if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup() || AuthorizeConfiguration.canCollectionAdminManageSubmitters() || AuthorizeConfiguration.canCollectionAdminManageWorkflows() || AuthorizeConfiguration.canCommunityAdminManageAdminGroup() || AuthorizeConfiguration .canCommunityAdminManageCollectionAdminGroup() || AuthorizeConfiguration .canCommunityAdminManageCollectionSubmitters() || AuthorizeConfiguration .canCommunityAdminManageCollectionWorkflows()) { group.equals(collection.getWorkflowStep2()) || group.equals(collection.getWorkflowStep3()))) { if (AuthorizeConfiguration.canCollectionAdminManageWorkflows()) { return collection; } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionWorkflows()) { return collectionService.getParentObject(context, collection); if (AuthorizeConfiguration.canCollectionAdminManageSubmitters()) { return collection; } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionSubmitters()) { return collectionService.getParentObject(context, collection); if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) { return collection; } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionAdminGroup()) { return collectionService.getParentObject(context, collection); } else if (AuthorizeConfiguration.canCommunityAdminManageAdminGroup()) {
if (AuthorizeConfiguration.canItemAdminPerformBitstreamCreation()) { adminObject = item; } else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamCreation()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminPerformBitstreamCreation()) { adminObject = community; if (AuthorizeConfiguration.canItemAdminPerformBitstreamDeletion()) { adminObject = item; } else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamDeletion()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminPerformBitstreamDeletion()) { adminObject = community; case Constants.DELETE: if (item.getOwningCollection() != null) { if (AuthorizeConfiguration.canCollectionAdminPerformItemDeletion()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminPerformItemDeletion()) { adminObject = community; if (AuthorizeConfiguration.canCollectionAdminManageTemplateItem()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem()) { adminObject = community; if (AuthorizeConfiguration.canCollectionAdminManageTemplateItem()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminManageCollectionTemplateItem()) {
@Override public DSpaceObject getAdminObject(Context context, Collection collection, int action) throws SQLException { DSpaceObject adminObject = null; Community community = null; List<Community> communities = collection.getCommunities(); if (CollectionUtils.isNotEmpty(communities)) { community = communities.get(0); } switch (action) { case Constants.REMOVE: if (AuthorizeConfiguration.canCollectionAdminPerformItemDeletion()) { adminObject = collection; } else if (AuthorizeConfiguration.canCommunityAdminPerformItemDeletion()) { adminObject = community; } break; case Constants.DELETE: if (AuthorizeConfiguration.canCommunityAdminPerformSubelementDeletion()) { adminObject = community; } break; default: adminObject = collection; break; } return adminObject; }
if (AuthorizeConfiguration.canItemAdminPerformBitstreamDeletion()) { adminObject = item; } else if (AuthorizeConfiguration.canCollectionAdminPerformBitstreamDeletion()) { adminObject = collection; } else if (AuthorizeConfiguration .canCommunityAdminPerformBitstreamDeletion()) { adminObject = community; if (AuthorizeConfiguration.canItemAdminPerformBitstreamCreation()) { adminObject = item; } else if (AuthorizeConfiguration .canCollectionAdminPerformBitstreamCreation()) { adminObject = collection; } else if (AuthorizeConfiguration .canCommunityAdminPerformBitstreamCreation()) { adminObject = community;
/** * Is allowed manage (create, remove, edit) item's policies in the * current context? * * @param context the DSpace Context Object * @param item the item that the policy refer to * @throws AuthorizeException if authorization error * if the current context (current user) is not allowed to * manage the item's policies * @throws SQLException if database error * if a db error occur */ public static void authorizeManageItemPolicy(Context context, Item item) throws AuthorizeException, SQLException { if (AuthorizeConfiguration.canItemAdminManagePolicies()) { authorizeService.authorizeAction(context, item, Constants.ADMIN); } else if (AuthorizeConfiguration.canCollectionAdminManageItemPolicies()) { authorizeService.authorizeAction(context, item .getOwningCollection(), Constants.ADMIN); } else if (AuthorizeConfiguration.canCommunityAdminManageItemPolicies()) { authorizeService .authorizeAction(context, item.getOwningCollection() .getCommunities().get(0), Constants.ADMIN); } else if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to manage item policies"); } }
