[DS-3097] Bitstreams of embargoed and/or withdrawn items can be acces…

…sed by anyone
DSpace · Sep 1, 2016 · 98ae2bd · 98ae2bd
1 parent ad4d1a8
commit 98ae2bd
Show file tree

Hide file tree

Showing 7 changed files with 132 additions and 13 deletions.
diff --git a/dspace-api/src/main/java/org/dspace/authorize/AuthorizeServiceImpl.java b/dspace-api/src/main/java/org/dspace/authorize/AuthorizeServiceImpl.java
@@ -497,6 +497,15 @@ public void inheritPolicies(Context c, DSpaceObject src,
         }
         addPolicies(c, nonAdminPolicies, dest);
     }
+
+    @Override
+    public void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction) throws SQLException, AuthorizeException {
+		List<ResourcePolicy> rps = getPoliciesActionFilter(context, dso, fromAction);
+        for (ResourcePolicy rp : rps) {
+        	rp.setAction(toAction);
+        }
+        resourcePolicyService.update(context, rps);
+	}
 
     @Override
     public void addPolicies(Context c, List<ResourcePolicy> policies, DSpaceObject dest)

diff --git a/dspace-api/src/main/java/org/dspace/authorize/service/AuthorizeService.java b/dspace-api/src/main/java/org/dspace/authorize/service/AuthorizeService.java
@@ -428,4 +428,21 @@ public void authorizeAction(Context c, EPerson e, DSpaceObject o, int action, bo
 
     public ResourcePolicy createOrModifyPolicy(ResourcePolicy policy, Context context, String name, Group group, EPerson ePerson, Date embargoDate, int action, String reason, DSpaceObject dso) throws AuthorizeException, SQLException;
 
+	/**
+	 * Change all the policies related to the action (fromPolicy) of the
+	 * specified object to the new action (toPolicy)
+	 * 
+	 * @param context
+	 * @param dso
+	 *            the dspace object
+	 * @param fromAction
+	 *            the action to change
+	 * @param toAction
+	 *            the new action to set
+	 * @throws SQLException
+	 * @throws AuthorizeException
+	 */
+	void switchPoliciesAction(Context context, DSpaceObject dso, int fromAction, int toAction)
+			throws SQLException, AuthorizeException;
+
 }
diff --git a/dspace-api/src/main/java/org/dspace/content/ItemServiceImpl.java b/dspace-api/src/main/java/org/dspace/content/ItemServiceImpl.java
@@ -531,8 +531,14 @@ public void withdraw(Context context, Item item) throws SQLException, AuthorizeE
         context.addEvent(new Event(Event.MODIFY, Constants.ITEM, item.getID(),
                 "WITHDRAW", getIdentifiers(context, item)));
 
-        // remove all authorization policies, saving the custom ones
-        authorizeService.removeAllPoliciesByDSOAndTypeNotEqualsTo(context, item, ResourcePolicy.TYPE_CUSTOM);
+        // switch all READ authorization policies to WITHDRAWN_READ
+        authorizeService.switchPoliciesAction(context, item, Constants.READ, Constants.WITHDRAWN_READ);
+        for (Bundle bnd : item.getBundles()) {
+        	authorizeService.switchPoliciesAction(context, bnd, Constants.READ, Constants.WITHDRAWN_READ);
+        	for (Bitstream bs : bnd.getBitstreams()) {
+        		authorizeService.switchPoliciesAction(context, bs, Constants.READ, Constants.WITHDRAWN_READ);
+        	}
+        }
 
         // Write log
         log.info(LogManager.getHeader(context, "withdraw_item", "user="
@@ -580,16 +586,28 @@ public void reinstate(Context context, Item item) throws SQLException, Authorize
         context.addEvent(new Event(Event.MODIFY, Constants.ITEM, item.getID(),
                 "REINSTATE", getIdentifiers(context, item)));
 
-        // authorization policies
-        if (colls.size() > 0)
-        {
-            // FIXME: not multiple inclusion friendly - just apply access
-            // policies from first collection
-            // remove the item's policies and replace them with
-            // the defaults from the collection
-            inheritCollectionDefaultPolicies(context, item, colls.iterator().next());
+		// restore all WITHDRAWN_READ authorization policies back to READ
+		for (Bundle bnd : item.getBundles()) {
+			authorizeService.switchPoliciesAction(context, bnd, Constants.WITHDRAWN_READ, Constants.READ);
+			for (Bitstream bs : bnd.getBitstreams()) {
+				authorizeService.switchPoliciesAction(context, bs, Constants.WITHDRAWN_READ, Constants.READ);
+			}
+		}
+
+        // check if the item was withdrawn before the fix DS-3097
+        if (authorizeService.getPoliciesActionFilter(context, item, Constants.WITHDRAWN_READ).size() != 0) {
+        	authorizeService.switchPoliciesAction(context, item, Constants.WITHDRAWN_READ, Constants.READ);
         }
-
+        else {
+	        // authorization policies
+	        if (colls.size() > 0)
+	        {
+	            // remove the item's policies and replace them with
+	            // the defaults from the collection
+	        	adjustItemPolicies(context, item, item.getOwningCollection());
+	        }
+        }
+
         // Write log
         log.info(LogManager.getHeader(context, "reinstate_item", "user="
                 + e.getEmail() + ",item_id=" + item.getID()));

diff --git a/dspace-api/src/main/java/org/dspace/core/Constants.java b/dspace-api/src/main/java/org/dspace/core/Constants.java
@@ -127,6 +127,8 @@ public class Constants
      */
     public static final int ADMIN = 11;
 
