hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-10 19:43:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

[DS-270] Make delegate admin permissions configurable

Browse Source 
git-svn-id: http://scm.dspace.org/svn/repo/dspace/trunk@4309 9c30dcfa-912a-0410-8fc2-9e0234be79fd
This commit is contained in:
Andrea Bollini
2009-09-30 19:20:07 +00:00
parent 316408bb47
commit 98c8f11320
43 changed files with 2609 additions and 587 deletions
Download Patch File Download Diff File Expand all files Collapse all files

406
dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java Normal file
View File

@@ -0,0 +1,406 @@
/*
* AuthorizeUtil.java
*
* Version: $Revision: 3980 $
*
* Date: $Date: 2009-06-26 19:07:25 +0200 (ven, 26 giu 2009) $
*
* Copyright (c) 2002-2009, The DSpace Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of the DSpace Foundation nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
package org.dspace.app.util;
import java.sql.SQLException;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.core.Constants;
import org.dspace.core.Context;
public class AuthorizeUtil
{
public static void authorizeManageBitstreamPolicy(Context context,
Bitstream bitstream) throws AuthorizeException, SQLException
{
Bundle bundle = bitstream.getBundles()[0];
authorizeManageBundlePolicy(context, bundle);
}
public static void authorizeManageBundlePolicy(Context context,
Bundle bundle) throws AuthorizeException, SQLException
{
Item item = bundle.getItems()[0];
authorizeManageItemPolicy(context, item);
}
public static void authorizeManageItemPolicy(Context context, Item item)
throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canItemAdminManagePolicies())
{
AuthorizeManager.authorizeAction(context, item, Constants.ADMIN);
}
else if (AuthorizeConfiguration.canCollectionAdminManageItemPolicies())
{
AuthorizeManager.authorizeAction(context, item
.getOwningCollection(), Constants.ADMIN);
}
else if (AuthorizeConfiguration.canCommunityAdminManageItemPolicies())
{
AuthorizeManager
.authorizeAction(context, item.getOwningCollection()
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage item policies");
}
}
public static void authorizeManageCollectionPolicy(Context context,
Collection collection) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCollectionAdminManagePolicies())
{
AuthorizeManager.authorizeAction(context, collection,
Constants.ADMIN);
}
else if (AuthorizeConfiguration
.canCommunityAdminManageCollectionPolicies())
{
AuthorizeManager.authorizeAction(context, collection
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage collection policies");
}
}
public static void authorizeManageCommunityPolicy(Context context,
Community community) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCommunityAdminManagePolicies())
{
AuthorizeManager.authorizeAction(context, community,
Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage community policies");
}
}
public static void requireAdminRole(Context context)
throws AuthorizeException, SQLException
{
if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to perform this action");
}
}
public static void authorizeManageCCLicense(Context context, Item item)
throws AuthorizeException, SQLException
{
try
{
AuthorizeManager.authorizeAction(context, item, Constants.ADD);
AuthorizeManager.authorizeAction(context, item, Constants.REMOVE);
}
catch (AuthorizeException authex)
{
if (AuthorizeConfiguration.canItemAdminManageCCLicense())
{
AuthorizeManager
.authorizeAction(context, item, Constants.ADMIN);
}
else if (AuthorizeConfiguration.canCollectionAdminManageCCLicense())
{
AuthorizeManager.authorizeAction(context, item
.getParentObject(), Constants.ADMIN);
}
else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense())
{
AuthorizeManager.authorizeAction(context, item
.getParentObject().getParentObject(), Constants.ADMIN);
}
else
{
requireAdminRole(context);
}
}
}
public static void authorizeManageTemplateItem(Context context,
Collection collection) throws AuthorizeException, SQLException
{
boolean isAuthorized = collection.canEditBoolean(false);
if (!isAuthorized
&& AuthorizeConfiguration
.canCollectionAdminManageTemplateItem())
{
AuthorizeManager.authorizeAction(context, collection,
Constants.ADMIN);
}
else if (!isAuthorized
&& AuthorizeConfiguration
.canCommunityAdminManageCollectionTemplateItem())
{
Community[] communities = collection.getCommunities();
Community parent = communities != null && communities.length > 0 ? communities[0]
: null;
AuthorizeManager.authorizeAction(context, parent, Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"You are not authorized to create a template item for the collection");
}
}
public static void authorizeManageSubmittersGroup(Context context,
Collection collection) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCollectionAdminManageSubmitters())
{
AuthorizeManager.authorizeAction(context, collection,
Constants.ADMIN);
}
else if (AuthorizeConfiguration
.canCommunityAdminManageCollectionSubmitters())
{
AuthorizeManager.authorizeAction(context, collection
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage collection submitters");
}
}
public static void authorizeManageWorkflowsGroup(Context context,
Collection collection) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCollectionAdminManageWorkflows())
{
AuthorizeManager.authorizeAction(context, collection,
Constants.ADMIN);
}
else if (AuthorizeConfiguration
.canCommunityAdminManageCollectionWorkflows())
{
AuthorizeManager.authorizeAction(context, collection
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage collection workflow");
}
}
public static void authorizeManageAdminGroup(Context context,
Collection collection) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup())
{
AuthorizeManager.authorizeAction(context, collection,
Constants.ADMIN);
}
else if (AuthorizeConfiguration
.canCommunityAdminManageCollectionAdminGroup())
{
AuthorizeManager.authorizeAction(context, collection
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage collection admin");
}
}
public static void authorizeRemoveAdminGroup(Context context,
Collection collection) throws AuthorizeException, SQLException
{
Community[] parentCommunities = collection.getCommunities();
if (AuthorizeConfiguration
.canCommunityAdminManageCollectionAdminGroup()
&& parentCommunities != null && parentCommunities.length > 0)
{
AuthorizeManager.authorizeAction(context, collection
.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin can remove the admin group of a collection");
}
}
public static void authorizeManageAdminGroup(Context context,
Community community) throws AuthorizeException, SQLException
{
if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup())
{
AuthorizeManager.authorizeAction(context, community,
Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin are allowed to manage community admin");
}
}
public static void authorizeRemoveAdminGroup(Context context,
Community community) throws SQLException, AuthorizeException
{
Community parentCommunity = community.getParentCommunity();
if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()
&& parentCommunity != null)
{
AuthorizeManager.authorizeAction(context, parentCommunity,
Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(context))
{
throw new AuthorizeException(
"Only system admin can remove the admin group of the community");
}
}
public static void authorizeManagePolicy(Context c, ResourcePolicy rp)
throws SQLException, AuthorizeException
{
switch (rp.getResourceType())
{
case Constants.BITSTREAM:
authorizeManageBitstreamPolicy(c, Bitstream.find(c, rp
.getResourceID()));
break;
case Constants.BUNDLE:
authorizeManageBundlePolicy(c, Bundle.find(c, rp.getResourceID()));
break;
case Constants.ITEM:
authorizeManageItemPolicy(c, Item.find(c, rp.getResourceID()));
break;
case Constants.COLLECTION:
authorizeManageCollectionPolicy(c, Collection.find(c, rp
.getResourceID()));
break;
case Constants.COMMUNITY:
authorizeManageCommunityPolicy(c, Community.find(c, rp
.getResourceID()));
break;
default:
requireAdminRole(c);
break;
}
}
public static void authorizeWithdrawItem(Context context, Item item)
throws SQLException, AuthorizeException
{
boolean authorized = false;
if (AuthorizeConfiguration.canCollectionAdminPerformItemWithdrawn())
{
authorized = AuthorizeManager.authorizeActionBoolean(context, item
.getOwningCollection(), Constants.ADMIN);
}
else if (AuthorizeConfiguration.canCommunityAdminPerformItemWithdrawn())
{
authorized = AuthorizeManager
.authorizeActionBoolean(context, item.getOwningCollection()
.getCommunities()[0], Constants.ADMIN);
}
if (!authorized)
{
authorized = AuthorizeManager.authorizeActionBoolean(context, item
.getOwningCollection(), Constants.REMOVE, false);
}
// authorized
if (!authorized)
{
throw new AuthorizeException(
"To withdraw item must be COLLECTION_ADMIN or have REMOVE authorization on owning Collection");
}
}
public static void authorizeReinstateItem(Context context, Item item)
throws SQLException, AuthorizeException
{
Collection[] colls = item.getCollections();
for (int i = 0; i < colls.length; i++)
{
if (!AuthorizeConfiguration
.canCollectionAdminPerformItemReinstatiate())
{
if (AuthorizeConfiguration
.canCommunityAdminPerformItemReinstatiate()
&& AuthorizeManager.authorizeActionBoolean(context,
colls[i].getCommunities()[0], Constants.ADMIN))
{
// authorized
}
else
{
AuthorizeManager.authorizeAction(context, colls[i],
Constants.ADD, false);
}
}
else
{
AuthorizeManager.authorizeAction(context, colls[i],
Constants.ADD);
}
}
}
}

556
dspace-api/src/main/java/org/dspace/authorize/AuthorizeConfiguration.java Normal file
View File

@@ -0,0 +1,556 @@
/*
* AuthorizeConfiguration.java
*
* Version: $Revision: 3980 $
*
* Date: $Date: 2009-06-26 19:07:25 +0200 (ven, 26 giu 2009) $
*
* Copyright (c) 2002-2009, The DSpace Foundation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* - Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* - Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* - Neither the name of the DSpace Foundation nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
* TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
* USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*/
package org.dspace.authorize;
import org.dspace.core.ConfigurationManager;
/**
* This class is responsible to provide access to the configuration of the
* Authorization System
*
* @author bollini
*
*/
public class AuthorizeConfiguration
{
private static boolean can_communityAdmin_group = ConfigurationManager
.getBooleanProperty("core.authorization.community-admin.group",
true);
// subcommunities and collections
private static boolean can_communityAdmin_createSubelement = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.create-subelement",
true);
private static boolean can_communityAdmin_deleteSubelement = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.delete-subelement",
true);
private static boolean can_communityAdmin_policies = ConfigurationManager
.getBooleanProperty("core.authorization.community-admin.policies",
true);
private static boolean can_communityAdmin_adminGroup = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.admin-group", true);
private static boolean can_communityAdmin_collectionPolicies = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.collection.policies",
true);
private static boolean can_communityAdmin_collectionTemplateItem = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.collection.template-item",
true);
private static boolean can_communityAdmin_collectionSubmitters = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.collection.submitters",
true);
private static boolean can_communityAdmin_collectionWorkflows = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.collection.workflows",
true);
private static boolean can_communityAdmin_collectionAdminGroup = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.collection.admin-group",
true);
private static boolean can_communityAdmin_itemDelete = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.delete", true);
private static boolean can_communityAdmin_itemWithdraw = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.withdraw", true);
private static boolean can_communityAdmin_itemReinstatiate = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.reinstatiate",
true);
private static boolean can_communityAdmin_itemPolicies = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.policies", true);
// # also bundle
private static boolean can_communityAdmin_itemCreateBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.create-bitstream",
true);
private static boolean can_communityAdmin_itemDeleteBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item.delete-bitstream",
true);
private static boolean can_communityAdmin_itemAdminccLicense = ConfigurationManager
.getBooleanProperty(
"core.authorization.community-admin.item-admin.cc-license",
true);
// # COLLECTION ADMIN
private static boolean can_collectionAdmin_policies = ConfigurationManager
.getBooleanProperty("core.authorization.collection-admin.policies",
true);
private static boolean can_collectionAdmin_templateItem = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.template-item", true);
private static boolean can_collectionAdmin_submitters = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.submitters", true);
private static boolean can_collectionAdmin_workflows = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.workflows", true);
private static boolean can_collectionAdmin_adminGroup = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.admin-group", true);
private static boolean can_collectionAdmin_itemDelete = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.delete", true);
private static boolean can_collectionAdmin_itemWithdraw = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.withdraw", true);
private static boolean can_collectionAdmin_itemReinstatiate = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.reinstatiate",
true);
private static boolean can_collectionAdmin_itemPolicies = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.policies", true);
// # also bundle
private static boolean can_collectionAdmin_itemCreateBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.create-bitstream",
true);
private static boolean can_collectionAdmin_itemDeleteBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item.delete-bitstream",
true);
private static boolean can_collectionAdmin_itemAdminccLicense = ConfigurationManager
.getBooleanProperty(
"core.authorization.collection-admin.item-admin.cc-license",
true);
// # ITEM ADMIN
private static boolean can_itemAdmin_policies = ConfigurationManager
.getBooleanProperty("core.authorization.item-admin.policies", true);
// # also bundle
private static boolean can_itemAdmin_createBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.item-admin.create-bitstream", true);
private static boolean can_itemAdmin_deleteBitstream = ConfigurationManager
.getBooleanProperty(
"core.authorization.item-admin.delete-bitstream", true);
private static boolean can_itemAdmin_ccLicense = ConfigurationManager
.getBooleanProperty("core.authorization.item-admin.cc-license",
true);
/**
* Are community admins allowed to create new, not strictly community
* related, group?
*
* @return
*/
public static boolean canCommunityAdminPerformGroupCreation()
{
return can_communityAdmin_group;
}
/**
* Are community admins allowed to create collections or subcommunities?
*
* @return
*/
public static boolean canCommunityAdminPerformSubelementCreation()
{
return can_communityAdmin_createSubelement;
}
/**
* Are community admins allowed to remove collections or subcommunities?
*
* @return
*/
public static boolean canCommunityAdminPerformSubelementDeletion()
{
return can_communityAdmin_deleteSubelement;
}
/**
* Are community admins allowed to manage the community's and
* subcommunities' policies?
*
* @return
*/
public static boolean canCommunityAdminManagePolicies()
{
return can_communityAdmin_policies;
}
/**
* Are community admins allowed to create/edit them community's and
* subcommunities' admin groups?
*
* @return
*/
public static boolean canCommunityAdminManageAdminGroup()
{
return can_communityAdmin_adminGroup;
}
/**
* Are community admins allowed to create/edit the community's and
* subcommunities' admin group?
*
* @return
*/
public static boolean canCommunityAdminManageCollectionPolicies()
{
return can_communityAdmin_collectionPolicies;
}
/**
* Are community admins allowed to manage the item template of them
* collections?
*
* @return
*/
public static boolean canCommunityAdminManageCollectionTemplateItem()
{
return can_communityAdmin_collectionTemplateItem;
}
/**
* Are community admins allowed to manage (create/edit/remove) the
* submitters group of them collections?
*
* @return
*/
public static boolean canCommunityAdminManageCollectionSubmitters()
{
return can_communityAdmin_collectionSubmitters;
}
/**
* Are community admins allowed to manage (create/edit/remove) the workflows
* group of them collections?
*
* @return
*/
public static boolean canCommunityAdminManageCollectionWorkflows()
{
return can_communityAdmin_collectionWorkflows;
}
/**
* Are community admins allowed to manage (create/edit/remove) the admin
* group of them collections?
*
* @return
*/
public static boolean canCommunityAdminManageCollectionAdminGroup()
{
return can_communityAdmin_collectionAdminGroup;
}
/**
* Are community admins allowed to remove an item from them collections?
*
* @return
*/
public static boolean canCommunityAdminPerformItemDeletion()
{
return can_communityAdmin_itemDelete;
}
/**
* Are community admins allowed to withdrawn an item from them collections?
*
* @return
*/
public static boolean canCommunityAdminPerformItemWithdrawn()
{
return can_communityAdmin_itemWithdraw;
}
/**
* Are community admins allowed to reinstatiate an item from them
* collections?
*
* @return
*/
public static boolean canCommunityAdminPerformItemReinstatiate()
{
return can_communityAdmin_itemReinstatiate;
}
/**
* Are community admins allowed to manage the policies of an item owned by
* one of them collections?
*
* @return
*/
public static boolean canCommunityAdminManageItemPolicies()
{
return can_communityAdmin_itemPolicies;
}
/**
* Are community admins allowed to add a bitstream to an item owned by one
* of them collections?
*
* @return
*/
public static boolean canCommunityAdminPerformBitstreamCreation()
{
return can_communityAdmin_itemCreateBitstream;
}
/**
* Are community admins allowed to remove a bitstream from an item owned by
* one of them collections?
*
* @return
*/
public static boolean canCommunityAdminPerformBitstreamDeletion()
{
return can_communityAdmin_itemDeleteBitstream;
}
/**
* Are community admins allowed to perform CC License replace or addition to
* an item owned by one of them collections?
*
* @return
*/
public static boolean canCommunityAdminManageCCLicense()
{
return can_communityAdmin_itemAdminccLicense;
}
/**
* Are collection admins allowed to manage the collection's policies?
*
* @return
*/
public static boolean canCollectionAdminManagePolicies()
{
return can_collectionAdmin_policies;
}
/**
* Are collection admins allowed to manage (create/edit/delete) the
* collection's item template?
*
* @return
*/
public static boolean canCollectionAdminManageTemplateItem()
{
return can_collectionAdmin_templateItem;
}
/**
* Are collection admins allowed to manage (create/edit/delete) the
* collection's submitters group?
*
* @return
*/
public static boolean canCollectionAdminManageSubmitters()
{
return can_collectionAdmin_submitters;
}
/**
* Are collection admins allowed to manage (create/edit/delete) the
* collection's workflows group?
*
* @return
*/
public static boolean canCollectionAdminManageWorkflows()
{
return can_collectionAdmin_workflows;
}
/**
* Are collection admins allowed to manage (create/edit) the collection's
* admins group?
*
* @return
*/
public static boolean canCollectionAdminManageAdminGroup()
{
return can_collectionAdmin_adminGroup;
}
/**
* Are collection admins allowed to remove an item from the collection?
*
* @return
*/
public static boolean canCollectionAdminPerformItemDeletion()
{
return can_collectionAdmin_itemDelete;
}
/**
* Are collection admins allowed to withdrawn an item from the collection?
*
* @return
*/
public static boolean canCollectionAdminPerformItemWithdrawn()
{
return can_collectionAdmin_itemWithdraw;
}
/**
* Are collection admins allowed to reinstatiate an item from the
* collection?
*
* @return
*/
public static boolean canCollectionAdminPerformItemReinstatiate()
{
return can_collectionAdmin_itemReinstatiate;
}
/**
* Are collection admins allowed to manage the policies of item owned by the
* collection?
*
* @return
*/
public static boolean canCollectionAdminManageItemPolicies()
{
return can_collectionAdmin_itemPolicies;
}
/**
* Are collection admins allowed to add a bitstream to an item owned by the
* collections?
*
* @return
*/
public static boolean canCollectionAdminPerformBitstreamCreation()
{
return can_collectionAdmin_itemCreateBitstream;
}
/**
* Are collection admins allowed to remove a bitstream from an item owned by
* the collections?
*
* @return
*/
public static boolean canCollectionAdminPerformBitstreamDeletion()
{
return can_collectionAdmin_itemDeleteBitstream;
}
/**
* Are collection admins allowed to replace or adding a CC License to an
* item owned by the collections?
*
* @return
*/
public static boolean canCollectionAdminManageCCLicense()
{
return can_collectionAdmin_itemAdminccLicense;
}
/**
* Are item admins allowed to manage the item's policies?
*
* @return
*/
public static boolean canItemAdminManagePolicies()
{
return can_itemAdmin_policies;
}
/**
* Are item admins allowed to add bitstreams to the item?
*
* @return
*/
public static boolean canItemAdminPerformBitstreamCreation()
{
return can_itemAdmin_createBitstream;
}
/**
* Are item admins allowed to remove bitstreams from the item?
*
* @return
*/
public static boolean canItemAdminPerformBitstreamDeletion()
{
return can_itemAdmin_deleteBitstream;
}
/**
* Are item admins allowed to replace or adding CC License to the item?
*
* @return
*/
public static boolean canItemAdminManageCCLicense()
{
return can_itemAdmin_ccLicense;
}
}

224
dspace-api/src/main/java/org/dspace/authorize/AuthorizeManager.java
View File

