DS-1814: Don't allow submitters to update all of their own items

2025-10-14 21:43:11 +00:00 · 2016-05-20 19:05:10 +02:00
parent 701d4ba6b1
commit c4ee71a800
3 changed files with 32 additions and 6 deletions
--- a/dspace-api/src/main/java/org/dspace/content/ItemServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/content/ItemServiceImpl.java
@@ -408,7 +408,7 @@ public class ItemServiceImpl extends DSpaceObjectServiceImpl<Item> implements It
    public void update(Context context, Item item) throws SQLException, AuthorizeException {
        // Check authorisation
        // only do write authorization if user is not an editor
-        if (!canEdit(context, item) && !canCreateNewVersion(context, item))
+        if (!canEdit(context, item))
        {
            authorizeService.authorizeAction(context, item, Constants.WRITE);
        }
@@ -885,7 +885,7 @@ public class ItemServiceImpl extends DSpaceObjectServiceImpl<Item> implements It

        return collectionService.canEditBoolean(context, item.getOwningCollection(), false);
    }
-    
+
    @Override
    public boolean canCreateNewVersion(Context context, Item item) throws SQLException{
        if (authorizeService.isAdmin(context, item)) 
--- a/dspace-api/src/main/java/org/dspace/versioning/DefaultItemVersionProvider.java
+++ b/dspace-api/src/main/java/org/dspace/versioning/DefaultItemVersionProvider.java
@@ -23,6 +23,7 @@ import java.util.List;
 import org.apache.log4j.Logger;
 import org.dspace.authorize.ResourcePolicy;
 import org.dspace.versioning.service.VersioningService;
+import org.dspace.workflow.WorkflowItemService;

 /**
 *
@@ -39,6 +40,8 @@ public class DefaultItemVersionProvider extends AbstractVersionProvider implemen
    @Autowired(required = true)
    protected WorkspaceItemService workspaceItemService;
    @Autowired(required = true)
+    protected WorkflowItemService workflowItemService;
+    @Autowired(required = true)
    protected VersionHistoryService versionHistoryService;
    @Autowired(required = true)
    protected VersioningService versioningService;
@@ -69,10 +72,20 @@ public class DefaultItemVersionProvider extends AbstractVersionProvider implemen
            if(versionHistoryService.isLastVersion(c, history, versionToDelete)
                    && versioningService.getVersionsByHistory(c, history).size() > 1)
            {
-                // reset the previous version to archived
+                // if a new version gets archived, the old one is set to false.
+                // we need to do the oposite now, if the old version was previously
+                // unarchived. If the old version is still archived, the new
+                // version is a WorkspaceItem or WorkflowItem we should skip this,
+                // as unarchiving of previous versions is done only when a newer
+                // version gets archived.
                Item item = versionHistoryService.getPrevious(c, history, versionToDelete).getItem();
-                item.setArchived(true);
-                itemService.update(c, item);
+                if (!item.isArchived()
+                        || workspaceItemService.findByItem(c, versionToDelete.getItem()) != null
+                        || workflowItemService.findByItem(c, versionToDelete.getItem()) != null)
+                {
+                    item.setArchived(true);
+                    itemService.update(c, item);
+                }
            }

            // assign tombstone to the Identifier and reset canonical to the previous version only if there is a previous version
--- a/dspace-api/src/main/java/org/dspace/versioning/VersioningServiceImpl.java
+++ b/dspace-api/src/main/java/org/dspace/versioning/VersioningServiceImpl.java
@@ -22,6 +22,8 @@ import org.springframework.beans.factory.annotation.Required;
 import java.sql.SQLException;
 import java.util.Date;
 import java.util.List;
+import org.dspace.content.WorkspaceItem;
+import org.dspace.content.service.WorkspaceItemService;

 /**
 *
@@ -39,6 +41,8 @@ public class VersioningServiceImpl implements VersioningService {
    protected VersionDAO versionDAO;
    @Autowired(required = true)
    private ItemService itemService;
+    @Autowired(required = true)
+    private WorkspaceItemService workspaceItemService;
    private DefaultItemVersionProvider provider;

    @Required
@@ -129,7 +133,16 @@ public class VersioningServiceImpl implements VersioningService {
            
            // Completely delete the item
            if (item != null) {
-                itemService.delete(c, item);
+                // DS-1814 introduce the possibility that submitter can create
+                // new versions. To avoid authorithation problems we need to
+                // check whether a corresponding workspaceItem exists.
+                WorkspaceItem wsi = workspaceItemService.findByItem(c, item);
+                if (wsi != null)
+                {
+                    workspaceItemService.deleteAll(c, wsi);
+                } else {
+                    itemService.delete(c, item);
+                }
            }
        }catch (Exception e) {
            c.abort();