← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 18255: Appearace. Impl system setting for requiring add authority to view list of objects. Impl correspo...

 

------------------------------------------------------------
revno: 18255
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2015-02-13 13:51:17 +0100
message:
  Appearace. Impl system setting for requiring add authority to view list of objects. Impl corresponding behavior for hiding menu items in the UI for objects which the current user cannot add (public or private).
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java
  dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java
  dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-datadictionary/src/main/webapp/dhis-web-maintenance-datadictionary/menu.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/menu.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/webapp/dhis-web-maintenance-organisationunit/menu.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-program/src/main/webapp/dhis-web-maintenance-program/menu.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAppearanceSettingsAction.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAppearanceSettings.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/menu.vm


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java	2015-02-13 12:51:17 +0000
@@ -105,6 +105,7 @@
     final String KEY_SYSTEM_NOTIFICATIONS_EMAIL = "keySystemNotificationsEmail";
     final String KEY_ANALYSIS_RELATIVE_PERIOD = "keyAnalysisRelativePeriod";
     final String KEY_CORS_WHITELIST = "keyCorsWhitelist";
+    final String KEY_REQUIRE_ADD_TO_VIEW = "keyRequireAddToView";
 
     final String DEFAULT_SCHEDULE_AGGREGATE_QUERY_BUILDER_TASK_STRATEGY = "lastMonth";
     final String DEFAULT_FLAG = "dhis2";

=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2015-02-05 06:53:38 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java	2015-02-13 12:51:17 +0000
@@ -34,6 +34,7 @@
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
 import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+
 import org.apache.commons.collections.CollectionUtils;
 import org.hisp.dhis.attribute.AttributeValue;
 import org.hisp.dhis.common.BaseIdentifiableObject;
@@ -250,6 +251,15 @@
         return userCredentials != null && userCredentials.isSuper();
     }
 
+    /**
+     * Tests whether the user has the given authority. Returns true in any case
+     * if the user has the ALL authority.
+     */
+    public boolean isAuthorized( String auth )
+    {
+        return userCredentials != null && userCredentials.isAuthorized( auth );
+    }
+    
     public Set<UserGroup> getManagedGroups()
     {
         Set<UserGroup> managedGroups = new HashSet<>();

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java	2015-02-13 12:51:17 +0000
@@ -485,6 +485,14 @@
     }
 
     @Override
+    public boolean canView( String type )
+    {
+        boolean requireAddToView = (Boolean) systemSettingManager.getSystemSetting( SystemSettingManager.KEY_REQUIRE_ADD_TO_VIEW, false );
+        
+        return !requireAddToView || ( canCreatePrivate( type ) || canCreatePublic( type ) );
+    }
+
+    @Override
     public boolean canCreatePrivate( String type )
     {
         Class<? extends IdentifiableObject> klass = aclService.classForType( type );

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java	2015-02-13 12:51:17 +0000
@@ -205,6 +205,15 @@
     boolean canCreatePrivate( String type );
 
     /**
+     * Checks whether current user can view instances of the object. Depends on
+     * system setting for require add to view objects.
+     *
+     * @param type Type to check for view access.
+     * @return true of false depending on outcome of check
+     */
+    boolean canView( String type );
+
+    /**
      * Checks whether current user has update access to object.
      *
      * @param identifiableObject Object to check for update access.

=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java	2015-02-13 12:51:17 +0000
@@ -128,6 +128,7 @@
         map.put( KEY_HIDE_UNAPPROVED_DATA_IN_ANALYTICS, systemSettingManager.getSystemSetting( KEY_HIDE_UNAPPROVED_DATA_IN_ANALYTICS, false ) );
         map.put( KEY_ACCEPTANCE_REQUIRED_FOR_APPROVAL, systemSettingManager.getSystemSetting( KEY_ACCEPTANCE_REQUIRED_FOR_APPROVAL, false ) );
         map.put( KEY_SYSTEM_NOTIFICATIONS_EMAIL, systemSettingManager.getSystemSetting( KEY_SYSTEM_NOTIFICATIONS_EMAIL ) );
+        map.put( KEY_REQUIRE_ADD_TO_VIEW, systemSettingManager.getSystemSetting( KEY_REQUIRE_ADD_TO_VIEW, false ) );
         map.put( SYSPROP_PORTAL, defaultIfEmpty( System.getProperty( SYSPROP_PORTAL ), String.valueOf( false ) ) );
 
         invocation.getStack().push( map );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-datadictionary/src/main/webapp/dhis-web-maintenance-datadictionary/menu.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-datadictionary/src/main/webapp/dhis-web-maintenance-datadictionary/menu.vm	2014-10-15 04:17:05 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-datadictionary/src/main/webapp/dhis-web-maintenance-datadictionary/menu.vm	2015-02-13 12:51:17 +0000
@@ -1,23 +1,23 @@
 
 <h2>$i18n.getString( "data_element" )&nbsp;</h2>
 <ul>
-    <li><a href="dataElement.action">$i18n.getString( "data_element" )&nbsp;</a></li>
-    <li><a href="dataElementGroup.action">$i18n.getString( "data_element_group" )&nbsp;</a></li>
-    <li><a href="dataElementGroupEditor.action">$i18n.getString( "data_element_group_editor" )&nbsp;</a></li>
-	<li><a href="dataElementGroupSet.action">$i18n.getString( "data_element_group_set" )&nbsp;</a></li>
-    <li><a href="categoryOptionCombo.action">$i18n.getString( "category_option_combo" )&nbsp;</a></li>
-    <li><a href="categoryOption.action">$i18n.getString( "category_option" )&nbsp;</a></li>
-    <li><a href="category.action">$i18n.getString( "category" )&nbsp;</a></li>
-    <li><a href="categoryCombo.action">$i18n.getString( "category_combination" )&nbsp;</a></li>
-    <li><a href="categoryOptionGroup.action">$i18n.getString( "category_option_group" )&nbsp;</a></li>
-    <li><a href="categoryOptionGroupSet.action">$i18n.getString( "category_option_group_set" )&nbsp;</a></li>
+    #if( $security.canView( "dataElement" ) )<li><a href="dataElement.action">$i18n.getString( "data_element" )&nbsp;</a></li>#end
+    #if( $security.canView( "dataElementGroup" ) )<li><a href="dataElementGroup.action">$i18n.getString( "data_element_group" )&nbsp;</a></li>#end
+    #if( $security.canView( "dataElementGroup" ) )<li><a href="dataElementGroupEditor.action">$i18n.getString( "data_element_group_editor" )&nbsp;</a></li>#end
+	#if( $security.canView( "dataElementGroupSet" ) )<li><a href="dataElementGroupSet.action">$i18n.getString( "data_element_group_set" )&nbsp;</a></li>#end
+    #if( $security.canView( "categoryOptionCombo" ) )<li><a href="categoryOptionCombo.action">$i18n.getString( "category_option_combo" )&nbsp;</a></li>#end
+    #if( $security.canView( "categoryOption" ) )<li><a href="categoryOption.action">$i18n.getString( "category_option" )&nbsp;</a></li>#end
+    #if( $security.canView( "category" ) )<li><a href="category.action">$i18n.getString( "category" )&nbsp;</a></li>#end
+    #if( $security.canView( "categoryCombo" ) )<li><a href="categoryCombo.action">$i18n.getString( "category_combination" )&nbsp;</a></li>#end
+    #if( $security.canView( "categoryOptionGroup" ) )<li><a href="categoryOptionGroup.action">$i18n.getString( "category_option_group" )&nbsp;</a></li>#end
+    #if( $security.canView( "categoryOptionGroupSet" ) )<li><a href="categoryOptionGroupSet.action">$i18n.getString( "category_option_group_set" )&nbsp;</a></li>#end
 </ul>
 
