Merge branch 'main' of https://github.com/DSpace/RestContract into CS…

…T-11298

README.md

@@ -66,6 +66,11 @@ Creates a new resource (object) and adds it to the group. Any required data (i.e
 - `GET` -
 Returns the first page of the resources in the group (or collection). See [Pagination](#pagination) section. 
 
+- `PATCH` -
+  Allows for batch updates (e.g. batch deletion via Patch 'remove' operation) to several resources in the collection at once.
+  The request body must adhere to the the [JSON Patch specification RFC6902](https://tools.ietf.org/html/rfc6902).
+  See [General rules for the Patch operation](patch.md) for more details.
+
 ### On Single Resource Endpoints
 
 This type of endpoint interacts with a single, existing resource (object). For example: `/api/core/items/<:uuid>` references a single Item resource.
@@ -165,16 +170,16 @@ An example
 ```
 "_links": {
     "first": {
-      	"href": "http://localhost:8080/dspace-spring-rest/api/core/bitstreams?page=0&size=5"
+      	"href": "http://localhost:8080/server/api/core/bitstreams?page=0&size=5"
     },
     "self": {
-      	"href": "http://localhost:8080/dspace-spring-rest/api/core/bitstreams"
+      	"href": "http://localhost:8080/server/api/core/bitstreams"
     },
     "next": {
-      	"href": "http://localhost:8080/dspace-spring-rest/api/core/bitstreams?page=1&size=5"
+      	"href": "http://localhost:8080/server/api/core/bitstreams?page=1&size=5"
     },
     "last": {
-        "href": "http://localhost:8080/dspace-spring-rest/api/core/bitstreams?page=2&size=5"
+        "href": "http://localhost:8080/server/api/core/bitstreams?page=2&size=5"
     }
 }
 ```

authentication.md

@@ -1,7 +1,8 @@
 # Authentication
 [Back to the list of all defined endpoints](endpoints.md)
 
-The authentication mechanism since DSpace 7 is based on JSON Web Token
+The authentication mechanism since DSpace 7 is based on JSON Web Token (JWT / RFC 7519).
+
 Information about the underline implementation are [available on the wiki](https://wiki.duraspace.org/display/DSPACE/REST+Authentication)
 
 ## Login
@@ -21,10 +22,10 @@ Return codes
 Parameters must be sent in the body of a `x-www-form-urlencoded` request, i.e
 
 ```
-curl -v -X POST https://{dspace-server.url}/server/api/authn/login --data "user=dspacedemo%2Badmin%40gmail.com&password=dspace" -H "X-XSRF-TOKEN: {csrf-token}"
+curl -v -X POST https://{dspace-server.url}/server/api/authn/login --data "user=dspacedemo%2Badmin%40gmail.com&password=dspace" -H "X-XSRF-TOKEN: {csrf-token}" -b "DSPACE-XSRF-COOKIE={xsrf-cookie}"
 ```
 
-Please note that authentication requires passing a valid [CSRF token](csrf-tokens.md), previously obtained from the REST API. Also note that `curl` assumes `-H 'Content-Type: application/x-www-form-urlencoded'` for a POST request as default. 
+Please note that authentication requires passing a valid [CSRF token](csrf-tokens.md) header and cookie, previously obtained from the REST API. Also note that `curl` assumes `-H 'Content-Type: application/x-www-form-urlencoded'` for a POST request as default.
 
 This call will return a JWT (JSON Web Token) in the response in the Authorization header according to the [bearer scheme](https://datatracker.ietf.org/doc/html/rfc6750#section-2.1). This token has to be used in subsequent calls to provide your authentication details. For example:
 
@@ -192,14 +193,9 @@ Return codes
 - 200 Ok. 
 - 401 Unauthorized. If no user is logged in
 
-## Request short lived token using GET
-
 **GET /api/authn/shortlivedtokens**
 
-The short lived token can also be retrieved using GET, if it originates from a trusted IP.
-
-This can be used by Angular to retrieve a short lived token when a POST is not possible.
-It works identical to the [POST endpoint](#request-short-lived-token)
+_As of 7.5, this option is no longer supported._  Please use POST instead (see above).
 
 ### Using short lived token
 

bitstreamformats.md

@@ -6,7 +6,7 @@
 
 Provide access to the bitstream formats defined in the registry (DBMS based). It returns the list of existent metadata fields.
 
-Example: <https://dspace7.4science.cloud/dspace-spring-rest/#https://dspace7.4science.cloud/dspace-spring-rest/api/core/bitstreamformats>
+Example: <https://api7.dspace.org/server/#https://api7.dspace.org/server/api/core/bitstreamformats>
 
 **POST /api/core/bitstreamformats**   
 

bitstreams.md

@@ -41,7 +41,7 @@ Bitstream metadata can be modified as described in [Modifying metadata via Patch
 ### Format
 **GET /api/core/bitstreams/<:uuid>/format**
 
-Example: <http://dspace7.4science.it/dspace-spring-rest/#http://dspace7.4science.it/dspace-spring-rest/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/format>
+Example: <https://api7.dspace.org/server/#https://api7.dspace.org/server/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/format>
 
 It returns the format of the bitstream
 
@@ -51,7 +51,7 @@ Update the bitstream format of the bitstream
 
 Sample CURL command:
 ```
-curl -i -X PUT 'https://dspace7-entities.atmire.com/rest/api/core/bitstreams/6ba01288-8a5a-4acf-96f1-fd0730424a1f/format' -H 'Authorization: Bearer eyJhbGciO…' -H "Content-Type:text/uri-list" --data 'https://dspace7-entities.atmire.com/rest/api/core/bitstreamformats/6'
+curl -i -X PUT 'https://api7.dspace.org/server/api/core/bitstreams/6ba01288-8a5a-4acf-96f1-fd0730424a1f/format' -H 'Authorization: Bearer eyJhbGciO…' -H "Content-Type:text/uri-list" --data 'https://api7.dspace.org/server/api/core/bitstreamformats/6'
 ```
 
 The uri-list should always contain exactly 1 bitstream format. This bitstream format will be assigned to the bitstream
@@ -73,7 +73,7 @@ Keep in mind that there's a change to dc.format in the API related to bitstream
 ### Bundle
 **GET /api/core/bitstreams/<:uuid>/bundle**
 
-Example: <http://dspace7.4science.it/dspace-spring-rest/#http://dspace7.4science.it/dspace-spring-rest/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/bundle>
+Example: <https://api7.dspace.org/server/#https://api7.dspace.org/server/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/bundle>
 
 It returns the bundle of the bitstream
 
@@ -83,7 +83,7 @@ Move the bitstream to another bundle
 
 Sample CURL command:
 ```
-curl -i -X PUT 'https://dspace7-entities.atmire.com/rest/api/core/bitstreams/6ba01288-8a5a-4acf-96f1-fd0730424a1f/bundle' -H 'Authorization: Bearer eyJhbGciO…' -H "Content-Type:text/uri-list" --data 'https://dspace7-entities.atmire.com/rest/api/core/bundles/0b3c0ebf-83bc-4017-afa1-9df37a1a065c'
+curl -i -X PUT 'https://api7.dspace.org/server/api/core/bitstreams/6ba01288-8a5a-4acf-96f1-fd0730424a1f/bundle' -H 'Authorization: Bearer eyJhbGciO…' -H "Content-Type:text/uri-list" --data 'https://api7.dspace.org/server/api/core/bundles/0b3c0ebf-83bc-4017-afa1-9df37a1a065c'
 ```
 
 The uri-list should always contain exactly 1 bitstream format. This bitstream format will be assigned to the bitstream
@@ -98,7 +98,7 @@ Error codes:
 ### Content
 **/api/core/bitstreams/<:uuid>/content**
 
