Contract for findItemsWithEdit search method

[ybnd]

This search method was added in DSpace/DSpace#8616 to support the edit Item modal.

[abollini]

Thanks it almost aligns with other search methods in the collection endpoint, just a small comment to restrict it to authenticated user

[tdonohue]

@ybnd and @KoenP : This looks good overall, but the new endpoint needs to be only available to logged in Users. See @abollini 's comment & mine below.

[ybnd]

@tdonohue @abollini added the HTTP 401 response, REST PR will be updated soon.

Note that the very similar Collection findSubmitAuthorized* methods aren't limited to authenticated users either. Maybe they should be too?

[tdonohue]

👍 Thanks @ybnd ! This looks good now.

(Regarding the other similar methods, I'd anticipate they likely also should require authentication. So, that would sound like a bug to me, unless there's a documented reason why they are public endpoints. It's likely not a real security issue, since they should always return no permissions for anonymous users, but it does sound like a bug.)

[abollini]

thanks @ybnd my feedback as been addressed.
@tdonohue the discussion about the collection endpoint is of course out-of-scope of this PR but I like to anticipate that imho it is not a bug. We have had a use case some year ago where an institution allow anonymous deposit, it may be not supported out-of-box right now but it could be valid. Of course in a such scenario the Institution should have a validation workflow inplace

[github-actions]

Hi @ybnd,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!