hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-10 19:43:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-270] Make delegate admin permissions configurable

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@4309 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Andrea Bollini
2009-09-30 19:20:07 +00:00
parent 316408bb47
commit 98c8f11320
43 changed files with 2609 additions and 587 deletions
Download Patch File Download Diff File Expand all files Collapse all files

161
dspace-api/src/main/java/org/dspace/content/Collection.java
View File

@@ -47,6 +47,8 @@ import java.util.List;
import java.util.MissingResourceException;
import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy;
@@ -486,7 +488,7 @@ public class Collection extends DSpaceObject
if (!((is == null) && AuthorizeManager.authorizeActionBoolean(
ourContext, this, Constants.DELETE)))
{
canEdit();
canEdit(true);
}
// First, delete any existing logo
@@ -541,8 +543,8 @@ public class Collection extends DSpaceObject
public Group createWorkflowGroup(int step) throws SQLException,
AuthorizeException
{
// Check authorisation - Must be an Admin to create Submitters Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN);
// Check authorisation - Must be an Admin to create Workflow Group
AuthorizeUtil.authorizeManageWorkflowsGroup(ourContext, this);
if (workflowGroup[step - 1] == null)
{
@@ -614,7 +616,7 @@ public class Collection extends DSpaceObject
public Group createSubmitters() throws SQLException, AuthorizeException
{
// Check authorisation - Must be an Admin to create Submitters Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN);
AuthorizeUtil.authorizeManageSubmittersGroup(ourContext, this);
if (submitters == null)
{
@@ -645,7 +647,7 @@ public class Collection extends DSpaceObject
public void removeSubmitters() throws SQLException, AuthorizeException
{
// Check authorisation - Must be an Admin to delete Submitters Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN);
AuthorizeUtil.authorizeManageSubmittersGroup(ourContext, this);
// just return if there is no administrative group.
if (submitters == null)
@@ -687,7 +689,7 @@ public class Collection extends DSpaceObject
public Group createAdministrators() throws SQLException, AuthorizeException
{
// Check authorisation - Must be an Admin to create more Admins
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN);
AuthorizeUtil.authorizeManageAdminGroup(ourContext, this);
if (admins == null)
{
@@ -706,13 +708,6 @@ public class Collection extends DSpaceObject
// register this as the admin group
collectionRow.setColumn("admin", admins.getID());
// administrators also get ADD on the submitter group
if (submitters != null)
{
AuthorizeManager.addPolicy(ourContext, submitters, Constants.ADD,
admins);
}
modified = true;
return admins;
}
@@ -726,19 +721,7 @@ public class Collection extends DSpaceObject
public void removeAdministrators() throws SQLException, AuthorizeException
{
// Check authorisation - Must be an Admin of the parent community to delete Admin Group
Community[] parentCommunities = getCommunities();
if (parentCommunities != null && parentCommunities.length > 0)
{
AuthorizeManager.authorizeAction(ourContext, this.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(ourContext))
{
// this should never happen, a collection should always have at least one parent community!
// anyway...
throw new AuthorizeException(
"Only system admin can remove the admin group of a collection outside any community",
this, Constants.ADMIN);
}
AuthorizeUtil.authorizeRemoveAdminGroup(ourContext, this);
// just return if there is no administrative group.
if (admins == null)
@@ -847,7 +830,7 @@ public class Collection extends DSpaceObject
public void createTemplateItem() throws SQLException, AuthorizeException
{
// Check authorisation
canEdit();
AuthorizeUtil.authorizeManageTemplateItem(ourContext, this);
if (template == null)
{
@@ -876,7 +859,7 @@ public class Collection extends DSpaceObject
IOException
{
// Check authorisation
canEdit();
AuthorizeUtil.authorizeManageTemplateItem(ourContext, this);
collectionRow.setColumnNull("template_item_id");
DatabaseManager.update(ourContext, collectionRow);
