dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28833
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14469: minor fixes to aclService
------------------------------------------------------------
revno: 14469
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-03-27 07:07:15 +0100
message:
minor fixes to aclService
removed:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java
added:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
modified:
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java
dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java
dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java 2014-03-27 05:13:32 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java 1970-01-01 00:00:00 +0000
@@ -1,152 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2014, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.user.User;
-
-import java.util.Arrays;
-import java.util.List;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public interface AccessControlService
-{
- public static final List<String> SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" );
-
- boolean isSupported( String type );
-
- boolean isSupported( Class<?> klass );
-
- boolean isShareable( Class<?> klass );
-
- /**
- * Can user write to this object (create)
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Is the user for the object null?
- * 3. Is the user of the object equal to current user?
- * 4. Is the object public write?
- * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
- *
- * @param user User to check against
- * @param object Object to check
- * @return Result of test
- */
- boolean canWrite( User user, IdentifiableObject object );
-
- /**
- * Can user read this object
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Is the user for the object null?
- * 3. Is the user of the object equal to current user?
- * 4. Is the object public read?
- * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
- *
- * @param user User to check against
- * @param object Object to check
- * @return Result of test
- */
- boolean canRead( User user, IdentifiableObject object );
-
- /**
- * Can user update this object
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Can user write to this object?
- *
- * @param user User to check against
- * @param object Object to check
- * @return Result of test
- */
- boolean canUpdate( User user, IdentifiableObject object );
-
- /**
- * Can user delete this object
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Can user write to this object?
- *
- * @param user User to check against
- * @param object Object to check
- * @return Result of test
- */
- boolean canDelete( User user, IdentifiableObject object );
-
- /**
- * Can user manage (make public) this object
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Can user write to this object?
- *
- * @param user User to check against
- * @param object Object to check
- * @return Result of test
- */
- boolean canManage( User user, IdentifiableObject object );
-
- /**
- * Checks if a user can create a public instance of a certain object.
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Does user have the authority to create public instances of that object
- *
- * @param user User to check against
- * @param klass Class to check
- * @return Result of test
- */
- <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass );
-
- /**
- * Checks if a user can create a private instance of a certain object.
- * <p/>
- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
- * 2. Does user have the authority to create private instances of that object
- *
- * @param user User to check against
- * @param klass Class to check
- * @return Result of test
- */
- <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass );
-
- /**
- * Can user make this object external? (read with no login)
- *
- * @param user User to check against
- * @param klass Type to check
- * @return Result of test
- */
- <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass );
-
- <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass );
-
- Class<? extends IdentifiableObject> classForType( String type );
-}
=== added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 2014-03-27 06:07:15 +0000
@@ -0,0 +1,154 @@
+package org.hisp.dhis.acl;
+
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.user.User;
+
+import java.util.Arrays;
+import java.util.List;
+
+/**
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public interface AclService
+{
+ public static final List<String> SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" );
+
+ boolean isSupported( String type );
+
+ boolean isSupported( Class<?> klass );
+
+ boolean isShareable( String type );
+
+ boolean isShareable( Class<?> klass );
+
+ /**
+ * Can user write to this object (create)
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Is the user for the object null?
+ * 3. Is the user of the object equal to current user?
+ * 4. Is the object public write?
+ * 5. Does any of the userGroupAccesses contain public write and the current user is in that group
+ *
+ * @param user User to check against
+ * @param object Object to check
+ * @return Result of test
+ */
+ boolean canWrite( User user, IdentifiableObject object );
+
+ /**
+ * Can user read this object
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Is the user for the object null?
+ * 3. Is the user of the object equal to current user?
+ * 4. Is the object public read?
+ * 5. Does any of the userGroupAccesses contain public read and the current user is in that group
+ *
+ * @param user User to check against
+ * @param object Object to check
+ * @return Result of test
+ */
+ boolean canRead( User user, IdentifiableObject object );
+
+ /**
+ * Can user update this object
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Can user write to this object?
+ *
+ * @param user User to check against
+ * @param object Object to check
+ * @return Result of test
+ */
+ boolean canUpdate( User user, IdentifiableObject object );
+
+ /**
+ * Can user delete this object
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Can user write to this object?
+ *
+ * @param user User to check against
+ * @param object Object to check
+ * @return Result of test
+ */
+ boolean canDelete( User user, IdentifiableObject object );
+
+ /**
+ * Can user manage (make public) this object
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Can user write to this object?
+ *
+ * @param user User to check against
+ * @param object Object to check
+ * @return Result of test
+ */
+ boolean canManage( User user, IdentifiableObject object );
+
+ /**
+ * Checks if a user can create a public instance of a certain object.
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Does user have the authority to create public instances of that object
+ *
+ * @param user User to check against
+ * @param klass Class to check
+ * @return Result of test
+ */
+ <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass );
+
+ /**
+ * Checks if a user can create a private instance of a certain object.
+ * <p/>
+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority?
+ * 2. Does user have the authority to create private instances of that object
+ *
+ * @param user User to check against
+ * @param klass Class to check
+ * @return Result of test
+ */
+ <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass );
+
+ /**
+ * Can user make this object external? (read with no login)
+ *
+ * @param user User to check against
+ * @param klass Type to check
+ * @return Result of test
+ */
+ <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass );
+
+ <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass );
+
+ Class<? extends IdentifiableObject> classForType( String type );
+}
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java 2014-03-27 06:07:15 +0000
@@ -28,6 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.BaseAnalyticalObject;
import org.hisp.dhis.common.DimensionService;
import org.hisp.dhis.common.DimensionType;
@@ -56,7 +57,6 @@
import org.hisp.dhis.period.PeriodType;
import org.hisp.dhis.period.RelativePeriodEnum;
import org.hisp.dhis.period.RelativePeriods;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.system.util.UniqueArrayList;
import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
import org.hisp.dhis.trackedentity.TrackedEntityAttributeDimension;
@@ -100,7 +100,7 @@
private DataElementService dataElementService;
@Autowired
- private AccessControlService accessControlService;
+ private AclService aclService;
@Autowired
private CurrentUserService currentUserService;
@@ -169,7 +169,7 @@
for ( NameableObject item : dimension.getItems() )
{
- boolean canRead = accessControlService.canRead( user, item );
+ boolean canRead = aclService.canRead( user, item );
if ( canRead )
{
=== removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java 2014-03-27 05:13:32 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java 1970-01-01 00:00:00 +0000
@@ -1,284 +0,0 @@
-package org.hisp.dhis.acl;
-
-/*
- * Copyright (c) 2004-2014, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- *
- * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import org.hisp.dhis.common.IdentifiableObject;
-import org.hisp.dhis.dashboard.Dashboard;
-import org.hisp.dhis.schema.AuthorityType;
-import org.hisp.dhis.schema.Schema;
-import org.hisp.dhis.schema.SchemaService;
-import org.hisp.dhis.user.User;
-import org.hisp.dhis.user.UserGroup;
-import org.hisp.dhis.user.UserGroupAccess;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-
-import static org.springframework.util.CollectionUtils.containsAny;
-
-/**
- * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
- */
-public class DefaultAccessControlService implements AccessControlService
-{
- @Autowired
- private SchemaService schemaService;
-
- @Override
- public boolean isSupported( String type )
- {
- Schema schema = schemaService.getSchemaBySingularName( type );
- return schema != null && schema.isShareable();
- }
-
- @Override
- public boolean isSupported( Class<?> klass )
- {
- Schema schema = schemaService.getSchema( klass );
- return schema != null && schema.isShareable();
- }
-
- @Override
- public boolean isShareable( Class<?> klass )
- {
- Schema schema = schemaService.getSchema( klass );
- return schema != null && schema.isShareable();
- }
-
- @Override
- public boolean canWrite( User user, IdentifiableObject object )
- {
- Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
- if ( haveOverrideAuthority( user )
- || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
- || (user != null && user.equals( object.getUser() ))
- //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
- || ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
