dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #34810
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 17857: Introduced auth F_USER_GROUPS_READ_ONLY_ADD_MEMBERS
------------------------------------------------------------
revno: 17857
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2015-01-02 12:34:18 +0100
message:
Introduced auth F_USER_GROUPS_READ_ONLY_ADD_MEMBERS
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java
dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2014-12-29 15:56:30 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2015-01-02 11:34:18 +0000
@@ -54,9 +54,10 @@
extends BaseIdentifiableObject
{
public static final String AUTH_USER_ADD = "F_USER_ADD";
- public static final String AUTH_USER_ADD_IN_GROUP = "F_USER_ADD_WITHIN_MANAGED_GROUP";
public static final String AUTH_USER_DELETE = "F_USER_DELETE";
public static final String AUTH_USER_VIEW = "F_USER_VIEW";
+ public static final String AUTH_USER_ADD_IN_GROUP = "F_USER_ADD_WITHIN_MANAGED_GROUP";
+ public static final String AUTH_ADD_MEMBERS_TO_READ_ONLY_USER_GROUPS = "F_USER_GROUPS_READ_ONLY_ADD_MEMBERS";
/**
* Determines if a de-serialized file is compatible with this class.
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2014-12-25 14:10:43 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2015-01-02 11:34:18 +0000
@@ -45,6 +45,15 @@
UserGroup getUserGroup( String uid );
+ /**
+ * Indicates whether the current user can add or remove members for the user
+ * group with the given UID. To to so the current user must have write access
+ * to the group or have read access as well as the F_USER_GROUPS_READ_ONLY_ADD_MEMBERS
+ * authority.
+ *
+ * @param uid the user group UID.
+ * @return true if the current user can add or remove members of the user group.
+ */
boolean canAddOrRemoveMember( String uid );
void addUserToGroups( User user, Collection<String> uids );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2014-12-25 14:10:43 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2015-01-02 11:34:18 +0000
@@ -114,15 +114,15 @@
UserGroup userGroup = getUserGroup( uid );
- if ( userGroup == null )
+ if ( userGroup == null || currentUser == null || currentUser.getUserCredentials() == null )
{
return false;
}
boolean canUpdate = aclService.canUpdate( currentUser, userGroup );
- boolean canManage = currentUser.canManage( userGroup );
+ boolean canAddMember = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_ADD_MEMBERS_TO_READ_ONLY_USER_GROUPS );
- return canUpdate || canManage;
+ return canUpdate || canAddMember;
}
@Override
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2015-01-01 15:54:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2015-01-02 11:34:18 +0000
@@ -337,7 +337,7 @@
return true;
}
- public boolean canAddOrUpdateUser( Collection<String> uids )
+ public boolean canAddOrUpdateUser( Collection<String> userGroups )
{
User currentUser = currentUserService.getCurrentUser();
@@ -360,17 +360,20 @@
return false;
}
- for ( String uid : uids )
+ boolean canManageAnyGroup = false;
+
+ for ( String uid : userGroups )
{
UserGroup userGroup = userGroupService.getUserGroup( uid );
if ( currentUser.canManage( userGroup ) )
{
- return true;
+ canManageAnyGroup = true;
+ break;
}
}
- return true;
+ return canManageAnyGroup;
}
// -------------------------------------------------------------------------
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-30 17:28:02 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2015-01-02 11:34:18 +0000
@@ -268,7 +268,7 @@
if ( !aclService.canUpdate( currentUserService.getCurrentUser(), users.get( 0 ) ) )
{
- ContextUtils.conflictResponse( response, "You don't have the proper permissions to update this object." );
+ ContextUtils.conflictResponse( response, "You don't have the proper permissions to update this user." );
return;
}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2014-12-30 20:02:19 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-01-02 11:34:18 +0000
@@ -332,6 +332,8 @@
<value>F_VIEW_UNAPPROVED_DATA</value>
<value>F_USERGROUP_MANAGING_RELATIONSHIPS_ADD</value>
<value>F_USERGROUP_MANAGING_RELATIONSHIPS_VIEW</value>
+ <value>F_USER_ADD_WITHIN_MANAGED_GROUP</value>
+ <value>F_USER_GROUPS_READ_ONLY_ADD_MEMBERS</value>
</set>
</property>
</bean>
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2014-12-30 14:29:14 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2015-01-02 11:34:18 +0000
@@ -116,6 +116,7 @@
F_USERGROUP_LIST=List User Groups
F_USERGROUP_MANAGING_RELATIONSHIPS_ADD=Add/Update User Group Managing Relationships
F_USERGROUP_MANAGING_RELATIONSHIPS_VIEW=View User Group Managing Relationships
+F_USER_GROUPS_READ_ONLY_ADD_MEMBERS=Add/Remove Members In Read-Only User Groups
F_USER_ADD=Add/Update User
F_USER_DELETE=Delete User
F_USER_VIEW=View User
