hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-15 14:03:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-259] Community/collection admin should not to be able to delete their admin group

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@4093 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Andrea Bollini
2009-07-18 12:51:12 +00:00
parent 9958796337
commit 65e6ec3143
3 changed files with 27 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
dspace-api/src/main/java/org/dspace/content/Collection.java
View File

@@ -725,8 +725,20 @@ public class Collection extends DSpaceObject
*/ */
public void removeAdministrators() throws SQLException, AuthorizeException public void removeAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to delete Admin Group // Check authorisation - Must be an Admin of the parent community to delete Admin Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); Community[] parentCommunities = getCommunities();
if (parentCommunities != null && parentCommunities.length > 0)
{
AuthorizeManager.authorizeAction(ourContext, this.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(ourContext))
{
// this should never happen, a collection should always have at least one parent community!
// anyway...
throw new AuthorizeException(
"Only system admin can remove the admin group of a collection outside any community",
this, Constants.ADMIN);
}
// just return if there is no administrative group. // just return if there is no administrative group.
if (admins == null) if (admins == null)

14
dspace-api/src/main/java/org/dspace/content/Community.java
View File

@@ -555,8 +555,18 @@ public class Community extends DSpaceObject
*/ */
public void removeAdministrators() throws SQLException, AuthorizeException public void removeAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to delete Admin group // Check authorisation - Must be an Admin of the parent community (or system admin) to delete Admin group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); Community parentCommunity = getParentCommunity();
if (parentCommunity != null)
{
AuthorizeManager.authorizeAction(ourContext, parentCommunity, Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(ourContext))
{
throw new AuthorizeException(
"Only system admin can remove the admin group of a top community",
this, Constants.ADMIN);
}
// just return if there is no administrative group. // just return if there is no administrative group.
if (admins == null) if (admins == null)

1
dspace/CHANGES
View File

@@ -47,6 +47,7 @@
- [DS-199] SWORD module doesn't accept X-No-Op header (dry run) - [DS-199] SWORD module doesn't accept X-No-Op header (dry run)
- [DS-223] Submission process show previous button in JSPUI also if the step is the first "visible" step - [DS-223] Submission process show previous button in JSPUI also if the step is the first "visible" step
- [DS-227] Values with double apos doesn't work in dropdown and list input type - [DS-227] Values with double apos doesn't work in dropdown and list input type
- [DS-259] Community/collection admin should not to be able to delete their admin group
(Tim Donohue) (Tim Donohue)
- [DS-218] Cannot add/remove email subscriptions from Profile page in XMLUI - [DS-218] Cannot add/remove email subscriptions from Profile page in XMLUI