orcid profiles exclude non-public metadata

[floriangantner]

…adata security level/visibility before calculating the metadata signature for orcid profile objects

References

• Fixes https://github.com/4Science/DSpace/issues/393 #394 (if this fixes an issue ticket)

Description

Short summary of changes (1-2 sentences). configurable option to exclude non-public metadata based on their metadata security level/visibility before calculating the metadata signature for orcid profile objects.

Instructions for Reviewers

Please add a more detailed description of the changes made by your PR. At a minimum, providing a bulleted list of changes in your PR is helpful to reviewers.

List of changes in this PR:

• introduced configurable option which returns true when the metadata security level is null or 0 . The parameter is some boolean which can be added to the ObjectFactory generating the orcid Profile Section element. By default it is disabled.
• before the list of metadata for the orcid metadata signature is being created each of the metadata values is being checked.
• this prevents metadata with security level 1 (group access) or 2 (owner/administrator) from pushing hidden metadata by mistake

Include guidance for how to test or review your PR. This may include: steps to reproduce a bug, screenshots or description of a new feature, or reasons behind specific changes.

Checklist

This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome). If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!

• [x] My PR is small in size (e.g. less than 1,000 lines of code, not including comments & integration tests). Exceptions may be made if previously agreed upon.
• [ ] My PR passes Checkstyle validation based on the Code Style Guide.
• [ ] My PR includes Javadoc for all new (or modified) public methods and classes. It also includes Javadoc for large or complex private methods.
• [ ] My PR passes all tests and includes new/updated Unit or Integration Tests based on the Code Testing Guide.
• [ ] If my PR includes new libraries/dependencies (in any pom.xml), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.
• [ ] If my PR modifies REST API endpoints, I've opened a separate REST Contract PR related to this change.
• [x] If my PR includes new configurations, I've provided basic technical documentation in the PR itself.
• [ x If my PR fixes an issue ticket, I've linked them together.

[atarix83]

Thanks @floriangantner for this PR

We have reviewed it and we have decided to slightly change the solution proposed. By default the metadata are not sent if security is not null or different than zero. We have removed the property allowedMetadataVisibility and added a further property maxAllowedMetadataVisibility in the AbstractOrcidProfileSectionFactory in order to be able to send anyway metadata with stricter security less or equal the security defined there. e.g. the following configuration will send metadata with security null, 0 or 1, but not if it has security 2

<bean class="org.dspace.orcid.model.factory.impl.OrcidAffiliationFactory">
  <constructor-arg name="sectionType" value="AFFILIATION" />
  <constructor-arg name="preference" value="AFFILIATION" />
  <property name="organizationField" value="${orcid.mapping.affiliation.name}" />
  <property name="roleField" value="${orcid.mapping.affiliation.role}" />
  <property name="startDateField" value="${orcid.mapping.affiliation.start-date}" />
  <property name="endDateField" value="${orcid.mapping.affiliation.end-date}" />
  <property name="maxAllowedMetadataVisibility" value="1" />
</bean>