dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #22553
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10864: validate that current user is allowed to create new instances of program
------------------------------------------------------------
revno: 10864
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2013-05-17 14:16:31 +0700
message:
validate that current user is allowed to create new instances of program
modified:
dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/event/BaseEventService.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/event/BaseEventService.java'
--- dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/event/BaseEventService.java 2013-05-17 06:44:41 +0000
+++ dhis-2/dhis-dxf2/src/main/java/org/hisp/dhis/dxf2/event/BaseEventService.java 2013-05-17 07:16:31 +0000
@@ -50,6 +50,7 @@
import org.hisp.dhis.user.CurrentUserService;
import org.springframework.beans.factory.annotation.Autowired;
+import java.util.Collection;
import java.util.Date;
/**
@@ -102,6 +103,15 @@
{
return new ImportSummary( ImportStatus.ERROR, "Event ID does not point to a valid program." );
}
+ else
+ {
+ Collection<Program> programsByCurrentUser = programService.getProgramsByCurrentUser();
+
+ if ( !programsByCurrentUser.contains( program ) )
+ {
+ return new ImportSummary( ImportStatus.ERROR, "Current user does not have permission to access this program." );
+ }
+ }
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( event.getOrganisationUnitId() );
