dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34635
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17766: Centralized can manage check
------------------------------------------------------------
revno: 17766
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2014-12-22 10:30:23 +0100
message:
Centralized can manage check
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2014-12-19 16:13:54 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2014-12-22 09:30:23 +0000
@@ -248,6 +248,18 @@
{
return userCredentials != null && userCredentials.isSuper();
}
+
+ /**
+ * Indicates whether this user can manage the given user group. This is derived
+ * from which user groups are managed by the given group.
+ *
+ * @param userGroup the user group to test.
+ * @return true if the given user group can be managed by this user, false if not.
+ */
+ public boolean canManage( UserGroup userGroup )
+ {
+ return userGroup != null && CollectionUtils.containsAny( groups, userGroup.getManagedByGroups() );
+ }
// -------------------------------------------------------------------------
// Getters and setters
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2014-12-19 16:13:54 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2014-12-22 09:30:23 +0000
@@ -51,6 +51,7 @@
extends BaseIdentifiableObject
{
public static final String AUTH_USER_ADD = "F_USER_ADD";
+ public static final String AUTH_USER_ADD_IN_GROUP = "F_USER_ADD_WITHIN_MANAGED_GROUP";
public static final String AUTH_USER_DELETE = "F_USER_DELETE";
public static final String AUTH_USER_VIEW = "F_USER_VIEW";
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-21 20:26:25 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-22 09:30:23 +0000
@@ -62,7 +62,6 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
-import org.springframework.util.CollectionUtils;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -415,7 +414,7 @@
throw new CreateAccessDeniedException( "Can't add/update user, can't find user group: " + ug.getUid() );
}
- if ( !authorizedToAdd && CollectionUtils.containsAny( group.getManagedByGroups(), currentUser.getGroups() ) )
+ if ( !authorizedToAdd && currentUser.canManage( group ) )
{
authorizedToAdd = true;
}
