Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-1856

OAI-PMH indexes metadata of non-public Items

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.2, 4.0
    • Fix Version/s: 5.0
    • Component/s: DSpace API, OAI-PMH
    • Labels:
      None
    • Attachments:
      0
    • Comments:
      5
    • Documentation Status:
      Needed

      Description

      How to reproduce:

      1) Create a Collection where DEFAULT_READ access is limited to a non-Anonymous group (e.g. Administrators or similar)

      2) Submit an Item to that Collection

      3) Run "./dspace oai import"

      The Result:

      • The Item will be access restricted from the UI (XMLUI or JSPUI), and will not be accessible to Anonymous Users
      • HOWEVER, the Item's metadata will be available from OAI-PMH anonymously

      Essentially, it seems like OAI-PMH should be verifying each Item has Anonymous READ permissions before it indexes the Item. Instead, by default OAI-PMH just indexes everything where "in_archive=TRUE" and "discoverable=TRUE":
      https://github.com/DSpace/DSpace/blob/master/dspace-oai/src/main/java/org/dspace/xoai/app/XOAI.java#L203

      NOTE: In this scenario, "discoverable=TRUE" as these Items were not marked fully "private". Instead, they are being access controlled by Resource Policies. So the issue here is that OAI-PMH is not checking the Resource Policies.

      In all honesty, this could also be considered the fault of "Item.getMetadata()" which fails to validate Item READ access before returning all metadata values (as OAI-PMH calls getMetadata() to perform its indexing):
      https://github.com/DSpace/DSpace/blob/master/dspace-api/src/main/java/org/dspace/content/Item.java#L521

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                joaomelo João Melo
                Reporter:
                tdonohue Tim Donohue
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: