Custom permission query for filedownloaders

qqmyers · qqmyers · commit 22f324948603 · 2025-03-30T15:34:01.000-04:00
diff --git a/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/RoleAssigneeServiceBean.java
@@ -406,6 +406,19 @@ public List<RoleAssignee> filterRoleAssignees(String query, DvObject dvObject, L
 
         return roleAssigneeList;
     }
+    
+    public List<String> findFileDownloaders(Long fileId) {
+        String sql = "SELECT DISTINCT assigneeidentifier FROM roleassignment ra, dataverserole dr, datafile df " +
+                "WHERE ra.role_id = dr.id " +
+                "AND get_bit(dr.permissionbits::bit(64), 59) = '1' " +
+                "AND ra.definitionpoint_id = df.id " +
+                "AND df.restricted = 't' " +
+                "AND df.id = ? " +
+                "GROUP BY assigneeidentifier";
+
+        return em.createNativeQuery(sql).setParameter(1, fileId).getResultList();
+
+    }
 
     private void msg(String s) {
         //System.out.println(s);
diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SearchPermissionsServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SearchPermissionsServiceBean.java
@@ -120,6 +120,21 @@ public List<String> findDvObjectPerms(DvObject dvObject) {
         }
         return permStrings;
     }
+    
+    public List<String> findRestrictedDatafilePerms(long fileId) {
+        List<String> permStrings = new ArrayList<>();
+
+       List<String> assigneeIdStrings = roleAssigneeService.findFileDownloaders(fileId);
+        for (String id : assigneeIdStrings) {
+            // Don't need to cache RoleAssignees since each is unique
+            RoleAssignee userOrGroup = roleAssigneeService.getRoleAssignee(id);
+            String indexableUserOrGroupPermissionString = getIndexableStringForUserOrGroup(userOrGroup);
+            if (indexableUserOrGroupPermissionString != null) {
+                permStrings.add(indexableUserOrGroupPermissionString);
+            }
+        }
+        return permStrings;
+    }
 
     @Deprecated
     private void resetRoleAssigneeCache() {
diff --git a/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java b/src/main/java/edu/harvard/iq/dataverse/search/SolrIndexServiceBean.java
@@ -154,6 +154,11 @@ private List<DvObjectSolrDoc> constructDatasetSolrDocs(Dataset dataset) {
     // private List<DvObjectSolrDoc> constructDatafileSolrDocs(DataFile dataFile) {
     private List<DvObjectSolrDoc> constructDatafileSolrDocs(DataFile dataFile, Map<Long, List<String>> permStringByDatasetVersion, Map<DatasetVersion.VersionState, Boolean> desiredCards, Set<DatasetVersion> datasetVersions) {
         List<DvObjectSolrDoc> datafileSolrDocs = new ArrayList<>();
+        List<String> ftperms = new ArrayList<>();
+        if (dataFile.isRestricted()) {
+            ftperms = searchPermissionsService.findRestrictedDatafilePerms(dataFile.getId());
+        }
+
         for (DatasetVersion datasetVersionFileIsAttachedTo : datasetVersions) {
             boolean cardShouldExist = desiredCards.get(datasetVersionFileIsAttachedTo.getVersionState());
             /*
@@ -169,7 +174,7 @@ private List<DvObjectSolrDoc> constructDatafileSolrDocs(DataFile dataFile, Map<L
                 String solrIdEnd = getDatasetOrDataFileSolrEnding(datasetVersionFileIsAttachedTo.getVersionState());
                 String solrId = solrIdStart + solrIdEnd;
                 List<String> perms = new ArrayList<>();
-                List<String> ftperms = new ArrayList<>();
+                
                 if (unpublishedDataRelatedToMeModeEnabled) {
                     List<String> cachedPerms = null;
                     if (permStringByDatasetVersion != null) {
@@ -190,10 +195,6 @@ private List<DvObjectSolrDoc> constructDatafileSolrDocs(DataFile dataFile, Map<L
                     // This should never be executed per the deprecation notice on the boolean.
                     perms = searchPermissionsService.findDatasetVersionPerms(datasetVersionFileIsAttachedTo);
                 }
-                if (dataFile.isRestricted()) {
-
-                    ftperms = searchPermissionsService.findDataFilePermsforDatasetVersion(dataFile, datasetVersionFileIsAttachedTo);
-                }
                 DvObjectSolrDoc dataFileSolrDoc = new DvObjectSolrDoc(dataFile.getId().toString(), solrId, datasetVersionFileIsAttachedTo.getId(), dataFile.getDisplayName(), perms, ftperms);
                 datafileSolrDocs.add(dataFileSolrDoc);
             }
@@ -226,7 +227,7 @@ private List<DvObjectSolrDoc> constructDatafileSolrDocsFromDataset(Dataset datas
                     String solrId = solrIdStart + solrIdEnd;
                     List<String> ftperms = new ArrayList<>();
                     if (fileMetadata.getDataFile().isRestricted()) {
-                        ftperms = searchPermissionsService.findDataFilePermsforDatasetVersion(fileMetadata.getDataFile(), datasetVersionFileIsAttachedTo);
+                        ftperms = searchPermissionsService.findRestrictedDatafilePerms(fileMetadata.getDataFile().getId());
                     }
                     DvObjectSolrDoc dataFileSolrDoc = new DvObjectSolrDoc(fileId.toString(), solrId, datasetVersionFileIsAttachedTo.getId(), fileMetadata.getLabel(), perms, ftperms);
                     logger.finest("adding fileid " + fileId);
