This ticket corresponds to task 4.14 "Enforce Item Access Restrictions" in our DSpace 7 Development Planning spreadsheet. To make this task actionable, we have decided to require Integration Tests to prove this functionality works.
(NOTE: Some related tests around access rights with embargoes, etc, already exist in https://github.com/DSpace/DSpace/blob/master/dspace-spring-rest/src/test/java/org/dspace/app/rest/ItemRestRepositoryIT.java )
Tests should prove:
- Admins can still access Item that are restricted
- Community / Collection Admins can still access Items that are restricted
- Users with specific rights can still access Items that are restricted
- Anonymous users CANNOT access Items that are restricted (neither metadata nor bitstreams)
- Embargoed items cannot be accessed except by Administrators, or Community/Collection Admins