hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-09 19:13:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-562] Community admin or user with WRITE, ADD and ADMIN policy on collection cannot delete that collection due to bug in AuthorizeUtil.authorizeManageTemplateItem(context,collection)

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@5703 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Andrea Bollini
2010-11-01 11:50:13 +00:00
parent cb3161f6ca
commit 7a4fe91ccb
3 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
View File

@@ -307,7 +307,7 @@ public class AuthorizeUtil
: null; : null;
AuthorizeManager.authorizeAction(context, parent, Constants.ADMIN); AuthorizeManager.authorizeAction(context, parent, Constants.ADMIN);
} }
else if (!AuthorizeManager.isAdmin(context)) else if (!isAuthorized && !AuthorizeManager.isAdmin(context))
{ {
throw new AuthorizeException( throw new AuthorizeException(
"You are not authorized to create a template item for the collection"); "You are not authorized to create a template item for the collection");

8
dspace-api/src/main/java/org/dspace/content/Collection.java
View File

@@ -909,16 +909,20 @@ public class Collection extends DSpaceObject
collectionRow.setColumnNull("template_item_id"); collectionRow.setColumnNull("template_item_id");
DatabaseManager.update(ourContext, collectionRow); DatabaseManager.update(ourContext, collectionRow);
if (template != null) if (template != null)
{ {
log.info(LogManager.getHeader(ourContext, "remove_template_item", log.info(LogManager.getHeader(ourContext, "remove_template_item",
"collection_id=" + getID() + ",template_item_id=" "collection_id=" + getID() + ",template_item_id="
+ template.getID())); + template.getID()));
// temporary turn off auth system, we have already checked the permission on the top of the method
// check it again will fail because we have already broken the relation between the collection and the item
ourContext.turnOffAuthorisationSystem();
template.delete(); template.delete();
ourContext.restoreAuthSystemState();
template = null; template = null;
} }
ourContext.addEvent(new Event(Event.MODIFY, Constants.COLLECTION, getID(), "remove_template_item")); ourContext.addEvent(new Event(Event.MODIFY, Constants.COLLECTION, getID(), "remove_template_item"));
} }

1
dspace/CHANGES
View File

@@ -12,6 +12,7 @@
(Andrea Bollini) (Andrea Bollini)
- [DS-585] The Content Disposition configuration is ignored by unpublished items - [DS-585] The Content Disposition configuration is ignored by unpublished items
- [DS-704] Update pdfbox library to improve performance and out-of-box support for pdf extraction - [DS-704] Update pdfbox library to improve performance and out-of-box support for pdf extraction
- [DS-562] Community admin or user with WRITE, ADD and ADMIN policy on collection cannot delete that collection due to bug in AuthorizeUtil.authorizeManageTemplateItem(context,collection)
(Reinhard Engels) (Reinhard Engels)
- [DS-637] Browse index bug/fix ONLY for authority index: first "too low" confidence value stop current item metadata to be indexed in the autority index - [DS-637] Browse index bug/fix ONLY for authority index: first "too low" confidence value stop current item metadata to be indexed in the autority index