@@ -132,6 +132,30 @@ public class AuthorizeManager
*/ */
public static void authorizeAction(Context c, DSpaceObject o, int action) public static void authorizeAction(Context c, DSpaceObject o, int action)
throws AuthorizeException, SQLException throws AuthorizeException, SQLException
{
authorizeAction(c, o, action, true);
}
/**
* Checks that the context's current user can perform the given action on
* the given object. Throws an exception if the user is not authorized,
* otherwise the method call does nothing.
*
* @param c
* context
* @param o
* a DSpaceObject
* @param useInheritance
* flag to say if ADMIN action on the current object or parent
* object can be used
* @param action
* action to perform from <code>org.dspace.core.Constants</code>
*
* @throws AuthorizeException
* if the user is denied
*/
public static void authorizeAction(Context c, DSpaceObject o, int action, boolean useInheritance)
throws AuthorizeException, SQLException
{ {
if (o == null) if (o == null)
{ {
@@ -164,7 +188,7 @@ public class AuthorizeManager
+ actionText + " by user " + userid); + actionText + " by user " + userid);
} }
if (!authorize(c, o, action, c.getCurrentUser())) if (!authorize(c, o, action, c.getCurrentUser(), useInheritance))
{ {
// denied, assemble and throw exception // denied, assemble and throw exception
int otype = o.getType(); int otype = o.getType();
@@ -218,6 +242,30 @@ public class AuthorizeManager
*/ */
public static boolean authorizeActionBoolean(Context c, DSpaceObject o, public static boolean authorizeActionBoolean(Context c, DSpaceObject o,
int a) throws SQLException int a) throws SQLException
{
return authorizeActionBoolean(c, o, a, true);
}
/**
* same authorize, returns boolean for those who don't want to deal with
* catching exceptions.
*
* @param c
* DSpace context, containing current user
* @param o
* DSpaceObject
* @param a
* action being attempted, from
* <code>org.dspace.core.Constants</code>
* @param useInheritance
* flag to say if ADMIN action on the current object or parent
* object can be used
*
* @return <code>true</code> if the current user in the context is
* authorized to perform the given action on the given object
*/
public static boolean authorizeActionBoolean(Context c, DSpaceObject o,
int a, boolean useInheritance) throws SQLException
{ {
boolean isAuthorized = true; boolean isAuthorized = true;
@@ -228,7 +276,7 @@ public class AuthorizeManager
try try
{ {
authorizeAction(c, o, a); authorizeAction(c, o, a, useInheritance);
} }
catch (AuthorizeException e) catch (AuthorizeException e)
{ {
@@ -253,12 +301,15 @@ public class AuthorizeManager
* <code>org.dspace.core.Constants</code> * <code>org.dspace.core.Constants</code>
* @param e * @param e
* user attempting action * user attempting action
* @param useInheritance
* flag to say if ADMIN action on the current object or parent
* object can be used
* @return <code>true</code> if user is authorized to perform the given * @return <code>true</code> if user is authorized to perform the given
* action, <code>false</code> otherwise * action, <code>false</code> otherwise
* @throws SQLException * @throws SQLException
*/ */
private static boolean authorize(Context c, DSpaceObject o, int action, private static boolean authorize(Context c, DSpaceObject o, int action,
EPerson e) throws SQLException EPerson e, boolean useInheritance) throws SQLException
{ {
int userid; int userid;
@@ -285,7 +336,9 @@ public class AuthorizeManager
// perform isAdmin check to see // perform isAdmin check to see
// if user is an Admin on this object // if user is an Admin on this object
if (isAdmin(c,o)) DSpaceObject testObject = useInheritance?o.getAdminObject(action):null;
if (isAdmin(c, testObject))
{ {
return true; return true;
} }
@@ -319,19 +372,20 @@ public class AuthorizeManager
// admin check methods // admin check methods
/////////////////////////////////////////////// ///////////////////////////////////////////////
/** /**
* Check to see if the current user is an Administrator of a given * Check to see if the current user is an Administrator of a given object
* object within DSpace. Always return <code>true</code> if the * within DSpace. Always return <code>true</code> if the user is a System
* user is a System Admin * Admin
* *
* @param c * @param c
* current context * current context
* @param o * @param o
* current DSpace Object * current DSpace Object, if <code>null</code> the call will be
* equivalent to a call to the <code>isAdmin(Context c)</code>
* method
* *
* @return <code>true</code> if user has administrative privileges * @return <code>true</code> if user has administrative privileges on the
* on the given DSpace object * given DSpace object
*/ */
public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException { public static boolean isAdmin(Context c, DSpaceObject o) throws SQLException {
if (isAdmin(c)) if (isAdmin(c))
@@ -339,6 +393,11 @@ public class AuthorizeManager
return true; return true;
} }
if (o == null)
{
return false;
}
// //
// First, check all Resource Policies directly on this object // First, check all Resource Policies directly on this object
// //
@@ -365,152 +424,15 @@ public class AuthorizeManager
} }
} }
//
// If user doesn't have specific Admin permissions on this object, // If user doesn't have specific Admin permissions on this object,
// check the *parent* objects of this object. This allows Admin // check the *parent* objects of this object. This allows Admin
// permissions to be inherited automatically (e.g. Admin on Community // permissions to be inherited automatically (e.g. Admin on Community
// is also an Admin of all Collections/Items in that Community) // is also an Admin of all Collections/Items in that Community)
switch (o.getType()) { DSpaceObject parent = o.getParentObject();
case Constants.BITSTREAM: if (parent != null)
{ {
Bitstream bitstream = (Bitstream) o; return isAdmin(c, parent);
Bundle[] bundles = bitstream.getBundles();
if (bundles != null && (bundles.length > 0 && bundles[0] != null))
{
return isAdmin(c,bundles[0]);
} }
else
{
// is the bitstream a logo for a community or a collection?
TableRow qResult = DatabaseManager.querySingle(c,
"SELECT collection_id FROM collection " +
"WHERE logo_bitstream_id = ?",o.getID());
if (qResult != null)
{
Collection collection = Collection.find(c,qResult.getIntColumn("collection_id"));
return isAdmin(c,collection);
}
else
{
// is the group releated to a community?
qResult = DatabaseManager.querySingle(c,
"SELECT community_id FROM community " +
"WHERE logo_bitstream_id = ?",o.getID());
if (qResult != null)
{
Community community = Community.find(c,qResult.getIntColumn("community_id"));
return isAdmin(c,community);
}
else
{
return false;
}
}
}
}
case Constants.BUNDLE:
{
Bundle bundle = (Bundle) o;
Item[] items = bundle.getItems();
if (items != null && (items.length > 0 && items[0] != null))
{
return isAdmin(c,items[0]);
}
else
{
return false;
}
}
case Constants.ITEM:
{
Item item = (Item) o;
Collection ownCollection = item.getOwningCollection();
if (ownCollection != null)
{
return isAdmin(c,ownCollection);
}
else
{
// is a template item?
TableRow qResult = DatabaseManager.querySingle(c,
"SELECT collection_id FROM collection " +
"WHERE template_item_id = ?",o.getID());
if (qResult != null)
{
Collection collection = Collection.find(c,qResult.getIntColumn("collection_id"));
return isAdmin(c,collection);
}
return false;
}
}
case Constants.COLLECTION:
{
Collection collection = (Collection) o;
Community[] communities = collection.getCommunities();
if (communities != null && (communities.length > 0 && communities[0] != null))
{
return isAdmin(c,communities[0]);
}
else
{
return false;
}
}
case Constants.COMMUNITY:
{
Community community = (Community) o;
Community pCommunity = community.getParentCommunity();
if (pCommunity != null)
{
return isAdmin(c,pCommunity);
}
else
{
return false;
}
}
case Constants.GROUP:
{
// is the group releated to a collection?
TableRow qResult = DatabaseManager.querySingle(c,
"SELECT collection_id FROM collection " +
"WHERE workflow_step_1 = ? OR " +
" workflow_step_2 = ? OR " +
" workflow_step_3 = ? OR " +
" submitter = ? OR " +
" admin = ?",o.getID(),o.getID(),o.getID(),o.getID(),o.getID());
if (qResult != null)
{
Collection collection = Collection.find(c,qResult.getIntColumn("collection_id"));
return isAdmin(c,collection);
}
else
{ // is the group releated to a community?
qResult = DatabaseManager.querySingle(c,
"SELECT community_id FROM community " +
"WHERE admin = ?",o.getID());
if (qResult != null)
{
Community community = Community.find(c,qResult.getIntColumn("community_id"));
return isAdmin(c,community);
}
else
{
return false;
}
}
}
}
return false; return false;
} }

47
dspace-api/src/main/java/org/dspace/content/Bitstream.java
View File

@@ -640,4 +640,51 @@ public class Bitstream extends DSpaceObject
public int getStoreNumber() { public int getStoreNumber() {
return bRow.getIntColumn("store_number"); return bRow.getIntColumn("store_number");
} }
public DSpaceObject getParentObject() throws SQLException
{
Bundle[] bundles = getBundles();
if (bundles != null && (bundles.length > 0 && bundles[0] != null))
{
// the ADMIN action is not allowed on Bundle object so skip to the item
Item[] items = bundles[0].getItems();
if (items != null && items.length > 0)
{
return items[0];
}
else
{
return null;
}
}
else
{
// is the bitstream a logo for a community or a collection?
TableRow qResult = DatabaseManager.querySingle(bContext,
"SELECT collection_id FROM collection " +
"WHERE logo_bitstream_id = ?",getID());
if (qResult != null)
{
Collection collection = Collection.find(bContext,qResult.getIntColumn("collection_id"));
return collection;
}
else
{
// is the bitstream related to a community?
qResult = DatabaseManager.querySingle(bContext,
"SELECT community_id FROM community " +
"WHERE logo_bitstream_id = ?",getID());
if (qResult != null)
{
Community community = Community.find(bContext,qResult.getIntColumn("community_id"));
return community;
}
else
{
return null;
}
}
}
}
} }

76
dspace-api/src/main/java/org/dspace/content/Bundle.java
View File

@@ -46,6 +46,7 @@ import java.util.List;
import java.util.ListIterator; import java.util.ListIterator;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy; import org.dspace.authorize.ResourcePolicy;
@@ -657,4 +658,79 @@ public class Bundle extends DSpaceObject
AuthorizeManager.removeAllPolicies(ourContext, this); AuthorizeManager.removeAllPolicies(ourContext, this);
AuthorizeManager.addPolicies(ourContext, newpolicies, this); AuthorizeManager.addPolicies(ourContext, newpolicies, this);
} }
public DSpaceObject getAdminObject(int action) throws SQLException
{
DSpaceObject adminObject = null;
Item[] items = getItems();
Item item = null;
Collection collection = null;
Community community = null;
if (items != null && items.length > 0)
{
item = items[0];
collection = item.getOwningCollection();
if (collection != null)
{
Community[] communities = collection.getCommunities();
if (communities != null && communities.length > 0)
{
community = communities[0];
}
}
}
switch (action)
{
case Constants.REMOVE:
if (AuthorizeConfiguration.canItemAdminPerformBitstreamDeletion())
{
adminObject = item;
}
else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamDeletion())
{
adminObject = collection;
}
else if (AuthorizeConfiguration
.canCommunityAdminPerformBitstreamDeletion())
{
adminObject = community;
}
break;
case Constants.ADD:
if (AuthorizeConfiguration.canItemAdminPerformBitstreamCreation())
{
adminObject = item;
}
else if (AuthorizeConfiguration
.canCollectionAdminPerformBitstreamCreation())
{
adminObject = collection;
}
else if (AuthorizeConfiguration
.canCommunityAdminPerformBitstreamCreation())
{
adminObject = community;
}
break;
default:
adminObject = this;
break;
}
return adminObject;
}
public DSpaceObject getParentObject() throws SQLException
{
Item[] items = getItems();
if (items != null && (items.length > 0 && items[0] != null))
{
return items[0];
}
else
{
return null;
}
}
} }

153
dspace-api/src/main/java/org/dspace/content/Collection.java
View File

@@ -47,6 +47,8 @@ import java.util.List;
import java.util.MissingResourceException; import java.util.MissingResourceException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy; import org.dspace.authorize.ResourcePolicy;
@@ -486,7 +488,7 @@ public class Collection extends DSpaceObject
if (!((is == null) && AuthorizeManager.authorizeActionBoolean( if (!((is == null) && AuthorizeManager.authorizeActionBoolean(
ourContext, this, Constants.DELETE))) ourContext, this, Constants.DELETE)))
{ {
canEdit(); canEdit(true);
} }
// First, delete any existing logo // First, delete any existing logo
@@ -541,8 +543,8 @@ public class Collection extends DSpaceObject
public Group createWorkflowGroup(int step) throws SQLException, public Group createWorkflowGroup(int step) throws SQLException,
AuthorizeException AuthorizeException
{ {
// Check authorisation - Must be an Admin to create Submitters Group // Check authorisation - Must be an Admin to create Workflow Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); AuthorizeUtil.authorizeManageWorkflowsGroup(ourContext, this);
if (workflowGroup[step - 1] == null) if (workflowGroup[step - 1] == null)
{ {
@@ -614,7 +616,7 @@ public class Collection extends DSpaceObject
public Group createSubmitters() throws SQLException, AuthorizeException public Group createSubmitters() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to create Submitters Group // Check authorisation - Must be an Admin to create Submitters Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); AuthorizeUtil.authorizeManageSubmittersGroup(ourContext, this);
if (submitters == null) if (submitters == null)
{ {
@@ -645,7 +647,7 @@ public class Collection extends DSpaceObject
public void removeSubmitters() throws SQLException, AuthorizeException public void removeSubmitters() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to delete Submitters Group // Check authorisation - Must be an Admin to delete Submitters Group
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); AuthorizeUtil.authorizeManageSubmittersGroup(ourContext, this);
// just return if there is no administrative group. // just return if there is no administrative group.
if (submitters == null) if (submitters == null)
@@ -687,7 +689,7 @@ public class Collection extends DSpaceObject
public Group createAdministrators() throws SQLException, AuthorizeException public Group createAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to create more Admins // Check authorisation - Must be an Admin to create more Admins
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); AuthorizeUtil.authorizeManageAdminGroup(ourContext, this);
if (admins == null) if (admins == null)
{ {
@@ -706,13 +708,6 @@ public class Collection extends DSpaceObject
// register this as the admin group // register this as the admin group
collectionRow.setColumn("admin", admins.getID()); collectionRow.setColumn("admin", admins.getID());
// administrators also get ADD on the submitter group
if (submitters != null)
{
AuthorizeManager.addPolicy(ourContext, submitters, Constants.ADD,
admins);
}
modified = true; modified = true;
return admins; return admins;
} }
@@ -726,19 +721,7 @@ public class Collection extends DSpaceObject
public void removeAdministrators() throws SQLException, AuthorizeException public void removeAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin of the parent community to delete Admin Group // Check authorisation - Must be an Admin of the parent community to delete Admin Group
Community[] parentCommunities = getCommunities(); AuthorizeUtil.authorizeRemoveAdminGroup(ourContext, this);
if (parentCommunities != null && parentCommunities.length > 0)
{
AuthorizeManager.authorizeAction(ourContext, this.getCommunities()[0], Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(ourContext))
{
// this should never happen, a collection should always have at least one parent community!
// anyway...
throw new AuthorizeException(
"Only system admin can remove the admin group of a collection outside any community",
this, Constants.ADMIN);
}
// just return if there is no administrative group. // just return if there is no administrative group.
if (admins == null) if (admins == null)
@@ -847,7 +830,7 @@ public class Collection extends DSpaceObject
public void createTemplateItem() throws SQLException, AuthorizeException public void createTemplateItem() throws SQLException, AuthorizeException
{ {
// Check authorisation // Check authorisation
canEdit(); AuthorizeUtil.authorizeManageTemplateItem(ourContext, this);
if (template == null) if (template == null)
{ {
@@ -876,7 +859,7 @@ public class Collection extends DSpaceObject
IOException IOException
{ {
// Check authorisation // Check authorisation
canEdit(); AuthorizeUtil.authorizeManageTemplateItem(ourContext, this);
collectionRow.setColumnNull("template_item_id"); collectionRow.setColumnNull("template_item_id");
DatabaseManager.update(ourContext, collectionRow); DatabaseManager.update(ourContext, collectionRow);
@@ -938,6 +921,17 @@ public class Collection extends DSpaceObject
// Check authorisation // Check authorisation
AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE); AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE);
// will be the item an orphan?
TableRow row = DatabaseManager.querySingle(ourContext,
"SELECT COUNT(DISTINCT collection_id) AS num FROM collection2item WHERE item_id= ? ",
item.getID());
DatabaseManager.setConstraintDeferred(ourContext, "coll2item_item_fk");
if (row.getLongColumn("num") == 1)
{
// Orphan; delete it
item.delete();
}
log.info(LogManager.getHeader(ourContext, "remove_item", log.info(LogManager.getHeader(ourContext, "remove_item",
"collection_id=" + getID() + ",item_id=" + item.getID())); "collection_id=" + getID() + ",item_id=" + item.getID()));
@@ -945,39 +939,9 @@ public class Collection extends DSpaceObject
"DELETE FROM collection2item WHERE collection_id= ? "+ "DELETE FROM collection2item WHERE collection_id= ? "+
"AND item_id= ? ", "AND item_id= ? ",
getID(), item.getID()); getID(), item.getID());
DatabaseManager.setConstraintImmediate(ourContext, "coll2item_item_fk");
ourContext.addEvent(new Event(Event.REMOVE, Constants.COLLECTION, getID(), Constants.ITEM, item.getID(), item.getHandle())); ourContext.addEvent(new Event(Event.REMOVE, Constants.COLLECTION, getID(), Constants.ITEM, item.getID(), item.getHandle()));
// Is the item an orphan?
TableRowIterator tri = DatabaseManager.query(ourContext,
"SELECT * FROM collection2item WHERE item_id= ? ",
item.getID());
try
{
if (!tri.hasNext())
{
//make the right to remove the item explicit because the implicit
// relation
//has been removed. This only has to concern the currentUser
// because
//he started the removal process and he will end it too.
//also add right to remove from the item to remove it's bundles.
AuthorizeManager.addPolicy(ourContext, item, Constants.DELETE,
ourContext.getCurrentUser());
AuthorizeManager.addPolicy(ourContext, item, Constants.REMOVE,
ourContext.getCurrentUser());
// Orphan; delete it
item.delete();
}
}
finally
{
// close the TableRowIterator to free up resources
if (tri != null)
tri.close();
}
} }
/** /**
@@ -991,7 +955,7 @@ public class Collection extends DSpaceObject
public void update() throws SQLException, IOException, AuthorizeException public void update() throws SQLException, IOException, AuthorizeException
{ {
// Check authorisation // Check authorisation
canEdit(); canEdit(true);
log.info(LogManager.getHeader(ourContext, "update_collection", log.info(LogManager.getHeader(ourContext, "update_collection",
"collection_id=" + getID())); "collection_id=" + getID()));
@@ -1012,10 +976,15 @@ public class Collection extends DSpaceObject
} }
public boolean canEditBoolean() throws java.sql.SQLException public boolean canEditBoolean() throws java.sql.SQLException
{
return canEditBoolean(true);
}
public boolean canEditBoolean(boolean useInheritance) throws java.sql.SQLException
{ {
try try
{ {
canEdit(); canEdit(useInheritance);
return true; return true;
} }
@@ -1026,26 +995,30 @@ public class Collection extends DSpaceObject
} }
public void canEdit() throws AuthorizeException, SQLException public void canEdit() throws AuthorizeException, SQLException
{
canEdit(true);
}
public void canEdit(boolean useInheritance) throws AuthorizeException, SQLException
{ {
Community[] parents = getCommunities(); Community[] parents = getCommunities();
for (int i = 0; i < parents.length; i++) for (int i = 0; i < parents.length; i++)
{ {
if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i], if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i],
Constants.WRITE)) Constants.WRITE, useInheritance))
{ {
return; return;
} }
if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i], if (AuthorizeManager.authorizeActionBoolean(ourContext, parents[i],
Constants.ADD)) Constants.ADD, useInheritance))
{ {
return; return;
} }
} }
AuthorizeManager.authorizeAnyOf(ourContext, this, new int[] { AuthorizeManager.authorizeAction(ourContext, this, Constants.WRITE, useInheritance);
Constants.WRITE, Constants.ADMIN });
} }
/** /**
@@ -1400,4 +1373,54 @@ public class Collection extends DSpaceObject
return itemcount; return itemcount;
} }
public DSpaceObject getAdminObject(int action) throws SQLException
{
DSpaceObject adminObject = null;
Community community = null;
Community[] communities = getCommunities();
if (communities != null && communities.length > 0)
{
community = communities[0];
}
switch (action)
{
case Constants.REMOVE:
if (AuthorizeConfiguration.canCollectionAdminPerformItemDeletion())
{
adminObject = this;
}
else if (AuthorizeConfiguration.canCommunityAdminPerformItemDeletion())
{
adminObject = community;
}
break;
case Constants.DELETE:
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion())
{
adminObject = community;
}
break;
default:
adminObject = this;
break;
}
return adminObject;
}
@Override
public DSpaceObject getParentObject() throws SQLException
{
Community[] communities = this.getCommunities();
if (communities != null && (communities.length > 0 && communities[0] != null))
{
return communities[0];
}
else
{
return null;
}
}
} }