- || AccessStringHelper.canWrite( object.getPublicAccess() ) )
- {
- return true;
- }
-
- for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
- {
- if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
- && userGroupAccess.getUserGroup().getMembers().contains( user ) )
- {
- return true;
- }
- }
-
- return false;
- }
-
- @Override
- public boolean canRead( User user, IdentifiableObject object )
- {
- Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- if ( haveOverrideAuthority( user )
- || UserGroup.class.isAssignableFrom( object.getClass() )
- || object.getUser() == null
- || user.equals( object.getUser() )
- || AccessStringHelper.canRead( object.getPublicAccess() ) )
- {
- return true;
- }
-
- for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
- {
- if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
- && userGroupAccess.getUserGroup().getMembers().contains( user ) )
- {
- return true;
- }
- }
-
- return false;
- }
-
- @Override
- public boolean canUpdate( User user, IdentifiableObject object )
- {
- Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() )
- {
- return canWrite( user, object );
- }
-
- return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
- }
-
- @Override
- public boolean canDelete( User user, IdentifiableObject object )
- {
- Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() )
- {
- return canWrite( user, object );
- }
-
- return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
- }
-
- private boolean canAccess( User user, Collection<String> requiredAuthorities )
- {
- Set<String> userAuthorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-
- return user == null || containsAny( userAuthorities, SHARING_OVERRIDE_AUTHORITIES ) ||
- containsAny( userAuthorities, requiredAuthorities );
- }
-
- @Override
- public boolean canManage( User user, IdentifiableObject object )
- {
- Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- if ( haveOverrideAuthority( user )
- || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
- || user.equals( object.getUser() )
- || AccessStringHelper.canWrite( object.getPublicAccess() ) )
- {
- return true;
- }
-
- for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
- {
- if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
- && userGroupAccess.getUserGroup().getMembers().contains( user ) )
- {
- return true;
- }
- }
-
- return false;
- }
-
- @Override
- public <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass )
- {
- Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-
- Schema schema = schemaService.getSchema( klass );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) );
- }
-
- @Override
- public <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass )
- {
- Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-
- Schema schema = schemaService.getSchema( klass );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) );
- }
-
- @Override
- public <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass )
- {
- Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
-
- Schema schema = schemaService.getSchema( klass );
-
- if ( schema == null || !schema.isShareable() )
- {
- return false;
- }
-
- return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) );
- }
-
- @Override
- public <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass )
- {
- // TODO this is quite nasty, should probably be added to schema
- return !Dashboard.class.isAssignableFrom( klass );
- }
-
- @Override
- @SuppressWarnings( "unchecked" )
- public Class<? extends IdentifiableObject> classForType( String type )
- {
- Schema schema = schemaService.getSchemaBySingularName( type );
-
- if ( schema != null && schema.isShareable() && schema.isIdentifiableObject() )
- {
- return (Class<? extends IdentifiableObject>) schema.getKlass();
- }
-
- return null;
- }
-
- private boolean haveOverrideAuthority( User user )
- {
- return user == null || containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES );
- }
-}
=== added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 06:07:15 +0000
@@ -0,0 +1,290 @@
+package org.hisp.dhis.acl;
+
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.dashboard.Dashboard;
+import org.hisp.dhis.schema.AuthorityType;
+import org.hisp.dhis.schema.Schema;
+import org.hisp.dhis.schema.SchemaService;
+import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserGroup;
+import org.hisp.dhis.user.UserGroupAccess;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.springframework.util.CollectionUtils.containsAny;
+
+/**
+ * Default ACL implementation that uses SchemaDescriptors to get authorities / sharing flags.
