From 3d3238579c8340d3ddbda26061de52ad24393b5f Mon Sep 17 00:00:00 2001 From: Sufyan Abbasi Date: Fri, 20 Dec 2024 16:55:13 -0800 Subject: [PATCH] Implement `ee.data.testIamPermissions()` for the JS client (see: https://developers.google.com/earth-engine/reference/rest/v1/projects.assets/testIamPermissions). PiperOrigin-RevId: 708462062 --- javascript/src/data.js | 45 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/javascript/src/data.js b/javascript/src/data.js index 93456de9a..79b8dcf28 100644 --- a/javascript/src/data.js +++ b/javascript/src/data.js @@ -2039,6 +2039,51 @@ ee.data.getAssetAcl = function(assetId, opt_callback) { }; +/** + * Tests whether the caller has the specified permissions on a Cloud asset ID. + * If the asset ID does not exist, this will return an empty object, not a + * NOT_FOUND error. + * + * Note: This method does not work for legacy assets (e.g. users/username) and + * will throw an error. Also note that this method should be used for UI + * purposes only and does not guarantee to work for checking authorization. + * + * Example permissions: + * + * - earthengine.assets.create + * - earthengine.assets.delete + * - earthengine.assets.get + * - earthengine.assets.getIamPolicy + * - earthengine.assets.list + * - earthengine.assets.setIamPolicy + * - earthengine.assets.update + * + * @param {string} assetId The ID of the Cloud asset to check (e.g. + * projects/project-id/assets/asset-id). + * @param {!Array} permissions The list of permissions to check on the + * asset. + * @param {function(?ee.api.TestIamPermissionsResponse, string=)=} opt_callback + * An optional callback with two parameters: the response object containing + * "permissions" or empty if none found, and an error message. If not + * supplied, the call is made synchronously. + * @return {?ee.api.TestIamPermissionsResponse} + * @export + */ +ee.data.testIamPermissions = function(assetId, permissions, opt_callback) { + const resource = ee.rpc_convert.assetIdToAssetName(assetId); + if (resource.startsWith( + `projects/${ee.rpc_convert.DEFAULT_PROJECT}/assets/`)) { + throw new Error( + 'ee.data.testIamPermissions() is not supported for legacy assets. ' + + 'Use ee.data.getAssetAcl() instead.'); + } + const request = new ee.api.TestIamPermissionsRequest({permissions}); + const call = new ee.apiclient.Call(opt_callback); + return call.handle(call.assets().testIamPermissions( + resource, request, {prettyPrint: false})); +}; + + /** * Returns the access control list of the asset with the given ID. *