[Task 70478] applied feedback to the login as feature

dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/LoginOnBehalfOfFeature.java

@@ -17,6 +17,8 @@ import org.dspace.app.rest.model.EPersonRest;
 import org.dspace.app.rest.model.SiteRest;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.service.EPersonService;
 import org.dspace.services.ConfigurationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -38,9 +40,13 @@ public class LoginOnBehalfOfFeature implements AuthorizationFeature {
     @Autowired
     private ConfigurationService configurationService;
 
+    @Autowired
+    private EPersonService ePersonService;
+
     @Override
     public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
-        if (!StringUtils.equals(object.getType(), SiteRest.NAME)) {
+        if (!StringUtils.equals(object.getType(), SiteRest.NAME) &&
+            !StringUtils.equals(object.getType(), EPersonRest.NAME)) {
             return false;
         }
         if (!authorizeService.isAdmin(context)) {
@@ -49,6 +55,18 @@ public class LoginOnBehalfOfFeature implements AuthorizationFeature {
         if (!configurationService.getBooleanProperty("webui.user.assumelogin")) {
             return false;
         }
+        if (StringUtils.equals(object.getType(), EPersonRest.NAME)) {
+            EPersonRest ePersonRest = (EPersonRest) object;
+            EPerson currentUser = context.getCurrentUser();
+            if (StringUtils.equalsIgnoreCase(currentUser.getEmail(), ePersonRest.getEmail())) {
+                return false;
+            }
+
+            EPerson ePerson = ePersonService.findByEmail(context, ePersonRest.getEmail());
+            if (authorizeService.isAdmin(context, ePerson)) {
+                return false;
+            }
+        }
         return true;
     }
 

dspace-server-webapp/src/main/java/org/dspace/app/rest/security/StatelessAuthenticationFilter.java

@@ -88,6 +88,20 @@ public class StatelessAuthenticationFilter extends BasicAuthenticationFilter {
         chain.doFilter(req, res);
     }
 
+    /**
+     * This method will return a Pair instance with an Authentication object as the left side of the pair and a Boolean
+     * for the right side of the pair which will indicate whether there was an error in the OnBehalfOf parsing or not
+     * The Authentication object will be attempted to be for the eperson with the uuid in the parameter. Incase
+     * this is able to be done properly, we'll be giving a pair back with the EPerson Authentication in the left side
+     * and a false boolean as the right side.
+     * If the Authentication object returned is not null, we'll be logged in as this EPerson given through from the
+     * request. If the Boolean is true, we'll stop the execution and show a BadRequest error
+     * @param request       The current request
+     * @param res           The current response
+     * @return              A Pair instance with the Authentication object on the left side and the boolean
+     *                      indicating errors on the right side
+     * @throws IOException  If something goes wrong
+     */
     private Pair<Authentication, Boolean> getAuthentication(HttpServletRequest request, HttpServletResponse res)
         throws IOException {