73914: Features Endpoint - Download Permissions in REST - Feedback

dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/DownloadFeature.java

@@ -9,7 +9,6 @@ package org.dspace.app.rest.authorization.impl;
 
 import java.sql.SQLException;
 
-import org.apache.log4j.Logger;
 import org.dspace.app.rest.authorization.AuthorizationFeature;
 import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
 import org.dspace.app.rest.authorization.AuthorizeServiceRestUtil;
@@ -30,8 +29,6 @@ import org.springframework.stereotype.Component;
         description = "It can be used to verify if the user can download a bitstream")
 public class DownloadFeature implements AuthorizationFeature {
 
-    Logger log = Logger.getLogger(DownloadFeature.class);
-
     public final static String NAME = "canDownload";
 
     @Autowired

dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/RequestCopyFeature.java

@@ -11,6 +11,7 @@ import java.sql.SQLException;
 import java.util.List;
 import java.util.UUID;
 
+import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
 import org.dspace.app.rest.authorization.AuthorizationFeature;
 import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
@@ -26,6 +27,8 @@ import org.dspace.content.service.BitstreamService;
 import org.dspace.content.service.ItemService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
+import org.dspace.eperson.EPerson;
+import org.dspace.services.ConfigurationService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
@@ -55,8 +58,23 @@ public class RequestCopyFeature implements AuthorizationFeature {
     @Autowired
     private BitstreamService bitstreamService;
 
+    @Autowired
+    private ConfigurationService configurationService;
+
     @Override
     public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
+        String requestType = configurationService.getProperty("request.item.type");
+        if (StringUtils.isBlank(requestType)) {
+            return false;
+        } else if (StringUtils.equalsIgnoreCase(requestType, "logged")) {
+            EPerson currentUser = context.getCurrentUser();
+            if (currentUser == null) {
+                return false;
+            }
+        } else if (!StringUtils.equalsIgnoreCase(requestType, "all")) {
+            log.warn("The configuration parameter \"request.item.type\" contains an invalid value.");
+            return false;
+        }
         if (object instanceof ItemRest) {
             ItemRest itemRest = (ItemRest) object;
             String id = itemRest.getId();
@@ -64,7 +82,7 @@ public class RequestCopyFeature implements AuthorizationFeature {
             if (!item.isArchived()) {
                 return false;
             }
-            List<Bundle> bunds = item.getBundles();
+            List<Bundle> bunds = itemService.getBundles(item, Constants.DEFAULT_BUNDLE_NAME);
 
             for (Bundle bund : bunds) {
                 List<Bitstream> bitstreams = bund.getBitstreams();

dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/RequestCopyFeatureIT.java

@@ -41,6 +41,7 @@ import org.dspace.content.Community;
 import org.dspace.content.Item;
 import org.dspace.content.WorkspaceItem;
 import org.dspace.core.Constants;
+import org.dspace.services.ConfigurationService;
 import org.hamcrest.Matchers;
 import org.junit.Before;
 import org.junit.Test;
@@ -63,10 +64,14 @@ public class RequestCopyFeatureIT extends AbstractControllerIntegrationTest {
     @Autowired
     private BitstreamConverter bitstreamConverter;
 
+    @Autowired
+    private ConfigurationService configurationService;
+
 
     @Autowired
     private Utils utils;
 
+
     private AuthorizationFeature requestCopyFeature;
 
     private Collection collectionA;
@@ -84,6 +89,9 @@ public class RequestCopyFeatureIT extends AbstractControllerIntegrationTest {
     @Before
     public void setUp() throws Exception {
         super.setUp();
+
+        configurationService.setProperty("request.item.type", "all");
+
         context.turnOffAuthorisationSystem();
         requestCopyFeature = authorizationFeatureService.find(RequestCopyFeature.NAME);
 
@@ -449,5 +457,95 @@ public class RequestCopyFeatureIT extends AbstractControllerIntegrationTest {
                         .andExpect(jsonPath("$._embedded").doesNotExist());
     }
 
+    public void requestACopyItemTypeLoggedAsAnonymous() throws Exception {
+        configurationService.setProperty("request.item.type", "logged");
 
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+
+        getClient().perform(get("/api/authz/authorizations/search/object")
+                                    .param("uri", bitstreamUri)
+                                    .param("feature", requestCopyFeature.getName()))
+                   .andExpect(status().isOk())
+                   .andExpect(jsonPath("$.page.totalElements", is(0)))
+                   .andExpect(jsonPath("$._embedded").doesNotExist());
+    }
+
+    @Test
+    public void requestACopyItemTypeLoggedAsEperson() throws Exception {
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+        Authorization authorizationFeature = new Authorization(eperson, requestCopyFeature, bitstreamRest);
+
+        String token = getAuthToken(eperson.getEmail(), password);
+
+        getClient(token).perform(get("/api/authz/authorizations/search/object")
+                                         .param("uri", bitstreamUri)
+                                         .param("feature", requestCopyFeature.getName()))
+                        .andExpect(status().isOk())
+                        .andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
+                        .andExpect(jsonPath("$._embedded.authorizations", contains(
+                                Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature))))
+                        );
+    }
+
+    public void requestACopyItemTypeEmptyAsAnonymous() throws Exception {
+        configurationService.setProperty("request.item.type", "");
+
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+
+        getClient().perform(get("/api/authz/authorizations/search/object")
+                                    .param("uri", bitstreamUri)
+                                    .param("feature", requestCopyFeature.getName()))
+                   .andExpect(status().isOk())
+                   .andExpect(jsonPath("$.page.totalElements", is(0)))
+                   .andExpect(jsonPath("$._embedded").doesNotExist());
+    }
+
+    public void requestACopyItemTypeEmptyAsEperson() throws Exception {
+        configurationService.setProperty("request.item.type", "");
+
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+
+        String token = getAuthToken(eperson.getEmail(), password);
+
+        getClient(token).perform(get("/api/authz/authorizations/search/object")
+                                         .param("uri", bitstreamUri)
+                                         .param("feature", requestCopyFeature.getName()))
+                        .andExpect(status().isOk())
+                        .andExpect(jsonPath("$.page.totalElements", is(0)))
+                        .andExpect(jsonPath("$._embedded").doesNotExist());
+    }
+
+    public void requestACopyItemTypeBogusValueAsAnonymous() throws Exception {
+        configurationService.setProperty("request.item.type", "invalid value");
+
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+
+        getClient().perform(get("/api/authz/authorizations/search/object")
+                                    .param("uri", bitstreamUri)
+                                    .param("feature", requestCopyFeature.getName()))
+                   .andExpect(status().isOk())
+                   .andExpect(jsonPath("$.page.totalElements", is(0)))
+                   .andExpect(jsonPath("$._embedded").doesNotExist());
+    }
+
+    public void requestACopyItemTypeBogusValueAsEperson() throws Exception {
+        configurationService.setProperty("request.item.type", "invalid value");
+
+        BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
+        String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
+
+        String token = getAuthToken(eperson.getEmail(), password);
+
+        getClient(token).perform(get("/api/authz/authorizations/search/object")
+                                         .param("uri", bitstreamUri)
+                                         .param("feature", requestCopyFeature.getName()))
+                        .andExpect(status().isOk())
+                        .andExpect(jsonPath("$.page.totalElements", is(0)))
+                        .andExpect(jsonPath("$._embedded").doesNotExist());
+    }
 }