← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17573: Remove ONLY_MANAGE_WITHIN_USER_GROUPS feture in anticipation of user group managing relation

 

------------------------------------------------------------
revno: 17573
committer: jimgrace@xxxxxxxxx
branch nick: dhis2
timestamp: Mon 2014-11-24 13:14:38 -0500
message:
  Remove ONLY_MANAGE_WITHIN_USER_GROUPS feture in anticipation of user group managing relation
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java
  dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java
  dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2014-11-18 12:55:20 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2014-11-24 18:14:38 +0000
@@ -91,7 +91,6 @@
     final String KEY_OPENID_PROVIDER = "keyOpenIdProvider";
     final String KEY_OPENID_PROVIDER_LABEL = "keyOpenIdProviderLabel";
     final String KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS = "keyCanGrantOwnUserAuthorityGroups";
-    final String KEY_ONLY_MANAGE_WITHIN_USER_GROUPS = "keyOnlyManageWithinUserGroups";
     final String KEY_HIDE_UNAPPROVED_DATA_IN_ANALYTICS = "keyHideUnapprovedDataInAnalytics";
     final String KEY_ANALYTICS_MAX_LIMIT = "keyAnalyticsMaxLimit";
     final String KEY_CUSTOM_LOGIN_PAGE_LOGO = "keyCustomLoginPageLogo";

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java	2014-10-17 20:57:35 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java	2014-11-24 18:14:38 +0000
@@ -29,7 +29,6 @@
  */
 
 import static org.hisp.dhis.setting.SystemSettingManager.KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS;
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
 
 import java.io.Serializable;
 import java.util.ArrayList;
@@ -680,7 +679,7 @@
     @Override
     public boolean canUpdate( UserCredentials userCredentials )
     {
-        return hasAuthorityToUpdateUser( userCredentials ) && hasGroupsToUpdateUser( userCredentials );
+        return hasAuthorityToUpdateUser( userCredentials );
     }
 
     // -------------------------------------------------------------------------
@@ -819,38 +818,4 @@
         return currentUserCredentials != null && userCredentials != null
                 && currentUserCredentials.canIssueAll( userCredentials.getUserAuthorityGroups(), canGrantOwnUserAuthorityGroups );
     }
-
-    /**
-     * Determines if the current user read/write access to at least one group
-     * to which the user belongs, if this is a requirement on this system
-     * for updating a user.
-     *
-     * @param userCredentials The user to be updated.
-     * @return true if current user has read/write access to a group to which
-     * the user belongs, or if this requirement is not applicable, else false.
-     */
-    private boolean hasGroupsToUpdateUser( UserCredentials userCredentials )
-    {
-        User user = currentUserService.getCurrentUser();
-
-        boolean onlyManageWithinUserGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
-        if ( onlyManageWithinUserGroups && !user.getUserCredentials().getAllAuthorities().contains( UserAuthorityGroup.AUTHORITY_ALL ) )
-        {
-            if ( userCredentials.getUser().getGroups() != null )
-            {
-                for ( UserGroup group : userCredentials.getUser().getGroups() )
-                {
-                    if ( securityService.canWrite( group ) )
-                    {
-                        return true;
-                    }
-                }
-            }
-
-            return false;
-        }
-
-        return true;
-    }
 }

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java	2014-11-24 14:15:14 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java	2014-11-24 18:14:38 +0000
@@ -28,8 +28,6 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
@@ -330,18 +328,12 @@
 
     /**
      * Before adding the user, checks to see that any specified user groups
-     * exist. Also checks to see that user can be created by the current
-     * user, if it is required that the current user have read/write access
-     * to a user group that is assigned to the new user.
+     * exist.
      *
      * @param user user object parsed from the POST request
      */
     private void checkUserGroups( User user )
     {
-        boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
-        boolean writeGroupFound = false;
-
         if ( currentUserService.getCurrentUser() != null && user.getGroups() != null )
         {
             for ( UserGroup ug : user.getGroups() )
@@ -353,19 +345,12 @@
                     throw new CreateAccessDeniedException( "Can't add user: Can't find user group with UID = " + ug.getUid() );
                 }
 
