 +1666,15 @@ public void testPrivateUrl() { * @todo Should the Search API work with the Private URL token? */ } - + @Test - public void testAddRoles(){ - + public void testAddRoles() { + Response createUser = UtilIT.createRandomUser(); createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); String dataverseAlias = UtilIT.getAliasFromResponse(createDataverseResponse); @@ -1686,61 +1686,81 @@ public void testAddRoles(){ Response datasetAsJson = UtilIT.nativeGet(datasetId, apiToken); datasetAsJson.then().assertThat() .statusCode(OK.getStatusCode()); - + String identifier = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.identifier"); assertEquals(10, identifier.length()); - + String protocol1 = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.protocol"); String authority1 = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.authority"); String identifier1 = JsonPath.from(datasetAsJson.getBody().asString()).getString("data.identifier"); String datasetPersistentId = protocol1 + ":" + authority1 + "/" + identifier1; - - + // Create another random user: - + Response createRandomUser = UtilIT.createRandomUser(); createRandomUser.prettyPrint(); String randomUsername = UtilIT.getUsernameFromResponse(createRandomUser); String randomUserApiToken = UtilIT.getApiTokenFromResponse(createRandomUser); - + //Give that random user permission //(String definitionPoint, String role, String roleAssignee, String apiToken) //Can't give yourself permission Response giveRandoPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "fileDownloader", "@" + randomUsername, randomUserApiToken); - giveRandoPermission.prettyPrint(); + giveRandoPermission.prettyPrint(); assertEquals(401, giveRandoPermission.getStatusCode()); - + giveRandoPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "fileDownloader", "@" + randomUsername, apiToken); - giveRandoPermission.prettyPrint(); + giveRandoPermission.prettyPrint(); assertEquals(200, giveRandoPermission.getStatusCode()); - - String idToDelete = JsonPath.from(giveRandoPermission.getBody().asString()).getString("data.id"); + + // Create another random user to become curator: + + Response createCuratorUser = UtilIT.createRandomUser(); + createCuratorUser.prettyPrint(); + String curatorUsername = UtilIT.getUsernameFromResponse(createCuratorUser); + String curatorUserApiToken = UtilIT.getApiTokenFromResponse(createCuratorUser); + + Response giveCuratorPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "curator", "@" + curatorUsername, apiToken); + giveCuratorPermission.prettyPrint(); + assertEquals(200, giveCuratorPermission.getStatusCode()); + + // Test if privilege escalation is possible: curator should not be able to assign admin rights + Response giveTooMuchPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "admin", "@" + curatorUsername, curatorUserApiToken); + giveTooMuchPermission.prettyPrint(); + assertEquals(401, giveTooMuchPermission.getStatusCode()); + + giveTooMuchPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "admin", "@" + randomUsername, curatorUserApiToken); + giveTooMuchPermission.prettyPrint(); + assertEquals(401, giveTooMuchPermission.getStatusCode()); + + + String idToDelete = JsonPath.from(giveRandoPermission.getBody().asString()).getString("data.id"); giveRandoPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "designatedHitter", "@" + randomUsername, apiToken); - giveRandoPermission.prettyPrint(); - giveRandoPermission.then().assertThat() + giveRandoPermission.prettyPrint(); + giveRandoPermission.then().assertThat() .contentType(ContentType.JSON) .body("message", containsString("Cannot find role named 'designatedHitter' in dataverse ")) .statusCode(400); assertEquals(400, giveRandoPermission.getStatusCode()); - + //Try to delete Role with Id saved above //Fails for lack of perms Response