DSpace icon indicating copy to clipboard operation
DSpace copied to clipboard
verified publisher icon DSpace

Refactor authorization-based Solr queries and add new findAddAuthorized/findEditAuthorized endpoints

Open toniprieto opened this issue 1 month ago • 1 comments

References

  • Fixes #2853
  • Fixes #9652
  • Fixes DSpace/dspace-angular#1331
  • Related to DSpace/RestContract#319
  • Requires angular DSpace/dspace-angular#4918

Description

This PR modifies how permissions are indexed in Solr and how Solr search restrictions are built to retrieve results based on direct permissions or inherited permissions through the location field, which includes the UUIDs of ancestor communities or collections.

The following changes are included:

  • Permissions are now indexed only if they are directly assigned to the object.
  • The filter applied for permission-based restrictions has been updated to search for either direct permissions or objects whose ancestor community/collection is one where the user has admin rights (using the same strategy as SolrServiceResourceRestrictionPlugin for checking READ access for the current user).
  • All permission-related restrictions are now applied within SolrServiceResourceRestrictionPlugin to build the query more efficiently.
  • The function createLocationQueryForAdministrableItems has been replaced by a new function that retrieves the same information via a Solr query (this should address some of the issues described in #10084 and could improve the performance).
  • New endpoints findEditAuthorized and findAddAuthorized have been added to retrieve communities, collections, or items based on specific permissions.

These changes allow admin permission modifications on a community or collection to propagate without needing to reindex their child objects.

Instructions for Reviewers

TODO

List of changes in this PR:

  • First, ...
  • Second, ...

Checklist

  • [x] My PR is created against the main branch of code (unless it is a backport or is fixing an issue specific to an older branch).
  • [x] My PR is small in size (e.g. less than 1,000 lines of code, not including comments & integration tests). Exceptions may be made if previously agreed upon.
  • [x] My PR passes Checkstyle validation based on the Code Style Guide.
  • [x] My PR includes Javadoc for all new (or modified) public methods and classes. It also includes Javadoc for large or complex private methods.
  • [x] My PR passes all tests and includes new/updated Unit or Integration Tests based on the Code Testing Guide.
  • [ ] My PR includes details on how to test it. I've provided clear instructions to reviewers on how to successfully test this fix or feature.
  • [x] If my PR includes new libraries/dependencies (in any pom.xml), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
  • [x] If my PR modifies REST API endpoints, I've opened a separate REST Contract PR related to this change.
  • [x] If my PR includes new configurations, I've provided basic technical documentation in the PR itself.
  • [x] If my PR fixes an issue ticket, I've linked them together.

toniprieto avatar Dec 01 '25 12:12 toniprieto

Hi @toniprieto, Conflicts have been detected against the base branch. Please resolve these conflicts as soon as you can. Thanks!

github-actions[bot] avatar Dec 08 '25 23:12 github-actions[bot]