diff --git a/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java b/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java index bb7e8e43b8..ff06e47816 100644 --- a/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java +++ b/dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java @@ -192,8 +192,8 @@ public class AuthorizeUtil { public static void authorizeManageCCLicense(Context context, Item item) throws AuthorizeException, SQLException { try { - authorizeService.authorizeAction(context, item, Constants.ADD); - authorizeService.authorizeAction(context, item, Constants.REMOVE); + authorizeService.authorizeAction(context, item, Constants.ADD, false); + authorizeService.authorizeAction(context, item, Constants.REMOVE, false); } catch (AuthorizeException authex) { if (AuthorizeConfiguration.canItemAdminManageCCLicense()) { authorizeService @@ -202,8 +202,10 @@ public class AuthorizeUtil { authorizeService.authorizeAction(context, itemService .getParentObject(context, item), Constants.ADMIN); } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) { - authorizeService.authorizeAction(context, itemService - .getParentObject(context, item), Constants.ADMIN); + Collection collection = (Collection) itemService + .getParentObject(context, item); + authorizeService.authorizeAction(context, collectionService.getParentObject(context, collection), + Constants.ADMIN); } else { requireAdminRole(context); } diff --git a/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java b/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java index 231008d267..1e051c78b9 100644 --- a/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java +++ b/dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java @@ -7,7 +7,8 @@ */ package org.dspace.authorize; -import org.dspace.core.ConfigurationManager; +import org.dspace.services.ConfigurationService; +import org.dspace.utils.DSpace; /** * This class is responsible to provide access to the configuration of the @@ -16,164 +17,26 @@ import org.dspace.core.ConfigurationManager; * @author bollini */ public class AuthorizeConfiguration { - - private static boolean can_communityAdmin_group = ConfigurationManager - .getBooleanProperty("core.authorization.community-admin.group", - true); - - // subcommunities and collections - private static boolean can_communityAdmin_createSubelement = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.create-subelement", - true); - - private static boolean can_communityAdmin_deleteSubelement = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.delete-subelement", - true); - - private static boolean can_communityAdmin_policies = ConfigurationManager - .getBooleanProperty("core.authorization.community-admin.policies", - true); - - private static boolean can_communityAdmin_adminGroup = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.admin-group", true); - - private static boolean can_communityAdmin_collectionPolicies = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.collection.policies", - true); - - private static boolean can_communityAdmin_collectionTemplateItem = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.collection.template-item", - true); - - private static boolean can_communityAdmin_collectionSubmitters = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.collection.submitters", - true); - - private static boolean can_communityAdmin_collectionWorkflows = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.collection.workflows", - true); - - private static boolean can_communityAdmin_collectionAdminGroup = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.collection.admin-group", - true); - - private static boolean can_communityAdmin_itemDelete = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.delete", true); - - private static boolean can_communityAdmin_itemWithdraw = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.withdraw", true); - - private static boolean can_communityAdmin_itemReinstatiate = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.reinstatiate", - true); - - private static boolean can_communityAdmin_itemPolicies = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.policies", true); - - // # also bundle - private static boolean can_communityAdmin_itemCreateBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.create-bitstream", - true); - - private static boolean can_communityAdmin_itemDeleteBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item.delete-bitstream", - true); - - private static boolean can_communityAdmin_itemAdminccLicense = ConfigurationManager - .getBooleanProperty( - "core.authorization.community-admin.item-admin.cc-license", - true); - - // # COLLECTION ADMIN - private static boolean can_collectionAdmin_policies = ConfigurationManager - .getBooleanProperty("core.authorization.collection-admin.policies", - true); - - private static boolean can_collectionAdmin_templateItem = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.template-item", true); - - private static boolean can_collectionAdmin_submitters = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.submitters", true); - - private static boolean can_collectionAdmin_workflows = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.workflows", true); - - private static boolean can_collectionAdmin_adminGroup = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.admin-group", true); - - private static boolean can_collectionAdmin_itemDelete = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.delete", true); - - private static boolean can_collectionAdmin_itemWithdraw = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.withdraw", true); - - private static boolean can_collectionAdmin_itemReinstatiate = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.reinstatiate", - true); - - private static boolean can_collectionAdmin_itemPolicies = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.policies", true); - - // # also bundle - private static boolean can_collectionAdmin_itemCreateBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.create-bitstream", - true); - - private static boolean can_collectionAdmin_itemDeleteBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item.delete-bitstream", - true); - - private static boolean can_collectionAdmin_itemAdminccLicense = ConfigurationManager - .getBooleanProperty( - "core.authorization.collection-admin.item-admin.cc-license", - true); - - // # ITEM ADMIN - private static boolean can_itemAdmin_policies = ConfigurationManager - .getBooleanProperty("core.authorization.item-admin.policies", true); - - // # also bundle - private static boolean can_itemAdmin_createBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.item-admin.create-bitstream", true); - - private static boolean can_itemAdmin_deleteBitstream = ConfigurationManager - .getBooleanProperty( - "core.authorization.item-admin.delete-bitstream", true); - - private static boolean can_itemAdmin_ccLicense = ConfigurationManager - .getBooleanProperty("core.authorization.item-admin.cc-license", - true); + /** + * A static reference to the {@link ConfigurationService} see the init method for initialization + */ + private static ConfigurationService configurationService; /** * Default constructor */ private AuthorizeConfiguration() { } + /** + * Complete the initialization of the class retrieving a reference to the {@link ConfigurationService}. MUST be + * called at the start of each method + */ + private synchronized static void init() { + if (configurationService != null) { + return; + } + configurationService = new DSpace().getConfigurationService(); + } /** * Are community admins allowed to create new, not strictly community * related, group? @@ -181,7 +44,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformGroupCreation() { - return can_communityAdmin_group; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.group", true); } /** @@ -190,7 +54,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformSubelementCreation() { - return can_communityAdmin_createSubelement; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.create-subelement", true); } /** @@ -199,7 +64,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformSubelementDeletion() { - return can_communityAdmin_deleteSubelement; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.delete-subelement", true); } /** @@ -209,7 +75,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManagePolicies() { - return can_communityAdmin_policies; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.policies", true); } /** @@ -219,7 +86,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageAdminGroup() { - return can_communityAdmin_adminGroup; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.admin-group", true); } /** @@ -229,7 +97,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCollectionPolicies() { - return can_communityAdmin_collectionPolicies; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.collection.policies", true); } /** @@ -239,7 +108,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCollectionTemplateItem() { - return can_communityAdmin_collectionTemplateItem; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.collection.template-item", + true); } /** @@ -249,7 +120,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCollectionSubmitters() { - return can_communityAdmin_collectionSubmitters; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.collection.submitters", + true); } /** @@ -259,7 +132,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCollectionWorkflows() { - return can_communityAdmin_collectionWorkflows; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.collection.workflows", true); } /** @@ -269,7 +143,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCollectionAdminGroup() { - return can_communityAdmin_collectionAdminGroup; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.collection.admin-group", + true); } /** @@ -278,7 +154,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformItemDeletion() { - return can_communityAdmin_itemDelete; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.delete", true); } /** @@ -287,7 +164,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformItemWithdrawn() { - return can_communityAdmin_itemWithdraw; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.withdraw", true); } /** @@ -297,7 +175,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformItemReinstatiate() { - return can_communityAdmin_itemReinstatiate; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.reinstatiate", true); } /** @@ -307,7 +186,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageItemPolicies() { - return can_communityAdmin_itemPolicies; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.policies", true); } /** @@ -317,7 +197,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformBitstreamCreation() { - return can_communityAdmin_itemCreateBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.create-bitstream", + true); } /** @@ -327,7 +209,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminPerformBitstreamDeletion() { - return can_communityAdmin_itemDeleteBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item.delete-bitstream", + true); } /** @@ -337,7 +221,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCommunityAdminManageCCLicense() { - return can_communityAdmin_itemAdminccLicense; + init(); + return configurationService.getBooleanProperty("core.authorization.community-admin.item-admin.cc-license", + true); } /** @@ -346,7 +232,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManagePolicies() { - return can_collectionAdmin_policies; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.policies", true); } /** @@ -356,7 +243,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageTemplateItem() { - return can_collectionAdmin_templateItem; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.template-item", true); } /** @@ -366,7 +254,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageSubmitters() { - return can_collectionAdmin_submitters; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.submitters", true); } /** @@ -376,7 +265,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageWorkflows() { - return can_collectionAdmin_workflows; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.workflows", true); } /** @@ -386,7 +276,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageAdminGroup() { - return can_collectionAdmin_adminGroup; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.admin-group", true); } /** @@ -395,7 +286,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminPerformItemDeletion() { - return can_collectionAdmin_itemDelete; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.delete", true); } /** @@ -404,7 +296,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminPerformItemWithdrawn() { - return can_collectionAdmin_itemWithdraw; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.withdraw", true); } /** @@ -414,7 +307,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminPerformItemReinstatiate() { - return can_collectionAdmin_itemReinstatiate; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.reinstatiate", true); } /** @@ -424,7 +318,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageItemPolicies() { - return can_collectionAdmin_itemPolicies; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.policies", true); } /** @@ -434,7 +329,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminPerformBitstreamCreation() { - return can_collectionAdmin_itemCreateBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.create-bitstream", + true); } /** @@ -444,7 +341,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminPerformBitstreamDeletion() { - return can_collectionAdmin_itemDeleteBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item.delete-bitstream", + true); } /** @@ -454,7 +353,9 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canCollectionAdminManageCCLicense() { - return can_collectionAdmin_itemAdminccLicense; + init(); + return configurationService.getBooleanProperty("core.authorization.collection-admin.item-admin.cc-license", + true); } /** @@ -463,7 +364,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canItemAdminManagePolicies() { - return can_itemAdmin_policies; + init(); + return configurationService.getBooleanProperty("core.authorization.item-admin.policies", true); } /** @@ -472,7 +374,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canItemAdminPerformBitstreamCreation() { - return can_itemAdmin_createBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.item-admin.create-bitstream", true); } /** @@ -481,7 +384,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canItemAdminPerformBitstreamDeletion() { - return can_itemAdmin_deleteBitstream; + init(); + return configurationService.getBooleanProperty("core.authorization.item-admin.delete-bitstream", true); } /** @@ -490,7 +394,8 @@ public class AuthorizeConfiguration { * @return true/false */ public static boolean canItemAdminManageCCLicense() { - return can_itemAdmin_ccLicense; + init(); + return configurationService.getBooleanProperty("core.authorization.item-admin.cc-license", true); } } diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/Authorization.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/Authorization.java similarity index 98% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/Authorization.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/Authorization.java index 5b2f2dac3a..764ae4b845 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/Authorization.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/Authorization.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize; +package org.dspace.app.rest.authorization; import org.dspace.content.Site; import org.dspace.discovery.FindableObject; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeature.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeature.java similarity index 98% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeature.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeature.java index 4a8b561deb..6ceafbd78e 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeature.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeature.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize; +package org.dspace.app.rest.authorization; import java.sql.SQLException; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureDocumentation.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureDocumentation.java similarity index 96% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureDocumentation.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureDocumentation.java index c7af334858..dc34bef1d0 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureDocumentation.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureDocumentation.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize; +package org.dspace.app.rest.authorization; import java.lang.annotation.Documented; import java.lang.annotation.ElementType; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureService.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureService.java similarity index 97% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureService.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureService.java index 6ec5f8439b..02016cfe74 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationFeatureService.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationFeatureService.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize; +package org.dspace.app.rest.authorization; import java.sql.SQLException; import java.util.List; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationRestUtil.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationRestUtil.java similarity index 99% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationRestUtil.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationRestUtil.java index 8a56b5daa5..4c7420af98 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/AuthorizationRestUtil.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizationRestUtil.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize; +package org.dspace.app.rest.authorization; import java.sql.SQLException; import java.util.UUID; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/AuthorizationFeatureServiceImpl.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AuthorizationFeatureServiceImpl.java similarity index 93% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/AuthorizationFeatureServiceImpl.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AuthorizationFeatureServiceImpl.java index 83da3dd230..9e8b6be7c8 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/AuthorizationFeatureServiceImpl.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/AuthorizationFeatureServiceImpl.java @@ -5,7 +5,7 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize.impl; +package org.dspace.app.rest.authorization.impl; import java.sql.SQLException; import java.util.List; @@ -13,8 +13,8 @@ import java.util.stream.Collectors; import org.apache.commons.lang3.ArrayUtils; import org.apache.commons.lang3.StringUtils; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureService; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureService; import org.dspace.core.Context; import org.dspace.discovery.FindableObject; import org.springframework.beans.factory.annotation.Autowired; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/CCLicenseFeature.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CCLicenseFeature.java similarity index 70% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/CCLicenseFeature.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CCLicenseFeature.java index a2546d9fd0..8e9d79eb35 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/CCLicenseFeature.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CCLicenseFeature.java @@ -5,12 +5,12 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize.impl; +package org.dspace.app.rest.authorization.impl; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation; import org.dspace.app.util.AuthorizeUtil; import org.dspace.authorize.AuthorizeException; import org.dspace.content.Item; @@ -19,14 +19,17 @@ import org.dspace.core.Context; import org.springframework.stereotype.Component; /** - * The cclicense feature + * The cclicense feature. It can be used by administrators (or community/collection delegate) to manage the Creative + * Commons license for an item * * @author Andrea Bollini (andrea.bollini at 4science.it) */ @Component -@AuthorizationFeatureDocumentation(name = "cclicense") +@AuthorizationFeatureDocumentation(name = CCLicenseFeature.NAME) public class CCLicenseFeature implements AuthorizationFeature { + public static final String NAME = "cclicense"; + @Override public boolean isAuthorized(Context context, Object object) throws SQLException { if (!(object instanceof Item)) { diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/ReinstateFeature.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReinstateFeature.java similarity index 62% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/ReinstateFeature.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReinstateFeature.java index c8d7004ab6..10acc734fb 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/ReinstateFeature.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReinstateFeature.java @@ -5,12 +5,12 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize.impl; +package org.dspace.app.rest.authorization.impl; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation; import org.dspace.app.util.AuthorizeUtil; import org.dspace.authorize.AuthorizeException; import org.dspace.content.Item; @@ -19,21 +19,28 @@ import org.dspace.core.Context; import org.springframework.stereotype.Component; /** - * The reinstate feature + * The reinstate feature. It can be used by administrators (or community/collection delegate) to reinstate an item that + * was previously withdrawn * * @author Andrea Bollini (andrea.bollini at 4science.it) */ @Component -@AuthorizationFeatureDocumentation(name = "reinstateItem") +@AuthorizationFeatureDocumentation(name = ReinstateFeature.NAME) public class ReinstateFeature implements AuthorizationFeature { + public static final String NAME = "reinstateItem"; + @Override public boolean isAuthorized(Context context, Object object) throws SQLException { if (!(object instanceof Item)) { return false; } + Item item = (Item) object; + if (!item.isWithdrawn()) { + return false; + } try { - AuthorizeUtil.authorizeReinstateItem(context, (Item) object); + AuthorizeUtil.authorizeReinstateItem(context, item); } catch (AuthorizeException e) { return false; } diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/WithdrawFeature.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/WithdrawFeature.java similarity index 62% rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/WithdrawFeature.java rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/WithdrawFeature.java index 9ace7b1277..f72041e2c4 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorize/impl/WithdrawFeature.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/WithdrawFeature.java @@ -5,12 +5,12 @@ * * http://www.dspace.org/license/ */ -package org.dspace.app.rest.authorize.impl; +package org.dspace.app.rest.authorization.impl; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation; import org.dspace.app.util.AuthorizeUtil; import org.dspace.authorize.AuthorizeException; import org.dspace.content.Item; @@ -19,21 +19,27 @@ import org.dspace.core.Context; import org.springframework.stereotype.Component; /** - * The withdrawn feature + * The withdrawn feature. It can be used by administrators (or community/collection delegate) to logically delete an + * item retiring it from the archive * * @author Andrea Bollini (andrea.bollini at 4science.it) */ @Component -@AuthorizationFeatureDocumentation(name = "withdrawItem") +@AuthorizationFeatureDocumentation(name = WithdrawFeature.NAME) public class WithdrawFeature implements AuthorizationFeature { + public final static String NAME = "withdrawItem"; @Override public boolean isAuthorized(Context context, Object object) throws SQLException { if (!(object instanceof Item)) { return false; } + Item item = (Item) object; + if (!item.isArchived()) { + return false; + } try { - AuthorizeUtil.authorizeWithdrawItem(context, (Item) object); + AuthorizeUtil.authorizeWithdrawItem(context, item); } catch (AuthorizeException e) { return false; } diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java index 09bcacea5b..7703adc221 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationConverter.java @@ -7,7 +7,7 @@ */ package org.dspace.app.rest.converter; -import org.dspace.app.rest.authorize.Authorization; +import org.dspace.app.rest.authorization.Authorization; import org.dspace.app.rest.model.AuthorizationRest; import org.dspace.app.rest.projection.Projection; import org.springframework.beans.factory.annotation.Autowired; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java index 4aaf9001fb..641aea2c5c 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/converter/AuthorizationFeatureConverter.java @@ -10,7 +10,7 @@ package org.dspace.app.rest.converter; import java.util.ArrayList; import java.util.List; -import org.dspace.app.rest.authorize.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeature; import org.dspace.app.rest.model.AuthorizationFeatureRest; import org.dspace.app.rest.projection.Projection; import org.dspace.core.Constants; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java index 54737f5df8..e236c1f0ed 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationFeatureRestRepository.java @@ -11,8 +11,8 @@ import java.util.List; import org.dspace.app.rest.Parameter; import org.dspace.app.rest.SearchRestMethod; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureService; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureService; import org.dspace.app.rest.converter.ConverterService; import org.dspace.app.rest.model.AuthorizationFeatureRest; import org.dspace.core.Constants; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java index 792fbea8f1..1c9eead9d1 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/AuthorizationRestRepository.java @@ -16,10 +16,10 @@ import java.util.UUID; import org.apache.commons.lang3.StringUtils; import org.dspace.app.rest.Parameter; import org.dspace.app.rest.SearchRestMethod; -import org.dspace.app.rest.authorize.Authorization; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureService; -import org.dspace.app.rest.authorize.AuthorizationRestUtil; +import org.dspace.app.rest.authorization.Authorization; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureService; +import org.dspace.app.rest.authorization.AuthorizationRestUtil; import org.dspace.app.rest.converter.ConverterService; import org.dspace.app.rest.exception.RepositoryMethodNotImplementedException; import org.dspace.app.rest.exception.RepositoryNotFoundException; @@ -56,19 +56,19 @@ public class AuthorizationRestRepository extends DSpaceRestRepository findByObject(@Parameter(value = "uri", required = true) String