dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28690
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14349: User access control, impl system setting for defining whether users should be allowed to grant th...
------------------------------------------------------------
revno: 14349
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2014-03-23 19:26:50 +0100
message:
User access control, impl system setting for defining whether users should be allowed to grant their own user roles when creating new users.
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/hibernate/HibernateIdentifiableObjectStore.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/allUser.vm
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/responseUsers.vm
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/user.vm
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2014-03-23 18:26:50 +0000
@@ -86,6 +86,7 @@
final String KEY_SELF_REGISTRATION_NO_RECAPTCHA = "keySelfRegistrationNoRecaptcha";
final String KEY_OPENID_PROVIDER = "keyOpenIdProvider";
final String KEY_OPENID_PROVIDER_LABEL = "keyOpenIdProviderLabel";
+ final String KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS = "keyCanGrantOwnUserAuthorityGroups";
final String DEFAULT_SCHEDULE_AGGREGATE_QUERY_BUILDER_TASK_STRATEGY = "lastMonth";
final String DEFAULT_FLAG = "dhis2";
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2014-03-23 18:26:50 +0000
@@ -235,8 +235,10 @@
* authority.
*
* @param group the user authority group.
+ * @param canGrantOwnUserAuthorityGroups indicates whether this users can grant
+ * its own authoritiy groups to others.
*/
- public boolean canIssue( UserAuthorityGroup group )
+ public boolean canIssue( UserAuthorityGroup group, boolean canGrantOwnUserAuthorityGroups )
{
if ( group == null )
{
@@ -250,7 +252,12 @@
return true;
}
- return !userAuthorityGroups.contains( group ) && authorities.containsAll( group.getAuthorities() );
+ if ( !canGrantOwnUserAuthorityGroups && userAuthorityGroups.contains( group ) )
+ {
+ return false;
+ }
+
+ return authorities.containsAll( group.getAuthorities() );
}
/**
@@ -282,12 +289,14 @@
* groups in the given collection.
*
* @param groups the collection of user authority groups.
+ * @param canGrantOwnUserAuthorityGroups indicates whether this users can grant
+ * its own authoritiy groups to others.
*/
- public boolean canIssueAll( Collection<UserAuthorityGroup> groups )
+ public boolean canIssueAll( Collection<UserAuthorityGroup> groups, boolean canGrantOwnUserAuthorityGroups )
{
for ( UserAuthorityGroup group : groups )
{
- if ( !canIssue( group ) )
+ if ( !canIssue( group, canGrantOwnUserAuthorityGroups ) )
{
return false;
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-03-23 18:26:50 +0000
@@ -248,6 +248,14 @@
int getActiveUsersCount( Date since );
+ /**
+ * Filters the given list of user credentials based on whether the current
+ * user is allowed to update.
+ *
+ * @param userCredentials the list of user credentials.
+ */
+ void canUpdateFilter( Collection<UserCredentials> userCredentials );
+
// -------------------------------------------------------------------------
// UserAuthorityGroup
// -------------------------------------------------------------------------
@@ -325,6 +333,14 @@
int getUserRoleCountByName( String name );
+ /**
+ * Filters the given collection of user roles based on whether the current user
+ * is allowed to issue it.
+ *
+ * @param userRoles the collection of user roles.
