dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #20534
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 9404: wip, acl for idObjects
------------------------------------------------------------
revno: 9404
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2012-12-27 15:07:54 +0100
message:
wip, acl for idObjects
added:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupAccess.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/userGroupAccess.hbm.xml
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/Chart.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationComment.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/Map.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/patientreport/PatientTabularReport.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/Chart.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/Chart.java 2012-12-11 21:17:31 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/Chart.java 2012-12-27 14:07:54 +0000
@@ -145,8 +145,6 @@
private boolean showData;
private boolean rewindRelativePeriods;
-
- private User user;
private OrganisationUnitGroupSet organisationUnitGroupSet;
@@ -683,20 +681,6 @@
}
@JsonProperty
- @JsonSerialize( as = BaseIdentifiableObject.class )
- @JsonView( {DetailedView.class, ExportView.class} )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public User getUser()
- {
- return user;
- }
-
- public void setUser( User user )
- {
- this.user = user;
- }
-
- @JsonProperty
@JsonView( {DetailedView.class, ExportView.class} )
@JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
public OrganisationUnitGroupSet getOrganisationUnitGroupSet()
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java 2012-12-13 11:53:32 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java 2012-12-27 14:07:54 +0000
@@ -30,17 +30,22 @@
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonView;
+import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
import org.apache.commons.lang.Validate;
import org.hisp.dhis.common.view.BasicView;
import org.hisp.dhis.common.view.DetailedView;
import org.hisp.dhis.common.view.ExportView;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroupAccess;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
+import java.util.Set;
/**
* @author Bob Jolliffe
@@ -86,6 +91,21 @@
protected Date lastUpdated;
/**
+ * Access string for public access.
+ */
+ protected String publicAccess;
+
+ /**
+ * Owner of this object.
+ */
+ protected User user;
+
+ /**
+ * Access for userGroups
+ */
+ protected Set<UserGroupAccess> userGroupAccesses;
+
+ /**
* The i18n variant of the name. Should not be persisted.
*/
protected transient String displayName;
@@ -178,8 +198,8 @@
}
@JsonProperty
- @JsonView( { DetailedView.class, BasicView.class, ExportView.class } )
- @JacksonXmlProperty( isAttribute = true )
+ @JsonView({ DetailedView.class, BasicView.class, ExportView.class })
+ @JacksonXmlProperty(isAttribute = true)
public Date getCreated()
{
return created;
@@ -203,6 +223,49 @@
this.lastUpdated = lastUpdated;
}
+ @Override
+ @JsonProperty
+ @JsonView( { DetailedView.class, BasicView.class, ExportView.class } )
+ @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
+ public String getPublicAccess()
+ {
+ return publicAccess;
+ }
+
+ public void setPublicAccess( String publicAccess )
+ {
+ this.publicAccess = publicAccess;
+ }
+
+ @Override
+ @JsonProperty
+ @JsonSerialize( as = BaseIdentifiableObject.class )
+ @JsonView( { BasicView.class, DetailedView.class, ExportView.class } )
+ @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
+ public User getUser()
+ {
+ return user;
+ }
+
+ public void setUser( User user )
+ {
+ this.user = user;
+ }
+
+ @JsonProperty
+ @JsonView( { BasicView.class, DetailedView.class, ExportView.class } )
+ @JacksonXmlElementWrapper( localName = "userGroupAccesses", namespace = Dxf2Namespace.NAMESPACE )
+ @JacksonXmlProperty( localName = "userGroupAccess", namespace = Dxf2Namespace.NAMESPACE )
+ public Set<UserGroupAccess> getUserGroupAccesses()
+ {
+ return userGroupAccesses;
+ }
+
+ public void setUserGroupAccesses( Set<UserGroupAccess> userGroupAccesses )
+ {
+ this.userGroupAccesses = userGroupAccesses;
+ }
+
public String getDisplayName()
{
return displayName != null && !displayName.trim().isEmpty() ? displayName : getName();
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java 2012-12-13 11:53:32 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java 2012-12-27 14:07:54 +0000
