← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14336: moved sharing related classes into its own package, org.hisp.dhis.sharing

 

------------------------------------------------------------
revno: 14336
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-03-21 10:41:08 +0100
message:
  moved sharing related classes into its own package, org.hisp.dhis.sharing
removed:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/Access.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AccessStringHelper.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java
added:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/Access.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/AccessStringHelper.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/SharingUtils.java
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java
  dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultDimensionService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
  dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java
  dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java
  dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/Access.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/Access.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/Access.java	1970-01-01 00:00:00 +0000
@@ -1,128 +0,0 @@
-package org.hisp.dhis.common;
-
-/*
- * Copyright (c) 2004-2014, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import com.fasterxml.jackson.annotation.JsonProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
-import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 )
-public class Access
-{
-    private boolean manage;
-
-    private boolean externalize;
-
-    private boolean write;
-
-    private boolean read;
-
-    private boolean update;
-
-    private boolean delete;
-
-    public Access()
-    {
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isManage()
-    {
-        return manage;
-    }
-
-    public void setManage( boolean manage )
-    {
-        this.manage = manage;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isExternalize()
-    {
-        return externalize;
-    }
-
-    public void setExternalize( boolean externalize )
-    {
-        this.externalize = externalize;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isWrite()
-    {
-        return write;
-    }
-
-    public void setWrite( boolean write )
-    {
-        this.write = write;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isRead()
-    {
-        return read;
-    }
-
-    public void setRead( boolean read )
-    {
-        this.read = read;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isUpdate()
-    {
-        return update;
-    }
-
-    public void setUpdate( boolean update )
-    {
-        this.update = update;
-    }
-
-    @JsonProperty
-    @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 )
-    public boolean isDelete()
-    {
-        return delete;
-    }
-
-    public void setDelete( boolean delete )
-    {
-        this.delete = delete;
-    }
-}

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AccessStringHelper.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AccessStringHelper.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AccessStringHelper.java	1970-01-01 00:00:00 +0000
@@ -1,129 +0,0 @@
-package org.hisp.dhis.common;
-
-/*
- * Copyright (c) 2004-2014, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/**
- * Currently only the two first positions in the access string are used - rw.
- *
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class AccessStringHelper
-{
-    public static final String DEFAULT_ACCESS = "--------";
-
-    public static enum Permission
-    {
-        READ( 'r', 0 ), WRITE( 'w', 1 );
-
-        private char value;
-
-        private int position;
-
-        private Permission( char value, int position )
-        {
-            this.value = value;
-            this.position = position;
-        }
-
-        public char getValue()
-        {
-            return value;
-        }
-
-        public int getPosition()
-        {
-            return position;
-        }
-    }
-
-    private char[] access = DEFAULT_ACCESS.toCharArray();
-
-    public AccessStringHelper()
-    {
-    }
-
-    public AccessStringHelper( char[] access )
-    {
-        this.access = access;
-    }
-
-    public AccessStringHelper( String access )
-    {
-        this.access = access.toCharArray();
-    }
-
-    public static AccessStringHelper newInstance()
-    {
-        return new AccessStringHelper();
-    }
-
-    public static AccessStringHelper newInstance( char[] access )
-    {
-        return new AccessStringHelper( access );
-    }
-
-    public AccessStringHelper enable( Permission permission )
-    {
-        access[permission.getPosition()] = permission.getValue();
-
-        return this;
-    }
-
-    public AccessStringHelper disable( Permission permission )
-    {
-        access[permission.getPosition()] = '-';
-
-        return this;
-    }
-
-    public String build()
-    {
-        return new String( access );
-    }
-
-    public String toString()
-    {
-        return build();
-    }
-
-    public static boolean canRead( String access )
-    {
-        return isEnabled( access, Permission.READ );
-    }
-
-    public static boolean canWrite( String access )
-    {
-        return isEnabled( access, Permission.WRITE );
-    }
-
-    public static boolean isEnabled( String access, Permission permission )
-    {
-        return access != null && access.charAt( permission.getPosition() ) == permission.getValue();
-    }
-}

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java	2014-03-21 09:41:08 +0000
@@ -40,6 +40,7 @@
 import org.hisp.dhis.common.view.SharingBasicView;
 import org.hisp.dhis.common.view.SharingDetailedView;
 import org.hisp.dhis.common.view.SharingExportView;
+import org.hisp.dhis.sharing.Access;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserGroupAccess;
 

