hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-14 05:23:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

implemented CanDeleteVersion feature and tests to to verify proper functioning

Browse Source
This commit is contained in:
Mykhaylo
2021-09-14 13:14:30 +02:00
parent cc62552481
commit 5aa5485a9c
3 changed files with 332 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanDeleteVersionFeature.java Normal file
View File

@@ -0,0 +1,62 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization.impl;
import java.sql.SQLException;
import java.util.Objects;
import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
import org.dspace.app.rest.converter.ItemConverter;
import org.dspace.app.rest.model.BaseObjectRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.app.rest.model.VersionRest;
import org.dspace.app.rest.projection.DefaultProjection;
import org.dspace.core.Context;
import org.dspace.versioning.Version;
import org.dspace.versioning.service.VersioningService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* The delete version feature. It can be used to verify
* if the user can delete the version of an Item.
*
* @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
*/
@Component
@AuthorizationFeatureDocumentation(name = CanDeleteVersionFeature.NAME,
description = "It can be used to verify if the user can delete a version of an Item")
public class CanDeleteVersionFeature extends DeleteFeature {
@Autowired
private ItemConverter itemConverter;
@Autowired
private VersioningService versioningService;
public static final String NAME = "canDeleteVersion";
@Override
@SuppressWarnings("rawtypes")
public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
if (object instanceof VersionRest) {
Version version = versioningService.getVersion(context, ((VersionRest)object).getId());
if (Objects.nonNull(version) && Objects.nonNull(version.getItem())) {
ItemRest itemRest = itemConverter.convert(version.getItem(), DefaultProjection.DEFAULT);
return super.isAuthorized(context, itemRest);
}
}
return false;
}
@Override
public String[] getSupportedTypes() {
return new String[]{
VersionRest.CATEGORY + "." + VersionRest.NAME
};
}
}

13
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/VersionRestRepository.java
View File

@@ -49,7 +49,8 @@ import org.springframework.stereotype.Component;
* @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it) * @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
*/ */
@Component(VersionRest.CATEGORY + "." + VersionRest.NAME) @Component(VersionRest.CATEGORY + "." + VersionRest.NAME)
public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Integer> { public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Integer>
implements ReloadableEntityObjectRepository<Version, Integer> {
private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(VersionRestRepository.class); private static final Logger log = org.apache.logging.log4j.LogManager.getLogger(VersionRestRepository.class);
@@ -180,4 +181,14 @@ public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Int
return VersionRest.class; return VersionRest.class;
} }
@Override
public Version findDomainObjectByPk(Context context, Integer id) throws SQLException {
return versioningService.getVersion(context, id);
}
@Override
public Class<Integer> getPKClass() {
return Integer.class;
}
} }

258
dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/CanDeleteVersionFeatureIT.java Normal file
View File