@@ -27,7 +27,11 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroupAccess;
+
import java.util.Date;
+import java.util.Set;
public interface IdentifiableObject
extends ImportableObject, LinkableObject, Comparable<IdentifiableObject>, Mergeable<IdentifiableObject>
@@ -51,5 +55,11 @@
Date getLastUpdated();
+ String getPublicAccess();
+
+ User getUser();
+
+ Set<UserGroupAccess> getUserGroupAccesses();
+
String getDisplayName();
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java 2012-12-07 18:16:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java 2012-12-27 14:07:54 +0000
@@ -73,10 +73,6 @@
private String text;
- private User user;
-
- private Date created;
-
@Scanned
private List<InterpretationComment> comments = new ArrayList<InterpretationComment>();
@@ -263,33 +259,6 @@
}
@JsonProperty
- @JsonSerialize( as = BaseIdentifiableObject.class )
- @JsonView( { DetailedView.class, ExportView.class } )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public User getUser()
- {
- return user;
- }
-
- public void setUser( User user )
- {
- this.user = user;
- }
-
- @JsonProperty
- @JsonView( { DetailedView.class, ExportView.class } )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public Date getCreated()
- {
- return created;
- }
-
- public void setCreated( Date created )
- {
- this.created = created;
- }
-
- @JsonProperty
@JsonView( { DetailedView.class, ExportView.class } )
@JacksonXmlElementWrapper( localName = "comments", namespace = Dxf2Namespace.NAMESPACE )
@JacksonXmlProperty( localName = "comment", namespace = Dxf2Namespace.NAMESPACE )
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationComment.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationComment.java 2012-10-14 18:31:58 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/InterpretationComment.java 2012-12-27 14:07:54 +0000
@@ -29,7 +29,6 @@
import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonView;
-import com.fasterxml.jackson.databind.annotation.JsonSerialize;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
import org.hisp.dhis.common.BaseIdentifiableObject;
@@ -43,16 +42,12 @@
/**
* @author Lars Helge Overland
*/
-@JacksonXmlRootElement( localName = "interpretationComment", namespace = Dxf2Namespace.NAMESPACE )
+@JacksonXmlRootElement(localName = "interpretationComment", namespace = Dxf2Namespace.NAMESPACE)
public class InterpretationComment
extends BaseIdentifiableObject
{
private String text;
- private User user;
-
- private Date created;
-
public InterpretationComment()
{
this.created = new Date();
@@ -72,8 +67,8 @@
}
@JsonProperty
- @JsonView( { DetailedView.class, ExportView.class } )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
+ @JsonView({ DetailedView.class, ExportView.class })
+ @JacksonXmlProperty(namespace = Dxf2Namespace.NAMESPACE)
public String getText()
{
return text;
@@ -83,31 +78,4 @@
{
this.text = text;
}
-
- @JsonProperty
- @JsonSerialize( as = BaseIdentifiableObject.class )
- @JsonView( { DetailedView.class, ExportView.class } )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public User getUser()
- {
- return user;
- }
-
- public void setUser( User user )
- {
- this.user = user;
- }
-
- @JsonProperty
- @JsonView( { DetailedView.class, ExportView.class } )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public Date getCreated()
- {
- return created;
- }
-
- public void setCreated( Date created )
- {
- this.created = created;
- }
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/Map.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/Map.java 2012-11-01 14:02:36 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/Map.java 2012-12-27 14:07:54 +0000
@@ -52,8 +52,6 @@
public class Map
extends BaseIdentifiableObject
{
- private User user;
-
private Double longitude;
private Double latitude;
@@ -85,20 +83,6 @@
// -------------------------------------------------------------------------
@JsonProperty
- @JsonSerialize( as = BaseIdentifiableObject.class )
- @JsonView( {DetailedView.class, ExportView.class} )
- @JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
- public User getUser()
- {
- return user;
- }
-
- public void setUser( User user )
- {
- this.user = user;
- }
-
- @JsonProperty
@JsonView( {DetailedView.class, ExportView.class} )
@JacksonXmlProperty( namespace = Dxf2Namespace.NAMESPACE )
public Double getLongitude()
