Merge pull request #8522 from qzhao-ulb/patch-6

Item/Collection admin can't create new version item
2025-10-07 10:04:21 +00:00 · 2022-12-19 10:54:39 -06:00
parent ec0853ddad 014e671fd6
commit a7cba3c57b
2 changed files with 50 additions and 1 deletions
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/VersionRestRepository.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/VersionRestRepository.java
@@ -111,7 +111,7 @@ public class VersionRestRepository extends DSpaceRestRepository<VersionRest, Int
        }

        EPerson submitter = item.getSubmitter();
-        boolean isAdmin = authorizeService.isAdmin(context);
+        boolean isAdmin = authorizeService.isAdmin(context, item);
        boolean canCreateVersion = configurationService.getBooleanProperty("versioning.submitterCanCreateNewVersion");

        if (!isAdmin && !(canCreateVersion && Objects.equals(submitter, context.getCurrentUser()))) {
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/VersionRestRepositoryIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/VersionRestRepositoryIT.java
@@ -850,6 +850,55 @@ public class VersionRestRepositoryIT extends AbstractControllerIntegrationTest {
                   .andExpect(status().isUnauthorized());
    }

+    @Test
+    public void createNewVersionItemByCollectionAdminTest() throws Exception {
+        context.turnOffAuthorisationSystem();
+        Community rootCommunity = CommunityBuilder.createCommunity(context)
+                .withName("Parent Community")
+                .build();
+
+        EPerson colAdmin = EPersonBuilder.createEPerson(context)
+                .withCanLogin(true)
+                .withEmail("coladmin@email.com")
+                .withPassword(password)
+                .withNameInMetadata("Collection", "Admin")
+                .build();
+        Collection col = CollectionBuilder
+                .createCollection(context, rootCommunity)
+                .withName("Collection 1")
+                .withAdminGroup(colAdmin)
+                .build();
+
+        Item item = ItemBuilder.createItem(context, col)
+                .withTitle("Public test item")
+                .withIssueDate("2022-12-19")
+                .withAuthor("Doe, John")
+                .withSubject("ExtraEntry")
+                .build();
+
+        item.setSubmitter(eperson);
+
+        context.restoreAuthSystemState();
+
+        AtomicReference<Integer> idRef = new AtomicReference<Integer>();
+        String token = getAuthToken(colAdmin.getEmail(), password);
+        try {
+            getClient(token).perform(post("/api/versioning/versions")
+                            .param("summary", "test summary!")
+                            .contentType(MediaType.parseMediaType(RestMediaTypes.TEXT_URI_LIST_VALUE))
+                            .content("/api/core/items/" + item.getID()))
+                    .andExpect(status().isCreated())
+                    .andExpect(jsonPath("$", Matchers.allOf(
+                            hasJsonPath("$.version", is(2)),
+                            hasJsonPath("$.summary", is("test summary!")),
+                            hasJsonPath("$.type", is("version"))
+                    )))
+                    .andDo(result -> idRef.set(read(result.getResponse().getContentAsString(), "$.id")));
+        } finally {
+            VersionBuilder.delete(idRef.get());
+        }
+    }
+
    @Test
    public void patchReplaceSummaryTest() throws Exception {
        context.turnOffAuthorisationSystem();