mirror of
https://github.com/DSpace/DSpace.git
synced 2025-10-07 01:54:22 +00:00
65956: Cleanup and preauthorize fix for CRUD on Collection Item template
This commit is contained in:
Peter Nijs
@@ -7,10 +7,15 @@
|
||||
*/
|
||||
package org.dspace.app.rest;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.sql.SQLException;
|
||||
import java.util.UUID;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.ws.rs.BadRequestException;
|
||||
|
||||
import com.fasterxml.jackson.databind.JsonNode;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
import org.dspace.app.rest.exception.UnprocessableEntityException;
|
||||
import org.dspace.app.rest.model.CollectionRest;
|
||||
import org.dspace.app.rest.model.ItemRest;
|
||||
import org.dspace.app.rest.model.hateoas.ItemResource;
|
||||
@@ -29,6 +34,7 @@ import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestBody;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
@@ -86,18 +92,34 @@ public class CollectionItemtemplateController {
|
||||
* </pre>
|
||||
* @param request The request as described above
|
||||
* @param uuid The UUID of the Collection for which the template item should be made
|
||||
* @param itemBody The new item
|
||||
* @return The created template
|
||||
* @throws SQLException
|
||||
* @throws AuthorizeException
|
||||
*/
|
||||
@PreAuthorize("hasPermission(#uuid, 'COLLECTION', 'WRITE')")
|
||||
@RequestMapping(method = RequestMethod.POST)
|
||||
public ResponseEntity<ResourceSupport> createTemplateItem(HttpServletRequest request, @PathVariable UUID uuid)
|
||||
public ResponseEntity<ResourceSupport> createTemplateItem(HttpServletRequest request,
|
||||
@PathVariable UUID uuid,
|
||||
@RequestBody(required = false) JsonNode itemBody)
|
||||
throws SQLException, AuthorizeException {
|
||||
|
||||
if (itemBody == null) {
|
||||
throw new BadRequestException("The new item should be included as json in te body of this request");
|
||||
}
|
||||
|
||||
Context context = ContextUtil.obtainContext(request);
|
||||
Collection collection = getCollection(context, uuid);
|
||||
ItemRest templateItem = collectionRestRepository.createTemplateItem(context, collection);
|
||||
|
||||
ItemRest inputItemRest;
|
||||
try {
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
inputItemRest = mapper.readValue(itemBody.toString(), ItemRest.class);
|
||||
} catch (IOException e1) {
|
||||
throw new UnprocessableEntityException("Error parsing request body", e1);
|
||||
}
|
||||
|
||||
ItemRest templateItem = collectionRestRepository.createTemplateItem(context, collection, inputItemRest);
|
||||
context.commit();
|
||||
|
||||
return ControllerUtils.toResponseEntity(HttpStatus.CREATED, null,
|
||||
|
||||
@@ -151,7 +151,7 @@ public class ItemtemplateRestController {
|
||||
* @throws AuthorizeException
|
||||
* @throws IOException
|
||||
*/
|
||||
@PreAuthorize("hasPermission(#uuid, 'ITEM', 'WRITE')")
|
||||
@PreAuthorize("hasPermission(#uuid, 'ITEM', 'DELETE')")
|
||||
@RequestMapping(method = RequestMethod.DELETE)
|
||||
public ResponseEntity<ResourceSupport> deleteTemplateItem(HttpServletRequest request, @PathVariable UUID uuid)
|
||||
throws SQLException, AuthorizeException, IOException {
|
||||
|
||||
@@ -298,26 +298,18 @@ public class CollectionRestRepository extends DSpaceObjectRestRepository<Collect
|
||||
*
|
||||
* @param context
|
||||
* @param collection The collection for which to make the item
|
||||
* @param inputItemRest The new item
|
||||
* @return The created item
|
||||
* @throws SQLException
|
||||
* @throws AuthorizeException
|
||||
*/
|
||||
public ItemRest createTemplateItem(Context context, Collection collection) throws SQLException, AuthorizeException {
|
||||
public ItemRest createTemplateItem(Context context, Collection collection, ItemRest inputItemRest)
|
||||
throws SQLException, AuthorizeException {
|
||||
if (collection.getTemplateItem() != null) {
|
||||
throw new UnprocessableEntityException("Collection with ID " + collection.getID()
|
||||
+ " already contains a template item");
|
||||
}
|
||||
|
||||
HttpServletRequest req = getRequestService().getCurrentRequest().getHttpServletRequest();
|
||||
ItemRest inputItemRest;
|
||||
try {
|
||||
ServletInputStream input = req.getInputStream();
|
||||
ObjectMapper mapper = new ObjectMapper();
|
||||
inputItemRest = mapper.readValue(input, ItemRest.class);
|
||||
} catch (IOException e1) {
|
||||
throw new UnprocessableEntityException("Error parsing request body", e1);
|
||||
}
|
||||
|
||||
if (inputItemRest.getInArchive() || inputItemRest.getDiscoverable() || inputItemRest.getWithdrawn()) {
|
||||
throw new UnprocessableEntityException(
|
||||
"The template item should not be archived, discoverable or withdrawn");
|
||||
|
||||
@@ -64,9 +64,6 @@ public class ItemRestRepository extends DSpaceObjectRestRepository<Item, ItemRes
|
||||
@Autowired
|
||||
MetadataConverter metadataConverter;
|
||||
|
||||
@Autowired
|
||||
ItemPatch itemPatch;
|
||||
|
||||
@Autowired
|
||||
WorkspaceItemService workspaceItemService;
|
||||
|
||||
@@ -268,7 +265,7 @@ public class ItemRestRepository extends DSpaceObjectRestRepository<Item, ItemRes
|
||||
JsonPatchConverter patchConverter = new JsonPatchConverter(mapper);
|
||||
Patch patch = patchConverter.convert(jsonNode);
|
||||
|
||||
ItemRest patchedItemRest = itemPatch.patch(itemConverter.fromModel(item), patch.getOperations());
|
||||
ItemRest patchedItemRest = dsoPatch.patch(itemConverter.fromModel(item), patch.getOperations());
|
||||
updateDSpaceObject(item, patchedItemRest);
|
||||
|
||||
return itemConverter.fromModel(item);
|
||||
|
||||
Reference in New Issue
Block a user