hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-17 15:03:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2993 from atmire/w2p-73207_Download-permission-features

Browse Source 
Features endpoint: Download/RequestACopy features
This commit is contained in:
Tim Donohue
2020-10-29 16:33:14 -05:00
committed by GitHub
parent 5f74e7c434 cd5c89dd68
commit ff9f59a14a
4 changed files with 1026 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/DownloadFeature.java Normal file
View File

@@ -0,0 +1,51 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization.impl;
import java.sql.SQLException;
import org.dspace.app.rest.authorization.AuthorizationFeature;
import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
import org.dspace.app.rest.authorization.AuthorizeServiceRestUtil;
import org.dspace.app.rest.model.BaseObjectRest;
import org.dspace.app.rest.model.BitstreamRest;
import org.dspace.app.rest.security.DSpaceRestPermission;
import org.dspace.core.Context;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* The download bitstream feature. It can be used to verify if a bitstream can be downloaded.
*
* Authorization is granted if the current user has READ permissions on the given bitstream.
*/
@Component
@AuthorizationFeatureDocumentation(name = DownloadFeature.NAME,
description = "It can be used to verify if the user can download a bitstream")
public class DownloadFeature implements AuthorizationFeature {
public final static String NAME = "canDownload";
@Autowired
private AuthorizeServiceRestUtil authorizeServiceRestUtil;
@Override
public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
if (object instanceof BitstreamRest) {
return authorizeServiceRestUtil.authorizeActionBoolean(context, object, DSpaceRestPermission.READ);
}
return false;
}
@Override
public String[] getSupportedTypes() {
return new String[]{
BitstreamRest.CATEGORY + "." + BitstreamRest.NAME,
};
}
}

117
dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/RequestCopyFeature.java Normal file
View File

@@ -0,0 +1,117 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization.impl;
import java.sql.SQLException;
import java.util.List;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.app.rest.authorization.AuthorizationFeature;
import org.dspace.app.rest.authorization.AuthorizationFeatureDocumentation;
import org.dspace.app.rest.model.BaseObjectRest;
import org.dspace.app.rest.model.BitstreamRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Bitstream;
import org.dspace.content.Bundle;
import org.dspace.content.DSpaceObject;
import org.dspace.content.Item;
import org.dspace.content.service.BitstreamService;
import org.dspace.content.service.ItemService;
import org.dspace.core.Constants;
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.services.ConfigurationService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
/**
* The can request a copy feature. It can be used to verify if a copy can be requested of a bitstream or of a bitstream
* in an item.
*
* Authorization is granted for a bitstream if the user has no access to the bitstream
* and the bistream is part of an archived item.
* Authorization is granted for an item if the user has no access to a bitstream in the item, and the item is archived.
*/
@Component
@AuthorizationFeatureDocumentation(name = RequestCopyFeature.NAME,
description = "It can be used to verify if the user can request a copy of a bitstream")
public class RequestCopyFeature implements AuthorizationFeature {
Logger log = Logger.getLogger(RequestCopyFeature.class);
public final static String NAME = "canRequestACopy";
@Autowired
private AuthorizeService authorizeService;
@Autowired
private ItemService itemService;
@Autowired
private BitstreamService bitstreamService;
@Autowired
private ConfigurationService configurationService;
@Override
public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLException {
String requestType = configurationService.getProperty("request.item.type");
if (StringUtils.isBlank(requestType)) {
return false;
} else if (StringUtils.equalsIgnoreCase(requestType, "logged")) {
EPerson currentUser = context.getCurrentUser();
if (currentUser == null) {
return false;
}
} else if (!StringUtils.equalsIgnoreCase(requestType, "all")) {
log.warn("The configuration parameter \"request.item.type\" contains an invalid value.");
return false;
}
if (object instanceof ItemRest) {
ItemRest itemRest = (ItemRest) object;
String id = itemRest.getId();
Item item = itemService.find(context, UUID.fromString(id));
if (!item.isArchived()) {
return false;
}
List<Bundle> bunds = itemService.getBundles(item, Constants.DEFAULT_BUNDLE_NAME);
for (Bundle bund : bunds) {
List<Bitstream> bitstreams = bund.getBitstreams();
for (Bitstream bitstream : bitstreams) {
boolean authorized = authorizeService.authorizeActionBoolean(context, bitstream, Constants.READ);
if (!authorized) {
return true;
}
}
}
} else if (object instanceof BitstreamRest) {
BitstreamRest bitstreamRest = (BitstreamRest) object;
Bitstream bitstream = bitstreamService.find(context, UUID.fromString(bitstreamRest.getId()));
DSpaceObject parentObject = bitstreamService.getParentObject(context, bitstream);
if (parentObject instanceof Item) {
if (((Item) parentObject).isArchived()) {
return !authorizeService.authorizeActionBoolean(context, bitstream, Constants.READ);
}
}
}
return false;
}
@Override
public String[] getSupportedTypes() {
return new String[]{
ItemRest.CATEGORY + "." + ItemRest.NAME,
BitstreamRest.CATEGORY + "." + BitstreamRest.NAME,
};
}
}