+ */
+ void canIssueFilter( Collection<UserAuthorityGroup> userRoles );
+
// -------------------------------------------------------------------------
// UserSettings
// -------------------------------------------------------------------------
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/hibernate/HibernateIdentifiableObjectStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/hibernate/HibernateIdentifiableObjectStore.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/hibernate/HibernateIdentifiableObjectStore.java 2014-03-23 18:26:50 +0000
@@ -307,8 +307,7 @@
return query.list();
}
- // fallback to using name
- return getAllLikeName( shortName );
+ return getAllLikeName( shortName ); // Fallback to name
}
private Query getQueryAllLikeShortNameAcl( String shortName )
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-03-23 18:26:50 +0000
@@ -28,6 +28,17 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import static org.hisp.dhis.setting.SystemSettingManager.KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS;
+
+import java.io.Serializable;
+import java.util.ArrayList;
+import java.util.Calendar;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.common.AuditLogUtil;
@@ -35,22 +46,13 @@
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.period.PeriodType;
import org.hisp.dhis.setting.SystemSettingManager;
+import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
import org.hisp.dhis.system.filter.UserCredentialsCanUpdateFilter;
import org.hisp.dhis.system.util.DateUtils;
import org.hisp.dhis.system.util.Filter;
import org.hisp.dhis.system.util.FilterUtils;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
-import java.io.Serializable;
-import java.util.ArrayList;
-import java.util.Calendar;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
/**
* @author Chau Thu Tran
*/
@@ -94,7 +96,6 @@
private SystemSettingManager systemSettingManager;
- @Autowired
public void setSystemSettingManager( SystemSettingManager systemSettingManager )
{
this.systemSettingManager = systemSettingManager;
@@ -229,9 +230,11 @@
public Collection<UserCredentials> getUsers( final Collection<Integer> identifiers, User user )
{
+ boolean canGrantOwnUserAuthorityGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false );
+
Collection<UserCredentials> userCredentials = getAllUserCredentials();
- FilterUtils.filter( userCredentials, new UserCredentialsCanUpdateFilter( user ) );
+ FilterUtils.filter( userCredentials, new UserCredentialsCanUpdateFilter( user, canGrantOwnUserAuthorityGroups ) );
return identifiers == null ? userCredentials : FilterUtils.filter( userCredentials,
new Filter<UserCredentials>()
@@ -398,6 +401,15 @@
}
}
}
+
+ public void canIssueFilter( Collection<UserAuthorityGroup> userRoles )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ boolean canGrantOwnUserAuthorityGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false );
+
+ FilterUtils.filter( userRoles, new UserAuthorityGroupCanIssueFilter( user, canGrantOwnUserAuthorityGroups ) );
+ }
// -------------------------------------------------------------------------
// UserCredentials
@@ -527,6 +539,15 @@
{
return userCredentialsStore.getActiveUsersCount( since );
}
+
+ public void canUpdateFilter( Collection<UserCredentials> userCredentials )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ boolean canGrantOwnUserAuthorityGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false );
+
+ FilterUtils.filter( userCredentials, new UserCredentialsCanUpdateFilter( user, canGrantOwnUserAuthorityGroups ) );
+ }
// -------------------------------------------------------------------------
// UserSettings
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-21 10:31:50 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-23 18:26:50 +0000
@@ -566,6 +566,7 @@
<property name="userCredentialsStore" ref="org.hisp.dhis.user.UserCredentialsStore" />
<property name="userAuthorityGroupStore" ref="org.hisp.dhis.user.UserAuthorityGroupStore" />
<property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
+ <property name="systemSettingManager" ref="org.hisp.dhis.setting.SystemSettingManager" />
</bean>
<bean id="org.hisp.dhis.user.UserGroupService" class="org.hisp.dhis.user.DefaultUserGroupService">
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupCanIssueFilter.java 2014-03-23 18:26:50 +0000
@@ -41,21 +41,24 @@
{
private UserCredentials userCredentials;
+ private boolean canGrantOwnUserAuthorityGroups = false;
+
protected UserAuthorityGroupCanIssueFilter()
{
}
- public UserAuthorityGroupCanIssueFilter( User user )