158
dspace-api/src/main/java/org/dspace/content/Community.java
View File

@@ -45,6 +45,8 @@ import java.util.List;
import java.util.MissingResourceException; import java.util.MissingResourceException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy; import org.dspace.authorize.ResourcePolicy;
@@ -525,7 +527,7 @@ public class Community extends DSpaceObject
public Group createAdministrators() throws SQLException, AuthorizeException public Group createAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin to create more Admins // Check authorisation - Must be an Admin to create more Admins
AuthorizeManager.authorizeAction(ourContext, this, Constants.ADMIN); AuthorizeUtil.authorizeManageAdminGroup(ourContext, this);
if (admins == null) if (admins == null)
{ {
@@ -556,17 +558,7 @@ public class Community extends DSpaceObject
public void removeAdministrators() throws SQLException, AuthorizeException public void removeAdministrators() throws SQLException, AuthorizeException
{ {
// Check authorisation - Must be an Admin of the parent community (or system admin) to delete Admin group // Check authorisation - Must be an Admin of the parent community (or system admin) to delete Admin group
Community parentCommunity = getParentCommunity(); AuthorizeUtil.authorizeRemoveAdminGroup(ourContext, this);
if (parentCommunity != null)
{
AuthorizeManager.authorizeAction(ourContext, parentCommunity, Constants.ADMIN);
}
else if (!AuthorizeManager.isAdmin(ourContext))
{
throw new AuthorizeException(
"Only system admin can remove the admin group of a top community",
this, Constants.ADMIN);
}
// just return if there is no administrative group. // just return if there is no administrative group.
if (admins == null) if (admins == null)
@@ -913,6 +905,18 @@ public class Community extends DSpaceObject
// Check authorisation // Check authorisation
AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE); AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE);
// will be the collection an orphan?
TableRow trow = DatabaseManager.querySingle(ourContext,
"SELECT COUNT(DISTINCT community_id) AS num FROM community2collection WHERE collection_id= ? ",
c.getID());
DatabaseManager.setConstraintDeferred(ourContext, "comm2coll_collection_fk");
if (trow.getLongColumn("num") == 1)
{
// Orphan; delete it
c.delete();
}
log.info(LogManager.getHeader(ourContext, "remove_collection", log.info(LogManager.getHeader(ourContext, "remove_collection",
"community_id=" + getID() + ",collection_id=" + c.getID())); "community_id=" + getID() + ",collection_id=" + c.getID()));
@@ -921,37 +925,9 @@ public class Community extends DSpaceObject
"DELETE FROM community2collection WHERE community_id= ? "+ "DELETE FROM community2collection WHERE community_id= ? "+
"AND collection_id= ? ", getID(), c.getID()); "AND collection_id= ? ", getID(), c.getID());
DatabaseManager.setConstraintImmediate(ourContext, "comm2coll_collection_fk");
ourContext.addEvent(new Event(Event.REMOVE, Constants.COMMUNITY, getID(), Constants.COLLECTION, c.getID(), c.getHandle())); ourContext.addEvent(new Event(Event.REMOVE, Constants.COMMUNITY, getID(), Constants.COLLECTION, c.getID(), c.getHandle()));
// Is the community an orphan?
TableRowIterator tri = DatabaseManager.query(ourContext,
"SELECT * FROM community2collection WHERE collection_id= ? ",
c.getID());
try
{
if (!tri.hasNext())
{
//make the right to remove the collection explicit because the
// implicit relation
//has been removed. This only has to concern the currentUser
// because
//he started the removal process and he will end it too.
//also add right to remove from the collection to remove it's
// items.
AuthorizeManager.addPolicy(ourContext, c, Constants.ADMIN,
ourContext.getCurrentUser());
// Orphan; delete it
c.delete();
}
}
finally
{
// close the TableRowIterator to free up resources
if (tri != null)
tri.close();
}
} }
/** /**
@@ -966,6 +942,18 @@ public class Community extends DSpaceObject
// Check authorisation // Check authorisation
AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE); AuthorizeManager.authorizeAction(ourContext, this, Constants.REMOVE);
// will be the subcommunity an orphan?
TableRow trow = DatabaseManager.querySingle(ourContext,
"SELECT COUNT(DISTINCT parent_comm_id) AS num FROM community2community WHERE child_comm_id= ? ",
c.getID());
DatabaseManager.setConstraintDeferred(ourContext, "com2com_child_fk");
if (trow.getLongColumn("num") == 1)
{
// Orphan; delete it
c.rawDelete();
}
log.info(LogManager.getHeader(ourContext, "remove_subcommunity", log.info(LogManager.getHeader(ourContext, "remove_subcommunity",
"parent_comm_id=" + getID() + ",child_comm_id=" + c.getID())); "parent_comm_id=" + getID() + ",child_comm_id=" + c.getID()));
@@ -976,37 +964,7 @@ public class Community extends DSpaceObject
ourContext.addEvent(new Event(Event.REMOVE, Constants.COMMUNITY, getID(), Constants.COMMUNITY, c.getID(), c.getHandle())); ourContext.addEvent(new Event(Event.REMOVE, Constants.COMMUNITY, getID(), Constants.COMMUNITY, c.getID(), c.getHandle()));
// Is the subcommunity an orphan? DatabaseManager.setConstraintImmediate(ourContext, "com2com_child_fk");
TableRowIterator tri = DatabaseManager.query(ourContext,
"SELECT * FROM community2community WHERE child_comm_id= ? ",
c.getID());
try
{
if (!tri.hasNext())
{
//make the right to remove the sub explicit because the implicit
// relation
//has been removed. This only has to concern the currentUser
// because
//he started the removal process and he will end it too.
//also add right to remove from the subcommunity to remove it's
// children.
AuthorizeManager.addPolicy(ourContext, c, Constants.DELETE,
ourContext.getCurrentUser());
AuthorizeManager.addPolicy(ourContext, c, Constants.REMOVE,
ourContext.getCurrentUser());
// Orphan; delete it
c.delete();
}
}
finally
{
// close the TableRowIterator to free up resources
if (tri != null)
tri.close();
}
} }
/** /**
@@ -1030,7 +988,7 @@ public class Community extends DSpaceObject
} }
// If not a top-level community, have parent remove me; this // If not a top-level community, have parent remove me; this
// will call delete() after removing the linkage // will call rawDelete() before removing the linkage
Community parent = getParentCommunity(); Community parent = getParentCommunity();
if (parent != null) if (parent != null)
@@ -1040,6 +998,14 @@ public class Community extends DSpaceObject
return; return;
} }
rawDelete();
}
/**
* Internal method to remove the community and all its childs from the database without aware of eventually parent
*/
private void rawDelete() throws SQLException, AuthorizeException, IOException
{
log.info(LogManager.getHeader(ourContext, "delete_community", log.info(LogManager.getHeader(ourContext, "delete_community",
"community_id=" + getID())); "community_id=" + getID()));
@@ -1205,4 +1171,48 @@ public class Community extends DSpaceObject
} }
return total; return total;
} }
public DSpaceObject getAdminObject(int action) throws SQLException
{
DSpaceObject adminObject = null;
switch (action)
{
case Constants.REMOVE:
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion())
{
adminObject = this;
}
break;
case Constants.DELETE:
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion())
{
adminObject = getParentCommunity();
}
break;
case Constants.ADD:
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementCreation())
{
adminObject = this;
}
break;
default:
adminObject = this;
break;
}
return adminObject;
}
public DSpaceObject getParentObject() throws SQLException
{
Community pCommunity = getParentCommunity();
if (pCommunity != null)
{
return pCommunity;
}
else
{
return null;
}
}
} }

46
dspace-api/src/main/java/org/dspace/content/DSpaceObject.java
View File

@@ -141,4 +141,50 @@ public abstract class DSpaceObject
} }
return null; return null;
} }
/**
* Return the dspace object where an ADMIN action right is sufficient to
* grant the initial authorize check.
* <p>
* Default behaviour is ADMIN right on the object grant right on all other
* action on the object itself. Subclass should override this method as
* need.
*
* @param action
* ID of action being attempted, from
* <code>org.dspace.core.Constants</code>. The ADMIN action is
* not a valid parameter for this method, an
* IllegalArgumentException should be thrown
* @return the dspace object, if any, where an ADMIN action is sufficient to
* grant the original action
* @throws SQLException
* @throws IllegalArgumentException
* if the ADMIN action is supplied as parameter of the method
* call
*/
public DSpaceObject getAdminObject(int action) throws SQLException
{
if (action == Constants.ADMIN)
{
throw new IllegalArgumentException("Illegal call to the DSpaceObject.getAdminObject method");
}
return this;
}
/**
* Return the dspace object that "own" the current object in the hierarchy.
* Note that this method has a meaning slightly different from the
* getAdminObject because it is independent of the action but it is in a way
* related to it. It defines the "first" dspace object <b>OTHER</b> then the
* current one, where allowed ADMIN actions imply allowed ADMIN actions on
* the object self.
*
* @return the dspace object that "own" the current object in
* the hierarchy
* @throws SQLException
*/
public DSpaceObject getParentObject() throws SQLException
{
return null;
}
} }

171
dspace-api/src/main/java/org/dspace/content/Item.java
View File

@@ -50,6 +50,8 @@ import java.util.Map;
import java.util.StringTokenizer; import java.util.StringTokenizer;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.authorize.ResourcePolicy; import org.dspace.authorize.ResourcePolicy;
@@ -1696,6 +1698,10 @@ public class Item extends DSpaceObject
{ {
String timestamp = DCDate.getCurrent().toString(); String timestamp = DCDate.getCurrent().toString();
// Check permission. User either has to have REMOVE on owning collection
// or be COLLECTION_EDITOR of owning collection
AuthorizeUtil.authorizeWithdrawItem(ourContext, this);
// Build some provenance data while we're at it. // Build some provenance data while we're at it.
String collectionProv = ""; String collectionProv = "";
Collection[] colls = getCollections(); Collection[] colls = getCollections();
@@ -1706,21 +1712,6 @@ public class Item extends DSpaceObject
+ " (ID: " + colls[i].getID() + ")\n"; + " (ID: " + colls[i].getID() + ")\n";
} }
// Check permission. User either has to have REMOVE on owning collection
// or be COLLECTION_EDITOR of owning collection
if (AuthorizeManager.authorizeActionBoolean(ourContext,
getOwningCollection(), Constants.ADMIN)
|| AuthorizeManager.authorizeActionBoolean(ourContext,
getOwningCollection(), Constants.REMOVE))
{
// authorized
}
else
{
throw new AuthorizeException(
"To withdraw item must be COLLECTION_ADMIN or have REMOVE authorization on owning Collection");
}
// Set withdrawn flag. timestamp will be set; last_modified in update() // Set withdrawn flag. timestamp will be set; last_modified in update()
itemRow.setColumn("withdrawn", true); itemRow.setColumn("withdrawn", true);
@@ -1768,12 +1759,13 @@ public class Item extends DSpaceObject
String collectionProv = ""; String collectionProv = "";
Collection[] colls = getCollections(); Collection[] colls = getCollections();
// check authorization
AuthorizeUtil.authorizeReinstateItem(ourContext, this);
for (int i = 0; i < colls.length; i++) for (int i = 0; i < colls.length; i++)
{ {
collectionProv = collectionProv + colls[i].getMetadata("name") collectionProv = collectionProv + colls[i].getMetadata("name")
+ " (ID: " + colls[i].getID() + ")\n"; + " (ID: " + colls[i].getID() + ")\n";
AuthorizeManager.authorizeAction(ourContext, colls[i],
Constants.ADD);
} }
// Clear withdrawn flag // Clear withdrawn flag
@@ -2250,20 +2242,14 @@ public class Item extends DSpaceObject
} }
// is this person an COLLECTION_EDITOR for the owning collection? // is this person an COLLECTION_EDITOR for the owning collection?
if (getOwningCollection().canEditBoolean()) if (getOwningCollection().canEditBoolean(false))
{
return true;
}
// is this person an COLLECTION_EDITOR for the owning collection?
if (AuthorizeManager.authorizeActionBoolean(ourContext,
getOwningCollection(), Constants.ADMIN))
{ {
return true; return true;
} }
return false; return false;
} }
public String getName() public String getName()
{ {
DCValue t[] = getMetadata("dc", "title", null, Item.ANY); DCValue t[] = getMetadata("dc", "title", null, Item.ANY);
@@ -2310,4 +2296,139 @@ public class Item extends DSpaceObject
return new ItemIterator(context, rows); return new ItemIterator(context, rows);
} }
public DSpaceObject getAdminObject(int action) throws SQLException
{
DSpaceObject adminObject = null;
Collection collection = getOwningCollection();
Community community = null;
if (collection != null)
{
Community[] communities = collection.getCommunities();
if (communities != null && communities.length > 0)
{
community = communities[0];
}
}
else
{
// is a template item?
TableRow qResult = DatabaseManager.querySingle(ourContext,
"SELECT collection_id FROM collection " +
"WHERE template_item_id = ?",getID());
if (qResult != null)
{
collection = Collection.find(ourContext, qResult.getIntColumn("collection_id"));
Community[] communities = collection.getCommunities();
if (communities != null && communities.length > 0)
{
community = communities[0];
}
}
}
switch (action)
{
case Constants.ADD:
// ADD a cc license is less general then add a bitstream but we can't/wan't
// add complex logic here to know if the ADD action on the item is required by a cc or
// a generic bitstream so simply we ignore it.. UI need to enforce the requirements.
if (AuthorizeConfiguration.canItemAdminPerformBitstreamCreation())
{
adminObject = this;
}
else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamCreation())
{
adminObject = collection;
}
else if (AuthorizeConfiguration.canCommunityAdminPerformBitstreamCreation())
{
adminObject = community;
}
break;
case Constants.REMOVE:
// see comments on ADD action, same things...
if (AuthorizeConfiguration.canItemAdminPerformBitstreamDeletion())
{
adminObject = this;
}
else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamDeletion())
{
adminObject = collection;
}
else if (AuthorizeConfiguration.canCommunityAdminPerformBitstreamDeletion())
{
adminObject = community;
}
break;
case Constants.DELETE:
if (getOwningCollection() != null)
{
if (AuthorizeConfiguration.canCollectionAdminPerformItemDeletion())
{
adminObject = collection;
}
else if (AuthorizeConfiguration.canCommunityAdminPerformItemDeletion())
{
adminObject = community;
}
}
else
{
if (AuthorizeConfiguration.canCollectionAdminManageTemplateItem())
{
adminObject = collection;
}
else if (AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem())
{
adminObject = community;
}
}
break;
case Constants.WRITE:
// if it is a template item we need to check the
// collection/community admin configuration
if (getOwningCollection() == null)
{
if (AuthorizeConfiguration.canCollectionAdminManageTemplateItem())
{
adminObject = collection;
}
else if (AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem())
{
adminObject = community;
}
}
else
{
adminObject = this;
}
break;
default:
adminObject = this;
break;
}
return adminObject;
}
public DSpaceObject getParentObject() throws SQLException
{
Collection ownCollection = getOwningCollection();
if (ownCollection != null)
{
return ownCollection;
}
else
{
// is a template item?
TableRow qResult = DatabaseManager.querySingle(ourContext,
"SELECT collection_id FROM collection " +
"WHERE template_item_id = ?",getID());
if (qResult != null)
{
Collection collection = Collection.find(ourContext,qResult.getIntColumn("collection_id"));
return collection;
}
return null;
}
}
} }

2
dspace-api/src/main/java/org/dspace/core/Constants.java
View File

@@ -205,7 +205,7 @@ public class Constants
0, // 8 - WORKFLOW_ABORT 0, // 8 - WORKFLOW_ABORT
RCOLLECTION, // 9 - DEFAULT_BITSTREAM_READ RCOLLECTION, // 9 - DEFAULT_BITSTREAM_READ
RCOLLECTION, // 10 - DEFAULT_ITEM_READ RCOLLECTION, // 10 - DEFAULT_ITEM_READ
RBUNDLE | RITEM | RCOLLECTION | RCOMMUNITY // 11 - ADMIN RITEM | RCOLLECTION | RCOMMUNITY // 11 - ADMIN
}; };
public static final String DEFAULT_ENCODING = "UTF-8"; public static final String DEFAULT_ENCODING = "UTF-8";

91
dspace-api/src/main/java/org/dspace/eperson/Group.java
View File

@@ -48,8 +48,12 @@ import java.util.Set;
import java.io.IOException; import java.io.IOException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.DSpaceObject; import org.dspace.content.DSpaceObject;
import org.dspace.core.ConfigurationManager; import org.dspace.core.ConfigurationManager;
import org.dspace.core.Constants; import org.dspace.core.Constants;
@@ -1325,4 +1329,91 @@ public class Group extends DSpaceObject
return myChildren; return myChildren;
} }
public DSpaceObject getParentObject() throws SQLException
{
// could a collection/community admin manage related groups?
// check before the configuration options could give a performance gain
// if all group management are disallowed
if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()
|| AuthorizeConfiguration.canCollectionAdminManageSubmitters()
|| AuthorizeConfiguration.canCollectionAdminManageWorkflows()
|| AuthorizeConfiguration.canCommunityAdminManageAdminGroup()
|| AuthorizeConfiguration
.canCommunityAdminManageCollectionAdminGroup()
|| AuthorizeConfiguration
.canCommunityAdminManageCollectionSubmitters()
|| AuthorizeConfiguration
.canCommunityAdminManageCollectionWorkflows())
{
// is this a collection related group?
TableRow qResult = DatabaseManager
.querySingle(
myContext,
"SELECT collection_id, workflow_step_1, workflow_step_2, " +
" workflow_step_3, submitter, admin FROM collection "
+ " WHERE workflow_step_1 = ? OR "
+ " workflow_step_2 = ? OR "
+ " workflow_step_3 = ? OR "
+ " submitter = ? OR " + " admin = ?",
getID(), getID(), getID(), getID(), getID());
if (qResult != null)
{
Collection collection = Collection.find(myContext, qResult
.getIntColumn("collection_id"));
if ((qResult.getIntColumn("workflow_step_1") == getID() ||
qResult.getIntColumn("workflow_step_2") == getID() ||
qResult.getIntColumn("workflow_step_3") == getID()))
{
if (AuthorizeConfiguration.canCollectionAdminManageWorkflows())
{
return collection;
}
else if (AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows())
{
return collection.getParentObject();
}
}
if (qResult.getIntColumn("submitter") == getID())
{
if (AuthorizeConfiguration.canCollectionAdminManageSubmitters())
{
return collection;
}
else if (AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters())
{
return collection.getParentObject();
}
}
if (qResult.getIntColumn("admin") == getID())
{
if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup())
{
return collection;
}
else if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup())
{
return collection.getParentObject();
}
}
}
// is the group releated to a community and community admin allowed
// to manage it?
else if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup())
{
qResult = DatabaseManager.querySingle(myContext,
"SELECT community_id FROM community "
+ "WHERE admin = ?", getID());
if (qResult != null)
{
Community community = Community.find(myContext, qResult
.getIntColumn("community_id"));
return community;
}
}
}
return null;
}
} }

70
dspace-api/src/main/java/org/dspace/storage/rdbms/DatabaseManager.java
View File

@@ -125,6 +125,76 @@ public class DatabaseManager
{ {
} }
/**
* Set the constraint check to deferred (commit time)
*
* @param context
* The context object
* @param constraintName
* the constraint name to deferred
* @throws SQLException
*/
public static void setConstraintDeferred(Context context,
String constraintName) throws SQLException
{
Statement statement = null;
try
{
statement = context.getDBConnection().createStatement();
statement
.execute("SET CONSTRAINTS " + constraintName + " DEFERRED");
statement.close();
}
finally
{
if (statement != null)
{
try
{
statement.close();
}
catch (SQLException sqle)
{
}
}
}
}
/**
* Set the constraint check to immediate (every query)
*
* @param context
* The context object
* @param constraintName
* the constraint name to check immediately after every query
* @throws SQLException
*/
public static void setConstraintImmediate(Context context,
String constraintName) throws SQLException
{
Statement statement = null;
try
{
statement = context.getDBConnection().createStatement();
statement.execute("SET CONSTRAINTS " + constraintName
+ " IMMEDIATE");
statement.close();
}
finally
{
if (statement != null)
{
try
{
statement.close();
}
catch (SQLException sqle)
{
}
}
}
}
/** /**
* Return an iterator with the results of the query. The table parameter * Return an iterator with the results of the query. The table parameter
* indicates the type of result. If table is null, the column names are read * indicates the type of result. If table is null, the column names are read

1
dspace-api/src/main/resources/Messages.properties
View File

@@ -1077,6 +1077,7 @@ jsp.tools.edit-community.button.delete = Delete this Co
jsp.tools.edit-community.form.button.add-logo = Upload new logo... jsp.tools.edit-community.form.button.add-logo = Upload new logo...
jsp.tools.edit-community.form.button.cancel = Cancel jsp.tools.edit-community.form.button.cancel = Cancel
jsp.tools.edit-community.form.button.create = Create jsp.tools.edit-community.form.button.create = Create
jsp.tools.edit-community.form.button.remove = Remove
jsp.tools.edit-community.form.button.delete-logo = Delete (no logo) jsp.tools.edit-community.form.button.delete-logo = Delete (no logo)
jsp.tools.edit-community.form.button.edit = Edit... jsp.tools.edit-community.form.button.edit = Edit...
jsp.tools.edit-community.form.button.set-logo = Upload a logo... jsp.tools.edit-community.form.button.set-logo = Upload a logo...

