Skip to content

Commit a70cefb

Browse files
sufyanAbbasiGoogle Earth Engine Authors
authored andcommitted
Implement ee.data.testIamPermissions() for the JS client (see: https://developers.google.com/earth-engine/reference/rest/v1/projects.assets/testIamPermissions).
PiperOrigin-RevId: 708462062
1 parent 565f49b commit a70cefb

File tree

1 file changed

+45
-0
lines changed

1 file changed

+45
-0
lines changed

javascript/src/data.js

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2039,6 +2039,51 @@ ee.data.getAssetAcl = function(assetId, opt_callback) {
20392039
};
20402040

20412041

2042+
/**
2043+
* Tests whether the caller has the specified permissions on a Cloud asset ID.
2044+
* If the asset ID does not exist, this will return an empty object, not a
2045+
* NOT_FOUND error.
2046+
*
2047+
* Note: This method does not work for legacy assets (e.g. users/username) and
2048+
* will throw an error. Also note that this method should be used for UI
2049+
* purposes only and does not guarantee to work for checking authorization.
2050+
*
2051+
* Example permissions:
2052+
*
2053+
* - earthengine.assets.create
2054+
* - earthengine.assets.delete
2055+
* - earthengine.assets.get
2056+
* - earthengine.assets.getIamPolicy
2057+
* - earthengine.assets.list
2058+
* - earthengine.assets.setIamPolicy
2059+
* - earthengine.assets.update
2060+
*
2061+
* @param {string} assetId The ID of the Cloud asset to check (e.g.
2062+
* projects/project-id/assets/asset-id).
2063+
* @param {!Array<string>} permissions The list of permissions to check on the
2064+
* asset.
2065+
* @param {function(?ee.api.TestIamPermissionsResponse, string=)=} opt_callback
2066+
* An optional callback with two parameters: the response object containing
2067+
* "permissions" or empty if none found, and an error message. If not
2068+
* supplied, the call is made synchronously.
2069+
* @return {?ee.api.TestIamPermissionsResponse}
2070+
* @export
2071+
*/
2072+
ee.data.testIamPermissions = function(assetId, permissions, opt_callback) {
2073+
const resource = ee.rpc_convert.assetIdToAssetName(assetId);
2074+
if (resource.startsWith(
2075+
`projects/${ee.rpc_convert.DEFAULT_PROJECT}/assets/`)) {
2076+
throw new Error(
2077+
'ee.data.testIamPermissions() is not supported for legacy assets. ' +
2078+
'Use ee.data.getAssetAcl() instead.');
2079+
}
2080+
const request = new ee.api.TestIamPermissionsRequest({permissions});
2081+
const call = new ee.apiclient.Call(opt_callback);
2082+
return call.handle(call.assets().testIamPermissions(
2083+
resource, request, {prettyPrint: false}));
2084+
};
2085+
2086+
20422087
/**
20432088
* Returns the access control list of the asset with the given ID.
20442089
*

0 commit comments

Comments
 (0)