implemented CanDeleteVersion feature and tests to to verify proper functioning

2025-10-07 01:54:22 +00:00 · 2021-09-14 13:14:30 +02:00
parent cc62552481
commit 5aa5485a9c
3 changed files with 332 additions and 1 deletions
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanDeleteVersionFeature.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanDeleteVersionFeature.java
@@ -0,0 +1,62 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest.authorization.impl;
+import java.sql.SQLException;
+import java.util.Objects;
+
+import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
+import org.dspace.app.rest.converter.ItemConverter;
+import org.dspace.app.rest.model.BaseObjectRest;
+import org.dspace.app.rest.model.ItemRest;
+import org.dspace.app.rest.model.VersionRest;
+import org.dspace.app.rest.projection.DefaultProjection;
+import org.dspace.core.Context;
+import org.dspace.versioning.Version;
+import org.dspace.versioning.service.VersioningService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+/**
+ * The delete version feature. It can be used to verify
+ * if the user can delete the version of an Item.
+ * 
+ * @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
+ */
+@Component
+@AuthorizationFeatureDocumentation(name = CanDeleteVersionFeature.NAME,
+    description = "It can be used to verify if the user can delete a version of an Item")
+public class CanDeleteVersionFeature extends DeleteFeature {
+
+    @Autowired
+    private ItemConverter itemConverter;
+    @Autowired
+    private VersioningService versioningService;
+
+    public static final String NAME = "canDeleteVersion";
+
+    @Override
+    @SuppressWarnings("rawtypes")
+    public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
+        if (object instanceof VersionRest) {
+            Version version = versioningService.getVersion(context, ((VersionRest)object).getId());
+            if (Objects.nonNull(version) && Objects.nonNull(version.getItem())) {
+                ItemRest itemRest = itemConverter.convert(version.getItem(), DefaultProjection.DEFAULT);
+                return super.isAuthorized(context, itemRest);
+            }
+        }
+        return false;
+    }
+
+    @Override
+    public String[] getSupportedTypes() {
+        return new String[]{
+            VersionRest.CATEGORY + "." + VersionRest.NAME
+        };
+    }
+
+}
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/VersionRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/VersionRestRepository.java
@@ -49,7 +49,8 @@ import org.springframework.stereotype.Component;
 * @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
 */
@Component(VersionRest.CATEGORY + "." + VersionRest.NAME)
-public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Integer> {
+public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Integer>
+                                    implements ReloadableEntityObjectRepository<Version, Integer> {

    private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(VersionRestRepository.class);

@@ -180,4 +181,14 @@ public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Int
        return VersionRest.class;
    }

+    @Override
+    public Version findDomainObjectByPk(Context context, Integer id) throws SQLException {
+        return versioningService.getVersion(context, id);
+    }
+
+    @Override
+    public Class<Integer> getPKClass() {
+        return Integer.class;
+    }
+
 }
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CanDeleteVersionFeatureIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CanDeleteVersionFeatureIT.java
@@ -0,0 +1,258 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app.rest.authorization;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.dspace.app.rest.authorization.impl.CanDeleteVersionFeature;
+import org.dspace.app.rest.converter.VersionConverter;
+import org.dspace.app.rest.matcher.AuthorizationMatcher;
+import org.dspace.app.rest.model.VersionRest;
+import org.dspace.app.rest.projection.DefaultProjection;
+import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
+import org.dspace.builder.CollectionBuilder;
+import org.dspace.builder.CommunityBuilder;
+import org.dspace.builder.EPersonBuilder;
+import org.dspace.builder.ItemBuilder;
+import org.dspace.builder.VersionBuilder;
+import org.dspace.content.Collection;
+import org.dspace.content.Community;
+import org.dspace.content.Item;
+import org.dspace.content.WorkspaceItem;
+import org.dspace.content.service.WorkspaceItemService;
+import org.dspace.eperson.EPerson;
+import org.dspace.versioning.Version;
+import org.hamcrest.Matchers;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+/**
+ * Test for the canDeleteVersion authorization feature.