2
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/HandleServlet.java
View File

@@ -546,7 +546,7 @@ public class HandleServlet extends DSpaceServlet
subscribed = Subscribe.isSubscribed(context, e, collection); subscribed = Subscribe.isSubscribed(context, e, collection);
// is the user a COLLECTION_EDITOR? // is the user a COLLECTION_EDITOR?
if (collection.canEditBoolean()) if (collection.canEditBoolean(true))
{ {
// set a variable to create an edit button // set a variable to create an edit button
request.setAttribute("editor_button", new Boolean(true)); request.setAttribute("editor_button", new Boolean(true));

27
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/admin/AuthorizeAdminServlet.java
View File

@@ -44,11 +44,14 @@ import java.sql.SQLException;
import java.util.HashMap; import java.util.HashMap;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.webui.servlet.DSpaceServlet; import org.dspace.app.webui.servlet.DSpaceServlet;
import org.dspace.app.webui.util.JSPManager; import org.dspace.app.webui.util.JSPManager;
import org.dspace.app.webui.util.UIUtil; import org.dspace.app.webui.util.UIUtil;
@@ -93,6 +96,10 @@ public class AuthorizeAdminServlet extends DSpaceServlet
{ {
String button = UIUtil.getSubmitButton(request, "submit"); String button = UIUtil.getSubmitButton(request, "submit");
// check authorization!! the authorize servlet is available to all registred users
// it is need because also item/collection/community admin could be
// allowed to manage policies
if (button.equals("submit_collection")) if (button.equals("submit_collection"))
{ {
// select a collection to work on // select a collection to work on
@@ -176,6 +183,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Item item = Item Item item = Item
.find(c, UIUtil.getIntParameter(request, "item_id")); .find(c, UIUtil.getIntParameter(request, "item_id"));
AuthorizeUtil.authorizeManageItemPolicy(c, item);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(item); policy.setResource(item);
policy.update(); policy.update();
@@ -201,6 +209,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Item item = Item Item item = Item
.find(c, UIUtil.getIntParameter(request, "item_id")); .find(c, UIUtil.getIntParameter(request, "item_id"));
AuthorizeUtil.authorizeManageItemPolicy(c, item);
int policy_id = UIUtil.getIntParameter(request, "policy_id"); int policy_id = UIUtil.getIntParameter(request, "policy_id");
ResourcePolicy policy = null; ResourcePolicy policy = null;
@@ -227,6 +236,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Bundle bundle = Bundle.find(c, UIUtil.getIntParameter(request, Bundle bundle = Bundle.find(c, UIUtil.getIntParameter(request,
"bundle_id")); "bundle_id"));
AuthorizeUtil.authorizeManageBundlePolicy(c, bundle);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(bundle); policy.setResource(bundle);
policy.update(); policy.update();
@@ -255,6 +265,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Bitstream bitstream = Bitstream.find(c, UIUtil.getIntParameter( Bitstream bitstream = Bitstream.find(c, UIUtil.getIntParameter(
request, "bitstream_id")); request, "bitstream_id"));
AuthorizeUtil.authorizeManageBitstreamPolicy(c, bitstream);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(bitstream); policy.setResource(bitstream);
policy.update(); policy.update();
@@ -280,6 +291,8 @@ public class AuthorizeAdminServlet extends DSpaceServlet
// delete a permission from an item // delete a permission from an item
Item item = Item Item item = Item
.find(c, UIUtil.getIntParameter(request, "item_id")); .find(c, UIUtil.getIntParameter(request, "item_id"));
AuthorizeUtil.authorizeManageItemPolicy(c, item);
ResourcePolicy policy = ResourcePolicy.find(c, UIUtil ResourcePolicy policy = ResourcePolicy.find(c, UIUtil
.getIntParameter(request, "policy_id")); .getIntParameter(request, "policy_id"));
@@ -299,6 +312,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Collection collection = Collection.find(c, UIUtil.getIntParameter( Collection collection = Collection.find(c, UIUtil.getIntParameter(
request, "collection_id")); request, "collection_id"));
AuthorizeUtil.authorizeManageCollectionPolicy(c, collection);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(collection); policy.setResource(collection);
policy.update(); policy.update();
@@ -336,6 +350,8 @@ public class AuthorizeAdminServlet extends DSpaceServlet
// delete a permission from a collection // delete a permission from a collection
Collection collection = Collection.find(c, UIUtil.getIntParameter( Collection collection = Collection.find(c, UIUtil.getIntParameter(
request, "collection_id")); request, "collection_id"));
AuthorizeUtil.authorizeManageCollectionPolicy(c, collection);
ResourcePolicy policy = ResourcePolicy.find(c, UIUtil ResourcePolicy policy = ResourcePolicy.find(c, UIUtil
.getIntParameter(request, "policy_id")); .getIntParameter(request, "policy_id"));
@@ -356,6 +372,8 @@ public class AuthorizeAdminServlet extends DSpaceServlet
// delete a permission from a community // delete a permission from a community
Community community = Community.find(c, UIUtil.getIntParameter( Community community = Community.find(c, UIUtil.getIntParameter(
request, "community_id")); request, "community_id"));
AuthorizeUtil.authorizeManageCommunityPolicy(c, community);
ResourcePolicy policy = ResourcePolicy.find(c, UIUtil ResourcePolicy policy = ResourcePolicy.find(c, UIUtil
.getIntParameter(request, "policy_id")); .getIntParameter(request, "policy_id"));
@@ -377,6 +395,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Collection collection = Collection.find(c, UIUtil.getIntParameter( Collection collection = Collection.find(c, UIUtil.getIntParameter(
request, "collection_id")); request, "collection_id"));
AuthorizeUtil.authorizeManageCollectionPolicy(c, collection);
int policy_id = UIUtil.getIntParameter(request, "policy_id"); int policy_id = UIUtil.getIntParameter(request, "policy_id");
ResourcePolicy policy = null; ResourcePolicy policy = null;
@@ -412,6 +431,8 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Community community = Community.find(c, UIUtil.getIntParameter( Community community = Community.find(c, UIUtil.getIntParameter(
request, "community_id")); request, "community_id"));
AuthorizeUtil.authorizeManageCommunityPolicy(c, community);
int policy_id = UIUtil.getIntParameter(request, "policy_id"); int policy_id = UIUtil.getIntParameter(request, "policy_id");
ResourcePolicy policy = null; ResourcePolicy policy = null;
@@ -448,6 +469,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Collection collection = Collection.find(c, UIUtil.getIntParameter( Collection collection = Collection.find(c, UIUtil.getIntParameter(
request, "collection_id")); request, "collection_id"));
AuthorizeUtil.authorizeManageCollectionPolicy(c, collection);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(collection); policy.setResource(collection);
policy.update(); policy.update();
@@ -474,6 +496,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
Community community = Community.find(c, UIUtil.getIntParameter( Community community = Community.find(c, UIUtil.getIntParameter(
request, "community_id")); request, "community_id"));
AuthorizeUtil.authorizeManageCommunityPolicy(c, community);
ResourcePolicy policy = ResourcePolicy.create(c); ResourcePolicy policy = ResourcePolicy.create(c);
policy.setResource(community); policy.setResource(community);
policy.update(); policy.update();
@@ -511,6 +534,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
String display_page = null; String display_page = null;
ResourcePolicy policy = ResourcePolicy.find(c, policy_id); ResourcePolicy policy = ResourcePolicy.find(c, policy_id);
AuthorizeUtil.authorizeManagePolicy(c, policy);
Group group = Group.find(c, group_id); Group group = Group.find(c, group_id);
if (collection_id != -1) if (collection_id != -1)
@@ -602,6 +626,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
{ {
int policy_id = UIUtil.getIntParameter(request, "policy_id"); int policy_id = UIUtil.getIntParameter(request, "policy_id");
ResourcePolicy rp = ResourcePolicy.find(c, policy_id); ResourcePolicy rp = ResourcePolicy.find(c, policy_id);
AuthorizeUtil.authorizeManagePolicy(c, rp);
rp.delete(); rp.delete();
} }
@@ -647,6 +672,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
} }
else if (button.equals("submit_advanced_clear")) else if (button.equals("submit_advanced_clear"))
{ {
AuthorizeUtil.requireAdminRole(c);
// remove all policies for a set of objects // remove all policies for a set of objects
int collection_id = UIUtil int collection_id = UIUtil
.getIntParameter(request, "collection_id"); .getIntParameter(request, "collection_id");
@@ -668,6 +694,7 @@ public class AuthorizeAdminServlet extends DSpaceServlet
} }
else if (button.equals("submit_advanced_add")) else if (button.equals("submit_advanced_add"))
{ {
AuthorizeUtil.requireAdminRole(c);
// add a policy to a set of objects // add a policy to a set of objects
int collection_id = UIUtil int collection_id = UIUtil
.getIntParameter(request, "collection_id"); .getIntParameter(request, "collection_id");

50
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/admin/CollectionWizardServlet.java
View File

@@ -52,6 +52,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.webui.servlet.DSpaceServlet; import org.dspace.app.webui.servlet.DSpaceServlet;
import org.dspace.app.webui.util.FileUploadRequest; import org.dspace.app.webui.util.FileUploadRequest;
import org.dspace.app.webui.util.JSPManager; import org.dspace.app.webui.util.JSPManager;
@@ -174,16 +175,49 @@ public class CollectionWizardServlet extends DSpaceServlet
// Create the collection // Create the collection
Collection newCollection = c.createCollection(); Collection newCollection = c.createCollection();
request.setAttribute("collection", newCollection); request.setAttribute("collection", newCollection);
if (AuthorizeManager.isAdmin(context,c))
{
// set a variable to show all locale admin buttons
request.setAttribute("admin_button", new Boolean(true));
}
if (AuthorizeManager.isAdmin(context)) if (AuthorizeManager.isAdmin(context))
{ {
// set a variable to show all buttons // set a variable to show all buttons
request.setAttribute("sysadmin_button", new Boolean(true)); request.setAttribute("sysadmin_button", new Boolean(true));
} }
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, newCollection);
request.setAttribute("admin_create_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("admin_create_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageSubmittersGroup(context, newCollection);
request.setAttribute("submitters_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("submitters_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageWorkflowsGroup(context, newCollection);
request.setAttribute("workflows_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("workflows_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageTemplateItem(context, newCollection);
request.setAttribute("template_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("template_button", new Boolean(false));
}
JSPManager.showJSP(request, response, JSPManager.showJSP(request, response,
"/dspace-admin/wizard-questions.jsp"); "/dspace-admin/wizard-questions.jsp");
context.complete(); context.complete();
@@ -718,11 +752,7 @@ public class CollectionWizardServlet extends DSpaceServlet
Community[] communities = collection.getCommunities(); Community[] communities = collection.getCommunities();
request.setAttribute("community", communities[0]); request.setAttribute("community", communities[0]);
if (AuthorizeManager.isAdmin(context, collection)) EditCommunitiesServlet.storeAuthorizeAttributeCollectionEdit(context, request, collection);
{
// set a variable to show all buttons
request.setAttribute("admin_button", new Boolean(true));
}
} }
JSPManager.showJSP(request, response, "/tools/edit-collection.jsp"); JSPManager.showJSP(request, response, "/tools/edit-collection.jsp");

172
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/admin/EditCommunitiesServlet.java
View File

@@ -51,6 +51,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.webui.servlet.DSpaceServlet; import org.dspace.app.webui.servlet.DSpaceServlet;
import org.dspace.app.webui.util.FileUploadRequest; import org.dspace.app.webui.util.FileUploadRequest;
import org.dspace.app.webui.util.JSPManager; import org.dspace.app.webui.util.JSPManager;
@@ -170,18 +171,11 @@ public class EditCommunitiesServlet extends DSpaceServlet
return; return;
} }
if ((collection != null && AuthorizeManager.isAdmin(context, collection))
|| (collection == null && community != null && AuthorizeManager.isAdmin(context, community))
|| (collection == null && parentCommunity != null && AuthorizeManager.isAdmin(context, parentCommunity)))
{
// set a variable to show all buttons
request.setAttribute("admin_button", new Boolean(true));
}
// Now proceed according to "action" parameter // Now proceed according to "action" parameter
switch (action) switch (action)
{ {
case START_EDIT_COMMUNITY: case START_EDIT_COMMUNITY:
storeAuthorizeAttributeCommunityEdit(context, request, community);
// Display the relevant "edit community" page // Display the relevant "edit community" page
JSPManager.showJSP(request, response, "/tools/edit-community.jsp"); JSPManager.showJSP(request, response, "/tools/edit-community.jsp");
@@ -197,6 +191,9 @@ public class EditCommunitiesServlet extends DSpaceServlet
break; break;
case START_CREATE_COMMUNITY: case START_CREATE_COMMUNITY:
// no authorize attribute will be given to the jsp so a "clean" creation form
// will be always supplied, advanced setting on policies and admin group creation
// will be possible after to have completed the community creation
// Display edit community page with empty fields + create button // Display edit community page with empty fields + create button
JSPManager.showJSP(request, response, "/tools/edit-community.jsp"); JSPManager.showJSP(request, response, "/tools/edit-community.jsp");
@@ -209,6 +206,8 @@ public class EditCommunitiesServlet extends DSpaceServlet
getIntParameter(request, "collection_id")); getIntParameter(request, "collection_id"));
request.setAttribute("harvestInstance", hc); request.setAttribute("harvestInstance", hc);
storeAuthorizeAttributeCollectionEdit(context, request, collection);
// Display the relevant "edit collection" page // Display the relevant "edit collection" page
JSPManager.showJSP(request, response, "/tools/edit-collection.jsp"); JSPManager.showJSP(request, response, "/tools/edit-collection.jsp");
@@ -281,7 +280,9 @@ public class EditCommunitiesServlet extends DSpaceServlet
// Delete the collection // Delete the collection
community.removeCollection(collection); community.removeCollection(collection);
// remove the collection object from the request, so that the user
// will be redirected on the community home page
request.removeAttribute("collection");
// Show main control page // Show main control page
showControls(context, request, response); showControls(context, request, response);
@@ -299,6 +300,140 @@ public class EditCommunitiesServlet extends DSpaceServlet
} }
} }
/**
* Store in the request attribute to teach to the jsp which button are
* needed/allowed for the community edit form
*
* @param context
* @param request
* @param community
* @throws SQLException
*/
private void storeAuthorizeAttributeCommunityEdit(Context context,
HttpServletRequest request, Community community) throws SQLException
{
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, community);
request.setAttribute("admin_create_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("admin_create_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeRemoveAdminGroup(context, community);
request.setAttribute("admin_remove_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("admin_remove_button", new Boolean(false));
}
if (AuthorizeManager.authorizeActionBoolean(context, community, Constants.DELETE))
{
request.setAttribute("delete_button", new Boolean(true));
}
else
{
request.setAttribute("delete_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageCommunityPolicy(context, community);
request.setAttribute("policy_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("policy_button", new Boolean(false));
}
}
/**
* Store in the request attribute to teach to the jsp which button are
* needed/allowed for the collection edit form
*
* @param context
* @param request
* @param community
* @throws SQLException
*/
static void storeAuthorizeAttributeCollectionEdit(Context context,
HttpServletRequest request, Collection collection) throws SQLException
{
if (AuthorizeManager.isAdmin(context, collection))
{
request.setAttribute("admin_collection", new Boolean(true));
}
else
{
request.setAttribute("admin_collection", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, collection);
request.setAttribute("admin_create_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("admin_create_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeRemoveAdminGroup(context, collection);
request.setAttribute("admin_remove_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("admin_remove_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageSubmittersGroup(context, collection);
request.setAttribute("submitters_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("submitters_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageWorkflowsGroup(context, collection);
request.setAttribute("workflows_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("workflows_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageTemplateItem(context, collection);
request.setAttribute("template_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("template_button", new Boolean(false));
}
if (AuthorizeManager.authorizeActionBoolean(context, collection.getParentObject(), Constants.REMOVE))
{
request.setAttribute("delete_button", new Boolean(true));
}
else
{
request.setAttribute("delete_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageCollectionPolicy(context, collection);
request.setAttribute("policy_button", new Boolean(true));
}
catch (AuthorizeException authex) {
request.setAttribute("policy_button", new Boolean(false));
}
}
/** /**
* Show community home page with admin controls * Show community home page with admin controls
* *
@@ -394,6 +529,8 @@ public class EditCommunitiesServlet extends DSpaceServlet
request.setAttribute("community", community); request.setAttribute("community", community);
} }
storeAuthorizeAttributeCommunityEdit(context, request, community);
community.setMetadata("name", request.getParameter("name")); community.setMetadata("name", request.getParameter("name"));
community.setMetadata("short_description", request community.setMetadata("short_description", request
.getParameter("short_description")); .getParameter("short_description"));
@@ -452,7 +589,7 @@ public class EditCommunitiesServlet extends DSpaceServlet
// Forward to policy edit page // Forward to policy edit page
response.sendRedirect(response.encodeRedirectURL(request response.sendRedirect(response.encodeRedirectURL(request
.getContextPath() .getContextPath()
+ "/dspace-admin/authorize?community_id=" + "/tools/authorize?community_id="
+ community.getID() + "&submit_community_select=1")); + community.getID() + "&submit_community_select=1"));
} }
else if (button.equals("submit_admins_create")) else if (button.equals("submit_admins_create"))
@@ -466,6 +603,15 @@ public class EditCommunitiesServlet extends DSpaceServlet
.getContextPath() .getContextPath()
+ "/tools/group-edit?group_id=" + newGroup.getID())); + "/tools/group-edit?group_id=" + newGroup.getID()));
} }
else if (button.equals("submit_admins_remove"))
{
Group g = community.getAdministrators();
community.removeAdministrators();
community.update();
g.delete();
// Show edit page again - attributes set in doDSPost()
JSPManager.showJSP(request, response, "/tools/edit-community.jsp");
}
else if (button.equals("submit_admins_edit")) else if (button.equals("submit_admins_edit"))
{ {
// Edit 'community administrators' group // Edit 'community administrators' group
@@ -511,6 +657,8 @@ public class EditCommunitiesServlet extends DSpaceServlet
request.setAttribute("collection", collection); request.setAttribute("collection", collection);
} }
storeAuthorizeAttributeCollectionEdit(context, request, collection);
// Update the basic metadata // Update the basic metadata
collection.setMetadata("name", request.getParameter("name")); collection.setMetadata("name", request.getParameter("name"));
collection.setMetadata("short_description", request collection.setMetadata("short_description", request
@@ -674,7 +822,7 @@ public class EditCommunitiesServlet extends DSpaceServlet
// Forward to policy edit page // Forward to policy edit page
response.sendRedirect(response.encodeRedirectURL(request response.sendRedirect(response.encodeRedirectURL(request
.getContextPath() .getContextPath()
+ "/dspace-admin/authorize?collection_id=" + "/tools/authorize?collection_id="
+ collection.getID() + "&submit_collection_select=1")); + collection.getID() + "&submit_collection_select=1"));
} }
else if (button.startsWith("submit_wf_edit_")) else if (button.startsWith("submit_wf_edit_"))
@@ -830,6 +978,7 @@ public class EditCommunitiesServlet extends DSpaceServlet
// Show community edit page // Show community edit page
request.setAttribute("community", community); request.setAttribute("community", community);
storeAuthorizeAttributeCommunityEdit(context, request, community);
dso = community; dso = community;
jsp = "/tools/edit-community.jsp"; jsp = "/tools/edit-community.jsp";
} }
@@ -840,6 +989,7 @@ public class EditCommunitiesServlet extends DSpaceServlet
// Show collection edit page // Show collection edit page
request.setAttribute("collection", collection); request.setAttribute("collection", collection);
request.setAttribute("community", community); request.setAttribute("community", community);
storeAuthorizeAttributeCollectionEdit(context, request, collection);
dso = collection; dso = collection;
jsp = "/tools/edit-collection.jsp"; jsp = "/tools/edit-collection.jsp";
} }

89
dspace-jspui/dspace-jspui-api/src/main/java/org/dspace/app/webui/servlet/admin/EditItemServlet.java
View File

@@ -59,10 +59,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.webui.servlet.DSpaceServlet; import org.dspace.app.webui.servlet.DSpaceServlet;
import org.dspace.app.webui.util.FileUploadRequest; import org.dspace.app.webui.util.FileUploadRequest;
import org.dspace.app.webui.util.JSPManager; import org.dspace.app.webui.util.JSPManager;
import org.dspace.app.webui.util.UIUtil; import org.dspace.app.webui.util.UIUtil;
import org.dspace.authorize.AuthorizeConfiguration;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Bitstream; import org.dspace.content.Bitstream;
@@ -392,9 +394,16 @@ public class EditItemServlet extends DSpaceServlet
{ {
if ( request.getParameter("cc_license_url") != null ) if ( request.getParameter("cc_license_url") != null )
{ {
// check authorization
AuthorizeUtil.authorizeManageCCLicense(context, item);
// turn off auth system to allow replace also to user that can't
// remove/add bitstream to the item
context.turnOffAuthorisationSystem();
// set or replace existing CC license // set or replace existing CC license
CreativeCommons.setLicense( context, item, CreativeCommons.setLicense( context, item,
request.getParameter("cc_license_url") ); request.getParameter("cc_license_url") );
context.restoreAuthSystemState();
context.commit(); context.commit();
} }
@@ -427,6 +436,82 @@ public class EditItemServlet extends DSpaceServlet
} }
request.setAttribute("admin_button", AuthorizeManager.authorizeActionBoolean(context, item, Constants.ADMIN)); request.setAttribute("admin_button", AuthorizeManager.authorizeActionBoolean(context, item, Constants.ADMIN));
try
{
AuthorizeUtil.authorizeManageItemPolicy(context, item);
request.setAttribute("policy_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("policy_button", new Boolean(false));
}
if (AuthorizeManager.authorizeActionBoolean(context, item
.getParentObject(), Constants.REMOVE))
{
request.setAttribute("delete_button", new Boolean(true));
}
else
{
request.setAttribute("delete_button", new Boolean(false));
}
try
{
AuthorizeManager.authorizeAction(context, item, Constants.ADD);
request.setAttribute("create_bitstream_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("create_bitstream_button", new Boolean(false));
}
try
{
AuthorizeManager.authorizeAction(context, item, Constants.REMOVE);
request.setAttribute("remove_bitstream_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("remove_bitstream_button", new Boolean(false));
}
try
{
AuthorizeUtil.authorizeManageCCLicense(context, item);
request.setAttribute("cclicense_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("cclicense_button", new Boolean(false));
}
if (!item.isWithdrawn())
{
try
{
AuthorizeUtil.authorizeWithdrawItem(context, item);
request.setAttribute("withdraw_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("withdraw_button", new Boolean(false));
}
}
else
{
try
{
AuthorizeUtil.authorizeReinstateItem(context, item);
request.setAttribute("reinstate_button", new Boolean(true));
}
catch (AuthorizeException authex)
{
request.setAttribute("reinstate_button", new Boolean(false));
}
}
request.setAttribute("item", item); request.setAttribute("item", item);
request.setAttribute("handle", handle); request.setAttribute("handle", handle);
request.setAttribute("collections", collections); request.setAttribute("collections", collections);
@@ -532,9 +617,7 @@ public class EditItemServlet extends DSpaceServlet
item.addMetadata(schema, element, qualifier, language, value); item.addMetadata(schema, element, qualifier, language, value);
} }
} }
// only process bitstreams if admin else if (p.startsWith("bitstream_name"))
else if (p.startsWith("bitstream_name")
&& AuthorizeManager.isAdmin(context))
{ {
// We have bitstream metadata // We have bitstream metadata
// First, get the bundle and bitstream ID // First, get the bundle and bitstream ID

