re-fix #3443 (:ExcludeEmailFromExport), add privacy section #3348

IQSS · Sep 11, 2017 · ce0e97c · ce0e97c
1 parent b3a6a33
commit ce0e97c
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 7 deletions.
diff --git a/doc/sphinx-guides/source/installation/config.rst b/doc/sphinx-guides/source/installation/config.rst
@@ -31,6 +31,11 @@ Forcing HTTPS
 
 To avoid having your users send credentials in the clear, it's strongly recommended to force all web traffic to go through HTTPS (port 443) rather than HTTP (port 80). The ease with which one can install a valid SSL cert into Apache compared with the same operation in Glassfish might be a compelling enough reason to front Glassfish with Apache. In addition, Apache can be configured to rewrite HTTP to HTTPS with rules such as those found at https://wiki.apache.org/httpd/RewriteHTTPToHTTPS or in the section on :doc:`shibboleth`.
 
+Privacy Considerations
+++++++++++++++++++++++
+
+Out of the box, Dataverse will list email addresses of the "contacts" for datasets when users visit a dataset page and click the "Export Metadata" button. If you prefer to exclude email addresses of dataset contacts from metadata export, set :ref:`:ExcludeEmailFromExport <:ExcludeEmailFromExport>` to true.
+
 Additional Recommendations
 ++++++++++++++++++++++++++
 
@@ -760,6 +765,9 @@ Specify a URL where users can read your API Terms of Use.
 
 ``curl -X PUT -d http://best-practices.dataverse.org/harvard-policies/harvard-api-tou.html http://localhost:8080/api/admin/settings/:ApiTermsOfUse``
 
+
+.. _:ExcludeEmailFromExport:
+
 :ExcludeEmailFromExport
 +++++++++++++++++++++++
 
@@ -1063,4 +1071,4 @@ This setting is experimental and related to Repository Storage Abstraction Layer
 
 Limit on how many guestbook entries to display on the guestbook-responses page. By default, only the 5000 most recent entries will be shown. Use the standard settings API in order to change the limit. For example, to set it to 10,000, make the following API call: 
 
-``curl -X PUT -d 10000 http://localhost:8080/api/admin/settings/:GuestbookResponsesPageDisplayLimit`` 
+``curl -X PUT -d 10000 http://localhost:8080/api/admin/settings/:GuestbookResponsesPageDisplayLimit`` 
diff --git a/.../java/edu/harvard/iq/dataverse/engine/command/impl/FinalizeDatasetPublicationCommand.java b/.../java/edu/harvard/iq/dataverse/engine/command/impl/FinalizeDatasetPublicationCommand.java
@@ -106,7 +106,7 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
         theDataset.getEditVersion().setVersionState(DatasetVersion.VersionState.RELEASED);
 
 
-        exportMetadata();
+        exportMetadata(ctxt.settings());
         boolean doNormalSolrDocCleanUp = true;
         ctxt.index().indexDataset(theDataset, doNormalSolrDocCleanUp);
         ctxt.solrIndex().indexPermissionsForOneDvObject(theDataset);
@@ -123,10 +123,10 @@ public Dataset execute(CommandContext ctxt) throws CommandException {
      * Attempting to run metadata export, for all the formats for which we have
      * metadata Exporters.
      */
-    private void exportMetadata() {
+    private void exportMetadata(SettingsServiceBean settingsServiceBean) {
 
         try {
-            ExportService instance = ExportService.getInstance();
+            ExportService instance = ExportService.getInstance(settingsServiceBean);
             instance.exportAllFormats(theDataset);
 
         } catch (ExportException ex) {

diff --git a/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java b/src/main/java/edu/harvard/iq/dataverse/export/ExportService.java
@@ -54,8 +54,13 @@ private ExportService() {
     }
 
     /**
-     * TODO: Audit all calls to this getInstance method that doesn't take a SettingsServiceBean as an argument to make sure nothing broke.
+     * @deprecated Use `getInstance(SettingsServiceBean settingsService)`
+     * instead. For privacy reasons, we need to pass in settingsService so that
+     * we can make a decision whether not not to exclude email addresses. No new
+     * code should call this method and it would be nice to remove calls from
+     * existing code.
      */
+    @Deprecated
     public static synchronized ExportService getInstance() {
         return getInstance(null);
     }

diff --git a/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java b/src/test/java/edu/harvard/iq/dataverse/api/DatasetsIT.java
@@ -393,8 +393,8 @@ public void testExcludeEmail() {
                 .body("message", equalTo("Cannot publish as minor version. Re-try as major release."))
                 .statusCode(403);
 
-        Response setSequentialNumberAsIdentifierGenerationStyle = UtilIT.setSetting(SettingsServiceBean.Key.ExcludeEmailFromExport, "true");
-        setSequentialNumberAsIdentifierGenerationStyle.then().assertThat()
+        Response setToExcludeEmailFromExport = UtilIT.setSetting(SettingsServiceBean.Key.ExcludeEmailFromExport, "true");
+        setToExcludeEmailFromExport.then().assertThat()
                 .statusCode(OK.getStatusCode());
 
         Response publishDataset = UtilIT.publishDatasetViaNativeApi(datasetPersistentId, "major", apiToken);