65956: Cleanup and preauthorize fix for CRUD on Collection Item template

dspace-server-webapp/src/main/java/org/dspace/app/rest/CollectionItemtemplateController.java

@@ -7,10 +7,15 @@
  */
 package org.dspace.app.rest;
 
+import java.io.IOException;
 import java.sql.SQLException;
 import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.BadRequestException;
 
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.dspace.app.rest.exception.UnprocessableEntityException;
 import org.dspace.app.rest.model.CollectionRest;
 import org.dspace.app.rest.model.ItemRest;
 import org.dspace.app.rest.model.hateoas.ItemResource;
@@ -29,6 +34,7 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
@@ -86,18 +92,34 @@ public class CollectionItemtemplateController {
      * </pre>
      * @param request   The request as described above
      * @param uuid      The UUID of the Collection for which the template item should be made
+     * @param itemBody  The new item
      * @return          The created template
      * @throws SQLException
      * @throws AuthorizeException
      */
     @PreAuthorize("hasPermission(#uuid, 'COLLECTION', 'WRITE')")
     @RequestMapping(method = RequestMethod.POST)
-    public ResponseEntity<ResourceSupport> createTemplateItem(HttpServletRequest request, @PathVariable UUID uuid)
+    public ResponseEntity<ResourceSupport> createTemplateItem(HttpServletRequest request,
+                                                              @PathVariable UUID uuid,
+                                                              @RequestBody(required = false) JsonNode itemBody)
             throws SQLException, AuthorizeException {
 
+        if (itemBody == null) {
+            throw new BadRequestException("The new item should be included as json in te body of this request");
+        }
+
         Context context = ContextUtil.obtainContext(request);
         Collection collection = getCollection(context, uuid);
-        ItemRest templateItem = collectionRestRepository.createTemplateItem(context, collection);
+
+        ItemRest inputItemRest;
+        try {
+            ObjectMapper mapper = new ObjectMapper();
+            inputItemRest = mapper.readValue(itemBody.toString(), ItemRest.class);
+        } catch (IOException e1) {
+            throw new UnprocessableEntityException("Error parsing request body", e1);
+        }
+
+        ItemRest templateItem = collectionRestRepository.createTemplateItem(context, collection, inputItemRest);
         context.commit();
 
         return ControllerUtils.toResponseEntity(HttpStatus.CREATED, null,

dspace-server-webapp/src/main/java/org/dspace/app/rest/ItemtemplateRestController.java

@@ -151,7 +151,7 @@ public class ItemtemplateRestController {
      * @throws AuthorizeException
      * @throws IOException
      */
-    @PreAuthorize("hasPermission(#uuid, 'ITEM', 'WRITE')")
+    @PreAuthorize("hasPermission(#uuid, 'ITEM', 'DELETE')")
     @RequestMapping(method = RequestMethod.DELETE)
     public ResponseEntity<ResourceSupport> deleteTemplateItem(HttpServletRequest request, @PathVariable UUID uuid)
         throws SQLException, AuthorizeException, IOException {

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/CollectionRestRepository.java

@@ -298,26 +298,18 @@ public class CollectionRestRepository extends DSpaceObjectRestRepository<Collect
      *
      * @param context
      * @param collection    The collection for which to make the item
+     * @param inputItemRest The new item
      * @return              The created item
      * @throws SQLException
      * @throws AuthorizeException
      */
-    public ItemRest createTemplateItem(Context context, Collection collection) throws SQLException, AuthorizeException {
+    public ItemRest createTemplateItem(Context context, Collection collection, ItemRest inputItemRest)
+        throws SQLException, AuthorizeException {
         if (collection.getTemplateItem() != null) {
             throw new UnprocessableEntityException("Collection with ID " + collection.getID()
                 + " already contains a template item");
         }
 
-        HttpServletRequest req = getRequestService().getCurrentRequest().getHttpServletRequest();
-        ItemRest inputItemRest;
-        try {
-            ServletInputStream input = req.getInputStream();
-            ObjectMapper mapper = new ObjectMapper();
-            inputItemRest = mapper.readValue(input, ItemRest.class);
-        } catch (IOException e1) {
-            throw new UnprocessableEntityException("Error parsing request body", e1);
-        }
-
         if (inputItemRest.getInArchive() || inputItemRest.getDiscoverable() || inputItemRest.getWithdrawn()) {
             throw new UnprocessableEntityException(
                     "The template item should not be archived, discoverable or withdrawn");

dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/ItemRestRepository.java

@@ -64,9 +64,6 @@ public class ItemRestRepository extends DSpaceObjectRestRepository<Item, ItemRes
     @Autowired
     MetadataConverter metadataConverter;
 
-    @Autowired
-    ItemPatch itemPatch;
-
     @Autowired
     WorkspaceItemService workspaceItemService;
 
@@ -268,7 +265,7 @@ public class ItemRestRepository extends DSpaceObjectRestRepository<Item, ItemRes
         JsonPatchConverter patchConverter = new JsonPatchConverter(mapper);
         Patch patch = patchConverter.convert(jsonNode);
 
-        ItemRest patchedItemRest = itemPatch.patch(itemConverter.fromModel(item), patch.getOperations());
+        ItemRest patchedItemRest = dsoPatch.patch(itemConverter.fromModel(item), patch.getOperations());
         updateDSpaceObject(item, patchedItemRest);
 
         return itemConverter.fromModel(item);