2
dspace-jspui/dspace-jspui-webapp/src/main/webapp/WEB-INF/web.xml
View File

@@ -428,7 +428,7 @@
<servlet-mapping> <servlet-mapping>
<servlet-name>authorize</servlet-name> <servlet-name>authorize</servlet-name>
<url-pattern>/dspace-admin/authorize</url-pattern> <url-pattern>/tools/authorize</url-pattern>
</servlet-mapping> </servlet-mapping>
<servlet-mapping> <servlet-mapping>

4
dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/authorize-collection-edit.jsp
View File

@@ -105,7 +105,7 @@
</tr> </tr>
</table> </table>
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post"> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<p align="center"> <p align="center">
<input type="hidden" name="collection_id" value="<%=collection.getID()%>" /> <input type="hidden" name="collection_id" value="<%=collection.getID()%>" />
<input type="submit" name="submit_collection_add_policy" value="<fmt:message key="jsp.dspace-admin.general.addpolicy"/>" /> <input type="submit" name="submit_collection_add_policy" value="<fmt:message key="jsp.dspace-admin.general.addpolicy"/>" />
@@ -120,7 +120,7 @@
{ {
ResourcePolicy rp = (ResourcePolicy) i.next(); ResourcePolicy rp = (ResourcePolicy) i.next();
%> %>
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post"> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<table class="miscTable" align="center" summary="Collection Policy Edit Form"> <table class="miscTable" align="center" summary="Collection Policy Edit Form">
<tr> <tr>
<th class="oddRowOddCol"><strong><fmt:message key="jsp.general.id" /></strong></th> <th class="oddRowOddCol"><strong><fmt:message key="jsp.general.id" /></strong></th>

6
dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/authorize-community-edit.jsp
View File

@@ -100,7 +100,7 @@
</tr> </tr>
</table> </table>
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post"> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<p align="center"> <p align="center">
<input type="hidden" name="community_id" value="<%=community.getID()%>" /> <input type="hidden" name="community_id" value="<%=community.getID()%>" />
<input type="submit" name="submit_community_add_policy" value="<fmt:message key="jsp.dspace-admin.general.addpolicy"/>" /> <input type="submit" name="submit_community_add_policy" value="<fmt:message key="jsp.dspace-admin.general.addpolicy"/>" />
@@ -134,14 +134,14 @@
<%= (rp.getGroup() == null ? "..." : rp.getGroup().getName() ) %> <%= (rp.getGroup() == null ? "..." : rp.getGroup().getName() ) %>
</td> </td>
<td headers="t4" class="<%= row %>RowEvenCol"> <td headers="t4" class="<%= row %>RowEvenCol">
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post">--> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<input type="hidden" name="policy_id" value="<%= rp.getID() %>" /> <input type="hidden" name="policy_id" value="<%= rp.getID() %>" />
<input type="hidden" name="community_id" value="<%= community.getID() %>" /> <input type="hidden" name="community_id" value="<%= community.getID() %>" />
<input type="submit" name="submit_community_edit_policy" value="<fmt:message key="jsp.dspace-admin.general.edit"/>" /> <input type="submit" name="submit_community_edit_policy" value="<fmt:message key="jsp.dspace-admin.general.edit"/>" />
</form> </form>
</td> </td>
<td headers="t5" class="<%= row %>RowOddCol"> <td headers="t5" class="<%= row %>RowOddCol">
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post">--> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<input type="hidden" name="policy_id" value="<%= rp.getID() %>" /> <input type="hidden" name="policy_id" value="<%= rp.getID() %>" />
<input type="hidden" name="community_id" value="<%= community.getID() %>" /> <input type="hidden" name="community_id" value="<%= community.getID() %>" />
<input type="submit" name="submit_community_delete_policy" value="<fmt:message key="jsp.dspace-admin.general.delete"/>" /> <input type="submit" name="submit_community_delete_policy" value="<fmt:message key="jsp.dspace-admin.general.delete"/>" />

2
dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/authorize-policy-edit.jsp
View File

@@ -111,7 +111,7 @@
</tr> </tr>
</table> </table>
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post"> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<table class="miscTable" align="center" summary="Edit Policy Form"> <table class="miscTable" align="center" summary="Edit Policy Form">
<tr> <tr>

2
dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/supervise-list.jsp
View File

@@ -119,7 +119,7 @@
<tr> <tr>
<td class="<%= row %>RowOddCol"> <td class="<%= row %>RowOddCol">
<%-- form to navigate to the item policies --%> <%-- form to navigate to the item policies --%>
<form action="<%= request.getContextPath() %>/dspace-admin/authorize" method="post"> <form action="<%= request.getContextPath() %>/tools/authorize" method="post">
<input type="hidden" name="item_id" value="<%=supervisedItems[i].getItem().getID() %>"/> <input type="hidden" name="item_id" value="<%=supervisedItems[i].getItem().getID() %>"/>
<input type="submit" name="submit_item_select" value="<fmt:message key="jsp.dspace-admin.supervise-list.policies.button"/>"/> <input type="submit" name="submit_item_select" value="<fmt:message key="jsp.dspace-admin.supervise-list.policies.button"/>"/>
</form> </form>

34
dspace-jspui/dspace-jspui-webapp/src/main/webapp/dspace-admin/wizard-questions.jsp
View File

@@ -61,8 +61,21 @@
<% Boolean sysadmin_b = (Boolean)request.getAttribute("sysadmin_button"); <% Boolean sysadmin_b = (Boolean)request.getAttribute("sysadmin_button");
boolean sysadmin_button = (sysadmin_b == null ? false : sysadmin_b.booleanValue()); boolean sysadmin_button = (sysadmin_b == null ? false : sysadmin_b.booleanValue());
Boolean admin_b = (Boolean)request.getAttribute("admin_button");
boolean admin_button = (admin_b == null ? false : admin_b.booleanValue()); %> Boolean adminCreateGroup = (Boolean)request.getAttribute("admin_create_button");
boolean bAdminCreateGroup = (adminCreateGroup == null ? false : adminCreateGroup.booleanValue());
Boolean workflowsButton = (Boolean)request.getAttribute("workflows_button");
boolean bWorkflowsButton = (workflowsButton == null ? false : workflowsButton.booleanValue());
Boolean submittersButton = (Boolean)request.getAttribute("submitters_button");
boolean bSubmittersButton = (submittersButton == null ? false : submittersButton.booleanValue());
Boolean templateButton = (Boolean)request.getAttribute("template_button");
boolean bTemplateButton = (templateButton == null ? false : templateButton.booleanValue());
%>
<dspace:layout locbar="off" <dspace:layout locbar="off"
navbar="off" navbar="off"
@@ -104,7 +117,7 @@
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"> <td valign="top">
<% if(!admin_button ) { %> <input type="hidden" name="submitters" value="false" /> <% if(!bSubmittersButton) { %> <input type="hidden" name="submitters" value="false" />
<input type="checkbox" name="submitters" value="true" disabled="disabled"/> <input type="checkbox" name="submitters" value="true" disabled="disabled"/>
<% } else { %> <% } else { %>
<input type="checkbox" name="submitters" value="true" checked="checked"/> <input type="checkbox" name="submitters" value="true" checked="checked"/>
@@ -121,7 +134,7 @@
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"> <td valign="top">
<% if(!admin_button ) { %> <input type="hidden" name="workflow1" value="false" /> <% if(!bWorkflowsButton) { %> <input type="hidden" name="workflow1" value="false" />
<input type="checkbox" name="workflow1" value="true" disabled="disabled"/> <input type="checkbox" name="workflow1" value="true" disabled="disabled"/>
<% } else { %> <% } else { %>
<input type="checkbox" name="workflow1" value="true"/> <input type="checkbox" name="workflow1" value="true"/>
@@ -138,7 +151,7 @@
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"> <td valign="top">
<% if(!admin_button ) { %> <input type="hidden" name="workflow2" value="false" /> <% if(!bWorkflowsButton) { %> <input type="hidden" name="workflow2" value="false" />
<input type="checkbox" name="workflow2" value="true" disabled="disabled"/> <input type="checkbox" name="workflow2" value="true" disabled="disabled"/>
<% } else { %> <% } else { %>
<input type="checkbox" name="workflow2" value="true"/> <input type="checkbox" name="workflow2" value="true"/>
@@ -155,7 +168,7 @@
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"> <td valign="top">
<% if(!admin_button ) { %> <input type="hidden" name="workflow3" value="false" /> <% if(!bWorkflowsButton) { %> <input type="hidden" name="workflow3" value="false" />
<input type="checkbox" name="workflow3" value="true" disabled="disabled"/> <input type="checkbox" name="workflow3" value="true" disabled="disabled"/>
<% } else { %> <% } else { %>
<input type="checkbox" name="workflow3" value="true"/> <input type="checkbox" name="workflow3" value="true"/>
@@ -172,7 +185,7 @@
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"> <td valign="top">
<% if(!admin_button ) { %> <input type="hidden" name="admins" value="false" /> <% if(!bAdminCreateGroup) { %> <input type="hidden" name="admins" value="false" />
<input type="checkbox" name="admins" value="true" disabled="disabled"/> <input type="checkbox" name="admins" value="true" disabled="disabled"/>
<% } else { %> <% } else { %>
<input type="checkbox" name="admins" value="true"/> <input type="checkbox" name="admins" value="true"/>
@@ -188,7 +201,12 @@
<td class="oddRowOddCol" align="left"> <td class="oddRowOddCol" align="left">
<table border="0"> <table border="0">
<tr> <tr>
<td valign="top"><input type="checkbox" name="default.item" value="true"/></td> <td valign="top">
<% if(!bTemplateButton) { %> <input type="hidden" name="default.item" value="false" />
<input type="checkbox" name="default.item" value="true" disabled="disabled"/>
<% } else { %>
<input type="checkbox" name="default.item" value="true"/></td>
<% } %>
<%-- <td class="submitFormLabel" nowrap>New submissions will have some metadata already filled out with defaults</td> --%> <%-- <td class="submitFormLabel" nowrap>New submissions will have some metadata already filled out with defaults</td> --%>
<td class="submitFormLabel" nowrap="nowrap"><fmt:message key="jsp.dspace-admin.wizard-questions.check7"/></td> <td class="submitFormLabel" nowrap="nowrap"><fmt:message key="jsp.dspace-admin.wizard-questions.check7"/></td>
</tr> </tr>

4
dspace-jspui/dspace-jspui-webapp/src/main/webapp/layout/navbar-admin.jsp
View File

@@ -135,10 +135,10 @@
<tr class="navigationBarItem"> <tr class="navigationBarItem">
<td> <td>
<img alt="" src="<%= request.getContextPath() %>/image/<%= (currentPage.endsWith("/dspace-admin/authorize") ? "arrow-highlight" : "arrow") %>.gif" width="16" height="16"/> <img alt="" src="<%= request.getContextPath() %>/image/<%= (currentPage.endsWith("/tools/authorize") ? "arrow-highlight" : "arrow") %>.gif" width="16" height="16"/>
</td> </td>
<td nowrap="nowrap" class="navigationBarItem"> <td nowrap="nowrap" class="navigationBarItem">
<a href="<%= request.getContextPath() %>/dspace-admin/authorize"><fmt:message key="jsp.layout.navbar-admin.authorization"/></a> <a href="<%= request.getContextPath() %>/tools/authorize"><fmt:message key="jsp.layout.navbar-admin.authorization"/></a>
</td> </td>
</tr> </tr>

69
dspace-jspui/dspace-jspui-webapp/src/main/webapp/tools/edit-collection.jsp
View File

@@ -67,8 +67,30 @@
<% <%
Collection collection = (Collection) request.getAttribute("collection"); Collection collection = (Collection) request.getAttribute("collection");
Community community = (Community) request.getAttribute("community"); Community community = (Community) request.getAttribute("community");
Boolean admin_b = (Boolean)request.getAttribute("admin_button");
boolean admin_button = (admin_b == null ? false : admin_b.booleanValue()); Boolean adminCollection = (Boolean)request.getAttribute("admin_collection");
boolean bAdminCollection = (adminCollection == null ? false : adminCollection.booleanValue());
Boolean adminCreateGroup = (Boolean)request.getAttribute("admin_create_button");
boolean bAdminCreateGroup = (adminCreateGroup == null ? false : adminCreateGroup.booleanValue());
Boolean adminRemoveGroup = (Boolean)request.getAttribute("admin_remove_button");
boolean bAdminRemoveGroup = (adminRemoveGroup == null ? false : adminRemoveGroup.booleanValue());
Boolean workflowsButton = (Boolean)request.getAttribute("workflows_button");
boolean bWorkflowsButton = (workflowsButton == null ? false : workflowsButton.booleanValue());
Boolean submittersButton = (Boolean)request.getAttribute("submitters_button");
boolean bSubmittersButton = (submittersButton == null ? false : submittersButton.booleanValue());
Boolean templateButton = (Boolean)request.getAttribute("template_button");
boolean bTemplateButton = (templateButton == null ? false : templateButton.booleanValue());
Boolean policyButton = (Boolean)request.getAttribute("policy_button");
boolean bPolicyButton = (policyButton == null ? false : policyButton.booleanValue());
Boolean deleteButton = (Boolean)request.getAttribute("delete_button");
boolean bDeleteButton = (deleteButton == null ? false : deleteButton.booleanValue());
// Is the logged in user a sys admin // Is the logged in user a sys admin
Boolean admin = (Boolean)request.getAttribute("is.admin"); Boolean admin = (Boolean)request.getAttribute("is.admin");
@@ -158,17 +180,21 @@
<fmt:param><%= collection.getHandle() %></fmt:param> <fmt:param><%= collection.getHandle() %></fmt:param>
</fmt:message> </fmt:message>
</h1> </h1>
<% if(admin_button ) { %>
<center> <center>
<table width="70%"> <table width="70%">
<tr> <tr>
<td class="standard"> <td class="standard">
<% if(bDeleteButton) { %>
<form method="post" action=""> <form method="post" action="">
<input type="hidden" name="action" value="<%= EditCommunitiesServlet.START_DELETE_COLLECTION %>" /> <input type="hidden" name="action" value="<%= EditCommunitiesServlet.START_DELETE_COLLECTION %>" />
<input type="hidden" name="community_id" value="<%= community.getID() %>" /> <input type="hidden" name="community_id" value="<%= community.getID() %>" />
<input type="hidden" name="collection_id" value="<%= collection.getID() %>" /> <input type="hidden" name="collection_id" value="<%= collection.getID() %>" />
<input type="submit" name="submit" value="<fmt:message key="jsp.tools.edit-collection.button.delete"/>" /> <input type="submit" name="submit" value="<fmt:message key="jsp.tools.edit-collection.button.delete"/>" />
</form> </form>
<% } else { %>
&nbsp;
<% } %>
</td> </td>
<td align="right" class="standard"> <td align="right" class="standard">
<dspace:popup page="/help/site-admin.html#editcollection"><fmt:message key="jsp.help"/></dspace:popup> <dspace:popup page="/help/site-admin.html#editcollection"><fmt:message key="jsp.help"/></dspace:popup>
@@ -176,7 +202,7 @@
</tr> </tr>
</table> </table>
</center> </center>
<% } %>
<% } %> <% } %>
<form method="post" action="<%= request.getContextPath() %>/tools/edit-communities"> <form method="post" action="<%= request.getContextPath() %>/tools/edit-communities">
@@ -250,9 +276,12 @@
</tr> </tr>
<tr><td>&nbsp;</td></tr> <tr><td>&nbsp;</td></tr>
<% if(bSubmittersButton || bWorkflowsButton || bAdminCreateGroup || (admins != null && bAdminRemoveGroup)) { %>
<tr><td colspan="2"><center><h3><fmt:message key="jsp.tools.edit-collection.form.label9"/></h3></center></td></tr> <tr><td colspan="2"><center><h3><fmt:message key="jsp.tools.edit-collection.form.label9"/></h3></center></td></tr>
<% if(admin_button ) { %> <% }
if(bSubmittersButton) { %>
<%-- =========================================================== <%-- ===========================================================
Collection Submitters Collection Submitters
=========================================================== --%> =========================================================== --%>
@@ -267,7 +296,9 @@
<% } %> <% } %>
</td> </td>
</tr> </tr>
<% } %>
<% if(bWorkflowsButton) { %>
<%-- =========================================================== <%-- ===========================================================
Workflow groups Workflow groups
=========================================================== --%> =========================================================== --%>
@@ -292,24 +323,36 @@
</td> </td>
</tr> </tr>
<% } %> <% } %>
<% } %>
<tr><td>&nbsp;</td></tr> <tr><td>&nbsp;</td></tr>
<% if(bAdminCreateGroup || (admins != null && bAdminRemoveGroup)) { %>
<%-- =========================================================== <%-- ===========================================================
Collection Administrators Collection Administrators
=========================================================== --%> =========================================================== --%>
<tr> <tr>
<td class="submitFormLabel"><fmt:message key="jsp.tools.edit-collection.form.label12"/></td> <td class="submitFormLabel"><fmt:message key="jsp.tools.edit-collection.form.label12"/></td>
<td> <td>
<% if (admins == null) {%> <% if (admins == null) {
if (bAdminCreateGroup) {
%>
<input type="submit" name="submit_admins_create" value="<fmt:message key="jsp.tools.edit-collection.form.button.create"/>" /> <input type="submit" name="submit_admins_create" value="<fmt:message key="jsp.tools.edit-collection.form.button.create"/>" />
<% } else { %> <% }
}
else {
if (bAdminCreateGroup) {
%>
<input type="submit" name="submit_admins_edit" value="<fmt:message key="jsp.tools.edit-collection.form.button.edit"/>" /> <input type="submit" name="submit_admins_edit" value="<fmt:message key="jsp.tools.edit-collection.form.button.edit"/>" />
<% }
if (bAdminRemoveGroup) {
%>
<input type="submit" name="submit_admins_delete" value="<fmt:message key="jsp.tools.edit-collection.form.button.delete"/>" /> <input type="submit" name="submit_admins_delete" value="<fmt:message key="jsp.tools.edit-collection.form.button.delete"/>" />
<% } %> <% }
} %>
</td> </td>
</tr> </tr>
<% } %> <% } %>
<% if(bTemplateButton) { %>
<%-- =========================================================== <%-- ===========================================================
Item template Item template
=========================================================== --%> =========================================================== --%>
@@ -325,7 +368,9 @@
<% } %> <% } %>
</td> </td>
</tr> </tr>
<% if(isAdmin) { %> <% } %>
<% if(bPolicyButton) { %>
<%-- =========================================================== <%-- ===========================================================
Edit collection's policies Edit collection's policies
=========================================================== --%> =========================================================== --%>
@@ -345,7 +390,7 @@
<% if(admin_button ) { %> <% if(bAdminCollection) { %>
<%-- =========================================================== <%-- ===========================================================
Harvesting Settings Harvesting Settings
=========================================================== --%> =========================================================== --%>

37
dspace-jspui/dspace-jspui-webapp/src/main/webapp/tools/edit-community.jsp
View File

