Can use checkCanRead which checks if it's published or if the user has access to it and throws an error if not:

Related comment:
Looks like previously, this method called checkCanExamine, which confirms the access necessary to see fields that only owner-type users should be able to see. If we switch to confirming access via checkCanRead or similar, this implies that the endpoint is changing so that it provides access to all users, and perhaps, in certain situations, we'd need to filter out things that everyone shouldn't be able to see, like hidden versions.

checkCanRead looks to be sufficient as it returns true if the entry is either published or the canExamine function.

Yes, checkCanRead works fine, but if you use it, the endpoint will return Versions to anyone if the entry is published. If that's a change from how the endpoint worked before (and it appears like the endpoint previously checked for a user with owner-type access to the entry), we might need to make sure that it doesn't show versions that shouldn't be public, like those that are hidden. (I think.)

Thank you for your comment. I added changes to remove hidden versions from being seen to those without access

Related comment:
Looks like previously, this method called checkCanExamine, which confirms the access necessary to see fields that only owner-type users should be able to see. If we switch to confirming access via checkCanRead or similar, this implies that the endpoint is changing so that it provides access to all users, and perhaps, in certain situations, we'd need to filter out things that everyone shouldn't be able to see, like hidden versions.

Is this count accurate if hidden versions are removed?

I added another query to get the public version count

Hmm, I think this means that if a workflow author is viewing the public page of their own workflow, then they will be able to see their hidden versions. Currently, the behaviour is that the hidden versions are hidden for workflow authors as well in the public view.

Not sure if this is worth changing, but noting it.

Think this is worth changing, @hyunnaye please add a follow-up ticket

Think this is worth changing, @hyunnaye please add a follow-up ticket

Nit-picky, and you don't have to change, but there's a lot of duplication throughout this method with column names and method invocations. It increases the odds of a typo (each time you type in a name, it is a new chance to spell it wrong, lol). Plus if we ever change anything in the future, it makes it easier to modify if it's only in one place.

You could introduce variables, constants, and/or add method(s) to reduce this.

Would recommend trying to streamline this method to reduce the amount of duplicate/similar code. One way would be to calculate a sort path from the various sortCol values, then apply the sort path and order to the query at the end. Something like:

    private List<Predicate> processQuery(String sortCol, String sortOrder, CriteriaBuilder cb, CriteriaQuery query, Root<WorkflowVersion> version) {
        List<Predicate> predicates = new ArrayList<>();

        if (!Strings.isNullOrEmpty(sortCol)) {
            Path<Object> sortPath;
            if ("open".equalsIgnoreCase(sortCol)) {
                sortPath = version.get("versionMetadata").get("publicAccessibleTestParameterFile");
            } else if ("descriptorTypeVersions".equals(sortCol)) {
                sortPath = version.get("versionMetadata").get("descriptorTypeVersions");
            } else {
                boolean hasSortCol = version.getModel()
                    .getAttributes()
                    .stream()
                    .map(Attribute::getName)
                    .anyMatch(sortCol::equals);
                if (!hasSortCol) {
                    LOG.error(INVALID_SORTCOL_MESSAGE);
                    throw new CustomWebApplicationException(INVALID_SORTCOL_MESSAGE,
                            HttpStatus.SC_BAD_REQUEST);

                }
                sortPath = version.get(sortCol);
            }
            if ("asc".equalsIgnoreCase(sortOrder)) {
                query.orderBy(cb.asc(sortPath), cb.asc(version.get("id")));
            } else {
                query.orderBy(cb.desc(sortPath), cb.desc(version.get("id")));
            }
        }
        return predicates;
    }
}

Simplifying the method will make it easier to understand and modify.

Done! Thank you

Is this expected to work with all the columns in the Versions table?

Interesting, I didn't remember that you can refresh specifically one (two) versions of a workflow.
This is a nice way of isolating test cases