dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #12669
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 3952: Improved user management. Users are only allowed to update users which they would have been allow...
------------------------------------------------------------
revno: 3952
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2011-06-19 12:57:18 +0200
message:
Improved user management. Users are only allowed to update users which they would have been allowed to create.
added:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java
renamed:
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java => dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-06-13 18:34:18 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-06-19 10:57:18 +0000
@@ -28,6 +28,7 @@
*/
import java.io.Serializable;
+import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Set;
@@ -112,6 +113,25 @@
return !userAuthorityGroups.contains( group ) && authorities.containsAll( group.getAuthorities() );
}
+ /**
+ * Indicates whether this user credentials can issue all of the user authority
+ * groups in the given collection.
+ *
+ * @param groups the collection of user authority groups.
+ */
+ public boolean canIssueAll( Collection<UserAuthorityGroup> groups )
+ {
+ for ( UserAuthorityGroup group : groups )
+ {
+ if ( !canIssue( group ) )
+ {
+ return false;
+ }
+ }
+
+ return true;
+ }
+
// -------------------------------------------------------------------------
// hashCode and equals
// -------------------------------------------------------------------------
=== renamed file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java' => 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java 2011-06-11 08:15:29 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java 2011-06-19 10:57:18 +0000
@@ -35,16 +35,16 @@
/**
* @author Lars Helge Overland
*/
-public class UserAuthorityGroupSubsetFilter
+public class UserAuthorityGroupCanIssueFilter
implements Filter<UserAuthorityGroup>
{
private UserCredentials userCredentials;
- protected UserAuthorityGroupSubsetFilter()
+ protected UserAuthorityGroupCanIssueFilter()
{
}
- public UserAuthorityGroupSubsetFilter( User user )
+ public UserAuthorityGroupCanIssueFilter( User user )
{
if ( user != null && user.getUserCredentials() != null )
{
=== added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java 2011-06-19 10:57:18 +0000
@@ -0,0 +1,59 @@
+package org.hisp.dhis.system.filter;
+
+/*
+ * Copyright (c) 2004-2010, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.system.util.Filter;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserCredentials;
+
+/**
+ * @author Lars Helge Overland
+ */
+public class UserCredentialsCanUpdateFilter
+ implements Filter<UserCredentials>
+{
+ private UserCredentials userCredentials;
+
+ protected UserCredentialsCanUpdateFilter()
+ {
+ }
+
+ public UserCredentialsCanUpdateFilter( User user )
+ {
+ if ( user != null && user.getUserCredentials() != null )
+ {
+ this.userCredentials = user.getUserCredentials();
+ }
+ }
+
+ @Override
+ public boolean retain( UserCredentials credentials )
+ {
+ return userCredentials != null && credentials != null && userCredentials.canIssueAll( credentials.getUserAuthorityGroups() );
+ }
+}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java 2011-06-19 08:32:02 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java 2011-06-19 10:57:18 +0000
@@ -32,7 +32,7 @@
import java.util.List;
import org.hisp.dhis.paging.ActionPagingSupport;
-import org.hisp.dhis.system.filter.UserAuthorityGroupSubsetFilter;
+import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
import org.hisp.dhis.system.util.FilterUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.UserAuthorityGroup;
@@ -83,7 +83,7 @@
{
userRoles = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
- FilterUtils.filter( userRoles, new UserAuthorityGroupSubsetFilter( currentUserService.getCurrentUser() ) );
+ FilterUtils.filter( userRoles, new UserAuthorityGroupCanIssueFilter( currentUserService.getCurrentUser() ) );
Collections.sort( userRoles, new UserRoleComparator() );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java 2011-05-06 11:10:34 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java 2011-06-19 10:57:18 +0000