305
dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/DownloadFeatureIT.java Normal file
View File

@@ -0,0 +1,305 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.io.InputStream;
import org.apache.commons.codec.CharEncoding;
import org.apache.commons.io.IOUtils;
import org.dspace.app.rest.authorization.impl.DownloadFeature;
import org.dspace.app.rest.converter.BitstreamConverter;
import org.dspace.app.rest.converter.CollectionConverter;
import org.dspace.app.rest.converter.ItemConverter;
import org.dspace.app.rest.matcher.AuthorizationMatcher;
import org.dspace.app.rest.model.BitstreamRest;
import org.dspace.app.rest.model.CollectionRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.app.rest.projection.Projection;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.app.rest.utils.Utils;
import org.dspace.authorize.service.ResourcePolicyService;
import org.dspace.builder.BitstreamBuilder;
import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.ItemBuilder;
import org.dspace.content.Bitstream;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.core.Constants;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
public class DownloadFeatureIT extends AbstractControllerIntegrationTest {
@Autowired
private AuthorizationFeatureService authorizationFeatureService;
@Autowired
private ResourcePolicyService resourcePolicyService;
@Autowired
private CollectionConverter collectionConverter;
@Autowired
private ItemConverter itemConverter;
@Autowired
private BitstreamConverter bitstreamConverter;
@Autowired
private Utils utils;
private AuthorizationFeature downloadFeature;
private Collection collectionA;
private Item itemA;
private Bitstream bitstreamA;
private Bitstream bitstreamB;
@Override
@Before
public void setUp() throws Exception {
super.setUp();
context.turnOffAuthorisationSystem();
downloadFeature = authorizationFeatureService.find(DownloadFeature.NAME);
String bitstreamContent = "Dummy content";
Community communityA = CommunityBuilder.createCommunity(context).build();
collectionA = CollectionBuilder.createCollection(context, communityA).withLogo("Blub").build();
itemA = ItemBuilder.createItem(context, collectionA).build();
try (InputStream is = IOUtils.toInputStream(bitstreamContent, CharEncoding.UTF_8)) {
bitstreamA = BitstreamBuilder.createBitstream(context, itemA, is)
.withName("Bitstream")
.withDescription("Description")
.withMimeType("text/plain")
.build();
bitstreamB = BitstreamBuilder.createBitstream(context, itemA, is)
.withName("Bitstream2")
.withDescription("Description2")
.withMimeType("text/plain")
.build();
}
resourcePolicyService.removePolicies(context, bitstreamB, Constants.READ);
context.restoreAuthSystemState();
}
@Test
public void downloadOfCollectionAAsAdmin() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfItemAAsAdmin() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfBitstreamAAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(admin, downloadFeature, bitstreamRest);
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
@Test
public void downloadOfBitstreamBAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(admin, downloadFeature, bitstreamRest);
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
// Tests for anonymous user
@Test
public void downloadOfCollectionAAsAnonymous() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfItemAAsAnonymous() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfBitstreamAAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(null, downloadFeature, bitstreamRest);
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
@Test
public void downloadOfBitstreamBAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
// Test for Eperson
@Test
public void downloadOfCollectionAAsEperson() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfItemAAsEperson() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void downloadOfBitstreamAAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(eperson, downloadFeature, bitstreamRest);
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
@Test
public void downloadOfBitstreamBAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", downloadFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
}