authorizeService.authorizeAction(context, item, Constants.REMOVE); } catch (AuthorizeException authex) { if (AuthorizeConfiguration.canItemAdminManageCCLicense()) { authorizeService .authorizeAction(context, item, Constants.ADMIN); } else if (AuthorizeConfiguration.canCollectionAdminManageCCLicense()) { authorizeService.authorizeAction(context, itemService .getParentObject(context, item), Constants.ADMIN); } else if (AuthorizeConfiguration.canCommunityAdminManageCCLicense()) { authorizeService.authorizeAction(context, itemService .getParentObject(context, item), Constants.ADMIN);
/** * Can the current user manage (create, remove, edit) the submitters group of * the collection? * * @param context the DSpace Context Object * @param collection the collection * @throws AuthorizeException if authorization error * if the current user is not allowed to manage the collection's * submitters group * @throws SQLException if database error * if a db error occur */ public static void authorizeManageSubmittersGroup(Context context, Collection collection) throws AuthorizeException, SQLException { if (AuthorizeConfiguration.canCollectionAdminManageSubmitters()) { authorizeService.authorizeAction(context, collection, Constants.ADMIN); } else if (AuthorizeConfiguration .canCommunityAdminManageCollectionSubmitters()) { authorizeService.authorizeAction(context, collection .getCommunities().get(0), Constants.ADMIN); } else if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to manage collection submitters"); } }
/** * Can the current user manage (create, remove, edit) the workflow groups of * the collection? * * @param context the DSpace Context Object * @param collection the collection * @throws AuthorizeException if authorization error * if the current user is not allowed to manage the collection's * workflow groups * @throws SQLException if database error * if a db error occur */ public static void authorizeManageWorkflowsGroup(Context context, Collection collection) throws AuthorizeException, SQLException { if (AuthorizeConfiguration.canCollectionAdminManageWorkflows()) { authorizeService.authorizeAction(context, collection, Constants.ADMIN); } else if (AuthorizeConfiguration .canCommunityAdminManageCollectionWorkflows()) { authorizeService.authorizeAction(context, collection .getCommunities().get(0), Constants.ADMIN); } else if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to manage collection workflow"); } }
/** * Can the current user create/edit the admins group of the collection? * please note that the remove action need a separate check * * @param context the DSpace Context Object * @param collection the collection * @throws AuthorizeException if authorization error * if the current user is not allowed to create/edit the * collection's admins group * @throws SQLException if database error * if a db error occur * @see #authorizeRemoveAdminGroup(Context, Collection) */ public static void authorizeManageAdminGroup(Context context, Collection collection) throws AuthorizeException, SQLException { if (AuthorizeConfiguration.canCollectionAdminManageAdminGroup()) { authorizeService.authorizeAction(context, collection, Constants.ADMIN); } else if (AuthorizeConfiguration .canCommunityAdminManageCollectionAdminGroup()) { authorizeService.authorizeAction(context, collection .getCommunities().get(0), Constants.ADMIN); } else if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to manage collection admin"); } }
/** * Is allowed manage (create, remove, edit) collection's policies in the * current context? * * @param context the DSpace Context Object * @param collection the collection that the policy refer to * @throws AuthorizeException if authorization error * if the current context (current user) is not allowed to * manage the collection's policies * @throws SQLException if database error * if a db error occur */ public static void authorizeManageCollectionPolicy(Context context, Collection collection) throws AuthorizeException, SQLException { if (AuthorizeConfiguration.canCollectionAdminManagePolicies()) { authorizeService.authorizeAction(context, collection, Constants.ADMIN); } else if (AuthorizeConfiguration .canCommunityAdminManageCollectionPolicies()) { authorizeService.authorizeAction(context, collection .getCommunities().get(0), Constants.ADMIN); } else if (!authorizeService.isAdmin(context)) { throw new AuthorizeException( "Only system admin are allowed to manage collection policies"); } }
.canCollectionAdminManageTemplateItem()) { authorizeService.authorizeAction(context, collection, Constants.ADMIN); } else if (!isAuthorized && AuthorizeConfiguration .canCommunityAdminManageCollectionTemplateItem()) { List<Community> communities = collection.getCommunities(); Community parent = communities != null && communities.size() > 0 ? communities.get(0)