 <h2>$i18n.getString( "indicator" )&nbsp;</h2>
 <ul>
-    <li><a href="indicator.action">$i18n.getString( "indicator" )&nbsp;</a></li>
-    <li><a href="indicatorType.action">$i18n.getString( "indicator_type" )&nbsp;</a></li>   
-    <li><a href="indicatorGroup.action">$i18n.getString( "indicator_group" )&nbsp;</a></li>
-	<li><a href="indicatorGroupEditor.action">$i18n.getString( "indicator_group_editor" )&nbsp;</a></li>
-	<li><a href="indicatorGroupSet.action">$i18n.getString( "indicator_group_set" )&nbsp;</a></li>
+    #if( $security.canView( "indicator" ) )<li><a href="indicator.action">$i18n.getString( "indicator" )&nbsp;</a></li>#end
+    #if( $security.canView( "indicatorType" ) )<li><a href="indicatorType.action">$i18n.getString( "indicator_type" )&nbsp;</a></li>#end
+    #if( $security.canView( "indicatorGroup" ) )<li><a href="indicatorGroup.action">$i18n.getString( "indicator_group" )&nbsp;</a></li>#end
+	#if( $security.canView( "indicatorGroup" ) )<li><a href="indicatorGroupEditor.action">$i18n.getString( "indicator_group_editor" )&nbsp;</a></li>#end
+	#if( $security.canView( "indicatorGroupSet" ) )<li><a href="indicatorGroupSet.action">$i18n.getString( "indicator_group_set" )&nbsp;</a></li>#end
 </ul>

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/menu.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/menu.vm	2014-12-22 16:00:36 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/menu.vm	2015-02-13 12:51:17 +0000
@@ -1,6 +1,6 @@
 
 <h2>$i18n.getString( "dataset" )&nbsp;</h2>
 <ul>
-	<li><a href="dataSet.action">$i18n.getString( "dataset" )&nbsp;</a></li>
-	<li><a href="displayEditorForm.action">$i18n.getString( "dataset_assignment_editor" )&nbsp;</a></li>
+	#if( $security.canView( "dataSet" ) )<li><a href="dataSet.action">$i18n.getString( "dataset" )&nbsp;</a></li>#end
+	#if( $security.canView( "dataSet" ) )<li><a href="displayEditorForm.action">$i18n.getString( "dataset_assignment_editor" )&nbsp;</a></li>#end
 </ul>
\ No newline at end of file

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/webapp/dhis-web-maintenance-organisationunit/menu.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/webapp/dhis-web-maintenance-organisationunit/menu.vm	2011-03-17 22:55:56 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-organisationunit/src/main/webapp/dhis-web-maintenance-organisationunit/menu.vm	2015-02-13 12:51:17 +0000
@@ -2,10 +2,10 @@
 <h2>$i18n.getString( "organisation_unit" )&nbsp;</h2>
 
 <ul>
-	<li><a href="organisationUnit.action">$i18n.getString( "org_unit" )&nbsp;</a></li>
-	<li><a href="organisationUnitGroup.action">$i18n.getString( "org_unit_group" )&nbsp;</a></li>
-	<li><a href="organisationUnitGroupSet.action">$i18n.getString( "org_unit_group_set" )&nbsp;</a></li>
-    <li><a href="organisationUnitLevel.action">$i18n.getString( "org_unit_level" )&nbsp;</a></li>
+	#if( $security.canView( "organisationUnit" ) )<li><a href="organisationUnit.action">$i18n.getString( "org_unit" )&nbsp;</a></li>#end
+	#if( $security.canView( "organisationUnitGroup" ) )<li><a href="organisationUnitGroup.action">$i18n.getString( "org_unit_group" )&nbsp;</a></li>#end
+	#if( $security.canView( "organisationUnitGroupSet" ) )<li><a href="organisationUnitGroupSet.action">$i18n.getString( "org_unit_group_set" )&nbsp;</a></li>#end
+    #if( $currentUser.isAuthorized( "F_ORGANISATIONUNITLEVEL_UPDATE" ) )<li><a href="organisationUnitLevel.action">$i18n.getString( "org_unit_level" )&nbsp;</a></li>#end
     <li><a href="organisationUnitSearch.action?skipSearch=true">$i18n.getString( "org_unit_search" )&nbsp;</a></li>
-	<li><a href="hierarchyOperations.action">$i18n.getString( "hierarchy_operations_menu" )&nbsp;</a></li>
-</ul>
+	#if( $currentUser.isAuthorized( "F_ORGANISATIONUNIT_MOVE" ) )<li><a href="hierarchyOperations.action">$i18n.getString( "hierarchy_operations_menu" )&nbsp;</a></li>#end
+</ul>
\ No newline at end of file