uri, - @Parameter(value = "eperson") UUID epersonUuid, + @Parameter(value = "eperson") UUID epersonUuid, Pageable pageable) throws AuthorizeException, SQLException { Context context = obtainContext(); FindableObject obj = getObject(context, uri); if (obj == null) { return null; } - + EPerson currUser = context.getCurrentUser(); EPerson user = currUser; - + if (epersonUuid != null) { if (context.getCurrentUser() == null) { - throw new AuthorizeException("attempt to anonymously access the authorization of the eperson " + epersonUuid); - } - else { + throw new AuthorizeException("attempt to anonymously access the authorization of the eperson " + + epersonUuid); + } else { if (!authorizeService.isAdmin(context) && !epersonUuid.equals(currUser.getID())) { throw new AuthorizeException("attempt to access the authorization of the eperson " + epersonUuid + " only system administrators can see the authorization of other users"); } user = epersonService.find(context, epersonUuid); } - } - else { + } else { user = null; } context.setCurrentUser(user); @@ -186,7 +185,7 @@ public class AuthorizationRestRepository extends DSpaceRestRepository getPKClass() { return UUID.class; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java index ec1adfa225..4a88435379 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/DSpaceRestRepository.java @@ -29,7 +29,6 @@ import org.dspace.app.util.DCInputsReaderException; import org.dspace.authorize.AuthorizeException; import org.dspace.content.service.MetadataFieldService; import org.dspace.core.Context; -import org.dspace.discovery.FindableObject; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.data.domain.Page; import org.springframework.data.domain.Pageable; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java index 71b521182d..802dd6a3cb 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java @@ -77,7 +77,7 @@ import gr.ekt.bte.exceptions.MalformedSourceException; * @author Andrea Bollini (andrea.bollini at 4science.it) */ @Component(WorkspaceItemRest.CATEGORY + "." + WorkspaceItemRest.NAME) -public class WorkspaceItemRestRepository extends DSpaceRestRepository +public class WorkspaceItemRestRepository extends DSpaceRestRepository implements FindableObjectRepository { public static final String OPERATION_PATH_SECTIONS = "sections"; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java index bcb9377547..76dc243bc5 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AuthorizationPermissionEvaluatorPlugin.java @@ -11,7 +11,7 @@ import java.io.Serializable; import java.sql.SQLException; import org.apache.commons.lang3.StringUtils; -import org.dspace.app.rest.authorize.AuthorizationRestUtil; +import org.dspace.app.rest.authorization.AuthorizationRestUtil; import org.dspace.app.rest.model.AuthorizationRest; import org.dspace.app.rest.utils.ContextUtil; import org.dspace.authorize.service.AuthorizeService; diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java index c586b11c47..e1a1ada17b 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/utils/Utils.java @@ -102,7 +102,7 @@ public class Utils { @Autowired RequestService requestService; - + @Autowired @Qualifier("defaultConversionService") ConversionService conversionService; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java index db3633da39..bd48681e99 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationFeatureRestRepositoryIT.java @@ -19,7 +19,8 @@ import java.util.List; import java.util.concurrent.atomic.AtomicReference; import com.jayway.jsonpath.matchers.JsonPathMatchers; -import org.dspace.app.rest.authorize.AuthorizationFeature; + +import org.dspace.app.rest.authorization.AuthorizationFeature; import org.dspace.app.rest.test.AbstractControllerIntegrationTest; import org.dspace.core.Constants; import org.hamcrest.Matchers; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java index 19a5f363b1..b3dd5e7c3f 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/AuthorizationRestRepositoryIT.java @@ -16,16 +16,17 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers. import java.io.Serializable; import java.util.UUID; +import com.jayway.jsonpath.matchers.JsonPathMatchers; import org.dspace.app.rest.authorization.AlwaysFalseFeature; import org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature; import org.dspace.app.rest.authorization.AlwaysTrueFeature; +import org.dspace.app.rest.authorization.Authorization; +import org.dspace.app.rest.authorization.AuthorizationFeature; +import org.dspace.app.rest.authorization.AuthorizationFeatureService; +import org.dspace.app.rest.authorization.AuthorizationRestUtil; import org.dspace.app.rest.authorization.TrueForAdminsFeature; import org.dspace.app.rest.authorization.TrueForLoggedUsersFeature; import org.dspace.app.rest.authorization.TrueForTestUsersFeature; -import org.dspace.app.rest.authorize.Authorization; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureService; -import org.dspace.app.rest.authorize.AuthorizationRestUtil; import org.dspace.app.rest.builder.CommunityBuilder; import org.dspace.app.rest.builder.EPersonBuilder; import org.dspace.app.rest.converter.ConverterService; @@ -47,10 +48,6 @@ import org.hamcrest.Matchers; import org.junit.Before; import org.junit.Test; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.web.servlet.ResultHandler; -import org.springframework.test.web.servlet.ResultMatcher; - -import com.jayway.jsonpath.matchers.JsonPathMatchers; /** * Test suite for the Authorization endpoint @@ -68,13 +65,13 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration @Autowired private ConverterService converterService; - + @Autowired private ConfigurationService configurationService; - + @Autowired private Utils utils; - + private SiteService siteService; private AuthorizationFeature alwaysTrue; @@ -335,7 +332,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); // verify that it works for administrators @@ -361,11 +358,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration JsonPathMatchers.hasJsonPath("$.id", Matchers.anyOf( Matchers.startsWith(admin.getID().toString()), - Matchers.endsWith(site.getType() + "_" + site.getID())))) + Matchers.endsWith(site.getType() + "_" + site.getID())))) ) ) ) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(3))); @@ -393,11 +391,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration JsonPathMatchers.hasJsonPath("$.id", Matchers.anyOf( Matchers.startsWith(eperson.getID().toString()), - Matchers.endsWith(site.getType() + "_" + site.getID())))) + Matchers.endsWith(site.getType() + "_" + site.getID())))) ) ) ) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(2))); @@ -416,7 +415,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration is(alwaysFalse.getName()), is(alwaysException.getName()), is(trueForTestUsers.getName()), - // this guarantee that we are looking to the eperson + // this guarantee that we are looking to the eperson // authz and not to the admin ones is(trueForAdmins.getName()) ) @@ -425,14 +424,15 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Matchers.hasItem(is("authorization"))), JsonPathMatchers.hasJsonPath("$.id", Matchers.anyOf( - // this guarantee that we are looking to the eperson + // this guarantee that we are looking to the eperson // authz and not to the admin ones Matchers.startsWith(eperson.getID().toString()), - Matchers.endsWith(site.getType() + "_" + site.getID())))) + Matchers.endsWith(site.getType() + "_" + site.getID())))) ) ) ) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(2))); @@ -457,11 +457,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration JsonPathMatchers.hasJsonPath("$.id", Matchers.anyOf( Matchers.startsWith(eperson.getID().toString()), - Matchers.endsWith(site.getType() + "_" + site.getID())))) + Matchers.endsWith(site.getType() + "_" + site.getID())))) ) ) ) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(1))); @@ -486,11 +487,12 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration JsonPathMatchers.hasJsonPath("$.id", Matchers.anyOf( Matchers.startsWith(eperson.getID().toString()), - Matchers.endsWith(site.getType() + "_" + site.getID())))) + Matchers.endsWith(site.getType() + "_" + site.getID())))) ) ) ) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", greaterThanOrEqualTo(1))); } @@ -504,7 +506,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration */ public void findByNotExistingObjectTest() throws Exception { String wrongSiteUri = "http://localhost/api/core/sites/" + UUID.randomUUID(); - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); // verify that it works for administrators, no result @@ -514,7 +516,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("eperson", admin.getID().toString())) .andExpect(status().isOk()) .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations"))) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", is(0))); @@ -525,7 +528,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("eperson", eperson.getID().toString())) .andExpect(status().isOk()) .