+ *
+ * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
+ */
+public class DefaultAclService implements AclService
+{
+ @Autowired
+ private SchemaService schemaService;
+
+ @Override
+ public boolean isSupported( String type )
+ {
+ Schema schema = schemaService.getSchemaBySingularName( type );
+ return schema != null && schema.isShareable();
+ }
+
+ @Override
+ public boolean isSupported( Class<?> klass )
+ {
+ Schema schema = schemaService.getSchema( klass );
+ return schema != null && schema.isShareable();
+ }
+
+ @Override
+ public boolean isShareable( String type )
+ {
+ Schema schema = schemaService.getSchemaBySingularName( type );
+ return schema != null && schema.isShareable();
+ }
+
+ @Override
+ public boolean isShareable( Class<?> klass )
+ {
+ Schema schema = schemaService.getSchema( klass );
+ return schema != null && schema.isShareable();
+ }
+
+ @Override
+ public boolean canWrite( User user, IdentifiableObject object )
+ {
+ Schema schema = schemaService.getSchema( object.getClass() );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
+ if ( haveOverrideAuthority( user )
+ || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
+ || (user != null && user.equals( object.getUser() ))
+ //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
+ || ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
+ || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+ {
+ return true;
+ }
+
+ for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+ {
+ if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+ && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ @Override
+ public boolean canRead( User user, IdentifiableObject object )
+ {
+ Schema schema = schemaService.getSchema( object.getClass() );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ if ( haveOverrideAuthority( user )
+ || UserGroup.class.isAssignableFrom( object.getClass() )
+ || object.getUser() == null
+ || user.equals( object.getUser() )
+ || AccessStringHelper.canRead( object.getPublicAccess() ) )
+ {
+ return true;
+ }
+
+ for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+ {
+ if ( AccessStringHelper.canRead( userGroupAccess.getAccess() )
+ && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ @Override
+ public boolean canUpdate( User user, IdentifiableObject object )
+ {
+ Schema schema = schemaService.getSchema( object.getClass() );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() )
+ {
+ return canWrite( user, object );
+ }
+
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
+ }
+
+ @Override
+ public boolean canDelete( User user, IdentifiableObject object )
+ {
+ Schema schema = schemaService.getSchema( object.getClass() );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() )
+ {
+ return canWrite( user, object );
+ }
+
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
+ }
+
+ @Override
+ public boolean canManage( User user, IdentifiableObject object )
+ {
+ Schema schema = schemaService.getSchema( object.getClass() );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ if ( haveOverrideAuthority( user )
+ || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
+ || user.equals( object.getUser() )
+ || AccessStringHelper.canWrite( object.getPublicAccess() ) )
+ {
+ return true;
+ }
+
+ for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() )
+ {
+ if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() )
+ && userGroupAccess.getUserGroup().getMembers().contains( user ) )
+ {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ @Override
+ public <T extends IdentifiableObject> boolean canCreatePublic( User user, Class<T> klass )
+ {
+ Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
+
+ Schema schema = schemaService.getSchema( klass );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) );
+ }
+
+ @Override
+ public <T extends IdentifiableObject> boolean canCreatePrivate( User user, Class<T> klass )
+ {
+ Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
+
+ Schema schema = schemaService.getSchema( klass );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) );
+ }
+
+ @Override
+ public <T extends IdentifiableObject> boolean canExternalize( User user, Class<T> klass )
+ {
+ Set<String> authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet<String>();
+
+ Schema schema = schemaService.getSchema( klass );
+
+ if ( schema == null || !schema.isShareable() )
+ {
+ return false;
+ }
+
+ return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) );
+ }
+
+ @Override
+ public <T extends IdentifiableObject> boolean defaultPublic( Class<T> klass )
+ {
+ // TODO this is quite nasty, should probably be added to schema
+ return !Dashboard.class.isAssignableFrom( klass );
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public Class<? extends IdentifiableObject> classForType( String type )