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/patientreport/PatientTabularReport.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/patientreport/PatientTabularReport.java 2012-10-16 04:05:28 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/patientreport/PatientTabularReport.java 2012-12-27 14:07:54 +0000
@@ -27,21 +27,19 @@
package org.hisp.dhis.patientreport;
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
-import java.util.Set;
-
import org.hisp.dhis.common.BaseIdentifiableObject;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.patient.PatientAttribute;
import org.hisp.dhis.patient.PatientIdentifierType;
import org.hisp.dhis.program.ProgramStageDataElement;
-import org.hisp.dhis.user.User;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Set;
/**
* @author Chau Thu Tran
- *
* @version $PatientTabularReport.java May 7, 2012 12:41:41 PM$
*/
public class PatientTabularReport
@@ -50,24 +48,23 @@
private static final long serialVersionUID = -2880334669266185058L;
public static String PREFIX_EXECUTION_DATE = "executiondate";
-
- public static String PREFIX_ORGUNIT = "orgunit";
-
+
+ public static String PREFIX_ORGUNIT = "orgunit";
+
public static String PREFIX_META_DATA = "meta";
-
+
public static String PREFIX_IDENTIFIER_TYPE = "iden";
public static String PREFIX_FIXED_ATTRIBUTE = "fixedAttr";
-
+
public static String PREFIX_PATIENT_ATTRIBUTE = "attr";
public static String PREFIX_DATA_ELEMENT = "de";
public static String PREFIX_NUMBER_DATA_ELEMENT = "numberDe";
-
+
public static String VALUE_TYPE_OPTION_SET = "optionSet";
-
private Date startDate;
private Date endDate;
@@ -88,8 +85,6 @@
private String facilityLB;
- private User user;
-
// -------------------------------------------------------------------------
// Constructors
// -------------------------------------------------------------------------
@@ -206,15 +201,4 @@
{
this.facilityLB = facilityLB;
}
-
- public User getUser()
- {
- return user;
- }
-
- public void setUser( User user )
- {
- this.user = user;
- }
-
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2012-07-01 11:33:07 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2012-12-27 14:07:54 +0000
@@ -1,7 +1,7 @@
package org.hisp.dhis.user;
/*
- * Copyright (c) 2004-2011, University of Oslo
+ * Copyright (c) 2004-2012, University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupAccess.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupAccess.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupAccess.java 2012-12-27 14:07:54 +0000
@@ -0,0 +1,74 @@
+package org.hisp.dhis.user;
+
+/*
+ * Copyright (c) 2004-2012, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class UserGroupAccess
+{
+ private int id;
+
+ private String access;
+
+ private UserGroup userGroup;
+
+ public UserGroupAccess()
+ {
+ }
+
+ public int getId()
+ {
+ return id;
+ }
+
+ public void setId( int id )
+ {
+ this.id = id;
+ }
+
+ public String getAccess()
+ {
+ return access;
+ }
+
+ public void setAccess( String access )
+ {
+ this.access = access;
+ }
+
+ public UserGroup getUserGroup()
+ {
+ return userGroup;
+ }
+
+ public void setUserGroup( UserGroup userGroup )
+ {
+ this.userGroup = userGroup;
+ }
+}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2012-11-14 13:11:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2012-12-27 14:07:54 +0000
@@ -27,17 +27,10 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.Arrays;
-import java.util.Calendar;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.common.CodeGenerator;
+import org.hisp.dhis.common.IdentifiableObject;
import org.hisp.dhis.message.MessageSender;
import org.hisp.dhis.period.Cal;
import org.hisp.dhis.setting.SystemSettingManager;
@@ -48,6 +41,14 @@
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
+import java.util.Arrays;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
/**
* @author Lars Helge Overland
*/
@@ -55,12 +56,12 @@
implements SecurityService
{
private static final Log log = LogFactory.getLog( DefaultSecurityService.class );
-
+
private static final String RESTORE_PATH = "/dhis-web-commons/security/restore.action";
private static final int TOKEN_LENGTH = 50;
private static final int CODE_LENGTH = 15;
-
+
// -------------------------------------------------------------------------
// Dependencies
// -------------------------------------------------------------------------
@@ -85,7 +86,7 @@
{
this.userService = userService;
}
-
+
