hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 01:54:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

73011: Edit item permissions community feedback

Browse Source
This commit is contained in:
Peter Nijs
2020-09-15 17:45:08 +02:00
parent fae212d281
commit ad9913986c
12 changed files with 41 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dspace-api/src/main/java/org/dspace/content/CommunityServiceImpl.java
View File

@@ -630,7 +630,7 @@ public class CommunityServiceImpl extends DSpaceObjectServiceImpl<Community> imp
if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion()) {
adminObject = getParentObject(context, community);
if (adminObject == null) {
//top-level community, has to be admin of the current communitu
//top-level community, has to be admin of the current community
adminObject = community;
}
}

19
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/AuthorizeServiceRestUtil.java
View File

@@ -57,17 +57,16 @@ public class AuthorizeServiceRestUtil {
EPerson ePerson = context.getCurrentUser();
if (dSpaceObjectService != null) {
if (dSpaceObject instanceof Item) {
if (!DSpaceRestPermission.READ.equals(dSpaceRestPermission)
&& !((Item) dSpaceObject).isArchived() && !((Item) dSpaceObject).isWithdrawn()) {
return false;
}
// If the item is still inprogress we can process here only the READ permission.
// Other actions need to be evaluated against the wrapper object (workspace or workflow item)
if (dSpaceObject instanceof Item) {
if (!DSpaceRestPermission.READ.equals(dSpaceRestPermission)
&& !((Item) dSpaceObject).isArchived() && !((Item) dSpaceObject).isWithdrawn()) {
return false;
}
return authorizeService.authorizeActionBoolean(context, ePerson, dSpaceObject,
dSpaceRestPermission.getDspaceApiActionId(), true);
}
return false;
return authorizeService.authorizeActionBoolean(context, ePerson, dSpaceObject,
dSpaceRestPermission.getDspaceApiActionId(), true);
}
}

5
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CreateBitstreamFeature.java
View File

@@ -29,6 +29,8 @@ import org.springframework.stereotype.Component;
/**
* The create bitstream feature. It can be used to verify if bitstreams can be created in a specific bundle.
*
* Authorization is granted if the current user has ADD & WRITE permissions on the given bundle AND the item
*/
@Component
@AuthorizationFeatureDocumentation(name = CreateBitstreamFeature.NAME,
@@ -61,8 +63,9 @@ public class CreateBitstreamFeature implements AuthorizationFeature {
DSpaceObject owningObject = bundleService.getParentObject(context,
(Bundle)utils.getDSpaceAPIObjectFromRest(context, object));
// Safety check. In case this is ever not true, this method should be revised.
if (!(owningObject instanceof Item)) {
log.error("The partent object of bundle " + object.getType() + " is not an item");
log.error("The parent object of bundle " + object.getType() + " is not an item");
return false;
}

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CreateBundleFeature.java
View File

@@ -21,6 +21,8 @@ import org.springframework.stereotype.Component;
/**
* The create bundle feature. It can be used to verify if bundles can be created in a specific item.
*
* Authorization is granted if the current user has ADD & WRITE permissions on the given item
*/
@Component
@AuthorizationFeatureDocumentation(name = CreateBundleFeature.NAME,

10
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/DeleteFeature.java
View File

@@ -35,6 +35,16 @@ import org.springframework.stereotype.Component;
/**
* The delete feature. It can be used to verify if specific content can be deleted/expunged.
*
* Authorization is granted
* - for a bitstream if the current used has REMOVE permissions on both the Item and the Bundle
* - for a bundle if the current user has REMOVE permissions on the Item
* - for an item if the current user has REMOVE permissions on the collection AND and DELETE permissions on the item
* - for a collection if the current user has REMOVE permissions on the community
* - for a community with a parent community if the current user has REMOVE permissions on the parent community
* - for a community without a parent community if the current user has DELETE permissions on the current community
* - for other objects if the current user has REMOVE permissions on the parent object if there is one. Otherwise if the
* current user has DELETE permissions on the current object
*/
@Component
@AuthorizationFeatureDocumentation(name = DeleteFeature.NAME,

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/EditMetadataFeature.java
View File

