← Back to team overview

dhis2-devs team mailing list archive

  1. dhis2-devs team
  2. Mailing list archive
  3. Message #21512

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10195: only allow to manage sharing if user have ALL, o.user=user, public write, or group write

  Thread PreviousDate PreviousThread Next 
------------------------------------------------------------
revno: 10195
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-03-14 12:10:11 +0700
message:
  only allow to manage sharing if user have ALL, o.user=user, public write, or group write
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java	2013-03-13 14:19:05 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java	2013-03-14 05:10:11 +0000
@@ -273,7 +273,22 @@
      */
     public static boolean canManage( User user, IdentifiableObject object )
     {
-        return sharingOverrideAuthority( user ) || canWrite( user, object );
+        if ( sharingOverrideAuthority( user ) || user.equals( object.getUser() ) ||
+            AccessStringHelper.canWrite( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
     }
 
     private static boolean sharingOverrideAuthority( User user )
  Thread PreviousDate PreviousThread Next