@@ -938,46 +921,27 @@ public class Collection extends DSpaceObject
// Check authorisation
AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE);
// will be the item an orphan?
TableRow row = DatabaseManager.querySingle(ourContext,
"SELECT COUNT(DISTINCT collection_id) AS num FROM collection2item WHERE item_id= ? ",
item.getID());
DatabaseManager.setConstraintDeferred(ourContext, "coll2item_item_fk");
if (row.getLongColumn("num") == 1)
{
// Orphan; delete it
item.delete();
}
log.info(LogManager.getHeader(ourContext, "remove_item",
"collection_id=" + getID() + ",item_id=" + item.getID()));
DatabaseManager.updateQuery(ourContext,
"DELETE FROM collection2item WHERE collection_id= ? "+
"AND item_id= ? ",
getID(), item.getID());
DatabaseManager.setConstraintImmediate(ourContext, "coll2item_item_fk");
ourContext.addEvent(new Event(Event.REMOVE, Constants.COLLECTION, getID(), Constants.ITEM, item.getID(), item.getHandle()));
// Is the item an orphan?
TableRowIterator tri = DatabaseManager.query(ourContext,
"SELECT * FROM collection2item WHERE item_id= ? ",
item.getID());
try
{
if (!tri.hasNext())
{
//make the right to remove the item explicit because the implicit
// relation
//has been removed. This only has to concern the currentUser
// because
//he started the removal process and he will end it too.
//also add right to remove from the item to remove it's bundles.
AuthorizeManager.addPolicy(ourContext, item, Constants.DELETE,
ourContext.getCurrentUser());
AuthorizeManager.addPolicy(ourContext, item, Constants.REMOVE,
ourContext.getCurrentUser());
// Orphan; delete it
item.delete();
}
}
finally
{
// close the TableRowIterator to free up resources
if (tri != null)
tri.close();
}
}
/**
@@ -991,7 +955,7 @@ public class Collection extends DSpaceObject
public void update() throws SQLException, IOException, AuthorizeException
{
// Check authorisation
canEdit();
canEdit(true);
log.info(LogManager.getHeader(ourContext, "update_collection",
"collection_id=" + getID()));
@@ -1010,12 +974,17 @@ public class Collection extends DSpaceObject
clearDetails();
}
}
public boolean canEditBoolean() throws java.sql.SQLException
{
return canEditBoolean(true);
}
public boolean canEditBoolean(boolean useInheritance) throws java.sql.SQLException
{
try
{
canEdit();
canEdit(useInheritance);
return true;
}
@@ -1025,27 +994,31 @@ public class Collection extends DSpaceObject
}
}
public void canEdit() throws AuthorizeException, SQLException
public void canEdit() throws AuthorizeException, SQLException
{
canEdit(true);
}
public void canEdit(boolean useInheritance) throws AuthorizeException, SQLException
{
Community[] parents = getCommunities();
for (int i = 0; i < parents.length; i++)
{
if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i],
Constants.WRITE))
Constants.WRITE, useInheritance))
{
return;
}
if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i],
Constants.ADD))
Constants.ADD, useInheritance))
{
return;
}
}
AuthorizeManager.authorizeAnyOf(ourContext, this, new int[] {
Constants.WRITE, Constants.ADMIN });
AuthorizeManager.authorizeAction(ourContext, this, Constants.WRITE, useInheritance);
}
/**
@@ -1400,4 +1373,54 @@ public class Collection extends DSpaceObject
return itemcount;
}
public DSpaceObject getAdminObject(int action) throws SQLException
{
DSpaceObject adminObject = null;
Community community = null;
Community[] communities = getCommunities();
if (communities != null && communities.length > 0)
{
community = communities[0];
}
switch (action)
{
case Constants.REMOVE:
if (AuthorizeConfiguration.canCollectionAdminPerformItemDeletion())
{
adminObject = this;
}
else if (AuthorizeConfiguration.canCommunityAdminPerformItemDeletion())
{
adminObject = community;
}
break;
case Constants.DELETE:
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion())
{
adminObject = community;
}
break;
default:
adminObject = this;
break;
}
return adminObject;
}
@Override
public DSpaceObject getParentObject() throws SQLException
{
Community[] communities = this.getCommunities();
if (communities != null && (communities.length > 0 && communities[0] != null))
{
return communities[0];
}
else
{
return null;
}
}
}