@@ -0,0 +1,258 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization;
import static org.junit.Assert.assertNotNull;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import org.dspace.app.rest.authorization.impl.CanDeleteVersionFeature;
import org.dspace.app.rest.converter.VersionConverter;
import org.dspace.app.rest.matcher.AuthorizationMatcher;
import org.dspace.app.rest.model.VersionRest;
import org.dspace.app.rest.projection.DefaultProjection;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.EPersonBuilder;
import org.dspace.builder.ItemBuilder;
import org.dspace.builder.VersionBuilder;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.content.WorkspaceItem;
import org.dspace.content.service.WorkspaceItemService;
import org.dspace.eperson.EPerson;
import org.dspace.versioning.Version;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
/**
* Test for the canDeleteVersion authorization feature.
*
* @author Mykhaylo Boychuk (mykhaylo.boychuk at 4science.it)
*/
public class CanDeleteVersionFeatureIT extends AbstractControllerIntegrationTest {
@Autowired
private VersionConverter versionConverter;
@Autowired
private WorkspaceItemService workspaceItemService;
@Autowired
private AuthorizationFeatureService authorizationFeatureService;
@Autowired
private org.dspace.content.service.InstallItemService installItemService;
private AuthorizationFeature canDeleteVersionFeature;
final String feature = "canDeleteVersion";
@Before
@Override
public void setUp() throws Exception {
super.setUp();
context.turnOffAuthorisationSystem();
canDeleteVersionFeature = authorizationFeatureService.find(CanDeleteVersionFeature.NAME);
context.restoreAuthSystemState();
}
@Test
public void canDeleteVersionsFeatureTest() throws Exception {
context.turnOffAuthorisationSystem();
Community rootCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Collection col1 = CollectionBuilder.createCollection(context, rootCommunity)
.withName("Collection 1")
.withSubmitterGroup(eperson)
.build();
Item item = ItemBuilder.createItem(context, col1)
.withTitle("Public item")
.withIssueDate("2021-04-19")
.withAuthor("Doe, John")
.withSubject("ExtraEntry")
.build();
Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
installItemService.installItem(context, workspaceItem);
context.restoreAuthSystemState();
VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
String tokenAdmin = getAuthToken(admin.getEmail(), password);
String tokenEPerson = getAuthToken(eperson.getEmail(), password);
// define authorizations that we know must exists
Authorization admin2Version = new Authorization(admin, canDeleteVersionFeature, versionRest);
// define authorization that we know not exists
Authorization eperson2Version = new Authorization(eperson, canDeleteVersionFeature, versionRest);
Authorization anonymous2Version = new Authorization(null, canDeleteVersionFeature, versionRest);
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + admin2Version.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$",
Matchers.is(AuthorizationMatcher.matchAuthorization(admin2Version))));
getClient(tokenEPerson).perform(get("/api/authz/authorizations/" + eperson2Version.getID()))
.andExpect(status().isNotFound());
getClient().perform(get("/api/authz/authorizations/" + anonymous2Version.getID()))
.andExpect(status().isNotFound());
}
@Test
public void checkCanDeleteVersionsFeatureByColAndComAdminsTest() throws Exception {
context.turnOffAuthorisationSystem();
EPerson adminComA = EPersonBuilder.createEPerson(context)
.withEmail("testComAdminA@test.com")
.withPassword(password)
.build();
EPerson adminComB = EPersonBuilder.createEPerson(context)
.withEmail("testComBdminA@test.com")
.withPassword(password)
.build();
EPerson adminCol1 = EPersonBuilder.createEPerson(context)
.withEmail("testCol1Admin@test.com")
.withPassword(password)
.build();
EPerson adminCol2 = EPersonBuilder.createEPerson(context)
.withEmail("testCol2Admin@test.com")
.withPassword(password)
.build();
Community rootCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Community subCommunityA = CommunityBuilder.createSubCommunity(context, rootCommunity)
.withName("Sub Community A")
.withAdminGroup(adminComA)
.build();
CommunityBuilder.createSubCommunity(context, rootCommunity)
.withName("Sub Community B")
.withAdminGroup(adminComB)
.build();
Collection col1 = CollectionBuilder.createCollection(context, subCommunityA)
.withName("Collection 1")
.withSubmitterGroup(eperson)
.withAdminGroup(adminCol1)
.build();
CollectionBuilder.createCollection(context, subCommunityA)
.withName("Collection 2")
.withAdminGroup(adminCol2)
.build();
Item item = ItemBuilder.createItem(context, col1)
.withTitle("Public item")
.withIssueDate("2021-04-19")
.withAuthor("Doe, John")
.withSubject("ExtraEntry")
.build();
Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
installItemService.installItem(context, workspaceItem);
context.restoreAuthSystemState();
VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
String tokenAdminComA = getAuthToken(adminComA.getEmail(), password);
String tokenAdminComB = getAuthToken(adminComB.getEmail(), password);
String tokenAdminCol1 = getAuthToken(adminCol1.getEmail(), password);
String tokenAdminCol2 = getAuthToken(adminCol2.getEmail(), password);
// define authorizations that we know must exists
Authorization adminOfComAToVersion = new Authorization(adminComA, canDeleteVersionFeature, versionRest);
Authorization adminOfCol1ToVersion = new Authorization(adminCol1, canDeleteVersionFeature, versionRest);
// define authorization that we know not exists
Authorization adminOfComBToVersion = new Authorization(adminComB, canDeleteVersionFeature, versionRest);
Authorization adminOfCol2ToVersion = new Authorization(adminCol2, canDeleteVersionFeature, versionRest);
getClient(tokenAdminComA).perform(get("/api/authz/authorizations/" + adminOfComAToVersion.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(adminOfComAToVersion))));
getClient(tokenAdminCol1).perform(get("/api/authz/authorizations/" + adminOfCol1ToVersion.getID()))
.andExpect(status().isOk())
.andExpect(jsonPath("$", Matchers.is(
AuthorizationMatcher.matchAuthorization(adminOfCol1ToVersion))));
getClient(tokenAdminComB).perform(get("/api/authz/authorizations/" + adminOfComBToVersion.getID()))
.andExpect(status().isNotFound());
getClient(tokenAdminCol2).perform(get("/api/authz/authorizations/" + adminOfCol2ToVersion.getID()))
.andExpect(status().isNotFound());
}
@Test
public void canDeleteVersionsFeatureWithVesionInSubmissionTest() throws Exception {
context.turnOffAuthorisationSystem();
Community rootCommunity = CommunityBuilder.createCommunity(context)
.withName("Parent Community")
.build();
Collection col1 = CollectionBuilder.createCollection(context, rootCommunity)
.withName("Collection 1")
.withSubmitterGroup(eperson)
.build();
Item item = ItemBuilder.createItem(context, col1)
.withTitle("Public item")
.withIssueDate("2021-04-19")
.withAuthor("Doe, John")
.withSubject("ExtraEntry")
.build();
Version version = VersionBuilder.createVersion(context, item, "My test summary").build();
WorkspaceItem workspaceItem = workspaceItemService.findByItem(context, version.getItem());
context.restoreAuthSystemState();
assertNotNull(workspaceItem);
VersionRest versionRest = versionConverter.convert(version, DefaultProjection.DEFAULT);
String tokenAdmin = getAuthToken(admin.getEmail(), password);
String tokenEPerson = getAuthToken(eperson.getEmail(), password);
// define authorization that we know not exists
Authorization admin2Version = new Authorization(admin, canDeleteVersionFeature, versionRest);
Authorization eperson2Version = new Authorization(eperson, canDeleteVersionFeature, versionRest);
Authorization anonymous2Version = new Authorization(null, canDeleteVersionFeature, versionRest);
getClient(tokenAdmin).perform(get("/api/authz/authorizations/" + admin2Version.getID()))
.andExpect(status().isNotFound());
getClient(tokenEPerson).perform(get("/api/authz/authorizations/" + eperson2Version.getID()))
.andExpect(status().isNotFound());
getClient().perform(get("/api/authz/authorizations/" + anonymous2Version.getID()))
.andExpect(status().isNotFound());
}
}