+ * 
+ * @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
+ */
+public class CanDeleteVersionFeatureIT extends AbstractControllerIntegrationTest {
+
+    @Autowired
+    private VersionConverter versionConverter;
+    @Autowired
+    private WorkspaceItemService workspaceItemService;
+    @Autowired
+    private AuthorizationFeatureService authorizationFeatureService;
+    @Autowired
+    private org.dspace.content.service.InstallItemService installItemService;
+
+    private AuthorizationFeature canDeleteVersionFeature;
+
+    final String feature = "canDeleteVersion";
+
+    @Before
+    @Override
+    public void setUp() throws Exception {
+        super.setUp();
+        context.turnOffAuthorisationSystem();
+
+        canDeleteVersionFeature = authorizationFeatureService.find(CanDeleteVersionFeature.NAME);
+
+        context.restoreAuthSystemState();
+    }
+
+    @Test
+    public void canDeleteVersionsFeatureTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+
+        Community rootCommunity = CommunityBuilder.createCommunity(context)
+                                                  .withName("Parent Community")
+                                                  .build();
+
+        Collection col1 = CollectionBuilder.createCollection(context, rootCommunity)
+                                           .withName("Collection 1")
+                                           .withSubmitterGroup(eperson)
+                                           .build();
+
+        Item item = ItemBuilder.createItem(context, col1)
+                               .withTitle("Public item")
+                               .withIssueDate("2021-04-19")
+                               .withAuthor("Doe, John")
+                               .withSubject("ExtraEntry")
+                               .build();
+
+        Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
+        WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
+        installItemService.installItem(context, workspaceItem);
+
+        context.restoreAuthSystemState();
+
+        VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
+
+        String tokenAdmin = getAuthToken(admin.getEmail(), password);
+        String tokenEPerson = getAuthToken(eperson.getEmail(), password);
+
+        // define authorizations that we know must exists
+        Authorization admin2Version = new Authorization(admin, canDeleteVersionFeature, versionRest);
+
+        // define authorization that we know not exists
+        Authorization eperson2Version = new Authorization(eperson, canDeleteVersionFeature, versionRest);
+        Authorization anonymous2Version = new Authorization(null, canDeleteVersionFeature, versionRest);
+
+        getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + admin2Version.getID()))
+                             .andExpect(status().isOk())
+                             .andExpect(jsonPath("$",
+                                        Matchers.is(AuthorizationMatcher.matchAuthorization(admin2Version))));
+
+        getClient(tokenEPerson).perform(get("/api/authz/authorizations/" + eperson2Version.getID()))
+                               .andExpect(status().isNotFound());
+
+        getClient().perform(get("/api/authz/authorizations/" + anonymous2Version.getID()))
+                   .andExpect(status().isNotFound());
+    }
+
+    @Test
+    public void checkCanDeleteVersionsFeatureByColAndComAdminsTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        EPerson adminComA = EPersonBuilder.createEPerson(context)
+                                          .withEmail("testComAdminA@test.com")
+                                          .withPassword(password)
+                                          .build();
+
+        EPerson adminComB = EPersonBuilder.createEPerson(context)
+                                          .withEmail("testComBdminA@test.com")
+                                          .withPassword(password)
+                                          .build();
+
+        EPerson adminCol1 = EPersonBuilder.createEPerson(context)
+                                          .withEmail("testCol1Admin@test.com")
+                                          .withPassword(password)
+                                          .build();
+
+        EPerson adminCol2 = EPersonBuilder.createEPerson(context)
+                                          .withEmail("testCol2Admin@test.com")
+                                          .withPassword(password)
+                                          .build();
+
+        Community rootCommunity = CommunityBuilder.createCommunity(context)
+                                                  .withName("Parent Community")
+                                                  .build();
+
+        Community subCommunityA = CommunityBuilder.createSubCommunity(context, rootCommunity)
+                                                  .withName("Sub Community A")
+                                                  .withAdminGroup(adminComA)
+                                                  .build();
+
+        CommunityBuilder.createSubCommunity(context, rootCommunity)
+                        .withName("Sub Community B")
+                        .withAdminGroup(adminComB)
+                        .build();
+