@@ -26,6 +26,8 @@ import org.springframework.stereotype.Component;
/**
* The edit metadata feature. It can be used to verify if the metadata of the specified objects can be edited.
*
* Authorization is granted if the current user has WRITE permissions on the given DSO
*/
@Component
@AuthorizationFeatureDocumentation(name = EditMetadataFeature.NAME,

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/MakeDiscoverableFeature.java
View File

@@ -21,6 +21,8 @@ import org.springframework.stereotype.Component;
/**
* The make discoverable feature. It can be used to verify if an item can be made discoverable.
*
* Authorization is granted if the current user has WRITE permissions on the given item
*/
@Component
@AuthorizationFeatureDocumentation(name = MakeDiscoverableFeature.NAME,

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/MakePrivateFeature.java
View File

@@ -21,6 +21,8 @@ import org.springframework.stereotype.Component;
/**
* The make private feature. It can be used to verify if an item can be made private.
*
* Authorization is granted if the current user has WRITE permissions on the given item
*/
@Component
@AuthorizationFeatureDocumentation(name = MakePrivateFeature.NAME,

3
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/MoveFeature.java
View File

@@ -29,6 +29,9 @@ import org.springframework.stereotype.Component;
/**
* The move feature. It can be used to verify if item can be moved to a different collection.
*
* Authorization is granted if the current user has WRITE permissions on the given item and REMOVE permissions on the
* items owning collection
*/
@Component
@AuthorizationFeatureDocumentation(name = MoveFeature.NAME,

4
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/PolicyFeature.java
View File

@@ -33,6 +33,10 @@ import org.springframework.stereotype.Component;
/**
* The policy feature. It can be used by administrators (or community/collection delegate) to manage resource policies
*
* Authorization is granted
* - for the site if the current user is administrator
* - for other objects if the current user has ADMIN permissions on the object
*/
@Component
@AuthorizationFeatureDocumentation(name = PolicyFeature.NAME,

2
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/ReorderBitstreamFeature.java
View File

@@ -21,6 +21,8 @@ import org.springframework.stereotype.Component;
/**
* The reorder bitstream feature. It can be used to verify if bitstreams can be reordered in a specific bundle.
*
* Authorization is granted if the current user has WRITE permissions on the given bundle
*/
@Component
@AuthorizationFeatureDocumentation(name = ReorderBitstreamFeature.NAME,

21
dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.java
View File

@@ -35,7 +35,6 @@ import org.dspace.core.Constants;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.services.ConfigurationService;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
@@ -79,8 +78,6 @@ public class GenericAuthorizationFeatureIT extends AbstractControllerIntegration
private EPerson collectionXWriter;
private EPerson item1Writer;
boolean originalAlwaysThrowException;
@Override
@Before
public void setUp() throws Exception {
@@ -200,20 +197,10 @@ public class GenericAuthorizationFeatureIT extends AbstractControllerIntegration
context.restoreAuthSystemState();
originalAlwaysThrowException = configurationService.getBooleanProperty(
"org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", false);
configurationService.setProperty(
"org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", "true");
}
@Override
@After
public void destroy() throws Exception {
configurationService.setProperty(
"org.dspace.app.rest.authorization.AlwaysThrowExceptionFeature.turnoff", originalAlwaysThrowException);
super.destroy();
}
private void testAdminsHavePermissionsAllDso(String feature) throws Exception {
String adminToken = getAuthToken(admin.getEmail(), password);
String communityAAdminToken = getAuthToken(communityAAdmin.getEmail(), password);
@@ -825,10 +812,6 @@ public class GenericAuthorizationFeatureIT extends AbstractControllerIntegration
.andExpect(status().isOk())
.andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]")
.exists());
context.turnOffAuthorisationSystem();
ResourcePolicyBuilder.delete(removePermission.getID());
context.restoreAuthSystemState();
}
@Test
@@ -852,10 +835,6 @@ public class GenericAuthorizationFeatureIT extends AbstractControllerIntegration
.andExpect(status().isOk())
.andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]")
.exists());
context.turnOffAuthorisationSystem();
ResourcePolicyBuilder.delete(removePermission.getID());
context.restoreAuthSystemState();
}
@Test