+ public UserAuthorityGroupCanIssueFilter( User user, boolean canGrantOwnUserAuthorityGroups )
{
if ( user != null && user.getUserCredentials() != null )
{
this.userCredentials = user.getUserCredentials();
+ this.canGrantOwnUserAuthorityGroups = canGrantOwnUserAuthorityGroups;
}
}
@Override
public boolean retain( UserAuthorityGroup group )
{
- return userCredentials != null && userCredentials.canIssue( group );
+ return userCredentials != null && userCredentials.canIssue( group, canGrantOwnUserAuthorityGroups );
}
}
\ No newline at end of file
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserCredentialsCanUpdateFilter.java 2014-03-23 18:26:50 +0000
@@ -40,21 +40,24 @@
{
private UserCredentials userCredentials;
+ private boolean canGrantOwnUserAuthorityGroups = false;
+
protected UserCredentialsCanUpdateFilter()
{
}
- public UserCredentialsCanUpdateFilter( User user )
+ public UserCredentialsCanUpdateFilter( User user, boolean canGrantOwnUserAuthorityGroups )
{
if ( user != null && user.getUserCredentials() != null )
{
this.userCredentials = user.getUserCredentials();
+ this.canGrantOwnUserAuthorityGroups = canGrantOwnUserAuthorityGroups;
}
}
@Override
public boolean retain( UserCredentials credentials )
{
- return userCredentials != null && credentials != null && userCredentials.canIssueAll( credentials.getUserAuthorityGroups() );
+ return userCredentials != null && credentials != null && userCredentials.canIssueAll( credentials.getUserAuthorityGroups(), canGrantOwnUserAuthorityGroups );
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUserRolesAction.java 2014-03-23 18:26:50 +0000
@@ -33,9 +33,6 @@
import java.util.List;
import org.hisp.dhis.paging.ActionPagingSupport;
-import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
-import org.hisp.dhis.system.util.FilterUtils;
-import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserService;
import org.hisp.dhis.user.comparator.UserRoleComparator;
@@ -57,13 +54,6 @@
this.userService = userService;
}
- private CurrentUserService currentUserService;
-
- public void setCurrentUserService( CurrentUserService currentUserService )
- {
- this.currentUserService = currentUserService;
- }
-
// -------------------------------------------------------------------------
// Input & Output
// -------------------------------------------------------------------------
@@ -84,8 +74,8 @@
{
userRoles = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
- FilterUtils.filter( userRoles, new UserAuthorityGroupCanIssueFilter( currentUserService.getCurrentUser() ) );
-
+ userService.canIssueFilter( userRoles );
+
Collections.sort( userRoles, new UserRoleComparator() );
if ( usePaging )
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2014-03-23 18:26:50 +0000
@@ -102,6 +102,7 @@
map.put( KEY_SELF_REGISTRATION_NO_RECAPTCHA, systemSettingManager.selfRegistrationNoRecaptcha() );
map.put( KEY_OPENID_PROVIDER, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER ) );
map.put( KEY_OPENID_PROVIDER_LABEL, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER_LABEL ) );
+ map.put( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false ) );
map.put( SYSPROP_PORTAL, defaultIfEmpty( System.getProperty( SYSPROP_PORTAL ), String.valueOf( false ) ) );
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2014-02-10 10:37:03 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/beans.xml 2014-03-23 18:26:50 +0000
@@ -302,7 +302,6 @@
<bean id="org.hisp.dhis.commons.action.GetUserRolesAction" class="org.hisp.dhis.commons.action.GetUserRolesAction"
scope="prototype">
<property name="userService" ref="org.hisp.dhis.user.UserService" />
- <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
</bean>
<bean id="org.hisp.dhis.commons.action.GetUsersAction" class="org.hisp.dhis.commons.action.GetUsersAction" scope="prototype">
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java 2014-03-23 18:26:50 +0000
@@ -98,6 +98,13 @@
{
this.accountInvite = accountInvite;
}
+
+ private Boolean canGrantOwnUserAuthorityGroups;
+
+ public void setCanGrantOwnUserAuthorityGroups( Boolean canGrantOwnUserAuthorityGroups )
+ {
+ this.canGrantOwnUserAuthorityGroups = canGrantOwnUserAuthorityGroups;
+ }
private Integer credentialsExpires;
@@ -164,6 +171,7 @@
systemSettingManager.saveSystemSetting( KEY_ACCOUNT_RECOVERY, accountRecovery );
systemSettingManager.saveSystemSetting( KEY_ACCOUNT_INVITE, accountInvite );
+ systemSettingManager.saveSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, canGrantOwnUserAuthorityGroups );
