Contribute to the DSpace Development Fund

The newly established DSpace Development Fund supports the development of new features prioritized by DSpace Governance. For a list of planned features see the fund wiki page.

Background

At Leiden University, The Netherlands, we wanted to hide some collections and communities from the Communities and Collections page. This is because we have a special community for all our harvest collections (that include a subset of items from our normal collections), but we did not want to show them to the normal user.

Also, we have a community for a special group within our University, and we wanted to be able to show this community only to people working at this special group.

How it works

It is possible in DSpace to set read access rights to a collection, as you would normally do with items. But for a collection, nothing is done with those access rights if the collection is displayed.

It works by authorizing the READ policy of a community or a collection before it is shown in a Community or Collection list.

If one knows the handle of a hidden community/collection, you can still see it anyway. It is not that access is totally denied to you, it will only not show up on the list if you do not have READ permission.

See it at

If you go to our Communities & Collections page, you cannot see all our communities, because the harvest community is hidden:

https://openaccess.leidenuniv.nl/

or

https://openaccess.leidenuniv.nl/community-list

But if you go directly to it, you can see it:

https://openaccess.leidenuniv.nl/handle/1887/628

Which DSpace version

The modifications I made were originally made to DSpace 1.3.2. It is ported to DSpace version 1.6 and tested on the XMLUI version, but due to the nature of the changes it should also work fine on the JPSUI version.

How to install

Only one file needs to be changed, so make a backup copy of that file! In version 1.6 use a locally changed version of the original file.

Step 1: Change file src/org/dspace/content/Community.java

  • near line 276 (v1.3.2) / line 303 (v1.6) change the code in function findAllTop from (in v1.6 this looks a bit different):
            // First check the cache
            Community fromCache = (Community) context.fromCache(
                    Community.class, row.getIntColumn("community_id"));
            if (fromCache != null)
            \{
                topCommunities.add(fromCache);
            \}
            else
            \{
                topCommunities.add(new Community(context, row));
            \}

to this:

            // First check the cache
            Community aCommunity = (Community) context.fromCache(
                    Community.class, row.getIntColumn("community_id"));
            if (aCommunity == null) \{
                aCommunity = new Community(context, row);
            \}
            if (AuthorizeManager.authorizeActionBoolean(context,aCommunity,Constants.READ)) \{
              topCommunities.add(aCommunity);
            \}
  • near line 455 (v1.3.2) / 467 (v1.4.2) / 628 (v1.6) change the code in function getCollections from (in v1.6 this looks a bit different):
            // First check the cache
            Collection fromCache = (Collection) ourContext.fromCache(
                    Collection.class, row.getIntColumn("collection_id"));
            if (fromCache != null)
            \{
                collections.add(fromCache);
            \}
            else
            \{
                collections.add(new Collection(ourContext, row));
            \}

to this:

            // First check the cache
            Collection aCollection = (Collection) ourContext.fromCache(
                    Collection.class, row.getIntColumn("collection_id"));
            if (aCollection == null) \{
               aCollection = new Collection(ourContext, row);
            \}
            if (AuthorizeManager.authorizeActionBoolean(ourContext,aCollection,Constants.READ)) \{
              collections.add(aCollection);
            \}
  • near line 504 (v1.3.2) / 515 (v1.4.2) / 687 (v1.6) change the code in function getSubcommunities from:
            // First check the cache
            Community fromCache = (Community) ourContext.fromCache(
                    Community.class, row.getIntColumn("community_id"));
            if (fromCache != null)
            \{
                subcommunities.add(fromCache);
            \}
            else
            \{
                subcommunities.add(new Community(ourContext, row));
            \}

to this:

            // First check the cache
            Community aCommunity = (Community) ourContext.fromCache(
                    Community.class, row.getIntColumn("community_id"));
            if (aCommunity == null) \{
                aCommunity = new Community(ourContext, row);
            \}
            if (AuthorizeManager.authorizeActionBoolean(ourContext,aCommunity,Constants.READ)) \{
              subcommunities.add(aCommunity);
            \}

Step 2: Change community and/or collection authorizations

  • log on as an administrator
  • navigate to the community or collection you want to hide
  • click on the edit button near "Community's Authorizations:" or "Collection's Authorizations:"
  • change or delete the anonymous READ policy

Step 3: build / install / restart

Do the stuff you normally do when deploying a new version of DSpace.

Step 4: test it

  • make sure you are not logged on
  • go to your Communities & Collections list page (/community-list)
  • your community or collection you just changed, should not be visible
  • log on as someone who should be able to see your community or collection (administrators can always see it)
  • go to your Communities & Collections list page (/community-list)
  • your community or collection should not be visible

Things to do

This functionality can be extended by also checking authorization:

  • if one goes directly to a community/collection page by use of a handle
  • of the (owning) collection when displaying an item
  • when displaying the "Appears in Collections:" label
  • when harvesting (to keep some collections from being harvested)

Contact me

If you need help, or have any comments, or you just want to inform me that you (are going to) use this, please contact me at: schaik at library dot leidenuniv dot nl

  • No labels

1 Comment

  1. Andrea Schweer

    To prevent collections/communities without anonymous READ access from being harvested, you just need to make the same changes you describe above in the findAll(Context context) method in Community.java and in Collection.java. That prevents the communities/collections from being included in the list of sets.

    Restricting harvester access to the actual items can be controlled via dspace.cfg

     #### Restricted item visibilty settings ###
# By default RSS feeds, OAI-PMH and subscription emails will include ALL items
# regardless of permissions set on them.
#
# If you wish to only expose items through these channels where the ANONYMOUS
# user is granted READ permission, then set the following options to false
#
# Warning: In large repositories, setting harvest.includerestricted.oai to false may cause
# performance problems as all items will need to have their authorization permissions checked,
# but because DSpace has not implemented resumption tokens in ListIdentifiers, ALL items will
# need checking whenever a ListIdentifers request is made.
#
harvest.includerestricted.rss = false
harvest.includerestricted.oai = false
harvest.includerestricted.subscription = false

All content on the LYRASIS Wiki is licensed under the CC BY (Attribution) license, unless otherwise noted.