private SystemSettingManager systemSettingManager;
public void setSystemSettingManager( SystemSettingManager systemSettingManager )
@@ -103,51 +104,51 @@
{
return false;
}
-
+
UserCredentials credentials = userService.getUserCredentialsByUsername( username );
-
+
if ( credentials == null || credentials.getUser() == null || credentials.getUser().getEmail() == null )
{
log.info( "Could not send message as user does not exist or has no email: " + username );
return false;
}
-
+
if ( !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) )
{
log.info( "Could not send message as email is invalid" );
return false;
}
-
+
if ( !systemSettingManager.emailEnabled() )
{
log.info( "Could not send message as email is not configured" );
return false;
}
-
+
if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) )
{
log.info( "Not allowed to recover credentials with critical authorities" );
return false;
}
-
+
String[] result = initRestore( credentials );
-
+
Set<User> users = new HashSet<User>();
users.add( credentials.getUser() );
-
+
Map<String, String> vars = new HashMap<String, String>();
vars.put( "rootPath", rootPath );
vars.put( "restorePath", rootPath + RESTORE_PATH );
vars.put( "token", result[0] );
vars.put( "code", result[1] );
vars.put( "username", username );
-
+
String text1 = new VelocityManager().render( vars, "restore_message1" );
String text2 = new VelocityManager().render( vars, "restore_message2" );
-
+
emailMessageSender.sendMessage( "User account restore confirmation (message 1 of 2)", text1, null, users, true );
emailMessageSender.sendMessage( "User account restore confirmation (message 2 of 2)", text2, null, users, true );
-
+
return true;
}
@@ -155,22 +156,22 @@
{
String token = CodeGenerator.generateCode( TOKEN_LENGTH );
String code = CodeGenerator.generateCode( CODE_LENGTH );
-
+
String hashedToken = passwordManager.encodePassword( credentials.getUsername(), token );
String hashedCode = passwordManager.encodePassword( credentials.getUsername(), code );
-
+
Date expiry = new Cal().now().add( Calendar.HOUR_OF_DAY, 1 ).time();
-
+
credentials.setRestoreToken( hashedToken );
credentials.setRestoreCode( hashedCode );
credentials.setRestoreExpiry( expiry );
userService.updateUserCredentials( credentials );
-
+
String[] result = { token, code };
return result;
}
-
+
public boolean restore( String username, String token, String code, String newPassword )
{
if ( username == null || token == null || code == null || newPassword == null )
@@ -179,36 +180,36 @@
}
UserCredentials credentials = userService.getUserCredentialsByUsername( username );
-
+
if ( credentials == null )
{
log.info( "Could not restore as user does not exist: " + username );
return false;
}
-
+
token = passwordManager.encodePassword( username, token );
code = passwordManager.encodePassword( username, code );
-
+
Date date = new Cal().now().time();
if ( !credentials.canRestore( token, code, date ) )
{
return false;
}
-
+
newPassword = passwordManager.encodePassword( username, newPassword );
-
+
credentials.setPassword( newPassword );
-
+
credentials.setRestoreCode( null );
credentials.setRestoreToken( null );
credentials.setRestoreExpiry( null );
-
+
userService.updateUserCredentials( credentials );
-
+
return true;
}
-
+
public boolean verifyToken( String username, String token )
{
if ( username == null || token == null )
@@ -217,15 +218,27 @@
}
UserCredentials credentials = userService.getUserCredentialsByUsername( username );
-
+
if ( credentials == null || credentials.getRestoreToken() == null )
{
log.info( "Could not verify token as user does not exist or has no token: " + username );
return false;
}
-
+
token = passwordManager.encodePassword( username, token );
-
+
return credentials.getRestoreToken().equals( token );
}
+
+ @Override
+ public boolean isWritable( IdentifiableObject identifiableObject )
+ {
+ return false;
+ }
+
+ @Override
+ public boolean isReadable( IdentifiableObject identifiableObject )
+ {
+ return false;
+ }
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java 2012-10-29 14:34:57 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java 2012-12-27 14:07:54 +0000
@@ -27,6 +27,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import org.hisp.dhis.common.IdentifiableObject;
import org.hisp.dhis.user.UserCredentials;
/**
@@ -37,51 +38,67 @@
/**
* Will invoke the initiateRestore method and dispatch email messages with
* restore information to the user.
