Skip to content

feat: "Link Dataset/Dataverse" permission (now with Flyway migration script) #11691

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ofahimIQSS merged 5 commits into from
Aug 7, 2025
Merged

feat: "Link Dataset/Dataverse" permission (now with Flyway migration script) #11691

ofahimIQSS merged 5 commits into from
Aug 7, 2025

Conversation

@vera
Copy link
Contributor

@vera vera commented Jul 29, 2025

What this PR does / why we need it:

This is a resubmission of #11534:

Linking or unlinking a dataset or dataverse now requires the new "Link Dataset/Dataverse" permission.
Previously, this action was covered by the "Publish Dataset/Dataverse" permission.
Linking and publishing permissions can now be granted separately, allowing for more fine-grained access control.

This resubmission now includes a SQL file to migrate the permissionbits column in the dataverserole table:

We're adding new permissions at bit 13 (4096 LinkDataverse) and bit 14 (8192 LinkDataset).
They should be set for any role that has the permission in bit 11 (1024 PublishDataverse) and bit 12 (2048 PublishDataset),
respectively.
We also need to move the permissions with current bits 13-14 to bits 15-16 to make room for the new permissions.

https://github.com/vera/dataverse/blob/00a45f525f34fc2d9dce3104c4ff16c10fe6c534/src/main/resources/db/migration/V6.6.0.4.sql#L1-L4

I've tested the SQL migration file and it correctly migrates the permission bits:

Before:

 id |      alias      |                                                        description                           |            name             | permissionbits | owner_id 
----+-----------------+----------------------------------------------------------------------------------------------+-----------------------------+----------------+----------
  1 | admin           | A person who has all permissions for dataverses, datasets, and files.                        | Admin                       |          16383 |         
  2 | fileDownloader  | A person who can download a published file.                                                  | File Downloader             |             16 |         
  3 | fullContributor | A person who can add subdataverses and datasets within a dataverse.                          | Dataverse + Dataset Creator |              3 |         
  4 | dvContributor   | A person who can add subdataverses within a dataverse.                                       | Dataverse Creator           |              1 |         
  5 | dsContributor   | A person who can add datasets within a dataverse.                                            | Dataset Creator             |              2 |         
  6 | contributor     | For datasets, a person who can edit License + Terms, and then submit them for review.        | Contributor                 |           8280 |         
  7 | curator         | For datasets, a person who can edit License + Terms, edit Permissions, and publish datasets. | Curator                     |          11103 |         
  8 | member          | A person who can view both unpublished dataverses and datasets.                              | Member                      |             28 |

After:

 id |      alias      |                                         description                                          |            name             | permissionbits | owner_id 
----+-----------------+----------------------------------------------------------------------------------------------+-----------------------------+----------------+----------
  1 | admin           | A person who has all permissions for dataverses, datasets, and files.                        | Admin                       |          65535 |         
  2 | fileDownloader  | A person who can download a published file.                                                  | File Downloader             |             16 |         
  3 | fullContributor | A person who can add subdataverses and datasets within a dataverse.                          | Dataverse + Dataset Creator |              3 |         
  4 | dvContributor   | A person who can add subdataverses within a dataverse.                                       | Dataverse Creator           |              1 |         
  5 | dsContributor   | A person who can add datasets within a dataverse.                                            | Dataset Creator             |              2 |         
  6 | contributor     | For datasets, a person who can edit License + Terms, and then submit them for review.        | Contributor                 |          32856 |         
  7 | curator         | For datasets, a person who can edit License + Terms, edit Permissions, and publish datasets. | Curator                     |          43871 |         
  8 | member          | A person who can view both unpublished dataverses and datasets.                              | Member                      |             28 |

Which issue(s) this PR closes:

Special notes for your reviewer:

/

Suggestions on how to test this:

I've extended an existing test which can be run with mvn test -Dtest="DatasetsIT#testCreateDeleteDatasetLink" to check that datasets cannot be linked/unlinked unless you have the curator role, which has been altered to include the new link permissions.

Does this PR introduce a user interface change? If mockups are available, please link/include them here:

/

Is there a release notes update needed for this change?:

I've added a short release note.

Additional documentation:

/

@vera vera mentioned this pull request Jul 29, 2025
Merged
@vera vera changed the title Feat/link permission feat: "Link Dataset/Dataverse" permission (now with Flyway migration script) Jul 29, 2025
@coveralls
Copy link

coveralls commented Jul 29, 2025
edited
Loading

Coverage Status

coverage: 23.232% (+2.5%) from 20.726%
when pulling cb2df1a on vera:feat/link-permission
into 20aaf5a on IQSS:develop.