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations"))) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", is(0))); @@ -535,7 +539,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("eperson", eperson.getID().toString())) .andExpect(status().isOk()) .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations"))) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", is(0))); @@ -544,7 +549,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("uri", wrongSiteUri)) .andExpect(status().isOk()) .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations"))) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", is(0))); @@ -553,7 +559,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("uri", wrongSiteUri)) .andExpect(status().isOk()) .andExpect(jsonPath("$", JsonPathMatchers.hasNoJsonPath("$._embedded.authorizations"))) - .andExpect(jsonPath("$._links.self.href", Matchers.containsString("/api/authz/authorizations/search/object"))) + .andExpect(jsonPath("$._links.self.href", + Matchers.containsString("/api/authz/authorizations/search/object"))) .andExpect(jsonPath("$.page.size", is(20))) .andExpect(jsonPath("$.page.totalElements", is(0))); } @@ -571,7 +578,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration "http://localhost/api/wrongcategory/wrongmodel/1", "http://localhost/api/core/sites/this-is-not-an-uuid" }; - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); @@ -583,31 +590,31 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("uri", invalidUri) .param("eperson", admin.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for normal loggedin users with an invalid or missing uri String epersonToken = getAuthToken(eperson.getEmail(), password); getClient(epersonToken).perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri) .param("eperson", eperson.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for administators inspecting other users with an invalid or missing uri getClient(adminToken).perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri) .param("eperson", eperson.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for anonymous users with an invalid or missing uri getClient().perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri)) .andExpect(status().isBadRequest()); - + // verify that it works for administrators inspecting anonymous users with an invalid or missing uri getClient(adminToken).perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri)) .andExpect(status().isBadRequest()); } - //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged + //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged // getClient(adminToken).perform(get("/api/authz/authorizations/search/object") // .param("eperson", admin.getID().toString())) // .andExpect(status().isBadRequest()); @@ -633,7 +640,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); @@ -689,7 +696,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // verify that it works for administrators String adminToken = getAuthToken(admin.getEmail(), password); getClient(adminToken).perform(get("/api/authz/authorizations/search/object") @@ -735,7 +742,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration CommunityRest comRest = converterService.toRest(com, converterService.getProjection(DefaultProjection.NAME)); String comUri = utils.linkToSingleResource(comRest, "self").getHref(); context.restoreAuthSystemState(); - + // verify that it works for administrators String adminToken = getAuthToken(admin.getEmail(), password); getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") @@ -745,7 +752,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .andExpect(status().isOk()) .andExpect(jsonPath("$.type", is("authorization"))) .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName()))) - .andExpect(jsonPath("$.id",Matchers.is(admin.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID()))); + .andExpect(jsonPath("$.id", Matchers.is(admin.getID().toString() + "_" + alwaysTrue.getName() + "_" + + com.getType() + "_" + com.getID()))); // verify that it works for normal loggedin users String epersonToken = getAuthToken(eperson.getEmail(), password); @@ -756,7 +764,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .andExpect(status().isOk()) .andExpect(jsonPath("$.type", is("authorization"))) .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName()))) - .andExpect(jsonPath("$.id",Matchers.is(eperson.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID()))); + .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_" + alwaysTrue.getName() + "_" + + com.getType() + "_" + com.getID()))); // verify that it works for administators inspecting other users getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") @@ -766,7 +775,8 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .andExpect(status().isOk()) .andExpect(jsonPath("$.type", is("authorization"))) .andExpect(jsonPath("$._embedded.feature.id", is(alwaysTrue.getName()))) - .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_"+ alwaysTrue.getName() + "_" + com.getType() + "_" + com.getID()))); + .andExpect(jsonPath("$.id", Matchers.is(eperson.getID().toString() + "_" + alwaysTrue.getName() + "_" + + com.getType() + "_" + com.getID()))); // verify that it works for anonymous users getClient().perform(get("/api/authz/authorizations/search/objectAndFeature") @@ -797,7 +807,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // verify that it works for administrators String adminToken = getAuthToken(admin.getEmail(), password); getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") @@ -846,7 +856,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); // verify that it works for administrators, no result @@ -856,7 +866,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("feature", alwaysTrue.getName()) .param("eperson", admin.getID().toString())) .andExpect(status().isNoContent()); - + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") .param("uri", siteUri) .param("feature", "not-existing-feature") @@ -876,7 +886,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("feature", "not-existing-feature") .param("eperson", eperson.getID().toString())) .andExpect(status().isNoContent()); - + // verify that it works for administators inspecting other users getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") .param("uri", wrongSiteUri) @@ -889,7 +899,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("feature", "not-existing-feature") .param("eperson", eperson.getID().toString())) .andExpect(status().isNoContent()); - + // verify that it works for anonymous users getClient().perform(get("/api/authz/authorizations/search/objectAndFeature") .param("uri", wrongSiteUri) @@ -900,13 +910,13 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("uri", siteUri) .param("feature", "not-existing-feature")) .andExpect(status().isNoContent()); - + // verify that it works for administrators inspecting anonymous users getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") .param("uri", wrongSiteUri) .param("feature", alwaysTrue.getName())) .andExpect(status().isNoContent()); - + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") .param("uri", siteUri) .param("feature", "not-existing-feature")) @@ -942,7 +952,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("feature", alwaysTrue.getName()) .param("eperson", admin.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for normal loggedin users with an invalid or missing uri String epersonToken = getAuthToken(eperson.getEmail(), password); getClient(epersonToken).perform(get("/api/authz/authorizations/search/object") @@ -950,28 +960,28 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration .param("feature", alwaysTrue.getName()) .param("eperson", eperson.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for administators inspecting other users with an invalid or missing uri getClient(adminToken).perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri) .param("feature", alwaysTrue.getName()) .param("eperson", eperson.getID().toString())) .andExpect(status().isBadRequest()); - + // verify that it works for anonymous users with an invalid or missing uri getClient().perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri) .param("feature", alwaysTrue.getName())) .andExpect(status().isBadRequest()); - + // verify that it works for administrators inspecting anonymous users with an invalid or missing uri getClient(adminToken).perform(get("/api/authz/authorizations/search/object") .param("uri", invalidUri) .param("feature", alwaysTrue.getName())) .andExpect(status().isBadRequest()); } - - //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged + + //FIXME add once https://github.com/DSpace/DSpace/pull/2668 is merged // getClient(adminToken).perform(get("/api/authz/authorizations/search/object") // .param("eperson", admin.getID().toString())) // .andExpect(status().isBadRequest()); @@ -1016,7 +1026,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // disarm the alwaysThrowExceptionFeature configurationService.setProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", true); @@ -1076,7 +1086,7 @@ public class AuthorizationRestRepositoryIT