From 6f14f17871e317ffd1174b773a16ca7a4c63dc35 Mon Sep 17 00:00:00 2001 From: Kathleen Tuite Date: Tue, 12 Sep 2023 14:42:51 -0700 Subject: [PATCH] Return 404 if accessing unpublished dataset/entity list --- lib/resources/datasets.js | 4 +++- test/integration/api/datasets.js | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/resources/datasets.js b/lib/resources/datasets.js index c22ffd423..c9ee0c667 100644 --- a/lib/resources/datasets.js +++ b/lib/resources/datasets.js @@ -8,10 +8,11 @@ // except according to the terms contained in the LICENSE file. const sanitize = require('sanitize-filename'); -const { getOrNotFound } = require('../util/promise'); +const { getOrNotFound, rejectIf } = require('../util/promise'); const { streamEntityCsv } = require('../data/entity'); const { contentDisposition, withEtag } = require('../util/http'); const { md5sum } = require('../util/crypto'); +const { noargs } = require('../util/util'); const { Dataset } = require('../model/frames'); const Problem = require('../util/problem'); @@ -26,6 +27,7 @@ module.exports = (service, endpoint) => { Datasets.get(params.projectId, params.name) .then(getOrNotFound) .then((dataset) => auth.canOrReject('dataset.read', dataset) + .then(rejectIf((() => dataset.publishedAt == null), noargs(Problem.user.notFound))) .then(() => Datasets.getMetadata(dataset))))); service.patch('/projects/:projectId/datasets/:name', endpoint(async ({ Datasets }, { params, body, auth, query }) => { diff --git a/test/integration/api/datasets.js b/test/integration/api/datasets.js index 57402e434..074048a8b 100644 --- a/test/integration/api/datasets.js +++ b/test/integration/api/datasets.js @@ -572,6 +572,15 @@ describe('datasets and entities', () => { })); + it('should reject if dataset is not published', testService((service) => + service.login('alice', (asAlice) => + asAlice.post('/v1/projects/1/forms') + .send(testData.forms.simpleEntity) + .set('Content-Type', 'application/xml') + .expect(200) + .then(() => asAlice.get('/v1/projects/1/datasets/people') + .expect(404))))); + it('should not return duplicate linkedForms', testService(async (service) => { const asAlice = await service.login('alice');