71266: Community feedback #1

DSpace · Jun 4, 2020 · 099caaf · 099caaf
1 parent ad316f0
commit 099caaf
Show file tree

Hide file tree

Showing 5 changed files with 90 additions and 14 deletions.
diff --git a/...-server-webapp/src/main/java/org/dspace/app/rest/SubmissionCCLicenseSearchController.java b/...-server-webapp/src/main/java/org/dspace/app/rest/SubmissionCCLicenseSearchController.java
@@ -34,7 +34,7 @@
 @RestController
 @RequestMapping("/api/" + SubmissionCCLicenseRest.CATEGORY + "/" + SubmissionCCLicenseRest.PLURAL + "/search" +
         "/rightsByQuestions")
-@PreAuthorize("permitAll()")
+@PreAuthorize("hasAuthority('AUTHENTICATED')")
 public class SubmissionCCLicenseSearchController {
 
     @Autowired

diff --git a/...ebapp/src/main/java/org/dspace/app/rest/repository/SubmissionCCLicenseRestRepository.java b/...ebapp/src/main/java/org/dspace/app/rest/repository/SubmissionCCLicenseRestRepository.java
@@ -30,7 +30,7 @@ public class SubmissionCCLicenseRestRepository extends DSpaceRestRepository<Subm
     protected CreativeCommonsService creativeCommonsService;
 
     @Override
-    @PreAuthorize("permitAll()")
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public SubmissionCCLicenseRest findOne(final Context context, final String licenseId) {
         CCLicense ccLicense = creativeCommonsService.findOne(licenseId);
         if (ccLicense == null) {
@@ -40,7 +40,7 @@ public SubmissionCCLicenseRest findOne(final Context context, final String licen
     }
 
     @Override
-    @PreAuthorize("permitAll()")
+    @PreAuthorize("hasAuthority('AUTHENTICATED')")
     public Page<SubmissionCCLicenseRest> findAll(final Context context, final Pageable pageable) {
 
         List<CCLicense> allCCLicenses = creativeCommonsService.findAllCCLicenses();

diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/CCLicenseRemovePatchOperationIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/CCLicenseRemovePatchOperationIT.java
@@ -59,7 +59,7 @@ public void patchRemoveSubmissionCCLicense() throws Exception {
 
         context.restoreAuthSystemState();
 
-        String adminToken = getAuthToken(admin.getEmail(), password);
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
 
         // First add a license and verify it is added
         List<Operation> ops = new ArrayList<Operation>();
@@ -70,7 +70,7 @@ public void patchRemoveSubmissionCCLicense() throws Exception {
         String patchBody = getPatchContent(ops);
 
 
-        getClient(adminToken).perform(patch("/api/submission/workspaceitems/" + workspaceItem.getID())
+        getClient(epersonToken).perform(patch("/api/submission/workspaceitems/" + workspaceItem.getID())
                                               .content(patchBody)
                                               .contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
                              .andExpect(status().isOk())
@@ -91,10 +91,46 @@ public void patchRemoveSubmissionCCLicense() throws Exception {
         String removePatch = getPatchContent(removeOps);
 
 
-        getClient(adminToken).perform(patch("/api/submission/workspaceitems/" + workspaceItem.getID())
+        getClient(epersonToken).perform(patch("/api/submission/workspaceitems/" + workspaceItem.getID())
                                               .content(removePatch)
                                               .contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
                              .andExpect(status().isOk())
                              .andExpect(jsonPath("$.sections", not(hasJsonPath("cclicense"))));
     }
+
+
+    @Test
+    public void patchRemoveSubmissionCCLicenseNonExisting() throws Exception {
+        context.turnOffAuthorisationSystem();
+
+        Community community = CommunityBuilder.createCommunity(context)
+                                              .withName("Community")
+                                              .build();
+
+        Collection collection = CollectionBuilder.createCollection(context, community)
+                                                 .withName("Collection")
+                                                 .build();
+
+        WorkspaceItem workspaceItem = WorkspaceItemBuilder.createWorkspaceItem(context, collection)
+                                                          .withTitle("Workspace Item")
+                                                          .build();
+
+        context.restoreAuthSystemState();
+
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+
+        List<Operation> removeOps = new ArrayList<Operation>();
+        RemoveOperation removeOperation = new RemoveOperation("/sections/cclicense/uri");
+
+        removeOps.add(removeOperation);
+        String removePatch = getPatchContent(removeOps);
+
+
+        getClient(epersonToken).perform(patch("/api/submission/workspaceitems/" + workspaceItem.getID())
+                                                .content(removePatch)
+                                                .contentType(MediaType.APPLICATION_JSON_PATCH_JSON))
+                               .andExpect(status().isOk())
+                               .andExpect(jsonPath("$.sections", not(hasJsonPath("cclicense"))));
+    }
 }
diff --git a/...-server-webapp/src/test/java/org/dspace/app/rest/SubmissionCCLicenseRestRepositoryIT.java b/...-server-webapp/src/test/java/org/dspace/app/rest/SubmissionCCLicenseRestRepositoryIT.java
@@ -34,8 +34,9 @@ public class SubmissionCCLicenseRestRepositoryIT extends AbstractControllerInteg
      */
     @Test
     public void findAllTest() throws Exception {
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
 
-        getClient().perform(get("/api/config/submissioncclicenses"))
+        getClient(epersonToken).perform(get("/api/config/submissioncclicenses"))
                    .andExpect(status().isOk())
                    .andExpect(content().contentType(contentType))
                    .andExpect(jsonPath("$._embedded.submissioncclicenses", Matchers.containsInAnyOrder(
@@ -47,7 +48,9 @@ public void findAllTest() throws Exception {
 
     @Test
     public void findOneTest() throws Exception {
-        getClient().perform(get("/api/config/submissioncclicenses/license1"))
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get("/api/config/submissioncclicenses/license1"))
                    .andExpect(status().isOk())
                    .andExpect(content().contentType(contentType))
                    .andExpect(jsonPath("$", Matchers.is(
@@ -57,7 +60,23 @@ public void findOneTest() throws Exception {
 
     @Test
     public void findOneTestNonExistingLicense() throws Exception {
-        getClient().perform(get("/api/config/submissioncclicenses/non-existing-license"))
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get("/api/config/submissioncclicenses/non-existing-license"))
                    .andExpect(status().isNotFound());
     }
+
+    @Test
+    public void findAllTestUnAuthorized() throws Exception {
+        getClient().perform(get("/api/config/submissioncclicenses"))
+                               .andExpect(status().isUnauthorized());
+    }
+
+    @Test
+    public void findOneTestUnAuthorized() throws Exception {
+
+        getClient().perform(get("/api/config/submissioncclicenses/license1"))
+                               .andExpect(status().isUnauthorized());
+    }
+
 }
diff --git a/...erver-webapp/src/test/java/org/dspace/app/rest/SubmissionCCLicenseSearchControllerIT.java b/...erver-webapp/src/test/java/org/dspace/app/rest/SubmissionCCLicenseSearchControllerIT.java
@@ -29,7 +29,9 @@ public class SubmissionCCLicenseSearchControllerIT extends AbstractControllerInt
 
     @Test
     public void searchRightsByQuestionsTest() throws Exception {
-        getClient().perform(get(
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get(
                 "/api/config/submissioncclicenses/search/rightsByQuestions?license=license2&answer_license2-field0" +
                         "=license2-field0-enum1"))
                    .andExpect(status().isOk())
@@ -43,7 +45,10 @@ public void searchRightsByQuestionsTest() throws Exception {
 
     @Test
     public void searchRightsByQuestionsTestLicenseWithoutFields() throws Exception {
-        getClient().perform(get("/api/config/submissioncclicenses/search/rightsByQuestions?license=license3"))
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken)
+                .perform(get("/api/config/submissioncclicenses/search/rightsByQuestions?license=license3"))
                    .andExpect(status().isOk())
                    .andExpect(jsonPath("$.url", is("mock-license-uri")))
                    .andExpect(jsonPath("$.type", is("submissioncclicenseUrl")))
@@ -54,25 +59,41 @@ public void searchRightsByQuestionsTestLicenseWithoutFields() throws Exception {
 
     @Test
     public void searchRightsByQuestionsNonExistingLicense() throws Exception {
-        getClient().perform(get(
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get(
                 "/api/config/submissioncclicenses/search/rightsByQuestions?license=nonexisting-license" +
                         "&answer_license2-field0=license2-field0-enum1"))
                    .andExpect(status().isNotFound());
     }
 
     @Test
     public void searchRightsByQuestionsMissingRequiredAnswer() throws Exception {
-        getClient().perform(get(
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get(
                 "/api/config/submissioncclicenses/search/rightsByQuestions?license=license1&answer_license1field0" +
                         "=license1field0enum1"))
                    .andExpect(status().isBadRequest());
     }
 
     @Test
     public void searchRightsByQuestionsAdditionalNonExistingAnswer() throws Exception {
-        getClient().perform(get(
+        String epersonToken = getAuthToken(eperson.getEmail(), password);
+
+        getClient(epersonToken).perform(get(
                 "/api/config/submissioncclicenses/search/rightsByQuestions?license=license2" +
                         "&answer_license2field0=license2field0enum1&answer_nonexisting=test"))
                    .andExpect(status().isBadRequest());
     }
+
+    @Test
+    public void searchRightsByQuestionsAdditionalUnAuthorized() throws Exception {
+
+        getClient().perform(get(
+                "/api/config/submissioncclicenses/search/rightsByQuestions?license=license2&answer_license2-field0" +
+                        "=license2-field0-enum1"))
+                               .andExpect(status().isUnauthorized());
+
+    }
 }