-                if ( writeGroupRequired && securityService.canWrite( group ) )
+                if ( !securityService.canRead( group ) )
                 {
-                    writeGroupFound = true;
-
-                    break;
+                    throw new CreateAccessDeniedException( "Can't add user: Can't read the group with UID = " + ug.getUid() );
                 }
             }
         }
-
-        if ( writeGroupRequired && !writeGroupFound && !currentUserService.currentUserIsSuper() )
-        {
-            throw new CreateAccessDeniedException( "The new user must be assigned to a user group to which you have write access." );
-        }
     }
 
     /**
@@ -377,18 +362,13 @@
     {
         if ( user.getGroups() != null )
         {
-            boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
             for ( UserGroup ug : new ArrayList<>( user.getGroups() ) )
             {
                 UserGroup group = userGroupService.getUserGroup( ug.getUid() );
 
-                if ( group != null && ( !writeGroupRequired || securityService.canRead( group ) ) )
-                {
-                    group.addUser( user );
+                group.addUser( user );
 
-                    userGroupService.updateUserGroup( group );
-                }
+                userGroupService.updateUserGroup( group );
             }
         }
     }

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java	2014-08-15 07:40:20 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java	2014-11-24 18:14:38 +0000
@@ -41,8 +41,6 @@
 import org.hisp.dhis.user.comparator.UserComparator;
 import org.hisp.dhis.util.ContextUtils;
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 /**
  * @author mortenoh
  */
@@ -111,13 +109,6 @@
             users = users.subList( paging.getStartPos(), paging.getEndPos() );
         }
 
-        boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
-        if ( writeGroupRequired )
-        {
-            userService.canUpdateUsersFilter( users );
-        }
-
         return SUCCESS;
     }
 

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2014-11-18 12:55:20 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2014-11-24 18:14:38 +0000
@@ -119,7 +119,6 @@
         map.put( KEY_OPENID_PROVIDER, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER ) );
         map.put( KEY_OPENID_PROVIDER_LABEL, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER_LABEL ) );
         map.put( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false ) );
-        map.put( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ) );
         map.put( KEY_CUSTOM_LOGIN_PAGE_LOGO, systemSettingManager.getSystemSetting( KEY_CUSTOM_LOGIN_PAGE_LOGO, false ) );
         map.put( KEY_CUSTOM_TOP_MENU_LOGO, systemSettingManager.getSystemSetting( KEY_CUSTOM_TOP_MENU_LOGO, false ) );
         map.put( KEY_ANALYTICS_MAINTENANCE_MODE, systemSettingManager.getSystemSetting( KEY_ANALYTICS_MAINTENANCE_MODE, false ) );

=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java	2014-11-12 14:50:59 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java	2014-11-24 18:14:38 +0000
@@ -28,8 +28,6 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 import java.util.ArrayList;
 import java.util.List;
 
@@ -117,8 +115,6 @@
             usersSelected = new ArrayList<>();
         }
 
-        boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
         UserGroup userGroup = new UserGroup( name );
 
         for ( String userUid : usersSelected )
@@ -131,11 +127,6 @@
             }
 
             userGroup.addUser( user );
-
-            if ( writeGroupRequired && !userGroup.getMembers().contains( user) && !userService.canUpdate( user.getUserCredentials() ) )
-            {
-                throw new CreateAccessDeniedException( "- You don't have permission to add all selected users to this group." );
-            }
         }
 
         if ( jsonAttributeValues != null )

=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java	2014-11-12 14:50:59 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java	2014-11-24 18:14:38 +0000
@@ -30,7 +30,6 @@
 
 import com.opensymphony.xwork2.Action;
 import org.hisp.dhis.attribute.AttributeService;
-import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
 import org.hisp.dhis.security.SecurityService;
 import org.hisp.dhis.setting.SystemSettingManager;
 import org.hisp.dhis.system.util.AttributeUtils;
@@ -44,8 +43,6 @@
 import java.util.List;
 import java.util.Set;
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 public class UpdateUserGroupAction
     implements Action
 {
@@ -129,8 +126,6 @@
             usersSelected = new ArrayList<>();
         }
 