@@ -63,12 +63,22 @@
<% <%
Community community = (Community) request.getAttribute("community"); Community community = (Community) request.getAttribute("community");
int parentID = UIUtil.getIntParameter(request, "parent_community_id"); int parentID = UIUtil.getIntParameter(request, "parent_community_id");
Boolean admin_b = (Boolean)request.getAttribute("admin_button");
boolean admin_button = (admin_b == null ? false : admin_b.booleanValue());
// Is the logged in user a sys admin // Is the logged in user a sys admin
Boolean admin = (Boolean)request.getAttribute("is.admin"); Boolean admin = (Boolean)request.getAttribute("is.admin");
boolean isAdmin = (admin == null ? false : admin.booleanValue()); boolean isAdmin = (admin == null ? false : admin.booleanValue());
Boolean adminCreateGroup = (Boolean)request.getAttribute("admin_create_button");
boolean bAdminCreateGroup = (adminCreateGroup == null ? false : adminCreateGroup.booleanValue());
Boolean adminRemoveGroup = (Boolean)request.getAttribute("admin_remove_button");
boolean bAdminRemoveGroup = (adminRemoveGroup == null ? false : adminRemoveGroup.booleanValue());
Boolean policy = (Boolean)request.getAttribute("policy_button");
boolean bPolicy = (policy == null ? false : policy.booleanValue());
Boolean delete = (Boolean)request.getAttribute("delete_button");
boolean bDelete = (delete == null ? false : delete.booleanValue());
String name = ""; String name = "";
String shortDesc = ""; String shortDesc = "";
String intro = ""; String intro = "";
@@ -113,7 +123,7 @@
<fmt:param><%= community.getHandle() %></fmt:param> <fmt:param><%= community.getHandle() %></fmt:param>
</fmt:message> </fmt:message>
</h1> </h1>
<% if(admin_button ) { %> <% if(bDelete) { %>
<center> <center>
<table width="70%"> <table width="70%">
<tr> <tr>
@@ -194,24 +204,35 @@
<% } %> <% } %>
</td> </td>
</tr> </tr>
<% if(admin_button ) { %> <% if(bAdminCreateGroup || (admins != null && bAdminRemoveGroup)) { %>
<%-- =========================================================== <%-- ===========================================================
Community Administrators Community Administrators
=========================================================== --%> =========================================================== --%>
<tr> <tr>
<td class="submitFormLabel"><fmt:message key="jsp.tools.edit-community.form.label8"/></td> <td class="submitFormLabel"><fmt:message key="jsp.tools.edit-community.form.label8"/></td>
<td> <td>
<% if (admins == null) {%> <% if (admins == null) {
if (bAdminCreateGroup) {
%>
<input type="submit" name="submit_admins_create" value="<fmt:message key="jsp.tools.edit-community.form.button.create"/>" /> <input type="submit" name="submit_admins_create" value="<fmt:message key="jsp.tools.edit-community.form.button.create"/>" />
<% } else { %> <% }
}
else
{
if (bAdminCreateGroup) { %>
<input type="submit" name="submit_admins_edit" value="<fmt:message key="jsp.tools.edit-community.form.button.edit"/>" /> <input type="submit" name="submit_admins_edit" value="<fmt:message key="jsp.tools.edit-community.form.button.edit"/>" />
<% } %> <% }
if (bAdminRemoveGroup) { %>
<input type="submit" name="submit_admins_remove" value="<fmt:message key="jsp.tools.edit-community.form.button.remove"/>" />
<% }
}
%>
</td> </td>
</tr> </tr>
<% } <% }
if (isAdmin) { if (bPolicy) {
%> %>

51
dspace-jspui/dspace-jspui-webapp/src/main/webapp/tools/edit-item-form.jsp
View File

@@ -87,13 +87,30 @@
// Is anyone logged in? // Is anyone logged in?
EPerson user = (EPerson) request.getAttribute("dspace.current.user"); EPerson user = (EPerson) request.getAttribute("dspace.current.user");
// Is the logged in user an admin
Boolean admin = (Boolean)request.getAttribute("is.admin");
boolean isAdmin = (admin == null ? false : admin.booleanValue());
// Is the logged in user an admin of the item // Is the logged in user an admin of the item
Boolean itemAdmin = (Boolean)request.getAttribute("admin_button"); Boolean itemAdmin = (Boolean)request.getAttribute("admin_button");
boolean isItemAdmin = (itemAdmin == null ? false : itemAdmin.booleanValue()); boolean isItemAdmin = (itemAdmin == null ? false : itemAdmin.booleanValue());
Boolean policy = (Boolean)request.getAttribute("policy_button");
boolean bPolicy = (policy == null ? false : policy.booleanValue());
Boolean delete = (Boolean)request.getAttribute("delete_button");
boolean bDelete = (delete == null ? false : delete.booleanValue());
Boolean createBits = (Boolean)request.getAttribute("create_bitstream_button");
boolean bCreateBits = (createBits == null ? false : createBits.booleanValue());
Boolean removeBits = (Boolean)request.getAttribute("remove_bitstream_button");
boolean bRemoveBits = (removeBits == null ? false : removeBits.booleanValue());
Boolean ccLicense = (Boolean)request.getAttribute("cclicense_button");
boolean bccLicense = (ccLicense == null ? false : ccLicense.booleanValue());
Boolean withdraw = (Boolean)request.getAttribute("withdraw_button");
boolean bWithdraw = (withdraw == null ? false : withdraw.booleanValue());
Boolean reinstate = (Boolean)request.getAttribute("reinstate_button");
boolean bReinstate = (reinstate == null ? false : reinstate.booleanValue());
%> %>
@@ -123,7 +140,7 @@
<td class="standard"><%= item.getID() %></td> <td class="standard"><%= item.getID() %></td>
<td class="standard" width="100%" align="right" rowspan="5"> <td class="standard" width="100%" align="right" rowspan="5">
<% <%
if (!item.isWithdrawn()) if (!item.isWithdrawn() && bWithdraw)
{ {
%> %>
<form method="post" action="<%= request.getContextPath() %>/tools/edit-item"> <form method="post" action="<%= request.getContextPath() %>/tools/edit-item">
@@ -134,7 +151,7 @@
</form> </form>
<% <%
} }
else else if (item.isWithdrawn() && bReinstate)
{ {
%> %>
<form method="post" action="<%= request.getContextPath() %>/tools/edit-item"> <form method="post" action="<%= request.getContextPath() %>/tools/edit-item">
@@ -148,6 +165,10 @@
%> %>
<br/> <br/>
<%
if (bDelete)
{
%>
<form method="post" action="<%= request.getContextPath() %>/tools/edit-item"> <form method="post" action="<%= request.getContextPath() %>/tools/edit-item">
<input type="hidden" name="item_id" value="<%= item.getID() %>" /> <input type="hidden" name="item_id" value="<%= item.getID() %>" />
<input type="hidden" name="action" value="<%= EditItemServlet.START_DELETE %>" /> <input type="hidden" name="action" value="<%= EditItemServlet.START_DELETE %>" />
@@ -155,6 +176,8 @@
<input type="submit" name="submit" value="<fmt:message key="jsp.tools.edit-item-form.delete-w-confirm.button"/>"/> <input type="submit" name="submit" value="<fmt:message key="jsp.tools.edit-item-form.delete-w-confirm.button"/>"/>
</form> </form>
<% <%
}
if (isItemAdmin) if (isItemAdmin)
{ {
%> <form method="post" action="<%= request.getContextPath() %>/tools/edit-item"> %> <form method="post" action="<%= request.getContextPath() %>/tools/edit-item">
@@ -200,7 +223,7 @@
</td> </td>
</tr> </tr>
<% <%
if (isAdmin) if (bPolicy)
{ {
%> %>
<%-- =========================================================== <%-- ===========================================================
@@ -210,7 +233,7 @@
<%-- <td class="submitFormLabel">Item's Authorizations:</td> --%> <%-- <td class="submitFormLabel">Item's Authorizations:</td> --%>
<td class="submitFormLabel"><fmt:message key="jsp.tools.edit-item-form.item"/></td> <td class="submitFormLabel"><fmt:message key="jsp.tools.edit-item-form.item"/></td>
<td> <td>
<form method="post" action="<%= request.getContextPath() %>/dspace-admin/authorize"> <form method="post" action="<%= request.getContextPath() %>/tools/authorize">
<input type="hidden" name="handle" value="<%= ConfigurationManager.getProperty("handle.prefix") %>" /> <input type="hidden" name="handle" value="<%= ConfigurationManager.getProperty("handle.prefix") %>" />
<input type="hidden" name="item_id" value="<%= item.getID() %>" /> <input type="hidden" name="item_id" value="<%= item.getID() %>" />
<%-- <input type="submit" name="submit_item_select" value="Edit..."> --%> <%-- <input type="submit" name="submit_item_select" value="Edit..."> --%>
@@ -404,7 +427,10 @@
</td> </td>
<td headers="t17" class="<%= row %>RowEvenCol"> <td headers="t17" class="<%= row %>RowEvenCol">
<%-- <a target="_blank" href="<%= request.getContextPath() %>/retrieve/<%= bitstreams[j].getID() %>">View</a>&nbsp;<input type="submit" name="submit_delete_bitstream_<%= key %>" value="Remove"> --%> <%-- <a target="_blank" href="<%= request.getContextPath() %>/retrieve/<%= bitstreams[j].getID() %>">View</a>&nbsp;<input type="submit" name="submit_delete_bitstream_<%= key %>" value="Remove"> --%>
<a target="_blank" href="<%= request.getContextPath() %>/retrieve/<%= bitstreams[j].getID() %>"><fmt:message key="jsp.tools.general.view"/></a>&nbsp;<input type="submit" name="submit_delete_bitstream_<%= key %>" value="<fmt:message key="jsp.tools.general.remove"/>" /> <a target="_blank" href="<%= request.getContextPath() %>/retrieve/<%= bitstreams[j].getID() %>"><fmt:message key="jsp.tools.general.view"/></a>&nbsp;
<% if (bRemoveBits) { %>
<input type="submit" name="submit_delete_bitstream_<%= key %>" value="<fmt:message key="jsp.tools.general.remove"/>" />
<% } %>
</td> </td>
</tr> </tr>
<% <%
@@ -421,10 +447,13 @@
<table width="70%" align="center"> <table width="70%" align="center">
<tr> <tr>
<td> <td>
<input type="submit" name="submit_addbitstream" value="<fmt:message key="jsp.tools.edit-item-form.addbit.button"/>"/>
<% <%
if (bCreateBits) {
%>
<input type="submit" name="submit_addbitstream" value="<fmt:message key="jsp.tools.edit-item-form.addbit.button"/>"/>
<% }
if (ConfigurationManager.getBooleanProperty("webui.submit.enable-cc")) if (ConfigurationManager.getBooleanProperty("webui.submit.enable-cc") && bccLicense)
{ {
String s; String s;
Bundle[] ccBundle = item.getBundles("CC-LICENSE"); Bundle[] ccBundle = item.getBundles("CC-LICENSE");

53
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/FlowAuthorizationUtils.java
View File

@@ -43,6 +43,7 @@ package org.dspace.app.xmlui.aspect.administrative;
import java.sql.SQLException; import java.sql.SQLException;
import java.util.List; import java.util.List;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.xmlui.wing.Message; import org.dspace.app.xmlui.wing.Message;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
@@ -152,6 +153,12 @@ public class FlowAuthorizationUtils {
ResourcePolicy policy = ResourcePolicy.find(context, policyID); ResourcePolicy policy = ResourcePolicy.find(context, policyID);
// check authorization to edit an existent policy
if (policy != null)
{
AuthorizeUtil.authorizeManagePolicy(context, policy);
}
/* First and foremost, if no group or action was selected, throw an error back to the user */ /* First and foremost, if no group or action was selected, throw an error back to the user */
if (actionID == -1) { if (actionID == -1) {
result.setContinue(false); result.setContinue(false);
@@ -168,15 +175,41 @@ public class FlowAuthorizationUtils {
DSpaceObject policyParent = null; DSpaceObject policyParent = null;
if (policy == null) if (policy == null)
{ {
policy = ResourcePolicy.create(context);
switch (objectType) { switch (objectType) {
case Constants.COMMUNITY: policyParent = Community.find(context, objectID); break; case Constants.COMMUNITY:
case Constants.COLLECTION: policyParent = Collection.find(context, objectID); break; {
case Constants.ITEM: policyParent = Item.find(context, objectID); break; policyParent = Community.find(context, objectID);
case Constants.BUNDLE: policyParent = Bundle.find(context, objectID); break; AuthorizeUtil.authorizeManageCommunityPolicy(context, (Community)policyParent);
case Constants.BITSTREAM: policyParent = Bitstream.find(context, objectID); break; break;
} }
case Constants.COLLECTION:
{
policyParent = Collection.find(context, objectID);
AuthorizeUtil.authorizeManageCollectionPolicy(context, (Collection)policyParent);
break;
}
case Constants.ITEM:
{
policyParent = Item.find(context, objectID);
AuthorizeUtil.authorizeManageItemPolicy(context, (Item) policyParent);
break;
}
case Constants.BUNDLE:
{
policyParent = Bundle.find(context, objectID);
AuthorizeUtil.authorizeManageItemPolicy(context, (Item) (policyParent.getParentObject()));
break;
}
case Constants.BITSTREAM:
{
policyParent = Bitstream.find(context, objectID);
AuthorizeUtil
.authorizeManageItemPolicy(context, (Item) (policyParent
.getParentObject()));
break;
}
}
policy = ResourcePolicy.create(context);
policy.setResource(policyParent); policy.setResource(policyParent);
added = true; added = true;
} }
@@ -231,13 +264,15 @@ public class FlowAuthorizationUtils {
* @param policyIDs The unique ids of the policies being deleted. * @param policyIDs The unique ids of the policies being deleted.
* @return A process result's object. * @return A process result's object.
*/ */
public static FlowResult processDeletePolicies(Context context, String[] policyIDs) throws NumberFormatException, SQLException public static FlowResult processDeletePolicies(Context context, String[] policyIDs) throws NumberFormatException, SQLException, AuthorizeException
{ {
FlowResult result = new FlowResult(); FlowResult result = new FlowResult();
for (String id : policyIDs) for (String id : policyIDs)
{ {
ResourcePolicy policyDeleted = ResourcePolicy.find(context, Integer.valueOf(id)); ResourcePolicy policyDeleted = ResourcePolicy.find(context, Integer.valueOf(id));
// check authorization
AuthorizeUtil.authorizeManagePolicy(context, policyDeleted);
policyDeleted.delete(); policyDeleted.delete();
} }
@@ -262,6 +297,7 @@ public class FlowAuthorizationUtils {
public static FlowResult processAdvancedPolicyAdd(Context context, String[] groupIDs, int actionID, public static FlowResult processAdvancedPolicyAdd(Context context, String[] groupIDs, int actionID,
int resourceID, String [] collectionIDs) throws NumberFormatException, SQLException, AuthorizeException int resourceID, String [] collectionIDs) throws NumberFormatException, SQLException, AuthorizeException
{ {
AuthorizeUtil.requireAdminRole(context);
FlowResult result = new FlowResult(); FlowResult result = new FlowResult();
for (String groupID : groupIDs) for (String groupID : groupIDs)
@@ -300,6 +336,7 @@ public class FlowAuthorizationUtils {
public static FlowResult processAdvancedPolicyDelete(Context context, int resourceID, String [] collectionIDs) public static FlowResult processAdvancedPolicyDelete(Context context, int resourceID, String [] collectionIDs)
throws NumberFormatException, SQLException, AuthorizeException throws NumberFormatException, SQLException, AuthorizeException
{ {
AuthorizeUtil.requireAdminRole(context);
FlowResult result = new FlowResult(); FlowResult result = new FlowResult();
for (String collectionID : collectionIDs) for (String collectionID : collectionIDs)

10
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/Navigation.java
View File

@@ -234,7 +234,6 @@ public class Navigation extends AbstractDSpaceTransformer implements CacheablePr
DSpaceObject dso = HandleUtil.obtainHandle(objectModel); DSpaceObject dso = HandleUtil.obtainHandle(objectModel);
if (dso instanceof Item) if (dso instanceof Item)
{ {
Item item = (Item) dso; Item item = (Item) dso;
if (item.canEdit()) if (item.canEdit())
{ {
@@ -248,9 +247,8 @@ public class Navigation extends AbstractDSpaceTransformer implements CacheablePr
{ {
Collection collection = (Collection) dso; Collection collection = (Collection) dso;
// can they admin this collection? // can they admin this collection?
if (AuthorizeManager.authorizeActionBoolean(this.context, collection, Constants.ADMIN)) if (collection.canEditBoolean(true))
{ {
context.setHead(T_context_head); context.setHead(T_context_head);
context.addItemXref(contextPath+"/admin/collection?collectionID=" + collection.getID(), T_context_edit_collection); context.addItemXref(contextPath+"/admin/collection?collectionID=" + collection.getID(), T_context_edit_collection);
@@ -277,12 +275,6 @@ public class Navigation extends AbstractDSpaceTransformer implements CacheablePr
{ {
context.setHead(T_context_head); context.setHead(T_context_head);
context.addItemXref(contextPath+"/admin/collection?createNew&communityID=" + community.getID(), T_context_create_collection); context.addItemXref(contextPath+"/admin/collection?createNew&communityID=" + community.getID(), T_context_create_collection);
}
// Only System & Community administrators can create sub-communities
if (isSystemAdmin || AuthorizeManager.authorizeActionBoolean(this.context, community, Constants.ADMIN))
{
context.setHead(T_context_head);
context.addItemXref(contextPath+"/admin/community?createNew&communityID=" + community.getID(), T_context_create_subcommunity); context.addItemXref(contextPath+"/admin/community?createNew&communityID=" + community.getID(), T_context_create_subcommunity);
} }
} }

52
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/collection/AssignCollectionRoles.java
View File

@@ -41,6 +41,7 @@ package org.dspace.app.xmlui.aspect.administrative.collection;
import java.sql.SQLException; import java.sql.SQLException;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.xmlui.aspect.administrative.FlowContainerUtils; import org.dspace.app.xmlui.aspect.administrative.FlowContainerUtils;
import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer; import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer;
import org.dspace.app.xmlui.wing.Message; import org.dspace.app.xmlui.wing.Message;
@@ -104,6 +105,7 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
private static final Message T_role_buttons = message("xmlui.administrative.collection.AssignCollectionRoles.role_buttons"); private static final Message T_role_buttons = message("xmlui.administrative.collection.AssignCollectionRoles.role_buttons");
private static final Message T_label_admins = message("xmlui.administrative.collection.AssignCollectionRoles.label_admins"); private static final Message T_label_admins = message("xmlui.administrative.collection.AssignCollectionRoles.label_admins");
private static final Message T_label_wf = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf");
private static final Message T_label_wf_step1 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step1"); private static final Message T_label_wf_step1 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step1");
private static final Message T_label_wf_step2 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step2"); private static final Message T_label_wf_step2 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step2");
private static final Message T_label_wf_step3 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step3"); private static final Message T_label_wf_step3 = message("xmlui.administrative.collection.AssignCollectionRoles.label_wf_step3");
@@ -111,6 +113,7 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
private static final Message T_label_default_read = message("xmlui.administrative.collection.AssignCollectionRoles.label_default_read"); private static final Message T_label_default_read = message("xmlui.administrative.collection.AssignCollectionRoles.label_default_read");
private static final Message T_sysadmins_only = message("xmlui.administrative.collection.AssignCollectionRoles.sysadmins_only"); private static final Message T_sysadmins_only = message("xmlui.administrative.collection.AssignCollectionRoles.sysadmins_only");
private static final Message T_not_allowed = message("xmlui.administrative.collection.AssignCollectionRoles.not_allowed");
public void addPageMeta(PageMeta pageMeta) throws WingException public void addPageMeta(PageMeta pageMeta) throws WingException
@@ -168,14 +171,38 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_admins); tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_admins);
if (admins != null) if (admins != null)
{ {
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, thisCollection);
tableRow.addCell().addXref(baseURL + "&submit_edit_admin", admins.getName()); tableRow.addCell().addXref(baseURL + "&submit_edit_admin", admins.getName());
}
catch (AuthorizeException authex) {
// add a notice, the user is not authorized to create/edit collection's admin group
tableRow.addCell().addContent(T_not_allowed);
}
try
{
AuthorizeUtil.authorizeRemoveAdminGroup(context, thisCollection);
tableRow.addCell().addButton("submit_delete_admin").setValue(T_delete); tableRow.addCell().addButton("submit_delete_admin").setValue(T_delete);
} }
catch (AuthorizeException authex)
{
// nothing to add, the user is not allowed to delete the group
}
}
else else
{ {
tableRow.addCell().addContent(T_no_role); tableRow.addCell().addContent(T_no_role);
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, thisCollection);
tableRow.addCell().addButton("submit_create_admin").setValue(T_create); tableRow.addCell().addButton("submit_create_admin").setValue(T_create);
} }
catch (AuthorizeException authex) {
// add a notice, the user is not authorized to create/edit collection's admin group
tableRow.addCell().addContent(T_not_allowed);
}
}
// help and directions row // help and directions row
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(); tableRow.addCell();
@@ -186,6 +213,9 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
* Workflow steps 1-3 * Workflow steps 1-3
*/ */
// data row // data row
try
{
AuthorizeUtil.authorizeManageWorkflowsGroup(context, thisCollection);
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_wf_step1); tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_wf_step1);
if (wfStep1 != null) if (wfStep1 != null)
@@ -240,12 +270,22 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(); tableRow.addCell();
tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_wf_step3); tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_wf_step3);
}
catch (AuthorizeException authex) {
// add a notice, the user is not allowed to manage workflow group
tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_wf);
tableRow.addCell().addContent(T_not_allowed);
}
/* /*
* The collection submitters * The collection submitters
*/ */
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_submitters); tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_submitters);
try
{
AuthorizeUtil.authorizeManageSubmittersGroup(context, thisCollection);
if (submitters != null) if (submitters != null)
{ {
tableRow.addCell().addXref(baseURL + "&submit_edit_submit", submitters.getName()); tableRow.addCell().addXref(baseURL + "&submit_edit_submit", submitters.getName());
@@ -256,6 +296,11 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
tableRow.addCell().addContent(T_no_role); tableRow.addCell().addContent(T_no_role);
tableRow.addCell().addButton("submit_create_submit").setValue(T_create); tableRow.addCell().addButton("submit_create_submit").setValue(T_create);
} }
}
catch (AuthorizeException authex)
{
tableRow.addCell().addContent(T_not_allowed);
}
// help and directions row // help and directions row
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(); tableRow.addCell();
@@ -290,13 +335,16 @@ public class AssignCollectionRoles extends AbstractDSpaceTransformer
tableRow.addCell(); tableRow.addCell();
tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_default_read); tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_default_read);
try
if (AuthorizeManager.isAdmin(context))
{ {
AuthorizeUtil.authorizeManageCollectionPolicy(context, thisCollection);
// add one last link to edit the raw authorizations // add one last link to edit the raw authorizations
Cell authCell =rolesTable.addRow().addCell(1,3); Cell authCell =rolesTable.addRow().addCell(1,3);
authCell.addXref(baseURL + "&submit_authorizations", T_edit_authorization); authCell.addXref(baseURL + "&submit_authorizations", T_edit_authorization);
} }
catch (AuthorizeException authex) {
// nothing to add, the user is not authorized to edit collection's policies
}
Para buttonList = main.addPara(); Para buttonList = main.addPara();
buttonList.addButton("submit_return").setValue(T_submit_return); buttonList.addButton("submit_return").setValue(T_submit_return);

