Skip to content

Commit

Permalink
add SearchApiTokenlessGuestAllowed boolean #1838
Browse files Browse the repository at this point in the history
  • Loading branch information
pdurbin committed Oct 1, 2015
1 parent ec6998a commit c876fee
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 13 deletions.
2 changes: 2 additions & 0 deletions scripts/api/setup-optional-harvard.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ echo "- Google Analytics setting"
curl -X PUT -d true "$SERVER/admin/settings/:ScrubMigrationData"
echo "- Enabling Shibboleth"
curl -X PUT -d true http://localhost:8080/api/admin/settings/:ShibEnabled
echo "- Enabling tokenless Search API"
curl -X PUT -d true http://localhost:8080/api/admin/settings/:SearchApiTokenlessGuestAllowed
echo "- Setting system email"
curl -X PUT -d "Dataverse Support <support@dataverse.org>" http://localhost:8080/api/admin/settings/:SystemEmail
echo "- Setting up the Harvard Shibboleth institutional group"
Expand Down
60 changes: 47 additions & 13 deletions src/main/java/edu/harvard/iq/dataverse/api/Search.java
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ejb.EJB;
import javax.json.Json;
Expand Down Expand Up @@ -189,22 +190,46 @@ public Response search(
}

private User getUser() throws WrappedResponse {
/**
* @todo support searching as non-guest:
* https://github.com/IQSS/dataverse/issues/1299
*
* Note that superusers can't currently use the Search API because they
* see permission documents (all Solr documents, really) and we get a
* NPE when trying to determine the DvObject type if their query matches
* a permission document.
*
* @todo Check back on https://github.com/IQSS/dataverse/issues/1838 for
* when/if the Search API is opened up to not require a key.
*/
AuthenticatedUser authenticatedUser = findAuthenticatedUserOrDie();
if (nonPublicSearchAllowed()) {
return getUserUsingExperimentalNonPublicSearch();
} else {
return getGuestIfAllowed();
}
}

/**
* @todo support searching as non-guest:
* https://github.com/IQSS/dataverse/issues/1299
*
* Note that superusers can't currently use the Search API because they see
* permission documents (all Solr documents, really) and we get a NPE when
* trying to determine the DvObject type if their query matches a permission
* document.
*
* @todo Support tokenless guests while this feature is enabled?
*/
private User getUserUsingExperimentalNonPublicSearch() throws WrappedResponse {
AuthenticatedUser authenticatedUser;
try {
authenticatedUser = findAuthenticatedUserOrDie();
return authenticatedUser;
} catch (WrappedResponse ex) {
return getGuestIfAllowed();
}
}

private User getGuestIfAllowed() throws WrappedResponse {
if (tokenlessGuestAllowed()) {
return GuestUser.get();
} else {
/**
* @todo What if you've configured the system to allow tokenless
* guests *and* the experimental non-public search feature? For now
* we're rejecting bad API tokens (even if you allow tokenless
* guests) to provide feedback to the user and always returning the
* guest user.
*/
AuthenticatedUser authenticatedUser = findAuthenticatedUserOrDie();
return GuestUser.get();
}
}
Expand All @@ -214,6 +239,15 @@ public boolean nonPublicSearchAllowed() {
return settingsSvc.isTrueForKey(SettingsServiceBean.Key.SearchApiNonPublicAllowed, safeDefaultIfKeyNotFound);
}

/**
* In https://github.com/IQSS/dataverse/issues/1838 desire is expressed for
* using the Search API without an API token.
*/
private boolean tokenlessGuestAllowed() {
boolean safeDefaultIfKeyNotFound = false;
return settingsSvc.isTrueForKey(SettingsServiceBean.Key.SearchApiTokenlessGuestAllowed, safeDefaultIfKeyNotFound);
}

private boolean getDataRelatedToMe() {
/**
* @todo support Data Related To Me:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,9 @@ public class SettingsServiceBean {
*/
public enum Key {
/**
* Override Solr highlighting "fragsize"
* https://wiki.apache.org/solr/HighlightingParameters#hl.fragsize
*//**
* Override Solr highlighting "fragsize"
* https://wiki.apache.org/solr/HighlightingParameters#hl.fragsize
*/
Expand All @@ -45,6 +48,13 @@ public enum Key {
*/
GoogleAnalyticsCode,

/**
* Allow Search API to be used without API tokens. Searches will be
* executed as the Guest user. See also
* https://github.com/IQSS/dataverse/issues/1838
*/
SearchApiTokenlessGuestAllowed,

/**
* Experimental: Allow non-public search with a key/token using the
* Search API. See also https://github.com/IQSS/dataverse/issues/1299
Expand Down
1 change: 1 addition & 0 deletions src/test/java/edu/harvard/iq/dataverse/api/SearchIT.java
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import static java.lang.Thread.sleep;

public class SearchIT {

Expand Down

0 comments on commit c876fee

Please sign in to comment.