+ {
+ Schema schema = schemaService.getSchemaBySingularName( type );
+
+ if ( schema != null && schema.isShareable() && schema.isIdentifiableObject() )
+ {
+ return (Class<? extends IdentifiableObject>) schema.getKlass();
+ }
+
+ return null;
+ }
+
+ private boolean haveOverrideAuthority( User user )
+ {
+ return user == null || containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES );
+ }
+
+ private boolean canAccess( User user, Collection<String> requiredAuthorities )
+ {
+ return haveOverrideAuthority( user ) || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
+ }
+}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-03-27 06:07:15 +0000
@@ -30,12 +30,12 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.CodeGenerator;
import org.hisp.dhis.common.IdentifiableObject;
import org.hisp.dhis.message.MessageSender;
import org.hisp.dhis.period.Cal;
import org.hisp.dhis.setting.SystemSettingManager;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.system.util.ValidationUtils;
import org.hisp.dhis.system.velocity.VelocityManager;
import org.hisp.dhis.user.CurrentUserService;
@@ -104,7 +104,7 @@
private CurrentUserService currentUserService;
@Autowired
- private AccessControlService accessControlService;
+ private AclService aclService;
// -------------------------------------------------------------------------
// SecurityService implementation
@@ -289,67 +289,67 @@
@Override
public boolean canCreatePublic( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canCreatePublic( currentUserService.getCurrentUser(), identifiableObject.getClass() );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canCreatePublic( currentUserService.getCurrentUser(), identifiableObject.getClass() );
}
@Override
public boolean canCreatePublic( String type )
{
- Class<? extends IdentifiableObject> klass = accessControlService.classForType( type );
+ Class<? extends IdentifiableObject> klass = aclService.classForType( type );
- return !accessControlService.isSupported( klass )
- || accessControlService.canCreatePublic( currentUserService.getCurrentUser(), klass );
+ return !aclService.isSupported( klass )
+ || aclService.canCreatePublic( currentUserService.getCurrentUser(), klass );
}
@Override
public boolean canCreatePrivate( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canCreatePrivate( currentUserService.getCurrentUser(), identifiableObject.getClass() );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canCreatePrivate( currentUserService.getCurrentUser(), identifiableObject.getClass() );
}
@Override
public boolean canCreatePrivate( String type )
{
- Class<? extends IdentifiableObject> klass = accessControlService.classForType( type );
+ Class<? extends IdentifiableObject> klass = aclService.classForType( type );
- return !accessControlService.isSupported( klass )
- || accessControlService.canCreatePrivate( currentUserService.getCurrentUser(), klass );
+ return !aclService.isSupported( klass )
+ || aclService.canCreatePrivate( currentUserService.getCurrentUser(), klass );
}
@Override
public boolean canRead( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canRead( currentUserService.getCurrentUser(), identifiableObject );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canRead( currentUserService.getCurrentUser(), identifiableObject );
}
@Override
public boolean canWrite( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canWrite( currentUserService.getCurrentUser(), identifiableObject );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canWrite( currentUserService.getCurrentUser(), identifiableObject );
}
@Override
public boolean canUpdate( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canUpdate( currentUserService.getCurrentUser(), identifiableObject );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canUpdate( currentUserService.getCurrentUser(), identifiableObject );
}
@Override
public boolean canDelete( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canDelete( currentUserService.getCurrentUser(), identifiableObject );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canDelete( currentUserService.getCurrentUser(), identifiableObject );
}
@Override
public boolean canManage( IdentifiableObject identifiableObject )
{
- return !accessControlService.isSupported( identifiableObject.getClass() )
- || accessControlService.canManage( currentUserService.getCurrentUser(), identifiableObject );
+ return !aclService.isSupported( identifiableObject.getClass() )
+ || aclService.canManage( currentUserService.getCurrentUser(), identifiableObject );
}
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-27 06:07:15 +0000
@@ -11,7 +11,7 @@
<bean id="org.hisp.dhis.schema.PropertyIntrospectorService" class="org.hisp.dhis.schema.DefaultPropertyIntrospectorService" />