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-program/src/main/webapp/dhis-web-maintenance-program/menu.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-program/src/main/webapp/dhis-web-maintenance-program/menu.vm	2014-04-14 12:42:12 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-program/src/main/webapp/dhis-web-maintenance-program/menu.vm	2015-02-13 12:51:17 +0000
@@ -1,15 +1,15 @@
 <h2>$i18n.getString( "tracked_entity" )</h2>
 <ul>
-	<li><a href="attribute.action">$i18n.getString( "tracked_entity_attribute" )</a></li>
-	<li><a href="attributeGroup.action">$i18n.getString( "tracked_entity_attribute_group" )</a></li>
-	<li><a href="relationshipType.action">$i18n.getString( "relationship_type" )</a></li>
-	<li><a href="trackedEntity.action">$i18n.getString( "tracked_entity" )</a></li>
-	<li><a href="trackedEntityForm.action">$i18n.getString( "tracked_entity_form" )</a></li>
+	#if( $security.canView( "trackedEntityAttribute" ) )<li><a href="attribute.action">$i18n.getString( "tracked_entity_attribute" )</a></li>#end
+	#if( $security.canView( "trackedEntityAttributeGroup" ) )<li><a href="attributeGroup.action">$i18n.getString( "tracked_entity_attribute_group" )</a></li>#end
+	#if( $security.canView( "relationShipType" ) )<li><a href="relationshipType.action">$i18n.getString( "relationship_type" )</a></li>#end
+	#if( $security.canView( "trackedEntity" ) )<li><a href="trackedEntity.action">$i18n.getString( "tracked_entity" )</a></li>#end
+	#if( $security.canView( "trackedEntityForm" ) )<li><a href="trackedEntityForm.action">$i18n.getString( "tracked_entity_form" )</a></li>#end
 </ul>
 
 <h2>$i18n.getString( "programs" )</h2>
 <ul>
-	<li><a href="program.action">$i18n.getString( "program" )</a></li>
+	#if( $security.canView( "program" ) )<li><a href="program.action">$i18n.getString( "program" )</a></li>#end
 	<li><a href="caseAggregation.action">$i18n.getString( "aggregation_query_builder" )</a></li>
 </ul>
 

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAppearanceSettingsAction.java'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAppearanceSettingsAction.java	2015-01-17 07:41:26 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAppearanceSettingsAction.java	2015-02-13 12:51:17 +0000
@@ -136,6 +136,13 @@
         this.localeSelect = localeSelect;
     }
     
+    private boolean requireAddToView;
+    
+    public void setRequireAddToView( boolean requireAddToView )
+    {
+        this.requireAddToView = requireAddToView;
+    }
+
     private boolean customLoginPageLogo;
     
     public void setCustomLoginPageLogo( boolean customLoginPageLogo )
@@ -180,6 +187,7 @@
         systemSettingManager.saveSystemSetting( KEY_APPLICATION_FOOTER + localeSelect, applicationFooter );
         systemSettingManager.saveSystemSetting( KEY_FLAG, flag );
         systemSettingManager.saveSystemSetting( KEY_START_MODULE, startModule );
+        systemSettingManager.saveSystemSetting( KEY_REQUIRE_ADD_TO_VIEW, requireAddToView );
         systemSettingManager.saveSystemSetting( KEY_CUSTOM_LOGIN_PAGE_LOGO, customLoginPageLogo );
         systemSettingManager.saveSystemSetting( KEY_CUSTOM_TOP_MENU_LOGO, customTopMenuLogo );
         styleManager.setSystemStyle( currentStyle );

