dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28844
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14474: aclService: if sharing is not enabled for type, fall back to checking only auths
------------------------------------------------------------
revno: 14474
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-03-27 10:08:59 +0100
message:
aclService: if sharing is not enabled for type, fall back to checking only auths
modified:
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 08:38:49 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 09:08:59 +0000
@@ -85,16 +85,19 @@
{
Schema schema = schemaService.getSchema( object.getClass() );
- if ( schema == null || !schema.isShareable() )
+ if ( schema == null )
{
return false;
}
- //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import
+ if ( !schema.isShareable() )
+ {
+ return canAccess( user, schema.getAuthorityByType( AuthorityType.CREATE ) );
+ }
+
if ( haveOverrideAuthority( user )
|| (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
|| (user != null && user.equals( object.getUser() ))
- //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) )
|| ((object instanceof User) && canCreatePrivate( user, object.getClass() ))
|| AccessStringHelper.canWrite( object.getPublicAccess() ) )
{
@@ -119,11 +122,19 @@
{
Schema schema = schemaService.getSchema( object.getClass() );
- if ( schema == null || !schema.isShareable() )
+ if ( schema == null )
{
return false;
}
+ if ( canAccess( user, schema.getAuthorityByType( AuthorityType.READ ) ) )
+ {
+ if ( !schema.isShareable() )
+ {
+ return true;
+ }
+ }
+
if ( haveOverrideAuthority( user )
|| UserGroup.class.isAssignableFrom( object.getClass() )
|| object.getUser() == null
@@ -150,36 +161,14 @@
public boolean canUpdate( User user, IdentifiableObject object )
{
Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null )
- {
- return false;
- }
-
- if ( schema.isShareable() )
- {
- return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
- }
-
- return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) );
+ return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && (!schema.isShareable() || canWrite( user, object ));
}
@Override
public boolean canDelete( User user, IdentifiableObject object )
{
Schema schema = schemaService.getSchema( object.getClass() );
-
- if ( schema == null )
- {
- return false;
- }
-
- if ( schema.isShareable() )
- {
- return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
- }
-
- return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) );
+ return schema != null && canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && (!schema.isShareable() || canWrite( user, object ));
}
@Override
