refactored LF check in dataset page

Author: qqmyers

src/main/java/edu/harvard/iq/dataverse/DatasetPage.java

@@ -2112,8 +2112,15 @@ private String init(boolean initFull) {
             }
 
             // Check permisisons
-            if (!(workingVersion.isReleased() || workingVersion.isDeaccessioned()) && !this.canViewUnpublishedDataset()) {
-                return permissionsWrapper.notAuthorized();
+            Set<String> locallyFAIRraIds = dataset.getOwner().getLocallyFAIRRoleAssigneeIdentifiers();
+            boolean releasedAndCanView = workingVersion.isReleased() && locallyFAIRraIds.isEmpty() || permissionsWrapper
+                    .hasLocallyFAIRAccess(dvRequestService.getDataverseRequest(), locallyFAIRraIds);
+            if (!(releasedAndCanView || workingVersion.isDeaccessioned()) && !this.canViewUnpublishedDataset()) {
+                if (locallyFAIRraIds.isEmpty()) {
+                    return permissionsWrapper.notAuthorized();
+                } else {
+                    return permissionsWrapper.notFound();
+                }
             }
 
             if (retrieveDatasetVersionResponse != null && !retrieveDatasetVersionResponse.wasRequestedVersionRetrieved()) {

src/main/java/edu/harvard/iq/dataverse/PermissionServiceBean.java

@@ -1070,5 +1070,36 @@ public List<RoleAssignment> getEffectiveRoleAssignments(AuthenticatedUser user,
         return Stream.concat(directAssignments, groupAssignments)
                 .collect(Collectors.toList());
     }
+    
+    /**
+     * Determines if a user can view a dataset version based on its release status
+     * and the supplied Locally FAIR role assignees.
+     * 
+     * @param DataversRequest The request containing the user and Ip info (for IPgroups)
+     * @param Set<String> locallyFairAssignees a non-null but possibly empty set of locally FAIR role assignees
+     * @return true if the user has locally FAIR access
+     */
+    public boolean isALocallyFAIRAssignee(DataverseRequest req, Set<String> locallyFairAssignees) {
+        
+        // If no locally FAIR restrictions, it's publicly viewable
+        if (locallyFairAssignees.isEmpty()) {
+            return false;
+        }
+        
+        // Check if user is in the locally FAIR assignee list
+        Set<RoleAssignee> userAndGroups = new HashSet<>(groupService.groupsFor(req));
+        User user = req.getUser();
+        if (user.isAuthenticated()) {
+            userAndGroups.add(user);
+        }
+        
+        for (RoleAssignee ra : userAndGroups) {
+            if (locallyFairAssignees.contains(ra.getIdentifier())) {
+                return true;
+            }
+        }
+        
+        return false;
+    }
 }
 

src/main/java/edu/harvard/iq/dataverse/PermissionsWrapper.java

@@ -13,6 +13,7 @@
 import edu.harvard.iq.dataverse.engine.command.impl.*;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.Set;
 import java.util.logging.Logger;
 import jakarta.ejb.EJB;
 import jakarta.faces.view.ViewScoped;
@@ -55,6 +56,7 @@ public class PermissionsWrapper implements java.io.Serializable {
     private final Map<Long, Boolean> fileDownloadPermissionMap = new HashMap<>(); // { DvObject.id : Boolean }
     private final Map<String, Boolean> datasetPermissionMap = new HashMap<>(); // { Permission human_name : Boolean }
 
+    Boolean hasLocallyFAIRAccess;
     /**
      * Check if the current Dataset can Issue Commands
      *
@@ -297,4 +299,12 @@ public String notAuthorized(){
     public String notFound() {
         return navigationWrapper.notFound();
     }
+
+    // The locallyFAIRraIds should not change within a given view (they are set in the parent Dataverse of whatever object the view is for)
+    public boolean hasLocallyFAIRAccess(DataverseRequest req, Set<String> locallyFAIRraIds) {
+        if(hasLocallyFAIRAccess == null ) {
+            hasLocallyFAIRAccess = permissionService.isALocallyFAIRAssignee(req, locallyFAIRraIds);
+        }
+        return hasLocallyFAIRAccess;
+    }
 }