mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
Merge pull request #2689 from Micheleboychuk/DS-4278
DS-4278 Submitters can edit all metadata
This commit is contained in:
Tim Donohue
@@ -14,6 +14,7 @@ import java.util.UUID;
|
||||
import org.dspace.app.rest.utils.ContextUtil;
|
||||
import org.dspace.authorize.service.AuthorizeService;
|
||||
import org.dspace.content.DSpaceObject;
|
||||
import org.dspace.content.Item;
|
||||
import org.dspace.content.factory.ContentServiceFactory;
|
||||
import org.dspace.content.service.DSpaceObjectService;
|
||||
import org.dspace.core.Constants;
|
||||
@@ -84,6 +85,15 @@ public class AuthorizeServicePermissionEvaluatorPlugin extends RestObjectPermiss
|
||||
return true;
|
||||
}
|
||||
|
||||
// If the item is still inprogress we can process here only the READ permission.
|
||||
// Other actions need to be evaluated against the wrapper object (workspace or workflow item)
|
||||
if (dSpaceObject instanceof Item) {
|
||||
if (!DSpaceRestPermission.READ.equals(restPermission)
|
||||
&& !((Item) dSpaceObject).isArchived() && !((Item) dSpaceObject).isWithdrawn()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return authorizeService.authorizeActionBoolean(context, ePerson, dSpaceObject,
|
||||
restPermission.getDspaceApiActionId(), true);
|
||||
}
|
||||
|
||||
@@ -8,6 +8,8 @@
|
||||
package org.dspace.app.rest;
|
||||
|
||||
import static com.jayway.jsonpath.matchers.JsonPathMatchers.hasJsonPath;
|
||||
import static org.dspace.app.rest.matcher.MetadataMatcher.matchMetadata;
|
||||
import static org.hamcrest.Matchers.allOf;
|
||||
import static org.hamcrest.Matchers.hasSize;
|
||||
import static org.hamcrest.Matchers.is;
|
||||
import static org.springframework.data.rest.webmvc.RestMediaTypes.TEXT_URI_LIST_VALUE;
|
||||
@@ -30,6 +32,7 @@ import java.util.UUID;
|
||||
import javax.ws.rs.core.MediaType;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import org.apache.commons.io.IOUtils;
|
||||
import org.apache.commons.lang3.CharEncoding;
|
||||
import org.dspace.app.rest.builder.BitstreamBuilder;
|
||||
@@ -755,6 +758,140 @@ public class WorkspaceItemRestRepositoryIT extends AbstractControllerIntegration
|
||||
;
|
||||
}
|
||||
|
||||
@Test
|
||||
public void patchReplaceMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Parent Community")
|
||||
.build();
|
||||
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||
.withName("Sub Community")
|
||||
.build();
|
||||
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||
.withName("Collection 1")
|
||||
.build();
|
||||
|
||||
context.setCurrentUser(eperson);
|
||||
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||
.withTitle("Workspace Item 1")
|
||||
.withIssueDate("2017-10-17")
|
||||
.withSubject("ExtraEntry")
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
List<Operation> updateTitle = new ArrayList<Operation>();
|
||||
Map<String, String> value = new HashMap<String, String>();
|
||||
value.put("value", "New Title");
|
||||
updateTitle.add(new ReplaceOperation("/metadata/dc.title/0", value));
|
||||
|
||||
String patchBody = getPatchContent(updateTitle);
|
||||
UUID idItem = witem.getItem().getID();
|
||||
|
||||
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||
.content(patchBody)
|
||||
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", Matchers.is(ItemMatcher.matchItemWithTitleAndDateIssued
|
||||
(witem.getItem(), "Workspace Item 1", "2017-10-17"))));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void patchAddMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Parent Community")
|
||||
.build();
|
||||
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||
.withName("Sub Community")
|
||||
.build();
|
||||
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||
.withName("Collection 1")
|
||||
.build();
|
||||
|
||||
context.setCurrentUser(eperson);
|
||||
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||
.withTitle("Workspace")
|
||||
.withSubject("ExtraEntry")
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
List<Operation> addIssueDate = new ArrayList<Operation>();
|
||||
Map<String, String> value = new HashMap<String, String>();
|
||||
value.put("value", "2017-10-17");
|
||||
addIssueDate.add(new ReplaceOperation("/metadata/dc.date.issued/0", value));
|
||||
|
||||
String patchBody = getPatchContent(addIssueDate);
|
||||
UUID idItem = witem.getItem().getID();
|
||||
|
||||
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||
.content(patchBody)
|
||||
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", hasJsonPath("$.metadata", allOf(
|
||||
matchMetadata("dc.title", "Workspace")))))
|
||||
.andExpect(jsonPath("$.metadata.['dc.date.issued']").doesNotExist());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void patchRemoveMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Parent Community")
|
||||
.build();
|
||||
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||
.withName("Sub Community")
|
||||
.build();
|
||||
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||
.withName("Collection 1")
|
||||
.build();
|
||||
|
||||
context.setCurrentUser(eperson);
|
||||
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||
.withTitle("Workspace title")
|
||||
.withIssueDate("2017-10-17")
|
||||
.withSubject("ExtraEntry")
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
List<Operation> removeTitle = new ArrayList<Operation>();
|
||||
removeTitle.add(new RemoveOperation("/metadata/dc.title/0"));
|
||||
|
||||
String patchBody = getPatchContent(removeTitle);
|
||||
UUID idItem = witem.getItem().getID();
|
||||
|
||||
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||
.content(patchBody)
|
||||
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||
.andExpect(status().isForbidden());
|
||||
|
||||
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$", hasJsonPath("$.metadata", allOf(
|
||||
matchMetadata("dc.title", "Workspace title"),
|
||||
matchMetadata("dc.date.issued", "2017-10-17")))));
|
||||
}
|
||||
|
||||
@Test
|
||||
/**
|
||||
* Test delete of a metadata
|
||||
|
||||
Reference in New Issue
Block a user