dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #41412
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21099: put back r. 21092 after fixing test failures in service-dxf2
------------------------------------------------------------
revno: 21099
committer: Abyot Asalefew Gizaw <abyota@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2015-11-17 20:46:11 +0100
message:
put back r. 21092 after fixing test failures in service-dxf2
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java
dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2015-11-17 17:01:46 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2015-11-17 19:46:11 +0000
@@ -34,6 +34,7 @@
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlElementWrapper;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty;
import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement;
+
import org.hisp.dhis.common.BaseIdentifiableObject;
import org.hisp.dhis.common.DimensionType;
import org.hisp.dhis.common.DimensionalObject;
@@ -47,6 +48,7 @@
import org.hisp.dhis.dataelement.CategoryOptionGroupSet;
import org.hisp.dhis.dataelement.DataElementCategory;
import org.hisp.dhis.dataset.DataSet;
+import org.hisp.dhis.program.Program;
import org.hisp.dhis.schema.PropertyType;
import org.hisp.dhis.schema.annotation.Property;
import org.hisp.dhis.schema.annotation.PropertyRange;
@@ -272,6 +274,22 @@
return dataSets;
}
+
+ /**
+ * Returns a set of the programs for all user authority groups
+ * of this user credentials.
+ */
+ public Set<Program> getAllPrograms()
+ {
+ Set<Program> programs = new HashSet<>();
+
+ for ( UserAuthorityGroup group : userAuthorityGroups )
+ {
+ programs.addAll( group.getPrograms() );
+ }
+
+ return programs;
+ }
/**
* Indicates whether this user credentials can issue the given user authority
=== modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java'
--- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java 2015-11-17 17:01:46 +0000
+++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/events/event/AbstractEventService.java 2015-11-17 19:46:11 +0000
@@ -85,6 +85,7 @@
import org.hisp.dhis.trackedentitydatavalue.TrackedEntityDataValueService;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
+import org.hisp.dhis.user.UserCredentials;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
@@ -504,6 +505,8 @@
OrganisationUnitSelectionMode orgUnitSelectionMode, String trackedEntityInstance, Date startDate, Date endDate,
EventStatus status, Date lastUpdated, DataElementCategoryOptionCombo attributeCoc, IdSchemes idSchemes, Integer page, Integer pageSize, boolean totalPages, boolean skipPaging, boolean includeAttributes )
{
+ UserCredentials userCredentials = currentUserService.getCurrentUser().getUserCredentials();
+
EventSearchParams params = new EventSearchParams();
Program pr = programService.getProgram( program );
@@ -526,6 +529,24 @@
{
throw new IllegalQueryException( "Org unit is specified but does not exist: " + orgUnit );
}
+
+ if( ou != null && !organisationUnitService.isInUserHierarchy( ou ) )
+ {
+ if( !userCredentials.isSuper() && !userCredentials.isAuthorized( "F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS" ) )
+ {
+ throw new IllegalQueryException( "User has no access to organisation unit: " + ou.getUid() );
+ }
+ }
+
+ if( pr == null && !userCredentials.isSuper() && userCredentials.getAllPrograms().size() == 0 )
+ {
+ throw new IllegalQueryException( "User has no access to programs");
+ }
+
+ if( pr != null && userCredentials.getAllPrograms().contains( pr ) )
+ {
+ throw new IllegalQueryException( "User has no access to program: " + pr.getUid() );
+ }
TrackedEntityInstance tei = entityInstanceService.getTrackedEntityInstance( trackedEntityInstance );
@@ -864,12 +885,31 @@
event.setDueDate( DateUtils.getLongDateString( programStageInstance.getDueDate() ) );
event.setStoredBy( programStageInstance.getCompletedUser() );
- if ( programStageInstance.getOrganisationUnit() != null )
+ UserCredentials userCredentials = currentUserService.getCurrentUser().getUserCredentials();
+
+ OrganisationUnit ou = programStageInstance.getOrganisationUnit();
+
+ if ( ou != null )
+ {
+ if( !organisationUnitService.isInUserHierarchy( ou ) )
+ {
+ if( !userCredentials.isSuper() && !userCredentials.isAuthorized( "F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS" ) )
+ {
+ throw new IllegalQueryException( "User has no access to organisation unit: " + ou.getUid() );
+ }
+ }
+
+ event.setOrgUnit( ou.getUid() );
+ }
+
+ Program program = programStageInstance.getProgramInstance().getProgram();
+
+ if( !userCredentials.isSuper() && !userCredentials.getAllPrograms().contains( program ) )
{
- event.setOrgUnit( programStageInstance.getOrganisationUnit().getUid() );
+ throw new IllegalQueryException( "User has no access to program: " + program.getUid() );
}
-
- event.setProgram( programStageInstance.getProgramInstance().getProgram().getUid() );
+
+ event.setProgram( program.getUid() );
event.setEnrollment( programStageInstance.getProgramInstance().getUid() );
event.setProgramStage( programStageInstance.getProgramStage().getUid() );
@@ -1278,5 +1318,5 @@
private DataElement getDataElement( String dataElementId )
{
return dataElementCache.get( dataElementId, new IdentifiableObjectCallable<>( manager, DataElement.class, dataElementId ) );
- }
+ }
}
