How do I create a new global role by API?

[Barry Rowlingson]

The API has roles *within a dataverse* and "global roles". I want to create a role (basically an Admin but without publish permissions) and be able to put people in that role in any dataverse. For this I think I want a global role.

The API doc has:

List Global Roles

List all global roles in the system.

GET http://$SERVER/api/admin/roles

Create Global Role

Creates a global role in the Dataverse installation. The data POSTed are assumed to be a role JSON.

POST http://$SERVER/api/admin/roles


Listing global roles gets back JSON with a status "OK" element and a "data" array of alias, 
name, permissions (an array of permissions), description and id elements.

I can't seem to format some JSON to match the required format by the POST API call. I've tried an
object with alias/name/permissions/descriptions and an array with one of those as an element, but 
all I get back is an error 415 page and a:

"
The server refused this request because the request entity is in a format not supported by
the requested resource for the requested method.
"

any ideas what the right format is?

[Pete Meyer]

Hi Barry,

I'd recommend taking a look at `scripts/api/data/role-curator.json` (or one of the other role-*.json files there) for an example of the syntax.  You may also want to double-check that you're using the `Content-Type: application/json` header when calling this API - the errors for not having this set are not particularly intuitive to me.

If I'm remembering correctly, trying to create an admin-without-publish role runs into the issue of keeping that user from having the permission to grant themselves the publish permission; if so, this may be something to keep in mind.

Best,

Pete

[Barry Rowlingson]

Thanks, the content-type header seems to work...

We have a trusted set of admins but we don't want them to accidentally publish anything. Hence the plan is to make it hard for them to do it by accident.

Just trying to delete some test roles now and failing.

This shows my role with id 13 (since I discovered "$id" meant numeric id and not its name!):

curl -X GET -H "X-Dataverse-key: $API_TOKEN" http://localhost:8080/api/roles/13

but this fails:

curl -X DELETE -H "X-Dataverse-key: $API_TOKEN" http://localhost:8080/api/roles/13

with:

{"status":"ERROR","message":"Command edu.harvard.iq.dataverse.engine.command.impl.DeleteRoleCommand@79780e4f failed: null"}[root@fhm-chicas-dataverse Roles]#

[Pete Meyer]

The delete failure looks like a bug to me.  On the develop branch, I see `Caused by: java.lang.IllegalArgumentException: You have attempted to set a value of type class java.lang.Long for parameter roleId with expected type of class edu.harvard.iq.dataverse.authorization.Da

taverseRole from query string SELECT r FROM RoleAssignment r WHERE r.role=:roleId.` in the glassfish server.log when trying a similar delete role command.

It might be worth opening a GitHub issue for the delete failure.

Best,

Pete

[Philip Durbin]

Yes, whenever commands fail with "failed: null" it's a bug so please do feel free to create an issue at https://github.com/IQSS/dataverse/issues about this, Barry.

Would the "Contributor" role work for your use case? The Contributor role can't publish but it can edit the dataset.

Thanks,

Phil

--
You received this message because you are subscribed to the Google Groups "Dataverse Users Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dataverse-commu...@googlegroups.com.
To post to this group, send email to dataverse...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dataverse-community/71de0c1c-7cf0-4d53-b65d-b5f0144606c5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Philip Durbin
Software Developer for http://dataverse.org
http://www.iq.harvard.edu/people/philip-durbin