Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-562

Community admin or user with WRITE, ADD and ADMIN policy on collection cannot delete that collection due to bug in AuthorizeUtil.authorizeManageTemplateItem(context,collection)

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.6.0
    • Fix Version/s: 1.7.0
    • Component/s: DSpace API
    • Labels:
      None
    • Attachments:
      1
    • Comments:
      2
    • Documentation Status:
      Not Required

      Description

      During the process of deleting a collection a call is made to AuthorizeUtil.authorizeManageTemplateItem(context,collection) - line 289 of 1.6.0 code, which seems to contain a logic error in the way it checks the permissions.

      As it currently stands this method will only 'allow' if the user is a system admin or is an admin who cannot edit the collection (ie lacks the ADD or WRITE policy).

      This to me seems like it is broken but I will happily stand corrected if it is working as intended.

        Attachments

          Activity

            People

            • Assignee:
              bollini Andrea Bollini (4Science)
              Reporter:
              ataylor Andrew Taylor
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: