dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28841
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14473: for update, delete check for sharing, require auth + sharing if sharing is enabled, only require a...
------------------------------------------------------------
revno: 14473
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-03-27 09:38:49 +0100
message:
for update,delete check for sharing, require auth + sharing if sharing is enabled, only require auth if sharing is not enabled
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 08:25:39 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 08:38:49 +0000
@@ -151,17 +151,17 @@
{
Schema schema = schemaService.getSchema( object.getClass() );
- if ( schema == null || !schema.isShareable() )
+ if ( schema == null )
{
return false;
}
- if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() )
+ if ( schema.isShareable() )
{
- return canWrite( user, object );
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
}
- return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) );
}
@Override
@@ -169,17 +169,17 @@
{
Schema schema = schemaService.getSchema( object.getClass() );
- if ( schema == null || !schema.isShareable() )
+ if ( schema == null )
{
return false;
}
- if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() )
+ if ( schema.isShareable() )
{
- return canWrite( user, object );
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
}
- return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) );
}
@Override
@@ -193,8 +193,8 @@
}
if ( haveOverrideAuthority( user )
+ || user.equals( object.getUser() )
|| (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
- || user.equals( object.getUser() )
|| AccessStringHelper.canWrite( object.getPublicAccess() ) )
{
return true;
@@ -262,6 +262,6 @@
private boolean canAccess( User user, Collection<String> requiredAuthorities )
{
- return haveOverrideAuthority( user ) || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
+ return haveOverrideAuthority( user ) || requiredAuthorities.isEmpty() || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
}
}
