hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-18 15:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

added ITs to prove that admins of community/collection can manage their own groups

Browse Source
This commit is contained in:
Mykhaylo
2020-05-28 19:07:50 +02:00
parent 6df58917b4
commit 34b61f3b98
5 changed files with 340 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
View File

@@ -590,8 +590,11 @@ public class AuthorizeUtil {
authorizeManageAdminGroup(context, collection); authorizeManageAdminGroup(context, collection);
return; return;
} }
// if we reach this point, it means that the group is related
// to a collection but as it is not the submitters, nor the administrators,
// nor a workflow groups it must be a default item/bitstream groups
authorizeManageDefaultReadGroup(context, collection);
return;
} }
if (parentObject.getType() == Constants.COMMUNITY) { if (parentObject.getType() == Constants.COMMUNITY) {
Community community = (Community) parentObject; Community community = (Community) parentObject;

19
dspace-api/src/main/java/org/dspace/eperson/GroupServiceImpl.java
View File

@@ -23,7 +23,9 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair; import org.apache.commons.lang3.tuple.Pair;
import org.dspace.authorize.AuthorizeConfiguration; import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.authorize.service.ResourcePolicyService;
import org.dspace.content.Collection; import org.dspace.content.Collection;
import org.dspace.content.DSpaceObject; import org.dspace.content.DSpaceObject;
import org.dspace.content.DSpaceObjectServiceImpl; import org.dspace.content.DSpaceObjectServiceImpl;
@@ -76,6 +78,8 @@ public class GroupServiceImpl extends DSpaceObjectServiceImpl<Group> implements
@Autowired(required = true) @Autowired(required = true)
protected AuthorizeService authorizeService; protected AuthorizeService authorizeService;
@Autowired(required = true)
protected ResourcePolicyService resourcePolicyService;
protected GroupServiceImpl() { protected GroupServiceImpl() {
super(); super();
@@ -654,6 +658,21 @@ public class GroupServiceImpl extends DSpaceObjectServiceImpl<Group> implements
return collectionService.getParentObject(context, collection); return collectionService.getParentObject(context, collection);
} }
} }
} else {
if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) {
List<Group> groups = new ArrayList<Group>();
groups.add(group);
List<ResourcePolicy> policies = resourcePolicyService.find(context, null, groups,
Constants.DEFAULT_ITEM_READ, Constants.COLLECTION);
if (policies.size() > 0) {
return policies.get(0).getdSpaceObject();
}
policies = resourcePolicyService.find(context, null, groups,
Constants.DEFAULT_BITSTREAM_READ, Constants.COLLECTION);
if (policies.size() > 0) {
return policies.get(0).getdSpaceObject();
}
}
} }
} }
if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) { if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) {

39
dspace-server-webapp/src/test/java/org/dspace/app/rest/CollectionGroupRestControllerIT.java
View File

@@ -35,7 +35,6 @@ import org.dspace.eperson.Group;
import org.dspace.eperson.service.GroupService; import org.dspace.eperson.service.GroupService;
import org.dspace.workflow.WorkflowService; import org.dspace.workflow.WorkflowService;
import org.junit.Before; import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test; import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@@ -971,11 +970,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName())));
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void getCollectionDefaultItemReadGroupTestParentCommunityAdmin() throws Exception { public void getCollectionDefaultItemReadGroupTestParentCommunityAdmin() throws Exception {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
String itemGroupString = "ITEM"; String itemGroupString = "ITEM";
@@ -993,11 +988,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName())));
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void getCollectionDefaultItemReadGroupTestCollectionAdmin() throws Exception { public void getCollectionDefaultItemReadGroupTestCollectionAdmin() throws Exception {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
String itemGroupString = "ITEM"; String itemGroupString = "ITEM";
@@ -1120,13 +1111,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessParentCommunityAdmin() public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessParentCommunityAdmin()
throws Exception { throws Exception {
@@ -1161,12 +1146,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessCollectionAdmin() throws Exception { public void postCollectionDefaultItemReadGroupCreateDefaultItemReadGroupSuccessCollectionAdmin() throws Exception {
ObjectMapper mapper = new ObjectMapper(); ObjectMapper mapper = new ObjectMapper();
@@ -1475,11 +1455,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName())));
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void getCollectionDefaultBitstreamReadGroupTestParentCommunityAdmin() throws Exception { public void getCollectionDefaultBitstreamReadGroupTestParentCommunityAdmin() throws Exception {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
String bitstreamGroupString = "BITSTREAM"; String bitstreamGroupString = "BITSTREAM";
@@ -1497,11 +1473,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName()))); jsonPath("$", GroupMatcher.matchGroupEntry(role.getID(), role.getName())));
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void getCollectionDefaultBitstreamReadGroupTestCollectionAdmin() throws Exception { public void getCollectionDefaultBitstreamReadGroupTestCollectionAdmin() throws Exception {
context.turnOffAuthorisationSystem(); context.turnOffAuthorisationSystem();
String bitstreamGroupString = "BITSTREAM"; String bitstreamGroupString = "BITSTREAM";
@@ -1627,13 +1599,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessParentCommunityAdmin() public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessParentCommunityAdmin()
throws Exception { throws Exception {
@@ -1668,12 +1634,7 @@ public class CollectionGroupRestControllerIT extends AbstractControllerIntegrati
} }
// Put on ignore because there's no support to identify read rights on a group for a user in a special
// com/coll admin group
// Please refer to: https://jira.lyrasis.org/browse/DS-4505
@Test @Test
@Ignore
public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessCollectionAdmin() public void postCollectionDefaultBitstreamReadGroupCreateDefaultBitstreamReadGroupSuccessCollectionAdmin()
throws Exception { throws Exception {