- <bean id="org.hisp.dhis.acl.AccessControlService" class="org.hisp.dhis.acl.DefaultAccessControlService" />
+ <bean id="org.hisp.dhis.acl.AclService" class="org.hisp.dhis.acl.DefaultAclService" />
<!-- Store definitions -->
=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-03-27 06:07:15 +0000
@@ -31,6 +31,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.hibernate.SessionFactory;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.attribute.Attribute;
import org.hisp.dhis.attribute.AttributeService;
import org.hisp.dhis.attribute.AttributeValue;
@@ -55,7 +56,6 @@
import org.hisp.dhis.period.Period;
import org.hisp.dhis.period.PeriodService;
import org.hisp.dhis.period.PeriodType;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.system.util.CollectionUtils;
import org.hisp.dhis.system.util.ReflectionUtils;
import org.hisp.dhis.system.util.functional.Function1;
@@ -110,7 +110,7 @@
private SessionFactory sessionFactory;
@Autowired
- private AccessControlService accessControlService;
+ private AclService aclService;
@Autowired( required = false )
private List<ObjectHandler<T>> objectHandlers;
@@ -414,7 +414,7 @@
*/
protected boolean deleteObject( User user, T persistedObject )
{
- if ( !accessControlService.canDelete( user, persistedObject ) )
+ if ( !aclService.canDelete( user, persistedObject ) )
{
summaryType.getImportConflicts().add(
new ImportConflict( ImportUtils.getDisplayName( persistedObject ), "You do not have delete access to class type." ) );
@@ -452,7 +452,7 @@
*/
protected boolean newObject( User user, T object )
{
- if ( !accessControlService.canCreatePublic( user, object.getClass() ) && !accessControlService.canCreatePrivate( user, object.getClass() ) )
+ if ( !aclService.canCreatePublic( user, object.getClass() ) && !aclService.canCreatePrivate( user, object.getClass() ) )
{
summaryType.getImportConflicts().add(
new ImportConflict( ImportUtils.getDisplayName( object ), "You do not have create access to class type." ) );
@@ -536,7 +536,7 @@
*/
protected boolean updateObject( User user, T object, T persistedObject )
{
- if ( !accessControlService.canUpdate( user, persistedObject ) )
+ if ( !aclService.canUpdate( user, persistedObject ) )
{
summaryType.getImportConflicts().add(
new ImportConflict( ImportUtils.getDisplayName( object ), "You do not have update access to object." ) );
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 06:07:15 +0000
@@ -36,6 +36,7 @@
import org.hibernate.Session;
import org.hibernate.SessionFactory;
import org.hibernate.criterion.Criterion;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.AuditLogUtil;
import org.hisp.dhis.common.BaseIdentifiableObject;
import org.hisp.dhis.common.GenericStore;
@@ -46,7 +47,6 @@
import org.hisp.dhis.hibernate.exception.ReadAccessDeniedException;
import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
import org.hisp.dhis.interpretation.Interpretation;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.acl.AccessStringHelper;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.UserGroupAccess;
@@ -85,7 +85,7 @@
protected CurrentUserService currentUserService;
@Autowired
- protected AccessControlService accessControlService;
+ protected AclService aclService;
protected Class<T> clazz;
@@ -227,7 +227,7 @@
@Override
public int save( T object )
{
- if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && accessControlService.isSupported( clazz ) )
+ if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && aclService.isSupported( clazz ) )
{
BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
@@ -240,9 +240,9 @@
identifiableObject.setUser( currentUserService.getCurrentUser() );
}
- if ( accessControlService.canCreatePublic( currentUserService.getCurrentUser(), identifiableObject.getClass() ) )
+ if ( aclService.canCreatePublic( currentUserService.getCurrentUser(), identifiableObject.getClass() ) )
{
- if ( accessControlService.defaultPublic( identifiableObject.getClass() ) )
+ if ( aclService.defaultPublic( identifiableObject.getClass() ) )
{
String build = AccessStringHelper.newInstance()
.enable( AccessStringHelper.Permission.READ )
@@ -257,7 +257,7 @@
identifiableObject.setPublicAccess( build );
}
}
- else if ( accessControlService.canCreatePrivate( currentUserService.getCurrentUser(), identifiableObject.getClass() ) )
+ else if ( aclService.canCreatePrivate( currentUserService.getCurrentUser(), identifiableObject.getClass() ) )
{
identifiableObject.setPublicAccess( AccessStringHelper.newInstance().build() );
}
@@ -400,8 +400,8 @@
protected boolean sharingEnabled()
{
- boolean enabled = forceAcl() || (accessControlService.isSupported( clazz ) && !(currentUserService.getCurrentUser() == null ||
- CollectionUtils.containsAny( currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities(), AccessControlService.SHARING_OVERRIDE_AUTHORITIES )));
