dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34726
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17804: UserStore, included logic that users can only manage other users with subset of their authorities...
------------------------------------------------------------
revno: 17804
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-12-26 23:47:28 +0100
message:
UserStore, included logic that users can only manage other users with subset of their authorities in HQL query
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java
dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-26 16:55:20 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-26 22:47:28 +0000
@@ -169,9 +169,9 @@
* groups association.
*
* @param user the user.
- * @return a List of users.
+ * @return a Collection of users.
*/
- List<User> getManagedUsers( User user );
+ Collection<User> getManagedUsers( User user );
/**
* Returns all users which are managed by the given user through its managed
@@ -180,9 +180,9 @@
* @param user the user.
* @param first the first record to return.
* @param max the max number of records to return.
- * @return a List of users.
+ * @return a Collection of users.
*/
- List<User> getManagedUsersBetween( User user, int first, int max );
+ Collection<User> getManagedUsersBetween( User user, int first, int max );
/**
* Tests whether the current user is allowed to create a user associated
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java 2014-12-26 12:27:14 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java 2014-12-26 22:47:28 +0000
@@ -71,18 +71,9 @@
* groups association.
*
* @param user the user.
- * @return a List of users.
- */
- List<User> getManagedUsers( User user );
-
- /**
- * Returns all users which are managed by the given user through its managed
- * groups association.
- *
- * @param user the user.
- * @param first the first record to return.
- * @param max the max number of records to return.
- * @return a List of users.
- */
- List<User> getManagedUsersBetween( User user, int first, int max );
+ * @param first the first record to return, null if 0.
+ * @param max the max number of records to return, null if none.
+ * @return a List of users.
+ */
+ List<User> getManagedUsersBetween( User user, Integer first, Integer max );
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-26 18:56:34 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-26 22:47:28 +0000
@@ -204,14 +204,19 @@
}
@Override
- public List<User> getManagedUsers( User user )
+ public Collection<User> getManagedUsers( User user )
{
- return userStore.getManagedUsers( user );
+ return userStore.getManagedUsersBetween( user, null, null );
}
@Override
- public List<User> getManagedUsersBetween( User user, int first, int max )
+ public Collection<User> getManagedUsersBetween( User user, int first, int max )
{
+ if ( user != null && user.isSuper() )
+ {
+ return getAllUsers();
+ }
+
return userStore.getManagedUsersBetween( user, first, max );
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java 2014-12-26 16:55:20 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java 2014-12-26 22:47:28 +0000
@@ -30,6 +30,7 @@
import java.util.Collection;
import java.util.List;
+import java.util.Set;
import org.hibernate.Criteria;
import org.hibernate.Query;
@@ -107,29 +108,42 @@
return criteria.list();
}
-
- @Override
- @SuppressWarnings("unchecked")
- public List<User> getManagedUsers( User user )
- {
- Collection<Integer> managedGroups = IdentifiableObjectUtils.getIdentifiers( user.getManagedGroups() );
-
- String hql = "select distinct u from User u join u.groups g where g.id in (:ids) order by u.surname, u.firstName";
-
- return sessionFactory.getCurrentSession().createQuery( hql ).setParameterList( "ids", managedGroups ).list();
- }
@Override
@SuppressWarnings("unchecked")
- public List<User> getManagedUsersBetween( User user, int first, int max )
+ public List<User> getManagedUsersBetween( User user, Integer first, Integer max )
{
Collection<Integer> managedGroups = IdentifiableObjectUtils.getIdentifiers( user.getManagedGroups() );
-
- String hql = "select distinct u from User u join u.groups g where g.id in (:ids) order by u.surname, u.firstName";
-
- return sessionFactory.getCurrentSession().createQuery( hql ).
+
+ Set<String> auths = user.getUserCredentials().getAllAuthorities();
+
+ String hql =
+ "select distinct u from User u " +
+ "inner join u.userCredentials uc " +
+ "inner join u.groups g " +
+ "where g.id in (:ids) " +
+ "and not exists (" +
+ "select uc2 from UserCredentials uc2 " +
+ "inner join uc2.userAuthorityGroups ag " +
+ "inner join ag.authorities a " +
+ "where uc2.id = uc.id " +
+ "and a not in (:auths) ) " +
+ "order by u.surname, u.firstName";
+
+ Query query = sessionFactory.getCurrentSession().createQuery( hql ).
setParameterList( "ids", managedGroups ).