44
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
View File

@@ -1915,18 +1915,18 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
String tokenAdminCol = getAuthToken(adminCol.getEmail(), password); String tokenAdminCol = getAuthToken(adminCol.getEmail(), password);
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
getClient(tokenAdminCol).perform(get("/api/eperson/epersons/search/byMetadata")
.param("query", "Rossi"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder(
EPersonMatcher.matchEPersonEntry(adminChild1),
EPersonMatcher.matchEPersonEntry(adminCol),
EPersonMatcher.matchEPersonEntry(col1Submitter)
)))
.andExpect(jsonPath("$.page.totalElements", is(3)));
for (String prop : confPropsCollectionAdmins) { for (String prop : confPropsCollectionAdmins) {
getClient(tokenAdminCol).perform(get("/api/eperson/epersons/search/byMetadata")
.param("query", "Rossi"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder(
EPersonMatcher.matchEPersonEntry(adminChild1),
EPersonMatcher.matchEPersonEntry(adminCol),
EPersonMatcher.matchEPersonEntry(col1Submitter)
)))
.andExpect(jsonPath("$.page.totalElements", is(3)));
configurationService.setProperty(prop, false); configurationService.setProperty(prop, false);
} }
@@ -1934,18 +1934,18 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
.param("query", "Rossi")) .param("query", "Rossi"))
.andExpect(status().isForbidden()); .andExpect(status().isForbidden());
getClient(tokenAdminComm).perform(get("/api/eperson/epersons/search/byMetadata")
.param("query", "Rossi"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder(
EPersonMatcher.matchEPersonEntry(adminChild1),
EPersonMatcher.matchEPersonEntry(adminCol),
EPersonMatcher.matchEPersonEntry(col1Submitter)
)))
.andExpect(jsonPath("$.page.totalElements", is(3)));
for (String prop : confPropsCommunityAdmins) { for (String prop : confPropsCommunityAdmins) {
getClient(tokenAdminComm).perform(get("/api/eperson/epersons/search/byMetadata")
.param("query", "Rossi"))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.epersons", Matchers.containsInAnyOrder(
EPersonMatcher.matchEPersonEntry(adminChild1),
EPersonMatcher.matchEPersonEntry(adminCol),
EPersonMatcher.matchEPersonEntry(col1Submitter)
)))
.andExpect(jsonPath("$.page.totalElements", is(3)));
configurationService.setProperty(prop, false); configurationService.setProperty(prop, false);
} }

335
dspace-server-webapp/src/test/java/org/dspace/app/rest/GroupRestRepositoryIT.java
View File