-Example: <http://dspace7.4science.it/dspace-spring-rest/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/content>
+Example: <https://api7.dspace.org/server/api/core/bitstreams/8d33bdfb-e7ba-43e6-a93a-f445b7e8a1e2/content>
 
 It returns the actual content (bits) described by the bitstream
 
@@ -150,10 +150,40 @@ Return codes:
 * 422 Unprocessable Entity - if the provided uuid cannot be resolved to an item regardless to the item status
 
 ## DELETE Method
+
+### Single Bitstream Delete
 Delete a bitstream. Works for normal bitstreams in an Item (bundle), and a community or collection logo
 
 * 204 No content - if the operation succeed
 * 401 Unauthorized - if you are not authenticated
 * 403 Forbidden - if you are not loggedin with sufficient permissions
 * 404 Not found - if the bitstream doesn't exist (or was already deleted)
 * 422 Unprocessable Entity - if the bitstream is a community or collection logo
+
+### Multiple Bitstreams Delete
+Delete a list of Bitstreams in one request. This will work for any list of Bitstreams that are attached to an item, will mostly be used in the item admin edit
+
+* 204 No content - if the operation succeeded
+* 401 Unauthorized -  if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions
+* 404 Not found - if any of the bitstreams in the list haven't been found or are already deleted
+* 422 Unprocessable Entity - If one or more of the given Bitstreams aren't attached to an Item.
+
+A sample CURL command would be:
+```
+curl -i -X PATCH 'https://demo7.dspace.org/server/api/core/bitstreams -H 'Authorization: Bearer eyJhbGciO…' -H "content-type: application/json" --data '[ { "op": "remove", "path": "/bitstreams/12623672-25a9-4df2-ab36-699c4c240c7e"}, { "op": "remove", "path": "/bitstreams/5a3f7c7a-d3df-419c-8a2-f00ede62c60a"}]'
+```
+
+The Patch contents is:
+```json
+[
+  {
+    "op": "remove",
+    "path": "/bitstreams/12623672-25a9-4df2-ab36-699c4c240c7e"
+  },
+  {
+    "op": "remove",
+    "path": "/bitstreams/5a3f7c7a-d3df-419c-8a2-f00ede62c60a"
+  }
+]
+```

browses.md

@@ -6,7 +6,30 @@
 
 Provide access to the browse system (SOLR based). It returns the list of available browse indexes.
 
-Example: <http://dspace7.4science.it/dspace-spring-rest/#/dspace-spring-rest/api/discover/browses>
+Example: <https://{dspace.server.url}/api/discover/browses>
+
+## Browse types
+
+There are currently types of browse, each behaving differently:
+* `valueList`:
+  * The browse index has two levels
+  * The 1st level shows the list of entries like author names, subjects, types, etc
+  * The second level is the actual list of items linked to a specific entry
+  * The `items` link is not used
+  * The `entries` link is used to render the author names, subjects, types, etc
+  * The `vocabulary` link is not used
+* `flatBrowse`:
+  * The browse index has one level: the full list of items
+  * The `items` link is used to render this list of items
+  * The `entries` link is not used
+  * The `vocabulary` link is not used
+* `hierarchicalBrowse`:
+  * The browse index displays the vocabulary tree
+  * The 1st level shows the tree
+  * The second level is the actual list of items linked to a specific entry
+  * The `items` link is not used
+  * The `entries` link is not used
+  * The `vocabulary` link is used to render the tree
 
 ## Single browse index 
 **/api/discover/browses/<:index-name>**
@@ -15,6 +38,7 @@ Provide detailed information about a specific browse index and access to the lis
 ```json
 {
   "id": "title",
+  "browseType": "flatBrowse",
   "metadataBrowse": false,
   "dataType": "title",
   "sortOptions": [
@@ -40,6 +64,9 @@ Provide detailed information about a specific browse index and access to the lis
 ```
 
 * id: the identifier for the browse index
+* browseType:
+  * `valueList` if the browse index has two levels, the 1st level shows the list of entries like author names, subjects, types, etc. the second level is the actual list of items linked to a specific entry
+  * `flatBrowse` if the browse index has one level: the full list of items
 * metadataBrowse: true if the browse index have two level, the 1st level shows the list of entries like author names, subjects, types, etc. the second level is the actual list of items linked to a specific entry
 * dataType: the kind of data indexed. Can have the values "title" for item titles, "date" for date fields or "text" for other metadata
 * sortOptions: the sort options available for this index
@@ -54,11 +81,62 @@ Error codes:
 
 **404** if the browse index doesn't exist
 
+## Hierarchical browse index 
+**/api/discover/browses/<:index-name>**
+
+Provide detailed information about a specific hierarchical browse index and access to the parameters required to access the list of items and entries. The JSON response document is as follows
+```json
+{
+  "id": "keyword",
+  "browseType": "hierarchicalBrowse",
+  "facetType": "subject",
+  "vocabulary": "srsc",
+  "type": "browse",
+  "metadata": [
+    "dc.subject"
+  ],
+  "_links" : {
+    "vocabulary" : {
+      "href" : "/server/api/submission/vocabularies/srsc"
+    }
+  }
+} 
+```
+
+* id: the identifier for the browse index
+* browseType: `hierarchicalBrowse` if the browse index should display the vocabulary tree. The 1st level shows the tree. The second level is the actual list of items linked to a specific entry
+* facetType: the discovery filter to use to filter the items
+* vocabulary: the name of the vocabulary containing the tree
+* metadata: the list of metadata used to build this index
+
+Exposed links:
+* vocabulary: link to the vocabulary containing the tree
+
+Error codes:
+
+**404** if the browse index doesn't exist
+
+## Browse indexes configured for metadata linking
+### Get a single index configured as browse links for the given metadata fields
+**/api/discover/browses/search/byFields?fields=<:field>**
+
+Example: <https://{dspace.server.url}/api/discover/browses/search/byFields?fields=dc.contributor.author&fields=dc.creator>
+
+Provide detailed information about a specific browse index and access to the list of items and entries in the index. The JSON response document is as the previous section.
+
+The supported parameters are:
+* fields: A metadata field name, eg. dc.contributor.author. This parameter is repeatable.
+
+Error codes:
+
+**204** if none of the fields are configured for browse or browse links
+**400** if the fields parameter is missing
+
 ## Browse entries
 ### Metadata browse 1st level
 **/api/discover/browses/<:index-name>/entries**
 
-Example: <http://dspace7.4science.it/dspace-spring-rest/#http://dspace7.4science.it/dspace-spring-rest/api/discover/browses/author/entries>
+Example: <https://{dspace.server.url}/api/discover/browses/author/entries>
 
 It returns a collection of BrowseEntryResource the JSON document looks like
 ```json
@@ -73,7 +151,7 @@ It returns a collection of BrowseEntryResource the JSON document looks like
         "count": 1,
         "_links": {
           "items": {
-            "href": "http://dspace7.4science.it/dspace-spring-rest/api/discover/browses/author/items?filterValue=Arulmozhiyal, Ramaswamy"
+            "href": "https://api7.dspace.org/server/api/discover/browses/author/items?filterValue=Arulmozhiyal, Ramaswamy"
           }
         }
       },
@@ -103,9 +181,9 @@ Error codes:
 
 Examples:
 
-item browse: <http://dspace7.4science.it/dspace-spring-rest/#http://dspace7.4science.it/dspace-spring-rest/api/discover/browses/dateissued/items>
+item browse: <https://{dspace.server.url}/api/discover/browses/dateissued/items>
 
-2nd level metadata browse: <http://dspace7.4science.it/dspace-spring-rest/#http://dspace7.4science.it/dspace-spring-rest/api/discover/browses/author/items?filterValue=Arulmozhiyal, Ramaswamy>
+2nd level metadata browse: <https://{dspace.server.url}/api/discover/browses/author/items?filterValue=Arulmozhiyal, Ramaswamy>
 
 The supported parameters are:
 * page, size & sort [see pagination](README.md#Pagination): the sort name must be one of the name specified in the sortOptions.name of the browse index or *default*, followed by a comma and the order direction. For example sort=default,asc or sort=dateissued,desc

bulkaccessconditionoptions.md

@@ -0,0 +1,78 @@
+# BulkAccessConditionOptions Endpoints
+[Back to the list of all defined endpoints](endpoints.md)
+
+## Main Endpoint
+**/api/config/bulkaccessconditionoptions**   
+
+Provide access to the existent configurations for the bulk access control management. It returns the list of existent BulkAccessConfig.
+The BulkAccessConfig aggregates in a single place the configuration needed to the access section of the bulk access control management at the item and bitstream level.
+
+Please note that currently only a single repository wide configuration is supported and it is configured in the backend `/config/spring/api/access-conditions.xml` file, so this endpoint will list a single configuration.
+
+Status codes:
+* 200 OK - if the operation succeed
+* 401 Unauthorized - if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions. This endpoint is only accessible ot user that has administrative priviled over at least one community, collection or item limited to the resources that they admin.
+
+## Single bulkaccessconditionoptions-Form 
+**/api/config/bulkaccessconditionoptions/<:config-name>**
+
+*:config-name* the bulk access control management configuration name to retrieve
+
+Please note that currently only a single repository wide configuration is supported and it is named `default`
+
+Provide detailed information about a specific input-form. The JSON response document is as follows:
+```json
+{
+  "id": "default",
+  "itemAccessConditionOptions": [
+		{
+ 			"name": "openaccess"
+		},
+		{
+ 			"name": "administrator"
+		},  	 			
+		{
+ 			"name": "embargo",
+ 			"hasStartDate": true,
+ 			"maxStartDate": "2018-06-24T00:40:54.970+0000"
+		},
+		{
+ 			"name": "lease",
+ 			"hasEndDate": true,
+ 			"maxEndDate": "2017-12-24T00:40:54.970+0000"
+		}
+  ],
+  "bitstreamAccessConditionOptions": [
+		{
+ 			"name": "openaccess"
+		},
+		{
+ 			"name": "administrator"
+		},  	 			
+		{
+ 			"name": "embargo",
+ 			"hasStartDate": true,
+ 			"maxStartDate": "2018-06-24T00:40:54.970+0000"
+		},
+		{
+ 			"name": "lease",
+ 			"hasEndDate": true,
+ 			"maxEndDate": "2017-12-24T00:40:54.970+0000"
+		}
+  ]
+}
+```
+
+The attributes of the objects in the **itemAccessConditionOptions** and **bitstreamAccessConditionOptions** arrays are as follow:
+* The *name* attribute is an identifier that can be used by the REST client (the UI) to present the different options to the user, maybe translating it in an human readable format using i18n, and by the backend to create the ResourcePolicy to apply to the accessed item using and validating the additional inputs provided by the user where required.
+* If there is a *hasStartDate* attribute and it is true, the access condition to be applied requires to specify a startDate that must be less or equal than the value of the *maxStartDate* attribute (if null any date is acceptable)
+* If there is a *hasEndDate* attribute and it is true, the access condition to be applied requires to specify an endDate that must be less or equal than the value of the *maxEndDate* attribute (if null any date is acceptable). If a startDate is supplied the endDate must be greater than the startDate
+
+Obviously, **itemAccessConditionOptions** provides the list of options acceptable at the item level whereas **bitstreamAccessConditionOptions** provides the list of options suitable at the bitstream level
+
+Status codes:
+* 200 OK - if the operation succeed
+* 401 Unauthorized - if you are not authenticated
+* 403 Forbidden - if you are not logged in with sufficient permissions. This endpoint is only accessible ot user that has administrative priviled over at least one community, collection or item limited to the resources that they admin.
+* 404 Not Found - if you request any configuration other than `default`