dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 22001: re-use user object for acl checks in hibgenstor

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 18 Feb 2016 14:47:28 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 22001
committer: Morten Olav Hansen <morten@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2016-02-18 21:45:25 +0700
message:
  re-use user object for acl checks in hibgenstor
modified:
  dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2016-02-18 07:59:49 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java	2016-02-18 14:45:25 +0000
@@ -434,7 +434,7 @@
             }
         }
 
-        if ( !Interpretation.class.isAssignableFrom( clazz ) && !isUpdateAllowed( object ) )
+        if ( !Interpretation.class.isAssignableFrom( clazz ) && !isUpdateAllowed( object, user ) )
         {
             AuditLogUtil.infoWrapper( log, username, object, AuditLogUtil.ACTION_UPDATE_DENIED );
             throw new UpdateAccessDeniedException( object.toString() );
@@ -459,7 +459,7 @@
     {
         String username = user != null ? user.getUsername() : "system-process";
 
-        if ( !isDeleteAllowed( object ) )
+        if ( !isDeleteAllowed( object, user ) )
         {
             AuditLogUtil.infoWrapper( log, username, object, AuditLogUtil.ACTION_DELETE_DENIED );
             throw new DeleteAccessDeniedException( object.toString() );
@@ -635,69 +635,55 @@
         return Dashboard.class.isAssignableFrom( clazz );
     }
 
-    protected boolean sharingEnabled( User currentUser )
+    protected boolean sharingEnabled( User user )
     {
-        return forceAcl() || (aclService.isShareable( clazz ) && !(currentUser == null || currentUser.isSuper()));
+        return forceAcl() || (aclService.isShareable( clazz ) && !(user == null || user.isSuper()));
     }
 
     protected boolean isReadAllowed( T object )
     {
-        if ( IdentifiableObject.class.isInstance( object ) )
-        {
-            IdentifiableObject idObject = (IdentifiableObject) object;
-
-            User currentUser = currentUserService.getCurrentUser();
-
-            if ( sharingEnabled( currentUser ) )
-            {
-                return aclService.canRead( currentUser, idObject );
-            }
-        }
-
-        return true;
-    }
-
-    protected boolean isWriteAllowed( T object )
-    {
-        if ( IdentifiableObject.class.isInstance( object ) )
-        {
-            IdentifiableObject idObject = (IdentifiableObject) object;
-
-            User currentUser = currentUserService.getCurrentUser();
-
-            if ( sharingEnabled( currentUser ) )
-            {
-                return aclService.canWrite( currentUser, idObject );
-            }
-        }
-
-        return true;
-    }
-
-    protected boolean isUpdateAllowed( T object )
-    {
-        if ( IdentifiableObject.class.isInstance( object ) )
-        {
-            IdentifiableObject idObject = (IdentifiableObject) object;
-
-            if ( aclService.isShareable( clazz ) )
-            {
-                return aclService.canUpdate( currentUserService.getCurrentUser(), idObject );
-            }
-        }
-
-        return true;
-    }
-
-    protected boolean isDeleteAllowed( T object )
-    {
-        if ( IdentifiableObject.class.isInstance( object ) )
-        {
-            IdentifiableObject idObject = (IdentifiableObject) object;
-
-            if ( aclService.isShareable( clazz ) )
-            {
-                return aclService.canDelete( currentUserService.getCurrentUser(), idObject );
+        return isReadAllowed( object, currentUserService.getCurrentUser() );
+    }
+
+    protected boolean isReadAllowed( T object, User user )
+    {
+        if ( IdentifiableObject.class.isInstance( object ) )
+        {
+            IdentifiableObject idObject = (IdentifiableObject) object;
+
+            if ( sharingEnabled( user ) )
+            {
+                return aclService.canRead( user, idObject );
+            }
+        }
+
+        return true;
+    }
+
+    protected boolean isUpdateAllowed( T object, User user )
+    {
+        if ( IdentifiableObject.class.isInstance( object ) )
+        {
+            IdentifiableObject idObject = (IdentifiableObject) object;
+
+            if ( aclService.isShareable( clazz ) )
+            {
+                return aclService.canUpdate( user, idObject );
+            }
+        }
+
+        return true;
+    }
+
+    protected boolean isDeleteAllowed( T object, User user )
+    {
+        if ( IdentifiableObject.class.isInstance( object ) )
+        {
+            IdentifiableObject idObject = (IdentifiableObject) object;
+
+            if ( aclService.isShareable( clazz ) )
+            {
+                return aclService.canDelete( user, idObject );
             }
         }