deleteGrantedAccess = UtilIT.revokeRoleOnDataset(datasetPersistentId, new Long(idToDelete), randomUserApiToken); deleteGrantedAccess.prettyPrint(); assertEquals(401, deleteGrantedAccess.getStatusCode()); - + //Should be able to delete with proper apiToken deleteGrantedAccess = UtilIT.revokeRoleOnDataset(datasetPersistentId, new Long(idToDelete), apiToken); deleteGrantedAccess.prettyPrint(); assertEquals(200, deleteGrantedAccess.getStatusCode()); - - Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); + + Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); - + Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, apiToken); deleteDataverseResponse.prettyPrint(); assertEquals(200, deleteDataverseResponse.getStatusCode()); @@ -1836,7 +1856,7 @@ private static void validateAssignExistingRole(String datasetPersistentId, Strin final Response failedGrantPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, "fileDownloader", "@" + randomUsername, apiToken); failedGrantPermission.prettyPrint(); failedGrantPermission.then().assertThat() - .body("message",containsString("User already has this role for this object")) + .body("message", containsString("User already has this role for this object")) .statusCode(FORBIDDEN.getStatusCode()); } @@ -1940,7 +1960,7 @@ public void testDeleteDatasetWhileFileIngesting() { Response uploadIngestableFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFileThatGoesThroughIngest, apiToken); uploadIngestableFile.then().assertThat() .statusCode(OK.getStatusCode()); - + Response deleteDataset = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDataset.prettyPrint(); deleteDataset.then().assertThat() @@ -2095,7 +2115,7 @@ public void testCreateDatasetWithDcmDependency() { if (stopEarlyBecauseYouDoNotHaveDcmInstalled) { return; } - + boolean stopEarlyToVerifyTheScriptWasCreated = false; if (stopEarlyToVerifyTheScriptWasCreated) { logger.info("On the DCM, does /deposit/gen/upload-" + datasetId + ".bash exist? It should! Creating the dataset should be enough to create it."); @@ -2152,7 +2172,7 @@ public void testDcmChecksumValidationMessages() throws IOException, InterruptedE the CreateDatasetCommand is not getting the rsync script so the dataset is not being created so the whole test is failing */ - + boolean disabled = true; if (disabled) { @@ -2370,14 +2390,14 @@ public void testDcmChecksumValidationMessages() throws IOException, InterruptedE } logger.info("username/password: " + username); } - + @Test public void testCreateDeleteDatasetLink() { Response createUser = UtilIT.createRandomUser(); createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response superuserResponse = UtilIT.makeSuperUser(username); Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); @@ -2387,7 +2407,7 @@ public void testCreateDeleteDatasetLink() { Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken); createDatasetResponse.prettyPrint(); Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse); - + // This should fail, because we are attempting to link the dataset // to its own dataverse: Response publishTargetDataverse = UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken); @@ -2399,13 +2419,13 @@ public void testCreateDeleteDatasetLink() { publishDatasetForLinking.prettyPrint(); publishDatasetForLinking.then().assertThat() .statusCode(OK.getStatusCode()); - + Response createLinkingDatasetResponse = UtilIT.createDatasetLink(datasetId.longValue(), dataverseAlias, apiToken); createLinkingDatasetResponse.prettyPrint(); createLinkingDatasetResponse.then().assertThat() .body("message", equalTo("Can't link a dataset to its dataverse")) .statusCode(FORBIDDEN.getStatusCode()); - + // OK, let's create a different random dataverse: createDataverseResponse = UtilIT.createRandomDataverse(apiToken); createDataverseResponse.prettyPrint(); @@ -2414,23 +2434,23 @@ public void testCreateDeleteDatasetLink() { publishDatasetForLinking.prettyPrint(); publishTargetDataverse.then().assertThat() .statusCode(OK.getStatusCode()); - + // And link the dataset to this new dataverse: createLinkingDatasetResponse = UtilIT.createDatasetLink(datasetId.longValue(), dataverseAlias, apiToken); createLinkingDatasetResponse.prettyPrint(); createLinkingDatasetResponse.then().assertThat() - .body("data.message", equalTo("Dataset " + datasetId +" linked successfully to " + dataverseAlias)) + .body("data.message", equalTo("Dataset " + datasetId + " linked successfully to " + dataverseAlias)) .statusCode(200); - + // And now test deleting it: Response deleteLinkingDatasetResponse = UtilIT.deleteDatasetLink(datasetId.longValue(), dataverseAlias, apiToken); deleteLinkingDatasetResponse.prettyPrint(); - + deleteLinkingDatasetResponse.then().assertThat() .body("data.message", equalTo("Link from Dataset " + datasetId + " to linked Dataverse " + dataverseAlias + " deleted")) .statusCode(200); } - + @Test @Disabled public void testApiErrors() { @@ -2472,7 +2492,7 @@ public void testApiErrors() { Response deleteFile = UtilIT.deleteFile(907, apiToken); deleteFile.prettyPrint(); assertEquals(BAD_REQUEST.getStatusCode(), deleteFile.getStatusCode()); - + Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPid, "major", apiToken); publishDataset.prettyPrint(); assertEquals(409, publishDataset.getStatusCode()); @@ -2480,14 +2500,14 @@ public void testApiErrors() { } - + @Test public void testDatasetLocksApi() { Response createUser = UtilIT.createRandomUser(); createUser.prettyPrint(); String username = UtilIT.getUsernameFromResponse(createUser); String apiToken = UtilIT.getApiTokenFromResponse(createUser); - + Response superuserResponse = UtilIT.makeSuperUser(username); Response createDataverseResponse = UtilIT.createRandomDataverse(apiToken); @@ -2498,7 +2518,7 @@ public void testDatasetLocksApi() { createDatasetResponse.prettyPrint(); Integer datasetId = UtilIT.getDatasetIdFromResponse(createDatasetResponse); String persistentIdentifier = UtilIT.getDatasetPersistentIdFromResponse(createDatasetResponse); - + // This should return an empty list, as the dataset should have no locks just yet: Response checkDatasetLocks = UtilIT.checkDatasetLocks(datasetId.longValue(), null, apiToken); checkDatasetLocks.prettyPrint(); @@ -2506,14 +2526,14 @@ public void testDatasetLocksApi() { checkDatasetLocks.then().assertThat() .body("data", equalTo(emptyArray)) .statusCode(200); - + // Lock the dataset with an ingest lock: Response lockDatasetResponse = UtilIT.lockDataset(datasetId.longValue(), "Ingest", apiToken); lockDatasetResponse.prettyPrint(); lockDatasetResponse.then().assertThat() .body("data.message", equalTo("dataset locked with lock type Ingest")) .statusCode(200); - + // Check again: // This should return an empty list, as the dataset should have no locks just yet: checkDatasetLocks = UtilIT.checkDatasetLocks(datasetId.longValue(), "Ingest", apiToken); @@ -2521,7 +2541,7 @@ public void testDatasetLocksApi() { checkDatasetLocks.then().assertThat() .body("data[0].lockType", equalTo("Ingest")) .statusCode(200); - + // Try to lock the dataset with the same type lock, AGAIN // (this should fail, of course!) lockDatasetResponse = UtilIT.lockDataset(datasetId.longValue(), "Ingest", apiToken); @@ -2529,29 +2549,29 @@ public void testDatasetLocksApi() { lockDatasetResponse.then().assertThat() .body("message", equalTo("dataset already locked with lock type Ingest")) .statusCode(FORBIDDEN.getStatusCode()); - + // Let's also test the new (as of 5.10) API that lists the locks // present across all datasets. - + // First, we'll try listing ALL locks currently in the system, and make sure that the ingest lock // for this dataset is on the list: checkDatasetLocks = UtilIT.listAllLocks(apiToken); checkDatasetLocks.prettyPrint(); checkDatasetLocks.then().assertThat() .statusCode(200); - + boolean lockListedCorrectly = false; List> listedLockEntries = checkDatasetLocks.body().jsonPath().getList("data"); for (int i = 0; i < listedLockEntries.size(); i++) { if ("Ingest".equals(listedLockEntries.get(i).get("lockType")) && username.equals(listedLockEntries.get(i).get("user")) && persistentIdentifier.equals(listedLockEntries.get(i).get("dataset"))) { - lockListedCorrectly = true; + lockListedCorrectly = true; break; - } + } } assertTrue(lockListedCorrectly, "Lock missing from the output of /api/datasets/locks"); - + // Try the same, but with an api token of a random, non-super user // (this should get rejected): createUser = UtilIT.createRandomUser(); @@ -2561,7 +2581,7 @@ public void testDatasetLocksApi() { checkDatasetLocks.prettyPrint(); checkDatasetLocks.then().assertThat() .statusCode(FORBIDDEN.getStatusCode()); - + // Try to narrow the listing down to the lock of type=Ingest specifically; // verify that the lock in question is still being listed: checkDatasetLocks = UtilIT.listLocksByType("Ingest", apiToken); @@ -2576,20 +2596,20 @@ public void testDatasetLocksApi() { if ("Ingest".equals(listedLockEntries.get(i).get("lockType")) && username.equals(listedLockEntries.get(i).get("user")) && persistentIdentifier.equals(listedLockEntries.get(i).get("dataset"))) { - lockListedCorrectly = true; + lockListedCorrectly = true; break; - } + } } assertTrue(lockListedCorrectly, "Lock missing from the output of /api/datasets/locks?type=Ingest"); - + // Try to list locks of an invalid type: checkDatasetLocks = UtilIT.listLocksByType("BadLockType", apiToken); checkDatasetLocks.prettyPrint(); checkDatasetLocks.then().assertThat() .body("message", startsWith("Invalid lock type value: BadLockType")) .statusCode(BAD_REQUEST.getStatusCode()); - + // List the locks owned by the current user; verify that the lock above // is still listed: checkDatasetLocks = UtilIT.listLocksByUser(username, apiToken); @@ -2600,7 +2620,7 @@ public void testDatasetLocksApi() { .body("data[0].user", equalTo(username)) .body("data[0].dataset", equalTo(persistentIdentifier)) .statusCode(200); - + // Further narrow down the listing to both the type AND user: checkDatasetLocks = UtilIT.listLocksByTypeAndUser("Ingest", username, apiToken); checkDatasetLocks.prettyPrint(); @@ -2610,8 +2630,8 @@ public void testDatasetLocksApi() { .body("data[0].lockType", equalTo("Ingest")) .body("data[0].user", equalTo(username)) .body("data[0].dataset", equalTo(persistentIdentifier)); - - + + // Finally, try asking for the locks owned by this user AND of type "InReview". // This should produce an empty list: checkDatasetLocks = UtilIT.listLocksByTypeAndUser("InReview", username, apiToken); @@ -2619,15 +2639,15 @@ public void testDatasetLocksApi() { checkDatasetLocks.then().assertThat() .statusCode(200) .body("data", equalTo(emptyArray)); - + // And now test deleting the lock: Response unlockDatasetResponse = UtilIT.unlockDataset(datasetId.longValue(), "Ingest", apiToken); unlockDatasetResponse.prettyPrint(); - + unlockDatasetResponse.then().assertThat() .body("data.message", equalTo("lock type Ingest removed")) .statusCode(200); - + // ... and check for the lock on the dataset again, this time by specific lock type: // (should return an empty list, now that we have unlocked it) checkDatasetLocks = UtilIT.checkDatasetLocks(datasetId.longValue(), "Ingest", apiToken); @@ -2636,7 +2656,7 @@ public void testDatasetLocksApi() { .body("data", equalTo(emptyArray)) .statusCode(200); } - + /** * This test requires the root dataverse to be published to pass. */ @@ -2673,8 +2693,9 @@ public void testUpdatePIDMetadataAPI() { //without it we've seen DB deadlocks try { Thread.sleep(3000l); - } catch (InterruptedException iex){} - + } catch (InterruptedException iex) { + } + Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken); assertEquals(200, publishDataset.getStatusCode()); @@ -2698,7 +2719,7 @@ public void testUpdatePIDMetadataAPI() { logger.info("datasetPersistentId: " + datasetPersistentId); } - + @Test public void testUpdateDatasetVersionWithFiles() throws InterruptedException { Response createCurator = UtilIT.createRandomUser(); @@ -2722,7 +2743,7 @@ public void testUpdateDatasetVersionWithFiles() throws InterruptedException { String authorUsername = UtilIT.getUsernameFromResponse(createAuthor); String authorApiToken = UtilIT.getApiTokenFromResponse(createAuthor); - + Response grantAuthorAddDataset = UtilIT.grantRoleOnDataverse(dataverseAlias, DataverseRole.DS_CONTRIBUTOR.toString(), "@" + authorUsername, curatorApiToken); grantAuthorAddDataset.prettyPrint(); grantAuthorAddDataset.then().assertThat() @@ -2747,7 +2768,7 @@ public void testUpdateDatasetVersionWithFiles() throws InterruptedException { String datasetPersistentId = protocol + ":" + authority + "/" + identifier; System.out.println("datasetPersistentId: " + datasetPersistentId); - String pathToJsonFile = "src/test/resources/json/update-dataset-version-with-files.json"; + String pathToJsonFile = "src/test/resources/json/update-dataset-version-with-files.json"; Response updateMetadataAddFilesViaNative = UtilIT.updateDatasetMetadataViaNative(datasetPersistentId, pathToJsonFile, authorApiToken); updateMetadataAddFilesViaNative.prettyPrint(); @@ -2917,13 +2938,13 @@ public void testUnrestrictedFileExportDdi() throws IOException { .body("codeBook.dataDscr.var[1].sumStat.find { it.@type == 'max' }", equalTo("40.0")) .body("codeBook.dataDscr.var[2].@name", equalTo("species")); } - + /** * In this test we are restricting a file and testing "export DDI" at the * dataset level as well as getting the DDI at the file level. - * + *

* Export at the dataset level is always the public version. - * + *

* At the file level, you can still get summary statistics (and friends, * "dataDscr") if you have access to download the file. If you don't have * access, you get an error. @@ -3067,7 +3088,7 @@ public void testSemanticMetadataAPIs() { } catch (NoSuchMethodError e) { logger.info(ExceptionUtils.getStackTrace(e)); } - + String expectedJsonLD = UtilIT.getDatasetJson("scripts/search/tests/data/dataset-finch1.jsonld"); jo = Json.createObjectBuilder(jo).remove("@id").remove("http://schema.org/dateModified").build(); @@ -3190,7 +3211,7 @@ public void testSemanticMetadataAPIs() { assertEquals(200, deleteUserResponse.getStatusCode()); } - + @Test public void testReCreateDataset() { @@ -3215,13 +3236,13 @@ public void testReCreateDataset() { response.then().assertThat().statusCode(OK.getStatusCode()); response.prettyPeek(); String expectedString = getData(response.getBody().asString()); - + // Delete the dataset via native API Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, apiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); - + logger.info("SENDING to reCreate Dataset: " + expectedString); // Now use the migrate API to recreate the dataset // Now use the migrate API to recreate the dataset @@ -3276,13 +3297,13 @@ public void testCurationLabelAPIs() { Response setCurationLabelSets = UtilIT.setSetting(SettingsServiceBean.Key.AllowedCurationLabels, "{\"StandardProcess\":[\"Author contacted\", \"Privacy Review\", \"Awaiting paper publication\", \"Final Approval\"],\"AlternateProcess\":[\"State 1\",\"State 2\",\"State 3\"]}"); setCurationLabelSets.then().assertThat() .statusCode(OK.getStatusCode()); - - + + //Set curation label set on dataverse //Valid option, bad user Response setDataverseCurationLabelSetResponse = UtilIT.setDataverseCurationLabelSet(dataverseAlias, apiToken, "AlternateProcess"); setDataverseCurationLabelSetResponse.then().assertThat().statusCode(FORBIDDEN.getStatusCode()); - + Response makeSuperUser = UtilIT.makeSuperUser(username); assertEquals(200, makeSuperUser.getStatusCode()); @@ -3293,7 +3314,7 @@ public void testCurationLabelAPIs() { Response setDataverseCurationLabelSetResponse3 = UtilIT.setDataverseCurationLabelSet(dataverseAlias, apiToken, "AlternateProcess"); setDataverseCurationLabelSetResponse3.then().assertThat().statusCode(OK.getStatusCode()); - + // Create a dataset using native api Response createDatasetResponse = UtilIT.createRandomDatasetViaNativeApi(dataverseAlias, apiToken); createDatasetResponse.prettyPrint(); @@ -3305,7 +3326,7 @@ public void testCurationLabelAPIs() { String labelSetName = getData(response.getBody().asString()); // full should be {"message":"AlternateProcess"} assertTrue(labelSetName.contains("AlternateProcess")); - + // Now set a label //Option from the wrong set Response response2 = UtilIT.setDatasetCurationLabel(datasetId, apiToken, "Author contacted"); @@ -3367,24 +3388,23 @@ public void testFilesUnchangedAfterDatasetMetadataUpdate() throws IOException { .statusCode(OK.getStatusCode()) .body("data.latestVersion.files[0].label", equalTo("run.sh")) .body("data.latestVersion.files[0].directoryLabel", equalTo("code")); - + String pathToJsonFile = "doc/sphinx-guides/source/_static/api/dataset-update-metadata.json"; Response updateTitle = UtilIT.updateDatasetMetadataViaNative(datasetPid, pathToJsonFile, apiToken); updateTitle.prettyPrint(); updateTitle.then().assertThat() .statusCode(OK.getStatusCode()); - + Response getDatasetJsonAfterUpdate = UtilIT.nativeGet(datasetId, apiToken); getDatasetJsonAfterUpdate.prettyPrint(); getDatasetJsonAfterUpdate.then().assertThat() .statusCode(OK.getStatusCode()) .body("data.latestVersion.files[0].label", equalTo("run.sh")) .body("data.latestVersion.files[0].directoryLabel", equalTo("code")); - + } - @Test public void testCuratePublishedDatasetVersionCommand() throws IOException { Response createUser = UtilIT.createRandomUser(); @@ -3393,8 +3413,8 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { .statusCode(OK.getStatusCode()); String apiToken = UtilIT.getApiTokenFromResponse(createUser); String username = UtilIT.getUsernameFromResponse(createUser); - - + + Response createDataverse = UtilIT.createRandomDataverse(apiToken); createDataverse.prettyPrint(); createDataverse.then().assertThat() @@ -3417,8 +3437,6 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { .add("description", "A script to reproduce results.") .add("directoryLabel", "code"); - - String pathToFileThatGoesThroughIngest = "src/test/resources/sav/dct.sav"; Response uploadIngestableFile = UtilIT.uploadFileViaNative(datasetId.toString(), pathToFileThatGoesThroughIngest, apiToken); @@ -3432,12 +3450,12 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { logger.fine("Orig file id: " + origFileId); assertNotNull(origFileId); - assertNotEquals("",origFileId); + assertNotEquals("", origFileId); // Give file time to ingest - + assertTrue(UtilIT.sleepForLock(datasetId.longValue(), "Ingest", apiToken, UtilIT.MAXIMUM_INGEST_LOCK_DURATION), "Failed test if Ingest Lock exceeds max duration " + pathToFileThatGoesThroughIngest); - + Response origXml = UtilIT.getFileMetadata(origFileId, null, apiToken); assertEquals(200, origXml.getStatusCode()); @@ -3447,7 +3465,7 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { InputStream variableData = origXml.body().asInputStream(); Map mapVarToVarMet = new HashMap(); - Map varGroupMap = new HashMap(); + Map varGroupMap = new HashMap(); try { XMLInputFactory factory = XMLInputFactory.newInstance(); XMLStreamReader xmlr = factory.createXMLStreamReader(variableData); @@ -3457,7 +3475,7 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { } catch (XMLStreamException e) { logger.warning(e.getMessage()); - assertEquals(0,1); + assertEquals(0, 1); } @@ -3467,7 +3485,7 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { updatedContent = new String(Files.readAllBytes(Paths.get("src/test/resources/xml/dct.xml"))); } catch (IOException e) { logger.warning(e.getMessage()); - assertEquals(0,1); + assertEquals(0, 1); } Long replV1168 = 0L; Long replV1169 = 0L; @@ -3476,20 +3494,20 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { for (VariableMetadata var : mapVarToVarMet.values()) { if (var.getLabel().equals("gender")) { replV1170 = var.getDataVariable().getId(); - numberVariables = numberVariables +1; + numberVariables = numberVariables + 1; } else if (var.getLabel().equals("weight")) { replV1168 = var.getDataVariable().getId(); - numberVariables = numberVariables +1; + numberVariables = numberVariables + 1; } else if (var.getLabel().equals("age_rollup")) { replV1169 = var.getDataVariable().getId(); - numberVariables = numberVariables +1; + numberVariables = numberVariables + 1; } } assertEquals(3, numberVariables); - updatedContent = updatedContent.replaceAll("v1168", "v" + replV1168 ); - updatedContent = updatedContent.replaceAll("v1169", "v" + replV1169 ); - updatedContent = updatedContent.replaceAll("v1170", "v" + replV1170 ); + updatedContent = updatedContent.replaceAll("v1168", "v" + replV1168); + updatedContent = updatedContent.replaceAll("v1169", "v" + replV1169); + updatedContent = updatedContent.replaceAll("v1170", "v" + replV1170); //edit draft vesrsion Response editDDIResponse = UtilIT.editDDI(updatedContent, origFileId, apiToken); @@ -3498,7 +3516,6 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { assertEquals(200, editDDIResponse.getStatusCode()); - UtilIT.publishDataverseViaNativeApi(dataverseAlias, apiToken).then().assertThat().statusCode(OK.getStatusCode()); UtilIT.publishDatasetViaNativeApi(datasetId, "major", apiToken).then().assertThat().statusCode(OK.getStatusCode()); @@ -3507,36 +3524,35 @@ public void testCuratePublishedDatasetVersionCommand() throws IOException { getDatasetJsonBeforeUpdate.then().assertThat() .statusCode(OK.getStatusCode()) .body("data.latestVersion.files[0].label", equalTo("dct.tab")); - + String pathToJsonFile = "doc/sphinx-guides/source/_static/api/dataset-update-metadata.json"; Response updateTitle = UtilIT.updateDatasetMetadataViaNative(datasetPid, pathToJsonFile, apiToken); updateTitle.prettyPrint(); updateTitle.then().assertThat() .statusCode(OK.getStatusCode()); - + // shouldn't be able to update current unless you're a super user UtilIT.publishDatasetViaNativeApi(datasetId, "updatecurrent", apiToken).then().assertThat().statusCode(FORBIDDEN.getStatusCode()); - + Response makeSuperUser = UtilIT.makeSuperUser(username); - + //should work after making super user - + UtilIT.publishDatasetViaNativeApi(datasetId, "updatecurrent", apiToken).then().assertThat().statusCode(OK.getStatusCode()); - + Response getDatasetJsonAfterUpdate = UtilIT.nativeGet(datasetId, apiToken); getDatasetJsonAfterUpdate.prettyPrint(); getDatasetJsonAfterUpdate.then().assertThat() .statusCode(OK.getStatusCode()); - + } - + /** * In this test we are restricting a file and testing that terms of accees * or request access is required - * + *

* Export at the dataset level is always the public version. - * */ @Test public void testRestrictFileTermsOfUseAndAccess() throws IOException { @@ -3586,21 +3602,21 @@ public void testRestrictFileTermsOfUseAndAccess() throws IOException { publishDataverse.then().assertThat().statusCode(OK.getStatusCode()); Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPid, "major", authorApiToken); publishDataset.then().assertThat().statusCode(OK.getStatusCode()); - - + + //not allowed to remove request access if there are retricted files - + Response disallowRequestAccess = UtilIT.allowAccessRequests(datasetPid, false, authorApiToken); disallowRequestAccess.prettyPrint(); disallowRequestAccess.then().assertThat().statusCode(BAD_REQUEST.getStatusCode()); - + } - + /** * In this test we are removing request access and showing that * files cannot be restricted - * Not testing legacy datasets that are out of compliance - * cannot be published or upload files + * Not testing legacy datasets that are out of compliance + * cannot be published or upload files * or have metadata updated - */ @Test @@ -3624,7 +3640,7 @@ public void testRestrictFilesWORequestAccess() throws IOException { Integer datasetId = UtilIT.getDatasetIdFromResponse(createDataset); String datasetPid = JsonPath.from(createDataset.asString()).getString("data.persistentId"); - + //should be allowed to remove Request access before restricting file Response disallowRequestAccess = UtilIT.allowAccessRequests(datasetPid, false, authorApiToken); disallowRequestAccess.prettyPrint(); @@ -3652,13 +3668,13 @@ public void testRestrictFilesWORequestAccess() throws IOException { restrictFile.prettyPrint(); //shouldn't be able to restrict a file restrictFile.then().assertThat().statusCode(CONFLICT.getStatusCode()); - + // OK, let's delete this dataset as well, and then delete the dataverse... - + Response deleteDatasetResponse = UtilIT.deleteDatasetViaNativeApi(datasetId, authorApiToken); deleteDatasetResponse.prettyPrint(); assertEquals(200, deleteDatasetResponse.getStatusCode()); - + Response deleteDataverseResponse = UtilIT.deleteDataverse(dataverseAlias, authorApiToken); deleteDataverseResponse.prettyPrint(); assertEquals(200, deleteDataverseResponse.getStatusCode()); @@ -3673,7 +3689,7 @@ public void testRestrictFilesWORequestAccess() throws IOException { * In this test we do CRUD of archivalStatus (Note this and other archiving * related tests are part of * https://github.com/harvard-lts/hdc-integration-tests) - * + *

* This test requires the root dataverse to be published to pass. */ @Test @@ -3730,7 +3746,7 @@ public void testArchivalStatusAPI() throws IOException { addSubjectSingleViaNative.then().assertThat() .statusCode(OK.getStatusCode()); - + // Now change the title // Response response = UtilIT.updateDatasetJsonLDMetadata(datasetId, apiToken, // "{\"title\": \"New Title\", \"@context\":{\"title\": \"http://purl.org/dc/terms/title\"}}", true); @@ -3750,7 +3766,8 @@ public void testArchivalStatusAPI() throws IOException { //Verify the status is empty Response nullStatus = UtilIT.getDatasetVersionArchivalStatus(datasetId, "1.0", apiToken); - nullStatus.then().assertThat().statusCode(NO_CONTENT.getStatusCode()); + nullStatus.prettyPrint(); + nullStatus.then().assertThat().statusCode(NOT_FOUND.getStatusCode()); //Set it Response setStatus = UtilIT.setDatasetVersionArchivalStatus(datasetId, "1.0", apiToken, "pending", @@ -3910,7 +3927,7 @@ public void getDatasetVersionCitation() { getDatasetVersionCitationNotDeaccessioned.then().assertThat().statusCode(NOT_FOUND.getStatusCode()); // includeDeaccessioned true - Response getDatasetVersionCitationDeaccessioned = UtilIT.getDatasetVersionCitation(datasetId, DS_VERSION_LATEST_PUBLISHED, true, apiToken); + Response getDatasetVersionCitationDeaccessioned = UtilIT.getDatasetVersionCitation(datasetId, DS_VERSION_LATEST_PUBLISHED, true, apiToken); getDatasetVersionCitationDeaccessioned.then().assertThat() .statusCode(OK.getStatusCode()) .body("data.message", containsString("DEACCESSIONED VERSION")); @@ -4681,7 +4698,7 @@ public void testGetGlobusUploadParameters() { for (int i = 0; i < signedUrls.size(); i++) { JsonObject signedUrl = signedUrls.getJsonObject(i); if (signedUrl.getString("name").equals("requestGlobusReferencePaths")) { - found=true; + found = true; break; } }