extends AbstractControllerIntegration Site site = siteService.findSite(context); SiteRest siteRest = converterService.toRest(site, converterService.getProjection(DefaultProjection.NAME)); String siteUri = utils.linkToSingleResource(siteRest, "self").getHref(); - + // verify that it works for administrators String adminToken = getAuthToken(admin.getEmail(), password); getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java index 6be164332c..e6e498a229 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysFalseFeature.java @@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.core.Constants; import org.dspace.core.Context; import org.springframework.stereotype.Component; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java index 1f57375289..f2e7524b7a 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysThrowExceptionFeature.java @@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.core.Constants; import org.dspace.core.Context; import org.dspace.services.ConfigurationService; @@ -32,7 +30,7 @@ public class AlwaysThrowExceptionFeature implements AuthorizationFeature { @Autowired private ConfigurationService configurationService; - + @Override /** * This check will throw a runtime exception except if the @@ -40,7 +38,8 @@ public class AlwaysThrowExceptionFeature implements AuthorizationFeature { * configuration service. In this case it will return false */ public boolean isAuthorized(Context context, Object object) throws SQLException { - if (!configurationService.getBooleanProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", false)) { + if (!configurationService + .getBooleanProperty("org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", false)) { throw new RuntimeException("Sometimes things go wrong and we should not hide it"); } return false; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java index e4d82e8439..ba5412de5b 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/AlwaysTrueFeature.java @@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.core.Constants; import org.dspace.core.Context; import org.springframework.stereotype.Component; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CCLicenseFeatureRestIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CCLicenseFeatureRestIT.java new file mode 100644 index 0000000000..76b027e95b --- /dev/null +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CCLicenseFeatureRestIT.java @@ -0,0 +1,266 @@ +/** + * The contents of this file are subject to the license and copyright + * detailed in the LICENSE and NOTICE files at the root of the source + * tree and available online at + * + * http://www.dspace.org/license/ + */ +package org.dspace.app.rest.authorization; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.dspace.app.rest.authorization.impl.CCLicenseFeature; +import org.dspace.app.rest.builder.CollectionBuilder; +import org.dspace.app.rest.builder.CommunityBuilder; +import org.dspace.app.rest.builder.ItemBuilder; +import org.dspace.app.rest.builder.ResourcePolicyBuilder; +import org.dspace.app.rest.converter.ConverterService; +import org.dspace.app.rest.matcher.AuthorizationMatcher; +import org.dspace.app.rest.model.ItemRest; +import org.dspace.app.rest.projection.DefaultProjection; +import org.dspace.app.rest.test.AbstractControllerIntegrationTest; +import org.dspace.app.rest.utils.Utils; +import org.dspace.authorize.ResourcePolicy; +import org.dspace.content.Collection; +import org.dspace.content.Community; +import org.dspace.content.Item; +import org.dspace.core.Constants; +import org.dspace.services.ConfigurationService; +import org.hamcrest.Matchers; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Test suite for the ccLicense feature + * + * @author Andrea Bollini (andrea.bollini at 4science.it) + * + */ +public class CCLicenseFeatureRestIT extends AbstractControllerIntegrationTest { + + @Autowired + private AuthorizationFeatureService authorizationFeatureService; + + @Autowired + private ConverterService converterService; + + @Autowired + private ConfigurationService configurationService; + + @Autowired + private Utils utils; + + private AuthorizationFeature ccLicenseFeature; + + @Override + @Before + public void setUp() throws Exception { + super.setUp(); + ccLicenseFeature = authorizationFeatureService.find(CCLicenseFeature.NAME); + } + + @Test + public void authorizedAsAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminCCLicense = new Authorization(admin, ccLicenseFeature, item); + + // access the authorization for the admin user + String adminToken = getAuthToken(admin.getEmail(), password); + getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", admin.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + } + + @Test + public void checkAuthorizationAsCommunityAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson) + .build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item); + + // access the authorization for the community admin user + String comAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + // verify that the property core.authorization.collection-admin.item-admin.cc-license = false is respected + // the community admins should be still authorized + configurationService.setProperty("core.authorization.item-admin.cc-license", false); + configurationService.setProperty("core.authorization.collection-admin.item-admin.cc-license", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + // now verify that the property core.authorization.community-admin.item-admin.cc-license = false is respected + // and also community admins are blocked + // Please note that set to false the configuration for community keeping true for collection don't + // make any sense as a community admin is always also a collection admin + configurationService.setProperty("core.authorization.community-admin.item-admin.cc-license", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isNotFound()); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void checkAuthorizationAsCollectionAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection") + .withAdminGroup(eperson).build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item); + + // access the authorization for the admin user + String colAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + // verify that the property core.authorization.collection-admin.item-admin.cc-license = false is respected + configurationService.setProperty("core.authorization.item-admin.cc-license", false); + configurationService.setProperty("core.authorization.collection-admin.item-admin.cc-license", false); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isNotFound()); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void checkAuthorizationAsItemAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + ResourcePolicy resource = ResourcePolicyBuilder.createResourcePolicy(context).withAction(Constants.ADMIN) + .withUser(eperson).withDspaceObject(item).build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminCCLicense = new Authorization(eperson, ccLicenseFeature, item); + + // access the authorization for the admin user + String itemAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(itemAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + + getClient(itemAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminCCLicense)))); + // verify that the property core.authorization.item-admin.cc-license = false is respected + configurationService.setProperty("core.authorization.item-admin.cc-license", false); + getClient(itemAdminToken).perform(get("/api/authz/authorizations/" + authAdminCCLicense.getID())) + .andExpect(status().isNotFound()); + + getClient(itemAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void notAuthorizedTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authEpersonCCLicense = new Authorization(eperson, ccLicenseFeature, item); + Authorization authAnonymousCCLicense = new Authorization(null, ccLicenseFeature, item); + + // check the authorization for a normal user + String epersonToken = getAuthToken(eperson.getEmail(), password); + getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonCCLicense.getID())) + .andExpect(status().isNotFound()); + + getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isNoContent()); + + // check the authorization for the anonymous user + getClient().perform(get("/api/authz/authorizations/" + authAnonymousCCLicense.getID())) + .andExpect(status().isNotFound()); + + getClient().perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("feature", ccLicenseFeature.getName())) + .andExpect(status().isNoContent()); + } +} diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/ReinstateFeatureRestIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/ReinstateFeatureRestIT.java new file mode 100644 index 0000000000..a168678466 --- /dev/null +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/ReinstateFeatureRestIT.java @@ -0,0 +1,281 @@ +/** + * The contents of this file are subject to the license and copyright + * detailed in the LICENSE and NOTICE files at the root of the source + * tree