dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17808: User store, support for filter by disjoint user roles

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Sat, 27 Dec 2014 16:08:27 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 17808
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2014-12-27 17:07:45 +0100
message:
  User store, support for filter by disjoint user roles
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserQueryParams.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserQueryParams.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserQueryParams.java	2014-12-27 15:11:19 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserQueryParams.java	2014-12-27 16:07:45 +0000
@@ -45,6 +45,8 @@
     
     private boolean authSubset;
     
+    private boolean disjointRoles;
+    
     private Date inactiveSince;
     
     private Integer inactiveMonths;
@@ -109,6 +111,16 @@
         this.authSubset = authSubset;
     }
 
+    public boolean isDisjointRoles()
+    {
+        return disjointRoles;
+    }
+
+    public void setDisjointRoles( boolean disjointRoles )
+    {
+        this.disjointRoles = disjointRoles;
+    }
+
     public Date getInactiveSince()
     {
         return inactiveSince;

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java	2014-12-27 15:11:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java	2014-12-27 16:07:45 +0000
@@ -130,14 +130,21 @@
         {
             hql += hlp.whereAnd() + " not exists (" +
                 "select uc2 from UserCredentials uc2 " +
-                "inner join uc2.userAuthorityGroups ag " +
-                "inner join ag.authorities a " +
+                "inner join uc2.userAuthorityGroups ag2 " +
+                "inner join ag2.authorities a " +
                 "where uc2.id = uc.id " +
                 "and a not in (:auths) ) ";
         }
         
-        //TODO constrain by own user roles
-
+        if ( params.isDisjointRoles() )
+        {
+            hql += hlp.whereAnd() + " not exists (" +
+                "select uc3 from UserCredentials uc3 " +
+                "inner join uc3.userAuthorityGroups ag3 " +
+                "where uc3.id = uc.id " +
+                "and ag3.id in (:roles) ) ";
+        }
+        
         if ( params.getInactiveSince() != null )
         {
             hql += hlp.whereAnd() + " uc.lastLogin < :inactiveSince ";
@@ -176,6 +183,13 @@
             query.setParameterList( "auths", auths );
         }
         
+        if ( params.isDisjointRoles() && params.getUser() != null )
+        {
+            Collection<Integer> roles = IdentifiableObjectUtils.getIdentifiers( params.getUser().getUserCredentials().getUserAuthorityGroups() );
+            
+            query.setParameterList( "roles", roles );
+        }
+        
         if ( params.getInactiveSince() != null )
         {
             query.setDate( "inactiveSince", params.getInactiveSince() );

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java	2014-12-27 15:11:19 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java	2014-12-27 16:07:45 +0000
@@ -365,6 +365,87 @@
     }
 
     @Test
+    public void testGetManagedGroupsLessAuthoritiesDisjointRoles()
+    {
+        User userA = createUser( 'A' );
+        User userB = createUser( 'B' );
+        User userC = createUser( 'C' );
+        User userD = createUser( 'D' );
+        User userE = createUser( 'E' );
+        User userF = createUser( 'F' );
+
+        UserCredentials credentialsA = createUserCredentials( 'A', userA );
+        UserCredentials credentialsB = createUserCredentials( 'B', userB );
+        UserCredentials credentialsC = createUserCredentials( 'C', userC );
+        UserCredentials credentialsD = createUserCredentials( 'D', userD );
+        UserCredentials credentialsE = createUserCredentials( 'E', userE );
+        UserCredentials credentialsF = createUserCredentials( 'F', userF );
+
+        credentialsA.getUserAuthorityGroups().add( roleA );
+        credentialsB.getUserAuthorityGroups().add( roleB );
+        credentialsB.getUserAuthorityGroups().add( roleC );
+        credentialsC.getUserAuthorityGroups().add( roleA );
+        credentialsC.getUserAuthorityGroups().add( roleB );
+        credentialsD.getUserAuthorityGroups().add( roleC );
+        credentialsE.getUserAuthorityGroups().add( roleA );
+        credentialsE.getUserAuthorityGroups().add( roleB );
+        credentialsF.getUserAuthorityGroups().add( roleC );
+        
+        userService.addUser( userA );
+        userService.addUser( userB );
+        userService.addUser( userC );
+        userService.addUser( userD );
+        userService.addUser( userE );
+        userService.addUser( userF );
+        
+        userService.addUserCredentials( credentialsA );
+        userService.addUserCredentials( credentialsB );
+        userService.addUserCredentials( credentialsC );
+        userService.addUserCredentials( credentialsD );
+        userService.addUserCredentials( credentialsE );
+        userService.addUserCredentials( credentialsF );
+        
+        UserGroup userGroup1 = createUserGroup( 'A', Sets.newHashSet( userA, userB ) );
+        UserGroup userGroup2 = createUserGroup( 'B', Sets.newHashSet( userC, userD, userE, userF ) );
+        userA.getGroups().add( userGroup1 );
+        userB.getGroups().add( userGroup1 );
+        userC.getGroups().add( userGroup2 );
+        userD.getGroups().add( userGroup2 );
+        userE.getGroups().add( userGroup2 );
+        userF.getGroups().add( userGroup2 );
+        
+        userGroup1.setManagedGroups( Sets.newHashSet( userGroup2 ) );
+        userGroup2.setManagedByGroups( Sets.newHashSet( userGroup1 ) );
+        
+        userGroupService.addUserGroup( userGroup1 );
+        userGroupService.addUserGroup( userGroup2 );
+        
+        UserQueryParams params = new UserQueryParams();
+        params.setCanManage( true );
+        params.setAuthSubset( true );
+        params.setDisjointRoles( true );
+        params.setUser( userA );
+        
+        Collection<User> users = userService.getUsers( params);
+        
+        assertEquals( 2, users.size() );
+        assertTrue( users.contains( userD ) );
+        assertTrue( users.contains( userF ) );
+
+        params.setUser( userB );
+        
+        users = userService.getUsers( params);
+
+        assertEquals( 0, users.size() );
+
+        params.setUser( userC );
+        
+        users = userService.getUsers( params);
+        
+        assertEquals( 0, users.size() );
+    }
+
+    @Test
     public void testGetManagedGroupsSearch()
     {
         User userA = createUser( 'A' );