Hi all,
We, at IDEALS, recently upgraded our DSpace version from 1.5.2 to 3.2, and for
continuity we decided to prevent community and collection level admins from
deleting items using the delagation settings in dspace.cfg. This causes the
delete button in the administrative Item status form to be grayed out, as
expected. However, when a collection or community-level admin attempts to move
an Item (via the "Move" button on the same interface) an unhandled exception is
thrown with the wording: "Authorization denied for action REMOVE." The
exception is thrown because the processMoveItem method attempts to use
Collection.removeItem to dissociate the Item from its previous collection. The
first thing that method does is authorize the user for the remove action, even
when the Item won't actually be deleted.
It seems like the fix would be to check for this authorization only when the
item is orphaned (i.e. when the conditions for permanent deletion have been
met).
I haven't tried to replicate this with an out-of-the-box dspace build, but
looking through github, it looks like it should be replicable on the master
branch and not be unique to us. Is anyone able to replicate this issue. Have
any similar bugs been reported on the JIRA, I found DS-5020
(https://jira.duraspace.org/browse/DS-2050), which might be related, but didn't
see anything else.
Thanks,
Seth Robbins
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