@@ -36,6 +36,9 @@
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
import org.hisp.dhis.paging.ActionPagingSupport;
+import org.hisp.dhis.system.filter.UserCredentialsCanUpdateFilter;
+import org.hisp.dhis.system.util.FilterUtils;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
@@ -70,6 +73,13 @@
{
this.selectionManager = selectionManager;
}
+
+ private CurrentUserService currentUserService;
+
+ public void setCurrentUserService( CurrentUserService currentUserService )
+ {
+ this.currentUserService = currentUserService;
+ }
// -------------------------------------------------------------------------
// Output
@@ -135,6 +145,8 @@
}
}
+ FilterUtils.filter( userCredentialsList, new UserCredentialsCanUpdateFilter( currentUserService.getCurrentUser() ) );
+
Collections.sort( userCredentialsList, new UsernameComparator() );
return SUCCESS;
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java 2011-06-19 09:32:40 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java 2011-06-19 10:57:18 +0000
@@ -34,6 +34,8 @@
import java.util.List;
import org.hisp.dhis.paging.ActionPagingSupport;
+import org.hisp.dhis.system.filter.UserCredentialsCanUpdateFilter;
+import org.hisp.dhis.system.util.FilterUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserCredentials;
@@ -120,10 +122,11 @@
userCredentialsList = new ArrayList<UserCredentials>( userService.getUsersBetween( paging.getStartPos(), paging.getPageSize() ) );
}
+ FilterUtils.filter( userCredentialsList, new UserCredentialsCanUpdateFilter( currentUserService.getCurrentUser() ) );
+
Collections.sort( userCredentialsList, new UsernameComparator() );
- User currentUser = userService.getUser( currentUserService.getCurrentUser().getId() );
- currentUserName = currentUser.getUserCredentials().getUsername();
+ currentUserName = currentUserService.getCurrentUsername();
return SUCCESS;
}
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2011-06-19 09:00:50 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2011-06-19 10:57:18 +0000
@@ -34,7 +34,7 @@
import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
import org.hisp.dhis.oust.manager.SelectionTreeManager;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
-import org.hisp.dhis.system.filter.UserAuthorityGroupSubsetFilter;
+import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
import org.hisp.dhis.system.util.FilterUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
@@ -128,8 +128,7 @@
{
userAuthorityGroups = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
- FilterUtils.filter( userAuthorityGroups,
- new UserAuthorityGroupSubsetFilter( currentUserService.getCurrentUser() ) );
+ FilterUtils.filter( userAuthorityGroups, new UserAuthorityGroupCanIssueFilter( currentUserService.getCurrentUser() ) );
if ( id != null )
{
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-06-19 10:30:48 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-06-19 10:57:18 +0000
@@ -38,7 +38,6 @@
</property>
</bean>
-
<bean id="org.hisp.dhis.user.action.GetUserAction" class="org.hisp.dhis.user.action.GetUserAction" scope="prototype">
<property name="userService">
<ref bean="org.hisp.dhis.user.UserService" />
@@ -53,6 +52,9 @@
<property name="selectionManager">
<ref bean="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
</property>
+ <property name="currentUserService">
+ <ref bean="org.hisp.dhis.user.CurrentUserService" />
+ </property>
</bean>
<bean id="org.hisp.dhis.user.action.GetUserListAction" class="org.hisp.dhis.user.action.GetUserListAction" scope="prototype">
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml 2011-06-19 10:30:48 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/struts.xml 2011-06-19 10:57:18 +0000
@@ -21,7 +21,6 @@
<result name="success" type="velocity">/main.vm</result>
<param name="page">/dhis-web-maintenance-user/user.vm</param>
<param name="menu">/dhis-web-maintenance-user/orgunitMenu.vm</param>
- <!-- <param name="menuTreeHeight">404</param>-->
<param name="javascripts">../dhis-web-commons/ouwt/ouwt.js,javascript/user.js,javascript/filterTable.js</param>
<interceptor-ref name="organisationUnitTreeStack"/>
<param name="stylesheets">../dhis-web-commons/paging/paging.css</param>
