DS-4413 fix checkstyle and add ITs for the withdraw, reinstate and cclicense feature

2025-10-07 01:54:22 +00:00 · 2020-02-16 16:59:29 +01:00
parent 214d7dfc9b
commit 4f20954e9d
33 changed files with 1095 additions and 327 deletions
--- a/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
+++ b/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
@@ -192,8 +192,8 @@ public class AuthorizeUtil {
    public static void authorizeManageCCLicense(Context context, Item item)
        throws AuthorizeException, SQLException {
        try {
-            authorizeService.authorizeAction(context, item, Constants.ADD);
-            authorizeService.authorizeAction(context, item, Constants.REMOVE);
+            authorizeService.authorizeAction(context, item, Constants.ADD, false);
+            authorizeService.authorizeAction(context, item, Constants.REMOVE, false);
        } catch (AuthorizeException authex) {
            if (AuthorizeConfiguration.canItemAdminManageCCLicense()) {
                authorizeService
@@ -202,8 +202,10 @@ public class AuthorizeUtil {
                authorizeService.authorizeAction(context, itemService
                    .getParentObject(context, item), Constants.ADMIN);
            } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) {
-                authorizeService.authorizeAction(context, itemService
-                    .getParentObject(context, item), Constants.ADMIN);
+                Collection collection = (Collection) itemService
+                    .getParentObject(context, item);
+                authorizeService.authorizeAction(context, collectionService.getParentObject(context, collection),
+                        Constants.ADMIN);
            } else {
                requireAdminRole(context);
            }
--- a/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java
+++ b/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java
@@ -7,7 +7,8 @@
 */
 package org.dspace.authorize;

-import org.dspace.core.ConfigurationManager;
+import org.dspace.services.ConfigurationService;
+import org.dspace.utils.DSpace;

 /**
 * This class is responsible to provide access to the configuration of the
@@ -16,164 +17,26 @@ import org.dspace.core.ConfigurationManager;
 * @author bollini
 */
 public class AuthorizeConfiguration {
-
-    private static boolean can_communityAdmin_group = ConfigurationManager
-        .getBooleanProperty("core.authorization.community-admin.group",
-                            true);
-
-    // subcommunities and collections
-    private static boolean can_communityAdmin_createSubelement = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.create-subelement",
-            true);
-
-    private static boolean can_communityAdmin_deleteSubelement = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.delete-subelement",
-            true);
-
-    private static boolean can_communityAdmin_policies = ConfigurationManager
-        .getBooleanProperty("core.authorization.community-admin.policies",
-                            true);
-
-    private static boolean can_communityAdmin_adminGroup = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.admin-group", true);
-
-    private static boolean can_communityAdmin_collectionPolicies = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.collection.policies",
-            true);
-
-    private static boolean can_communityAdmin_collectionTemplateItem = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.collection.template-item",
-            true);
-
-    private static boolean can_communityAdmin_collectionSubmitters = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.collection.submitters",
-            true);
-
-    private static boolean can_communityAdmin_collectionWorkflows = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.collection.workflows",
-            true);
-
-    private static boolean can_communityAdmin_collectionAdminGroup = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.collection.admin-group",
-            true);
-
-    private static boolean can_communityAdmin_itemDelete = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.delete", true);
-
-    private static boolean can_communityAdmin_itemWithdraw = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.withdraw", true);
-
-    private static boolean can_communityAdmin_itemReinstatiate = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.reinstatiate",
-            true);
-
-    private static boolean can_communityAdmin_itemPolicies = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.policies", true);
-
-    // # also bundle
-    private static boolean can_communityAdmin_itemCreateBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.create-bitstream",
-            true);
-
-    private static boolean can_communityAdmin_itemDeleteBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item.delete-bitstream",
-            true);
-
-    private static boolean can_communityAdmin_itemAdminccLicense = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.community-admin.item-admin.cc-license",
-            true);
-
-    // # COLLECTION ADMIN
-    private static boolean can_collectionAdmin_policies = ConfigurationManager
-        .getBooleanProperty("core.authorization.collection-admin.policies",
-                            true);
-
-    private static boolean can_collectionAdmin_templateItem = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.template-item", true);
-
-    private static boolean can_collectionAdmin_submitters = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.submitters", true);
-
-    private static boolean can_collectionAdmin_workflows = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.workflows", true);
-
-    private static boolean can_collectionAdmin_adminGroup = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.admin-group", true);
-
-    private static boolean can_collectionAdmin_itemDelete = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.delete", true);
-
-    private static boolean can_collectionAdmin_itemWithdraw = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.withdraw", true);
-
-    private static boolean can_collectionAdmin_itemReinstatiate = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.reinstatiate",
-            true);
-
-    private static boolean can_collectionAdmin_itemPolicies = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.policies", true);
-
-    // # also bundle
-    private static boolean can_collectionAdmin_itemCreateBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.create-bitstream",
-            true);
-
-    private static boolean can_collectionAdmin_itemDeleteBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item.delete-bitstream",
-            true);
-
-    private static boolean can_collectionAdmin_itemAdminccLicense = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.collection-admin.item-admin.cc-license",
-            true);
-
-    // # ITEM ADMIN
-    private static boolean can_itemAdmin_policies = ConfigurationManager
-        .getBooleanProperty("core.authorization.item-admin.policies", true);
-
-    // # also bundle
-    private static boolean can_itemAdmin_createBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.item-admin.create-bitstream", true);
-
-    private static boolean can_itemAdmin_deleteBitstream = ConfigurationManager
-        .getBooleanProperty(
-            "core.authorization.item-admin.delete-bitstream", true);
-
-    private static boolean can_itemAdmin_ccLicense = ConfigurationManager
-        .getBooleanProperty("core.authorization.item-admin.cc-license",
-                            true);
+    /**
+     * A static reference to the {@link ConfigurationService} see the init method for initialization
+     */
+    private static ConfigurationService configurationService;

    /**
     * Default constructor
     */
    private AuthorizeConfiguration() { }

+    /**
+     * Complete the initialization of the class retrieving a reference to the {@link ConfigurationService}. MUST be
+     * called at the start of each method
+     */
+    private synchronized static void init() {
+        if (configurationService != null) {
+            return;
+        }
+        configurationService = new DSpace().getConfigurationService();
+    }
    /**
     * Are community admins allowed to create new, not strictly community
     * related, group?
@@ -181,7 +44,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformGroupCreation() {
-        return can_communityAdmin_group;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.group", true);
    }

    /**
@@ -190,7 +54,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformSubelementCreation() {
-        return can_communityAdmin_createSubelement;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.create-subelement", true);
    }

    /**
@@ -199,7 +64,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformSubelementDeletion() {
-        return can_communityAdmin_deleteSubelement;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.delete-subelement", true);
    }

    /**
@@ -209,7 +75,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManagePolicies() {
-        return can_communityAdmin_policies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.policies", true);
    }

    /**
@@ -219,7 +86,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageAdminGroup() {
-        return can_communityAdmin_adminGroup;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.admin-group", true);
    }

