hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

DS-1976 Don't list private items in new REST endpoints

Browse Source 
Private items are listable to admin, not to other users
These are new endpoints from REST CRUD
This commit is contained in:
Peter Dietz
2014-11-05 13:17:22 -05:00
parent 0da2c9d6b8
commit 8aeeffc4ac
2 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
dspace-rest/src/main/java/org/dspace/rest/CollectionsResource.java
View File

@@ -33,6 +33,7 @@ import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.browse.BrowseException;
import org.dspace.content.service.ItemService;
import org.dspace.rest.common.Collection;
import org.dspace.rest.common.Item;
import org.dspace.rest.common.MetadataEntry;
@@ -263,7 +264,7 @@ public class CollectionsResource extends Resource
if (i >= offset)
{
org.dspace.content.Item dspaceItem = dspaceItems.next();
if (AuthorizeManager.authorizeActionBoolean(context, dspaceItem, org.dspace.core.Constants.READ))
if (ItemService.isItemListedForUser(context, dspaceItem))
{
items.add(new Item(dspaceItem, expand, context));
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwarderfor,

3
dspace-rest/src/main/java/org/dspace/rest/ItemsResource.java
View File

@@ -39,6 +39,7 @@ import org.dspace.content.BitstreamFormat;
import org.dspace.content.Bundle;
import org.dspace.content.ItemIterator;
import org.dspace.content.Metadatum;
import org.dspace.content.service.ItemService;
import org.dspace.eperson.Group;
import org.dspace.rest.common.Bitstream;
import org.dspace.rest.common.Item;
@@ -178,7 +179,7 @@ public class ItemsResource extends Resource
org.dspace.content.Item dspaceItem = dspaceItems.next();
if (i >= offset)
{
if (AuthorizeManager.authorizeActionBoolean(context, dspaceItem, org.dspace.core.Constants.READ))
if (ItemService.isItemListedForUser(context, dspaceItem))
{
items.add(new Item(dspaceItem, expand, context));
writeStats(dspaceItem, UsageEvent.Action.VIEW, user_ip, user_agent, xforwarderfor,