@@ -44,10 +44,12 @@ import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.rest.model.patch.ReplaceOperation; import org.dspace.app.rest.model.patch.ReplaceOperation;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest; import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.app.rest.test.MetadataPatchSuite; import org.dspace.app.rest.test.MetadataPatchSuite;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.authorize.service.ResourcePolicyService; import org.dspace.authorize.service.ResourcePolicyService;
import org.dspace.content.Collection; import org.dspace.content.Collection;
import org.dspace.content.Community; import org.dspace.content.Community;
import org.dspace.content.factory.ContentServiceFactory; import org.dspace.content.factory.ContentServiceFactory;
import org.dspace.content.service.CollectionService;
import org.dspace.content.service.CommunityService; import org.dspace.content.service.CommunityService;
import org.dspace.core.Constants; import org.dspace.core.Constants;
import org.dspace.eperson.EPerson; import org.dspace.eperson.EPerson;
@@ -70,6 +72,10 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
ResourcePolicyService resourcePolicyService; ResourcePolicyService resourcePolicyService;
@Autowired @Autowired
private ConfigurationService configurationService; private ConfigurationService configurationService;
@Autowired
private CollectionService collectionService;
@Autowired
private AuthorizeService authorizeService;
@Test @Test
public void createTest() public void createTest()
@@ -2061,17 +2067,17 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password);
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
getClient(tokenAdminCol).perform(get("/api/eperson/groups/search/byMetadata")
.param("query", group1.getName()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder(
GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()),
GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()),
GroupMatcher.matchGroupEntry(group3.getID(), group3.getName()))))
.andExpect(jsonPath("$.page.totalElements", is(3)));
for (String prop : confPropsCollectionAdmins) { for (String prop : confPropsCollectionAdmins) {
getClient(tokenAdminCol).perform(get("/api/eperson/groups/search/byMetadata")
.param("query", group1.getName()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder(
GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()),
GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()),
GroupMatcher.matchGroupEntry(group3.getID(), group3.getName()))))
.andExpect(jsonPath("$.page.totalElements", is(3)));
configurationService.setProperty(prop, false); configurationService.setProperty(prop, false);
} }
@@ -2079,17 +2085,17 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
.param("query", group1.getName())) .param("query", group1.getName()))
.andExpect(status().isForbidden()); .andExpect(status().isForbidden());
getClient(tokenAdminComm).perform(get("/api/eperson/groups/search/byMetadata")
.param("query", group1.getName()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder(
GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()),
GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()),
GroupMatcher.matchGroupEntry(group3.getID(), group3.getName()))))
.andExpect(jsonPath("$.page.totalElements", is(3)));
for (String prop : confPropsCommunityAdmins) { for (String prop : confPropsCommunityAdmins) {
getClient(tokenAdminComm).perform(get("/api/eperson/groups/search/byMetadata")
.param("query", group1.getName()))
.andExpect(status().isOk())
.andExpect(content().contentType(contentType))
.andExpect(jsonPath("$._embedded.groups",Matchers.containsInAnyOrder(
GroupMatcher.matchGroupEntry(group1.getID(), group1.getName()),
GroupMatcher.matchGroupEntry(group2.getID(), group2.getName()),
GroupMatcher.matchGroupEntry(group3.getID(), group3.getName()))))
.andExpect(jsonPath("$.page.totalElements", is(3)));
configurationService.setProperty(prop, false); configurationService.setProperty(prop, false);
} }
@@ -2098,6 +2104,57 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
.andExpect(status().isForbidden()); .andExpect(status().isForbidden());
} }
@Test
public void commAdminManageOwnerAdminGroupTest() throws Exception {
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
context.turnOffAuthorisationSystem();
EPerson adminChild1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Oliver", "Rossi")
.withEmail("adminChild1@example.com")
.withPassword(password)
.build();
EPerson submitter1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Carl", "Rossi")
.withEmail("submitter1@example.com")
.withPassword(password)
.build();
parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community")
.withAdminGroup(adminChild1)
.build();
Group groupAdmins = child1.getAdministrators();
context.restoreAuthSystemState();
String tokenCommAdmin = getAuthToken(adminChild1.getEmail(), password);
assertFalse(groupService.isMember(context, submitter1, groupAdmins));
getClient(tokenCommAdmin).perform(post("/api/eperson/groups/" + groupAdmins.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID()
))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter1, groupAdmins));
getClient(tokenCommAdmin).perform(delete("/api/eperson/groups/"
+ groupAdmins.getID() + "/epersons/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter1, groupAdmins));
}
@Test @Test
public void colAdminManageSubmitterGroupAndAdminGroupTest() throws Exception { public void colAdminManageSubmitterGroupAndAdminGroupTest() throws Exception {
@@ -2133,7 +2190,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
parentCommunity = CommunityBuilder.createCommunity(context) parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community") .withName("Parent Community")
.withAdminGroup(eperson)
