Merge pull request #3877 from IQSS/3614-user-list

3614 user list
IQSS · Jul 10, 2017 · 77b6b02 · 77b6b02
2 parents 57913fd + 6db219c
commit 77b6b02
Show file tree

Hide file tree

Showing 39 changed files with 2,482 additions and 143 deletions.
diff --git a/doc/sphinx-guides/source/_static/installation/files/etc/shibboleth/shibboleth2.xml b/doc/sphinx-guides/source/_static/installation/files/etc/shibboleth/shibboleth2.xml
@@ -41,6 +41,7 @@ https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration
             <Handler type="Status" Location="/Status" acl="127.0.0.1"/>
 
             <!-- Session diagnostic service. -->
+	    <!-- showAttributeValues must be set to true to see attributes at /Shibboleth.sso/Session . -->
             <Handler type="Session" Location="/Session" showAttributeValues="true"/>
 
             <!-- JSON feed of discovery information. -->

diff --git a/doc/sphinx-guides/source/admin/index.rst b/doc/sphinx-guides/source/admin/index.rst
@@ -19,4 +19,8 @@ These "superuser" tasks are managed via the new page called the Dashboard. A use
    metadataexport
    timers
    geoconnect-worldmap
+   user-administration
+   solr-search-index
+   monitoring
+   maintenance
    troubleshooting
diff --git a/doc/sphinx-guides/source/admin/maintenance.rst b/doc/sphinx-guides/source/admin/maintenance.rst
@@ -0,0 +1,9 @@
+Maintenance
+===========
+
+.. contents:: Contents:
+	:local:
+
+When you have scheduled down time for your production servers, we provide a :download:`sample maintenance page <../_static/installation/files/etc/maintenance/maintenance.xhtml>` for you to use. To download, right-click and select "Save Link As".
+
+The maintenance page is intended to be a static page served by Apache to provide users with a nicer, more informative experience when the site is unavailable.
diff --git a/doc/sphinx-guides/source/admin/monitoring.rst b/doc/sphinx-guides/source/admin/monitoring.rst
@@ -0,0 +1,11 @@
+Monitoring
+===========
+
+.. contents:: Contents:
+	:local:
+
+In production you'll want to monitor the usual suspects such as CPU, memory, free disk space, etc.
+
+https://github.com/IQSS/dataverse/issues/2595 contains some information on enabling monitoring of Glassfish, which is disabled by default.
+
+There is a database table called ``actionlogrecord`` that captures events that may be of interest. See https://github.com/IQSS/dataverse/issues/2729 for more discussion around this table.
diff --git a/doc/sphinx-guides/source/admin/solr-search-index.rst b/doc/sphinx-guides/source/admin/solr-search-index.rst
@@ -0,0 +1,47 @@
+Solr Search Index
+=================
+
+Dataverse requires Solr to be operational at all times. If you stop Solr, you should see a error about this on the home page, which is powered by the search index Solr provides. You can set up Solr by following the steps in our Installation Guide's :doc:`/installation/prerequisites` and :doc:`/installation/config` sections explaining how to configure it. This section you're reading now is about the care and feeding of the search index. PostgreSQL is the "source of truth" and the Dataverse application will copy data from PostgreSQL into Solr. For this reason, the search index can be rebuilt at any time. Depending on the amount of data you have, this can be a slow process. You are encouraged to experiment with production data to get a sense of how long a full reindexing will take.
+
+.. contents:: Contents:
+	:local:
+
+Full Reindex
+-------------
+
+There are two ways to perform a full reindex of the Dataverse search index. Starting with a "clear" ensures a completely clean index but involves downtime. Reindexing in place doesn't involve downtime but does not ensure a completely clean index.
+
+Clear and Reindex
++++++++++++++++++
+
+Clearing Data from Solr
+~~~~~~~~~~~~~~~~~~~~~~~
+
+Please note that the moment you issue this command, it will appear to end users looking at the home page that all data is gone! This is because the home page is powered by the search index.
+
+``curl http://localhost:8080/api/admin/index/clear``
+
+Start Async Reindex
+~~~~~~~~~~~~~~~~~~~
+
+Please note that this operation may take hours depending on the amount of data in your system. This known issue is being tracked at https://github.com/IQSS/dataverse/issues/50
+
+``curl http://localhost:8080/api/admin/index``
+
+Reindex in Place
++++++++++++++++++
+
+An alternative to completely clearing the search index is to reindex in place.
+
+Clear Index Timestamps
+~~~~~~~~~~~~~~~~~~~~~~
+
+``curl -X DELETE http://localhost:8080/api/admin/index/timestamps``
+
+Start or Continue Async Reindex
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If indexing stops, this command should pick up where it left off based on which index timestamps have been set, which is why we start by clearing these timestamps above. These timestamps are stored in the ``dvobject`` database table.
+
+``curl http://localhost:8080/api/admin/index/continue``
+
diff --git a/doc/sphinx-guides/source/admin/troubleshooting.rst b/doc/sphinx-guides/source/admin/troubleshooting.rst
@@ -5,9 +5,19 @@ Troubleshooting
 
