dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #26338
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13050: bypass security when saving orgUnit with orgUnitGroups
------------------------------------------------------------
revno: 13050
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-11-28 15:18:11 +0100
message:
bypass security when saving orgUnit with orgUnitGroups
modified:
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/AddOrganisationUnitAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/UpdateOrganisationUnitAction.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/AddOrganisationUnitAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/AddOrganisationUnitAction.java 2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/AddOrganisationUnitAction.java 2013-11-28 14:18:11 +0000
@@ -28,14 +28,9 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import static org.hisp.dhis.system.util.TextUtils.nullIfEmpty;
-
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-
+import com.opensymphony.xwork2.Action;
import org.hisp.dhis.attribute.AttributeService;
+import org.hisp.dhis.common.IdentifiableObjectManager;
import org.hisp.dhis.dataset.DataSetService;
import org.hisp.dhis.i18n.I18nFormat;
import org.hisp.dhis.organisationunit.OrganisationUnit;
@@ -45,8 +40,14 @@
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
import org.hisp.dhis.system.util.AttributeUtils;
import org.hisp.dhis.system.util.ValidationUtils;
-
-import com.opensymphony.xwork2.Action;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+
+import static org.hisp.dhis.system.util.TextUtils.nullIfEmpty;
/**
* @author Torgeir Lorange Ostby
@@ -100,6 +101,14 @@
this.attributeService = attributeService;
}
+ private IdentifiableObjectManager manager;
+
+ @Autowired
+ public void setManager( IdentifiableObjectManager manager )
+ {
+ this.manager = manager;
+ }
+
// -------------------------------------------------------------------------
// Input & Output
// -------------------------------------------------------------------------
@@ -326,7 +335,8 @@
if ( group != null )
{
group.addOrganisationUnit( organisationUnit );
- organisationUnitGroupService.updateOrganisationUnitGroup( group );
+ // organisationUnitGroupService.updateOrganisationUnitGroup( group );
+ manager.updateNoAcl( group );
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/UpdateOrganisationUnitAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/UpdateOrganisationUnitAction.java 2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/java/org/hisp/dhis/oum/action/organisationunit/UpdateOrganisationUnitAction.java 2013-11-28 14:18:11 +0000
@@ -28,17 +28,9 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import static org.hisp.dhis.system.util.TextUtils.nullIfEmpty;
-import static org.hisp.dhis.system.util.ValidationUtils.coordinateIsValid;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
+import com.opensymphony.xwork2.Action;
import org.hisp.dhis.attribute.AttributeService;
+import org.hisp.dhis.common.IdentifiableObjectManager;
import org.hisp.dhis.dataset.DataSet;
import org.hisp.dhis.dataset.DataSetService;
import org.hisp.dhis.i18n.I18nFormat;
@@ -49,8 +41,17 @@
import org.hisp.dhis.organisationunit.OrganisationUnitService;
import org.hisp.dhis.system.util.AttributeUtils;
import org.hisp.dhis.system.util.ValidationUtils;
-
-import com.opensymphony.xwork2.Action;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import static org.hisp.dhis.system.util.TextUtils.nullIfEmpty;
+import static org.hisp.dhis.system.util.ValidationUtils.coordinateIsValid;
/**
* @author Torgeir Lorange Ostby
@@ -97,6 +98,14 @@
this.attributeService = attributeService;
}
+ private IdentifiableObjectManager manager;
+
+ @Autowired
+ public void setManager( IdentifiableObjectManager manager )
+ {
+ this.manager = manager;
+ }
+
// -------------------------------------------------------------------------
// Input & Output
// -------------------------------------------------------------------------
@@ -352,13 +361,15 @@
if ( oldGroup != null && oldGroup.getMembers().remove( organisationUnit ) )
{
oldGroup.removeOrganisationUnit( organisationUnit );
- organisationUnitGroupService.updateOrganisationUnitGroup( oldGroup );
+ // organisationUnitGroupService.updateOrganisationUnitGroup( oldGroup );
+ manager.updateNoAcl( oldGroup );
}
if ( newGroup != null && newGroup.getMembers().add( organisationUnit ) )
{
newGroup.addOrganisationUnit( organisationUnit );
- organisationUnitGroupService.updateOrganisationUnitGroup( newGroup );
+ // organisationUnitGroupService.updateOrganisationUnitGroup( newGroup );
+ manager.updateNoAcl( newGroup );
}
}
