mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
[DURACOM-357] fix Collection Admin cannot see withdrawn item metadata
This commit is contained in:
Stefano Maffei
@@ -8,7 +8,6 @@
|
||||
package org.dspace.app.rest.converter;
|
||||
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
@@ -76,8 +75,9 @@ public class ItemConverter
|
||||
List<MetadataValue> returnList = new LinkedList<>();
|
||||
try {
|
||||
if (obj.isWithdrawn() && (Objects.isNull(context) ||
|
||||
Objects.isNull(context.getCurrentUser()) || !authorizeService.isAdmin(context))) {
|
||||
return new MetadataValueList(new ArrayList<MetadataValue>());
|
||||
Objects.isNull(context.getCurrentUser()) ||
|
||||
!(authorizeService.isAdmin(context) || authorizeService.isCollectionAdmin(context)))) {
|
||||
return new MetadataValueList(List.of());
|
||||
}
|
||||
if (context != null && (authorizeService.isAdmin(context) || itemService.canEdit(context, obj))) {
|
||||
return new MetadataValueList(fullList);
|
||||
|
||||
@@ -425,6 +425,68 @@ public class ItemRestRepositoryIT extends AbstractControllerIntegrationTest {
|
||||
.andExpect(jsonPath("$", publicItem1Matcher));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void findOneWithdrawnAsCollectionAdminTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
// Create collection admin account
|
||||
EPerson collectionAdmin = EPersonBuilder.createEPerson(context)
|
||||
.withEmail("collection-admin@dspace.com")
|
||||
.withPassword("test")
|
||||
.withCanLogin(true)
|
||||
.build();
|
||||
parentCommunity = CommunityBuilder.createCommunity(context)
|
||||
.withName("Parent Community")
|
||||
.build();
|
||||
Community child1 = CommunityBuilder.createSubCommunity(context, parentCommunity)
|
||||
.withName("Sub Community")
|
||||
.build();
|
||||
|
||||
// Create collection
|
||||
Collection adminCollection = CollectionBuilder.createCollection(context, child1)
|
||||
.withName("Collection Admin col")
|
||||
.withAdminGroup(collectionAdmin)
|
||||
.build();
|
||||
Collection noAdminCollection =
|
||||
CollectionBuilder.createCollection(context, child1).withName("Collection non Admin")
|
||||
.build();
|
||||
|
||||
// both items are withdrawn
|
||||
Item administeredItem = ItemBuilder.createItem(context, adminCollection)
|
||||
.withTitle("Public item 1")
|
||||
.withIssueDate("2017-10-17")
|
||||
.withAuthor("Smith, Donald").withAuthor("Doe, John")
|
||||
.withSubject("ExtraEntry")
|
||||
.withdrawn()
|
||||
.build();
|
||||
|
||||
Item nonAdministeredItem = ItemBuilder.createItem(context, noAdminCollection)
|
||||
.withTitle("Public item 2")
|
||||
.withIssueDate("2016-02-13")
|
||||
.withAuthor("Smith, Maria").withAuthor("Doe, Jane")
|
||||
.withSubject("TestingForMore").withSubject("ExtraEntry")
|
||||
.withdrawn()
|
||||
.build();
|
||||
|
||||
context.restoreAuthSystemState();
|
||||
|
||||
String collectionAdmintoken = getAuthToken(collectionAdmin.getEmail(), "test");
|
||||
|
||||
// Metadata are retrieved since user is administering the item's collection
|
||||
getClient(collectionAdmintoken).perform(get("/api/core/items/" + administeredItem.getID())
|
||||
.param("projection", "full"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.metadata").isNotEmpty());
|
||||
|
||||
// No metadata is retrieved since user is not administering the item's collection
|
||||
getClient().perform(get("/api/core/items/" + nonAdministeredItem.getID())
|
||||
.param("projection", "full"))
|
||||
.andExpect(status().isOk())
|
||||
.andExpect(jsonPath("$.metadata").isEmpty());
|
||||
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void findOneFullProjectionTest() throws Exception {
|
||||
context.turnOffAuthorisationSystem();
|
||||
|
||||
Reference in New Issue
Block a user