mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-17 15:03:18 +00:00
Merge pull request #2689 from Micheleboychuk/DS-4278
DS-4278 Submitters can edit all metadata
This commit is contained in:
Tim Donohue
@@ -14,6 +14,7 @@ import java.util.UUID;
|
|||||||
import org.dspace.app.rest.utils.ContextUtil;
|
import org.dspace.app.rest.utils.ContextUtil;
|
||||||
import org.dspace.authorize.service.AuthorizeService;
|
import org.dspace.authorize.service.AuthorizeService;
|
||||||
import org.dspace.content.DSpaceObject;
|
import org.dspace.content.DSpaceObject;
|
||||||
|
import org.dspace.content.Item;
|
||||||
import org.dspace.content.factory.ContentServiceFactory;
|
import org.dspace.content.factory.ContentServiceFactory;
|
||||||
import org.dspace.content.service.DSpaceObjectService;
|
import org.dspace.content.service.DSpaceObjectService;
|
||||||
import org.dspace.core.Constants;
|
import org.dspace.core.Constants;
|
||||||
@@ -84,6 +85,15 @@ public class AuthorizeServicePermissionEvaluatorPlugin extends RestObjectPermiss
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If the item is still inprogress we can process here only the READ permission.
|
||||||
|
// Other actions need to be evaluated against the wrapper object (workspace or workflow item)
|
||||||
|
if (dSpaceObject instanceof Item) {
|
||||||
|
if (!DSpaceRestPermission.READ.equals(restPermission)
|
||||||
|
&& !((Item) dSpaceObject).isArchived() && !((Item) dSpaceObject).isWithdrawn()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return authorizeService.authorizeActionBoolean(context, ePerson, dSpaceObject,
|
return authorizeService.authorizeActionBoolean(context, ePerson, dSpaceObject,
|
||||||
restPermission.getDspaceApiActionId(), true);
|
restPermission.getDspaceApiActionId(), true);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -8,6 +8,8 @@
|
|||||||
package org.dspace.app.rest;
|
package org.dspace.app.rest;
|
||||||
|
|
||||||
import static com.jayway.jsonpath.matchers.JsonPathMatchers.hasJsonPath;
|
import static com.jayway.jsonpath.matchers.JsonPathMatchers.hasJsonPath;
|
||||||
|
import static org.dspace.app.rest.matcher.MetadataMatcher.matchMetadata;
|
||||||
|
import static org.hamcrest.Matchers.allOf;
|
||||||
import static org.hamcrest.Matchers.hasSize;
|
import static org.hamcrest.Matchers.hasSize;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
import static org.springframework.data.rest.webmvc.RestMediaTypes.TEXT_URI_LIST_VALUE;
|
import static org.springframework.data.rest.webmvc.RestMediaTypes.TEXT_URI_LIST_VALUE;
|
||||||
@@ -30,6 +32,7 @@ import java.util.UUID;
|
|||||||
import javax.ws.rs.core.MediaType;
|
import javax.ws.rs.core.MediaType;
|
||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
|
||||||
import org.apache.commons.io.IOUtils;
|
import org.apache.commons.io.IOUtils;
|
||||||
import org.apache.commons.lang3.CharEncoding;
|
import org.apache.commons.lang3.CharEncoding;
|
||||||
import org.dspace.app.rest.builder.BitstreamBuilder;
|
import org.dspace.app.rest.builder.BitstreamBuilder;
|
||||||
@@ -755,6 +758,140 @@ public class WorkspaceItemRestRepositoryIT extends AbstractControllerIntegration
|
|||||||
;
|
;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void patchReplaceMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||||
|
context.turnOffAuthorisationSystem();
|
||||||
|
|
||||||
|
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||||
|
.withName("Parent Community")
|
||||||
|
.build();
|
||||||
|
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||||
|
.withName("Sub Community")
|
||||||
|
.build();
|
||||||
|
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||||
|
.withName("Collection 1")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.setCurrentUser(eperson);
|
||||||
|
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||||
|
.withTitle("Workspace Item 1")
|
||||||
|
.withIssueDate("2017-10-17")
|
||||||
|
.withSubject("ExtraEntry")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.restoreAuthSystemState();
|
||||||
|
|
||||||
|
List<Operation> updateTitle = new ArrayList<Operation>();
|
||||||
|
Map<String, String> value = new HashMap<String, String>();
|
||||||
|
value.put("value", "New Title");
|
||||||
|
updateTitle.add(new ReplaceOperation("/metadata/dc.title/0", value));
|
||||||
|
|
||||||
|
String patchBody = getPatchContent(updateTitle);
|
||||||
|
UUID idItem = witem.getItem().getID();
|
||||||
|
|
||||||
|
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||||
|
