=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2011-05-30 18:34:15 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/User.java 2011-06-11 08:15:29 +0000 @@ -63,6 +63,8 @@ private String phoneNumber; + private UserCredentials userCredentials; + /** * All OrgUnits where the user could belong * @@ -227,6 +229,16 @@ this.phoneNumber = phoneNumber; } + public UserCredentials getUserCredentials() + { + return userCredentials; + } + + public void setUserCredentials( UserCredentials userCredentials ) + { + this.userCredentials = userCredentials; + } + public Collection getOrganisationUnits() { return organisationUnits; === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2010-04-21 19:45:12 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserAuthorityGroup.java 2011-06-11 08:15:29 +0000 @@ -38,7 +38,8 @@ */ public class UserAuthorityGroup { - + public static final String AUTHORITY_ALL = "ALL"; + private int id; /** === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-05-05 21:14:56 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentials.java 2011-06-11 08:15:29 +0000 @@ -61,6 +61,48 @@ private String password; private Set userAuthorityGroups = new HashSet(); + + // ------------------------------------------------------------------------- + // Logic + // ------------------------------------------------------------------------- + + /** + * Returns a set of the aggregated authorities for all user authority groups + * of this user credentials. + */ + public Set getAllAuthorities() + { + Set authorities = new HashSet(); + + for ( UserAuthorityGroup group : userAuthorityGroups ) + { + authorities.addAll( group.getAuthorities() ); + } + + return authorities; + } + + /** + * Indicates whether this user credentials can issue the given user authority + * group. First the given authority group must not be null. Second this + * user credentials must not contain the given authority group. Third + * the authority group must be a subset of the aggregated user authorities + * of this user credentials, or this user credentials must have the ALL + * authority. + * + * @param group the user authority group. + */ + public boolean canIssue( UserAuthorityGroup group ) + { + if ( group == null || userAuthorityGroups.contains( group ) ) + { + return false; + } + + final Set authorities = getAllAuthorities(); + + return ( authorities.contains( UserAuthorityGroup.AUTHORITY_ALL ) || authorities.containsAll( group.getAuthorities() ) ); + } // ------------------------------------------------------------------------- // hashCode and equals === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml 2011-05-28 21:25:46 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/org/hisp/dhis/user/hibernate/User.hbm.xml 2011-06-11 08:15:29 +0000 @@ -20,6 +20,8 @@ + + === added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java' --- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/filter/UserAuthorityGroupSubsetFilter.java 2011-06-11 08:15:29 +0000 @@ -0,0 +1,60 @@ +package org.hisp.dhis.system.filter; + +/* + * Copyright (c) 2004-2010, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.system.util.Filter; +import org.hisp.dhis.user.User; +import org.hisp.dhis.user.UserAuthorityGroup; +import org.hisp.dhis.user.UserCredentials; + +/** + * @author Lars Helge Overland + */ +public class UserAuthorityGroupSubsetFilter + implements Filter +{ + private UserCredentials userCredentials; + + protected UserAuthorityGroupSubsetFilter() + { + } + + public UserAuthorityGroupSubsetFilter( User user ) + { + if ( user != null && user.getUserCredentials() != null ) + { + this.userCredentials = user.getUserCredentials(); + } + } + + @Override + public boolean retain( UserAuthorityGroup group ) + { + return userCredentials != null && userCredentials.canIssue( group ); + } +} \ No newline at end of file === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2011-05-30 18:34:15 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2011-06-11 08:15:29 +0000 @@ -35,6 +35,7 @@ import org.hisp.dhis.oust.manager.SelectionTreeManager; import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager; import org.hisp.dhis.security.PasswordManager; +import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserAuthorityGroup; import org.hisp.dhis.user.UserCredentials; @@ -81,6 +82,13 @@ this.passwordManager = passwordManager; } + private CurrentUserService currentUserService; + + public void setCurrentUserService( CurrentUserService currentUserService ) + { + this.currentUserService = currentUserService; + } + // ------------------------------------------------------------------------- // Input // ------------------------------------------------------------------------- @@ -153,6 +161,8 @@ public String execute() throws Exception { + UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null; + // --------------------------------------------------------------------- // Prepare values // --------------------------------------------------------------------- @@ -185,8 +195,14 @@ for ( String id : selectedList ) { UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) ); - userCredentials.getUserAuthorityGroups().add( group ); + + if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) ) + { + userCredentials.getUserAuthorityGroups().add( group ); + } } + + user.setUserCredentials( userCredentials ); userService.addUser( user ); userService.addUserCredentials( userCredentials ); === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2010-12-30 09:13:41 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/SetupTreeAction.java 2011-06-11 08:15:29 +0000 @@ -34,6 +34,9 @@ import org.hisp.dhis.organisationunit.OrganisationUnitGroup; import org.hisp.dhis.oust.manager.SelectionTreeManager; import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager; +import org.hisp.dhis.system.filter.UserAuthorityGroupSubsetFilter; +import org.hisp.dhis.system.util.FilterUtils; +import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserAuthorityGroup; import org.hisp.dhis.user.UserCredentials; @@ -73,6 +76,13 @@ this.userService = userService; } + private CurrentUserService currentUserService; + + public void setCurrentUserService( CurrentUserService currentUserService ) + { + this.currentUserService = currentUserService; + } + // ------------------------------------------------------------------------- // Input // ------------------------------------------------------------------------- @@ -115,10 +125,11 @@ public String execute() throws Exception - { - + { userAuthorityGroups = new ArrayList( userService.getAllUserAuthorityGroups() ); + FilterUtils.filter( userAuthorityGroups, new UserAuthorityGroupSubsetFilter( currentUserService.getCurrentUser() ) ); + if ( id != null ) { User user = userService.getUser( id ); === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2011-05-30 18:34:15 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2011-06-11 08:15:29 +0000 @@ -36,6 +36,7 @@ import org.hisp.dhis.oust.manager.SelectionTreeManager; import org.hisp.dhis.ouwt.manager.OrganisationUnitSelectionManager; import org.hisp.dhis.security.PasswordManager; +import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserAuthorityGroup; import org.hisp.dhis.user.UserCredentials; @@ -81,7 +82,14 @@ { this.selectionManager = selectionManager; } - + + private CurrentUserService currentUserService; + + public void setCurrentUserService( CurrentUserService currentUserService ) + { + this.currentUserService = currentUserService; + } + // ------------------------------------------------------------------------- // Input // ------------------------------------------------------------------------- @@ -142,6 +150,8 @@ public String execute() throws Exception { + UserCredentials currentUserCredentials = currentUserService.getCurrentUser() != null ? currentUserService.getCurrentUser().getUserCredentials() : null; + // --------------------------------------------------------------------- // Prepare values // --------------------------------------------------------------------- @@ -177,7 +187,12 @@ for ( String id : selectedList ) { - authorityGroups.add( userService.getUserAuthorityGroup( Integer.parseInt( id ) ) ); + UserAuthorityGroup group = userService.getUserAuthorityGroup( Integer.parseInt( id ) ); + + if ( currentUserCredentials != null && currentUserCredentials.canIssue( group ) ) + { + authorityGroups.add( group ); + } } if ( rawPassword != null ) === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-05-27 08:48:57 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/META-INF/dhis/beans.xml 2011-06-11 08:15:29 +0000 @@ -23,6 +23,9 @@ + + + + + + + + + /main.vm /dhis-web-maintenance-user/user.vm /dhis-web-maintenance-user/orgunitMenu.vm - + ../dhis-web-commons/ouwt/ouwt.js,javascript/user.js,javascript/filterTable.js ../dhis-web-commons/paging/paging.css