diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanManageMappingsFeature.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanManageMappingsFeature.java index 75e83860dd4a..37356c8006bf 100644 --- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanManageMappingsFeature.java +++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/authorization/impl/CanManageMappingsFeature.java @@ -64,14 +64,18 @@ public boolean isAuthorized(Context context, BaseObjectRest object) throws SQLEx } if (object instanceof ItemRest) { Item item = itemService.find(context, UUID.fromString(((ItemRest) object).getUuid())); - if (!authorizeService.authorizeActionBoolean(context, item, Constants.WRITE)) { + if (item == null || !authorizeService.authorizeActionBoolean(context, item, Constants.WRITE)) { return false; } + // An orphaned item (e.g. one whose owning collection was lost) has no owning collection. + // Guard against it so the feature evaluation does not throw a NullPointerException. + Collection owningCollection = item.getOwningCollection(); try { Optional collections = collectionService.findCollectionsWithSubmit(StringUtils.EMPTY, context, null, 0, Integer.MAX_VALUE) .stream() - .filter(c -> !c.getID().equals(item.getOwningCollection().getID())) + .filter(c -> owningCollection == null + || !c.getID().equals(owningCollection.getID())) .filter(c -> { try { return collectionService.canEditBoolean(context, c);