hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 07:23:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add the PreAuthorize attribute to getAccessStatus

Browse Source
This commit is contained in:
nibou230
2022-05-05 14:00:45 -04:00
parent 845a552911
commit 34350dd468
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ItemAccessStatusLinkRepository.java
View File

@@ -23,6 +23,7 @@ import org.dspace.core.Context;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
import org.springframework.data.rest.webmvc.ResourceNotFoundException; import org.springframework.data.rest.webmvc.ResourceNotFoundException;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
/** /**
@@ -38,6 +39,7 @@ public class ItemAccessStatusLinkRepository extends AbstractDSpaceRestRepository
@Autowired @Autowired
AccessStatusService accessStatusService; AccessStatusService accessStatusService;
@PreAuthorize("hasPermission(#itemId, 'ITEM', 'READ')")
public AccessStatusRest getAccessStatus(@Nullable HttpServletRequest request, public AccessStatusRest getAccessStatus(@Nullable HttpServletRequest request,
UUID itemId, UUID itemId,
@Nullable Pageable optionalPageable, @Nullable Pageable optionalPageable,

4
dspace-server-webapp/src/test/java/org/dspace/app/rest/ItemRestRepositoryIT.java
View File

@@ -3887,7 +3887,7 @@ public class ItemRestRepositoryIT extends AbstractControllerIntegrationTest {
getClient(tokenEperson).perform(get("/api/core/items/" + item.getID()) getClient(tokenEperson).perform(get("/api/core/items/" + item.getID())
.param("projection", "full")) .param("projection", "full"))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", HalMatcher.matchEmbeds("accessStatus"))) .andExpect(jsonPath("$", HalMatcher.matchNoEmbeds()))
.andExpect(jsonPath("$.uuid", Matchers.is(item.getID().toString()))) .andExpect(jsonPath("$.uuid", Matchers.is(item.getID().toString())))
.andExpect(jsonPath("$.name", Matchers.is(item.getName()))) .andExpect(jsonPath("$.name", Matchers.is(item.getName())))
.andExpect(jsonPath("$.handle", Matchers.is(item.getHandle()))) .andExpect(jsonPath("$.handle", Matchers.is(item.getHandle())))
@@ -3920,7 +3920,7 @@ public class ItemRestRepositoryIT extends AbstractControllerIntegrationTest {
getClient().perform(get("/api/core/items/" + item.getID()) getClient().perform(get("/api/core/items/" + item.getID())
.param("projection", "full")) .param("projection", "full"))
.andExpect(status().isOk()) .andExpect(status().isOk())
.andExpect(jsonPath("$", HalMatcher.matchEmbeds("accessStatus"))) .andExpect(jsonPath("$", HalMatcher.matchNoEmbeds()))
.andExpect(jsonPath("$.uuid", Matchers.is(item.getID().toString()))) .andExpect(jsonPath("$.uuid", Matchers.is(item.getID().toString())))
.andExpect(jsonPath("$.name", Matchers.is(item.getName()))) .andExpect(jsonPath("$.name", Matchers.is(item.getName())))
.andExpect(jsonPath("$.handle", Matchers.is(item.getHandle()))) .andExpect(jsonPath("$.handle", Matchers.is(item.getHandle())))