[DS-3179] Collection admin, edit item no authorization to remove file in JSPUI

2025-10-09 19:13:18 +00:00 · 2016-05-03 12:01:38 +02:00
parent 2e309a116f
commit 1940e4e6a2
2 changed files with 27 additions and 4 deletions
--- a/dspace-api/src/main/java/org/dspace/content/BundleServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/content/BundleServiceImpl.java
@@ -170,8 +170,6 @@ public class BundleServiceImpl extends DSpaceObjectServiceImpl<Bundle> implement
        log.info(LogManager.getHeader(context, "remove_bitstream",
                "bundle_id=" + bundle.getID() + ",bitstream_id=" + bitstream.getID()));

-        bundle.getBitstreams().remove(bitstream);
-        bitstream.getBundles().remove(bundle);

        context.addEvent(new Event(Event.REMOVE, Constants.BUNDLE, bundle.getID(),
                Constants.BITSTREAM, bitstream.getID(), String.valueOf(bitstream.getSequenceID()),
@@ -193,7 +191,16 @@ public class BundleServiceImpl extends DSpaceObjectServiceImpl<Bundle> implement
            bundle.unsetPrimaryBitstreamID();
        }

+        // Check if we our bitstream is part of a single bundle:
+        // If so delete it, if not then remove the link between bundle & bitstream
+        if(bitstream.getBundles().size() == 1)
+        {
+            // We don't need to remove the link between bundle & bitstream, this will be handled in the delete() method.
            bitstreamService.delete(context, bitstream);
+        }else{
+            bundle.getBitstreams().remove(bitstream);
+            bitstream.getBundles().remove(bundle);
+        }
    }

    @Override
--- a/dspace-jspui/src/main/java/org/dspace/app/webui/servlet/DSpaceServlet.java
+++ b/dspace-jspui/src/main/java/org/dspace/app/webui/servlet/DSpaceServlet.java
@@ -136,7 +136,7 @@ public class DSpaceServlet extends HttpServlet
            // Also email an alert
            UIUtil.sendAlert(request, se);

-            context.abort();
+            abortContext(context);
            JSPManager.showInternalError(request, response);
        }
        catch (AuthorizeException ae)
@@ -158,6 +158,15 @@ public class DSpaceServlet extends HttpServlet

                JSPManager.showAuthorizeError(request, response, ae);
            }
+            abortContext(context);
+        }
+        catch (Exception e)
+        {
+            log.warn(LogManager.getHeader(context, "general_jspui_error", e
+                    .toString()), e);
+
+            abortContext(context);
+            JSPManager.showInternalError(request, response);
        }
        finally
        {
@@ -175,6 +184,13 @@ public class DSpaceServlet extends HttpServlet
        }
    }

+    private void abortContext(Context context) {
+        if(context != null && context.isValid())
+        {
+            context.abort();
+        }
+    }
+
    /**
     * Process an incoming HTTP GET. If an exception is thrown, or for some
     * other reason the passed in context is not completed, it will be aborted