[Dspace-devel] [DuraSpace JIRA] Updated: (DS-562) Community admin or user with WRITE, ADD and ADMIN policy on collection cannot delete that collection due to bug in AuthorizeUtil.authorizeManageTemplateItem(context, collection)

Andrea Bollini (DuraSpace JIRA) Mon, 01 Nov 2010 04:53:45 -0700

     [ 
https://jira.duraspace.org/browse/DS-562?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrea Bollini updated DS-562:
------------------------------

    Attachment: ds-562-delegate-admin-remove-templateitem.patch
       Summary: Community admin or user with WRITE, ADD and ADMIN policy on 
collection cannot delete that collection due to bug in 
AuthorizeUtil.authorizeManageTemplateItem(context,collection)  (was: User with 
WRITE, ADD and ADMIN policy on collection cannot delete that collection due to 
bug in AuthorizeUtil.authorizeManageTemplateItem(context,collection))

> Community admin or user with WRITE, ADD and ADMIN policy on collection cannot 
> delete that collection due to bug in 
> AuthorizeUtil.authorizeManageTemplateItem(context,collection)
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: DS-562
>                 URL: https://jira.duraspace.org/browse/DS-562
>             Project: DSpace
>          Issue Type: Bug
>          Components: DSpace API
>    Affects Versions: 1.6.0
>            Reporter: Andrew Taylor
>            Assignee: Andrea Bollini
>             Fix For: 1.7.0
>
>         Attachments: ds-562-delegate-admin-remove-templateitem.patch
>
>
> During the process of deleting a collection a call is made to 
> AuthorizeUtil.authorizeManageTemplateItem(context,collection) - line 289 of 
> 1.6.0 code, which seems to contain a logic error in the way it checks the 
> permissions.
> As it currently stands this method will only 'allow' if the user is a system 
> admin or is an admin who cannot edit the collection (ie lacks the ADD or 
> WRITE policy). 
> This to me seems like it is broken but I will happily stand corrected if it 
> is working as intended.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
https://jira.duraspace.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Dspace-devel mailing list
Dspace-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-devel

[Dspace-devel] [DuraSpace JIRA] Updated: (DS-562) Community admin or user with WRITE, ADD and ADMIN policy on collection cannot delete that collection due to bug in AuthorizeUtil.authorizeManageTemplateItem(context, collection)

Reply via email to