[DS-4096] Alter the moving item between collections to use PUT instead of POST

2025-10-07 01:54:22 +00:00 · 2018-12-05 14:24:56 +01:00
parent a55a5fd795
commit 783ec4bffe
2 changed files with 13 additions and 8 deletions
--- a/dspace-spring-rest/src/main/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestController.java
+++ b/dspace-spring-rest/src/main/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestController.java
@@ -25,6 +25,7 @@ import org.dspace.content.service.ItemService;
 import org.dspace.core.Constants;
 import org.dspace.core.Context;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.data.rest.webmvc.ResourceNotFoundException;
 import org.springframework.security.access.prepost.PostAuthorize;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -50,7 +51,7 @@ public class ItemOwningCollectionUpdateRestController {
    @Autowired
    CollectionConverter converter;

-    @RequestMapping(method = RequestMethod.POST, value = "/{targetUuid}")
+    @RequestMapping(method = RequestMethod.PUT, value = "/{targetUuid}")
    @PreAuthorize("hasPermission(#itemUuid, 'ITEM','WRITE') && hasPermission(#targetUuid,'COLLECTION','ADD')")
    @PostAuthorize("returnObject != null")
    public CollectionRest move(@PathVariable UUID itemUuid, HttpServletResponse response,
@@ -81,6 +82,10 @@ public class ItemOwningCollectionUpdateRestController {

        Item item = itemService.find(context, itemUuid);

+        if (item == null) {
+            throw new ResourceNotFoundException("Item with id: " + itemUuid + " not found");
+        }
+
        Collection currentCollection = item.getOwningCollection();

        if (authorizeService.authorizeActionBoolean(context, currentCollection, Constants.ADMIN)) {
--- a/dspace-spring-rest/src/test/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestControllerIT.java
+++ b/dspace-spring-rest/src/test/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestControllerIT.java
@@ -9,7 +9,7 @@ package org.dspace.app.rest;

 import static org.hamcrest.Matchers.is;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
-import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

@@ -52,7 +52,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll


        //When we call this owningCollection/move endpoint
-        getClient().perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+        getClient().perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                         + col2.getID()))

                   //We expect a 401 Unauthorized status when performed by anonymous
@@ -85,7 +85,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll

        //When we call this owningCollection/move endpoint
        getClient(token)
-                .perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+                .perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                      + col2.getID()))

                //We expect a 401 Unauthorized status when performed by anonymous
@@ -135,7 +135,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
        String token = getAuthToken(itemMoveEperson.getEmail(), "test");

        getClient(token)
-                .perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+                .perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                      + col2.getID()))

                //We expect a 401 Unauthorized status when performed by anonymous
@@ -178,7 +178,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll

        String token = getAuthToken(itemMoveEperson.getEmail(), "test");

-        getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+        getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                              + col2.getID()))

                        //We expect a 401 Unauthorized status when performed by anonymous
@@ -216,7 +216,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll

        String token = getAuthToken(itemMoveEperson.getEmail(), "test");

-        getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+        getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                              + col2.getID()))

                        //We expect a 401 Unauthorized status when performed by anonymous
@@ -254,7 +254,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll

        String token = getAuthToken(itemMoveEperson.getEmail(), "test");

-        getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+        getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
                                              + col2.getID()))

                        //We expect a 401 Unauthorized status when performed by anonymous