Fix SWORDv2 deposit with embargo for non-admin submitters

milanmajchrak · milanmajchrak · commit cf6e027e0314 · 2026-04-16T14:06:28.000+02:00
diff --git a/dspace-api/src/main/java/org/dspace/content/packager/AbstractMETSIngester.java b/dspace-api/src/main/java/org/dspace/content/packager/AbstractMETSIngester.java
@@ -25,6 +25,9 @@
 import org.apache.logging.log4j.Logger;
 import org.dspace.app.client.DSpaceHttpClientFactory;
 import org.dspace.authorize.AuthorizeException;
+import org.dspace.authorize.ResourcePolicy;
+import org.dspace.authorize.factory.AuthorizeServiceFactory;
+import org.dspace.authorize.service.AuthorizeService;
 import org.dspace.content.Bitstream;
 import org.dspace.content.BitstreamFormat;
 import org.dspace.content.Bundle;
@@ -127,6 +130,10 @@ public abstract class AbstractMETSIngester extends AbstractPackageIngester {
     protected final ConfigurationService configurationService
             = DSpaceServicesFactory.getInstance().getConfigurationService();
 
+
+    protected final AuthorizeService authorizeService = AuthorizeServiceFactory.getInstance().getAuthorizeService();
+
+
     /**
      * <p>
      * An instance of ZipMdrefManager holds the state needed to retrieve the
@@ -763,11 +770,24 @@ protected void addBitstreams(Context context, Item item,
                 bitstream.setSequenceID(Integer.parseInt(seqID));
             }
 
+            // Get TYPE_SUBMISSION policies before removing them in the `manifest.crosswalkBitstream` method.
+            List<ResourcePolicy> bitstreamPolicies =
+                authorizeService.findPoliciesByDSOAndType(context, bitstream, ResourcePolicy.TYPE_SUBMISSION);
+
             // crosswalk this bitstream's administrative metadata located in
             // METS manifest (or referenced externally)
             manifest.crosswalkBitstream(context, params, bitstream, mfileID,
                                         mdRefCallback);
 
+            // Only add the saved TYPE_SUBMISSION policies if the crosswalk actually removed them to prevent duplicates.
+            if (!bitstreamPolicies.isEmpty()) {
+                List<ResourcePolicy> remainingSubmissionPolicies =
+                    authorizeService.findPoliciesByDSOAndType(context, bitstream, ResourcePolicy.TYPE_SUBMISSION);
+                if (remainingSubmissionPolicies.isEmpty()) {
+                    authorizeService.addPolicies(context, bitstreamPolicies, bitstream);
+                }
+            }
+
             // is this the primary bitstream?
             if (primaryID != null && mfileID.equals(primaryID)) {
                 bundle.setPrimaryBitstreamID(bitstream);
diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/sword2/Swordv2IT.java b/dspace-server-webapp/src/test/java/org/dspace/app/sword2/Swordv2IT.java
@@ -190,6 +190,48 @@ public void mediaResourceUnauthorizedTest() throws Exception {
         assertEquals(response.getStatusCode(), HttpStatus.UNAUTHORIZED);
     }
 