-        boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
         UserGroup userGroup = userGroupService.getUserGroup( userGroupId );
 
         Set<User> users = new HashSet<>();
@@ -145,36 +140,6 @@
             }
 
             users.add( user );
-
-            if ( writeGroupRequired && !userGroup.getMembers().contains( user ) && !userService.canUpdate( user.getUserCredentials() ) )
-            {
-                throw new UpdateAccessDeniedException( "You don't have permission to add all selected users to this group" );
-            }
-        }
-
-        if ( writeGroupRequired )
-        {
-            for ( User member : userGroup.getMembers() )
-            {
-                if ( !users.contains( member ) ) // Trying to remove member user from group.
-                {
-                    boolean otherGroupFound = false;
-
-                    for ( UserGroup ug : member.getGroups() )
-                    {
-                        if ( !userGroup.equals( ug ) && securityService.canWrite( ug ) )
-                        {
-                            otherGroupFound = true;
-                            break;
-                        }
-                    }
-
-                    if ( !otherGroupFound )
-                    {
-                        throw new UpdateAccessDeniedException( "You can't remove member who belongs to no other user groups that you control" );
-                    }
-                }
-            }
         }
 
         userGroup.setName( name );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java	2014-10-16 06:17:19 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java	2014-11-24 18:14:38 +0000
@@ -106,13 +106,6 @@
         this.canGrantOwnUserAuthorityGroups = canGrantOwnUserAuthorityGroups;
     }
 
-    private Boolean onlyManageWithinUserGroups;
-
-    public void setOnlyManageWithinUserGroups( Boolean onlyManageWithinUserGroups )
-    {
-        this.onlyManageWithinUserGroups = onlyManageWithinUserGroups;
-    }
-
     private Integer credentialsExpires;
 
     public void setCredentialsExpires( Integer credentialsExpires )
@@ -180,7 +173,6 @@
         systemSettingManager.saveSystemSetting( KEY_ACCOUNT_RECOVERY, accountRecovery );
         systemSettingManager.saveSystemSetting( KEY_ACCOUNT_INVITE, accountInvite );
         systemSettingManager.saveSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, canGrantOwnUserAuthorityGroups );
-        systemSettingManager.saveSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, onlyManageWithinUserGroups );
         systemSettingManager.saveSystemSetting( KEY_SELF_REGISTRATION_NO_RECAPTCHA, selfRegistrationNoRecaptcha );
 
         systemSettingManager.saveSystemSetting( KEY_OPENID_PROVIDER, StringUtils.isEmpty( openIdProvider ) ? null : openIdProvider );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2014-11-18 12:55:20 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2014-11-24 18:14:38 +0000
@@ -102,7 +102,6 @@
 openid_provider_label=OpenID provider label
 openid_provider=OpenID provider
 allow_users_to_grant_own_user_roles=Allow users to grant own user roles
-users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager
 object_not_deleted_associated_by_objects=Object not deleted because it is associated by objects of type
 analytics_max_limit=Maximum number of analytics records 
 unlimited=Unlimited

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties	2014-10-17 08:19:44 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties	2014-11-24 18:14:38 +0000
@@ -96,7 +96,6 @@
 never=Never
 months=Months
 allow_users_to_grant_own_user_roles=Allow users to grant own user roles
-users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager
 object_not_deleted_associated_by_objects=Object not deleted because it is associated by objects of type
 analytics_max_limit=Maximum number of analytics records 
 unlimited=Unlimited

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm	2014-05-15 13:16:11 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm	2014-11-24 18:14:38 +0000
@@ -8,7 +8,6 @@
             accountRecovery: jQuery( '#accountRecovery' ).is( ':checked' ),
             accountInvite: jQuery( '#accountInvite' ).is( ':checked' ),
             canGrantOwnUserAuthorityGroups: jQuery( '#canGrantOwnUserAuthorityGroups' ).is( ':checked' ),
-            onlyManageWithinUserGroups: jQuery( '#onlyManageWithinUserGroups' ).is( ':checked' ),
             credentialsExpires: jQuery( '#credentialsExpires' ).val(),
             openIdProvider: jQuery( '#openIdProvider' ).val(),
             openIdProviderLabel: jQuery( '#openIdProviderLabel' ).val()
@@ -69,11 +68,6 @@
     <label for="canGrantOwnUserAuthorityGroups">$i18n.getString( "allow_users_to_grant_own_user_roles" )</label>
 </div>
 
