/api/:category/:persistentId/versions/:versionId endpoints should handle items with status="draft"

[dpancic]

In GitLab by @stefanprobst on Apr 12, 2022, 09:50

when a user with role=contributor saves a draft item, retrieving it later (i.e. via "my draft items") will result in 403 status.

to reproduce (TOKEN is auth token for user with "Contributor" role):

# (1) saving a draft
curl "http://localhost:8080/api/datasets?draft=true" -X POST -H "content-type: application/json" -H "authorization: ${TOKEN}" -d '{"label":"x","description":"x"}'

{"id":242,"category":"dataset","label":"x","persistentId":"FBoUJo","lastInfoUpdate":"2022-04-12T07:40:56+0000","status":"draft","informationContributor":{"id":3,"username":"Contributor","displayName":"Contributor","status":"enabled","registrationDate":"2020-08-04T12:29:00+0000","role":"contributor","config":true},"description":"x","contributors":[],"properties":[],"externalIds":[],"accessibleAt":[],"relatedItems":[],"media":[]}

# (2) retriving the saved draft version (with id and persistentId from response above)
curl http://localhost:8080/api/datasets/FBoUJo/versions/242 -H "authorization: ${TOKEN}"

{"timestamp":"2022-04-12 07:41:56","status":403,"error":"User is not authorized to access the given item version with id FBoUJo (version id: 242)"}

x-ref: https://gitlab.gwdg.de/sshoc/sshoc-marketplace-frontend/-/issues/99

[dpancic]

In GitLab by @stefanprobst on Apr 13, 2022, 10:01

note: it does work correctly with:

curl http://localhost:8080/api/datasets/FBoUJo?draft=true -H "authorization: ${TOKEN}"

however, since the draft item actually has a version id assigned, it is unexpected that the /api/:category/:persistentId/versions/:versionId endpoints don't handle items with status="draft".

[dpancic]

In GitLab by @laureD19 on Jul 22, 2022, 12:31

this one seems solved after the last deployment. I've just made some tests on stage and no 403 errors.

Please reopen if there is still something to correct from your pov, @stefanprobst