36
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/community/AssignCommunityRoles.java
View File

@@ -41,6 +41,7 @@ package org.dspace.app.xmlui.aspect.administrative.community;
import java.sql.SQLException; import java.sql.SQLException;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer; import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer;
import org.dspace.app.xmlui.wing.Message; import org.dspace.app.xmlui.wing.Message;
import org.dspace.app.xmlui.wing.WingException; import org.dspace.app.xmlui.wing.WingException;
@@ -142,26 +143,55 @@ public class AssignCommunityRoles extends AbstractDSpaceTransformer
tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_admins); tableRow.addCell(Cell.ROLE_HEADER).addContent(T_label_admins);
if (admins != null) if (admins != null)
{ {
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, thisCommunity);
tableRow.addCell().addXref(baseURL + "&submit_edit_admin", admins.getName()); tableRow.addCell().addXref(baseURL + "&submit_edit_admin", admins.getName());
}
catch (AuthorizeException authex) {
// add a notice, the user is not authorized to create/edit community's admin group
tableRow.addCell().addContent(T_sysadmins_only);
}
try
{
AuthorizeUtil.authorizeRemoveAdminGroup(context, thisCommunity);
tableRow.addCell().addButton("submit_delete_admin").setValue(T_delete); tableRow.addCell().addButton("submit_delete_admin").setValue(T_delete);
} }
catch (AuthorizeException authex)
{
// nothing to add, the user is not allowed to delete the group
}
}
else else
{ {
tableRow.addCell().addContent(T_no_role); tableRow.addCell().addContent(T_no_role);
tableRow.addCell().addButton("submit_create_admin").setValue(T_create); Cell commAdminCell = tableRow.addCell();
try
{
AuthorizeUtil.authorizeManageAdminGroup(context, thisCommunity);
commAdminCell.addButton("submit_create_admin").setValue(T_create);
}
catch (AuthorizeException authex)
{
// add a notice, the user is not authorized to create/edit community's admin group
addAdministratorOnlyButton(commAdminCell, "submit_create_admin", T_create);
}
} }
// help and directions row // help and directions row
tableRow = rolesTable.addRow(Row.ROLE_DATA); tableRow = rolesTable.addRow(Row.ROLE_DATA);
tableRow.addCell(); tableRow.addCell();
tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_admins); tableRow.addCell(1,2).addHighlight("fade offset").addContent(T_help_admins);
try
if (AuthorizeManager.isAdmin(context))
{ {
AuthorizeUtil.authorizeManageCommunityPolicy(context, thisCommunity);
// add one last link to edit the raw authorizations // add one last link to edit the raw authorizations
Cell authCell =rolesTable.addRow().addCell(1,3); Cell authCell =rolesTable.addRow().addCell(1,3);
authCell.addXref(baseURL + "&submit_authorizations", T_edit_authorizations); authCell.addXref(baseURL + "&submit_authorizations", T_edit_authorizations);
} }
catch (AuthorizeException authex) {
// nothing to add, the user is not authorized to manage community's policies
}
Para buttonList = main.addPara(); Para buttonList = main.addPara();
buttonList.addButton("submit_return").setValue(T_submit_return); buttonList.addButton("submit_return").setValue(T_submit_return);

6
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/community/EditCommunityMetadataForm.java
View File

@@ -41,6 +41,7 @@ package org.dspace.app.xmlui.aspect.administrative.community;
import java.sql.SQLException; import java.sql.SQLException;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.xmlui.aspect.administrative.FlowContainerUtils; import org.dspace.app.xmlui.aspect.administrative.FlowContainerUtils;
import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer; import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer;
import org.dspace.app.xmlui.wing.Message; import org.dspace.app.xmlui.wing.Message;
@@ -56,6 +57,7 @@ import org.dspace.app.xmlui.wing.element.TextArea;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Community; import org.dspace.content.Community;
import org.dspace.core.Constants;
/** /**
* Presents the user (in this case an administrator over the community) with the * Presents the user (in this case an administrator over the community) with the
@@ -175,8 +177,8 @@ public class EditCommunityMetadataForm extends AbstractDSpaceTransformer
Para buttonList = main.addPara(); Para buttonList = main.addPara();
buttonList.addButton("submit_save").setValue(T_submit_update); buttonList.addButton("submit_save").setValue(T_submit_update);
//Only System Admins can Delete Communities
if (AuthorizeManager.isAdmin(context)) if (AuthorizeManager.authorizeActionBoolean(context, thisCommunity, Constants.DELETE))
{ {
buttonList.addButton("submit_delete").setValue(T_submit_delete); buttonList.addButton("submit_delete").setValue(T_submit_delete);
} }

2
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/item/EditItemBitstreamsForm.java
View File

@@ -234,7 +234,7 @@ public class EditItemBitstreamsForm extends AbstractDSpaceTransformer {
// PARA: actions // PARA: actions
Para actions = main.addPara("editItemActionsP","editItemActionsP" ); Para actions = main.addPara("editItemActionsP","editItemActionsP" );
// Only System Administrators can delete bitstreams // Only System Administrators can delete bitstreams
if (AuthorizeManager.isAdmin(context)) if (AuthorizeManager.authorizeActionBoolean(context, item, Constants.REMOVE))
actions.addButton("submit_delete").setValue(T_submit_delete); actions.addButton("submit_delete").setValue(T_submit_delete);
else else
{ {

60
dspace-xmlui/dspace-xmlui-api/src/main/java/org/dspace/app/xmlui/aspect/administrative/item/EditItemStatusForm.java
View File

@@ -41,6 +41,7 @@ package org.dspace.app.xmlui.aspect.administrative.item;
import java.sql.SQLException; import java.sql.SQLException;
import org.dspace.app.util.AuthorizeUtil;
import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer; import org.dspace.app.xmlui.cocoon.AbstractDSpaceTransformer;
import org.dspace.app.xmlui.wing.Message; import org.dspace.app.xmlui.wing.Message;
import org.dspace.app.xmlui.wing.WingException; import org.dspace.app.xmlui.wing.WingException;
@@ -49,10 +50,12 @@ import org.dspace.app.xmlui.wing.element.Button;
import org.dspace.app.xmlui.wing.element.Division; import org.dspace.app.xmlui.wing.element.Division;
import org.dspace.app.xmlui.wing.element.List; import org.dspace.app.xmlui.wing.element.List;
import org.dspace.app.xmlui.wing.element.PageMeta; import org.dspace.app.xmlui.wing.element.PageMeta;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.AuthorizeManager; import org.dspace.authorize.AuthorizeManager;
import org.dspace.content.Collection; import org.dspace.content.Collection;
import org.dspace.content.Item; import org.dspace.content.Item;
import org.dspace.core.ConfigurationManager; import org.dspace.core.ConfigurationManager;
import org.dspace.core.Constants;
/** /**
* Display basic meta-meta information about the item and allow the user to change * Display basic meta-meta information about the item and allow the user to change
@@ -95,7 +98,7 @@ public class EditItemStatusForm extends AbstractDSpaceTransformer {
private static final Message T_submit_delete = message("xmlui.administrative.item.EditItemStatusForm.submit_delete"); private static final Message T_submit_delete = message("xmlui.administrative.item.EditItemStatusForm.submit_delete");
private static final Message T_na = message("xmlui.administrative.item.EditItemStatusForm.na"); private static final Message T_na = message("xmlui.administrative.item.EditItemStatusForm.na");
private static final Message T_sysadmins_only = message("xmlui.administrative.item.EditItemStatusForm.sysadmins_only"); private static final Message T_not_allowed = message("xmlui.administrative.item.EditItemStatusForm.not_allowed");
private static final Message T_collectionadmins_only = message("xmlui.administrative.item.EditItemStatusForm.collection_admins_only"); private static final Message T_collectionadmins_only = message("xmlui.administrative.item.EditItemStatusForm.collection_admins_only");
@@ -170,24 +173,55 @@ public class EditItemStatusForm extends AbstractDSpaceTransformer {
} }
itemInfo.addLabel(T_label_auth); itemInfo.addLabel(T_label_auth);
addAdministratorOnlyButton(itemInfo.addItem(), "submit_authorization", T_submit_authorizations); try
{
AuthorizeUtil.authorizeManageItemPolicy(context, item);
itemInfo.addItem().addButton("submit_authorization").setValue(T_submit_authorizations);
}
catch (AuthorizeException authex)
{
addNotAllowedButton(itemInfo.addItem(), "submit_authorization", T_submit_authorizations);
}
if(!item.isWithdrawn()) if(!item.isWithdrawn())
{ {
itemInfo.addLabel(T_label_withdraw); itemInfo.addLabel(T_label_withdraw);
addAdministratorOnlyButton(itemInfo.addItem(), "submit_withdraw", T_submit_withdraw); try
{
AuthorizeUtil.authorizeWithdrawItem(context, item);
itemInfo.addItem().addButton("submit_withdraw").setValue(T_submit_withdraw);
}
catch (AuthorizeException authex)
{
addNotAllowedButton(itemInfo.addItem(), "submit_withdraw", T_submit_withdraw);
}
} }
else else
{ {
itemInfo.addLabel(T_label_reinstate); itemInfo.addLabel(T_label_reinstate);
addAdministratorOnlyButton(itemInfo.addItem(), "submit_reinstate", T_submit_reinstate); try
{
AuthorizeUtil.authorizeReinstateItem(context, item);
itemInfo.addItem().addButton("submit_reinstate").setValue(T_submit_reinstate);
}
catch (AuthorizeException authex)
{
addNotAllowedButton(itemInfo.addItem(), "submit_reinstate", T_submit_reinstate);
}
} }
itemInfo.addLabel(T_label_move); itemInfo.addLabel(T_label_move);
addCollectionAdminOnlyButton(itemInfo.addItem(), item.getOwningCollection(), "submit_move", T_submit_move); addCollectionAdminOnlyButton(itemInfo.addItem(), item.getOwningCollection(), "submit_move", T_submit_move);
itemInfo.addLabel(T_label_delete); itemInfo.addLabel(T_label_delete);
addAdministratorOnlyButton(itemInfo.addItem(), "submit_delete", T_submit_delete); if (AuthorizeManager.authorizeActionBoolean(context, item, Constants.DELETE))
{
itemInfo.addItem().addButton("submit_delete").setValue(T_submit_delete);
}
else
{
addNotAllowedButton(itemInfo.addItem(), "submit_delete", T_submit_delete);
}
@@ -198,16 +232,20 @@ public class EditItemStatusForm extends AbstractDSpaceTransformer {
main.addHidden("administrative-continue").setValue(knot.getId()); main.addHidden("administrative-continue").setValue(knot.getId());
} }
private void addAdministratorOnlyButton(org.dspace.app.xmlui.wing.element.Item item, String buttonName, Message buttonLabel) throws WingException, SQLException /**
* Add a disabled button with a "not allowed" notice
* @param item
* @param buttonName
* @param buttonLabel
* @throws WingException
* @throws SQLException
*/
private void addNotAllowedButton(org.dspace.app.xmlui.wing.element.Item item, String buttonName, Message buttonLabel) throws WingException, SQLException
{ {
Button button = item.addButton(buttonName); Button button = item.addButton(buttonName);
button.setValue(buttonLabel); button.setValue(buttonLabel);
if (!AuthorizeManager.isAdmin(context))
{
// Only admins can create or delete
button.setDisabled(); button.setDisabled();
item.addHighlight("fade").addContent(T_sysadmins_only); item.addHighlight("fade").addContent(T_not_allowed);
}
} }
private void addCollectionAdminOnlyButton(org.dspace.app.xmlui.wing.element.Item item, Collection collection, String buttonName, Message buttonLabel) throws WingException, SQLException private void addCollectionAdminOnlyButton(org.dspace.app.xmlui.wing.element.Item item, Collection collection, String buttonName, Message buttonLabel) throws WingException, SQLException

111
dspace-xmlui/dspace-xmlui-api/src/main/resources/aspects/Administrative/administrative.js
View File