- setFirstResult( first ).
- setMaxResults( max ).list();
+ setParameterList( "auths", auths );
+
+ if ( first != null )
+ {
+ query.setFirstResult( first );
+ }
+
+ if ( max != null )
+ {
+ query.setMaxResults( max ).list();
+ }
+
+ return query.list();
}
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java 2014-12-26 12:27:14 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java 2014-12-26 22:47:28 +0000
@@ -29,13 +29,13 @@
*/
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.assertFalse;
+import java.util.Collection;
import java.util.HashSet;
-import java.util.List;
import java.util.Set;
import org.hisp.dhis.DhisSpringTest;
@@ -64,6 +64,10 @@
private OrganisationUnit unit1;
private OrganisationUnit unit2;
+ private UserAuthorityGroup roleA;
+ private UserAuthorityGroup roleB;
+ private UserAuthorityGroup roleC;
+
@Override
public void setUpTest()
throws Exception
@@ -72,7 +76,25 @@
unit2 = createOrganisationUnit( 'B' );
organisationUnitService.addOrganisationUnit( unit1 );
- organisationUnitService.addOrganisationUnit( unit2 );
+ organisationUnitService.addOrganisationUnit( unit2 );
+
+ roleA = createUserAuthorityGroup( 'A' );
+ roleB = createUserAuthorityGroup( 'B' );
+ roleC = createUserAuthorityGroup( 'C' );
+
+ roleA.getAuthorities().add( "AuthA" );
+ roleA.getAuthorities().add( "AuthB" );
+ roleA.getAuthorities().add( "AuthC" );
+ roleA.getAuthorities().add( "AuthD" );
+
+ roleB.getAuthorities().add( "AuthA" );
+ roleB.getAuthorities().add( "AuthB" );
+
+ roleC.getAuthorities().add( "AuthC" );
+
+ userService.addUserAuthorityGroup( roleA );
+ userService.addUserAuthorityGroup( roleB );
+ userService.addUserAuthorityGroup( roleC );
}
@Test
@@ -199,18 +221,38 @@
User userB = createUser( 'B' );
User userC = createUser( 'C' );
User userD = createUser( 'D' );
+ User userE = createUser( 'E' );
+ User userF = createUser( 'F' );
+
+ UserCredentials credentialsA = createUserCredentials( 'A', userA );
+ UserCredentials credentialsB = createUserCredentials( 'B', userB );
+ UserCredentials credentialsC = createUserCredentials( 'C', userC );
+ UserCredentials credentialsD = createUserCredentials( 'D', userD );
+ UserCredentials credentialsE = createUserCredentials( 'E', userE );
+ UserCredentials credentialsF = createUserCredentials( 'F', userF );
userService.addUser( userA );
userService.addUser( userB );
userService.addUser( userC );
userService.addUser( userD );
+ userService.addUser( userE );
+ userService.addUser( userF );
+
+ userService.addUserCredentials( credentialsA );
+ userService.addUserCredentials( credentialsB );
+ userService.addUserCredentials( credentialsC );
+ userService.addUserCredentials( credentialsD );
+ userService.addUserCredentials( credentialsE );
+ userService.addUserCredentials( credentialsF );
UserGroup userGroup1 = createUserGroup( 'A', Sets.newHashSet( userA, userB ) );
- UserGroup userGroup2 = createUserGroup( 'B', Sets.newHashSet( userC, userD ) );
+ UserGroup userGroup2 = createUserGroup( 'B', Sets.newHashSet( userC, userD, userE, userF ) );
userA.getGroups().add( userGroup1 );
userB.getGroups().add( userGroup1 );
userC.getGroups().add( userGroup2 );
userD.getGroups().add( userGroup2 );
+ userE.getGroups().add( userGroup2 );
+ userF.getGroups().add( userGroup2 );
userGroup1.setManagedGroups( Sets.newHashSet( userGroup2 ) );
userGroup2.setManagedByGroups( Sets.newHashSet( userGroup1 ) );
@@ -218,11 +260,13 @@
userGroupService.addUserGroup( userGroup1 );
userGroupService.addUserGroup( userGroup2 );
- List<User> users = userService.getManagedUsers( userA );