-<div class="setting">
-    <input type="checkbox" id="onlyManageWithinUserGroups" name="onlyManageWithinUserGroups"#if( $keyOnlyManageWithinUserGroups ) checked="checked"#end>
-    <label for="onlyManageWithinUserGroups">$i18n.getString( "users_must_belong_to_a_group_controlled_by_the_user_manager" )</label>
-</div>
-
 <div class="settingLabel">$i18n.getString( "user_credentials_expires" )</div>
 
 <div class="setting">

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2014-11-24 14:15:14 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java	2014-11-24 18:14:38 +0000
@@ -64,8 +64,6 @@
 import java.util.List;
 import java.util.Set;
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 /**
  * @author Torgeir Lorange Ostby
  */
@@ -304,36 +302,6 @@
         User currentUser = currentUserService.getCurrentUser();
 
         // ---------------------------------------------------------------------
-        // Check if user group is required, before we add the user
-        // ---------------------------------------------------------------------
-
-        boolean canManageGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
-        if ( canManageGroups && !currentUser.getUserCredentials().getAllAuthorities().contains( "ALL" ) )
-        {
-            boolean groupFound = false;
-
-            for ( String ug : ugSelected )
-            {
-                UserGroup group = userGroupService.getUserGroup( ug );
-
-                if ( group != null && securityService.canWrite( group ) )
-                {
-                    groupFound = true;
-
-                    break;
-                }
-            }
-
-            if ( !groupFound )
-            {
-                message = i18n.getString( "users_must_belong_to_a_group_controlled_by_the_user_manager" );
-
-                return ERROR;
-            }
-        }
-
-        // ---------------------------------------------------------------------
         // User credentials and user
         // ---------------------------------------------------------------------
 

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java	2014-11-24 14:15:14 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java	2014-11-24 18:14:38 +0000
@@ -61,8 +61,6 @@
 import java.util.List;
 import java.util.Set;
 
-import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS;
-
 /**
  * @author Torgeir Lorange Ostby
  */
@@ -271,36 +269,6 @@
         User currentUser = currentUserService.getCurrentUser();
 
         // ---------------------------------------------------------------------
-        // Check if user group is required, before we start updating the user
-        // ---------------------------------------------------------------------
-
-        Boolean canManageGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false );
-
-        if ( canManageGroups && !currentUser.getUserCredentials().getAllAuthorities().contains( "ALL" ) )
-        {
-            boolean groupFound = false;
-
-            for ( String ug : ugSelected )
-            {
-                UserGroup group = userGroupService.getUserGroup( ug );
-
-                if ( group != null && securityService.canWrite( group ) )
-                {
-                    groupFound = true;
-
-                    break;
-                }
-            }
-
-            if ( !groupFound )
-            {
-                message = i18n.getString( "users_must_belong_to_a_group_controlled_by_the_user_manager" );
-
-                return ERROR;
-            }
-        }
-
-        // ---------------------------------------------------------------------
         // User credentials and user
         // ---------------------------------------------------------------------
 

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties	2014-11-03 12:28:28 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties	2014-11-24 18:14:38 +0000
@@ -328,7 +328,6 @@
 user_use_group=There are user associated with this user role.
 can_not_remove_last_super_user=Can not remove the last super user.
 can_not_remove_last_super_user_role=Can not remove the last super user role.
-users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager.
 delete_current_user=Delete Current User
 last_login=Last login
 inactive_for=Inactive for

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties	2014-10-17 08:19:44 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties	2014-11-24 18:14:38 +0000
@@ -195,7 +195,6 @@
 user_use_group=There are user associated with this user role.
 can_not_remove_last_super_user=Can not remove the last super user.
 can_not_remove_last_super_user_role=Can not remove the last super user role.
-users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager.
 delete_current_user=Delete Current User
 last_login=Last login
 months=months