- *
+ *
* @param username the user name of the user to send restore messages.
* @param rootPath the root path of the request.
* @return false if any of the arguments are null or if the user credentials
* identified by the user name does not exist, true otherwise.
*/
boolean sendRestoreMessage( String username, String rootPath );
-
+
/**
* Will populate the restoreToken and restoreCode property of the given
* credentials with a hashed version of auto-generated values. Will set the
* restoreExpiry property with a date time one hour from now. Changes will be
* persisted.
- *
+ *
* @param credentials the user credentials.
- * @return an array where index 0 is the clear-text token and index 1 the
+ * @return an array where index 0 is the clear-text token and index 1 the
* clear-text code.
*/
String[] initRestore( UserCredentials credentials );
-
+
/**
* Tests whether the given token and code are valid for the given user name.
* If true, it will update the user credentials identified by the given user
* name with the new password. In order to succeed, the given token and code
* must match the ones on the credentials, and the current date must be before
* the expiry date time of the credentials.
- *
- * @param username the user name.
- * @param token the token.
- * @param code the code.
+ *
+ * @param username the user name.
+ * @param token the token.
+ * @param code the code.
* @param newPassword the proposed new password.
* @return true or false.
*/
boolean restore( String username, String token, String code, String newPassword );
-
+
/**
* Tests whether the given token in combination with the given user name is
* valid, i.e. whether the hashed version of the token matches the one on the
* user credentials identified by the given user name.
- *
+ *
* @param username the user name.
- * @param token the token.
+ * @param token the token.
* @return false if any of the arguments are null or if the user credentials
* identified by the user name does not exist, true if the arguments
* are valid.
*/
boolean verifyToken( String username, String token );
+
+ /**
+ * Checks whether current user has write access to object.
+ *
+ * @param identifiableObject Object to check for write access.
+ * @return true of false depending on outcome of writable check
+ */
+ boolean isWritable( IdentifiableObject identifiableObject );
+
+ /**
+ * Checks whether current user has read access to object.
+ *
+ * @param identifiableObject Object to check for read access.
+ * @return true of false depending on outcome of readable check
+ */
+ boolean isReadable( IdentifiableObject identifiableObject );
}
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/userGroupAccess.hbm.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/userGroupAccess.hbm.xml 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/userGroupAccess.hbm.xml 2012-12-27 14:07:54 +0000
@@ -0,0 +1,19 @@
+<?xml version="1.0"?>
+<!DOCTYPE hibernate-mapping PUBLIC
+ "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
+ "http://www.hibernate.org/dtd/hibernate-mapping-3.0.dtd";
+ >
+
+<hibernate-mapping>
+ <class name="org.hisp.dhis.user.UserGroupAccess" table="usergroupaccess">
+
+ <id name="id" column="usergroupaccessid">
+ <generator class="native" />
+ </id>
+
+ <property name="access" />
+
+ <many-to-one name="userGroup" column="usergroupid" class="org.hisp.dhis.user.UserGroup" foreign-key="fk_usergroupaccess_usergroup" />
+
+ </class>
+</hibernate-mapping>