systemSettingManager.saveSystemSetting( KEY_SELF_REGISTRATION_NO_RECAPTCHA, selfRegistrationNoRecaptcha );
systemSettingManager.saveSystemSetting( KEY_OPENID_PROVIDER, StringUtils.isEmpty( openIdProvider ) ? null : openIdProvider );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2014-03-05 05:52:03 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2014-03-23 18:26:50 +0000
@@ -68,4 +68,5 @@
never=Never
months=Months
openid_provider_label=OpenID Provider Label
-openid_provider=OpenID Provider
\ No newline at end of file
+openid_provider=OpenID Provider
+allow_users_to_grant_own_user_roles=Allow users to grant own user roles
\ No newline at end of file
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm 2014-03-05 05:52:03 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm 2014-03-23 18:26:50 +0000
@@ -7,6 +7,7 @@
selfRegistrationNoRecaptcha: jQuery( '#selfRegistrationNoRecaptcha' ).is( ':checked' ),
accountRecovery: jQuery( '#accountRecovery' ).is( ':checked' ),
accountInvite: jQuery( '#accountInvite' ).is( ':checked' ),
+ canGrantOwnUserAuthorityGroups: jQuery( '#canGrantOwnUserAuthorityGroups' ).is( ':checked' ),
credentialsExpires: jQuery( '#credentialsExpires' ).val(),
openIdProvider: jQuery( '#openIdProvider' ).val(),
openIdProviderLabel: jQuery( '#openIdProviderLabel' ).val()
@@ -62,6 +63,11 @@
<label for="accountInvite">$i18n.getString( "enable_user_account_invite" )</label>
</div>
+<div class="setting">
+ <input type="checkbox" id="canGrantOwnUserAuthorityGroups" name="canGrantOwnUserAuthorityGroups"#if( $keyCanGrantOwnUserAuthorityGroups ) checked="checked"#end>
+ <label for="canGrantOwnUserAuthorityGroups">$i18n.getString( "allow_users_to_grant_own_user_roles" )</label>
+</div>
+
<div class="settingLabel">$i18n.getString( "user_credentials_expires" )</div>
<div class="setting">
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-03-23 18:26:50 +0000
@@ -32,6 +32,7 @@
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
+import java.util.Set;
import javax.servlet.http.HttpServletRequest;
@@ -46,16 +47,15 @@
import org.hisp.dhis.security.SecurityService;
import org.hisp.dhis.system.util.AttributeUtils;
import org.hisp.dhis.system.util.LocaleUtils;
-import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
import org.hisp.dhis.user.UserSetting;
import org.hisp.dhis.user.UserSettingService;
+import org.springframework.util.StringUtils;
import com.opensymphony.xwork2.Action;
-import org.springframework.util.StringUtils;
/**
* @author Torgeir Lorange Ostby
@@ -104,13 +104,6 @@
this.passwordManager = passwordManager;
}
- private CurrentUserService currentUserService;
-
- public void setCurrentUserService( CurrentUserService currentUserService )
- {
- this.currentUserService = currentUserService;
- }
-
private AttributeService attributeService;
public void setAttributeService( AttributeService attributeService )
@@ -239,9 +232,6 @@
public String execute()
throws Exception
{
- UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService
- .getCurrentUser().getUserCredentials() : null;
-
// ---------------------------------------------------------------------
// Prepare values
// ---------------------------------------------------------------------
@@ -293,16 +283,17 @@
user.updateOrganisationUnits( new HashSet<OrganisationUnit>( orgUnits ) );
+ Set<UserAuthorityGroup> userAuthorityGroups = new HashSet<UserAuthorityGroup>();
+
for ( String id : selectedList )
{
- UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
-
- if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
- {
- userCredentials.getUserAuthorityGroups().add( group );
- }
+ userAuthorityGroups.add( userService.getUserAuthorityGroup( Integer.parseInt( id ) ) );
}
+ userService.canIssueFilter( userAuthorityGroups );
+
+ userCredentials.setUserAuthorityGroups( userAuthorityGroups );
+
if ( jsonAttributeValues != null )
{
AttributeUtils.updateAttributeValuesFromJson( user.getAttributeValues(), jsonAttributeValues,
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetOrgunitUserListAction.java 2014-03-23 18:26:50 +0000
@@ -37,9 +37,6 @@
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
import org.hisp.dhis.paging.ActionPagingSupport;
-import org.hisp.dhis.system.filter.UserCredentialsCanUpdateFilter;
-import org.hisp.dhis.system.util.FilterUtils;
-import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
@@ -70,13 +67,6 @@
this.selectionManager = selectionManager;
}
- private CurrentUserService currentUserService;
-
- public void setCurrentUserService( CurrentUserService currentUserService )
- {
- this.currentUserService = currentUserService;