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2015-01-14 10:06:04 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties	2015-02-13 12:51:17 +0000
@@ -127,4 +127,5 @@
 system_notifications_email_address=System notifications email address
 default_analysis_relative_period=Default relative period for analysis
 infrastructural_indicators=Infrastructural indicators
-cors_whitelist=CORS Whitelist
\ No newline at end of file
+cors_whitelist=CORS Whitelist
+require_authority_to_add_to_view_object_lists=Require authority to add to view object lists
\ No newline at end of file

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAppearanceSettings.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAppearanceSettings.vm	2014-11-07 19:36:59 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAppearanceSettings.vm	2015-02-13 12:51:17 +0000
@@ -9,6 +9,7 @@
                 currentStyle: getFieldValue( 'currentStyle' ),
 				startModule: getFieldValue( 'startModule' ),
 				flag: getFieldValue( 'flag' ),
+				requireAddToView: jQuery('#requireAddToView').is(':checked'),
 				customLoginPageLogo: $( '#customLoginPageLogo' ).is( ':checked' ),
 				customTopMenuLogo: $( '#customTopMenuLogo' ).is( ':checked' ),
 				localeSelect: getFieldValue( 'localeSelect' )
@@ -86,6 +87,11 @@
 </div>
 
 <div class="setting">
+    <input type="checkbox" id="requireAddToView" name="requireAddToView" #if( $keyRequireAddToView )checked="checked"#end>
+    <label for="requireAddToView">$i18n.getString( "require_authority_to_add_to_view_object_lists" )</label>
+</div>
+
+<div class="setting">
 	<input type="checkbox" id="customLoginPageLogo" name="customLoginPageLogo" value="true"#if( $!keyCustomLoginPageLogo ) checked="checked"#end>
 	<label for="customLoginPageLogo">$i18n.getString( "custom_login_page_logo" )</label> <span class="tipText">(88x24) - $i18n.getString( "uses_image_from" ):</span><br>
 	<span class="tipText">&lt;base url&gt;/external-static/logo_front.png</span>

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/menu.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/menu.vm	2014-12-30 14:29:14 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/webapp/dhis-web-maintenance-user/menu.vm	2015-02-13 12:51:17 +0000
@@ -1,8 +1,8 @@
 <h2>$i18n.getString( "user" )&nbsp;</h2>
 <ul>
-	<li><a href="user.action">$i18n.getString( "user_by_orgunit" )&nbsp;</a></li>
-	<li><a href="alluser.action">$i18n.getString( "user" )&nbsp;</a></li>
-	<li><a href="allRole.action" title="$i18n.getString( "user_role" )">$i18n.getString( "user_role" )&nbsp;</a></li>
+	#if( $security.canView( "user" ) )<li><a href="user.action">$i18n.getString( "user_by_orgunit" )&nbsp;</a></li>#end
+	#if( $security.canView( "user" ) )<li><a href="alluser.action">$i18n.getString( "user" )&nbsp;</a></li>#end
+	#if( $security.canView( "trackedEntityAttribute" ) )<li><a href="allRole.action" title="$i18n.getString( "user_role" )">$i18n.getString( "user_role" )&nbsp;</a></li>#end
     <li><a href="deleteCurrentUser.action" title="$i18n.getString( "delete_current_user" )">$i18n.getString( "delete_current_user" )</a></li>
-	<li><a href="getAllUserGroups.action">$i18n.getString( "user_group" )</a></li>
+	#if( $security.canView( "userGroup" ) )<li><a href="getAllUserGroups.action">$i18n.getString( "user_group" )</a></li>#end
 </ul>