    /**
@@ -229,7 +97,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCollectionPolicies() {
-        return can_communityAdmin_collectionPolicies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.collection.policies", true);
    }

    /**
@@ -239,7 +108,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCollectionTemplateItem() {
-        return can_communityAdmin_collectionTemplateItem;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.collection.template-item",
+                true);
    }

    /**
@@ -249,7 +120,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCollectionSubmitters() {
-        return can_communityAdmin_collectionSubmitters;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.collection.submitters",
+                true);
    }

    /**
@@ -259,7 +132,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCollectionWorkflows() {
-        return can_communityAdmin_collectionWorkflows;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.collection.workflows", true);
    }

    /**
@@ -269,7 +143,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCollectionAdminGroup() {
-        return can_communityAdmin_collectionAdminGroup;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.collection.admin-group",
+                true);
    }

    /**
@@ -278,7 +154,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformItemDeletion() {
-        return can_communityAdmin_itemDelete;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.delete", true);
    }

    /**
@@ -287,7 +164,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformItemWithdrawn() {
-        return can_communityAdmin_itemWithdraw;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.withdraw", true);
    }

    /**
@@ -297,7 +175,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformItemReinstatiate() {
-        return can_communityAdmin_itemReinstatiate;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.reinstatiate", true);
    }

    /**
@@ -307,7 +186,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageItemPolicies() {
-        return can_communityAdmin_itemPolicies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.policies", true);
    }

    /**
@@ -317,7 +197,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformBitstreamCreation() {
-        return can_communityAdmin_itemCreateBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.create-bitstream",
+                true);
    }

    /**
@@ -327,7 +209,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminPerformBitstreamDeletion() {
-        return can_communityAdmin_itemDeleteBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item.delete-bitstream",
+                true);
    }

    /**
@@ -337,7 +221,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCommunityAdminManageCCLicense() {
-        return can_communityAdmin_itemAdminccLicense;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.community-admin.item-admin.cc-license",
+                true);
    }

    /**
@@ -346,7 +232,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManagePolicies() {
-        return can_collectionAdmin_policies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.policies", true);
    }

    /**
@@ -356,7 +243,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageTemplateItem() {
-        return can_collectionAdmin_templateItem;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.template-item", true);
    }

    /**
@@ -366,7 +254,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageSubmitters() {
-        return can_collectionAdmin_submitters;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.submitters", true);
    }

    /**
@@ -376,7 +265,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageWorkflows() {
-        return can_collectionAdmin_workflows;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.workflows", true);
    }

    /**
@@ -386,7 +276,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageAdminGroup() {
-        return can_collectionAdmin_adminGroup;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.admin-group", true);
    }

    /**
@@ -395,7 +286,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminPerformItemDeletion() {
-        return can_collectionAdmin_itemDelete;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.delete", true);
    }

    /**
@@ -404,7 +296,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminPerformItemWithdrawn() {
-        return can_collectionAdmin_itemWithdraw;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.withdraw", true);
    }

    /**
@@ -414,7 +307,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminPerformItemReinstatiate() {
-        return can_collectionAdmin_itemReinstatiate;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.reinstatiate", true);
    }

    /**
@@ -424,7 +318,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageItemPolicies() {
-        return can_collectionAdmin_itemPolicies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.policies", true);
    }

    /**
@@ -434,7 +329,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminPerformBitstreamCreation() {
-        return can_collectionAdmin_itemCreateBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.create-bitstream",
+                true);
    }

    /**
@@ -444,7 +341,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminPerformBitstreamDeletion() {
-        return can_collectionAdmin_itemDeleteBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item.delete-bitstream",
+                true);
    }

    /**
@@ -454,7 +353,9 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canCollectionAdminManageCCLicense() {
-        return can_collectionAdmin_itemAdminccLicense;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.collection-admin.item-admin.cc-license",
+                true);
    }

    /**
@@ -463,7 +364,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canItemAdminManagePolicies() {
-        return can_itemAdmin_policies;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.item-admin.policies", true);
    }

    /**
@@ -472,7 +374,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canItemAdminPerformBitstreamCreation() {
-        return can_itemAdmin_createBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.item-admin.create-bitstream", true);
    }

    /**
@@ -481,7 +384,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canItemAdminPerformBitstreamDeletion() {
-        return can_itemAdmin_deleteBitstream;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.item-admin.delete-bitstream", true);
    }

    /**
@@ -490,7 +394,8 @@ public class AuthorizeConfiguration {
     * @return true/false
     */
    public static boolean canItemAdminManageCCLicense() {
-        return can_itemAdmin_ccLicense;
+        init();
+        return configurationService.getBooleanProperty("core.authorization.item-admin.cc-license", true);
    }

 }
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/Authorization.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/Authorization.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize;
+package org.dspace.app.rest.authorization;

 import org.dspace.content.Site;
 import org.dspace.discovery.FindableObject;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeature.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeature.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize;
+package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureDocumentation.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureDocumentation.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize;
+package org.dspace.app.rest.authorization;

 import java.lang.annotation.Documented;
 import java.lang.annotation.ElementType;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureService.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureService.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize;
+package org.dspace.app.rest.authorization;

 import java.sql.SQLException;
 import java.util.List;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationRestUtil.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationRestUtil.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize;
+package org.dspace.app.rest.authorization;

 import java.sql.SQLException;
 import java.util.UUID;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AuthorizationFeatureServiceImpl.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AuthorizationFeatureServiceImpl.java
@@ -5,7 +5,7 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize.impl;
+package org.dspace.app.rest.authorization.impl;

 import java.sql.SQLException;
 import java.util.List;
@@ -13,8 +13,8 @@ import java.util.stream.Collectors;

 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureService;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureService;
 import org.dspace.core.Context;
 import org.dspace.discovery.FindableObject;
 import org.springframework.beans.factory.annotation.Autowired;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CCLicenseFeature.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CCLicenseFeature.java
@@ -5,12 +5,12 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize.impl;
+package org.dspace.app.rest.authorization.impl;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
 import org.dspace.app.util.AuthorizeUtil;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Item;
@@ -19,14 +19,17 @@ import org.dspace.core.Context;
 import org.springframework.stereotype.Component;

 /**
- * The cclicense feature
+ * The cclicense feature. It can be used by administrators (or community/collection delegate) to manage the Creative
+ * Commons license for an item
 *
 * @author Andrea Bollini (andrea.bollini at 4science.it)
 */
@Component
-@AuthorizationFeatureDocumentation(name = "cclicense")
+@AuthorizationFeatureDocumentation(name = CCLicenseFeature.NAME)
 public class CCLicenseFeature implements AuthorizationFeature {

+    public static final String NAME = "cclicense";
+
    @Override
    public boolean isAuthorized(Context context, Object object) throws SQLException {
        if (!(object instanceof Item)) {
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReinstateFeature.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReinstateFeature.java
@@ -5,12 +5,12 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize.impl;
+package org.dspace.app.rest.authorization.impl;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
 import org.dspace.app.util.AuthorizeUtil;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Item;
@@ -19,21 +19,28 @@ import org.dspace.core.Context;
 import org.springframework.stereotype.Component;

