← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14474: aclService: if sharing is not enabled for type, fall back to checking only auths

 

------------------------------------------------------------
revno: 14474
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-03-27 10:08:59 +0100
message:
  aclService: if sharing is not enabled for type, fall back to checking only auths
modified:
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 08:38:49 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 09:08:59 +0000
@@ -85,16 +85,19 @@
     {
         Schema schema = schemaService.getSchema( object.getClass() );
 
-        if ( schema == null || !schema.isShareable() )
+        if ( schema == null )
         {
             return false;
         }
 
-        //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
+        if ( !schema.isShareable() )
+        {
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
+        }
+
         if ( haveOverrideAuthority( user )
             || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
             || (user != null && user.equals( object.getUser() ))
-            //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
             || ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
             || AccessStringHelper.canWrite( object.getPublicAccess() ) )
         {
@@ -119,11 +122,19 @@
     {
         Schema schema = schemaService.getSchema( object.getClass() );
 
-        if ( schema == null || !schema.isShareable() )
+        if ( schema == null )
         {
             return false;
         }
 
+        if ( canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) ) )
+        {
+            if ( !schema.isShareable() )
+            {
+                return true;
+            }
+        }
+
         if ( haveOverrideAuthority( user )
             || UserGroup.class.isAssignableFrom( object.getClass() )
             || object.getUser() == null
@@ -150,36 +161,14 @@
     public boolean canUpdate( User user, IdentifiableObject object )
     {
         Schema schema = schemaService.getSchema( object.getClass() );
-
-        if ( schema == null )
-        {
-            return false;
-        }
-
-        if ( schema.isShareable() )
-        {
-            return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
-        }
-
-        return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) );
+        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && (!schema.isShareable() || canWrite( user, object ));
     }
 
     @Override
     public boolean canDelete( User user, IdentifiableObject object )
     {
         Schema schema = schemaService.getSchema( object.getClass() );
-
-        if ( schema == null )
-        {
-            return false;
-        }
-
-        if ( schema.isShareable() )
-        {
-            return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
-        }
-
-        return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) );
+        return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && (!schema.isShareable() || canWrite( user, object ));
     }
 
     @Override