dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34601
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17734: User invite, added validation for whether invite is valid
------------------------------------------------------------
revno: 17734
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-12-19 11:38:55 +0100
message:
User invite, added validation for whether invite is valid
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2014-12-04 07:23:16 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2014-12-19 10:38:55 +0000
@@ -34,6 +34,9 @@
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+import com.google.common.collect.Sets;
+
+import org.apache.commons.collections.CollectionUtils;
import org.hisp.dhis.common.BaseIdentifiableObject;
import org.hisp.dhis.common.DxfNamespaces;
import org.hisp.dhis.common.IdentifiableObject;
@@ -99,6 +102,11 @@
{
return authorities != null && authorities.contains( AUTHORITY_ALL );
}
+
+ public boolean hasCriticalAuthorities()
+ {
+ return authorities != null && CollectionUtils.containsAny( authorities, Sets.newHashSet( CRITICAL_AUTHS ) );
+ }
// -------------------------------------------------------------------------
// Getters and setters
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-10-01 13:56:33 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-19 10:38:55 +0000
@@ -341,6 +341,14 @@
* @return a Collection of UserAuthorityGroups.
*/
Collection<UserAuthorityGroup> getAllUserAuthorityGroups();
+
+ /**
+ * Retrieves UserAuthorityGroups with the given UIDs.
+ *
+ * @param uids the UIDs.
+ * @return a List of UserAuthorityGroups.
+ */
+ List<UserAuthorityGroup> getUserRolesByUid( Collection<String> uids );
/**
* Retrieves all UserAuthorityGroups.
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-11-24 14:15:14 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-12-19 10:38:55 +0000
@@ -154,25 +154,25 @@
{
if ( !systemSettingManager.emailEnabled() )
{
- log.info( "Could not send restore/invite message as email is not configured" );
+ log.warn( "Could not send restore/invite message as email is not configured" );
return "email_not_configured_for_system";
}
if ( credentials == null || credentials.getUser() == null )
{
- log.info( "Could not send restore/invite message as user does not exist: " + credentials );
+ log.warn( "Could not send restore/invite message as user does not exist: " + credentials );
return "no_user_credentials";
}
if ( credentials.getUser().getEmail() == null || !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) )
{
- log.info( "Could not send restore/invite message as user has no email or email is invalid" );
+ log.warn( "Could not send restore/invite message as user has no email or email is invalid" );
return "user_does_not_have_valid_email";
}
if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) )
{
- log.info( "Not allowed to restore/invite users with critical authorities" );
+ log.warn( "Not allowed to restore/invite users with critical authorities" );
return "user_has_critical_authorities";
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-11-24 18:14:38 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-19 10:38:55 +0000
@@ -52,7 +52,6 @@
import org.hisp.dhis.dataset.DataSet;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.period.PeriodType;
-import org.hisp.dhis.security.SecurityService;
import org.hisp.dhis.setting.SystemSettingManager;
import org.hisp.dhis.system.filter.UserAuthorityGroupCanIssueFilter;
import org.hisp.dhis.system.util.DateUtils;
@@ -115,13 +114,6 @@
this.categoryService = categoryService;
}
- private SecurityService securityService;
-
- public void setSecurityService( SecurityService securityService )
- {
- this.securityService = securityService;
- }
-
private SystemSettingManager systemSettingManager;
public void setSystemSettingManager( SystemSettingManager systemSettingManager )
@@ -445,6 +437,12 @@
}
@Override
+ public List<UserAuthorityGroup> getUserRolesByUid( Collection<String> uids )
+ {
+ return userAuthorityGroupStore.getByUid( uids );
+ }
+
+ @Override
public Collection<UserAuthorityGroup> getUserRolesBetween( int first, int max )
{
return userAuthorityGroupStore.getAllOrderedName( first, max );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-12-07 12:20:58 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-12-19 10:38:55 +0000
@@ -595,7 +595,6 @@
<property name="userSettingStore" ref="org.hisp.dhis.user.UserSettingStore" />
<property name="currentUserService" ref="org.hisp.dhis.user.CurrentUserService" />
<property name="categoryService" ref="org.hisp.dhis.dataelement.DataElementCategoryService" />
- <property name="securityService" ref="org.hisp.dhis.security.SecurityService" />
<property name="systemSettingManager" ref="org.hisp.dhis.setting.SystemSettingManager" />
</bean>
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-18 20:59:57 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-19 10:38:55 +0000
@@ -28,6 +28,8 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import static org.hisp.dhis.common.IdentifiableObjectUtils.getUids;
+
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
@@ -48,6 +50,7 @@
import org.hisp.dhis.security.SecurityService;
import org.hisp.dhis.setting.SystemSettingManager;
import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserAuthorityGroup;
import org.hisp.dhis.user.UserCredentials;
import org.hisp.dhis.user.UserGroup;
import org.hisp.dhis.user.UserGroupService;
@@ -95,10 +98,10 @@
@Autowired
private SystemSettingManager systemSettingManager;
-
- //--------------------------------------------------------------------------
+
+ // -------------------------------------------------------------------------
// GET
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
@Override
@PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
@@ -159,9 +162,9 @@
return users;
}
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
// POST
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
@Override
@RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
@@ -219,9 +222,9 @@
}
}
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
// PUT
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
@Override
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } )
@@ -277,9 +280,9 @@
renderService.toJson( response.getOutputStream(), summary );
}
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
// Supportive methods
- //--------------------------------------------------------------------------
+ // -------------------------------------------------------------------------
/**
* Creates a user invitation and invites the user
@@ -290,12 +293,46 @@
*/
private void inviteUser( User user, HttpServletRequest request, HttpServletResponse response ) throws Exception
{
+ UserCredentials credentials = user.getUserCredentials();
+
+ // ---------------------------------------------------------------------
+ // Validation
+ // ---------------------------------------------------------------------
+
+ if ( credentials == null )
+ {
+ ContextUtils.conflictResponse( response, "User credentials is not present" );
+ return;
+ }
+
+ credentials.setUser( user );
+
+ List<UserAuthorityGroup> userRoles = userService.getUserRolesByUid( getUids( credentials.getUserAuthorityGroups() ) );
+
+ for ( UserAuthorityGroup role : userRoles )
+ {
+ if ( role != null && role.hasCriticalAuthorities() )
+ {
+ ContextUtils.conflictResponse( response, "User cannot be invited with user role which has critical authorities: " + role );
+ return;
+ }
+ }
+
+ String valid = securityService.validateRestore( user.getUserCredentials() );
+
+ if ( valid != null )
+ {
+ ContextUtils.conflictResponse( response, valid );
+ return;
+ }
+
+ // ---------------------------------------------------------------------
+ // Prepare, create and invite user
+ // ---------------------------------------------------------------------
+
RestoreOptions restoreOptions = user.getUsername() == null || user.getUsername().isEmpty() ?
RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
- UserCredentials credentials = user.getUserCredentials();
- credentials.setUser( user );
-
securityService.prepareUserForInvite( user );
createUser( user, response );
