Policies on bitstreams created or updated by SAF import (created using GUI and command line) do not have a type which causes issues with other functionality (eg Access Management). #9290
Labels
authorization
Related to user authorization / permissions
bug
high priority
tools: import
Related to import of data into the system
Milestone
DSpace 7.6.1
Describe the bug
Policies on bitstreams in items created or updated via SAF (created through GUI or import command, updated via itemupdate command)) do not have a policy type (either TYPE_CUSTOM or TYPE_INHERITED). This causes issues with functionality which expects a policy type to be present (eg using Access Management - policies without a type are not cleared by this function, which can result in bitstreams remaining open even when embargoes or admin policies are set).
To Reproduce
Steps to reproduce the behavior:
permissions:-r 'Anonymous'
Expected behavior
The authorisation policy on the bitstream where the item is sent through workflow should have the following property - type: TYPE_SUBMISSION.
For items not sent through workflow the authorisation policy on the bitstream should be set to TYPE_INHERITED.
This would be consistent with the default no workflow parameter when you import Batch(Zip) through the UI and also when adding a new bitstream to an archived item through Edit Item --> Bitstreams --> Upload.
Also see the attached screenshot from https://demo.dspace.org/home in which the last bitstream has an Anonymous read policy with no type set.
Many functions in DSpace 7.6.1 rely on authorisations policies having a type (eg Access Management, inherit policies on moving items between collections) and not having a type set can cause issues.
Policies without a type are not removed by Access Management, meaning, for example, Anonymous read can be left on a bitstream even when a more restrictive policy is set by the repository manager.
The text was updated successfully, but these errors were encountered: