dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34684
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17789: User invite, better validation
------------------------------------------------------------
revno: 17789
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2014-12-24 12:38:09 +0100
message:
User invite, better validation
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2014-12-22 10:31:50 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2014-12-24 11:38:09 +0000
@@ -45,7 +45,7 @@
UserGroup getUserGroup( String uid );
- boolean canAddOrRemove( User user, Collection<String> uids );
+ boolean canAddOrRemove( String uid );
void addUserToGroups( User user, Collection<String> uids );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2014-12-22 10:31:50 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2014-12-24 11:38:09 +0000
@@ -33,7 +33,6 @@
import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.GenericIdentifiableObjectStore;
-import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
import org.springframework.transaction.annotation.Transactional;
@Transactional
@@ -106,62 +105,50 @@
}
@Override
- public boolean canAddOrRemove( User user, Collection<String> uids )
+ public boolean canAddOrRemove( String uid )
{
User currentUser = currentUserService.getCurrentUser();
- for ( String uid : uids )
+ UserGroup userGroup = getUserGroup( uid );
+
+ if ( userGroup == null )
{
- UserGroup userGroup = getUserGroup( uid );
-
- if ( userGroup == null )
- {
- return false;
- }
-
- boolean canUpdate = aclService.canUpdate( currentUser, userGroup );
- boolean canManage = currentUser.canManage( userGroup );
-
- if ( !canUpdate && !canManage )
- {
- return false;
- }
+ return false;
}
- return true;
+ boolean canUpdate = aclService.canUpdate( currentUser, userGroup );
+ boolean canManage = currentUser.canManage( userGroup );
+
+ return canUpdate || canManage;
}
@Override
public void addUserToGroups( User user, Collection<String> uids )
- {
- if ( !canAddOrRemove( user, uids ) )
- {
- throw new UpdateAccessDeniedException( user.toString() );
- }
-
+ {
for ( String uid : uids )
{
- UserGroup userGroup = getUserGroup( uid );
- user.getGroups().add( userGroup );
- userGroup.getMembers().add( user );
- userGroupStore.updateNoAcl( userGroup );
+ if ( canAddOrRemove( uid ) )
+ {
+ UserGroup userGroup = getUserGroup( uid );
+ user.getGroups().add( userGroup );
+ userGroup.getMembers().add( user );
+ userGroupStore.updateNoAcl( userGroup );
+ }
}
}
@Override
public void removeUserFromGroups( User user, Collection<String> uids )
{
- if ( !canAddOrRemove( user, uids ) )
- {
- throw new UpdateAccessDeniedException( user.toString() );
- }
-
for ( String uid : uids )
{
- UserGroup userGroup = getUserGroup( uid );
- user.getGroups().remove( userGroup );
- userGroup.getMembers().remove( user );
- userGroupStore.updateNoAcl( userGroup );
+ if ( canAddOrRemove( uid ) )
+ {
+ UserGroup userGroup = getUserGroup( uid );
+ user.getGroups().remove( userGroup );
+ userGroup.getMembers().remove( user );
+ userGroupStore.updateNoAcl( userGroup );
+ }
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-23 16:19:37 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-24 11:38:09 +0000
@@ -40,6 +40,7 @@
import org.hisp.dhis.common.IdentifiableObjectUtils;
import org.hisp.dhis.common.Pager;
+import org.hisp.dhis.dxf2.importsummary.ImportSummary;
import org.hisp.dhis.dxf2.metadata.ImportTypeSummary;
import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
@@ -167,7 +168,7 @@
{
User user = renderService.fromXml( request.getInputStream(), getEntityClass() );
- createUser( user, response );
+ createUser( user );
}
@Override
@@ -176,7 +177,7 @@
{
User user = renderService.fromJson( request.getInputStream(), getEntityClass() );
- createUser( user, response );
+ createUser( user );
}
@RequestMapping( value = INVITE_PATH, method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
@@ -349,16 +350,18 @@
{
return;
}
-
+
RestoreOptions restoreOptions = user.getUsername() == null || user.getUsername().isEmpty() ?
RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME;
securityService.prepareUserForInvite( user );
- createUser( user, response );
+ ImportSummary summary = createUser( user );
securityService.sendRestoreMessage( user.getUserCredentials(),
ContextUtils.getContextPath( request ), restoreOptions );
+
+ renderService.toJson( response.getOutputStream(), summary );
}
/**
@@ -367,7 +370,7 @@
* @param user user object parsed from the POST request
* @param response response for created user
*/
- private void createUser( User user, HttpServletResponse response ) throws Exception
+ private ImportSummary createUser( User user ) throws Exception
{
if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
{
@@ -378,6 +381,16 @@
{
throw new CreateAccessDeniedException( "You must have permissions to create user, or ability to manage at least one user group for the user." );
}
+
+ List<String> uids = IdentifiableObjectUtils.getUids( user.getGroups() );
+
+ for ( String uid : uids )
+ {
+ if ( !userGroupService.canAddOrRemove( uid ) )
+ {
+ throw new CreateAccessDeniedException( "You don't have permissions to add user to user group: " + uid );
+ }
+ }
user.getUserCredentials().getCogsDimensionConstraints().addAll(
currentUserService.getCurrentUser().getUserCredentials().getCogsDimensionConstraints() );
@@ -388,7 +401,7 @@
ImportTypeSummary summary = importService.importObject( currentUserService.getCurrentUser().getUid(), user, ImportStrategy.CREATE );
userGroupService.addUserToGroups( user, IdentifiableObjectUtils.getUids( user.getGroups() ) );
-
- renderService.toJson( response.getOutputStream(), summary );
+
+ return summary;
}
}