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java	2014-03-21 09:41:08 +0000
@@ -28,6 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+import org.hisp.dhis.sharing.Access;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserGroupAccess;
 

=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/SharingUtils.java	1970-01-01 00:00:00 +0000
@@ -1,373 +0,0 @@
-package org.hisp.dhis.common;
-
-/*
- * Copyright (c) 2004-2014, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-import org.hisp.dhis.chart.Chart;
-import org.hisp.dhis.dashboard.Dashboard;
-import org.hisp.dhis.datadictionary.DataDictionary;
-import org.hisp.dhis.dataelement.CategoryOptionGroup;
-import org.hisp.dhis.dataelement.CategoryOptionGroupSet;
-import org.hisp.dhis.dataelement.DataElement;
-import org.hisp.dhis.dataelement.DataElementCategory;
-import org.hisp.dhis.dataelement.DataElementCategoryCombo;
-import org.hisp.dhis.dataelement.DataElementCategoryOption;
-import org.hisp.dhis.dataset.DataSet;
-import org.hisp.dhis.document.Document;
-import org.hisp.dhis.indicator.Indicator;
-import org.hisp.dhis.indicator.IndicatorGroup;
-import org.hisp.dhis.indicator.IndicatorGroupSet;
-import org.hisp.dhis.interpretation.Interpretation;
-import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
-import org.hisp.dhis.program.Program;
-import org.hisp.dhis.report.Report;
-import org.hisp.dhis.reporttable.ReportTable;
-import org.hisp.dhis.user.User;
-import org.hisp.dhis.user.UserGroup;
-import org.hisp.dhis.user.UserGroupAccess;
-import org.springframework.util.Assert;
-import org.springframework.util.CollectionUtils;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public final class SharingUtils
-{
-    public static Map<Class<? extends IdentifiableObject>, String> EXTERNAL_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
-
-    public static Map<Class<? extends IdentifiableObject>, String> PUBLIC_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
-
-    public static Map<Class<? extends IdentifiableObject>, String> PRIVATE_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
-
-    public static final Map<String, Class<? extends IdentifiableObject>> SUPPORTED_TYPES = new HashMap<String, Class<? extends IdentifiableObject>>();
-
-    public static final List<String> SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" );
-
-    private static void addType( Class<? extends IdentifiableObject> clazz, String name, String externalAuth, String publicAuth, String privateAuth )
-    {
-        Assert.notNull( clazz );
-        Assert.hasLength( name );
-
-        SUPPORTED_TYPES.put( name, clazz );
-
-        if ( externalAuth != null )
-        {
-            EXTERNAL_AUTHORITIES.put( clazz, externalAuth );
-        }
-
-        if ( publicAuth != null )
-        {
-            PUBLIC_AUTHORITIES.put( clazz, publicAuth );
-        }
-
-        if ( privateAuth != null )
-        {
-            PRIVATE_AUTHORITIES.put( clazz, privateAuth );
-        }
-    }
-
-    static
-    {
-        addType( Document.class, "document", null, "F_DOCUMENT_PUBLIC_ADD", "F_DOCUMENT_PRIVATE_ADD" );
-        addType( Report.class, "report", null, "F_REPORT_PUBLIC_ADD", "F_REPORT_PRIVATE_ADD" );
-        addType( DataSet.class, "dataSet", null, "F_DATASET_PUBLIC_ADD", "F_DATASET_PRIVATE_ADD" );
-        addType( DataDictionary.class, "dataDictionary", null, "F_DATADICTIONARY_PUBLIC_ADD", "F_DATADICTIONARY_PRIVATE_ADD" );
-        addType( DataElement.class, "dataElement", null, "F_DATAELEMENT_PUBLIC_ADD", "F_DATAELEMENT_PRIVATE_ADD" );
-        addType( DataElementCategory.class, "category", null, "F_CATEGORY_PUBLIC_ADD", "F_CATEGORY_PRIVATE_ADD" );
-        addType( DataElementCategoryOption.class, "categoryOption", null, "F_CATEGORY_OPTION_PUBLIC_ADD", "F_CATEGORY_OPTION_PRIVATE_ADD" );
-        addType( CategoryOptionGroup.class, "categoryOptionGroup", null, "F_CATEGORY_OPTION_GROUP_PUBLIC_ADD", "F_CATEGORY_OPTION_GROUP_PRIVATE_ADD" );
-        addType( CategoryOptionGroupSet.class, "categoryOptionGroupSet", null, "F_CATEGORY_OPTION_GROUP_SET_PUBLIC_ADD", "F_CATEGORY_OPTION_GROUP_SET_PRIVATE_ADD" );
