Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4017

"Upload Item with Embargo Features" sets wrong bitstream access rights



    • Type: Bug
    • Status: Volunteer Needed (View Workflow)
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 6.3
    • Fix Version/s: None
    • Component/s: XMLUI
    • Labels:
    • Environment:
      Windows 7, Tomcat 8.0.52, DSpace 6.3 release
    • Attachments:
    • Comments:
    • Documentation Status:


      Based on "Restrict default bitstream access" in the DSpace Community mailing list (https://groups.google.com/d/topic/dspace-community/AQ8LJ7hyrbE/discussion).

      When uploading an item to DSpace 6.3 with "Upload Item with Embargo Features" enabled, the uploaded bitstream gets an additional READ permission that seems to be taken from DEFAULT_ITEM_READ or READ. This problem only exists when using "Upload Item with Embargo Features" while the default "Upload item" step creates the correct access rights.


      I currently try to restrict the default access to bitstreams in DSpace 6.3 without restricting access to the item (and its metadata). So if there is a "main group" and a "special group" that is part of "main group", an item should be readable by all members of "main group", but the bitstreams should only be accessible by members of "special group".

      My collection has the following authorization policy:

      ADD                      foobar_WORKFLOW_STEP_2
      WORKFLOW_STEP_2          foobar_WORKFLOW_STEP_2
      ADD                      special group
      DEFAULT_BITSTREAM_READ   special group
      READ                     main group
      DEFAULT_ITEM_READ        main group

      When submitting an item, it gets the following authorization policies:

      Item Policies
      READ   main group
      Policies for Bundle ORIGINAL
      READ   special group
      Bitstream Article.pdf
      READ   special group
      READ   main group

      The last line, READ "main group" for the article, should not be there, but if I change the DEFAULT_ITEM_READ to "special group" then the item policy lacks a READ "main_group" from the first line.

      How to reproduce:

      I took the following steps to get from working to non-working

      1. Download fresh DSpace 6.3 release package (ZIP)
      2. Adapt local.cfg (set dspace.dir, dspace.hostname, dspace.baseUrl, dspace.ui, dspace.name, default.language, solr.server, db.url, db.driver, db.dialect, db.username, db.password, db.schema)
      3. mvn package / ant fresh_install
      4. Start configured Tomcat
      5. Create administrator
      6. Setup collection and groups according in XMLUI (create main group, special group, collection according to scenario), use "Edit Collection -> Assign Roles -> Edit authorization policies directly." to set access policy
      7. Submit new item, upload file (access rights are correct)
      8. Stop Tomcat
      9. Change item-submission.xml Step 4 to "Upload Item with Embargo Features"
      10. mvn clean package / ant update clean_backups
      11. Start configured Tomcat
      12. Submit new item, upload file (access rights are wrong, see "Scenario" above)





            hgessner Hendrik Geßner
            0 Vote for this issue
            2 Start watching this issue