Skip to content

Fix for #8916 #8917 #8918 The Community Administrator should not be able to view all communities/collections in the create/edit community and collection sections. Previous PR #9814#4639

Merged
tdonohue merged 4 commits intoDSpace:mainfrom
im-shubham-vish:fix-8918
Sep 12, 2025
Merged

Conversation

@im-shubham-vish
Copy link
Contributor

@im-shubham-vish im-shubham-vish commented Aug 14, 2025
edited by tdonohue
Loading

References

Description

The Community Administrator should not be able to view all communities/collections in the create/edit community and collection sections.

Instructions for Reviewers

Currently, users can see all communities/collections in the create/edit community and collection sections. However, the expected behaviour is that only the communities/collections where the user is a community or collection admin should be displayed.

List of changes in this PR:

• Added new method getAuthorizedCommunity in community-data.service.ts to get all communities for the user is authorized to.
• Added authorized-community-selector.component.ts wrapper to show the autocomplete results in community edit section instead of using common DSpace Object selector.
• Updated create-collection-parent-selector.component.ts, create-community-parent-selector.component.ts, edit-community-selector.component.ts to get authorized communities list at the time of new collection & community creation.
• Updated edit-collection-selector.component.ts to list out already existing collections in which the user authorized to inside edit collection module.
• Updated src/themes/.../create-community-parent-selector.component.ts to list already existing authorized communities.
• Updated wrapper dso selector create-community-parent-selector.component.html to select authorized communities only inside the create community module.
• Added create-collection-parent-selector.component.html, edit-community-selector.component.html, edit-collection-selector.component.html to select authorized parent communities & collections only inside the create and edit community & collection module.
• Added authorized-community-selector.component.spec.ts against the new dso selector wrapper added to test the listing of all authorized communities and collections in edit and create section.
• Updated create-community-parent-selector.component.spec.ts, edit-community-selector.component.spec.ts, create-collection-parent-selector.component.spec.ts, edit-collection-selector.component.spec.ts to test the listing of all authorized communities & collections inside edit & create community and collection module.

How to Test

  1. Make a user the admin of a few communities.
  2. Navigate to the “New” section and click on "Community" or “Collection”. Only the communities where the user is community admin should be displayed.
  3. For the Edit section:
    o Go to Edit > click “Community”. Again, only the communities where the user is an admin should be shown.
    o For collections, go to Edit > click “Collection”. Only the collections where the user is a collection or community admin should be listed. If the user is a community admin for a community, all collections within that community should also be shown.

Bug Reproduction Steps

  1. New Section:
    o Log in as a community admin, go to New > Community. Currently, all communities are shown in the list.
    o Similarly, for collections, go to the New section > click Collection. Here, all collections are shown in the list.
  2. Edit Section:
    o Log in as a community admin, go to Edit > Community. Currently, all communities are shown in the list.
    o Similarly, for collections, go to Edit > click Collection. Here, all collections are shown in the list.

@im-shubham-vish
Fix for #8918 The Community Administrator should not be able to view …
5aab53e 
…all communities/collections in the create/edit community and collection sections
@PitbaranK PitbaranK mentioned this pull request Aug 14, 2025
Closed
@PitbaranK
Copy link

PitbaranK commented Aug 18, 2025

@alanorth,
Could you please help test this again, as you had tested it earlier as well?
Reference: DSpace/DSpace#9814 (comment)

@tdonohue tdonohue added bug usability component: Discovery related to discovery search or browse system authorization related to authorization, permissions or groups port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release port to dspace-8_x This PR needs to be ported to `dspace-8_x` branch for next bug-fix release port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release labels Aug 20, 2025
@tdonohue tdonohue moved this to 🙋 Needs Reviewers Assigned in DSpace 10.0 Release Aug 20, 2025
@tdonohue tdonohue mentioned this pull request Aug 20, 2025
Closed
@tdonohue tdonohue self-requested a review August 20, 2025 18:55
@EikLoe
Copy link
Member

EikLoe commented Sep 5, 2025

Hi @im-shubham-vish ,
Thanks for the PR, it is really helpful. I tested it locally and it worked good for me! 👍🏾 I couldn't find any problems caused.

@tdonohue tdonohue moved this from 🙋 Needs Reviewers Assigned to 👍 Reviewer Approved in DSpace 10.0 Release Sep 5, 2025
tdonohue
tdonohue requested changes Sep 8, 2025
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @im-shubham-vish ! Overall, this looks great. However, I've found a bug in one scenario. Here's what works and doesn't work for me:

  • New -> Community/Collection (Both are fixed to limit to only showing the parent Communities that you have Admin privileges within)
  • New -> Item (Still works to find Collections that you have submit privileges for)
  • Edit -> Community (Fixed to limit to only showing Communities that you have Admin privileges within)
  • Edit -> Collection (BROKEN. Shows Collections that you have submit privileges for, like New->Item. It should instead show Collections that you have admin privileges for.)

I believe I've found the issue, which is that the <ds-authorized-collection-selector> defaults to only checking for submit privileges. Another minor comment inline below.

Basically, this solution is looking better. You just have one more bug to fix in "Edit -> Collection".

...r/dso-selector/authorized-community-selector/authorized-community-selector.component.spec.ts Outdated
});

describe('search', () => {
describe('when has no entity type', () => {
Copy link
Member

@tdonohue tdonohue Sep 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tiny thing. The phrase "entity type" has no meaning here. This probably should just say something like describe('when search is called'). Or you could just remove this nested describe and just go right to the it() method below.