+ Collection<User> users = userService.getManagedUsers( userA );
- assertEquals( 2, users.size() );
+ assertEquals( 4, users.size() );
assertTrue( users.contains( userC ) );
assertTrue( users.contains( userD ) );
+ assertTrue( users.contains( userE ) );
+ assertTrue( users.contains( userF ) );
users = userService.getManagedUsersBetween( userA, 0, 1 );
@@ -230,9 +274,11 @@
users = userService.getManagedUsers( userB );
- assertEquals( 2, users.size() );
+ assertEquals( 4, users.size() );
assertTrue( users.contains( userC ) );
assertTrue( users.contains( userD ) );
+ assertTrue( users.contains( userE ) );
+ assertTrue( users.contains( userF ) );
users = userService.getManagedUsersBetween( userB, 0, 1 );
@@ -242,4 +288,79 @@
assertEquals( 0, users.size() );
}
+
+ @Test
+ public void testGetManagedGroupsLessAuthorities()
+ {
+ User userA = createUser( 'A' );
+ User userB = createUser( 'B' );
+ User userC = createUser( 'C' );
+ User userD = createUser( 'D' );
+ User userE = createUser( 'E' );
+ User userF = createUser( 'F' );
+
+ UserCredentials credentialsA = createUserCredentials( 'A', userA );
+ UserCredentials credentialsB = createUserCredentials( 'B', userB );
+ UserCredentials credentialsC = createUserCredentials( 'C', userC );
+ UserCredentials credentialsD = createUserCredentials( 'D', userD );
+ UserCredentials credentialsE = createUserCredentials( 'E', userE );
+ UserCredentials credentialsF = createUserCredentials( 'F', userF );
+
+ credentialsA.getUserAuthorityGroups().add( roleA );
+ credentialsB.getUserAuthorityGroups().add( roleB );
+ credentialsB.getUserAuthorityGroups().add( roleC );
+ credentialsC.getUserAuthorityGroups().add( roleA );
+ credentialsC.getUserAuthorityGroups().add( roleB );
+ credentialsD.getUserAuthorityGroups().add( roleC );
+ credentialsE.getUserAuthorityGroups().add( roleA );
+ credentialsE.getUserAuthorityGroups().add( roleB );
+ credentialsF.getUserAuthorityGroups().add( roleC );
+
+ userService.addUser( userA );
+ userService.addUser( userB );
+ userService.addUser( userC );
+ userService.addUser( userD );
+ userService.addUser( userE );
+ userService.addUser( userF );
+
+ userService.addUserCredentials( credentialsA );
+ userService.addUserCredentials( credentialsB );
+ userService.addUserCredentials( credentialsC );
+ userService.addUserCredentials( credentialsD );
+ userService.addUserCredentials( credentialsE );
+ userService.addUserCredentials( credentialsF );
+
+ UserGroup userGroup1 = createUserGroup( 'A', Sets.newHashSet( userA, userB ) );
+ UserGroup userGroup2 = createUserGroup( 'B', Sets.newHashSet( userC, userD, userE, userF ) );
+ userA.getGroups().add( userGroup1 );
+ userB.getGroups().add( userGroup1 );
+ userC.getGroups().add( userGroup2 );
+ userD.getGroups().add( userGroup2 );
+ userE.getGroups().add( userGroup2 );
+ userF.getGroups().add( userGroup2 );
+
+ userGroup1.setManagedGroups( Sets.newHashSet( userGroup2 ) );
+ userGroup2.setManagedByGroups( Sets.newHashSet( userGroup1 ) );
+
+ userGroupService.addUserGroup( userGroup1 );
+ userGroupService.addUserGroup( userGroup2 );
+
+ Collection<User> users = userService.getManagedUsers( userA );
+
+ assertEquals( 4, users.size() );
+ assertTrue( users.contains( userC ) );
+ assertTrue( users.contains( userD ) );
+ assertTrue( users.contains( userE ) );
+ assertTrue( users.contains( userF ) );
+
+ users = userService.getManagedUsers( userB );
+
+ assertEquals( 2, users.size() );
+ assertTrue( users.contains( userD ) );
+ assertTrue( users.contains( userF ) );
+
+ users = userService.getManagedUsers( userC );
+
+ assertEquals( 0, users.size() );
+ }
}