553
dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/RequestCopyFeatureIT.java Normal file
View File

@@ -0,0 +1,553 @@
/**
* The contents of this file are subject to the license and copyright
* detailed in the LICENSE and NOTICE files at the root of the source
* tree and available online at
*
* http://www.dspace.org/license/
*/
package org.dspace.app.rest.authorization;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.greaterThan;
import static org.hamcrest.Matchers.is;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
import java.io.InputStream;
import org.apache.commons.codec.CharEncoding;
import org.apache.commons.io.IOUtils;
import org.dspace.app.rest.authorization.impl.RequestCopyFeature;
import org.dspace.app.rest.converter.BitstreamConverter;
import org.dspace.app.rest.converter.CollectionConverter;
import org.dspace.app.rest.converter.ItemConverter;
import org.dspace.app.rest.matcher.AuthorizationMatcher;
import org.dspace.app.rest.model.BitstreamRest;
import org.dspace.app.rest.model.CollectionRest;
import org.dspace.app.rest.model.ItemRest;
import org.dspace.app.rest.projection.Projection;
import org.dspace.app.rest.test.AbstractControllerIntegrationTest;
import org.dspace.app.rest.utils.Utils;
import org.dspace.authorize.service.ResourcePolicyService;
import org.dspace.builder.BitstreamBuilder;
import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.ItemBuilder;
import org.dspace.builder.WorkspaceItemBuilder;
import org.dspace.content.Bitstream;
import org.dspace.content.Collection;
import org.dspace.content.Community;
import org.dspace.content.Item;
import org.dspace.content.WorkspaceItem;
import org.dspace.core.Constants;
import org.dspace.services.ConfigurationService;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
public class RequestCopyFeatureIT extends AbstractControllerIntegrationTest {
@Autowired
private AuthorizationFeatureService authorizationFeatureService;
@Autowired
ResourcePolicyService resourcePolicyService;
@Autowired
private CollectionConverter collectionConverter;
@Autowired
private ItemConverter itemConverter;
@Autowired
private BitstreamConverter bitstreamConverter;
@Autowired
private ConfigurationService configurationService;
@Autowired
private Utils utils;
private AuthorizationFeature requestCopyFeature;
private Collection collectionA;
private Item itemA;
private Bitstream bitstreamA;
private Bitstream bitstreamB;
private Item itemInWorkSpace;
private Bitstream bitstreamFromWorkSpaceItem;
private Bitstream bitstreamFromCollection;
@Override
@Before
public void setUp() throws Exception {
super.setUp();
configurationService.setProperty("request.item.type", "all");
context.turnOffAuthorisationSystem();
requestCopyFeature = authorizationFeatureService.find(RequestCopyFeature.NAME);
String bitstreamContent = "Dummy content";
Community communityA = CommunityBuilder.createCommunity(context).build();
collectionA = CollectionBuilder.createCollection(context, communityA).withLogo("Blub").build();
bitstreamFromCollection = collectionA.getLogo();
itemA = ItemBuilder.createItem(context, collectionA).build();
try (InputStream is = IOUtils.toInputStream(bitstreamContent, CharEncoding.UTF_8)) {
bitstreamA = BitstreamBuilder.createBitstream(context, itemA, is)
.withName("Bitstream")
.withDescription("Description")
.withMimeType("text/plain")
.build();
bitstreamB = BitstreamBuilder.createBitstream(context, itemA, is)
.withName("Bitstream2")
.withDescription("Description2")
.withMimeType("text/plain")
.build();
WorkspaceItem workspaceItem = WorkspaceItemBuilder.createWorkspaceItem(context, collectionA)
.withFulltext("Test", "source", is)
.build();
itemInWorkSpace = workspaceItem.getItem();
bitstreamFromWorkSpaceItem = itemInWorkSpace.getBundles("ORIGINAL").get(0).getBitstreams().get(0);
}
resourcePolicyService.removePolicies(context, bitstreamB, Constants.READ);
context.restoreAuthSystemState();
}
@Test
public void requestCopyOnCollectionAAsAdmin() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnItemAAsAdmin() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnItemInWorkSpaceAsAdmin() throws Exception {
ItemRest itemRest = itemConverter.convert(itemInWorkSpace, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamAAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamBAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamFromWorkSpaceItemAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromWorkSpaceItem, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamFromCollectionAsAdmin() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
// Tests for anonymous user
@Test