@github-project-automation github-project-automation bot moved this from 👍 Reviewer Approved to 👀 Under Review in DSpace 10.0 Release Sep 8, 2025
@PitbaranK
Copy link

PitbaranK commented Sep 9, 2025
edited
Loading

Thanks @tdonohue,
We have incorporated the changes requested.

@tdonohue tdonohue self-requested a review September 12, 2025 21:05
tdonohue
tdonohue approved these changes Sep 12, 2025
View reviewed changes
Copy link
Member

@tdonohue tdonohue left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Thanks @im-shubham-vish and @PitbaranK ! This looks good to me now and works well. I've flagged this for automatic backport to 9.x and 8.x. Unfortunately, though we'd likely need a separate PR for 7.6.x (dspace-7_x) because it used *ngIf instead of @if (see my note inline below).

...-wrappers/create-collection-parent-selector/create-collection-parent-selector.component.html
</button>
</div>
<div class="modal-body">
@if (header) {
Copy link
Member

@tdonohue tdonohue Sep 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NOTE: I don't believe this @if syntax will work for DSpace 7, because it was introduced in Angular 17 (which we first used in DSpace 8). In DSpace 7, this same behavior was controlled via *ngIf.

So, this just means that I'm only attempting to backport this to DSpace 8.x and 9.x. If we want to backport also to 7.6.x, we'd need a separate PR.

@github-project-automation github-project-automation bot moved this from 👀 Under Review to 👍 Reviewer Approved in DSpace 10.0 Release Sep 12, 2025
@tdonohue tdonohue removed the port to dspace-7_x This PR needs to be ported to `dspace-7_x` branch for next bug-fix release label Sep 12, 2025
@tdonohue tdonohue added this to the 10.0 milestone Sep 12, 2025
@tdonohue tdonohue merged commit 80865ef into DSpace:main Sep 12, 2025
15 checks passed
@github-project-automation github-project-automation bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace 10.0 Release Sep 12, 2025
@dspace-bot
Copy link
Contributor

dspace-bot commented Sep 12, 2025

Backport failed for dspace-8_x, because it was unable to cherry-pick the commit(s).

Please cherry-pick the changes locally and resolve any conflicts.

git fetch origin dspace-8_x
git worktree add -d .worktree/backport-4639-to-dspace-8_x origin/dspace-8_x
cd .worktree/backport-4639-to-dspace-8_x
git switch --create backport-4639-to-dspace-8_x
git cherry-pick -x 5aab53e064a2cbb03f11435b1763b7cc800b8d82 a26c718db47d71b2e986389f664b73a5c087fe98 15d9cb0ea8f4053163a0ac8b15b752870351ed9b

@dspace-bot dspace-bot mentioned this pull request Sep 12, 2025
Merged
@dspace-bot
Copy link
Contributor

dspace-bot commented Sep 12, 2025

Successfully created backport PR for dspace-9_x:

@tdonohue
Copy link
Member

tdonohue commented Sep 12, 2025

I take it back, this PR can only be backported to 9.x. In 8.x, it looks like we also used *ngIf instead of @if, which is why this PR cannot be backported easily into dspace-8_x. So, a separate PR would be necessary to backport this to dspace-8_x and dspace-7_x. @PitbaranK or @im-shubham-vish , if you are interested in backporting it, let me know.

Otherwise, this will only be fixed in 9.2 and 10.0

@tdonohue tdonohue removed port to dspace-8_x This PR needs to be ported to `dspace-8_x` branch for next bug-fix release port to dspace-9_x This PR needs to be ported to `dspace-9_x` branch for next bug-fix release labels Sep 12, 2025
@im-shubham-vish im-shubham-vish mentioned this pull request Sep 18, 2025
Merged
@PitbaranK
Copy link

PitbaranK commented Sep 18, 2025
edited
Loading

Hi @tdonohue,
Thanks! We have raised the backport PR #4724 for dspace-8_x & dspace-7_x against the same. Kindly align reviewer.

@jesielviana jesielviana mentioned this pull request Sep 19, 2025
Closed
tdonohue added a commit that referenced this pull request Oct 2, 2025
@tdonohue
Merge pull request #4724 from im-shubham-vish/fix-9814-backport-8x
01cc3ab 
[Port dspace-8_x] Fix for #8916 #8917 #8918 to 8.x: The Community Administrator should not be able to view all communities/collections in the create/edit community and collection sections (Previous PR #9814 #4639)
This was referenced Feb 16, 2026
Merged
Closed
Merged
@tdonohue
Copy link
Member

tdonohue commented Feb 18, 2026

Backported to 8.x in #4724 and 7.x in #5123

tdonohue added a commit that referenced this pull request Feb 18, 2026
@tdonohue
Merge pull request #5123 from toniprieto/find-authorized-endpoints-7x
ab59b05 
[Port dspace-7_x] Update DSO creation and edition selectors in admin menu to use more specific authorization endpoints (Includes port of #4639)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

@im-shubham-vish im-shubham-vish

Labels

authorization related to authorization, permissions or groups bug component: Discovery related to discovery search or browse system usability

Projects

DSpace 10.0 Release
Status: ✅ Done

Milestone

10.0

5 participants

@im-shubham-vish @PitbaranK @EikLoe @dspace-bot @tdonohue

Comments