Page History
...
hasPermission(#uuid, 'DSO-TYPE', 'ACTION')
: Check if the current user is allowed to execute the listed action on the specified DSpace Object (for example downloading a bitstream).Code Block # Example: Only allows you to access this "findOne()" method, if your have READ permissions on the Bitstream identified by the "id" parameter @PreAuthorize("hasPermission(#id, 'BITSTREAM', 'READ')") public BitstreamRest findOne(Context context, UUID id) { ... }
hasAuthority('VALUE')
: Check if the current user has a specific Spring authority. Currently there are only three authority values:ADMIN
,EPERSON
andANONYMOUS
. (for example when querying all items).Code Block # Example #1: Only allows you to access this method if you are logged in as a system Administrator @PreAuthorize("hasAuthority('ADMIN')") public Page<BitstreamRest> findAll(Context context, Pageable pageable) { ... } # Example #2: Only allows you to access this method if you are currently logged in to the system @PreAuthorize("hasAuthority('AUTHENTICATED')") public AuthorityRest findOne(Context context, String name) { ... } # Example #3: Only allows you to access this method if you are anonymous (not logged in) @PreAuthorize("hasAuthority('ANONYMOUS')") public someMethod() { ... }
For the evaluation of the hasPermission
expressions, we wrote a custom "permission evaluator" DSpacePermissionEvaluator
that uses a plug-in system. If one of the available plug-ins approves the requested permission, the current user is allowed to execute the action. Plugins are dynamically "discovered" using the Spring auto-wiring functionality. The plug-ins we implemented are:
...