+    public static final int WITHDRAWN_READ = 12;
+
     /** Position of front page news item -- top box */
     public static final int NEWS_TOP = 0;
 
@@ -139,7 +141,7 @@ public class Constants
     public static final String[] actionText = { "READ", "WRITE",
             "OBSOLETE (DELETE)", "ADD", "REMOVE", "WORKFLOW_STEP_1",
             "WORKFLOW_STEP_2", "WORKFLOW_STEP_3", "WORKFLOW_ABORT",
-            "DEFAULT_BITSTREAM_READ", "DEFAULT_ITEM_READ", "ADMIN" };
+            "DEFAULT_BITSTREAM_READ", "DEFAULT_ITEM_READ", "ADMIN", "WITHDRAWN_READ" };
 
     /**
      * generating constants for the relevance array dynamically is simple: just
@@ -175,7 +177,8 @@ public class Constants
             0, // 8 - WORKFLOW_ABORT
             RCOLLECTION, // 9 - DEFAULT_BITSTREAM_READ
             RCOLLECTION, // 10 - DEFAULT_ITEM_READ
-            RITEM | RCOLLECTION | RCOMMUNITY // 11 - ADMIN
+            RITEM | RCOLLECTION | RCOMMUNITY, // 11 - ADMIN
+            RBITSTREAM | RBUNDLE | RITEM // 12 - WITHDRAWN_READ
     };
 
     public static final String DEFAULT_ENCODING = "UTF-8";

diff --git a/.../src/main/resources/org/dspace/storage/rdbms/sqlmigration/h2/V6.0_2016.08.23__DS-3097.sql b/.../src/main/resources/org/dspace/storage/rdbms/sqlmigration/h2/V6.0_2016.08.23__DS-3097.sql
@@ -0,0 +1,24 @@
+--
+-- The contents of this file are subject to the license and copyright
+-- detailed in the LICENSE and NOTICE files at the root of the source
+-- tree and available online at
+--
+-- http://www.dspace.org/license/
+--
+
+------------------------------------------------------
+-- DS-3097 introduced new action id for WITHDRAWN_READ 
+------------------------------------------------------
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT bundle2bitstream.bitstream_id FROM bundle2bitstream
+		LEFT JOIN item2bundle ON bundle2bitstream.bundle_id = item2bundle.bundle_id
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = 1
+);
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT item2bundle.bundle_id FROM item2bundle
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = 1
+);
diff --git a/.../main/resources/org/dspace/storage/rdbms/sqlmigration/oracle/V6.0_2016.08.23__DS-3097.sql b/.../main/resources/org/dspace/storage/rdbms/sqlmigration/oracle/V6.0_2016.08.23__DS-3097.sql
@@ -0,0 +1,24 @@
+--
+-- The contents of this file are subject to the license and copyright
+-- detailed in the LICENSE and NOTICE files at the root of the source
+-- tree and available online at
+--
+-- http://www.dspace.org/license/
+--
+
+------------------------------------------------------
+-- DS-3097 introduced new action id for WITHDRAWN_READ 
+------------------------------------------------------
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT bundle2bitstream.bitstream_id FROM bundle2bitstream
+		LEFT JOIN item2bundle ON bundle2bitstream.bundle_id = item2bundle.bundle_id
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = 1
+);
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT item2bundle.bundle_id FROM item2bundle
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = 1
+);
diff --git a/...ain/resources/org/dspace/storage/rdbms/sqlmigration/postgres/V6.0_2016.08.23__DS-3097.sql b/...ain/resources/org/dspace/storage/rdbms/sqlmigration/postgres/V6.0_2016.08.23__DS-3097.sql
@@ -0,0 +1,24 @@
+--
+-- The contents of this file are subject to the license and copyright
+-- detailed in the LICENSE and NOTICE files at the root of the source
+-- tree and available online at
+--
+-- http://www.dspace.org/license/
+--
+
+------------------------------------------------------
+-- DS-3097 introduced new action id for WITHDRAWN_READ 
+------------------------------------------------------
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT bundle2bitstream.bitstream_id FROM bundle2bitstream
+		LEFT JOIN item2bundle ON bundle2bitstream.bundle_id = item2bundle.bundle_id
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = true
+);
+
+UPDATE resourcepolicy SET action_id = 12 where action_id = 0 and dspace_object in (
+	SELECT item2bundle.bundle_id FROM item2bundle
+		LEFT JOIN item ON item2bundle.item_id = item.uuid
+		WHERE item.withdrawn = true
+);