+ boolean enabled = forceAcl() || (aclService.isSupported( clazz ) && !(currentUserService.getCurrentUser() == null ||
+ CollectionUtils.containsAny( currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities(), AclService.SHARING_OVERRIDE_AUTHORITIES )));
return enabled;
}
@@ -414,7 +414,7 @@
if ( sharingEnabled() )
{
- return accessControlService.canRead( currentUserService.getCurrentUser(), idObject );
+ return aclService.canRead( currentUserService.getCurrentUser(), idObject );
}
}
@@ -429,7 +429,7 @@
if ( sharingEnabled() )
{
- return accessControlService.canWrite( currentUserService.getCurrentUser(), idObject );
+ return aclService.canWrite( currentUserService.getCurrentUser(), idObject );
}
}
@@ -442,9 +442,9 @@
{
IdentifiableObject idObject = (IdentifiableObject) object;
- if ( accessControlService.isSupported( clazz ) )
+ if ( aclService.isSupported( clazz ) )
{
- return accessControlService.canUpdate( currentUserService.getCurrentUser(), idObject );
+ return aclService.canUpdate( currentUserService.getCurrentUser(), idObject );
}
}
@@ -457,9 +457,9 @@
{
IdentifiableObject idObject = (IdentifiableObject) object;
- if ( accessControlService.isSupported( clazz ) )
+ if ( aclService.isSupported( clazz ) )
{
- return accessControlService.canDelete( currentUserService.getCurrentUser(), idObject );
+ return aclService.canDelete( currentUserService.getCurrentUser(), idObject );
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 06:07:15 +0000
@@ -38,6 +38,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.api.controller.exception.NotFoundException;
import org.hisp.dhis.api.utils.WebUtils;
import org.hisp.dhis.common.BaseIdentifiableObject;
@@ -52,7 +53,6 @@
import org.hisp.dhis.schema.Schema;
import org.hisp.dhis.schema.SchemaService;
import org.hisp.dhis.acl.Access;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.system.util.ReflectionUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -89,7 +89,7 @@
protected FilterService filterService;
@Autowired
- protected AccessControlService accessControlService;
+ protected AclService aclService;
@Autowired
protected SchemaService schemaService;
@@ -233,7 +233,7 @@
WebUtils.generateLinks( entity );
}
- if ( accessControlService.isSupported( getEntityClass() ) )
+ if ( aclService.isSupported( getEntityClass() ) )
{
addAccessProperties( entity );
}
@@ -372,12 +372,12 @@
protected void addAccessProperties( T object )
{
Access access = new Access();
- access.setManage( accessControlService.canManage( currentUserService.getCurrentUser(), object ) );
- access.setExternalize( accessControlService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) );
- access.setWrite( accessControlService.canWrite( currentUserService.getCurrentUser(), object ) );
- access.setRead( accessControlService.canRead( currentUserService.getCurrentUser(), object ) );
- access.setUpdate( accessControlService.canUpdate( currentUserService.getCurrentUser(), object ) );
- access.setDelete( accessControlService.canDelete( currentUserService.getCurrentUser(), object ) );
+ access.setManage( aclService.canManage( currentUserService.getCurrentUser(), object ) );
+ access.setExternalize( aclService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) );
+ access.setWrite( aclService.canWrite( currentUserService.getCurrentUser(), object ) );
+ access.setRead( aclService.canRead( currentUserService.getCurrentUser(), object ) );
+ access.setUpdate( aclService.canUpdate( currentUserService.getCurrentUser(), object ) );
+ access.setDelete( aclService.canDelete( currentUserService.getCurrentUser(), object ) );
((BaseIdentifiableObject) object).setAccess( access );
}
@@ -394,7 +394,7 @@
return;
}
- if ( entityList != null && accessControlService.isSupported( getEntityClass() ) )
+ if ( entityList != null && aclService.isSupported( getEntityClass() ) )
{
for ( T object : entityList )
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java 2014-03-27 06:07:15 +0000
@@ -30,6 +30,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.api.utils.ContextUtils;
import org.hisp.dhis.api.webdomain.sharing.Sharing;
import org.hisp.dhis.api.webdomain.sharing.SharingUserGroupAccess;
@@ -38,7 +39,6 @@
import org.hisp.dhis.common.IdentifiableObject;
import org.hisp.dhis.common.IdentifiableObjectManager;
import org.hisp.dhis.dxf2.utils.JacksonUtils;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.acl.AccessStringHelper;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.UserGroup;
@@ -81,18 +81,18 @@
private UserGroupAccessService userGroupAccessService;
@Autowired
- private AccessControlService accessControlService;
+ private AclService aclService;
@RequestMapping( value = "", produces = { "application/json", "text/*" } )
