hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-08 10:34:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-4096] Alter the moving item between collections to use PUT instead of POST

Browse Source
This commit is contained in:
Kevin Van de Velde
2018-12-05 14:24:56 +01:00
parent a55a5fd795
commit 783ec4bffe
2 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
dspace-spring-rest/src/main/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestController.java
View File

@@ -25,6 +25,7 @@ import org.dspace.content.service.ItemService;
import org.dspace.core.Constants; import org.dspace.core.Constants;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.rest.webmvc.ResourceNotFoundException;
import org.springframework.security.access.prepost.PostAuthorize; import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@@ -50,7 +51,7 @@ public class ItemOwningCollectionUpdateRestController {
@Autowired @Autowired
CollectionConverter converter; CollectionConverter converter;
@RequestMapping(method = RequestMethod.POST, value = "/{targetUuid}") @RequestMapping(method = RequestMethod.PUT, value = "/{targetUuid}")
@PreAuthorize("hasPermission(#itemUuid, 'ITEM','WRITE') && hasPermission(#targetUuid,'COLLECTION','ADD')") @PreAuthorize("hasPermission(#itemUuid, 'ITEM','WRITE') && hasPermission(#targetUuid,'COLLECTION','ADD')")
@PostAuthorize("returnObject != null") @PostAuthorize("returnObject != null")
public CollectionRest move(@PathVariable UUID itemUuid, HttpServletResponse response, public CollectionRest move(@PathVariable UUID itemUuid, HttpServletResponse response,
@@ -81,6 +82,10 @@ public class ItemOwningCollectionUpdateRestController {
Item item = itemService.find(context, itemUuid); Item item = itemService.find(context, itemUuid);
if (item == null) {
throw new ResourceNotFoundException("Item with id: " + itemUuid + " not found");
}
Collection currentCollection = item.getOwningCollection(); Collection currentCollection = item.getOwningCollection();
if (authorizeService.authorizeActionBoolean(context, currentCollection, Constants.ADMIN)) { if (authorizeService.authorizeActionBoolean(context, currentCollection, Constants.ADMIN)) {

14
dspace-spring-rest/src/test/java/org/dspace/app/rest/ItemOwningCollectionUpdateRestControllerIT.java
View File

@@ -9,7 +9,7 @@ package org.dspace.app.rest;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -52,7 +52,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
//When we call this owningCollection/move endpoint //When we call this owningCollection/move endpoint
getClient().perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" getClient().perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous
@@ -85,7 +85,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
//When we call this owningCollection/move endpoint //When we call this owningCollection/move endpoint
getClient(token) getClient(token)
.perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" .perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous
@@ -135,7 +135,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
String token = getAuthToken(itemMoveEperson.getEmail(), "test"); String token = getAuthToken(itemMoveEperson.getEmail(), "test");
getClient(token) getClient(token)
.perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" .perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous
@@ -178,7 +178,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
String token = getAuthToken(itemMoveEperson.getEmail(), "test"); String token = getAuthToken(itemMoveEperson.getEmail(), "test");
getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous
@@ -216,7 +216,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
String token = getAuthToken(itemMoveEperson.getEmail(), "test"); String token = getAuthToken(itemMoveEperson.getEmail(), "test");
getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous
@@ -254,7 +254,7 @@ public class ItemOwningCollectionUpdateRestControllerIT extends AbstractControll
String token = getAuthToken(itemMoveEperson.getEmail(), "test"); String token = getAuthToken(itemMoveEperson.getEmail(), "test");
getClient(token).perform(post("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/" getClient(token).perform(put("/api/core/items/" + publicItem1.getID() + "/owningCollection/move/"
+ col2.getID())) + col2.getID()))
//We expect a 401 Unauthorized status when performed by anonymous //We expect a 401 Unauthorized status when performed by anonymous