and available online at + * + * http://www.dspace.org/license/ + */ +package org.dspace.app.rest.authorization; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.dspace.app.rest.authorization.impl.ReinstateFeature; +import org.dspace.app.rest.builder.CollectionBuilder; +import org.dspace.app.rest.builder.CommunityBuilder; +import org.dspace.app.rest.builder.ItemBuilder; +import org.dspace.app.rest.builder.WorkflowItemBuilder; +import org.dspace.app.rest.builder.WorkspaceItemBuilder; +import org.dspace.app.rest.converter.ConverterService; +import org.dspace.app.rest.matcher.AuthorizationMatcher; +import org.dspace.app.rest.model.ItemRest; +import org.dspace.app.rest.projection.DefaultProjection; +import org.dspace.app.rest.test.AbstractControllerIntegrationTest; +import org.dspace.app.rest.utils.Utils; +import org.dspace.content.Collection; +import org.dspace.content.Community; +import org.dspace.content.Item; +import org.dspace.content.WorkspaceItem; +import org.dspace.services.ConfigurationService; +import org.dspace.workflow.WorkflowItem; +import org.hamcrest.Matchers; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Test suite for the reinstateItem feature + * + * @author Andrea Bollini (andrea.bollini at 4science.it) + * + */ +public class ReinstateFeatureRestIT extends AbstractControllerIntegrationTest { + + @Autowired + private AuthorizationFeatureService authorizationFeatureService; + + @Autowired + private ConverterService converterService; + + @Autowired + private ConfigurationService configurationService; + + @Autowired + private Utils utils; + + private AuthorizationFeature reinstateFeature; + + @Override + @Before + public void setUp() throws Exception { + super.setUp(); + reinstateFeature = authorizationFeatureService.find(ReinstateFeature.NAME); + } + + @Test + public void authorizedAsAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(admin, reinstateFeature, item); + + // access the authorization for the admin user + String adminToken = getAuthToken(admin.getEmail(), password); + getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", admin.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + } + + @Test + public void checkAuthorizationAsCommunityAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson) + .build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(eperson, reinstateFeature, item); + + // access the authorization for the community admin user + String comAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + // verify that the property core.authorization.collection-admin.item.reinstatiate = false is respected + // the community admins should be still authorized + configurationService.setProperty("core.authorization.collection-admin.item.reinstatiate", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + // now verify that the property core.authorization.community-admin.item.reinstatiate = false is respected + // and also community admins are blocked + // Please note that set to false the configuration for community keeping true for collection don't + // make any sense as a community admin is always also a collection admin + configurationService.setProperty("core.authorization.community-admin.item.reinstatiate", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void checkAuthorizationAsCollectionAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection") + .withAdminGroup(eperson).build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(eperson, reinstateFeature, item); + + // access the authorization for the admin user + String colAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + // verify that the property core.authorization.collection-admin.item.reinstatiate = false is respected + configurationService.setProperty("core.authorization.collection-admin.item.reinstatiate", false); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void notAuthorizedTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Withdrawn item").withdrawn().build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authEpersonWithdraw = new Authorization(eperson, reinstateFeature, item); + Authorization authAnonymousWithdraw = new Authorization(null, reinstateFeature, item); + + // check the authorization for a normal user + String epersonToken = getAuthToken(eperson.getEmail(), password); + getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + + // check the authorization for the anonymous user + getClient().perform(get("/api/authz/authorizations/" + authAnonymousWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient().perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void notAuthorizedInvalidStateTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection") + .withWorkflowGroup(1, eperson).build(); + + Item archivedItem = ItemBuilder.createItem(context, col).withTitle("Item already in archive").build(); + WorkspaceItem wsItem = WorkspaceItemBuilder.createWorkspaceItem(context, col).withTitle("A workspace item") + .build(); + WorkflowItem wfItem = WorkflowItemBuilder.createWorkflowItem(context, col).withTitle("A workflow item").build(); + context.restoreAuthSystemState(); + + ItemRest archivedItemRest = converterService.toRest(archivedItem, + converterService.getProjection(DefaultProjection.NAME)); + String archivedItemUri = utils.linkToSingleResource(archivedItemRest, "self").getHref(); + ItemRest wsItemRest = converterService.toRest(wsItem.getItem(), + converterService.getProjection(DefaultProjection.NAME)); + String wsItemUri = utils.linkToSingleResource(wsItemRest, "self").getHref(); + ItemRest wfItemRest = converterService.toRest(wfItem.getItem(), + converterService.getProjection(DefaultProjection.NAME)); + String wfItemUri = utils.linkToSingleResource(wfItemRest, "self").getHref(); + + Authorization authWithdrawnItem = new Authorization(admin, reinstateFeature, archivedItem); + Authorization authWsItem = new Authorization(admin, reinstateFeature, wsItem.getItem()); + Authorization authWFItem = new Authorization(admin, reinstateFeature, wfItem.getItem()); + // nor the admin should be authorized to reinstate the previous items + String adminToken = getAuthToken(admin.getEmail(), password); + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWithdrawnItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", archivedItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWsItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", wsItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWFItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", wfItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", reinstateFeature.getName())) + .andExpect(status().isNoContent()); + } +} diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java index aadf137256..cafd7df109 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForAdminsFeature.java @@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.authorize.service.AuthorizeService; import org.dspace.core.Constants; import org.dspace.core.Context; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java index 17bff3d550..73c0501712 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForLoggedUsersFeature.java @@ -9,8 +9,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.core.Constants; import org.dspace.core.Context; import org.springframework.stereotype.Component; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java index 59ce3d5dd7..b6fb02d306 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/TrueForTestUsersFeature.java @@ -10,8 +10,6 @@ package org.dspace.app.rest.authorization; import java.sql.SQLException; import org.apache.commons.lang3.StringUtils; -import org.dspace.app.rest.authorize.AuthorizationFeature; -import org.dspace.app.rest.authorize.AuthorizationFeatureDocumentation; import org.dspace.core.Constants; import org.dspace.core.Context; import org.springframework.stereotype.Component; diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/WithdrawFeatureRestIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/WithdrawFeatureRestIT.java new file mode 100644 index 0000000000..6b50c61c40 --- /dev/null +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/WithdrawFeatureRestIT.java @@ -0,0 +1,282 @@ +/** + * The contents of this file are subject to the license and copyright + * detailed in the LICENSE and NOTICE files at the root of the source + * tree and available online at + * + * http://www.dspace.org/license/ + */ +package org.dspace.app.rest.authorization; + +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; + +import org.dspace.app.rest.authorization.impl.WithdrawFeature; +import org.dspace.app.rest.builder.CollectionBuilder; +import org.dspace.app.rest.builder.CommunityBuilder; +import org.dspace.app.rest.builder.ItemBuilder; +import org.dspace.app.rest.builder.WorkflowItemBuilder; +import org.dspace.app.rest.builder.WorkspaceItemBuilder; +import org.dspace.app.rest.converter.ConverterService; +import org.dspace.app.rest.matcher.AuthorizationMatcher; +import org.dspace.app.rest.model.ItemRest; +import org.dspace.app.rest.projection.DefaultProjection; +import