public void requestCopyOnCollectionAAsAnonymous() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnItemAAsAnonymous() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
Authorization authorizationFeature = new Authorization(null, requestCopyFeature, itemRest);
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
@Test
public void requestCopyOnItemInWorkSpaceAsAnonymous() throws Exception {
ItemRest itemRest = itemConverter.convert(itemInWorkSpace, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamAAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamBAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(null, requestCopyFeature, bitstreamRest);
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature))))
);
}
@Test
public void requestCopyOnBitstreamFromWorkSpaceItemAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromWorkSpaceItem, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamFromCollectionAsAnonymous() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
// Test for Eperson
@Test
public void requestCopyOnCollectionAAsEperson() throws Exception {
CollectionRest collectionRest = collectionConverter.convert(collectionA, Projection.DEFAULT);
String collectionUri = utils.linkToSingleResource(collectionRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", collectionUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnItemAAsEperson() throws Exception {
ItemRest itemRest = itemConverter.convert(itemA, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
Authorization authorizationFeature = new Authorization(eperson, requestCopyFeature, itemRest);
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature)))));
}
@Test
public void requestCopyOnItemInWorkSpaceAsEperson() throws Exception {
ItemRest itemRest = itemConverter.convert(itemInWorkSpace, Projection.DEFAULT);
String itemUri = utils.linkToSingleResource(itemRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", itemUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamAAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamA, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamBAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(eperson, requestCopyFeature, bitstreamRest);
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature))))
);
}
@Test
public void requestCopyOnBitstreamFromWorkSpaceItemAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromWorkSpaceItem, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestCopyOnBitstreamFromCollectionAsEperson() throws Exception {
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamFromCollection, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
public void requestACopyItemTypeLoggedAsAnonymous() throws Exception {
configurationService.setProperty("request.item.type", "logged");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
@Test
public void requestACopyItemTypeLoggedAsEperson() throws Exception {
configurationService.setProperty("request.item.type", "logged");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
Authorization authorizationFeature = new Authorization(eperson, requestCopyFeature, bitstreamRest);
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", greaterThan(0)))
.andExpect(jsonPath("$._embedded.authorizations", contains(
Matchers.is(AuthorizationMatcher.matchAuthorization(authorizationFeature))))
);
}
public void requestACopyItemTypeEmptyAsAnonymous() throws Exception {
configurationService.setProperty("request.item.type", "");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
public void requestACopyItemTypeEmptyAsEperson() throws Exception {
configurationService.setProperty("request.item.type", "");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
public void requestACopyItemTypeBogusValueAsAnonymous() throws Exception {
configurationService.setProperty("request.item.type", "invalid value");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
getClient().perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
public void requestACopyItemTypeBogusValueAsEperson() throws Exception {
configurationService.setProperty("request.item.type", "invalid value");
BitstreamRest bitstreamRest = bitstreamConverter.convert(bitstreamB, Projection.DEFAULT);
String bitstreamUri = utils.linkToSingleResource(bitstreamRest, "self").getHref();
String token = getAuthToken(eperson.getEmail(), password);
getClient(token).perform(get("/api/authz/authorizations/search/object")
.param("uri", bitstreamUri)
.param("feature", requestCopyFeature.getName()))
.andExpect(status().isOk())
.andExpect(jsonPath("$.page.totalElements", is(0)))
.andExpect(jsonPath("$._embedded").doesNotExist());
}
}