hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-17 15:03:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix for GHSA-cf2j-vf36-c6w8

Browse Source
This commit is contained in:
Andrea Bollini
2021-10-25 19:01:36 +02:00
parent 0de9680781
commit 277b499a5c
3 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
dspace-api/src/main/java/org/dspace/content/CollectionServiceImpl.java
View File

@@ -920,8 +920,7 @@ public class CollectionServiceImpl extends DSpaceObjectServiceImpl<Collection> i
int defaultRead)
throws SQLException, AuthorizeException {
Group role = groupService.create(context);
groupService.setName(role, "COLLECTION_" + collection.getID().toString() + "_" + typeOfGroupString +
"_DEFAULT_READ");
groupService.setName(role, getDefaultReadGroupName(collection, typeOfGroupString));
// Remove existing privileges from the anonymous group.
authorizeService.removePoliciesActionFilter(context, collection, defaultRead);
@@ -932,6 +931,12 @@ public class CollectionServiceImpl extends DSpaceObjectServiceImpl<Collection> i
return role;
}
@Override
public String getDefaultReadGroupName(Collection collection, String typeOfGroupString) {
return "COLLECTION_" + collection.getID().toString() + "_" + typeOfGroupString +
"_DEFAULT_READ";
}
@Override
public List<Collection> findCollectionsWithSubmit(String q, Context context, Community community,
int offset, int limit) throws SQLException, SearchServiceException {

10
dspace-api/src/main/java/org/dspace/content/service/CollectionService.java
View File

@@ -360,6 +360,16 @@ public interface CollectionService
Group createDefaultReadGroup(Context context, Collection collection, String typeOfGroupString, int defaultRead)
throws SQLException, AuthorizeException;
/**
* This method will return the name to give to the group created by the
* {@link #createDefaultReadGroup(Context, Collection, String, int)} method
*
* @param collection The DSpace collection to use in the name generation
* @param typeOfGroupString The type of group to use in the name generation
* @return the name to give to the group that hold default read for the collection
*/
String getDefaultReadGroupName(Collection collection, String typeOfGroupString);
/**
* Returns Collections for which the current user has 'submit' privileges.
* NOTE: for better performance, this method retrieves its results from an

20
dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java
View File

@@ -15,6 +15,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.UUID;
@@ -735,13 +736,24 @@ public class GroupServiceImpl extends DSpaceObjectServiceImpl<Group> implements
groups.add(group);
List<ResourcePolicy> policies = resourcePolicyService.find(context, null, groups,
Constants.DEFAULT_ITEM_READ, Constants.COLLECTION);
if (policies.size() > 0) {
return policies.get(0).getdSpaceObject();
Optional<ResourcePolicy> defaultPolicy = policies.stream().filter(p -> StringUtils.equals(
collectionService.getDefaultReadGroupName((Collection) p.getdSpaceObject(), "ITEM"),
group.getName())).findFirst();
if (defaultPolicy.isPresent()) {
return defaultPolicy.get().getdSpaceObject();
}
policies = resourcePolicyService.find(context, null, groups,
Constants.DEFAULT_BITSTREAM_READ, Constants.COLLECTION);
if (policies.size() > 0) {
return policies.get(0).getdSpaceObject();
defaultPolicy = policies.stream()
.filter(p -> StringUtils.equals(collectionService.getDefaultReadGroupName(
(Collection) p.getdSpaceObject(), "BITSTREAM"), group.getName()))
.findFirst();
if (defaultPolicy.isPresent()) {
return defaultPolicy.get().getdSpaceObject();
}
}
}