Skip to content

feat: add APIs to list roles a user can assign for a dataset or dataverse #11919

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
vera wants to merge 7 commits into
base: develop
Choose a base branch
from
Open

feat: add APIs to list roles a user can assign for a dataset or dataverse #11919

vera wants to merge 7 commits into from
+366 −91

Conversation

@vera
Copy link
Contributor

@vera vera commented Oct 22, 2025
edited
Loading

What this PR does / why we need it:

This PR adds two API endpoints that list the roles a user is allowed to assign to others for a given dataset or dataverse.

The endpoints return all roles that have no more permissions than the current user. Roles with higher permissions are excluded.

This is needed for our custom UI’s role assignment form, so that users only see roles they are actually allowed to assign. The same endpoints could also be used by the new SPA.

For reference, the current Dataverse UI lists all roles, even those the user cannot assign:

image

If a user tries to assign a role they are not allowed to assign, they currently see an error message:

image

With this PR, the UI could also be updated to show only assignable roles, preventing this error, by applying the following change in ManagePermissionsPage.java:

-         return roleService.availableRoles(dvObject).stream()
+         return roleService.availableRoles(dvObject, session.getUser()).stream()

Which issue(s) this PR closes:

Not aware of an issue

Special notes for your reviewer:

/

Suggestions on how to test this:

I've added tests here:

mvn test -Dtest="DataversesIT#testListAssignableRoles"

mvn test -Dtest="DatasetsIT#testListAssignableRoles"

Does this PR introduce a user interface change? If mockups are available, please link/include them here:

/

Is there a release notes update needed for this change?:

I've added a release note.

Additional documentation:

/

cc @johannes-darms

@coveralls
Copy link

coveralls commented Oct 22, 2025
edited
Loading

Coverage Status

coverage: 24.334% (-0.002%) from 24.336%
when pulling 817eceb on vera:feat/user-assignable-roles
into a843c84 on IQSS:develop.

This was referenced Oct 22, 2025
Closed
Merged
@vera
Merge branch 'develop' into feat/user-assignable-roles
817eceb 
# Conflicts:
#	src/main/java/edu/harvard/iq/dataverse/DataverseRoleServiceBean.java
#	src/main/java/edu/harvard/iq/dataverse/ManagePermissionsPage.java
#	src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vera @coveralls