User with WRITE, ADD and ADMIN policy on collection cannot delete that
collection due to bug in
AuthorizeUtil.authorizeManageTemplateItem(context,collection)
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Key: DS-562
URL: http://jira.dspace.org/jira/browse/DS-562
Project: DSpace 1.x
Issue Type: Bug
Components: DSpace API
Affects Versions: 1.6.0
Reporter: Andrew Taylor
Priority: Minor
During the process of deleting a collection a call is made to
AuthorizeUtil.authorizeManageTemplateItem(context,collection) - line 289 of
1.6.0 code, which seems to contain a logic error in the way it checks the
permissions.
As it currently stands this method will only 'allow' if the user is a system
admin or is an admin who cannot edit the collection (ie lacks the ADD or WRITE
policy).
This to me seems like it is broken but I will happily stand corrected if it is
working as intended.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.dspace.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
------------------------------------------------------------------------------
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel
