← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 3870: Changed behavior of add/update user: A user can only assign user roles to a new user with less au...

 

------------------------------------------------------------
revno: 3870
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2011-06-11 10:15:29 +0200
message:
  Changed behavior of add/update user: A user can only assign user roles to a new user with less authorities than himself.
added:
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
  dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2011-06-11 08:15:29 +0000
@@ -63,6 +63,8 @@
     
     private String phoneNumber;
 
+    private UserCredentials userCredentials;
+    
     /**
      * All OrgUnits where the user could belong
      * 
@@ -227,6 +229,16 @@
         this.phoneNumber = phoneNumber;
     }
 
+    public UserCredentials getUserCredentials()
+    {
+        return userCredentials;
+    }
+
+    public void setUserCredentials( UserCredentials userCredentials )
+    {
+        this.userCredentials = userCredentials;
+    }
+
     public Collection<OrganisationUnit> getOrganisationUnits()
     {
         return organisationUnits;

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java	2010-04-21 19:45:12 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java	2011-06-11 08:15:29 +0000
@@ -38,7 +38,8 @@
  */
 public class UserAuthorityGroup
 {
-
+    public static final String AUTHORITY_ALL = "ALL";
+    
     private int id;
 
     /**

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java	2011-05-05 21:14:56 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java	2011-06-11 08:15:29 +0000
@@ -61,6 +61,48 @@
     private String password;
 
     private Set<UserAuthorityGroup> userAuthorityGroups = new HashSet<UserAuthorityGroup>();
+
+    // -------------------------------------------------------------------------
+    // Logic
+    // -------------------------------------------------------------------------
+
+    /**
+     * Returns a set of the aggregated authorities for all user authority groups
+     * of this user credentials.
+     */
+    public Set<String> getAllAuthorities()
+    {
+        Set<String> authorities = new HashSet<String>();
+        
+        for ( UserAuthorityGroup group : userAuthorityGroups )
+        {
+            authorities.addAll( group.getAuthorities() );
+        }
+        
+        return authorities;
+    }
+    
+    /**
+     * Indicates whether this user credentials can issue the given user authority
+     * group. First the given authority group must not be null. Second this 
+     * user credentials must not contain the given authority group. Third
+     * the authority group must be a subset of the aggregated user authorities
+     * of this user credentials, or this user credentials must have the ALL
+     * authority.
+     * 
+     * @param group the user authority group.
+     */
+    public boolean canIssue( UserAuthorityGroup group )
+    {
+        if ( group == null || userAuthorityGroups.contains( group ) )
+        {
+            return false;
+        }
+                
+        final Set<String> authorities = getAllAuthorities();
+        
+        return ( authorities.contains( UserAuthorityGroup.AUTHORITY_ALL ) || authorities.containsAll( group.getAuthorities() ) );
+    }
     
     // -------------------------------------------------------------------------
     // hashCode and equals

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml	2011-05-28 21:25:46 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml	2011-06-11 08:15:29 +0000
@@ -20,6 +20,8 @@
 
     <property name="phoneNumber" length="80" />
 
+	<one-to-one name="userCredentials" class="org.hisp.dhis.user.UserCredentials" foreign-key="fk_userinfo_userid"/>
+
     <set name="organisationUnits" table="usermembership">      
       <cache usage="read-write" />      
       <key column="userinfoid" foreign-key="fk_usermembership_userinfoid" />

=== added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java	2011-06-11 08:15:29 +0000
@@ -0,0 +1,60 @@
+package org.hisp.dhis.system.filter;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ *   list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ *   this list of conditions and the following disclaimer in the documentation
+ *   and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ *   be used to endorse or promote products derived from this software without
+ *   specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.system.util.Filter;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserAuthorityGroup;
+import org.hisp.dhis.user.UserCredentials;
+
+/**
+ * @author Lars Helge Overland
+ */
+public class UserAuthorityGroupSubsetFilter
+    implements Filter<UserAuthorityGroup>
+{
+    private UserCredentials userCredentials;
+    
+    protected UserAuthorityGroupSubsetFilter()
+    {
+    }
+    
+    public UserAuthorityGroupSubsetFilter( User user )
+    {
+        if ( user != null && user.getUserCredentials() != null )
+        {
+            this.userCredentials = user.getUserCredentials();
+        }
+    }
+
+    @Override
+    public boolean retain( UserAuthorityGroup group )
+    {
+        return userCredentials != null && userCredentials.canIssue( group );
+    }
+}
\ No newline at end of file

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2011-06-11 08:15:29 +0000
@@ -35,6 +35,7 @@
 import org.hisp.dhis.oust.manager.SelectionTreeManager;
 import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
 import org.hisp.dhis.security.PasswordManager;
+import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserAuthorityGroup;
 import org.hisp.dhis.user.UserCredentials;
@@ -81,6 +82,13 @@
         this.passwordManager = passwordManager;
     }
 
+    private CurrentUserService currentUserService;
+
+    public void setCurrentUserService( CurrentUserService currentUserService )
+    {
+        this.currentUserService = currentUserService;
+    }
+
     // -------------------------------------------------------------------------
     // Input
     // -------------------------------------------------------------------------
@@ -153,6 +161,8 @@
     public String execute()
         throws Exception
     {
+        UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null;
+        
         // ---------------------------------------------------------------------
         // Prepare values
         // ---------------------------------------------------------------------
@@ -185,8 +195,14 @@
         for ( String id : selectedList )
         {
             UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
-            userCredentials.getUserAuthorityGroups().add( group );
+            
+            if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
+            {
+                userCredentials.getUserAuthorityGroups().add( group );
+            }
         }
+        
+        user.setUserCredentials( userCredentials );
 
         userService.addUser( user );
         userService.addUserCredentials( userCredentials );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java	2010-12-30 09:13:41 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java	2011-06-11 08:15:29 +0000
@@ -34,6 +34,9 @@
 import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
 import org.hisp.dhis.oust.manager.SelectionTreeManager;
 import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
+import org.hisp.dhis.system.filter.UserAuthorityGroupSubsetFilter;
+import org.hisp.dhis.system.util.FilterUtils;
+import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserAuthorityGroup;
 import org.hisp.dhis.user.UserCredentials;
@@ -73,6 +76,13 @@
         this.userService = userService;
     } 
 
+    private CurrentUserService currentUserService;
+
+    public void setCurrentUserService( CurrentUserService currentUserService )
+    {
+        this.currentUserService = currentUserService;
+    }
+
     // -------------------------------------------------------------------------
     // Input
     // -------------------------------------------------------------------------
@@ -115,10 +125,11 @@
 
     public String execute()
         throws Exception
-    {   
-
+    {
         userAuthorityGroups = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
         
+        FilterUtils.filter( userAuthorityGroups, new UserAuthorityGroupSubsetFilter( currentUserService.getCurrentUser() ) );
+        
         if ( id != null )
         {
             User user = userService.getUser( id );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java	2011-05-30 18:34:15 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java	2011-06-11 08:15:29 +0000
@@ -36,6 +36,7 @@
 import org.hisp.dhis.oust.manager.SelectionTreeManager;
 import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
 import org.hisp.dhis.security.PasswordManager;
+import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserAuthorityGroup;
 import org.hisp.dhis.user.UserCredentials;
@@ -81,7 +82,14 @@
     {
         this.selectionManager = selectionManager;
     }
-    
+
+    private CurrentUserService currentUserService;
+
+    public void setCurrentUserService( CurrentUserService currentUserService )
+    {
+        this.currentUserService = currentUserService;
+    }
+
     // -------------------------------------------------------------------------
     // Input
     // -------------------------------------------------------------------------
@@ -142,6 +150,8 @@
     public String execute()
         throws Exception
     {
+        UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null;
+        
         // ---------------------------------------------------------------------
         // Prepare values
         // ---------------------------------------------------------------------
@@ -177,7 +187,12 @@
 
         for ( String id : selectedList )
         {
-            authorityGroups.add( userService.getUserAuthorityGroup( Integer.parseInt( id ) ) );
+            UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
+            
+            if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
+            {
+                authorityGroups.add( group );
+            }
         }
         
         if ( rawPassword != null )

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml	2011-05-27 08:48:57 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml	2011-06-11 08:15:29 +0000
@@ -23,6 +23,9 @@
 		<property name="selectionManager">
 			<ref bean="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
 		</property>
+		<property name="currentUserService">
+			<ref bean="org.hisp.dhis.user.CurrentUserService" />
+		</property>
 	</bean>
 
 	<bean id="org.hisp.dhis.user.action.DeleteCurrentUserAction"
@@ -90,6 +93,9 @@
 		<property name="selectionManager">
 			<ref bean="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
 		</property>
+		<property name="currentUserService">
+			<ref bean="org.hisp.dhis.user.CurrentUserService" />
+		</property>
 	</bean>
 
 	<bean id="org.hisp.dhis.user.action.ValidateUserAction" class="org.hisp.dhis.user.action.ValidateUserAction"
@@ -110,6 +116,9 @@
 		<property name="userService">
 			<ref bean="org.hisp.dhis.user.UserService" />
 		</property>
+		<property name="currentUserService">
+			<ref bean="org.hisp.dhis.user.CurrentUserService" />
+		</property>
 	</bean>
 
 	<bean

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml	2011-05-27 08:48:57 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml	2011-06-11 08:15:29 +0000
@@ -21,7 +21,7 @@
       <result name="success" type="velocity">/main.vm</result>
       <param name="page">/dhis-web-maintenance-user/user.vm</param>  
       <param name="menu">/dhis-web-maintenance-user/orgunitMenu.vm</param>
-	 <!-- <param name="menuTreeHeight">404</param>-->
+	  <!-- <param name="menuTreeHeight">404</param>-->
       <param name="javascripts">../dhis-web-commons/ouwt/ouwt.js,javascript/user.js,javascript/filterTable.js</param>
       <interceptor-ref name="organisationUnitTreeStack"/>
 	  <param name="stylesheets">../dhis-web-commons/paging/paging.css</param>