Merged in task/dspace-cris-2023_02_x/DSC-1940 (pull request DSpace#2807)

[DSC-1940] Adapt permission for audits Approved-by: Andrea Barbasso
4Science · Nov 13, 2024 · 4c666a3 · 4c666a3
2 parents 45392fb + beb8972
commit 4c666a3
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/...-server-webapp/src/main/java/org/dspace/app/rest/repository/AuditEventRestRepository.java b/...-server-webapp/src/main/java/org/dspace/app/rest/repository/AuditEventRestRepository.java
@@ -60,10 +60,14 @@ public AuditEventRest findOne(Context context, UUID id) {
     }
 
 
-    @PreAuthorize("hasAuthority('ADMIN')")
+    @PreAuthorize("hasPermission(#commUuid, 'COMMUNITY', 'WRITE') " +
+            "or hasPermission(#collUuid, 'COLLECTION', 'WRITE') " +
+            "or hasAuthority('ADMIN')")
     @SearchRestMethod(name = "findByObject")
-    public Page<AuditEventRest> findByObject(@Parameter(value = "object", required = true) UUID uuid,
-            Pageable pageable) throws AuthorizeException, SQLException {
+    public Page<AuditEventRest> findByObject(
+            @Parameter(value = "object", required = true) UUID uuid, Pageable pageable,
+            @Parameter(value = "commUuid") UUID commUuid, @Parameter(value = "collUuid") UUID collUuid
+    ) throws AuthorizeException, SQLException {
         returnNotFoundIfDisabled();
         Context context = obtainContext();
         Sort sort = pageable.getSort();