mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-15 22:13:08 +00:00
Merge pull request #1493 from 4Science/DS-2895
DS-2895 authorization check for item not owned by collection
This commit is contained in:
Tim Donohue
@@ -118,15 +118,17 @@ public class ResourcePolicyServiceImpl implements ResourcePolicyService
|
||||
*/
|
||||
@Override
|
||||
public void delete(Context context, ResourcePolicy resourcePolicy) throws SQLException, AuthorizeException {
|
||||
// FIXME: authorizations
|
||||
// Remove ourself
|
||||
resourcePolicyDAO.delete(context, resourcePolicy);
|
||||
|
||||
context.turnOffAuthorisationSystem();
|
||||
if(resourcePolicy.getdSpaceObject() != null)
|
||||
{
|
||||
//A policy for a DSpace Object has been modified, fire a modify event on the DSpace object
|
||||
contentServiceFactory.getDSpaceObjectService(resourcePolicy.getdSpaceObject()).updateLastModified(context, resourcePolicy.getdSpaceObject());
|
||||
}
|
||||
|
||||
// FIXME: authorizations
|
||||
// Remove ourself
|
||||
resourcePolicyDAO.delete(context, resourcePolicy);
|
||||
context.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
|
||||
@@ -203,26 +205,34 @@ public class ResourcePolicyServiceImpl implements ResourcePolicyService
|
||||
|
||||
@Override
|
||||
public void removeAllPolicies(Context c, DSpaceObject o) throws SQLException, AuthorizeException {
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
resourcePolicyDAO.deleteByDso(c, o);
|
||||
c.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
c.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removePolicies(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException {
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
resourcePolicyDAO.deleteByDsoAndType(c, o, type);
|
||||
c.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
c.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDsoGroupPolicies(Context context, DSpaceObject dso, Group group) throws SQLException, AuthorizeException {
|
||||
contentServiceFactory.getDSpaceObjectService(dso).updateLastModified(context, dso);
|
||||
resourcePolicyDAO.deleteByDsoGroupPolicies(context, dso, group);
|
||||
context.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(dso).updateLastModified(context, dso);
|
||||
context.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDsoEPersonPolicies(Context context, DSpaceObject dso, EPerson ePerson) throws SQLException, AuthorizeException {
|
||||
contentServiceFactory.getDSpaceObjectService(dso).updateLastModified(context, dso);
|
||||
resourcePolicyDAO.deleteByDsoEPersonPolicies(context, dso, ePerson);
|
||||
context.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(dso).updateLastModified(context, dso);
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
}
|
||||
|
||||
@@ -237,15 +247,19 @@ public class ResourcePolicyServiceImpl implements ResourcePolicyService
|
||||
{
|
||||
removeAllPolicies(c, o);
|
||||
}else{
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
resourcePolicyDAO.deleteByDsoAndAction(c, o, actionId);
|
||||
c.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
c.restoreAuthSystemState();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removeDsoAndTypeNotEqualsToPolicies(Context c, DSpaceObject o, String type) throws SQLException, AuthorizeException {
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
resourcePolicyDAO.deleteByDsoAndTypeNotEqualsTo(c, o, type);
|
||||
c.turnOffAuthorisationSystem();
|
||||
contentServiceFactory.getDSpaceObjectService(o).updateLastModified(c, o);
|
||||
c.restoreAuthSystemState();
|
||||
}
|
||||
|
||||
|
||||
@@ -279,10 +293,12 @@ public class ResourcePolicyServiceImpl implements ResourcePolicyService
|
||||
}
|
||||
|
||||
//Update the last modified timestamp of all related DSpace Objects
|
||||
context.turnOffAuthorisationSystem();
|
||||
for (DSpaceObject dSpaceObject : relatedDSpaceObjects) {
|
||||
//A policy for a DSpace Object has been modified, fire a modify event on the DSpace object
|
||||
contentServiceFactory.getDSpaceObjectService(dSpaceObject).updateLastModified(context, dSpaceObject);
|
||||
contentServiceFactory.getDSpaceObjectService(dSpaceObject).updateLastModified(context, dSpaceObject);
|
||||
}
|
||||
context.restoreAuthSystemState();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -30,6 +30,7 @@ import org.dspace.harvest.service.HarvestedItemService;
|
||||
import org.dspace.identifier.IdentifierException;
|
||||
import org.dspace.identifier.service.IdentifierService;
|
||||
import org.dspace.versioning.service.VersioningService;
|
||||
import org.dspace.workflow.WorkflowItemService;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
|
||||
import java.io.IOException;
|
||||
@@ -78,6 +79,11 @@ public class ItemServiceImpl extends DSpaceObjectServiceImpl<Item> implements It
|
||||
protected VersioningService versioningService;
|
||||
@Autowired(required=true)
|
||||
protected HarvestedItemService harvestedItemService;
|
||||
@Autowired(required=true)
|
||||
protected WorkspaceItemService workspaceItemService;
|
||||
@Autowired(required=true)
|
||||
protected WorkflowItemService workflowItemService;
|
||||
|
||||
|
||||
protected ItemServiceImpl()
|
||||
{
|
||||
@@ -881,12 +887,28 @@ public class ItemServiceImpl extends DSpaceObjectServiceImpl<Item> implements It
|
||||
// is this collection not yet created, and an item template is created
|
||||
if (item.getOwningCollection() == null)
|
||||
{
|
||||
return true;
|
||||
if (!isInProgressSubmission(context, item)) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return collectionService.canEditBoolean(context, item.getOwningCollection(), false);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the item is an inprogress submission
|
||||
* @param context
|
||||
* @param item
|
||||
* @return <code>true</code> if the item is an inprogress submission, i.e. a WorkspaceItem or WorkflowItem
|
||||
* @throws SQLException
|
||||
*/
|
||||
public boolean isInProgressSubmission(Context context, Item item) throws SQLException {
|
||||
return workspaceItemService.findByItem(context, item) != null
|
||||
|| workflowItemService.findByItem(context, item) != null;
|
||||
}
|
||||
|
||||
/*
|
||||
With every finished submission a bunch of resource policy entries with have null value for the dspace_object column are generated in the database.
|
||||
|
||||
@@ -555,4 +555,12 @@ public interface ItemService extends DSpaceObjectService<Item>, DSpaceObjectLega
|
||||
* @throws SQLException if database error
|
||||
*/
|
||||
int countWithdrawnItems(Context context) throws SQLException;
|
||||
|
||||
/**
|
||||
* Check if the supplied item is an inprogress submission
|
||||
* @param context
|
||||
* @param item
|
||||
* @return <code>true</code> if the item is linked to a workspaceitem or workflowitem
|
||||
*/
|
||||
boolean isInProgressSubmission(Context context, Item item) throws SQLException;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user