OO-2498: apply the same check in the callout as in the security check

src/main/java/org/olat/repository/RepositoryManager.java

@@ -1227,7 +1227,7 @@ public class RepositoryManager {
 	 * check ownership of identity for a resource
 	 * @return true if the identity is member of the security group of the repository entry
 	 */
-	public boolean isOwnerOfRepositoryEntry(Identity identity, RepositoryEntry entry) {
+	public boolean isOwnerOfRepositoryEntry(IdentityRef identity, RepositoryEntryRef entry) {
 		if(entry == null || identity == null) {
 			return false;
 		}

src/main/java/org/olat/repository/ui/author/AuthorDeletedListController.java

@@ -114,13 +114,18 @@ public class AuthorDeletedListController extends AuthorListController {
 			}
 			cleanUp();
 		} else if(confirmRestoreCtrl == source) {
-			if(cmc != null) {
-				cmc.deactivate();
-			}
 			if(event == Event.DONE_EVENT || event == Event.CHANGED_EVENT) {
+				if(cmc != null) {
+					cmc.deactivate();
+				}
 				reloadRows();
+				cleanUp();
+			} else if(event == Event.CANCELLED_EVENT) {
+				if(cmc != null) {
+					cmc.deactivate();
+				}
+				cleanUp();
 			}
-			cleanUp();
 		} else if(dToolsCtrl == source) {
 			if(event == Event.DONE_EVENT) {
 				toolsCalloutCtrl.deactivate();
@@ -185,14 +190,15 @@ public class AuthorDeletedListController extends AuthorListController {
 			toolsCalloutCtrl.activate();
 		}
 	}
-	
 
 	private void doRestore(UserRequest ureq, List<AuthoringEntryRow> rows) {
 		Roles roles = ureq.getUserSession().getRoles();
 		List<Long> deleteableRowKeys = new ArrayList<>(rows.size());
 		for(AuthoringEntryRow row:rows) {
 			boolean managed = RepositoryEntryManagedFlag.isManaged(row.getManagedFlags(), RepositoryEntryManagedFlag.delete);
-			boolean canDelete = roles.isOLATAdmin() || repositoryManager.isInstitutionalRessourceManagerFor(getIdentity(), roles, row);
+			boolean canDelete = roles.isOLATAdmin()
+					|| repositoryService.hasRole(getIdentity(), row, GroupRoles.owner.name())
+					|| repositoryManager.isInstitutionalRessourceManagerFor(getIdentity(), roles, row);
 			if(canDelete && !managed) {
 				deleteableRowKeys.add(row.getKey());
 			}
@@ -263,9 +269,9 @@ public class AuthorDeletedListController extends AuthorListController {
 			Roles roles = ureq.getUserSession().getRoles();
 			boolean isInstitutionalResourceManager = !roles.isGuestOnly()
 						&& repositoryManager.isInstitutionalRessourceManagerFor(identity, roles, entry);
-			isOwner = isOlatAdmin || repositoryService.hasRole(ureq.getIdentity(), entry, GroupRoles.owner.name())
+			isOwner = isOlatAdmin || repositoryService.hasRole(identity, entry, GroupRoles.owner.name())
 						|| isInstitutionalResourceManager;
-			isAuthor = isOlatAdmin || roles.isAuthor() | isInstitutionalResourceManager;
+			isAuthor = isOlatAdmin || roles.isAuthor() || isInstitutionalResourceManager;
 			
 			RepositoryHandler handler = repositoryHandlerFactory.getRepositoryHandler(entry);
 

src/main/java/org/olat/repository/ui/author/ConfirmRestoreController.java

@@ -134,5 +134,6 @@ public class ConfirmRestoreController extends FormBasicController {
 				fireEvent(ureq, new EntryChangedEvent(reloadedEntry, getIdentity(), Change.restored, "restored"));
 			}
 		}
+		fireEvent(ureq, Event.DONE_EVENT);
 	}
 }
\ No newline at end of file