Implement ee.data.testIamPermissions() for the JS client (see: https://developers.google.com/earth-engine/reference/rest/v1/projects.assets/testIamPermissions).

sufyanAbbasi · Google Earth Engine Authors · commit a70cefb3fa56 · 2024-12-20T17:51:09.000-08:00
PiperOrigin-RevId: 708462062
diff --git a/javascript/src/data.js b/javascript/src/data.js
@@ -2039,6 +2039,51 @@ ee.data.getAssetAcl = function(assetId, opt_callback) {
 };
 
 
+/**
+ * Tests whether the caller has the specified permissions on a Cloud asset ID.
+ * If the asset ID does not exist, this will return an empty object, not a
+ * NOT_FOUND error.
+ *
+ * Note: This method does not work for legacy assets (e.g. users/username) and
+ * will throw an error. Also note that this method should be used for UI
+ * purposes only and does not guarantee to work for checking authorization.
+ *
+ * Example permissions:
+ *
+ *  - earthengine.assets.create
+ *  - earthengine.assets.delete
+ *  - earthengine.assets.get
+ *  - earthengine.assets.getIamPolicy
+ *  - earthengine.assets.list
+ *  - earthengine.assets.setIamPolicy
+ *  - earthengine.assets.update
+ *
+ * @param {string} assetId The ID of the Cloud asset to check (e.g.
+ *     projects/project-id/assets/asset-id).
+ * @param {!Array<string>} permissions The list of permissions to check on the
+ *     asset.
+ * @param {function(?ee.api.TestIamPermissionsResponse, string=)=} opt_callback
+ *     An optional callback with two parameters: the response object containing
+ *     "permissions" or empty if none found, and an error message. If not
+ *     supplied, the call is made synchronously.
+ * @return {?ee.api.TestIamPermissionsResponse}
+ * @export
+ */
+ee.data.testIamPermissions = function(assetId, permissions, opt_callback) {
+  const resource = ee.rpc_convert.assetIdToAssetName(assetId);
+  if (resource.startsWith(
+          `projects/${ee.rpc_convert.DEFAULT_PROJECT}/assets/`)) {
+    throw new Error(
+        'ee.data.testIamPermissions() is not supported for legacy assets. ' +
+        'Use ee.data.getAssetAcl() instead.');
+  }
+  const request = new ee.api.TestIamPermissionsRequest({permissions});
+  const call = new ee.apiclient.Call(opt_callback);
+  return call.handle(call.assets().testIamPermissions(
+      resource, request, {prettyPrint: false}));
+};
+
+
 /**
  * Returns the access control list of the asset with the given ID.
  *