 /**
- * The reinstate feature
+ * The reinstate feature. It can be used by administrators (or community/collection delegate) to reinstate an item that
+ * was previously withdrawn
 *
 * @author Andrea Bollini (andrea.bollini at 4science.it)
 */
@Component
-@AuthorizationFeatureDocumentation(name = "reinstateItem")
+@AuthorizationFeatureDocumentation(name = ReinstateFeature.NAME)
 public class ReinstateFeature implements AuthorizationFeature {

+    public static final String NAME = "reinstateItem";
+
    @Override
    public boolean isAuthorized(Context context, Object object) throws SQLException {
        if (!(object instanceof Item)) {
            return false;
        }
+        Item item = (Item) object;
+        if (!item.isWithdrawn()) {
+            return false;
+        }
        try {
-            AuthorizeUtil.authorizeReinstateItem(context, (Item) object);
+            AuthorizeUtil.authorizeReinstateItem(context, item);
        } catch (AuthorizeException e) {
            return false;
        }
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/WithdrawFeature.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/WithdrawFeature.java
@@ -5,12 +5,12 @@
 *
 * http://www.dspace.org/license/
 */
-package org.dspace.app.rest.authorize.impl;
+package org.dspace.app.rest.authorization.impl;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
 import org.dspace.app.util.AuthorizeUtil;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Item;
@@ -19,21 +19,27 @@ import org.dspace.core.Context;
 import org.springframework.stereotype.Component;

 /**
- * The withdrawn feature
+ * The withdrawn feature. It can be used by administrators (or community/collection delegate) to logically delete an
+ * item retiring it from the archive
 *
 * @author Andrea Bollini (andrea.bollini at 4science.it)
 */
@Component
-@AuthorizationFeatureDocumentation(name = "withdrawItem")
+@AuthorizationFeatureDocumentation(name = WithdrawFeature.NAME)
 public class WithdrawFeature implements AuthorizationFeature {
+    public final static String NAME = "withdrawItem";

    @Override
    public boolean isAuthorized(Context context, Object object) throws SQLException {
        if (!(object instanceof Item)) {
            return false;
        }
+        Item item = (Item) object;
+        if (!item.isArchived()) {
+            return false;
+        }
        try {
-            AuthorizeUtil.authorizeWithdrawItem(context, (Item) object);
+            AuthorizeUtil.authorizeWithdrawItem(context, item);
        } catch (AuthorizeException e) {
            return false;
        }
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java
@@ -7,7 +7,7 @@
 */
 package org.dspace.app.rest.converter;

-import org.dspace.app.rest.authorize.Authorization;
+import org.dspace.app.rest.authorization.Authorization;
 import org.dspace.app.rest.model.AuthorizationRest;
 import org.dspace.app.rest.projection.Projection;
 import org.springframework.beans.factory.annotation.Autowired;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java
@@ -10,7 +10,7 @@ package org.dspace.app.rest.converter;
 import java.util.ArrayList;
 import java.util.List;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
 import org.dspace.app.rest.model.AuthorizationFeatureRest;
 import org.dspace.app.rest.projection.Projection;
 import org.dspace.core.Constants;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java
@@ -11,8 +11,8 @@ import java.util.List;

 import org.dspace.app.rest.Parameter;
 import org.dspace.app.rest.SearchRestMethod;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureService;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureService;
 import org.dspace.app.rest.converter.ConverterService;
 import org.dspace.app.rest.model.AuthorizationFeatureRest;
 import org.dspace.core.Constants;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java
@@ -16,10 +16,10 @@ import java.util.UUID;
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.app.rest.Parameter;
 import org.dspace.app.rest.SearchRestMethod;
-import org.dspace.app.rest.authorize.Authorization;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureService;
-import org.dspace.app.rest.authorize.AuthorizationRestUtil;
+import org.dspace.app.rest.authorization.Authorization;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureService;
+import org.dspace.app.rest.authorization.AuthorizationRestUtil;
 import org.dspace.app.rest.converter.ConverterService;
 import org.dspace.app.rest.exception.RepositoryMethodNotImplementedException;
 import org.dspace.app.rest.exception.RepositoryNotFoundException;
@@ -56,19 +56,19 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat

    @Autowired
    private AuthorizationRestUtil authorizationRestUtil;
-    
+
    @Autowired
    private AuthorizeService authorizeService;
-    
+
    @Autowired
    private EPersonService epersonService;