 This new (as of v.4.6) section of the Admin guide is for tips on how to diagnose and fix system problems. 
 
-.. contents:: |toctitle|
+.. contents:: Contents:
 	:local:
 
+Glassfish
+---------
+
+``server.log`` is the main place to look when you encounter problems. Hopefully an error message has been logged. If there's a stack trace, it may be of interest to developers, especially they can trace line numbers back to a tagged version.
+
+For debugging purposes, you may find it helpful to increase logging levels as mentioned in the :doc:`/developers/debugging` section of the Developer Guide.
+
+Our guides focus on using the command line to manage Glassfish but you might be interested in an admin GUI at http://localhost:4848
+
+
 Deployment fails, "EJB Timer Service not available"
 ---------------------------------------------------
 

diff --git a/doc/sphinx-guides/source/admin/user-administration.rst b/doc/sphinx-guides/source/admin/user-administration.rst
@@ -0,0 +1,39 @@
+User Administration
+===================
+
+This section focuses on user administration tools and tasks. 
+
+.. contents:: Contents:
+	:local:
+
+Manage Users Table
+------------------
+
+The Manage Users table gives the network administrator a list of all user accounts in table form. It lists username, full name, email address, and whether or not the user has Superuser status.
+
+Usernames are listed alphabetically and clicking on a username takes you to the account page that contains detailed information on that account.
+
+You can access the Manage Users table by clicking the "Manage Users" button on the Dashboard, which is linked from the header of all Dataverse pages (if you're loggied in as an administrator).
+
+Confirm Email
+-------------
+
+Dataverse encourages builtin/local users to verify their email address upon signup or email change so that sysadmins can be assured that users can be contacted.
+
+The app will send a standard welcome email with a URL the user can click, which, when activated, will store a ``lastconfirmed`` timestamp in the ``authenticateduser`` table of the database. Any time this is "null" for a user (immediately after signup and/or changing of their Dataverse email address), their current email on file is considered to not be verified. The link that is sent expires after a time (the default is 24 hours), but this is configurable by a superuser via the ``:MinutesUntilConfirmEmailTokenExpires`` config option.
+
+Should users' URL token expire, they will see a "Verify Email" button on the account information page to send another URL.
+
+Sysadmins can determine which users have verified their email addresses by looking for the presence of the value ``emailLastConfirmed`` in the JSON output from listing users (see the "Admin" section of the :doc:`/api/native-api`). As mentioned in the :doc:`/user/account` section of the User Guide, the email addresses for Shibboleth users are re-confirmed on every login.
+
+Deleting an API Token
+---------------------
+
+If an API token is compromised it should be deleted. Users can generate a new one for themselves as explained in the :doc:`/user/account` section of the User Guide, but you may want to preemptively delete tokens from the database.
+
+Using the API token 7ae33670-be21-491d-a244-008149856437 as an example:
+
+``delete from apitoken where tokenstring = '7ae33670-be21-491d-a244-008149856437';``
+
+You should expect the output ``DELETE 1`` after issuing the command above.
+
diff --git a/doc/sphinx-guides/source/api/intro.rst b/doc/sphinx-guides/source/api/intro.rst
@@ -21,7 +21,7 @@ We use the term "native" to mean that the API is not based on any standard. For
 Authentication
 --------------
 
-Most Dataverse APIs require the use of an API token. Instructions for getting a token are described in the :doc:`/user/account` section of the User Guide.
+Most Dataverse APIs require the use of an API token. (In code we sometimes call it a "key" because it's shorter.) Instructions for getting a token are described in the :doc:`/user/account` section of the User Guide.
 
