Fix: Collection's admin cannot edit its template item.

[buithaihai]

References

Fix #8832

Description

This fixes the error at step 6 of #8832.

• Please follow the instructed steps to reproduce and verify the fix

In addition, this PR also applies to Template Item removal action.

Instructions for Reviewers

List of changes in this PR:

• First, I create a new RestObjectPermissionEvaluatorPlugin for TemplateItem to perform extra evaluations when editing or deleting a template item.
  • Making use of an existing RestObjectPermissionEvaluatorPlugin would be ideal, but none suffices. The best candidate I found is WorkspaceItemRestPermissionEvaluatorPlugin but it is too specific to WorkspaceItem to rewrite easily.
• Second, I changed the parameter from 'ITEM' to 'ITEMTEMPLATE' in @PreAuthorize("hasPermission(...)") of methods patch() and deleteTemplateItem() to take advantage of existing TemplateItemRest class, in order to distinguish it further from the generic Item term.

Checklist

• My PR is small in size (e.g. less than 1,000 lines of code, not including comments & integration tests). Exceptions may be made if previously agreed upon.
• My PR passes Checkstyle validation based on the Code Style Guide.
• My PR includes Javadoc for all new (or modified) public methods and classes. It also includes Javadoc for large or complex private methods.
• My PR passes all tests and includes new/updated Unit or Integration Tests based on the Code Testing Guide.
• If my PR includes new libraries/dependencies (in any pom.xml), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
• If my PR modifies REST API endpoints, I've opened a separate REST Contract PR related to this change.
• If my PR includes new configurations, I've provided basic technical documentation in the PR itself.
• If my PR fixes an issue ticket, I've linked them together.

---

• To see the specific tasks where the Asana app for GitHub is being used, see below:
  • https://app.asana.com/0/0/1204642791317001

[tdonohue]

@buithaihai : Thanks for this PR! First off, I can verify that this code fixes the bug entirely. Everything works.

However, this PR is missing automated tests. Could you add some new tests to ItemTemplateRestControllerIT which prove that a Collection Admin can create, edit & delete a template item?

It shouldn't be too complex to add the new tests... you just need to create a Collection Admin user in createStructure() similar to this:

collectionAdmin = EPersonBuilder.createEPerson(context)
            .withNameInMetadata("Jane", "Brown")
            .withEmail("collectionAdmin@my.edu")
            .withPassword(password)
            .build();
childCollection = CollectionBuilder.createCollection(context, parentCommunity)
                                           .withName("Collection 1")
                                           .withAdminGroup(collectionAdmin)
                                           .build();

Then you should be able to used that person in tests as the authenticated person & verify they have proper permissions.

Beyond that, great work! If you need any help on the tests let us know.

[buithaihai]

@tdonohue I have made the requested changes.

[tdonohue]

👍 Thank you @buithaihai ! The new tests look good, and as I mentioned previously I was able to verify that this fixes the bug.