Thanks to visit codestin.com
Credit goes to github.com

Skip to content

UFAL/Update the resource policy rights when changing submitter #1002

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
milanmajchrak merged 5 commits into from
Jul 10, 2025
Merged

UFAL/Update the resource policy rights when changing submitter #1002

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
af4b38a
removed res policies for submitter and created newones when item is s…
Paurikova2 Jul 3, 2025
a931dc2
avoid magic number, use constant
Paurikova2 Jul 4, 2025
ee2961c
set submitter in existing res policies
Paurikova2 Jul 4, 2025
a02339c
checkstyle violations
Paurikova2 Jul 4, 2025
8c623fc
removed not used shared link
Paurikova2 Jul 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 30 additions & 6 deletions dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/SubmissionController.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,19 @@
import org.dspace.app.rest.model.WorkspaceItemRest;
import org.dspace.app.rest.utils.Utils;
import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.ResourcePolicy;
import org.dspace.authorize.service.AuthorizeService;
import org.dspace.authorize.service.ResourcePolicyService;
import org.dspace.content.Collection;
import org.dspace.content.WorkspaceItem;
import org.dspace.content.service.WorkspaceItemService;
import org.dspace.core.Constants;
import org.dspace.core.Context;
import org.dspace.core.Email;
import org.dspace.core.I18nUtil;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.service.GroupService;
import org.dspace.services.ConfigurationService;
import org.dspace.web.ContextUtil;
import org.springframework.beans.factory.annotation.Autowired;
Expand Down Expand Up @@ -68,6 +73,12 @@ public class SubmissionController {
@Autowired
AuthorizeService authorizeService;

@Autowired
GroupService groupService;

@Autowired
ResourcePolicyService resourcePolicyService;

@Lazy
@Autowired
protected ConverterService converter;
Expand Down Expand Up @@ -145,12 +156,6 @@ public WorkspaceItemRest setOwner(@RequestParam(name = "shareToken") String shar
// Check the wsi does exist
validateWorkspaceItem(wsi, null, shareToken);

if (!authorizeService.authorizeActionBoolean(context, wsi.getItem(), Constants.READ)) {
String errorMessage = "The current user does not have rights to view the WorkflowItem";
log.error(errorMessage);
throw new AccessDeniedException(errorMessage);
}

// Set the owner of the workspace item to the current user
EPerson currentUser = context.getCurrentUser();
// If the current user is null, throw an exception
Expand All @@ -160,6 +165,25 @@ public WorkspaceItemRest setOwner(@RequestParam(name = "shareToken") String shar
throw new DSpaceBadRequestException(errorMessage);
}

Collection collection = wsi.getCollection();
Group submittersGroup = collection.getSubmitters();
boolean isSubmitterGroupMember = submittersGroup != null &&
groupService.isMember(context, currentUser, submittersGroup);
boolean canRead = authorizeService.authorizeActionBoolean(context, wsi.getItem(), Constants.READ);
if (!canRead && !isSubmitterGroupMember) {
String errorMessage = "The current user does not have rights to view or claim the WorkspaceItem";
log.error(errorMessage);
throw new AccessDeniedException(errorMessage);
}

List<ResourcePolicy> resourcePolicies = resourcePolicyService.find(context,
wsi.getItem(), ResourcePolicy.TYPE_SUBMISSION);
// Set submitter
for (ResourcePolicy resourcePolicy: resourcePolicies) {
resourcePolicy.setEPerson(currentUser);
resourcePolicyService.update(context, resourcePolicy);
}

wsi.getItem().setSubmitter(currentUser);
workspaceItemService.update(context, wsi);
WorkspaceItemRest wsiRest = converter.toRest(wsi, utils.obtainProjection());
Expand Down
13 changes: 12 additions & 1 deletion ...rver-webapp/src/main/java/org/dspace/app/rest/repository/WorkspaceItemRestRepository.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,8 @@
import org.dspace.core.Context;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.EPersonServiceImpl;
import org.dspace.eperson.Group;
import org.dspace.eperson.service.GroupService;
import org.dspace.event.Event;
import org.dspace.importer.external.datamodel.ImportRecord;
import org.dspace.importer.external.exception.FileMultipleOccurencesException;
Expand Down Expand Up @@ -150,6 +152,9 @@ public class WorkspaceItemRestRepository extends DSpaceRestRepository<WorkspaceI
@Autowired
WorkspaceItemService workspaceItemService;

@Autowired
GroupService groupService;

private SubmissionConfigService submissionConfigService;

public WorkspaceItemRestRepository() throws SubmissionConfigReaderException {
Expand Down Expand Up @@ -493,7 +498,13 @@ public Page<WorkspaceItemRest> findByShareToken(@Parameter(value = SHARE_TOKEN,
log.error(errorMessage);
throw new DSpaceBadRequestException(errorMessage);
}
if (!authorizeService.authorizeActionBoolean(context, witems.get(0).getItem(), Constants.READ)) {
// One token can be used to share only one item
Collection collection = witems.get(0).getCollection();
Group submittersGroup = collection.getSubmitters();
boolean isSubmitterGroupMember = submittersGroup != null &&
groupService.isMember(context, context.getCurrentUser(), submittersGroup);
boolean canRead = authorizeService.authorizeActionBoolean(context, witems.get(0).getItem(), Constants.READ);
if (!canRead && !isSubmitterGroupMember) {
String errorMessage = "The current user does not have rights to view the WorkflowItem";
log.error(errorMessage);
throw new AccessDeniedException(errorMessage);
Expand Down
71 changes: 71 additions & 0 deletions dspace-server-webapp/src/test/java/org/dspace/app/rest/SubmissionControllerIT.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,12 +23,15 @@
import org.dspace.builder.CollectionBuilder;
import org.dspace.builder.CommunityBuilder;
import org.dspace.builder.EPersonBuilder;
import org.dspace.builder.GroupBuilder;
import org.dspace.builder.WorkspaceItemBuilder;
import org.dspace.content.Collection;
import org.dspace.content.WorkspaceItem;
import org.dspace.content.service.WorkspaceItemService;
import org.dspace.eperson.EPerson;
import org.dspace.eperson.Group;
import org.dspace.eperson.service.EPersonService;
import org.dspace.eperson.service.GroupService;
import org.junit.Before;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
Expand All @@ -45,6 +48,8 @@ public class SubmissionControllerIT extends AbstractControllerIntegrationTest {
private WorkspaceItemService workspaceItemService;
@Autowired
private EPersonService ePersonService;
@Autowired
private GroupService groupService;

WorkspaceItem wsi;

Expand Down Expand Up @@ -113,4 +118,70 @@ public void generateShareTokenAndSetOwnerTest() throws Exception {
assertThat(updatedWsi.getSubmitter().getEmail(), is(adminUser.getEmail()));
assertThat(updatedWsi.getSubmitter().getEmail(), not(SUBMITTER_EMAIL));
}

@Test
public void generateShareTokenAndSetOwnerTo3rdPersonTest() throws Exception {
context.turnOffAuthorisationSystem();
EPerson submitter2 = EPersonBuilder.createEPerson(context)
.withEmail("[email protected]")
.withPassword(password)
.build();
Group group = GroupBuilder.createCollectionSubmitterGroup(context, wsi.getCollection())
.withName("Test Submitters Group").build();
groupService.addMember(context, group, submitter2);
context.restoreAuthSystemState();

EPerson currentUser = context.getCurrentUser();

String adminToken = getAuthToken(admin.getEmail(), password);
getClient(adminToken).perform(get("/api/submission/share")
.param("workspaceitemid", wsi.getID().toString())
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
.andExpect(status().isOk())
.andExpect(jsonPath("$.shareLink", is(notNullValue())));

// Check that the share token was set on the WorkspaceItem and persisted into the database
WorkspaceItem updatedWsi = workspaceItemService.find(context, wsi.getID());
assertThat(wsi.getID(), is(updatedWsi.getID()));
assertThat(updatedWsi.getSubmitter().getEmail(), is(SUBMITTER_EMAIL));
assertThat(updatedWsi.getSubmitter().getEmail(), not(currentUser.getEmail()));

EPerson adminUser = ePersonService.findByEmail(context, admin.getEmail());
context.setCurrentUser(adminUser);
// Set workspace item owner to the current user
getClient(adminToken).perform(get("/api/submission/setOwner")
.param("shareToken", updatedWsi.getShareToken())
.param("workspaceitemid", updatedWsi.getID().toString())
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
.andExpect(status().isOk());

// Check that the owner of the WorkspaceItem was set to the current user
// Check the wsi was persisted into the database
updatedWsi = workspaceItemService.find(context, wsi.getID());
assertThat(updatedWsi.getSubmitter().getEmail(), is(adminUser.getEmail()));
assertThat(updatedWsi.getSubmitter().getEmail(), not(SUBMITTER_EMAIL));

getClient(adminToken).perform(get("/api/submission/share")
.param("workspaceitemid", wsi.getID().toString())
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
.andExpect(status().isOk())
.andExpect(jsonPath("$.shareLink", is(notNullValue())));

updatedWsi = workspaceItemService.find(context, wsi.getID());

context.setCurrentUser(submitter2);
String userToken = getAuthToken(submitter2.getEmail(), password);
// Set workspace item owner to the 3rd person
getClient(userToken).perform(get("/api/submission/setOwner")
.param("shareToken", updatedWsi.getShareToken())
.param("workspaceitemid", updatedWsi.getID().toString())
.contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
.andExpect(status().isOk());

// Check that the owner of the WorkspaceItem was set to the current user
// Check the wsi was persisted into the database
updatedWsi = workspaceItemService.find(context, wsi.getID());
assertThat(updatedWsi.getSubmitter().getEmail(), is(submitter2.getEmail()));
assertThat(updatedWsi.getSubmitter().getEmail(), not(adminUser.getEmail()));
}
}