+        Collection col1 = CollectionBuilder.createCollection(context, subCommunityA)
+                                           .withName("Collection 1")
+                                           .withSubmitterGroup(eperson)
+                                           .withAdminGroup(adminCol1)
+                                           .build();
+
+        CollectionBuilder.createCollection(context, subCommunityA)
+                         .withName("Collection 2")
+                         .withAdminGroup(adminCol2)
+                         .build();
+
+        Item item = ItemBuilder.createItem(context, col1)
+                               .withTitle("Public item")
+                               .withIssueDate("2021-04-19")
+                               .withAuthor("Doe, John")
+                               .withSubject("ExtraEntry")
+                               .build();
+
+        Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
+        WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
+        installItemService.installItem(context, workspaceItem);
+
+        context.restoreAuthSystemState();
+
+        VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
+
+        String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
+        String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
+        String tokenAdminCol1 = getAuthToken(adminCol1.getEmail(), password);
+        String tokenAdminCol2 = getAuthToken(adminCol2.getEmail(), password);
+
+        // define authorizations that we know must exists
+        Authorization adminOfComAToVersion = new Authorization(adminComA, canDeleteVersionFeature, versionRest);
+        Authorization adminOfCol1ToVersion = new Authorization(adminCol1, canDeleteVersionFeature, versionRest);
+
+        // define authorization that we know not exists
+        Authorization adminOfComBToVersion = new Authorization(adminComB, canDeleteVersionFeature, versionRest);
+        Authorization adminOfCol2ToVersion = new Authorization(adminCol2, canDeleteVersionFeature, versionRest);
+
+        getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + adminOfComAToVersion.getID()))
+                                 .andExpect(status().isOk())
+                                 .andExpect(jsonPath("$", Matchers.is(
+                                            AuthorizationMatcher.matchAuthorization(adminOfComAToVersion))));
+
+        getClient(tokenAdminCol1).perform(get("/api/authz/authorizations/" + adminOfCol1ToVersion.getID()))
+                                 .andExpect(status().isOk())
+                                 .andExpect(jsonPath("$", Matchers.is(
+                                            AuthorizationMatcher.matchAuthorization(adminOfCol1ToVersion))));
+
+        getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + adminOfComBToVersion.getID()))
+                                 .andExpect(status().isNotFound());
+
+        getClient(tokenAdminCol2).perform(get("/api/authz/authorizations/" + adminOfCol2ToVersion.getID()))
+                                 .andExpect(status().isNotFound());
+    }
+
+    @Test
+    public void canDeleteVersionsFeatureWithVesionInSubmissionTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+
+        Community rootCommunity = CommunityBuilder.createCommunity(context)
+                                                  .withName("Parent Community")
+                                                  .build();
+
+        Collection col1 = CollectionBuilder.createCollection(context, rootCommunity)
+                                           .withName("Collection 1")
+                                           .withSubmitterGroup(eperson)
+                                           .build();
+
+        Item item = ItemBuilder.createItem(context, col1)
+                               .withTitle("Public item")
+                               .withIssueDate("2021-04-19")
+                               .withAuthor("Doe, John")
+                               .withSubject("ExtraEntry")
+                               .build();
+
+        Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
+        WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
+
+        context.restoreAuthSystemState();
+
+        assertNotNull(workspaceItem);
+
+        VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
+
+        String tokenAdmin = getAuthToken(admin.getEmail(), password);
+        String tokenEPerson = getAuthToken(eperson.getEmail(), password);
+
+        // define authorization that we know not exists
+        Authorization admin2Version = new Authorization(admin, canDeleteVersionFeature, versionRest);
+        Authorization eperson2Version = new Authorization(eperson, canDeleteVersionFeature, versionRest);
+        Authorization anonymous2Version = new Authorization(null, canDeleteVersionFeature, versionRest);
+
+        getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + admin2Version.getID()))
+                             .andExpect(status().isNotFound());
+
+        getClient(tokenEPerson).perform(get("/api/authz/authorizations/" + eperson2Version.getID()))
+                               .andExpect(status().isNotFound());
+
+        getClient().perform(get("/api/authz/authorizations/" + anonymous2Version.getID()))
+                   .andExpect(status().isNotFound());
+    }
+
+}