    @Autowired
    protected ConverterService converter;
-    
+
    @Autowired
    ConfigurationService configurationService;
-    
+
    @Override
    @PreAuthorize("hasPermission(#id, 'authorization', 'READ')")
    public AuthorizationRest findOne(Context context, String id) {
@@ -149,30 +149,29 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
    @PreAuthorize("#epersonUuid==null || hasPermission(#epersonUuid, 'EPERSON', 'READ')")
    @SearchRestMethod(name = "object")
    public Page<AuthorizationRest> findByObject(@Parameter(value = "uri", required = true) String uri,
-            @Parameter(value = "eperson") UUID epersonUuid, 
+            @Parameter(value = "eperson") UUID epersonUuid,
            Pageable pageable) throws AuthorizeException, SQLException {
        Context context = obtainContext();
        FindableObject obj = getObject(context, uri);
        if (obj == null) {
            return null;
        }
-        
+
        EPerson currUser = context.getCurrentUser();
        EPerson user = currUser;
-        
+
        if (epersonUuid != null) {
            if (context.getCurrentUser() == null) {
-                throw new AuthorizeException("attempt to anonymously access the authorization of the eperson " + epersonUuid);
-            }
-            else {
+                throw new AuthorizeException("attempt to anonymously access the authorization of the eperson "
+                        + epersonUuid);
+            } else {
                if (!authorizeService.isAdmin(context) && !epersonUuid.equals(currUser.getID())) {
                    throw new AuthorizeException("attempt to access the authorization of the eperson " + epersonUuid
                            + " only system administrators can see the authorization of other users");
                }
                user = epersonService.find(context, epersonUuid);
            }
-        }
-        else {
+        } else {
            user = null;
        }
        context.setCurrentUser(user);
@@ -186,7 +185,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
        context.setCurrentUser(currUser);
        return converter.toRestPage(utils.getPage(authorizations, pageable), utils.obtainProjection(true));
    }
-    
+
    /**
     * It returns the authorization related to the requested feature if granted to the specified eperson or to the
     * anonymous user. Only administrators and the user identified by the epersonUuid parameter can access this method
@@ -211,30 +210,28 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
    @SearchRestMethod(name = "objectAndFeature")
    public AuthorizationRest findByObjectAndFeature(@Parameter(value = "uri", required = true) String uri,
            @Parameter(value = "eperson") UUID epersonUuid,
-            @Parameter(value="feature", required = true) String featureName, 
+            @Parameter(value = "feature", required = true) String featureName,
            Pageable pageable) throws AuthorizeException, SQLException {
        Context context = obtainContext();
        FindableObject obj = getObject(context, uri);
        if (obj == null) {
            return null;
        }
-        
+
        EPerson currUser = context.getCurrentUser();
        EPerson user = currUser;
-        
        if (epersonUuid != null) {
            if (context.getCurrentUser() == null) {
-                throw new AuthorizeException("attempt to anonymously access the authorization of the eperson " + epersonUuid);
-            }
-            else {
+                throw new AuthorizeException("attempt to anonymously access the authorization of the eperson "
+                        + epersonUuid);
+            } else {
                if (!authorizeService.isAdmin(context) && !epersonUuid.equals(currUser.getID())) {
                    throw new AuthorizeException("attempt to access the authorization of the eperson " + epersonUuid
                            + " only system administrators can see the authorization of other users");
                }
                user = epersonService.find(context, epersonUuid);
            }
-        }
-        else {
+        } else {
            user = null;
        }
        context.setCurrentUser(user);
@@ -250,17 +247,18 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
        context.setCurrentUser(currUser);
        return authorizationRest;
    }
-    
+
    private FindableObject getObject(Context context, String uri) throws SQLException {
        String dspaceUrl = configurationService.getProperty("dspace.baseUrl");
        if (!StringUtils.startsWith(uri, dspaceUrl)) {
            throw new IllegalArgumentException("the supplied uri is not valid:" + uri);
        }
-        String[] uriParts = uri.substring(dspaceUrl.length() + (dspaceUrl.endsWith("/")?0:1) + "api/".length()).split("/", 3);
+        String[] uriParts = uri.substring(dspaceUrl.length() + (dspaceUrl.endsWith("/") ? 0 : 1) + "api/".length())
+                .split("/", 3);
        if (uriParts.length != 3) {
            throw new IllegalArgumentException("the supplied uri is not valid:" + uri);
        }
-        
+
        DSpaceRestRepository repository;
        try {
            repository = utils.getResourceRepository(uriParts[0], uriParts[1]);
@@ -270,7 +268,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository<Authorizat
        } catch (RepositoryNotFoundException e) {
            throw new IllegalArgumentException("the supplied uri is not valid:" + uri, e);
        }
-        
+
        Serializable pk;
        try {
            pk = utils.castToPKClass((FindableObjectRepository) repository, uriParts[2]);
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceObjectRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceObjectRestRepository.java
@@ -82,12 +82,12 @@ public abstract class DSpaceObjectRestRepository<M extends DSpaceObject, R exten
            metadataConverter.setMetadata(obtainContext(), dso, dsoRest.getMetadata());
        }
    }
-    
+
    @Override
    public M findDomainObjectByPk(Context context, UUID uuid) throws SQLException {
        return dsoService.find(context, uuid);
    }
-    
+
    @Override
    public Class<UUID> getPKClass() {
        return UUID.class;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java
@@ -29,7 +29,6 @@ import org.dspace.app.util.DCInputsReaderException;
 import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.service.MetadataFieldService;
 import org.dspace.core.Context;
-import org.dspace.discovery.FindableObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.Pageable;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java
@@ -77,7 +77,7 @@ import gr.ekt.bte.exceptions.MalformedSourceException;
 * @author Andrea Bollini (andrea.bollini at 4science.it)
 */
@Component(WorkspaceItemRest.CATEGORY + "." + WorkspaceItemRest.NAME)
-public class WorkspaceItemRestRepository extends DSpaceRestRepository<WorkspaceItemRest, Integer> 
+public class WorkspaceItemRestRepository extends DSpaceRestRepository<WorkspaceItemRest, Integer>
    implements FindableObjectRepository<WorkspaceItem, Integer> {

    public static final String OPERATION_PATH_SECTIONS = "sections";
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java
@@ -11,7 +11,7 @@ import java.io.Serializable;
 import java.sql.SQLException;

 import org.apache.commons.lang3.StringUtils;
-import org.dspace.app.rest.authorize.AuthorizationRestUtil;
+import org.dspace.app.rest.authorization.AuthorizationRestUtil;
 import org.dspace.app.rest.model.AuthorizationRest;
 import org.dspace.app.rest.utils.ContextUtil;
 import org.dspace.authorize.service.AuthorizeService;
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java
@@ -102,7 +102,7 @@ public class Utils {

    @Autowired
    RequestService requestService;
-    
+
    @Autowired
    @Qualifier("defaultConversionService")
    ConversionService conversionService;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java
@@ -19,7 +19,8 @@ import java.util.List;
 import java.util.concurrent.atomic.AtomicReference;

 import com.jayway.jsonpath.matchers.JsonPathMatchers;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
+
+import org.dspace.app.rest.authorization.AuthorizationFeature;
 import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
 import org.dspace.core.Constants;
 import org.hamcrest.Matchers;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java
@@ -16,16 +16,17 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 import java.io.Serializable;
 import java.util.UUID;

+import com.jayway.jsonpath.matchers.JsonPathMatchers;
 import org.dspace.app.rest.authorization.AlwaysFalseFeature;
 import org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature;
 import org.dspace.app.rest.authorization.AlwaysTrueFeature;
+import org.dspace.app.rest.authorization.Authorization;
+import org.dspace.app.rest.authorization.AuthorizationFeature;
+import org.dspace.app.rest.authorization.AuthorizationFeatureService;
+import org.dspace.app.rest.authorization.AuthorizationRestUtil;
 import org.dspace.app.rest.authorization.TrueForAdminsFeature;
 import org.dspace.app.rest.authorization.TrueForLoggedUsersFeature;
 import org.dspace.app.rest.authorization.TrueForTestUsersFeature;
-import org.dspace.app.rest.authorize.Authorization;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureService;
-import org.dspace.app.rest.authorize.AuthorizationRestUtil;
 import org.dspace.app.rest.builder.CommunityBuilder;
 import org.dspace.app.rest.builder.EPersonBuilder;
 import org.dspace.app.rest.converter.ConverterService;
@@ -47,10 +48,6 @@ import org.hamcrest.Matchers;
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.test.web.servlet.ResultHandler;
-import org.springframework.test.web.servlet.ResultMatcher;
-
-import com.jayway.jsonpath.matchers.JsonPathMatchers;

 /**
 * Test suite for the Authorization endpoint
@@ -68,13 +65,13 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration

    @Autowired
    private ConverterService converterService;
-    
+
    @Autowired
    private ConfigurationService configurationService;
-    
+
    @Autowired
    private Utils utils;
-    
+
    private SiteService siteService;

    private AuthorizationFeature alwaysTrue;
@@ -335,7 +332,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);
        // verify that it works for administrators
@@ -361,11 +358,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                            JsonPathMatchers.hasJsonPath("$.id",
                                    Matchers.anyOf(
                                            Matchers.startsWith(admin.getID().toString()),
-                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))        
+                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))
                                    )
                    )
            )
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(3)));

