dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #12518
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 3870: Changed behavior of add/update user: A user can only assign user roles to a new user with less au...
------------------------------------------------------------
revno: 3870
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2011-06-11 10:15:29 +0200
message:
Changed behavior of add/update user: A user can only assign user roles to a new user with less authorities than himself.
added:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2011-06-11 08:15:29 +0000
@@ -63,6 +63,8 @@
private String phoneNumber;
+ private UserCredentials userCredentials;
+
/**
* All OrgUnits where the user could belong
*
@@ -227,6 +229,16 @@
this.phoneNumber = phoneNumber;
}
+ public UserCredentials getUserCredentials()
+ {
+ return userCredentials;
+ }
+
+ public void setUserCredentials( UserCredentials userCredentials )
+ {
+ this.userCredentials = userCredentials;
+ }
+
public Collection<OrganisationUnit> getOrganisationUnits()
{
return organisationUnits;
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2010-04-21 19:45:12 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2011-06-11 08:15:29 +0000
@@ -38,7 +38,8 @@
*/
public class UserAuthorityGroup
{
-
+ public static final String AUTHORITY_ALL = "ALL";
+
private int id;
/**
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-05-05 21:14:56 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-06-11 08:15:29 +0000
@@ -61,6 +61,48 @@
private String password;
private Set<UserAuthorityGroup> userAuthorityGroups = new HashSet<UserAuthorityGroup>();
+
+ // -------------------------------------------------------------------------
+ // Logic
+ // -------------------------------------------------------------------------
+
+ /**
+ * Returns a set of the aggregated authorities for all user authority groups
+ * of this user credentials.
+ */
+ public Set<String> getAllAuthorities()
+ {
+ Set<String> authorities = new HashSet<String>();
+
+ for ( UserAuthorityGroup group : userAuthorityGroups )
+ {
+ authorities.addAll( group.getAuthorities() );
+ }
+
+ return authorities;
+ }
+
+ /**
+ * Indicates whether this user credentials can issue the given user authority
+ * group. First the given authority group must not be null. Second this
+ * user credentials must not contain the given authority group. Third
+ * the authority group must be a subset of the aggregated user authorities
+ * of this user credentials, or this user credentials must have the ALL
+ * authority.
+ *
+ * @param group the user authority group.
+ */
+ public boolean canIssue( UserAuthorityGroup group )
+ {
+ if ( group == null || userAuthorityGroups.contains( group ) )
+ {
+ return false;
+ }
+
+ final Set<String> authorities = getAllAuthorities();
+
+ return ( authorities.contains( UserAuthorityGroup.AUTHORITY_ALL ) || authorities.containsAll( group.getAuthorities() ) );
+ }
// -------------------------------------------------------------------------
// hashCode and equals
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml 2011-05-28 21:25:46 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml 2011-06-11 08:15:29 +0000
@@ -20,6 +20,8 @@
<property name="phoneNumber" length="80" />
+ <one-to-one name="userCredentials" class="org.hisp.dhis.user.UserCredentials" foreign-key="fk_userinfo_userid"/>
+
<set name="organisationUnits" table="usermembership">
<cache usage="read-write" />
<key column="userinfoid" foreign-key="fk_usermembership_userinfoid" />
=== added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java 2011-06-11 08:15:29 +0000
@@ -0,0 +1,60 @@
+package org.hisp.dhis.system.filter;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.system.util.Filter;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserAuthorityGroup;
+import org.hisp.dhis.user.UserCredentials;
+
+/**
+ * @author Lars Helge Overland
+ */
+public class UserAuthorityGroupSubsetFilter
+ implements Filter<UserAuthorityGroup>
+{
+ private UserCredentials userCredentials;
+
+ protected UserAuthorityGroupSubsetFilter()
+ {
+ }
+
+ public UserAuthorityGroupSubsetFilter( User user )
+ {
+ if ( user != null && user.getUserCredentials() != null )
+ {
+ this.userCredentials = user.getUserCredentials();
+ }
+ }
+
+ @Override
+ public boolean retain( UserAuthorityGroup group )
+ {
+ return userCredentials != null && userCredentials.canIssue( group );
+ }
+}
\ No newline at end of file
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2011-06-11 08:15:29 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.oust.manager.SelectionTreeManager;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
import org.hisp.dhis.security.PasswordManager;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
@@ -81,6 +82,13 @@
this.passwordManager = passwordManager;
}
+ private CurrentUserService currentUserService;
+
+ public void setCurrentUserService( CurrentUserService currentUserService )
+ {
+ this.currentUserService = currentUserService;
+ }
+
// -------------------------------------------------------------------------
// Input
// -------------------------------------------------------------------------
@@ -153,6 +161,8 @@
public String execute()
throws Exception
{
+ UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null;
+
// ---------------------------------------------------------------------
// Prepare values
// ---------------------------------------------------------------------
@@ -185,8 +195,14 @@
for ( String id : selectedList )
{
UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
- userCredentials.getUserAuthorityGroups().add( group );
+
+ if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
+ {
+ userCredentials.getUserAuthorityGroups().add( group );
+ }
}
+
+ user.setUserCredentials( userCredentials );
userService.addUser( user );
userService.addUserCredentials( userCredentials );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2010-12-30 09:13:41 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2011-06-11 08:15:29 +0000
@@ -34,6 +34,9 @@
import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
import org.hisp.dhis.oust.manager.SelectionTreeManager;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
+import org.hisp.dhis.system.filter.UserAuthorityGroupSubsetFilter;
+import org.hisp.dhis.system.util.FilterUtils;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
@@ -73,6 +76,13 @@
this.userService = userService;
}
+ private CurrentUserService currentUserService;
+
+ public void setCurrentUserService( CurrentUserService currentUserService )
+ {
+ this.currentUserService = currentUserService;
+ }
+
// -------------------------------------------------------------------------
// Input
// -------------------------------------------------------------------------
@@ -115,10 +125,11 @@
public String execute()
throws Exception
- {
-
+ {
userAuthorityGroups = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
+ FilterUtils.filter( userAuthorityGroups, new UserAuthorityGroupSubsetFilter( currentUserService.getCurrentUser() ) );
+
if ( id != null )
{
User user = userService.getUser( id );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2011-06-11 08:15:29 +0000
@@ -36,6 +36,7 @@
import org.hisp.dhis.oust.manager.SelectionTreeManager;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
import org.hisp.dhis.security.PasswordManager;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
@@ -81,7 +82,14 @@
{
this.selectionManager = selectionManager;
}
-
+
+ private CurrentUserService currentUserService;
+
+ public void setCurrentUserService( CurrentUserService currentUserService )
+ {
+ this.currentUserService = currentUserService;
+ }
+
// -------------------------------------------------------------------------
// Input
// -------------------------------------------------------------------------
@@ -142,6 +150,8 @@
public String execute()
throws Exception
{
+ UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null;
+
// ---------------------------------------------------------------------
// Prepare values
// ---------------------------------------------------------------------
@@ -177,7 +187,12 @@
for ( String id : selectedList )
{
- authorityGroups.add( userService.getUserAuthorityGroup( Integer.parseInt( id ) ) );
+ UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
+
+ if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
+ {
+ authorityGroups.add( group );
+ }
}
if ( rawPassword != null )
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-05-27 08:48:57 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-06-11 08:15:29 +0000
@@ -23,6 +23,9 @@
<property name="selectionManager">
<ref bean="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
</property>
+ <property name="currentUserService">
+ <ref bean="org.hisp.dhis.user.CurrentUserService" />
+ </property>
</bean>
<bean id="org.hisp.dhis.user.action.DeleteCurrentUserAction"
@@ -90,6 +93,9 @@
<property name="selectionManager">
<ref bean="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
</property>
+ <property name="currentUserService">
+ <ref bean="org.hisp.dhis.user.CurrentUserService" />
+ </property>
</bean>
<bean id="org.hisp.dhis.user.action.ValidateUserAction" class="org.hisp.dhis.user.action.ValidateUserAction"
@@ -110,6 +116,9 @@
<property name="userService">
<ref bean="org.hisp.dhis.user.UserService" />
</property>
+ <property name="currentUserService">
+ <ref bean="org.hisp.dhis.user.CurrentUserService" />
+ </property>
</bean>
<bean
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml 2011-05-27 08:48:57 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml 2011-06-11 08:15:29 +0000
@@ -21,7 +21,7 @@
<result name="success" type="velocity">/main.vm</result>
<param name="page">/dhis-web-maintenance-user/user.vm</param>
<param name="menu">/dhis-web-maintenance-user/orgunitMenu.vm</param>
- <!-- <param name="menuTreeHeight">404</param>-->
+ <!-- <param name="menuTreeHeight">404</param>-->
<param name="javascripts">../dhis-web-commons/ouwt/ouwt.js,javascript/user.js,javascript/filterTable.js</param>
<interceptor-ref name="organisationUnitTreeStack"/>
<param name="stylesheets">../dhis-web-commons/paging/paging.css</param>