[DS-259] Community/collection admin should not to be able to delete their admin group

git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@4093 9c30dcfa-912a-0410-8fc2-9e0234be79fd
2025-10-12 12:33:18 +00:00 · 2009-07-18 12:51:12 +00:00
parent 9958796337
commit 65e6ec3143
3 changed files with 27 additions and 4 deletions
--- a/dspace-api/src/main/java/org/dspace/content/Community.java
+++ b/dspace-api/src/main/java/org/dspace/content/Community.java
@@ -555,8 +555,18 @@ public class Community extends DSpaceObject
     */
    public void removeAdministrators() throws SQLException, AuthorizeException
    {
-        // Check authorisation - Must be an Admin to delete Admin group
-        AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN);
+        // Check authorisation - Must be an Admin of the parent community (or system admin) to delete Admin group
+        Community parentCommunity = getParentCommunity();
+        if (parentCommunity != null)
+        {
+            AuthorizeManager.authorizeAction(ourContext, parentCommunity, Constants.ADMIN);
+        }
+        else if (!AuthorizeManager.isAdmin(ourContext))
+        {
+            throw new AuthorizeException(
+                    "Only system admin can remove the admin group of a top community",
+                    this, Constants.ADMIN); 
+        }

        // just return if there is no administrative group.
        if (admins == null)