- }
-
// -------------------------------------------------------------------------
// Output
// -------------------------------------------------------------------------
@@ -140,7 +130,7 @@
}
}
- FilterUtils.filter( userCredentialsList, new UserCredentialsCanUpdateFilter( currentUserService.getCurrentUser() ) );
+ userService.canUpdateFilter( userCredentialsList );
Collections.sort( userCredentialsList, new UsernameComparator() );
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/GetUserListAction.java 2014-03-23 18:26:50 +0000
@@ -28,21 +28,18 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import static org.apache.commons.lang.StringUtils.isNotBlank;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.hisp.dhis.paging.ActionPagingSupport;
-import org.hisp.dhis.system.filter.UserCredentialsCanUpdateFilter;
-import org.hisp.dhis.system.util.FilterUtils;
-import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserService;
import org.hisp.dhis.user.comparator.UsernameComparator;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import static org.apache.commons.lang.StringUtils.isNotBlank;
-
/**
* @author Torgeir Lorange Ostby
* @version $Id: GetUserListAction.java 2869 2007-02-20 14:26:09Z andegje $
@@ -61,13 +58,6 @@
this.userService = userService;
}
- private CurrentUserService currentUserService;
-
- public void setCurrentUserService( CurrentUserService currentUserService )
- {
- this.currentUserService = currentUserService;
- }
-
// -------------------------------------------------------------------------
// Input & Output
// -------------------------------------------------------------------------
@@ -79,13 +69,6 @@
return userCredentialsList;
}
- private String currentUserName;
-
- public String getCurrentUserName()
- {
- return currentUserName;
- }
-
private String key;
public void setKey( String key )
@@ -162,10 +145,7 @@
Collections.sort( userCredentialsList, new UsernameComparator() );
}
- FilterUtils.filter( userCredentialsList, new UserCredentialsCanUpdateFilter( currentUserService
- .getCurrentUser() ) );
-
- currentUserName = currentUserService.getCurrentUsername();
+ userService.canUpdateFilter( userCredentialsList );
return SUCCESS;
}
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2014-03-23 18:26:50 +0000
@@ -47,10 +47,7 @@
import org.hisp.dhis.organisationunit.OrganisationUnitGroup;
import org.hisp.dhis.oust.manager.SelectionTreeManager;
import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager;
-import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
import org.hisp.dhis.system.util.AttributeUtils;
-import org.hisp.dhis.system.util.FilterUtils;
-import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
@@ -90,13 +87,6 @@
this.userService = userService;
}
- private CurrentUserService currentUserService;
-
- public void setCurrentUserService( CurrentUserService currentUserService )
- {
- this.currentUserService = currentUserService;
- }
-
private AttributeService attributeService;
public void setAttributeService( AttributeService attributeService )
@@ -201,8 +191,8 @@
{
userAuthorityGroups = new ArrayList<UserAuthorityGroup>( userService.getAllUserAuthorityGroups() );
- FilterUtils.filter( userAuthorityGroups, new UserAuthorityGroupCanIssueFilter( currentUserService.getCurrentUser() ) );
-
+ userService.canIssueFilter( userAuthorityGroups );
+
availableLocales = localeManager.getAvailableLocales();
availableLocalesDb = i18nService.getAvailableLocales();
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-03-23 18:26:50 +0000
@@ -28,7 +28,12 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import com.opensymphony.xwork2.Action;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
import org.hisp.dhis.attribute.AttributeService;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.oust.manager.SelectionTreeManager;
@@ -45,11 +50,7 @@
import org.hisp.dhis.user.UserSettingService;
import org.springframework.util.StringUtils;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
+import com.opensymphony.xwork2.Action;
/**
* @author Torgeir Lorange Ostby
@@ -191,9 +192,6 @@
public String execute()
throws Exception
{
- UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService
- .getCurrentUser().getUserCredentials() : null;
-
// ---------------------------------------------------------------------
// Prepare values
// ---------------------------------------------------------------------
@@ -236,14 +234,11 @@
for ( String id : selectedList )
{
- UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) );
-
- if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) )