-        addType( DataElementCategoryCombo.class, "categoryCombo", null, "F_CATEGORY_COMBO_PUBLIC_ADD", "F_CATEGORY_COMBO_PRIVATE_ADD" );
-        addType( OrganisationUnitGroup.class, "organisationUnitGroup", null, "F_ORGUNITGROUP_PUBLIC_ADD", "F_ORGUNITGROUP_PRIVATE_ADD" );
-        addType( Indicator.class, "indicator", null, "F_INDICATOR_PUBLIC_ADD", "F_INDICATOR_PRIVATE_ADD" );
-        addType( IndicatorGroup.class, "indicatorGroup", null, "F_INDICATORGROUP_PUBLIC_ADD", "F_INDICATORGROUP_PRIVATE_ADD" );
-        addType( IndicatorGroupSet.class, "indicatorGroupSet", null, "F_INDICATORGROUPSET_PUBLIC_ADD", "F_INDICATORGROUPSET_PRIVATE_ADD" );
-        addType( Program.class, "program", null, "F_PROGRAM_PUBLIC_ADD", "F_PROGRAM_PRIVATE_ADD" );
-        addType( UserGroup.class, "userGroup", null, "F_USERGROUP_PUBLIC_ADD", null );
-        
-        addType( org.hisp.dhis.mapping.Map.class, "map", "F_MAP_EXTERNAL", "F_MAP_PUBLIC_ADD", null );
-        addType( Chart.class, "chart", "F_CHART_EXTERNAL", "F_CHART_PUBLIC_ADD", null );
-        addType( ReportTable.class, "reportTable", "F_REPORTTABLE_EXTERNAL", "F_REPORTTABLE_PUBLIC_ADD", null );
-        addType( Report.class, "report", "F_REPORT_EXTERNAL", "F_REPORT_PUBLIC_ADD", "F_REPORT_PRIVATE_ADD" );
-        addType( Document.class, "document", "F_DOCUMENT_EXTERNAL", "F_DOCUMENT_PUBLIC_ADD", "F_DOCUMENT_PRIVATE_ADD" );
-
-        addType( Dashboard.class, "dashboard", null, "F_DASHBOARD_PUBLIC_ADD", null );
-        addType( Interpretation.class, "interpretation", null, null, null );
-    }
-
-    public static boolean isSupported( String type )
-    {
-        return SUPPORTED_TYPES.containsKey( type );
-    }
-
-    public static boolean isSupported( IdentifiableObject object )
-    {
-        return isSupported( object.getClass() );
-    }
-
-    public static boolean isSupported( Class<?> clazz )
-    {
-        return SUPPORTED_TYPES.containsValue( clazz );
-    }
-
-    public static Class<? extends IdentifiableObject> classForType( String type )
-    {
-        return SUPPORTED_TYPES.get( type );
-    }
-
-    /**
-     * Checks if a user can create a public instance of a certain object.
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Does user have the authority to create public instances of that object
-     *
-     * @param user  User to check against
-     * @param clazz Class to check
-     * @return Result of test
-     */
-    public static <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> clazz )
-    {
-        Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-        return CollectionUtils.containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || authorities.contains( PUBLIC_AUTHORITIES.get( clazz ) );
-    }
-
-    public static <T> boolean defaultPublic( Class<T> clazz )
-    {
-        return !Dashboard.class.isAssignableFrom( clazz );
-    }
-
-    public static boolean canCreatePublic( User user, IdentifiableObject identifiableObject )
-    {
-        return canCreatePublic( user, identifiableObject.getClass() );
-    }
-
-    public static boolean canCreatePublic( User user, String type )
-    {
-        return canCreatePublic( user, SUPPORTED_TYPES.get( type ) );
-    }
-
-    /**
-     * Checks if a user can create a private instance of a certain object.
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Does user have the authority to create private instances of that object
-     *
-     * @param user  User to check against
-     * @param clazz Class to check
-     * @return Result of test
-     */
-    public static <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> clazz )
-    {
-        Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-        return CollectionUtils.containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES )
-            || PRIVATE_AUTHORITIES.get( clazz ) == null
-            || authorities.contains( PRIVATE_AUTHORITIES.get( clazz ) );
-    }
-
-    public static boolean canCreatePrivate( User user, IdentifiableObject identifiableObject )
-    {
-        return canCreatePrivate( user, identifiableObject.getClass() );
-    }
-
-    public static boolean canCreatePrivate( User user, String type )
-    {
-        return canCreatePrivate( user, SUPPORTED_TYPES.get( type ) );
-    }
-
-    /**
-     * Can user write to this object (create)
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Is the user for the object null?
-     * 3. Is the user of the object equal to current user?
-     * 4. Is the object public write?
-     * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static boolean canWrite( User user, IdentifiableObject object )
-    {
-        //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
-        if ( sharingOverrideAuthority( user )
-            || (object.getUser() == null && canCreatePublic( user, object ) && PRIVATE_AUTHORITIES.get( object.getClass() ) != null)
-            || (user != null && user.equals( object.getUser() ))
-            //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
-            || ((object instanceof User) && canCreatePrivate( user, object ))
-            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Can user read this object
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Is the user for the object null?
-     * 3. Is the user of the object equal to current user?
-     * 4. Is the object public read?
-     * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static boolean canRead( User user, IdentifiableObject object )
-    {
-        if ( sharingOverrideAuthority( user )
-            || UserGroup.class.isAssignableFrom( object.getClass() )
-            || object.getUser() == null
-            || user.equals( object.getUser() )
-            || AccessStringHelper.canRead( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Can user update this object
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static boolean canUpdate( User user, IdentifiableObject object )
-    {
-        return canWrite( user, object );
-    }
-
-    /**
-     * Can user delete this object
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static boolean canDelete( User user, IdentifiableObject object )
-    {
-        return canWrite( user, object );
-    }
-
-    /**
-     * Can user manage (make public) this object
-     * <p/>
-     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
-     * 2. Can user write to this object?
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static boolean canManage( User user, IdentifiableObject object )
-    {
-        if ( sharingOverrideAuthority( user )
-            || (object.getUser() == null && canCreatePublic( user, object ) && PRIVATE_AUTHORITIES.get( object.getClass() ) != null)
-            || user.equals( object.getUser() )
-            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
-        {
-            return true;
-        }
-
-        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
-        {
-            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
-                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
-            {
-                return true;
-            }
-        }
-
-        return false;
-    }
-
-    /**
-     * Can user make this object external? (read with no login)
-     *
-     * @param user   User to check against
-     * @param object Object to check
-     * @return Result of test
-     */
-    public static <T extends IdentifiableObject> boolean canExternalize( User user, T object )
-    {
-        if ( user == null )
-        {
-            return false;
-        }
-
-        Set<String> authorities = user.getUserCredentials().getAllAuthorities();
-
-        return EXTERNAL_AUTHORITIES.get( object.getClass() ) != null &&
-            (sharingOverrideAuthority( user ) || authorities.contains( EXTERNAL_AUTHORITIES.get( object.getClass() ) ));
-    }
-
-    private static boolean sharingOverrideAuthority( User user )
-    {
-        return user == null || CollectionUtils.containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES );
-    }
-
-    private SharingUtils()
-    {
-    }
-}

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java	2014-03-21 09:41:08 +0000
@@ -35,7 +35,7 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
 import org.hisp.dhis.chart.Chart;
-import org.hisp.dhis.common.AccessStringHelper;
+import org.hisp.dhis.sharing.AccessStringHelper;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.DxfNamespaces;
 import org.hisp.dhis.common.IdentifiableObject;

=== added directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing'
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/Access.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/Access.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/Access.java	2014-03-21 09:41:08 +0000
@@ -0,0 +1,129 @@
+package org.hisp.dhis.sharing;
+
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
+import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+import org.hisp.dhis.common.DxfNamespaces;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 )
+public class Access
+{
+    private boolean manage;
+
+    private boolean externalize;
+
+    private boolean write;
+
+    private boolean read;
+
+    private boolean update;
+
+    private boolean delete;
+
+    public Access()
+    {
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isManage()
+    {
+        return manage;
+    }
+
+    public void setManage( boolean manage )
+    {
+        this.manage = manage;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isExternalize()
+    {
+        return externalize;
+    }
+
+    public void setExternalize( boolean externalize )
+    {
+        this.externalize = externalize;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isWrite()
+    {
+        return write;
+    }
+
+    public void setWrite( boolean write )
+    {
+        this.write = write;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isRead()
+    {
+        return read;
+    }
+
+    public void setRead( boolean read )
+    {
+        this.read = read;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isUpdate()
+    {
+        return update;
+    }
+
+    public void setUpdate( boolean update )
+    {
+        this.update = update;
+    }
+
+    @JsonProperty
+    @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 )
+    public boolean isDelete()
+    {
+        return delete;
+    }
+
+    public void setDelete( boolean delete )
+    {
+        this.delete = delete;
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/AccessStringHelper.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/AccessStringHelper.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/AccessStringHelper.java	2014-03-21 09:41:08 +0000
@@ -0,0 +1,129 @@
+package org.hisp.dhis.sharing;
+
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * Currently only the two first positions in the access string are used - rw.
+ *
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class AccessStringHelper
+{
+    public static final String DEFAULT_ACCESS = "--------";
+
+    public static enum Permission
+    {
+        READ( 'r', 0 ), WRITE( 'w', 1 );
+
+        private char value;
+
+        private int position;
+
+        private Permission( char value, int position )
+        {
+            this.value = value;
+            this.position = position;
+        }
+
+        public char getValue()
+        {
+            return value;
+        }
+
+        public int getPosition()
+        {
+            return position;
+        }
+    }
+
+    private char[] access = DEFAULT_ACCESS.toCharArray();
+
+    public AccessStringHelper()
+    {
+    }
+
+    public AccessStringHelper( char[] access )
+    {
+        this.access = access;
+    }
+
+    public AccessStringHelper( String access )
+    {
+        this.access = access.toCharArray();
+    }
+
+    public static AccessStringHelper newInstance()
+    {
+        return new AccessStringHelper();
+    }
+
+    public static AccessStringHelper newInstance( char[] access )
+    {
+        return new AccessStringHelper( access );
+    }
+
+    public AccessStringHelper enable( Permission permission )
+    {
+        access[permission.getPosition()] = permission.getValue();
+
+        return this;
+    }
+
+    public AccessStringHelper disable( Permission permission )
+    {
+        access[permission.getPosition()] = '-';
+
+        return this;
+    }
+
+    public String build()
+    {
+        return new String( access );
+    }
+
+    public String toString()
+    {
+        return build();
+    }
+
+    public static boolean canRead( String access )
+    {
+        return isEnabled( access, Permission.READ );
+    }
+
+    public static boolean canWrite( String access )
+    {
+        return isEnabled( access, Permission.WRITE );
+    }
+
+    public static boolean isEnabled( String access, Permission permission )
+    {
+        return access != null && access.charAt( permission.getPosition() ) == permission.getValue();
+    }
+}

