Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4278

Submitters can edit all metadata

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      2
    • Documentation Status:
      Needed

      Description

      With the new DSpace 7 REST API, a submitter is no longer restricted to editing metadata fields from the submission forms, if they use the /api/core/items endpoint.

      It's easy to modify any metadata field, e.g. using:
      ```
      curl -D - -X PATCH 'http://localhost:8080/rest/api/core/items/517f13ab-3105-42d3-bf55-271876fb726e' -H "Authorization: $authorization" -H "content-type: application/json" --data '[ { "op": "add", "path": "/metadata/dc.description.provenance", "value": [

      { "value": "Some provenance" }

      ] } ]'
      ```

      This is accessible because the user has WRITE permissions on the item
      The same action can be performed by workflow members for their tasks

        Attachments

          Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. DS-4043 Revisit the security layer of the submission

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          mentioned in

          Page Loading...

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              benbosman Ben Bosman
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: