API: Handling creation of duplicate role for a dataset object

doc/release-notes/9729-release-notes.md

@@ -0,0 +1 @@
+An error is now correctly reported when an attempt is made to assign an identical role to the same collection, dataset, or file. #9729 #10465

src/main/java/edu/harvard/iq/dataverse/engine/command/impl/AssignRoleCommand.java

@@ -3,7 +3,6 @@
  */
 package edu.harvard.iq.dataverse.engine.command.impl;
 
-import edu.harvard.iq.dataverse.DataFile;
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.Dataverse;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
@@ -18,6 +17,8 @@
 import edu.harvard.iq.dataverse.engine.command.DataverseRequest;
 import edu.harvard.iq.dataverse.engine.command.exception.CommandException;
 import edu.harvard.iq.dataverse.engine.command.exception.IllegalCommandException;
+import edu.harvard.iq.dataverse.util.BundleUtil;
+
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
@@ -68,11 +69,22 @@ public RoleAssignment execute(CommandContext ctxt) throws CommandException {
                 throw new IllegalCommandException("User " + user.getUserIdentifier() + " is deactivated and cannot be given a role.", this);
             }
         }
+        if(isExistingRole(ctxt)){
+            throw new IllegalCommandException(BundleUtil.getStringFromBundle("datasets.api.grant.role.assignee.has.role.error"), this);
+        }
         // TODO make sure the role is defined on the dataverse.
         RoleAssignment roleAssignment = new RoleAssignment(role, grantee, defPoint, privateUrlToken, anonymizedAccess);
         return ctxt.roles().save(roleAssignment);
     }
 
+    private boolean isExistingRole(CommandContext ctxt) {
+        return ctxt.roles()
+                .directRoleAssignments(grantee, defPoint)
+                .stream()
+                .map(RoleAssignment::getRole)
+                .anyMatch(it -> it.equals(role));
+    }
+
     @Override
     public Map<String, Set<Permission>> getRequiredPermissions() {
         // for data file check permission on owning dataset

src/main/java/propertyFiles/Bundle.properties

@@ -2671,6 +2671,7 @@ datasets.api.datasize.ioerror=Fatal IO error while trying to determine the total
 datasets.api.grant.role.not.found.error=Cannot find role named ''{0}'' in dataverse {1}
 datasets.api.grant.role.cant.create.assignment.error=Cannot create assignment: {0}
 datasets.api.grant.role.assignee.not.found.error=Assignee not found
+datasets.api.grant.role.assignee.has.role.error=User already has this role for this dataset
 datasets.api.revoke.role.not.found.error="Role assignment {0} not found"
 datasets.api.revoke.role.success=Role {0} revoked for assignee {1} in {2}
 datasets.api.privateurl.error.datasetnotfound=Could not find dataset. 

src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java

@@ -1717,6 +1717,9 @@ public void testAddRoles(){
                 giveRandoPermission.prettyPrint();
         assertEquals(200, giveRandoPermission.getStatusCode());
 
+        //Asserting same role creation is covered
+        validateAssignExistingRole(datasetPersistentId,randomUsername,apiToken, "fileDownloader");
+
         // Create another random user to become curator:
 
         Response createCuratorUser = UtilIT.createRandomUser();
@@ -1853,6 +1856,14 @@ public void testListRoleAssignments() {
         assertEquals(UNAUTHORIZED.getStatusCode(), notPermittedToListRoleAssignmentOnDataverse.getStatusCode());
     }
 
+    private static void validateAssignExistingRole(String datasetPersistentId, String randomUsername, String apiToken, String role) {
+        final Response failedGrantPermission = UtilIT.grantRoleOnDataset(datasetPersistentId, role, "@" + randomUsername, apiToken);
+        failedGrantPermission.prettyPrint();
+        failedGrantPermission.then().assertThat()
+                .body("message", containsString("User already has this role for this dataset"))
+                .statusCode(FORBIDDEN.getStatusCode());
+    }
+
     @Test
     public void testFileChecksum() {
 

src/test/java/edu/harvard/iq/dataverse/engine/command/impl/CreatePrivateUrlCommandTest.java

@@ -3,8 +3,10 @@
 import edu.harvard.iq.dataverse.Dataset;
 import edu.harvard.iq.dataverse.DatasetVersion;
 import edu.harvard.iq.dataverse.DataverseRoleServiceBean;
+import edu.harvard.iq.dataverse.DvObject;
 import edu.harvard.iq.dataverse.RoleAssignment;
 import edu.harvard.iq.dataverse.authorization.DataverseRole;
+import edu.harvard.iq.dataverse.authorization.RoleAssignee;
 import edu.harvard.iq.dataverse.authorization.users.PrivateUrlUser;
 import edu.harvard.iq.dataverse.engine.TestCommandContext;
 import edu.harvard.iq.dataverse.engine.TestDataverseEngine;
@@ -18,8 +20,8 @@
 import org.junit.jupiter.api.Test;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.*;
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 public class CreatePrivateUrlCommandTest {
@@ -73,6 +75,10 @@ public RoleAssignment save(RoleAssignment assignment) {
                         // no-op
                         return assignment;
                     }
+                    @Override
+                    public List<RoleAssignment> directRoleAssignments(RoleAssignee roas, DvObject dvo) {
+                        return List.of();
+                    }
 
                 };
             }