Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-3971

Versioning is broken if the user is not a global administrator

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Code Review Needed (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 6.3
    • Fix Version/s: None
    • Component/s: API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      2
    • Documentation Status:
      Needed

      Description

      If the user, that want to create a new version, is not global administrator but only collection admin or submitter of the original item the new version cannot be created. During the creation of the new version the authorization for WRITE of the cloned bitstream is denied for the user. The problem is, that "BitstreamStorageServiceImpl.clone" call update before the bitstream is added to the item. So the permission check cannot check the admin permissions in the hierarchy.

      This is a regression of DS-3702 or https://github.com/DSpace/DSpace/pull/1883.

       

      You can test this bug on demo.dspace.org, if you login as dspacedemo+commadmin@gmail.com and try to create a new version of f.e. this item: http://demo.dspace.org/xmlui/handle/10673/49. You will see this message:

      Authorization denied for action WRITE on BITSTREAM:614a51ec-fdd9-4579-adb7-d22c0f9f0c1f by user f98dda55-cfe5-4c7a-8d87-6ca2b7b112f7

       

      Java stacktrace: org.dspace.authorize.AuthorizeException: Authorization denied for action WRITE on BITSTREAM:614a51ec-fdd9-4579-adb7-d22c0f9f0c1f by user f98dda55-cfe5-4c7a-8d87-6ca2b7b112f7 at org.dspace.authorize.AuthorizeServiceImpl.authorizeAction(AuthorizeServiceImpl.java:157) at org.dspace.authorize.AuthorizeServiceImpl.authorizeAction(AuthorizeServiceImpl.java:95) at org.dspace.authorize.AuthorizeServiceImpl.authorizeAction(AuthorizeServiceImpl.java:89) at org.dspace.content.BitstreamServiceImpl.update(BitstreamServiceImpl.java:250) at org.dspace.content.BitstreamServiceImpl.update(BitstreamServiceImpl.java:41) at org.dspace.storage.bitstore.BitstreamStorageServiceImpl.clone(BitstreamStorageServiceImpl.java:354) at org.dspace.versioning.AbstractVersionProvider.createBundlesAndAddBitstreams(AbstractVersionProvider.java:84) at org.dspace.versioning.DefaultItemVersionProvider.updateItemState(DefaultItemVersionProvider.java:105) at org.dspace.versioning.VersioningServiceImpl.createNewVersion(VersioningServiceImpl.java:93) at org.dspace.app.xmlui.aspect.versioning.VersionManager.processCreateNewVersion(VersionManager.java:73) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
      

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            sulfrian Alexander Sulfrian
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated: