diff --git a/dspace-api/src/main/java/org/dspace/eperson/Subscribe.java b/dspace-api/src/main/java/org/dspace/eperson/Subscribe.java
index 136c3f6ded..cdf2347417 100644
--- a/dspace-api/src/main/java/org/dspace/eperson/Subscribe.java
+++ b/dspace-api/src/main/java/org/dspace/eperson/Subscribe.java
@@ -389,6 +389,7 @@ public class Subscribe
Collection c = (Collection) collections.get(i);
try {
+ boolean includeAll = ConfigurationManager.getBooleanProperty("harvest.includerestricted.subscription", true);
List itemInfos = Harvest.harvest(context, c, startDate, endDate, 0, // Limit
// and
// offset
@@ -397,7 +398,8 @@ public class Subscribe
// everything
0, true, // Need item objects
false, // But not containers
- false); // Or withdrawals
+ false, // Or withdrawals
+ includeAll);
if (ConfigurationManager.getBooleanProperty("eperson.subscription.onlynew", false))
{
diff --git a/dspace-api/src/main/java/org/dspace/search/Harvest.java b/dspace-api/src/main/java/org/dspace/search/Harvest.java
index 2a82eaf04e..81163d9121 100644
--- a/dspace-api/src/main/java/org/dspace/search/Harvest.java
+++ b/dspace-api/src/main/java/org/dspace/search/Harvest.java
@@ -60,6 +60,8 @@ import org.dspace.handle.HandleManager;
import org.dspace.storage.rdbms.DatabaseManager;
import org.dspace.storage.rdbms.TableRow;
import org.dspace.storage.rdbms.TableRowIterator;
+import org.dspace.authorize.AuthorizeManager;
+import org.dspace.eperson.Group;
/**
* Utility class for extracting information about items, possibly just within a
@@ -111,14 +113,16 @@ public class Harvest
* @param withdrawn
* If true, information about withdrawn items is
* included
+ * @param nonAnon
+ * If items without anonymous access should be included or not
* @return List of HarvestedItemInfo objects
* @throws SQLException
* @throws ParseException If the date is not in a supported format
*/
public static List harvest(Context context, DSpaceObject scope,
String startDate, String endDate, int offset, int limit,
- boolean items, boolean collections, boolean withdrawn)
- throws SQLException, ParseException
+ boolean items, boolean collections, boolean withdrawn,
+ boolean nonAnon) throws SQLException, ParseException
{
// Put together our query. Note there is no need for an
@@ -261,7 +265,22 @@ public class Harvest
itemInfo.item = Item.find(context, itemInfo.itemID);
}
- infoObjects.add(itemInfo);
+ if (nonAnon)
+ {
+ infoObjects.add(itemInfo);
+ } else
+ {
+ Group[] authorizedGroups = AuthorizeManager.getAuthorizedGroups(context, itemInfo.item, Constants.READ);
+ boolean added = false;
+ for (int i = 0; i < authorizedGroups.length; i++)
+ {
+ if ((authorizedGroups[i].getID() == 0) && (!added))
+ {
+ infoObjects.add(itemInfo);
+ added = true;
+ }
+ }
+ }
}
index++;
diff --git a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/FeedServlet.java b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/FeedServlet.java
index ed7809ede1..a570263970 100644
--- a/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/FeedServlet.java
+++ b/dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/FeedServlet.java
@@ -277,8 +277,9 @@ public class FeedServlet extends DSpaceServlet
// this invocation should return a non-empty list if even 1 item has changed
try {
+ boolean includeAll = ConfigurationManager.getBooleanProperty("harvest.includerestricted.rss", true);
return (Harvest.harvest(context, dso, startDate, endDate,
- 0, 1, false, false, false).size() > 0);
+ 0, 1, false, false, false, includeAll).size() > 0);
}
catch (ParseException pe)
{
diff --git a/dspace-oai/dspace-oai-api/src/main/java/org/dspace/app/oai/DSpaceOAICatalog.java b/dspace-oai/dspace-oai-api/src/main/java/org/dspace/app/oai/DSpaceOAICatalog.java
index 5d53d6d03c..62af454192 100644
--- a/dspace-oai/dspace-oai-api/src/main/java/org/dspace/app/oai/DSpaceOAICatalog.java
+++ b/dspace-oai/dspace-oai-api/src/main/java/org/dspace/app/oai/DSpaceOAICatalog.java
@@ -236,10 +236,11 @@ public class DSpaceOAICatalog extends AbstractCatalog
// Get the relevant OAIItemInfo objects to make headers
DSpaceObject scope = resolveSet(context, set);
+ boolean includeAll = ConfigurationManager.getBooleanProperty("harvest.includerestricted.oai", true);
List itemInfos = Harvest.harvest(context, scope, from, until, 0, 0, // Everything
// for
// now
- false, true, true);
+ false, true, true, includeAll);
// No Item objects, but we need to know collections they're in and
// withdrawn items
@@ -559,10 +560,11 @@ public class DSpaceOAICatalog extends AbstractCatalog
// Get the relevant HarvestedItemInfo objects to make headers
DSpaceObject scope = resolveSet(context, set);
+ boolean includeAll = ConfigurationManager.getBooleanProperty("harvest.includerestricted.oai", true);
List itemInfos = Harvest.harvest(context, scope, from, until,
offset, MAX_RECORDS, // Limit amount returned from one
// request
- true, true, true); // Need items, containers + withdrawals
+ true, true, true, includeAll); // Need items, containers + withdrawals
// Build list of XML records from item info objects
Iterator i = itemInfos.iterator();
diff --git a/dspace/CHANGES b/dspace/CHANGES
index f446211ab1..e36cae987c 100644
--- a/dspace/CHANGES
+++ b/dspace/CHANGES
@@ -5,6 +5,7 @@
- Fix for SF bug [2343281] XHTML Head Dissimination Crosswalk exposes provenance info
- Fix for SF bug [1896225] HTML tags not stripped in statistics display
- Fix for SF bug [1951859] DSpace Home link style in breadcrumb trail
+ - Fix for SF bug [1730606] Restricted Items metadata exposed via OAI
(Stuart Lewis / Chris Yates / Flavio Botelho / Alex Barbieri / Reuben Pasquini)
- [2057378] Hierarchical LDAP support
diff --git a/dspace/config/dspace.cfg b/dspace/config/dspace.cfg
index 9db029c1fa..339e823cb3 100644
--- a/dspace/config/dspace.cfg
+++ b/dspace/config/dspace.cfg
@@ -469,6 +469,17 @@ webui.ldap.autoregister = true
#ldap.netid_email_domain = @example.com
+#### Restricted item visibilty settings ###
+# By default RSS feeds, OAI-PMH and subscription emails will include ALL items
+# regardless of permissions set on them.
+#
+# If you wish to only expose items through these channels where the ANONYMOUS
+# user is granted READ permission, then set the following options to false
+#harvest.includerestricted.rss = true
+#harvest.includerestricted.oai = true
+#harvest.includerestricted.subscription = true
+
+
#### Proxy Settings ######
# uncomment and specify both properties if proxy server required
# proxy server for external http requests - use regular hostname without port number