public void getSharing( @RequestParam String type, @RequestParam String id, HttpServletResponse response ) throws IOException
{
- if ( !accessControlService.isSupported( type ) )
+ if ( !aclService.isShareable( type ) )
{
ContextUtils.notFoundResponse( response, "Type " + type + " is not supported." );
return;
}
- Class<? extends IdentifiableObject> klass = accessControlService.classForType( type );
+ Class<? extends IdentifiableObject> klass = aclService.classForType( type );
IdentifiableObject object = manager.get( klass, id );
if ( object == null )
@@ -101,15 +101,15 @@
return;
}
- if ( !accessControlService.canManage( currentUserService.getCurrentUser(), object ) )
+ if ( !aclService.canManage( currentUserService.getCurrentUser(), object ) )
{
throw new AccessDeniedException( "You do not have manage access to this object." );
}
Sharing sharing = new Sharing();
- sharing.getMeta().setAllowPublicAccess( accessControlService.canCreatePublic( currentUserService.getCurrentUser(), object.getClass() ) );
- sharing.getMeta().setAllowExternalAccess( accessControlService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) );
+ sharing.getMeta().setAllowPublicAccess( aclService.canCreatePublic( currentUserService.getCurrentUser(), object.getClass() ) );
+ sharing.getMeta().setAllowExternalAccess( aclService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) );
sharing.getObject().setId( object.getUid() );
sharing.getObject().setName( object.getDisplayName() );
@@ -119,7 +119,7 @@
{
String access;
- if ( accessControlService.canCreatePublic( currentUserService.getCurrentUser(), klass ) )
+ if ( aclService.canCreatePublic( currentUserService.getCurrentUser(), klass ) )
{
access = AccessStringHelper.newInstance().enable( AccessStringHelper.Permission.READ ).enable( AccessStringHelper.Permission.WRITE ).build();
}
@@ -157,7 +157,7 @@
@RequestMapping( value = "", method = { RequestMethod.POST, RequestMethod.PUT }, consumes = "application/json" )
public void setSharing( @RequestParam String type, @RequestParam String id, HttpServletResponse response, HttpServletRequest request ) throws IOException
{
- BaseIdentifiableObject object = (BaseIdentifiableObject) manager.get( accessControlService.classForType( type ), id );
+ BaseIdentifiableObject object = (BaseIdentifiableObject) manager.get( aclService.classForType( type ), id );
if ( object == null )
{
@@ -165,7 +165,7 @@
return;
}
- if ( !accessControlService.canManage( currentUserService.getCurrentUser(), object ) )
+ if ( !aclService.canManage( currentUserService.getCurrentUser(), object ) )
{
throw new AccessDeniedException( "You do not have manage access to this object." );
}
@@ -173,13 +173,13 @@
Sharing sharing = JacksonUtils.fromJson( request.getInputStream(), Sharing.class );
// Ignore externalAccess if user is not allowed to make objects external
- if ( accessControlService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) )
+ if ( aclService.canExternalize( currentUserService.getCurrentUser(), object.getClass() ) )
{
object.setExternalAccess( sharing.getObject().hasExternalAccess() );
}
// Ignore publicAccess if user is not allowed to make objects public
- if ( accessControlService.canCreatePublic( currentUserService.getCurrentUser(), object.getClass() ) )
+ if ( aclService.canCreatePublic( currentUserService.getCurrentUser(), object.getClass() ) )
{
object.setPublicAccess( sharing.getObject().getPublicAccess() );
}
=== modified file 'dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java'
--- dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java 2014-03-27 04:44:41 +0000
+++ dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java 2014-03-27 06:07:15 +0000
@@ -29,6 +29,7 @@
*/
import com.opensymphony.xwork2.Action;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.ListMap;
import org.hisp.dhis.common.comparator.IdentifiableObjectNameComparator;
import org.hisp.dhis.dataelement.DataElement;
@@ -44,7 +45,6 @@
import org.hisp.dhis.indicator.IndicatorService;
import org.hisp.dhis.organisationunit.OrganisationUnitDataSetAssociationSet;
import org.hisp.dhis.organisationunit.OrganisationUnitService;
-import org.hisp.dhis.acl.AccessControlService;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.springframework.beans.factory.annotation.Autowired;
@@ -117,7 +117,7 @@
}
@Autowired
- protected AccessControlService accessControlService;
+ protected AclService aclService;
// -------------------------------------------------------------------------
// Output
@@ -272,7 +272,7 @@
{
for ( DataElementCategoryOption categoryOption : category.getCategoryOptions() )
{
- if ( accessControlService.canRead( user, categoryOption ) )
+ if ( aclService.canRead( user, categoryOption ) )
{
categoryOptionMap.putValue( category.getUid(), categoryOption );
}