=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/SharingUtils.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/SharingUtils.java	1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/sharing/SharingUtils.java	2014-03-21 09:41:08 +0000
@@ -0,0 +1,374 @@
+package org.hisp.dhis.sharing;
+
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import org.hisp.dhis.chart.Chart;
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.dashboard.Dashboard;
+import org.hisp.dhis.datadictionary.DataDictionary;
+import org.hisp.dhis.dataelement.CategoryOptionGroup;
+import org.hisp.dhis.dataelement.CategoryOptionGroupSet;
+import org.hisp.dhis.dataelement.DataElement;
+import org.hisp.dhis.dataelement.DataElementCategory;
+import org.hisp.dhis.dataelement.DataElementCategoryCombo;
+import org.hisp.dhis.dataelement.DataElementCategoryOption;
+import org.hisp.dhis.dataset.DataSet;
+import org.hisp.dhis.document.Document;
+import org.hisp.dhis.indicator.Indicator;
+import org.hisp.dhis.indicator.IndicatorGroup;
+import org.hisp.dhis.indicator.IndicatorGroupSet;
+import org.hisp.dhis.interpretation.Interpretation;
+import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
+import org.hisp.dhis.program.Program;
+import org.hisp.dhis.report.Report;
+import org.hisp.dhis.reporttable.ReportTable;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroup;
+import org.hisp.dhis.user.UserGroupAccess;
+import org.springframework.util.Assert;
+import org.springframework.util.CollectionUtils;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public final class SharingUtils
+{
+    public static Map<Class<? extends IdentifiableObject>, String> EXTERNAL_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
+
+    public static Map<Class<? extends IdentifiableObject>, String> PUBLIC_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
+
+    public static Map<Class<? extends IdentifiableObject>, String> PRIVATE_AUTHORITIES = new HashMap<Class<? extends IdentifiableObject>, String>();
+
+    public static final Map<String, Class<? extends IdentifiableObject>> SUPPORTED_TYPES = new HashMap<String, Class<? extends IdentifiableObject>>();
+
+    public static final List<String> SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" );
+
+    private static void addType( Class<? extends IdentifiableObject> clazz, String name, String externalAuth, String publicAuth, String privateAuth )
+    {
+        Assert.notNull( clazz );
+        Assert.hasLength( name );
+
+        SUPPORTED_TYPES.put( name, clazz );
+
+        if ( externalAuth != null )
+        {
+            EXTERNAL_AUTHORITIES.put( clazz, externalAuth );
+        }
+
+        if ( publicAuth != null )
+        {
+            PUBLIC_AUTHORITIES.put( clazz, publicAuth );
+        }
+
+        if ( privateAuth != null )
+        {
+            PRIVATE_AUTHORITIES.put( clazz, privateAuth );
+        }
+    }
+
+    static
+    {
+        addType( Document.class, "document", null, "F_DOCUMENT_PUBLIC_ADD", "F_DOCUMENT_PRIVATE_ADD" );
+        addType( Report.class, "report", null, "F_REPORT_PUBLIC_ADD", "F_REPORT_PRIVATE_ADD" );
+        addType( DataSet.class, "dataSet", null, "F_DATASET_PUBLIC_ADD", "F_DATASET_PRIVATE_ADD" );
+        addType( DataDictionary.class, "dataDictionary", null, "F_DATADICTIONARY_PUBLIC_ADD", "F_DATADICTIONARY_PRIVATE_ADD" );
+        addType( DataElement.class, "dataElement", null, "F_DATAELEMENT_PUBLIC_ADD", "F_DATAELEMENT_PRIVATE_ADD" );
+        addType( DataElementCategory.class, "category", null, "F_CATEGORY_PUBLIC_ADD", "F_CATEGORY_PRIVATE_ADD" );
+        addType( DataElementCategoryOption.class, "categoryOption", null, "F_CATEGORY_OPTION_PUBLIC_ADD", "F_CATEGORY_OPTION_PRIVATE_ADD" );
+        addType( CategoryOptionGroup.class, "categoryOptionGroup", null, "F_CATEGORY_OPTION_GROUP_PUBLIC_ADD", "F_CATEGORY_OPTION_GROUP_PRIVATE_ADD" );
+        addType( CategoryOptionGroupSet.class, "categoryOptionGroupSet", null, "F_CATEGORY_OPTION_GROUP_SET_PUBLIC_ADD", "F_CATEGORY_OPTION_GROUP_SET_PRIVATE_ADD" );
+        addType( DataElementCategoryCombo.class, "categoryCombo", null, "F_CATEGORY_COMBO_PUBLIC_ADD", "F_CATEGORY_COMBO_PRIVATE_ADD" );
+        addType( OrganisationUnitGroup.class, "organisationUnitGroup", null, "F_ORGUNITGROUP_PUBLIC_ADD", "F_ORGUNITGROUP_PRIVATE_ADD" );
+        addType( Indicator.class, "indicator", null, "F_INDICATOR_PUBLIC_ADD", "F_INDICATOR_PRIVATE_ADD" );
+        addType( IndicatorGroup.class, "indicatorGroup", null, "F_INDICATORGROUP_PUBLIC_ADD", "F_INDICATORGROUP_PRIVATE_ADD" );
+        addType( IndicatorGroupSet.class, "indicatorGroupSet", null, "F_INDICATORGROUPSET_PUBLIC_ADD", "F_INDICATORGROUPSET_PRIVATE_ADD" );
+        addType( Program.class, "program", null, "F_PROGRAM_PUBLIC_ADD", "F_PROGRAM_PRIVATE_ADD" );
+        addType( UserGroup.class, "userGroup", null, "F_USERGROUP_PUBLIC_ADD", null );
+        
+        addType( org.hisp.dhis.mapping.Map.class, "map", "F_MAP_EXTERNAL", "F_MAP_PUBLIC_ADD", null );
+        addType( Chart.class, "chart", "F_CHART_EXTERNAL", "F_CHART_PUBLIC_ADD", null );
+        addType( ReportTable.class, "reportTable", "F_REPORTTABLE_EXTERNAL", "F_REPORTTABLE_PUBLIC_ADD", null );
+        addType( Report.class, "report", "F_REPORT_EXTERNAL", "F_REPORT_PUBLIC_ADD", "F_REPORT_PRIVATE_ADD" );
+        addType( Document.class, "document", "F_DOCUMENT_EXTERNAL", "F_DOCUMENT_PUBLIC_ADD", "F_DOCUMENT_PRIVATE_ADD" );
+
+        addType( Dashboard.class, "dashboard", null, "F_DASHBOARD_PUBLIC_ADD", null );
+        addType( Interpretation.class, "interpretation", null, null, null );
+    }
+
+    public static boolean isSupported( String type )
+    {
+        return SUPPORTED_TYPES.containsKey( type );
+    }
+
+    public static boolean isSupported( IdentifiableObject object )
+    {
+        return isSupported( object.getClass() );
+    }
+
+    public static boolean isSupported( Class<?> clazz )
+    {
+        return SUPPORTED_TYPES.containsValue( clazz );
+    }
+
+    public static Class<? extends IdentifiableObject> classForType( String type )
+    {
+        return SUPPORTED_TYPES.get( type );
+    }
+
+    /**
+     * Checks if a user can create a public instance of a certain object.
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Does user have the authority to create public instances of that object
+     *
+     * @param user  User to check against
+     * @param clazz Class to check
+     * @return Result of test
+     */
+    public static <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> clazz )
+    {
+        Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
+        return CollectionUtils.containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || authorities.contains( PUBLIC_AUTHORITIES.get( clazz ) );
+    }
+
+    public static <T> boolean defaultPublic( Class<T> clazz )
+    {
+        return !Dashboard.class.isAssignableFrom( clazz );
+    }
+
+    public static boolean canCreatePublic( User user, IdentifiableObject identifiableObject )
+    {
+        return canCreatePublic( user, identifiableObject.getClass() );
+    }
+
+    public static boolean canCreatePublic( User user, String type )
+    {
+        return canCreatePublic( user, SUPPORTED_TYPES.get( type ) );
+    }
+
+    /**
+     * Checks if a user can create a private instance of a certain object.
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Does user have the authority to create private instances of that object
+     *
+     * @param user  User to check against
+     * @param clazz Class to check
+     * @return Result of test
+     */
+    public static <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> clazz )
+    {
+        Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
+        return CollectionUtils.containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES )
+            || PRIVATE_AUTHORITIES.get( clazz ) == null
+            || authorities.contains( PRIVATE_AUTHORITIES.get( clazz ) );
+    }
+
+    public static boolean canCreatePrivate( User user, IdentifiableObject identifiableObject )
+    {
+        return canCreatePrivate( user, identifiableObject.getClass() );
+    }
+
+    public static boolean canCreatePrivate( User user, String type )
+    {
+        return canCreatePrivate( user, SUPPORTED_TYPES.get( type ) );
+    }
+
+    /**
+     * Can user write to this object (create)
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Is the user for the object null?
+     * 3. Is the user of the object equal to current user?
+     * 4. Is the object public write?
+     * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static boolean canWrite( User user, IdentifiableObject object )
+    {
+        //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
+        if ( sharingOverrideAuthority( user )
+            || (object.getUser() == null && canCreatePublic( user, object ) && PRIVATE_AUTHORITIES.get( object.getClass() ) != null)
+            || (user != null && user.equals( object.getUser() ))
+            //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
+            || ((object instanceof User) && canCreatePrivate( user, object ))
+            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Can user read this object
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Is the user for the object null?
+     * 3. Is the user of the object equal to current user?
+     * 4. Is the object public read?
+     * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static boolean canRead( User user, IdentifiableObject object )
+    {
+        if ( sharingOverrideAuthority( user )
+            || UserGroup.class.isAssignableFrom( object.getClass() )
+            || object.getUser() == null
+            || user.equals( object.getUser() )
+            || AccessStringHelper.canRead( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Can user update this object
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static boolean canUpdate( User user, IdentifiableObject object )
+    {
+        return canWrite( user, object );
+    }
+
+    /**
+     * Can user delete this object
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static boolean canDelete( User user, IdentifiableObject object )
+    {
+        return canWrite( user, object );
+    }
+
+    /**
+     * Can user manage (make public) this object
+     * <p/>
+     * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+     * 2. Can user write to this object?
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static boolean canManage( User user, IdentifiableObject object )
+    {
+        if ( sharingOverrideAuthority( user )
+            || (object.getUser() == null && canCreatePublic( user, object ) && PRIVATE_AUTHORITIES.get( object.getClass() ) != null)
+            || user.equals( object.getUser() )
+            || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+        {
+            return true;
+        }
+
+        for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+        {
+            if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+                && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+            {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Can user make this object external? (read with no login)
+     *
+     * @param user   User to check against
+     * @param object Object to check
+     * @return Result of test
+     */
+    public static <T extends IdentifiableObject> boolean canExternalize( User user, T object )
+    {
+        if ( user == null )
+        {
+            return false;
+        }
+
+        Set<String> authorities = user.getUserCredentials().getAllAuthorities();
+
+        return EXTERNAL_AUTHORITIES.get( object.getClass() ) != null &&
+            (sharingOverrideAuthority( user ) || authorities.contains( EXTERNAL_AUTHORITIES.get( object.getClass() ) ));
+    }
+
+    private static boolean sharingOverrideAuthority( User user )
+    {
+        return user == null || CollectionUtils.containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES );
+    }
+
+    private SharingUtils()
+    {
+    }
+}