- {
- userAuthorityGroups.add( group );
- }
+ userAuthorityGroups.add( userService.getUserAuthorityGroup( Integer.parseInt( id ) ) );
}
+ userService.canIssueFilter( userAuthorityGroups );
+
userCredentials.setUserAuthorityGroups( userAuthorityGroups );
if ( rawPassword != null )
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2014-01-17 03:48:57 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2014-03-23 18:26:50 +0000
@@ -12,7 +12,6 @@
<property name="passwordManager" ref="org.hisp.dhis.security.PasswordManager" />
<property name="selectionTreeManager" ref="org.hisp.dhis.oust.manager.SelectionTreeManager" />
<property name="selectionManager" ref="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
- <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
<property name="attributeService" ref="org.hisp.dhis.attribute.AttributeService" />
</bean>
@@ -31,12 +30,10 @@
scope="prototype">
<property name="userService" ref="org.hisp.dhis.user.UserService" />
<property name="selectionManager" ref="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
- <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
</bean>
<bean id="org.hisp.dhis.user.action.GetUserListAction" class="org.hisp.dhis.user.action.GetUserListAction" scope="prototype">
<property name="userService" ref="org.hisp.dhis.user.UserService" />
- <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
</bean>
<bean id="org.hisp.dhis.user.action.RemoveUserAction" class="org.hisp.dhis.user.action.RemoveUserAction" scope="prototype">
@@ -62,7 +59,6 @@
<property name="selectionTreeManager" ref="org.hisp.dhis.oust.manager.SelectionTreeManager" />
<property name="selectionManager" ref="org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager" />
<property name="userService" ref="org.hisp.dhis.user.UserService" />
- <property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
<property name="attributeService" ref="org.hisp.dhis.attribute.AttributeService" />
<property name="i18nService" ref="org.hisp.dhis.i18n.I18nService" />
<property name="localeManager" ref="org.hisp.dhis.i18n.locale.LocaleManager" />
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/allUser.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/allUser.vm 2014-02-04 09:58:35 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/allUser.vm 2014-03-23 18:26:50 +0000
@@ -10,7 +10,7 @@
var i18n_username = '$encoder.jsEscape( $i18n.getString( "username" ) , "'")';
var i18n_name = '$encoder.jsEscape( $i18n.getString( "name" ) , "'")';
var i18n_operations = '$encoder.jsEscape( $i18n.getString( "operations" ) , "'")';
- var currentUserName = '$currentUserName';
+ var currentUserName = '$currentUsername';
</script>
<h3>$i18n.getString( "user_management" ) #openHelp( "user_management" )</h3>
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/responseUsers.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/responseUsers.vm 2010-10-05 11:04:35 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/responseUsers.vm 2014-03-23 18:26:50 +0000
@@ -11,5 +11,5 @@
<numberOrgunit>$userCredentials.user.organisationUnits.size()</numberOrgunit>
</user>
#end
- <currentUserName>$currentUserName</currentUserName>
+ <currentUserName>$currentUsername</currentUserName>
</users>
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/user.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/user.vm 2014-02-04 09:58:35 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/user.vm 2014-03-23 18:26:50 +0000
@@ -10,7 +10,7 @@
var i18n_username = '$encoder.jsEscape( $i18n.getString( "username" ) , "'")';
var i18n_name = '$encoder.jsEscape( $i18n.getString( "name" ) , "'")';
var i18n_operations = '$encoder.jsEscape( $i18n.getString( "operations" ) , "'")';
- var currentUserName = '$currentUserName';
+ var currentUserName = '$currentUsername';
</script>
<h3>$i18n.getString( "user_management" ) #openHelp( "user_by_org_unit" )</h3>
@@ -44,7 +44,7 @@
<tr id="tr${userCredentials.id}" data-id="$!userCredentials.id" data-uid="$!userCredentials.uid" data-type="UserCredentials" data-name="$encoder.htmlEncode( $!userCredentials.displayName )"
data-can-manage="$security.canManage( $userCredentials )"
data-can-update="$security.canUpdate( $userCredentials )"
- data-can-delete="#if( $currentUserName != $userCredentials.username )true#{else}false#end">
+ data-can-delete="#if( $currentUsername != $userCredentials.username )true#{else}false#end">
<td>$encoder.htmlEncode( $!userCredentials.username )</td>
<td>$encoder.htmlEncode( $!userCredentials.displayName )</td>
</tr>