@@ -393,11 +391,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                            JsonPathMatchers.hasJsonPath("$.id",
                                    Matchers.anyOf(
                                            Matchers.startsWith(eperson.getID().toString()),
-                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))        
+                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))
                                    )
                    )
            )
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(2)));

@@ -416,7 +415,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                                                is(alwaysFalse.getName()),
                                                is(alwaysException.getName()),
                                                is(trueForTestUsers.getName()),
-                                                // this guarantee that we are looking to the eperson 
+                                                // this guarantee that we are looking to the eperson
                                                // authz and not to the admin ones
                                                is(trueForAdmins.getName())
                                            )
@@ -425,14 +424,15 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                                    Matchers.hasItem(is("authorization"))),
                            JsonPathMatchers.hasJsonPath("$.id",
                                    Matchers.anyOf(
-                                            // this guarantee that we are looking to the eperson 
+                                            // this guarantee that we are looking to the eperson
                                            // authz and not to the admin ones
                                            Matchers.startsWith(eperson.getID().toString()),
-                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))        
+                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))
                                    )
                    )
            )
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(2)));

@@ -457,11 +457,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                            JsonPathMatchers.hasJsonPath("$.id",
                                    Matchers.anyOf(
                                            Matchers.startsWith(eperson.getID().toString()),
-                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))        
+                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))
                                    )
                    )
            )
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(1)));

@@ -486,11 +487,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                            JsonPathMatchers.hasJsonPath("$.id",
                                    Matchers.anyOf(
                                            Matchers.startsWith(eperson.getID().toString()),
-                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))        
+                                            Matchers.endsWith(site.getType() + "_" + site.getID()))))
                                    )
                    )
            )
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(1)));
    }
@@ -504,7 +506,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
     */
    public void findByNotExistingObjectTest() throws Exception {
        String wrongSiteUri = "http://localhost/api/core/sites/" + UUID.randomUUID();
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);
        // verify that it works for administrators, no result
@@ -514,7 +516,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("eperson", admin.getID().toString()))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations")))
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", is(0)));

@@ -525,7 +528,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("eperson", eperson.getID().toString()))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations")))
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", is(0)));

@@ -535,7 +539,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("eperson", eperson.getID().toString()))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations")))
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", is(0)));

@@ -544,7 +549,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("uri", wrongSiteUri))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations")))
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", is(0)));

@@ -553,7 +559,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("uri", wrongSiteUri))
            .andExpect(status().isOk())
            .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations")))
-            .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object")))
+            .andExpect(jsonPath("$._links.self.href",
+                    Matchers.containsString("/api/authz/authorizations/search/object")))
            .andExpect(jsonPath("$.page.size", is(20)))
            .andExpect(jsonPath("$.page.totalElements", is(0)));
    }
@@ -571,7 +578,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                "http://localhost/api/wrongcategory/wrongmodel/1",
                "http://localhost/api/core/sites/this-is-not-an-uuid"
        };
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);

@@ -583,31 +590,31 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                    .param("uri", invalidUri)
                    .param("eperson", admin.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for normal loggedin users with an invalid or missing uri
            String epersonToken = getAuthToken(eperson.getEmail(), password);
            getClient(epersonToken).perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri)
                    .param("eperson", eperson.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for administators inspecting other users with an invalid or missing uri
            getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri)
                    .param("eperson", eperson.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for anonymous users with an invalid or missing uri
            getClient().perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for administrators inspecting anonymous users with an invalid or missing uri
            getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri))
                .andExpect(status().isBadRequest());
        }
-        //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged        
+        //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged
        //        getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
        //                .param("eperson", admin.getID().toString()))
        //            .andExpect(status().isBadRequest());
@@ -633,7 +640,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);

@@ -689,7 +696,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // verify that it works for administrators
        String adminToken = getAuthToken(admin.getEmail(), password);
        getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
@@ -735,7 +742,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        CommunityRest comRest = converterService.toRest(com, converterService.getProjection(DefaultProjection.NAME));
        String comUri = utils.linkToSingleResource(comRest, "self").getHref();
        context.restoreAuthSystemState();
-        
+
        // verify that it works for administrators
        String adminToken = getAuthToken(admin.getEmail(), password);
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
@@ -745,7 +752,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
            .andExpect(status().isOk())
            .andExpect(jsonPath("$.type", is("authorization")))
            .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName())))
-            .andExpect(jsonPath("$.id",Matchers.is(admin.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID())));
+                .andExpect(jsonPath("$.id", Matchers.is(admin.getID().toString() + "_" + alwaysTrue.getName() + "_"
+                        + com.getType() + "_" + com.getID())));

        // verify that it works for normal loggedin users
        String epersonToken = getAuthToken(eperson.getEmail(), password);
@@ -756,7 +764,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
            .andExpect(status().isOk())
            .andExpect(jsonPath("$.type", is("authorization")))
            .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName())))
-            .andExpect(jsonPath("$.id",Matchers.is(eperson.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID())));
+                .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_" + alwaysTrue.getName() + "_"
+                        + com.getType() + "_" + com.getID())));

        // verify that it works for administators inspecting other users
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
@@ -766,7 +775,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
            .andExpect(status().isOk())
            .andExpect(jsonPath("$.type", is("authorization")))
            .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName())))
-            .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID())));
+                .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_" + alwaysTrue.getName() + "_"
+                        + com.getType() + "_" + com.getID())));

        // verify that it works for anonymous users
        getClient().perform(get("/api/authz/authorizations/search/objectAndFeature")
@@ -797,7 +807,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // verify that it works for administrators
        String adminToken = getAuthToken(admin.getEmail(), password);
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
@@ -846,7 +856,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);
        // verify that it works for administrators, no result
@@ -856,7 +866,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("feature", alwaysTrue.getName())
                .param("eperson", admin.getID().toString()))
            .andExpect(status().isNoContent());
-        
+
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
                .param("uri", siteUri)
                .param("feature", "not-existing-feature")
@@ -876,7 +886,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("feature", "not-existing-feature")
                .param("eperson", eperson.getID().toString()))
            .andExpect(status().isNoContent());
-        
+
        // verify that it works for administators inspecting other users
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
                .param("uri", wrongSiteUri)
@@ -889,7 +899,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("feature", "not-existing-feature")
                .param("eperson", eperson.getID().toString()))
            .andExpect(status().isNoContent());
-        
+
        // verify that it works for anonymous users
        getClient().perform(get("/api/authz/authorizations/search/objectAndFeature")
                .param("uri", wrongSiteUri)
@@ -900,13 +910,13 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                .param("uri", siteUri)
                .param("feature", "not-existing-feature"))
            .andExpect(status().isNoContent());
-        
+
        // verify that it works for administrators inspecting anonymous users
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
                .param("uri", wrongSiteUri)
                .param("feature", alwaysTrue.getName()))
            .andExpect(status().isNoContent());
-        
+
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
                .param("uri", siteUri)
                .param("feature", "not-existing-feature"))
@@ -942,7 +952,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                    .param("feature", alwaysTrue.getName())
                    .param("eperson", admin.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for normal loggedin users with an invalid or missing uri
            String epersonToken = getAuthToken(eperson.getEmail(), password);
            getClient(epersonToken).perform(get("/api/authz/authorizations/search/object")
@@ -950,28 +960,28 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
                    .param("feature", alwaysTrue.getName())
                    .param("eperson", eperson.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for administators inspecting other users with an invalid or missing uri
            getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri)
                    .param("feature", alwaysTrue.getName())
                    .param("eperson", eperson.getID().toString()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for anonymous users with an invalid or missing uri
            getClient().perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri)
                    .param("feature", alwaysTrue.getName()))
                .andExpect(status().isBadRequest());
-    
+
            // verify that it works for administrators inspecting anonymous users with an invalid or missing uri
            getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
                    .param("uri", invalidUri)
                    .param("feature", alwaysTrue.getName()))
                .andExpect(status().isBadRequest());
        }
-        
-        //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged        
+
+        //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged
        //        getClient(adminToken).perform(get("/api/authz/authorizations/search/object")
        //                .param("eperson", admin.getID().toString()))
        //            .andExpect(status().isBadRequest());
@@ -1016,7 +1026,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // disarm the alwaysThrowExceptionFeature
        configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true);

