Merge pull request #1606 from 4Science/DS-3441-5x

DS-3441 READ permission on the Collection object not respected by the JSPUI (5_x)

dspace-jspui/src/main/java/org/dspace/app/webui/servlet/HandleServlet.java

@@ -490,11 +490,15 @@ public class HandleServlet extends DSpaceServlet
      *            the HTTP response
      * @param community
      *            the community
+     * @throws AuthorizeException 
      */
     private void communityHome(Context context, HttpServletRequest request,
             HttpServletResponse response, Community community)
-            throws ServletException, IOException, SQLException
+            throws ServletException, IOException, SQLException, AuthorizeException
     {
+        // Ensure the user has authorisation
+    	AuthorizeManager.authorizeAction(context, community, Constants.READ);
+
         // Handle click on a browse or search button
         if (!handleButton(request, response, community.getHandle()))
         {
@@ -589,6 +593,9 @@ public class HandleServlet extends DSpaceServlet
             Collection collection) throws ServletException, IOException,
             SQLException, AuthorizeException
     {
+    	// Ensure the user has authorisation
+    	AuthorizeManager.authorizeAction(context, collection, Constants.READ);
+        
         // Handle click on a browse or search button
         if (!handleButton(request, response, collection.getHandle()))
         {