@pdurbin pdurbin moved this to Ready for Triage in IQSS Dataverse Project Jul 29, 2025
@ofahimIQSS ofahimIQSS added the Size: 3 A percentage of a sprint. 2.1 hours. label Jul 30, 2025
@ofahimIQSS ofahimIQSS moved this from Ready for Triage to Ready for Review ⏩ in IQSS Dataverse Project Jul 30, 2025
@cmbz cmbz added the FY26 Sprint 3 (2025-07-30 - 2025-08-13) label Jul 31, 2025
@g-saracca g-saracca mentioned this pull request Aug 1, 2025
Closed
@sekmiller sekmiller self-assigned this Aug 5, 2025
@sekmiller sekmiller moved this from Ready for Review ⏩ to In Review 🔎 in IQSS Dataverse Project Aug 5, 2025
sekmiller
sekmiller reviewed Aug 5, 2025
View reviewed changes
src/main/resources/db/migration/V6.6.0.4.sql
@@ -0,0 +1,39 @@
/* We're adding new permissions at bit 13 (4096 LinkDataverse) and bit 14 (8192 LinkDataset).
Copy link
Contributor

@sekmiller sekmiller Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You'll need to rename this script to 6.7.1.0

Copy link
Member

@pdurbin pdurbin Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, 6.7.1.1 since we start at 1.

Also, heads up that this PR is in a race with PR #11654 for that number. 😄

Copy link
Contributor Author

@vera vera Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, let's see if I make it :) done.

sekmiller
sekmiller approved these changes Aug 5, 2025
View reviewed changes
Copy link
Contributor

@sekmiller sekmiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. One minor issue - you'll need to update the name of the script because this will go in after the release of 6.7.1

@github-project-automation github-project-automation bot moved this from In Review 🔎 to Ready for QA ⏩ in IQSS Dataverse Project Aug 5, 2025
@sekmiller sekmiller assigned sekmiller and vera and unassigned sekmiller Aug 5, 2025
@pdurbin pdurbin self-assigned this Aug 5, 2025
@pdurbin pdurbin moved this from Ready for QA ⏩ to In Review 🔎 in IQSS Dataverse Project Aug 5, 2025
@pdurbin pdurbin moved this from In Review 🔎 to Ready for QA ⏩ in IQSS Dataverse Project Aug 6, 2025
@pdurbin pdurbin unassigned pdurbin and vera Aug 6, 2025
@ofahimIQSS ofahimIQSS self-assigned this Aug 6, 2025
@ofahimIQSS ofahimIQSS moved this from Ready for QA ⏩ to QA ✅ in IQSS Dataverse Project Aug 6, 2025
ofahimIQSS
ofahimIQSS approved these changes Aug 7, 2025
View reviewed changes
Copy link
Contributor

@ofahimIQSS ofahimIQSS left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approving version bump

@github-project-automation github-project-automation bot moved this from QA ✅ to Ready for QA ⏩ in IQSS Dataverse Project Aug 7, 2025
@ofahimIQSS ofahimIQSS moved this from Ready for QA ⏩ to QA ✅ in IQSS Dataverse Project Aug 7, 2025
@ofahimIQSS
Copy link
Contributor

ofahimIQSS commented Aug 7, 2025

tests passed - performed additional regression testing in internal. merging!

@ofahimIQSS ofahimIQSS merged commit 1c5334f into IQSS:develop Aug 7, 2025
17 of 18 checks passed
@github-project-automation github-project-automation bot moved this from QA ✅ to Merged 🚀 in IQSS Dataverse Project Aug 7, 2025
@ofahimIQSS ofahimIQSS removed their assignment Aug 7, 2025
@pdurbin pdurbin added this to the 6.8 milestone Aug 7, 2025
@scolapasta scolapasta moved this from Merged 🚀 to Done 🧹 in IQSS Dataverse Project Aug 11, 2025
@cmbz cmbz added the FY26 Sprint 4 FY26 Sprint 4 (2025-08-13 - 2025-08-27) label Aug 16, 2025
@jamessi1989 jamessi1989 mentioned this pull request Oct 9, 2025
Open
@thisisbillie thisisbillie mentioned this pull request Jan 7, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pdurbin pdurbin pdurbin left review comments

@sekmiller sekmiller sekmiller approved these changes

+1 more reviewer

@ofahimIQSS ofahimIQSS ofahimIQSS approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

FY26 Sprint 3 (2025-07-30 - 2025-08-13) FY26 Sprint 4 FY26 Sprint 4 (2025-08-13 - 2025-08-27) Size: 3 A percentage of a sprint. 2.1 hours.

Projects

IQSS Dataverse Project
Status: Done 🧹

Milestone

6.8

Development

Successfully merging this pull request may close these issues.

Feature Request: Separate "link" permission from "publish" permission

6 participants

@vera @coveralls @ofahimIQSS @pdurbin @sekmiller @cmbz