@@ -1076,7 +1086,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration
        Site site = siteService.findSite(context);
        SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME));
        String siteUri = utils.linkToSingleResource(siteRest, "self").getHref();
-        
+
        // verify that it works for administrators
        String adminToken = getAuthToken(admin.getEmail(), password);
        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java
@@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.springframework.stereotype.Component;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java
@@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.dspace.services.ConfigurationService;
@@ -32,7 +30,7 @@ public class AlwaysThrowExceptionFeature implements AuthorizationFeature {

    @Autowired
    private ConfigurationService configurationService;
-    
+
    @Override
    /**
     * This check will throw a runtime exception except if the
@@ -40,7 +38,8 @@ public class AlwaysThrowExceptionFeature implements AuthorizationFeature {
     * configuration service. In this case it will return false
     */
    public boolean isAuthorized(Context context, Object object) throws SQLException {
-        if (!configurationService.getBooleanProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", false)) {
+        if (!configurationService
+                .getBooleanProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", false)) {
            throw new  RuntimeException("Sometimes things go wrong and we should not hide it");
        }
        return false;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java
@@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.springframework.stereotype.Component;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CCLicenseFeatureRestIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CCLicenseFeatureRestIT.java
@@ -0,0 +1,266 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest.authorization;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.dspace.app.rest.authorization.impl.CCLicenseFeature;
+import org.dspace.app.rest.builder.CollectionBuilder;
+import org.dspace.app.rest.builder.CommunityBuilder;
+import org.dspace.app.rest.builder.ItemBuilder;
+import org.dspace.app.rest.builder.ResourcePolicyBuilder;
+import org.dspace.app.rest.converter.ConverterService;
+import org.dspace.app.rest.matcher.AuthorizationMatcher;
+import org.dspace.app.rest.model.ItemRest;
+import org.dspace.app.rest.projection.DefaultProjection;
+import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
+import org.dspace.app.rest.utils.Utils;
+import org.dspace.authorize.ResourcePolicy;
+import org.dspace.content.Collection;
+import org.dspace.content.Community;
+import org.dspace.content.Item;
+import org.dspace.core.Constants;
+import org.dspace.services.ConfigurationService;
+import org.hamcrest.Matchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Test suite for the ccLicense feature
+ * 
+ * @author Andrea Bollini (andrea.bollini at 4science.it)
+ *
+ */
+public class CCLicenseFeatureRestIT extends AbstractControllerIntegrationTest {
+
+    @Autowired
+    private AuthorizationFeatureService authorizationFeatureService;
+
+    @Autowired
+    private ConverterService converterService;
+
+    @Autowired
+    private ConfigurationService configurationService;
+
+    @Autowired
+    private Utils utils;
+
+    private AuthorizationFeature ccLicenseFeature;
+
+    @Override
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+        ccLicenseFeature = authorizationFeatureService.find(CCLicenseFeature.NAME);
+    }
+
+    @Test
+    public void authorizedAsAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminCCLicense = new Authorization(admin, ccLicenseFeature, item);
+
+        // access the authorization for the admin user
+        String adminToken = getAuthToken(admin.getEmail(), password);
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", admin.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+    }
+
+    @Test
+    public void checkAuthorizationAsCommunityAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson)
+                .build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item);
+
+        // access the authorization for the community admin user
+        String comAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        // verify that the property core.authorization.collection-admin.item-admin.cc-license = false is respected
+        // the community admins should be still authorized
+        configurationService.setProperty("core.authorization.item-admin.cc-license", false);
+        configurationService.setProperty("core.authorization.collection-admin.item-admin.cc-license", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$",
+                        Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("eperson", eperson.getID().toString())
+            .param("feature", ccLicenseFeature.getName()))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$",
+                Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        // now verify that the property core.authorization.community-admin.item-admin.cc-license = false is respected
+        // and also community admins are blocked
+        // Please note that set to false the configuration for community keeping true for collection don't
+        // make any sense as a community admin is always also a collection admin
+        configurationService.setProperty("core.authorization.community-admin.item-admin.cc-license", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void checkAuthorizationAsCollectionAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection")
+                .withAdminGroup(eperson).build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item);
+
+        // access the authorization for the admin user
+        String colAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+        // verify that the property core.authorization.collection-admin.item-admin.cc-license = false is respected
+        configurationService.setProperty("core.authorization.item-admin.cc-license", false);
+        configurationService.setProperty("core.authorization.collection-admin.item-admin.cc-license", false);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void checkAuthorizationAsItemAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        ResourcePolicy resource = ResourcePolicyBuilder.createResourcePolicy(context).withAction(Constants.ADMIN)
+                .withUser(eperson).withDspaceObject(item).build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item);
+
+        // access the authorization for the admin user
+        String itemAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(itemAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+
+        getClient(itemAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense))));
+        // verify that the property core.authorization.item-admin.cc-license = false is respected
+        configurationService.setProperty("core.authorization.item-admin.cc-license", false);
+        getClient(itemAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(itemAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void notAuthorizedTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authEpersonCCLicense = new Authorization(eperson, ccLicenseFeature, item);
+        Authorization authAnonymousCCLicense = new Authorization(null, ccLicenseFeature, item);
+
+        // check the authorization for a normal user
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+        getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonCCLicense.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", ccLicenseFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        // check the authorization for the anonymous user
+        getClient().perform(get("/api/authz/authorizations/" + authAnonymousCCLicense.getID()))
+                .andExpect(status().isNotFound());
+
+        getClient().perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("feature", ccLicenseFeature.getName()))