@@ -377,25 +377,10 @@ function assertAdminCommunity(communityID) {
* Assert that the currently authenticated eperson can edit the given group. If they can * Assert that the currently authenticated eperson can edit the given group. If they can
* not then this method will never return. * not then this method will never return.
*/ */
function assertEditGroup(groupName) function assertEditGroup(groupID)
{ {
// Check authorizations // Check authorizations
var collectionID = FlowGroupUtils.getCollectionId(groupName); assertAuthorized(Constants.GROUP, groupID, Constants.WRITE);
var communityID = FlowGroupUtils.getCommunityId(groupName);
if (collectionID >= 0)
{
// This group is associated with a collection, check that group's permission
assertEditCollection(collectionID);
}
else if (communityID >= 0)
{
assertEditCommunity(communityID);
}
else
{
// Otherwise they need to be a super admin.
assertAdministrator();
}
} }
/** /**
@@ -921,7 +906,7 @@ function doEditGroup(groupID)
var memberEPeopleIDs = FlowGroupUtils.getEPeopleMembers(getDSContext(),groupID); var memberEPeopleIDs = FlowGroupUtils.getEPeopleMembers(getDSContext(),groupID);
var memberGroupIDs = FlowGroupUtils.getGroupMembers(getDSContext(),groupID); var memberGroupIDs = FlowGroupUtils.getGroupMembers(getDSContext(),groupID);
assertEditGroup(groupName); assertEditGroup(groupID);
var highlightEPersonID; var highlightEPersonID;
var highlightGroupID; var highlightGroupID;
@@ -931,7 +916,7 @@ function doEditGroup(groupID)
var result = null; var result = null;
do { do {
sendPageAndWait("admin/group/edit",{"groupID":groupID,"groupName":groupName,"memberGroupIDs":memberGroupIDs.join(','),"memberEPeopleIDs":memberEPeopleIDs.join(','),"highlightEPersonID":highlightEPersonID,"highlightGroupID":highlightGroupID,"query":escape(query),"page":page,"type":type},result); sendPageAndWait("admin/group/edit",{"groupID":groupID,"groupName":groupName,"memberGroupIDs":memberGroupIDs.join(','),"memberEPeopleIDs":memberEPeopleIDs.join(','),"highlightEPersonID":highlightEPersonID,"highlightGroupID":highlightGroupID,"query":escape(query),"page":page,"type":type},result);
assertEditGroup(groupName); assertEditGroup(groupID);
result = null; result = null;
highlightEPersonID = null; highlightEPersonID = null;
@@ -990,8 +975,6 @@ function doEditGroup(groupID)
else if (cocoon.request.get("submit_edit_group") && cocoon.request.get("groupID")) else if (cocoon.request.get("submit_edit_group") && cocoon.request.get("groupID"))
{ {
// Jump to another group. // Jump to another group.
assertAdministrator();
var newGroupID = cocoon.request.get("groupID"); var newGroupID = cocoon.request.get("groupID");
result = doEditGroup(newGroupID); // ahhh recursion! result = doEditGroup(newGroupID); // ahhh recursion!
@@ -1469,7 +1452,7 @@ function doEditItemStatus(itemID)
} }
else if (cocoon.request.get("submit_delete")) else if (cocoon.request.get("submit_delete"))
{ {
assertAdministrator(); assertAuthorized(Constants.ITEM, itemID, Constants.DELETE);
// Confirm the item's deletion // Confirm the item's deletion
result = doDeleteItem(itemID); result = doDeleteItem(itemID);
@@ -1497,7 +1480,8 @@ function doEditItemStatus(itemID)
else if (cocoon.request.get("submit_authorization")) else if (cocoon.request.get("submit_authorization"))
{ {
// Edit the authorizations for this // Edit the authorizations for this
assertAdministrator(); // authorization check performed by the doAuthorize methods in FlowAuthorizationUtils
// assertAdministrator();
doAuthorizeItem(itemID); doAuthorizeItem(itemID);
} }
@@ -1585,14 +1569,14 @@ function doEditItemMetadata(itemID, templateCollectionID)
*/ */
function doDeleteItem(itemID) function doDeleteItem(itemID)
{ {
assertAdministrator(); assertAuthorized(Constants.ITEM, itemID, Constants.DELETE);
sendPageAndWait("admin/item/delete",{"itemID":itemID}); sendPageAndWait("admin/item/delete",{"itemID":itemID});
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
// It's been confirmed, delete the item. // It's been confirmed, delete the item.
assertAdministrator(); assertAuthorized(Constants.ITEM, itemID, Constants.DELETE);
var result = FlowItemUtils.processDeleteItem(getDSContext(),itemID); var result = FlowItemUtils.processDeleteItem(getDSContext(),itemID);
if (result.getContinue()) { if (result.getContinue()) {
@@ -1611,14 +1595,16 @@ function doDeleteItem(itemID)
*/ */
function doWithdrawItem(itemID) function doWithdrawItem(itemID)
{ {
assertAdministrator(); // authorization check performed directly by the dspace-api
// assertAdministrator();
sendPageAndWait("admin/item/withdraw",{"itemID":itemID}); sendPageAndWait("admin/item/withdraw",{"itemID":itemID});
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
// Actualy withdraw the item // Actualy withdraw the item
assertAdministrator(); // authorization check performed directly by the dspace-api
// assertAdministrator();
var result = FlowItemUtils.processWithdrawItem(getDSContext(),itemID); var result = FlowItemUtils.processWithdrawItem(getDSContext(),itemID);
return result; return result;
} }
@@ -1630,14 +1616,16 @@ function doWithdrawItem(itemID)
*/ */
function doReinstateItem(itemID) function doReinstateItem(itemID)
{ {
assertAdministrator(); // authorization check performed directly by the dspace-api
// assertAdministrator();
sendPageAndWait("admin/item/reinstate",{"itemID":itemID}); sendPageAndWait("admin/item/reinstate",{"itemID":itemID});
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
// Actually reinstate the item // Actually reinstate the item
assertAdministrator(); // authorization check performed directly by the dspace-api
// assertAdministrator();
var result = FlowItemUtils.processReinstateItem(getDSContext(),itemID); var result = FlowItemUtils.processReinstateItem(getDSContext(),itemID);
return result; return result;
@@ -1855,7 +1843,8 @@ function doMapItemBrowse(collectionID)
*/ */
function doManageAuthorizations() function doManageAuthorizations()
{ {
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
var result = null; var result = null;
var query = ""; var query = "";
@@ -1863,7 +1852,8 @@ function doManageAuthorizations()
do { do {
sendPageAndWait("admin/authorize/main",{"query":escape(query)},result); sendPageAndWait("admin/authorize/main",{"query":escape(query)},result);
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
result = null; result = null;
@@ -1930,15 +1920,17 @@ function doAuthorizeCommunity(communityID)
*/ */
function doAuthorizeContainer(containerType, containerID) function doAuthorizeContainer(containerType, containerID)
{ {
//must be an ADMIN on the container to change its authorizations // authorization check moved to FlowAuthorizationUtils
assertAuthorized(containerType, containerID, Constants.ADMIN); // must be an ADMIN on the container to change its authorizations
// assertAuthorized(containerType, containerID, Constants.ADMIN);
var result; var result;
var highlightID; var highlightID;
do { do {
sendPageAndWait("admin/authorize/container",{"containerType":containerType,"containerID":containerID,"highlightID":highlightID},result); sendPageAndWait("admin/authorize/container",{"containerType":containerType,"containerID":containerID,"highlightID":highlightID},result);
assertAuthorized(containerType, containerID, Constants.ADMIN); // authorization check moved to FlowAuthorizationUtils
// assertAuthorized(containerType, containerID, Constants.ADMIN);
result = null; result = null;
// Cancel out the operation // Cancel out the operation
@@ -1979,14 +1971,16 @@ function doAuthorizeContainer(containerType, containerID)
*/ */
function doAuthorizeItem(itemID) function doAuthorizeItem(itemID)
{ {
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
var result; var result;
var highlightID; var highlightID;
do { do {
sendPageAndWait("admin/authorize/item",{"itemID":itemID,"highlightID":highlightID},result); sendPageAndWait("admin/authorize/item",{"itemID":itemID,"highlightID":highlightID},result);
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
result = null; result = null;
var bundleID = extractSubmitSuffix("submit_add_bundle_"); var bundleID = extractSubmitSuffix("submit_add_bundle_");
@@ -2088,7 +2082,8 @@ function doAdvancedAuthorization()
*/ */
function doEditPolicy(objectType,objectID,policyID) function doEditPolicy(objectType,objectID,policyID)
{ {
assertAdministrator(); // authorize check moved to FlowAuthorizationUtils.processEditPolicy
// assertAdministrator();
var result; var result;
var query= "-1"; var query= "-1";
@@ -2101,7 +2096,8 @@ function doEditPolicy(objectType,objectID,policyID)
* policy ID, the group search query (if a search was performed), the ID of the currenly associated group, the * policy ID, the group search query (if a search was performed), the ID of the currenly associated group, the
* current action and the currently viewed page (if a search returned more than one page of results) */ * current action and the currently viewed page (if a search returned more than one page of results) */
sendPageAndWait("admin/authorize/edit",{"objectType":objectType,"objectID":objectID,"policyID":policyID,"query":escape(query),"groupID":groupID,"actionID":actionID,"page":page},result); sendPageAndWait("admin/authorize/edit",{"objectType":objectType,"objectID":objectID,"policyID":policyID,"query":escape(query),"groupID":groupID,"actionID":actionID,"page":page},result);
assertAdministrator(); // authorize check moved to FlowAuthorizationUtils.processEditPolicy
// assertAdministrator();
result = null; result = null;
// Figure out which button was pressed on the group search results page // Figure out which button was pressed on the group search results page
@@ -2166,13 +2162,15 @@ function doEditPolicy(objectType,objectID,policyID)
*/ */
function doDeletePolicies(policyIDs) function doDeletePolicies(policyIDs)
{ {
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
sendPageAndWait("admin/authorize/delete",{"policyIDs":policyIDs.join(',')}); sendPageAndWait("admin/authorize/delete",{"policyIDs":policyIDs.join(',')});
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
// The user has confirmed, actualy delete these policies // The user has confirmed, actualy delete these policies
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
var result = FlowAuthorizationUtils.processDeletePolicies(getDSContext(),policyIDs); var result = FlowAuthorizationUtils.processDeletePolicies(getDSContext(),policyIDs);
return result; return result;
@@ -2316,7 +2314,7 @@ function doAssignCollectionRoles(collectionID)
else if (cocoon.request.get("submit_authorizations")) else if (cocoon.request.get("submit_authorizations"))
{ {
// general authorizations // general authorizations
assertAdminCollection(collectionID); // assertAdminCollection(collectionID);
result = doAuthorizeCollection(collectionID); result = doAuthorizeCollection(collectionID);
} }
@@ -2407,7 +2405,7 @@ function doAssignCollectionRoles(collectionID)
*/ */
function doSetupCollectionHarvesting(collectionID) function doSetupCollectionHarvesting(collectionID)
{ {
assertEditCollection(collectionID); assertAdminCollection(collectionID);
var result = null; var result = null;
var oaiProviderValue = null; var oaiProviderValue = null;
@@ -2423,7 +2421,7 @@ function doSetupCollectionHarvesting(collectionID)
metadataFormatValue = cocoon.request.get("metadata_format"); metadataFormatValue = cocoon.request.get("metadata_format");
harvestLevelValue = cocoon.request.get("harvest_level"); harvestLevelValue = cocoon.request.get("harvest_level");
assertEditCollection(collectionID); assertAdminCollection(collectionID);
if (cocoon.request.get("submit_return") || cocoon.request.get("submit_metadata") || if (cocoon.request.get("submit_return") || cocoon.request.get("submit_metadata") ||
cocoon.request.get("submit_roles") || cocoon.request.get("submit_harvesting")) cocoon.request.get("submit_roles") || cocoon.request.get("submit_harvesting"))
@@ -2453,7 +2451,7 @@ function doSetupCollectionHarvesting(collectionID)
*/ */
function doEditCollectionHarvesting(collectionID) function doEditCollectionHarvesting(collectionID)
{ {
assertEditCollection(collectionID); assertAdminCollection(collectionID);
var result = null; var result = null;
do do
@@ -2470,7 +2468,7 @@ function doEditCollectionHarvesting(collectionID)
} }
result = null; result = null;
assertEditCollection(collectionID); assertAdminCollection(collectionID);
if (cocoon.request.get("submit_return") || cocoon.request.get("submit_metadata") || if (cocoon.request.get("submit_return") || cocoon.request.get("submit_metadata") ||
cocoon.request.get("submit_roles") || cocoon.request.get("submit_harvesting")) cocoon.request.get("submit_roles") || cocoon.request.get("submit_harvesting"))
@@ -2544,10 +2542,10 @@ function doDeleteCollectionRole(collectionID,role)
*/ */
function doDeleteCollection(collectionID) function doDeleteCollection(collectionID)
{ {
assertAdministrator(); assertAuthorized(Constants.COLLECTION, collectionID, Constants.DELETE);
sendPageAndWait("admin/collection/delete",{"collectionID":collectionID}); sendPageAndWait("admin/collection/delete",{"collectionID":collectionID});
assertAdministrator(); assertAuthorized(Constants.COLLECTION, collectionID, Constants.DELETE);
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
@@ -2668,7 +2666,7 @@ function doEditCommunity(communityID)
} }
else if (cocoon.request.get("submit_delete")) else if (cocoon.request.get("submit_delete"))
{ {
assertAdministrator(); assertAuthorized(Constants.COMMUNITY, communityID, Constants.DELETE);
result = doDeleteCommunity(communityID); result = doDeleteCommunity(communityID);
} }
else if (cocoon.request.get("submit_delete_logo")) else if (cocoon.request.get("submit_delete_logo"))
@@ -2677,7 +2675,8 @@ function doEditCommunity(communityID)
} }
if (cocoon.request.get("submit_authorizations")) if (cocoon.request.get("submit_authorizations"))
{ {
assertAdministrator(); // authorization check moved to FlowAuthorizationUtils
// assertAdministrator();
result = doAuthorizeCommunity(communityID); result = doAuthorizeCommunity(communityID);
} }
@@ -2692,10 +2691,10 @@ function doEditCommunity(communityID)
* Delete an entire community, asking for a confirmation first * Delete an entire community, asking for a confirmation first
*/ */
function doDeleteCommunity(communityID) { function doDeleteCommunity(communityID) {
assertAdministrator(); assertAuthorized(Constants.COMMUNITY, communityID, Constants.DELETE);
sendPageAndWait("admin/community/delete",{"communityID":communityID}); sendPageAndWait("admin/community/delete",{"communityID":communityID});
assertAdministrator(); assertAuthorized(Constants.COMMUNITY, communityID, Constants.DELETE);
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {
@@ -2731,8 +2730,8 @@ function doAssignCommunityRoles(communityID)
else if (cocoon.request.get("submit_authorizations")) else if (cocoon.request.get("submit_authorizations"))
{ {
// general authorizations // authorization check moved to FlowAuthorizationUtils
assertAdministrator(); // assertAdministrator();
result = doAuthorizeCommunity(communityID); result = doAuthorizeCommunity(communityID);
} }
@@ -2756,11 +2755,13 @@ function doAssignCommunityRoles(communityID)
*/ */
function doDeleteCommunityRole(communityID,role) function doDeleteCommunityRole(communityID,role)
{ {
assertAdminCommunity(communityID); // authorization check performed directly by the dspace-api
// assertAdminCommunity(communityID);
var groupID = FlowContainerUtils.getCommunityRole(getDSContext(), communityID, role); var groupID = FlowContainerUtils.getCommunityRole(getDSContext(), communityID, role);
sendPageAndWait("admin/community/deleteRole",{"communityID":communityID,"role":role,"groupID":groupID}); sendPageAndWait("admin/community/deleteRole",{"communityID":communityID,"role":role,"groupID":groupID});
assertAdminCommunity(communityID); // authorization check performed directly by the dspace-api
// assertAdminCommunity(communityID);
if (cocoon.request.get("submit_confirm")) if (cocoon.request.get("submit_confirm"))
{ {

4
dspace-xmlui/dspace-xmlui-webapp/src/main/webapp/i18n/messages.xml
View File

@@ -1346,7 +1346,7 @@
<message key="xmlui.administrative.item.EditItemStatusForm.na">n/a</message> <message key="xmlui.administrative.item.EditItemStatusForm.na">n/a</message>
<message key="xmlui.administrative.item.EditItemStatusForm.sysadmins_only">(system administrators only)</message> <message key="xmlui.administrative.item.EditItemStatusForm.sysadmins_only">(system administrators only)</message>
<message key="xmlui.administrative.item.EditItemStatusForm.collection_admins_only">(collection administrators only)</message> <message key="xmlui.administrative.item.EditItemStatusForm.collection_admins_only">(collection administrators only)</message>
<message key="xmlui.administrative.item.EditItemStatusForm.not_allowed">(you are not allowed to performe this action)</message>
<!-- org.dspace.app.xmlui.administrative.item.ViewItem --> <!-- org.dspace.app.xmlui.administrative.item.ViewItem -->
<message key="xmlui.administrative.item.ViewItem.title">View Item</message> <message key="xmlui.administrative.item.ViewItem.title">View Item</message>
@@ -1421,12 +1421,14 @@
<message key="xmlui.administrative.collection.AssignCollectionRoles.role_group">Associated group</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.role_group">Associated group</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.role_buttons"> </message> <message key="xmlui.administrative.collection.AssignCollectionRoles.role_buttons"> </message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_admins">Administrators</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_admins">Administrators</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf">Workflow steps</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step1">Accept/Reject Step</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step1">Accept/Reject Step</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step2">Accept/Reject/Edit Metadata Step</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step2">Accept/Reject/Edit Metadata Step</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step3">Edit Metadata Step</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_wf_step3">Edit Metadata Step</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_submitters">Submitters</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_submitters">Submitters</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.label_default_read">Default read access</message> <message key="xmlui.administrative.collection.AssignCollectionRoles.label_default_read">Default read access</message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.sysadmins_only"><nobr>(system administrators only)</nobr></message> <message key="xmlui.administrative.collection.AssignCollectionRoles.sysadmins_only"><nobr>(system administrators only)</nobr></message>
<message key="xmlui.administrative.collection.AssignCollectionRoles.not_allowed"><nobr>(you are not allowed to configure this)</nobr></message>
<!-- org.dspace.app.xmlui.administrative.collection.DeleteCollectionConfirm.java --> <!-- org.dspace.app.xmlui.administrative.collection.DeleteCollectionConfirm.java -->
<message key="xmlui.administrative.collection.DeleteCollectionConfirm.title">Confirm Deletion</message> <message key="xmlui.administrative.collection.DeleteCollectionConfirm.title">Confirm Deletion</message>

1
dspace/CHANGES
View File

@@ -79,6 +79,7 @@
- [DS-271] Make the OAI DC crosswalk configurable - [DS-271] Make the OAI DC crosswalk configurable
- [DS-260] Template item some times has owningCollection filled and some times not - [DS-260] Template item some times has owningCollection filled and some times not
- [DS-309] Shiboleth default roles are applied also to anonymous user and user logged-in with other methods - [DS-309] Shiboleth default roles are applied also to anonymous user and user logged-in with other methods
- [DS-270] Make delegate admin permissions configurable
(Tim Donohue) (Tim Donohue)
- [DS-218] Cannot add/remove email subscriptions from Profile page in XMLUI - [DS-218] Cannot add/remove email subscriptions from Profile page in XMLUI

47
dspace/config/dspace.cfg
View File

@@ -292,6 +292,53 @@ handle.prefix = 123456789
# Directory for installing Handle server files # Directory for installing Handle server files
handle.dir = ${dspace.dir}/handle-server handle.dir = ${dspace.dir}/handle-server
##### Authorization system configuration - Delegate ADMIN #####
# COMMUNITY ADMIN configuration
# subcommunities and collections
#core.authorization.community-admin.create-subelement = true
#core.authorization.community-admin.delete-subelement = true
# his community
#core.authorization.community-admin.policies = true
#core.authorization.community-admin.admin-group = true
# collections in his community
#core.authorization.community-admin.collection.policies = true
#core.authorization.community-admin.collection.template-item = true
#core.authorization.community-admin.collection.submitters = true
#core.authorization.community-admin.collection.workflows = true
#core.authorization.community-admin.collection.admin-group = true
# item owned by collections in his community
#core.authorization.community-admin.item.delete = true
#core.authorization.community-admin.item.withdraw = true
#core.authorization.community-admin.item.reinstatiate = true
#core.authorization.community-admin.item.policies = true
# also bundle...
#core.authorization.community-admin.item.create-bitstream = true
#core.authorization.community-admin.item.delete-bitstream = true
#core.authorization.community-admin.item-admin.cc-license = true
# COLLECTION ADMIN
#core.authorization.collection-admin.policies = true
#core.authorization.collection-admin.template-item = true
#core.authorization.collection-admin.submitters = true
#core.authorization.collection-admin.workflows = true
#core.authorization.collection-admin.admin-group = true
# item owned by his collection
#core.authorization.collection-admin.item.delete = true
#core.authorization.collection-admin.item.withdraw = true
#core.authorization.collection-admin.item.reinstatiate = true
#core.authorization.collection-admin.item.policies = true
# also bundle...
#core.authorization.collection-admin.item.create-bitstream = true
#core.authorization.collection-admin.item.delete-bitstream = true
#core.authorization.collection-admin.item-admin.cc-license = true
# ITEM ADMIN
#core.authorization.item-admin.policies = true
# also bundle...
#core.authorization.item-admin.create-bitstream = true
#core.authorization.item-admin.delete-bitstream = true
#core.authorization.item-admin.cc-license = true
#### Stackable Authentication Methods ##### #### Stackable Authentication Methods #####

9
dspace/etc/database_schema.sql
View File

@@ -385,7 +385,8 @@ CREATE TABLE Community2Community
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
parent_comm_id INTEGER REFERENCES Community(community_id), parent_comm_id INTEGER REFERENCES Community(community_id),
child_comm_id INTEGER REFERENCES Community(community_id) child_comm_id INTEGER,
CONSTRAINT com2com_child_fk FOREIGN KEY (child_comm_id) REFERENCES Community(community_id) DEFERRABLE
); );
CREATE INDEX com2com_parent_fk_idx ON Community2Community(parent_comm_id); CREATE INDEX com2com_parent_fk_idx ON Community2Community(parent_comm_id);
@@ -398,7 +399,8 @@ CREATE TABLE Community2Collection
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
community_id INTEGER REFERENCES Community(community_id), community_id INTEGER REFERENCES Community(community_id),
collection_id INTEGER REFERENCES Collection(collection_id) collection_id INTEGER,
CONSTRAINT comm2coll_collection_fk FOREIGN KEY (collection_id) REFERENCES Collection(collection_id) DEFERRABLE
); );
-- Index on community ID -- Index on community ID
@@ -413,7 +415,8 @@ CREATE TABLE Collection2Item
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
collection_id INTEGER REFERENCES Collection(collection_id), collection_id INTEGER REFERENCES Collection(collection_id),
item_id INTEGER REFERENCES Item(item_id) item_id INTEGER,
CONSTRAINT coll2item_item_fk FOREIGN KEY (item_id) REFERENCES Item(item_id) DEFERRABLE
); );
-- index by collection_id -- index by collection_id

9
dspace/etc/database_schema_15-16.sql
View File

@@ -95,3 +95,12 @@ CREATE INDEX harvested_item_fk_idx ON harvested_item(item_id);
------------------------------------------------------------------------- -------------------------------------------------------------------------
UPDATE item SET owning_collection = null WHERE item_id IN UPDATE item SET owning_collection = null WHERE item_id IN
(SELECT template_item_id FROM collection WHERE template_item_id IS NOT null); (SELECT template_item_id FROM collection WHERE template_item_id IS NOT null);
ALTER TABLE community2collection DROP CONSTRAINT community2collection_collection_id_fkey;
ALTER TABLE community2collection ADD CONSTRAINT comm2coll_collection_fk FOREIGN KEY (collection_id) REFERENCES collection DEFERRABLE;
ALTER TABLE community2community DROP CONSTRAINT community2community_child_comm_id_fkey;
ALTER TABLE community2community ADD CONSTRAINT com2com_child_fk FOREIGN KEY (child_comm_id) REFERENCES community DEFERRABLE;
ALTER TABLE collection2item DROP CONSTRAINT collection2item_item_id_fkey;
ALTER TABLE collection2item ADD CONSTRAINT coll2item_item_fk FOREIGN KEY (item_id) REFERENCES item DEFERRABLE;

9
dspace/etc/oracle/database_schema.sql
View File

@@ -350,7 +350,8 @@ CREATE TABLE Community2Community
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
parent_comm_id INTEGER REFERENCES Community(community_id), parent_comm_id INTEGER REFERENCES Community(community_id),
child_comm_id INTEGER REFERENCES Community(community_id) child_comm_id INTEGER,
CONSTRAINT com2com_child_fk FOREIGN KEY (child_comm_id) REFERENCES Community(community_id) DEFERRABLE
); );
CREATE INDEX com2com_parent_fk_idx ON Community2Community(parent_comm_id); CREATE INDEX com2com_parent_fk_idx ON Community2Community(parent_comm_id);
@@ -363,7 +364,8 @@ CREATE TABLE Community2Collection
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
community_id INTEGER REFERENCES Community(community_id), community_id INTEGER REFERENCES Community(community_id),
collection_id INTEGER REFERENCES Collection(collection_id) collection_id INTEGER,
CONSTRAINT comm2coll_collection_fk FOREIGN KEY (collection_id) REFERENCES Collection(collection_id) DEFERRABLE
); );
-- Improve mapping tables -- Improve mapping tables
@@ -377,7 +379,8 @@ CREATE TABLE Collection2Item
( (
id INTEGER PRIMARY KEY, id INTEGER PRIMARY KEY,
collection_id INTEGER REFERENCES Collection(collection_id), collection_id INTEGER REFERENCES Collection(collection_id),
item_id INTEGER REFERENCES Item(item_id) item_id INTEGER,
CONSTRAINT coll2item_item_fk FOREIGN KEY (item_id) REFERENCES Item(item_id) DEFERRABLE
); );
-- index by collection_id -- index by collection_id

37
dspace/etc/oracle/database_schema_15-16.sql
View File

@@ -55,3 +55,40 @@ CREATE INDEX community_admin_fk_idx ON Community(admin);
------------------------------------------------------------------------- -------------------------------------------------------------------------
UPDATE item SET owning_collection = null WHERE item_id IN UPDATE item SET owning_collection = null WHERE item_id IN
(SELECT template_item_id FROM collection WHERE template_item_id IS NOT null); (SELECT template_item_id FROM collection WHERE template_item_id IS NOT null);
------------------------------------------------------------------------------------------------------
-- You need to remove the already in place constraints to add the deferrable option
-- because the constraints name was generated by your oracle instance you need to discovery it before
-- Just copy and paste the commands printed by these three queries:
-- 1. community2collection
select 'ALTER TABLE '||c1.table_name||' DROP CONSTRAINT '||
c1.constraint_name||';' command from user_constraints c1, user_constraints c2
where c1.constraint_type = 'R' and c1.r_constraint_name = c2.constraint_name
and c1.table_name like 'COMMUNITY2COLLECTION'
and c2.table_name LIKE 'COLLECTION';
-- 2. community2community
select 'ALTER TABLE '||c1.table_name||' DROP CONSTRAINT '||
c1.constraint_name||';' command from user_constraints c1, user_constraints c2
where c1.constraint_type = 'R' and c1.r_constraint_name = c2.constraint_name
and c1.table_name like 'COMMUNITY2COMMUNITY'
and c2.table_name LIKE 'COMMUNITY';
-- 3. collection2item
select 'ALTER TABLE '||c1.table_name||' DROP CONSTRAINT '||
c1.constraint_name||';' command from user_constraints c1, user_constraints c2
where c1.constraint_type = 'R' and c1.r_constraint_name = c2.constraint_name
and c1.table_name like 'COLLECTION2ITEM'
and c2.table_name LIKE 'ITEM';
--
-- e.g.
-- ALTER TABLE community2collection DROP CONSTRAINT THECONSTRAINTNAMETHATYOUHAVEFINDWITHTHE1stQUERY;
-- ALTER TABLE community2community DROP CONSTRAINT THECONSTRAINTNAMETHATYOUHAVEFINDWITHTHE2ndQUERY;
-- ALTER TABLE collection2item DROP CONSTRAINT THECONSTRAINTNAMETHATYOUHAVEFINDWITHTHE3rdQUERY;
-- now recreate them with a know name and deferrable option!
select 'ALTER TABLE community2collection ADD CONSTRAINT comm2coll_collection_fk FOREIGN KEY (collection_id) REFERENCES collection DEFERRABLE;' from dual;
select 'ALTER TABLE community2community ADD CONSTRAINT com2com_child_fk FOREIGN KEY (child_comm_id) REFERENCES community DEFERRABLE;' from dual;
select 'ALTER TABLE collection2item ADD CONSTRAINT coll2item_item_fk FOREIGN KEY (item_id) REFERENCES item DEFERRABLE;' from dual;