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||||
|
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||||
|
.content(patchBody)
|
||||||
|
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||||
|
.andExpect(status().isForbidden());
|
||||||
|
|
||||||
|
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||||
|
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andExpect(jsonPath("$", Matchers.is(ItemMatcher.matchItemWithTitleAndDateIssued
|
||||||
|
(witem.getItem(), "Workspace Item 1", "2017-10-17"))));
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void patchAddMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||||
|
context.turnOffAuthorisationSystem();
|
||||||
|
|
||||||
|
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||||
|
.withName("Parent Community")
|
||||||
|
.build();
|
||||||
|
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||||
|
.withName("Sub Community")
|
||||||
|
.build();
|
||||||
|
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||||
|
.withName("Collection 1")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.setCurrentUser(eperson);
|
||||||
|
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||||
|
.withTitle("Workspace")
|
||||||
|
.withSubject("ExtraEntry")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.restoreAuthSystemState();
|
||||||
|
|
||||||
|
List<Operation> addIssueDate = new ArrayList<Operation>();
|
||||||
|
Map<String, String> value = new HashMap<String, String>();
|
||||||
|
value.put("value", "2017-10-17");
|
||||||
|
addIssueDate.add(new ReplaceOperation("/metadata/dc.date.issued/0", value));
|
||||||
|
|
||||||
|
String patchBody = getPatchContent(addIssueDate);
|
||||||
|
UUID idItem = witem.getItem().getID();
|
||||||
|
|
||||||
|
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||||
|
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||||
|
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||||
|
.content(patchBody)
|
||||||
|
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||||
|
.andExpect(status().isForbidden());
|
||||||
|
|
||||||
|
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||||
|
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andExpect(jsonPath("$", hasJsonPath("$.metadata", allOf(
|
||||||
|
matchMetadata("dc.title", "Workspace")))))
|
||||||
|
.andExpect(jsonPath("$.metadata.['dc.date.issued']").doesNotExist());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void patchRemoveMetadataOnItemStillInSubmissionTest() throws Exception {
|
||||||
|
context.turnOffAuthorisationSystem();
|
||||||
|
|
||||||
|
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||||
|
.withName("Parent Community")
|
||||||
|
.build();
|
||||||
|
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||||
|
.withName("Sub Community")
|
||||||
|
.build();
|
||||||
|
Collection col1 = CollectionBuilder.createCollection(context, child1)
|
||||||
|
.withName("Collection 1")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.setCurrentUser(eperson);
|
||||||
|
WorkspaceItem witem = WorkspaceItemBuilder.createWorkspaceItem(context, col1)
|
||||||
|
.withTitle("Workspace title")
|
||||||
|
.withIssueDate("2017-10-17")
|
||||||
|
.withSubject("ExtraEntry")
|
||||||
|
.build();
|
||||||
|
|
||||||
|
context.restoreAuthSystemState();
|
||||||
|
|
||||||
|
List<Operation> removeTitle = new ArrayList<Operation>();
|
||||||
|
removeTitle.add(new RemoveOperation("/metadata/dc.title/0"));
|
||||||
|
|
||||||
|
String patchBody = getPatchContent(removeTitle);
|
||||||
|
UUID idItem = witem.getItem().getID();
|
||||||
|
|
||||||
|
// Verify submitter cannot modify metadata via item PATCH. They must use submission forms.
|
||||||
|
String tokenEperson = getAuthToken(eperson.getEmail(), password);
|
||||||
|
getClient(tokenEperson).perform(patch("/api/core/items/" + idItem)
|
||||||
|
.content(patchBody)
|
||||||
|
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
|
||||||
|
.andExpect(status().isForbidden());
|
||||||
|
|
||||||
|
String tokenAdmin = getAuthToken(admin.getEmail(), password);
|
||||||
|
getClient(tokenAdmin).perform(get("/api/core/items/" + idItem))
|
||||||
|
.andExpect(status().isOk())
|
||||||
|
.andExpect(jsonPath("$", hasJsonPath("$.metadata", allOf(
|
||||||
|
matchMetadata("dc.title", "Workspace title"),
|
||||||
|
matchMetadata("dc.date.issued", "2017-10-17")))));
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
/**
|
/**
|
||||||
* Test delete of a metadata
|
* Test delete of a metadata
|
||||||
|
|||||||
Reference in New Issue
Block a user