+    /**
+     * There should not be any Internal Server/Authorization error when uploading a new Item with embargo
+     * The embargo is defined in the `mets.xml` of the `example-embargo.zip` file
+     */
+    @Test
+    public void depositItemWithEmbargo() throws Exception {
+        context.turnOffAuthorisationSystem();
+        // Create a top level community and one Collection
+        parentCommunity = CommunityBuilder.createCommunity(context)
+                .withName("Parent Community")
+                .build();
+        // Make sure our Collection allows the "eperson" user to submit into it
+        Collection collection = CollectionBuilder.createCollection(context, parentCommunity)
+                .withName("Test SWORDv2 Collection")
+                .withSubmitterGroup(eperson)
+                .build();
+        // Above changes MUST be committed to the database for SWORDv2 to see them.
+        context.commit();
+        context.restoreAuthSystemState();
+
+        // Add file
+        LinkedMultiValueMap<Object, Object> multipart = new LinkedMultiValueMap<>();
+        multipart.add("file", new FileSystemResource(Path.of("src", "test", "resources",
+                "org", "dspace", "app", "sword2", "example-embargo.zip")));
+        // Add required headers
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.MULTIPART_FORM_DATA);
+        headers.setContentDisposition(ContentDisposition.attachment().filename("example-embargo.zip").build());
+        headers.set("Packaging", "http://purl.org/net/sword/package/METSDSpaceSIP");
+        headers.setAccept(List.of(MediaType.APPLICATION_ATOM_XML));
+
+
+        // Send POST to upload Zip file via SWORD
+        ResponseEntity<String> response = postResponseAsString(COLLECTION_PATH + "/" + collection.getHandle(),
+                eperson.getEmail(), password,
+                new HttpEntity<>(multipart, headers));
+
+        // Expect a 201 CREATED response with ATOM "entry" content returned
+        assertEquals(HttpStatus.CREATED, response.getStatusCode());
+        assertEquals(ATOM_ENTRY_CONTENT_TYPE, response.getHeaders().getContentType().toString());
+    }
+
     /**
      * This tests four different SWORDv2 actions, as these all require starting with a new deposit.
      * 1. Depositing a new item via SWORD (via POST /collections/[collection-uuid])
diff --git a/dspace-server-webapp/src/test/resources/org/dspace/app/sword2/example-embargo.zip b/dspace-server-webapp/src/test/resources/org/dspace/app/sword2/example-embargo.zip
diff --git a/dspace-swordv2/src/main/java/org/dspace/sword2/CollectionDepositManagerDSpace.java b/dspace-swordv2/src/main/java/org/dspace/sword2/CollectionDepositManagerDSpace.java
@@ -151,6 +151,9 @@ public DepositReceipt createNew(String collectionUri, Deposit deposit,
             sc.commit();
 
             return receipt;
+        } catch (SwordAuthException e) {
+            log.error("caught exception:", e);
+            throw e;
         } catch (DSpaceSwordException e) {
             log.error("caught exception:", e);
             throw new SwordServerException(
diff --git a/dspace-swordv2/src/main/java/org/dspace/sword2/SwordMETSContentIngester.java b/dspace-swordv2/src/main/java/org/dspace/sword2/SwordMETSContentIngester.java
@@ -10,10 +10,12 @@
 import java.io.File;
 
 import org.apache.logging.log4j.Logger;
+import org.dspace.authorize.AuthorizeException;
 import org.dspace.content.Collection;
 import org.dspace.content.DSpaceObject;
 import org.dspace.content.Item;
 import org.dspace.content.WorkspaceItem;
+import org.dspace.content.crosswalk.CrosswalkException;
 import org.dspace.content.factory.ContentServiceFactory;
 import org.dspace.content.packager.PackageIngester;
 import org.dspace.content.packager.PackageParameters;
@@ -28,6 +30,7 @@
 import org.swordapp.server.SwordAuthException;
 import org.swordapp.server.SwordError;
 import org.swordapp.server.SwordServerException;
+import org.swordapp.server.UriRegistry;
 
 public class SwordMETSContentIngester extends AbstractSwordContentIngester {
     /**
@@ -181,6 +184,12 @@ public DepositResult ingestToCollection(Context context, Deposit deposit,
         } catch (RuntimeException re) {
             log.error("caught exception: ", re);
             throw re;
+        } catch (AuthorizeException e) {
+            log.error("caught exception: ", e);
+            throw new SwordAuthException(e);
+        } catch (CrosswalkException e) {
+            log.error("caught exception: ", e);
+            throw new SwordError(UriRegistry.ERROR_BAD_REQUEST, e.getMessage(), e);
         } catch (Exception e) {
             log.error("caught exception: ", e);
             throw new DSpaceSwordException(e);