+        .andExpect(status().isNoContent());
+    }
+}
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/ReinstateFeatureRestIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/ReinstateFeatureRestIT.java
@@ -0,0 +1,281 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest.authorization;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.dspace.app.rest.authorization.impl.ReinstateFeature;
+import org.dspace.app.rest.builder.CollectionBuilder;
+import org.dspace.app.rest.builder.CommunityBuilder;
+import org.dspace.app.rest.builder.ItemBuilder;
+import org.dspace.app.rest.builder.WorkflowItemBuilder;
+import org.dspace.app.rest.builder.WorkspaceItemBuilder;
+import org.dspace.app.rest.converter.ConverterService;
+import org.dspace.app.rest.matcher.AuthorizationMatcher;
+import org.dspace.app.rest.model.ItemRest;
+import org.dspace.app.rest.projection.DefaultProjection;
+import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
+import org.dspace.app.rest.utils.Utils;
+import org.dspace.content.Collection;
+import org.dspace.content.Community;
+import org.dspace.content.Item;
+import org.dspace.content.WorkspaceItem;
+import org.dspace.services.ConfigurationService;
+import org.dspace.workflow.WorkflowItem;
+import org.hamcrest.Matchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Test suite for the reinstateItem feature
+ * 
+ * @author Andrea Bollini (andrea.bollini at 4science.it)
+ *
+ */
+public class ReinstateFeatureRestIT extends AbstractControllerIntegrationTest {
+
+    @Autowired
+    private AuthorizationFeatureService authorizationFeatureService;
+
+    @Autowired
+    private ConverterService converterService;
+
+    @Autowired
+    private ConfigurationService configurationService;
+
+    @Autowired
+    private Utils utils;
+
+    private AuthorizationFeature reinstateFeature;
+
+    @Override
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+        reinstateFeature = authorizationFeatureService.find(ReinstateFeature.NAME);
+    }
+
+    @Test
+    public void authorizedAsAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(admin, reinstateFeature, item);
+
+        // access the authorization for the admin user
+        String adminToken = getAuthToken(admin.getEmail(), password);
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", admin.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+    }
+
+    @Test
+    public void checkAuthorizationAsCommunityAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson)
+                .build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(eperson, reinstateFeature, item);
+
+        // access the authorization for the community admin user
+        String comAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        // verify that the property core.authorization.collection-admin.item.reinstatiate = false is respected
+        // the community admins should be still authorized
+        configurationService.setProperty("core.authorization.collection-admin.item.reinstatiate", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$",
+                        Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("eperson", eperson.getID().toString())
+            .param("feature", reinstateFeature.getName()))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$",
+                Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        // now verify that the property core.authorization.community-admin.item.reinstatiate = false is respected
+        // and also community admins are blocked
+        // Please note that set to false the configuration for community keeping true for collection don't
+        // make any sense as a community admin is always also a collection admin
+        configurationService.setProperty("core.authorization.community-admin.item.reinstatiate", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void checkAuthorizationAsCollectionAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection")
+                .withAdminGroup(eperson).build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(eperson, reinstateFeature, item);
+
+        // access the authorization for the admin user
+        String colAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+        // verify that the property core.authorization.collection-admin.item.reinstatiate = false is respected
+        configurationService.setProperty("core.authorization.collection-admin.item.reinstatiate", false);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void notAuthorizedTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authEpersonWithdraw = new Authorization(eperson, reinstateFeature, item);
+        Authorization authAnonymousWithdraw = new Authorization(null, reinstateFeature, item);
+
+        // check the authorization for a normal user
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+        getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        // check the authorization for the anonymous user
+        getClient().perform(get("/api/authz/authorizations/" + authAnonymousWithdraw.getID()))
+                .andExpect(status().isNotFound());
+
+        getClient().perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("feature", reinstateFeature.getName()))
+        .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void notAuthorizedInvalidStateTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection")
+                .withWorkflowGroup(1, eperson).build();
+
+        Item archivedItem = ItemBuilder.createItem(context, col).withTitle("Item already in archive").build();
+        WorkspaceItem wsItem = WorkspaceItemBuilder.createWorkspaceItem(context, col).withTitle("A workspace item")
+                .build();
+        WorkflowItem wfItem = WorkflowItemBuilder.createWorkflowItem(context, col).withTitle("A workflow item").build();
+        context.restoreAuthSystemState();
+
+        ItemRest archivedItemRest = converterService.toRest(archivedItem,
+                converterService.getProjection(DefaultProjection.NAME));
+        String archivedItemUri = utils.linkToSingleResource(archivedItemRest, "self").getHref();
+        ItemRest wsItemRest = converterService.toRest(wsItem.getItem(),
+                converterService.getProjection(DefaultProjection.NAME));
+        String wsItemUri = utils.linkToSingleResource(wsItemRest, "self").getHref();
+        ItemRest wfItemRest = converterService.toRest(wfItem.getItem(),
+                converterService.getProjection(DefaultProjection.NAME));
+        String wfItemUri = utils.linkToSingleResource(wfItemRest, "self").getHref();
+
+        Authorization authWithdrawnItem = new Authorization(admin, reinstateFeature, archivedItem);
+        Authorization authWsItem = new Authorization(admin, reinstateFeature, wsItem.getItem());
+        Authorization authWFItem = new Authorization(admin, reinstateFeature, wfItem.getItem());
+        // nor the admin should be authorized to reinstate the previous items
+        String adminToken = getAuthToken(admin.getEmail(), password);
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWithdrawnItem.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", archivedItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWsItem.getID()))
+            .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", wsItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWFItem.getID()))
+            .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", wfItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", reinstateFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+}
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java
@@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java
@@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization;

 import java.sql.SQLException;

-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.springframework.stereotype.Component;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java
@@ -10,8 +10,6 @@ package org.dspace.app.rest.authorization;
 import java.sql.SQLException;