=== modified file 'dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java'
--- dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java	2014-03-21 09:41:08 +0000
@@ -28,6 +28,7 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+import org.hisp.dhis.sharing.AccessStringHelper;
 import org.junit.Assert;
 import org.junit.Test;
 

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultDimensionService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultDimensionService.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultDimensionService.java	2014-03-21 09:41:08 +0000
@@ -72,6 +72,7 @@
 import org.hisp.dhis.period.PeriodType;
 import org.hisp.dhis.period.RelativePeriodEnum;
 import org.hisp.dhis.period.RelativePeriods;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.system.util.UniqueArrayList;
 import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2014-03-21 09:41:08 +0000
@@ -32,7 +32,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.hisp.dhis.common.CodeGenerator;
 import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.message.MessageSender;
 import org.hisp.dhis.period.Cal;
 import org.hisp.dhis.setting.SystemSettingManager;

=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java	2014-03-21 09:41:08 +0000
@@ -48,7 +48,7 @@
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.NameableObject;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.dataelement.DataElementOperand;
 import org.hisp.dhis.dataelement.DataElementOperandService;
 import org.hisp.dhis.dataentryform.DataEntryForm;

=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2014-03-21 09:41:08 +0000
@@ -36,12 +36,12 @@
 import org.hibernate.Session;
 import org.hibernate.SessionFactory;
 import org.hibernate.criterion.Criterion;
-import org.hisp.dhis.common.AccessStringHelper;
+import org.hisp.dhis.sharing.AccessStringHelper;
 import org.hisp.dhis.common.AuditLogUtil;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.GenericStore;
 import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.dashboard.Dashboard;
 import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
 import org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java	2014-03-21 09:41:08 +0000
@@ -32,13 +32,13 @@
 import org.hisp.dhis.api.controller.exception.NotFoundException;
 import org.hisp.dhis.api.controller.exception.NotFoundForQueryException;
 import org.hisp.dhis.api.utils.WebUtils;
-import org.hisp.dhis.common.Access;
+import org.hisp.dhis.sharing.Access;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;
 import org.hisp.dhis.common.Pager;
 import org.hisp.dhis.common.PagerUtils;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.dxf2.filter.FilterService;
 import org.hisp.dhis.dxf2.metadata.ExchangeClasses;
 import org.hisp.dhis.dxf2.utils.JacksonUtils;

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java	2014-03-21 09:41:08 +0000
@@ -34,11 +34,11 @@
 import org.hisp.dhis.api.webdomain.sharing.Sharing;
 import org.hisp.dhis.api.webdomain.sharing.SharingUserGroupAccess;
 import org.hisp.dhis.api.webdomain.sharing.SharingUserGroups;
-import org.hisp.dhis.common.AccessStringHelper;
+import org.hisp.dhis.sharing.AccessStringHelper;
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.dxf2.utils.JacksonUtils;
 import org.hisp.dhis.security.SecurityService;
 import org.hisp.dhis.user.CurrentUserService;

=== modified file 'dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java'
--- dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java	2014-03-21 09:41:08 +0000
@@ -37,7 +37,7 @@
 import java.util.Set;
 
 import org.hisp.dhis.common.ListMap;
-import org.hisp.dhis.common.SharingUtils;
+import org.hisp.dhis.sharing.SharingUtils;
 import org.hisp.dhis.common.comparator.IdentifiableObjectNameComparator;
 import org.hisp.dhis.dataelement.DataElement;
 import org.hisp.dhis.dataelement.DataElementCategory;