.build(); .build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community") .withName("Sub Community")
@@ -2154,6 +2210,7 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password);
assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); assertFalse(groupService.isMember(context, submitter1, groupSubmitters));
assertFalse(groupService.isMember(context, submitter2, groupSubmitters));
getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons") getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE)) .contentType(parseMediaType(TEXT_URI_LIST_VALUE))
@@ -2218,7 +2275,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
parentCommunity = CommunityBuilder.createCommunity(context) parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community") .withName("Parent Community")
.withAdminGroup(eperson)
.build(); .build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community") .withName("Sub Community")
@@ -2264,7 +2320,7 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
} }
@Test @Test
public void commAdminManageSubmitterGroupAndAdminGroupTest() throws Exception { public void commAdminManageSunCollectionOfSubmittersAndAdminsTest() throws Exception {
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
@@ -2293,7 +2349,6 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
parentCommunity = CommunityBuilder.createCommunity(context) parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community") .withName("Parent Community")
.withAdminGroup(eperson)
.build(); .build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community") .withName("Sub Community")
@@ -2307,12 +2362,14 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
.build(); .build();
Group groupSubmitters = col1.getSubmitters(); Group groupSubmitters = col1.getSubmitters();
Group groupAdministrators = col1.getAdministrators();
context.restoreAuthSystemState(); context.restoreAuthSystemState();
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); assertFalse(groupService.isMember(context, submitter1, groupSubmitters));
assertFalse(groupService.isMember(context, submitter2, groupSubmitters));
getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons") getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE)) .contentType(parseMediaType(TEXT_URI_LIST_VALUE))
@@ -2324,10 +2381,25 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
assertTrue(groupService.isMember(context, submitter1, groupSubmitters)); assertTrue(groupService.isMember(context, submitter1, groupSubmitters));
assertTrue(groupService.isMember(context, submitter2, groupSubmitters)); assertTrue(groupService.isMember(context, submitter2, groupSubmitters));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/"
+ groupSubmitters.getID() + "/epersons/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter1, groupSubmitters));
assertTrue(groupService.isMember(context, submitter2, groupSubmitters));
assertTrue(groupService.isMember(context, adminCol1, groupAdministrators));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/"
+ groupAdministrators.getID() + "/epersons/" + adminCol1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, adminCol1, groupAdministrators));
} }
@Test @Test
public void commAdminDeleteColAdminFromAdminGroupTest() throws Exception { public void commAdminAndColAdminCanManageItemReadGroupTest() throws Exception {
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService(); GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
@@ -2348,10 +2420,14 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
.withEmail("submitter1@example.com") .withEmail("submitter1@example.com")
.withPassword(password) .withPassword(password)
.build(); .build();
EPerson submitter2 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Robert", "Clarks")
.withEmail("submitter2@example.com")
.withPassword(password)
.build();
parentCommunity = CommunityBuilder.createCommunity(context) parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community") .withName("Parent Community")
.withAdminGroup(eperson)
.build(); .build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity) Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community") .withName("Sub Community")
@@ -2364,30 +2440,207 @@ public class GroupRestRepositoryIT extends AbstractControllerIntegrationTest {
.withSubmitterGroup(eperson) .withSubmitterGroup(eperson)
.build(); .build();
Group groupAdministrators = col1.getAdministrators(); String itemGroupString = "ITEM";
Group groupSubmitters = col1.getSubmitters(); int defaultItemRead = Constants.DEFAULT_ITEM_READ;
Group itemReadGroup = collectionService.createDefaultReadGroup(context, col1, itemGroupString, defaultItemRead);
context.restoreAuthSystemState(); context.restoreAuthSystemState();
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password); String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
String tokenAdminCol = getAuthToken(adminCol1.getEmail(), password); String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password);
assertTrue(groupService.isMember(context, adminCol1, groupAdministrators)); assertFalse(groupService.isMember(context, submitter1, itemReadGroup));
assertFalse(groupService.isMember(context, submitter2, itemReadGroup));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/" getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + itemReadGroup.getID() + "/epersons")
+ groupAdministrators.getID() + "/epersons/" + adminCol1.getID())) .contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.andExpect(status().isNoContent()); .content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, adminCol1, groupAdministrators)); assertTrue(groupService.isMember(context, submitter1, itemReadGroup));
assertFalse(groupService.isMember(context, submitter1, groupSubmitters));
getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + groupSubmitters.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID()
))
.andExpect(status().isForbidden());
assertFalse(groupService.isMember(context, submitter1, groupSubmitters)); getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + itemReadGroup.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID()))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter2, itemReadGroup));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/"
+ itemReadGroup.getID() + "/epersons/" + submitter2.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter2, itemReadGroup));
getClient(tokenAdminCol).perform(delete("/api/eperson/groups/"
+ itemReadGroup.getID() + "/epersons/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter1, itemReadGroup));
} }
@Test
public void commAdminAndColAdminCanManageBitstreamReadGroupTest() throws Exception {
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
context.turnOffAuthorisationSystem();
EPerson adminChild1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Oliver", "Rossi")
.withEmail("adminChild1@example.com")
.withPassword(password)
.build();
EPerson adminCol1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("James", "Rossi")
.withEmail("adminCol1@example.com")
.withPassword(password)
.build();
EPerson submitter1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Carl", "Rossi")
.withEmail("submitter1@example.com")
.withPassword(password)
.build();
EPerson submitter2 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Robert", "Clarks")
.withEmail("submitter2@example.com")
.withPassword(password)
.build();
parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community")
.withAdminGroup(adminChild1)
.build();
Collection col1 = CollectionBuilder.createCollection(context, child1)
.withName("Collection 1")
.withAdminGroup(adminCol1)
.withSubmitterGroup(eperson)
.build();
String bitstreamGroupString = "BITSTREAM";
int defaultBitstreamRead = Constants.DEFAULT_BITSTREAM_READ;
Group bitstreamReadGroup = collectionService.createDefaultReadGroup(context, col1, bitstreamGroupString,
defaultBitstreamRead);
context.restoreAuthSystemState();
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password);
assertFalse(groupService.isMember(context, submitter1, bitstreamReadGroup));
assertFalse(groupService.isMember(context, submitter2, bitstreamReadGroup));
getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + bitstreamReadGroup.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter1, bitstreamReadGroup));
getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + bitstreamReadGroup.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID()))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter2, bitstreamReadGroup));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/"
+ bitstreamReadGroup.getID() + "/epersons/" + submitter2.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter2, bitstreamReadGroup));
getClient(tokenAdminCol).perform(delete("/api/eperson/groups/"
+ bitstreamReadGroup.getID() + "/epersons/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter1, bitstreamReadGroup));
}
@Test
public void commAdminAndColAdminCanManageWorkflowGroupsTest() throws Exception {
GroupService groupService = EPersonServiceFactory.getInstance().getGroupService();
context.turnOffAuthorisationSystem();
EPerson adminChild1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Oliver", "Rossi")
.withEmail("adminChild1@example.com")
.withPassword(password)
.build();
EPerson adminCol1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("James", "Rossi")
.withEmail("adminCol1@example.com")
.withPassword(password)
.build();
EPerson submitter1 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Carl", "Rossi")
.withEmail("submitter1@example.com")
.withPassword(password)
.build();
EPerson submitter2 = EPersonBuilder.createEPerson(context)
.withNameInMetadata("Robert", "Clarks")
.withEmail("submitter2@example.com")
.withPassword(password)
.build();
parentCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
.withName("Sub Community")
.withAdminGroup(adminChild1)
.build();
Collection col1 = CollectionBuilder.createCollection(context, child1)
.withName("Collection 1")
.withAdminGroup(adminCol1)
.withWorkflowGroup(1, eperson)
.withWorkflowGroup(2, eperson)
.build();
Group workflowGroupStep1 = col1.getWorkflowStep1(context);
Group workflowGroupStep2 = col1.getWorkflowStep2(context);
context.restoreAuthSystemState();
assertFalse(groupService.isMember(context, submitter1, workflowGroupStep1));
assertFalse(groupService.isMember(context, submitter2, workflowGroupStep2));
String tokenAdminComm = getAuthToken(adminChild1.getEmail(), password);
String tokenAdminCol = getAuthToken(adminChild1.getEmail(), password);
getClient(tokenAdminComm).perform(post("/api/eperson/groups/" + workflowGroupStep1.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter1, workflowGroupStep1));
getClient(tokenAdminCol).perform(post("/api/eperson/groups/" + workflowGroupStep2.getID() + "/epersons")
.contentType(parseMediaType(TEXT_URI_LIST_VALUE))
.content(REST_SERVER_URL + "eperson/groups/" + submitter2.getID()))
.andExpect(status().isNoContent());
assertTrue(groupService.isMember(context, submitter2, workflowGroupStep2));
getClient(tokenAdminComm).perform(delete("/api/eperson/groups/"
+ workflowGroupStep2.getID() + "/epersons/" + submitter2.getID()))
.andExpect(status().isNoContent());
getClient(tokenAdminCol).perform(delete("/api/eperson/groups/"
+ workflowGroupStep1.getID() + "/epersons/" + submitter1.getID()))
.andExpect(status().isNoContent());
assertFalse(groupService.isMember(context, submitter1, workflowGroupStep1));
assertFalse(groupService.isMember(context, submitter2, workflowGroupStep2));
}
} }