org.dspace.app.rest.test.AbstractControllerIntegrationTest; +import org.dspace.app.rest.utils.Utils; +import org.dspace.content.Collection; +import org.dspace.content.Community; +import org.dspace.content.Item; +import org.dspace.content.WorkspaceItem; +import org.dspace.services.ConfigurationService; +import org.dspace.workflow.WorkflowItem; +import org.hamcrest.Matchers; +import org.junit.Before; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +/** + * Test suite for the withdrawItem feature + * + * @author Andrea Bollini (andrea.bollini at 4science.it) + * + */ +public class WithdrawFeatureRestIT extends AbstractControllerIntegrationTest { + + @Autowired + private AuthorizationFeatureService authorizationFeatureService; + + @Autowired + private ConverterService converterService; + + @Autowired + private ConfigurationService configurationService; + + @Autowired + private Utils utils; + + private AuthorizationFeature withdrawFeature; + + @Override + @Before + public void setUp() throws Exception { + super.setUp(); + withdrawFeature = authorizationFeatureService.find(WithdrawFeature.NAME); + } + + @Test + public void authorizedAsAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(admin, withdrawFeature, item); + + // access the authorization for the admin user + String adminToken = getAuthToken(admin.getEmail(), password); + getClient(adminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", admin.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + } + + @Test + public void checkAuthorizationAsCommunityAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").withAdminGroup(eperson) + .build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(eperson, withdrawFeature, item); + + // access the authorization for the community admin user + String comAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + // verify that the property core.authorization.collection-admin.item.withdraw = false is respected + // the community admins should be still authorized + configurationService.setProperty("core.authorization.collection-admin.item.withdraw", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + // now verify that the property core.authorization.community-admin.item.withdraw = false is respected + // and also community admins are blocked + // Please note that set to false the configuration for community keeping true for collection don't + // make any sense as a community admin is always also a collection admin + configurationService.setProperty("core.authorization.community-admin.item.withdraw", false); + getClient(comAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(comAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void checkAuthorizationAsCollectionAdminTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection") + .withAdminGroup(eperson).build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authAdminWithdraw = new Authorization(eperson, withdrawFeature, item); + + // access the authorization for the admin user + String colAdminToken = getAuthToken(eperson.getEmail(), password); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isOk()) + .andExpect(jsonPath("$", + Matchers.is(AuthorizationMatcher.matchAuthorization(authAdminWithdraw)))); + // verify that the property core.authorization.collection-admin.item.withdraw = false is respected + configurationService.setProperty("core.authorization.collection-admin.item.withdraw", false); + getClient(colAdminToken).perform(get("/api/authz/authorizations/" + authAdminWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(colAdminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void notAuthorizedTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection").build(); + Item item = ItemBuilder.createItem(context, col).withTitle("Item to withdraw").build(); + context.restoreAuthSystemState(); + + ItemRest itemRest = converterService.toRest(item, converterService.getProjection(DefaultProjection.NAME)); + String itemUri = utils.linkToSingleResource(itemRest, "self").getHref(); + Authorization authEpersonWithdraw = new Authorization(eperson, withdrawFeature, item); + Authorization authAnonymousWithdraw = new Authorization(null, withdrawFeature, item); + + // check the authorization for a normal user + String epersonToken = getAuthToken(eperson.getEmail(), password); + getClient(epersonToken).perform(get("/api/authz/authorizations/" + authEpersonWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient(epersonToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + + // check the authorization for the anonymous user + getClient().perform(get("/api/authz/authorizations/" + authAnonymousWithdraw.getID())) + .andExpect(status().isNotFound()); + + getClient().perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", itemUri) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + } + + @Test + public void notAuthorizedInvalidStateTest() throws Exception { + context.turnOffAuthorisationSystem(); + Community com = CommunityBuilder.createCommunity(context).withName("A community").build(); + Collection col = CollectionBuilder.createCollection(context, com).withName("A collection") + .withWorkflowGroup(1, eperson).build(); + + Item withdrawnItem = ItemBuilder.createItem(context, col).withTitle("Item already withdrawn").withdrawn() + .build(); + WorkspaceItem wsItem = WorkspaceItemBuilder.createWorkspaceItem(context, col).withTitle("A workspace item") + .build(); + WorkflowItem wfItem = WorkflowItemBuilder.createWorkflowItem(context, col).withTitle("A workflow item").build(); + context.restoreAuthSystemState(); + + ItemRest withdrawnItemRest = converterService.toRest(withdrawnItem, + converterService.getProjection(DefaultProjection.NAME)); + String withdrawnItemUri = utils.linkToSingleResource(withdrawnItemRest, "self").getHref(); + ItemRest wsItemRest = converterService.toRest(wsItem.getItem(), + converterService.getProjection(DefaultProjection.NAME)); + String wsItemUri = utils.linkToSingleResource(wsItemRest, "self").getHref(); + ItemRest wfItemRest = converterService.toRest(wfItem.getItem(), + converterService.getProjection(DefaultProjection.NAME)); + String wfItemUri = utils.linkToSingleResource(wfItemRest, "self").getHref(); + + Authorization authWithdrawnItem = new Authorization(admin, withdrawFeature, withdrawnItem); + Authorization authWsItem = new Authorization(admin, withdrawFeature, wsItem.getItem()); + Authorization authWFItem = new Authorization(admin, withdrawFeature, wfItem.getItem()); + // nor the admin should be authorized to withdraw the previous item + String adminToken = getAuthToken(admin.getEmail(), password); + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWithdrawnItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", withdrawnItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWsItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", wsItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + + getClient(adminToken).perform(get("/api/authz/authorizations/" + authWFItem.getID())) + .andExpect(status().isNotFound()); + + getClient(adminToken).perform(get("/api/authz/authorizations/search/objectAndFeature") + .param("uri", wfItemUri) + .param("eperson", eperson.getID().toString()) + .param("feature", withdrawFeature.getName())) + .andExpect(status().isNoContent()); + } +} diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java index ff9ef289a4..9ebfbdb83f 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/builder/CommunityBuilder.java @@ -19,6 +19,8 @@ import org.dspace.content.Community; import org.dspace.content.MetadataSchemaEnum; import org.dspace.content.service.DSpaceObjectService; import org.dspace.core.Context; +import org.dspace.eperson.EPerson; +import org.dspace.eperson.Group; /** * Builder to construct Community objects @@ -59,6 +61,23 @@ public class CommunityBuilder extends AbstractDSpaceObjectBuilder { return this; } + /** + * Create an admin group for the community with the specified members + * + * @param members epersons to add to the admin group + * @return this builder + * @throws SQLException + * @throws AuthorizeException + */ + public CommunityBuilder withAdminGroup(EPerson... members) throws SQLException, AuthorizeException { + Group g = communityService.createAdministrators(context, community); + for (EPerson e : members) { + groupService.addMember(context, g, e); + } + groupService.update(context, g); + return this; + } + public CommunityBuilder withName(final String communityName) { return setMetadataSingleValue(community, MetadataSchemaEnum.DC.getName(), "title", null, communityName); } diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java index 714d4091a1..e1790fe25e 100644 --- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java +++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/matcher/AuthorizationMatcher.java @@ -13,7 +13,7 @@ import static org.hamcrest.Matchers.allOf; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.startsWith; -import org.dspace.app.rest.authorize.Authorization; +import org.dspace.app.rest.authorization.Authorization; import org.hamcrest.Matcher; /**