 import org.apache.commons.lang3.StringUtils;
-import org.dspace.app.rest.authorize.AuthorizationFeature;
-import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.springframework.stereotype.Component;
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/WithdrawFeatureRestIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/WithdrawFeatureRestIT.java
@@ -0,0 +1,282 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest.authorization;
+
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.dspace.app.rest.authorization.impl.WithdrawFeature;
+import org.dspace.app.rest.builder.CollectionBuilder;
+import org.dspace.app.rest.builder.CommunityBuilder;
+import org.dspace.app.rest.builder.ItemBuilder;
+import org.dspace.app.rest.builder.WorkflowItemBuilder;
+import org.dspace.app.rest.builder.WorkspaceItemBuilder;
+import org.dspace.app.rest.converter.ConverterService;
+import org.dspace.app.rest.matcher.AuthorizationMatcher;
+import org.dspace.app.rest.model.ItemRest;
+import org.dspace.app.rest.projection.DefaultProjection;
+import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
+import org.dspace.app.rest.utils.Utils;
+import org.dspace.content.Collection;
+import org.dspace.content.Community;
+import org.dspace.content.Item;
+import org.dspace.content.WorkspaceItem;
+import org.dspace.services.ConfigurationService;
+import org.dspace.workflow.WorkflowItem;
+import org.hamcrest.Matchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Test suite for the withdrawItem feature
+ * 
+ * @author Andrea Bollini (andrea.bollini at 4science.it)
+ *
+ */
+public class WithdrawFeatureRestIT extends AbstractControllerIntegrationTest {
+
+    @Autowired
+    private AuthorizationFeatureService authorizationFeatureService;
+
+    @Autowired
+    private ConverterService converterService;
+
+    @Autowired
+    private ConfigurationService configurationService;
+
+    @Autowired
+    private Utils utils;
+
+    private AuthorizationFeature withdrawFeature;
+
+    @Override
+    @Before
+    public void setUp() throws Exception {
+        super.setUp();
+        withdrawFeature = authorizationFeatureService.find(WithdrawFeature.NAME);
+    }
+
+    @Test
+    public void authorizedAsAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(admin, withdrawFeature, item);
+
+        // access the authorization for the admin user
+        String adminToken = getAuthToken(admin.getEmail(), password);
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", admin.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+    }
+
+    @Test
+    public void checkAuthorizationAsCommunityAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson)
+                .build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(eperson, withdrawFeature, item);
+
+        // access the authorization for the community admin user
+        String comAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        // verify that the property core.authorization.collection-admin.item.withdraw = false is respected
+        // the community admins should be still authorized
+        configurationService.setProperty("core.authorization.collection-admin.item.withdraw", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                .andExpect(status().isOk())
+                .andExpect(jsonPath("$",
+                        Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("eperson", eperson.getID().toString())
+            .param("feature", withdrawFeature.getName()))
+        .andExpect(status().isOk())
+        .andExpect(jsonPath("$",
+                Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        // now verify that the property core.authorization.community-admin.item.withdraw = false is respected
+        // and also community admins are blocked
+        // Please note that set to false the configuration for community keeping true for collection don't
+        // make any sense as a community admin is always also a collection admin
+        configurationService.setProperty("core.authorization.community-admin.item.withdraw", false);
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void checkAuthorizationAsCollectionAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection")
+                .withAdminGroup(eperson).build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authAdminWithdraw = new Authorization(eperson, withdrawFeature, item);
+
+        // access the authorization for the admin user
+        String colAdminToken = getAuthToken(eperson.getEmail(), password);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isOk())
+                    .andExpect(jsonPath("$",
+                            Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isOk())
+            .andExpect(jsonPath("$",
+                    Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw))));
+        // verify that the property core.authorization.collection-admin.item.withdraw = false is respected
+        configurationService.setProperty("core.authorization.collection-admin.item.withdraw", false);
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void notAuthorizedTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build();
+        Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build();
+        context.restoreAuthSystemState();
+
+        ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME));
+        String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
+        Authorization authEpersonWithdraw = new Authorization(eperson, withdrawFeature, item);
+        Authorization authAnonymousWithdraw = new Authorization(null, withdrawFeature, item);
+
+        // check the authorization for a normal user
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+        getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonWithdraw.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", itemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        // check the authorization for the anonymous user
+        getClient().perform(get("/api/authz/authorizations/" + authAnonymousWithdraw.getID()))
+                .andExpect(status().isNotFound());
+
+        getClient().perform(get("/api/authz/authorizations/search/objectAndFeature")
+            .param("uri", itemUri)
+            .param("feature", withdrawFeature.getName()))
+        .andExpect(status().isNoContent());
+    }
+
+    @Test
+    public void notAuthorizedInvalidStateTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community com = CommunityBuilder.createCommunity(context).withName("A community").build();
+        Collection col = CollectionBuilder.createCollection(context, com).withName("A collection")
+                .withWorkflowGroup(1, eperson).build();
+
+        Item withdrawnItem = ItemBuilder.createItem(context, col).withTitle("Item already withdrawn").withdrawn()
+                .build();
+        WorkspaceItem wsItem = WorkspaceItemBuilder.createWorkspaceItem(context, col).withTitle("A workspace item")
+                .build();
+        WorkflowItem wfItem = WorkflowItemBuilder.createWorkflowItem(context, col).withTitle("A workflow item").build();
+        context.restoreAuthSystemState();
+
+        ItemRest withdrawnItemRest = converterService.toRest(withdrawnItem,
+                converterService.getProjection(DefaultProjection.NAME));
+        String withdrawnItemUri = utils.linkToSingleResource(withdrawnItemRest, "self").getHref();
+        ItemRest wsItemRest = converterService.toRest(wsItem.getItem(),
+                converterService.getProjection(DefaultProjection.NAME));
+        String wsItemUri = utils.linkToSingleResource(wsItemRest, "self").getHref();
+        ItemRest wfItemRest = converterService.toRest(wfItem.getItem(),
+                converterService.getProjection(DefaultProjection.NAME));
+        String wfItemUri = utils.linkToSingleResource(wfItemRest, "self").getHref();
+
+        Authorization authWithdrawnItem = new Authorization(admin, withdrawFeature, withdrawnItem);
+        Authorization authWsItem = new Authorization(admin, withdrawFeature, wsItem.getItem());
+        Authorization authWFItem = new Authorization(admin, withdrawFeature, wfItem.getItem());
+        // nor the admin should be authorized to withdraw the previous item
+        String adminToken = getAuthToken(admin.getEmail(), password);
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWithdrawnItem.getID()))
+                    .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", withdrawnItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWsItem.getID()))
+            .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", wsItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/" + authWFItem.getID()))
+            .andExpect(status().isNotFound());
+
+        getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature")
+                .param("uri", wfItemUri)
+                .param("eperson", eperson.getID().toString())
+                .param("feature", withdrawFeature.getName()))
+            .andExpect(status().isNoContent());
+    }
+}
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java
@@ -19,6 +19,8 @@ import org.dspace.content.Community;
 import org.dspace.content.MetadataSchemaEnum;
 import org.dspace.content.service.DSpaceObjectService;
 import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.eperson.Group;

 /**
 * Builder to construct Community objects
@@ -59,6 +61,23 @@ public class CommunityBuilder extends AbstractDSpaceObjectBuilder<Community> {
        return this;
    }

+    /**
+     * Create an admin group for the community with the specified members
+     *
+     * @param members epersons to add to the admin group
+     * @return this builder
+     * @throws SQLException
+     * @throws AuthorizeException
+     */
+    public CommunityBuilder withAdminGroup(EPerson... members) throws SQLException, AuthorizeException {
+        Group g = communityService.createAdministrators(context, community);
+        for (EPerson e : members) {
+            groupService.addMember(context, g, e);
+        }
+        groupService.update(context, g);
+        return this;
+    }
+
    public CommunityBuilder withName(final String communityName) {
        return setMetadataSingleValue(community, MetadataSchemaEnum.DC.getName(), "title", null, communityName);
    }
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java
@@ -13,7 +13,7 @@ import static org.hamcrest.Matchers.allOf;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.startsWith;

-import org.dspace.app.rest.authorize.Authorization;
+import org.dspace.app.rest.authorization.Authorization;
 import org.hamcrest.Matcher;

 /**