 There are two ways to pass your API token to Dataverse APIs. The preferred method is to send the token in the ``X-Dataverse-key`` HTTP header, as in the following curl example::
 

diff --git a/doc/sphinx-guides/source/api/native-api.rst b/doc/sphinx-guides/source/api/native-api.rst
@@ -559,9 +559,110 @@ Creates a global role in the Dataverse installation. The data POSTed are assumed
 
     POST http://$SERVER/api/admin/roles
 
-List all users::
+List users with the options to search and "page" through results. Only accessible to superusers. Optional parameters:
+
+* ``searchTerm`` A string that matches the beginning of a user identifier, first name, last name or email address.
+* ``itemsPerPage`` The number of detailed results to return.  The default is 25.  This number has no limit. e.g. You could set it to 1000 to return 1,000 results
+* ``selectedPage`` The page of results to return.  The default is 1. 
+
+    GET http://$SERVER/api/admin/list-users
+
+
+Sample output appears below. 
+
+* When multiple pages of results exist, the ``selectedPage`` parameters may be specified. 
+* Note, the resulting ``pagination`` section includes ``pageCount``, ``previousPageNumber``, ``nextPageNumber``, and other variables that may be used to re-create the UI.          
+
+.. code-block:: json
+
+    {
+        "status":"OK",
+        "data":{
+            "userCount":27,
+            "selectedPage":1,
+            "pagination":{
+                "isNecessary":true,
+                "numResults":27,
+                "numResultsString":"27",
+                "docsPerPage":25,
+                "selectedPageNumber":1,
+                "pageCount":2,
+                "hasPreviousPageNumber":false,
+                "previousPageNumber":1,
+                "hasNextPageNumber":true,
+                "nextPageNumber":2,
+                "startResultNumber":1,
+                "endResultNumber":25,
+                "startResultNumberString":"1",
+                "endResultNumberString":"25",
+                "remainingResults":2,
+                "numberNextResults":2,
+                "pageNumberList":[
+                    1,
+                    2
+                ]
+            },
+            "bundleStrings":{
+                "userId":"ID",
+                "userIdentifier":"Username",
+                "lastName":"Last Name ",
+                "firstName":"First Name ",
+                "email":"Email",
+                "affiliation":"Affiliation",
+                "position":"Position",
+                "isSuperuser":"Superuser",
+                "authenticationProvider":"Authentication",
+                "roles":"Roles",
+                "createdTime":"Created Time",
+                "lastLoginTime":"Last Login Time",
+                "lastApiUseTime":"Last API Use Time"
+            },
+            "users":[
+                {
+                    "id":8,
+                    "userIdentifier":"created1",
+                    "lastName":"created1",
+                    "firstName":"created1",
+                    "email":"created1@g.com",
+                    "affiliation":"hello",
+                    "isSuperuser":false,
+                    "authenticationProvider":"BuiltinAuthenticationProvider",
+                    "roles":"Curator",
+                    "createdTime":"2017-06-28 10:36:29.444"
+                },
+                {
+                    "id":9,
+                    "userIdentifier":"created8",
+                    "lastName":"created8",
+                    "firstName":"created8",
+                    "email":"created8@g.com",
+                    "isSuperuser":false,
+                    "authenticationProvider":"BuiltinAuthenticationProvider",
+                    "roles":"Curator",
+                    "createdTime":"2000-01-01 00:00:00.0"
+                },
+                {
+                    "id":1,
+                    "userIdentifier":"dataverseAdmin",
+                    "lastName":"Admin",
+                    "firstName":"Dataverse",
+                    "email":"dataverse@mailinator2.com",
+                    "affiliation":"Dataverse.org",
+                    "position":"Admin",
+                    "isSuperuser":true,
+                    "authenticationProvider":"BuiltinAuthenticationProvider",
+                    "roles":"Admin, Contributor",
+                    "createdTime":"2000-01-01 00:00:00.0",
+                    "lastLoginTime":"2017-07-03 12:22:35.926",
+                    "lastApiUseTime":"2017-07-03 12:55:57.186"
+                },
+                **... 22 more user documents ...**      
+            ]
+        }
+    }
+
+.. note:: "List all users" ``GET http://$SERVER/api/admin/authenticatedUsers`` is deprecated, but supported.
 
-    GET http://$SERVER/api/admin/authenticatedUsers
 
 List user whose ``identifier`` (without the ``@`` sign) is passed::
 

diff --git a/doc/sphinx-guides/source/installation/administration.rst b/doc/sphinx-guides/source/installation/administration.rst