=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-25 15:08:25 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserService.java 2014-12-26 12:27:14 +0000 @@ -182,7 +182,7 @@ * @param max the max number of records to return. * @return a List of users. */ - List getManagedUsers( User user, int first, int max ); + List getManagedUsersBetween( User user, int first, int max ); /** * Tests whether the current user is allowed to create a user associated === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java 2014-12-25 15:05:06 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserStore.java 2014-12-26 12:27:14 +0000 @@ -84,5 +84,5 @@ * @param max the max number of records to return. * @return a List of users. */ - List getManagedUsers( User user, int first, int max ); + List getManagedUsersBetween( User user, int first, int max ); } === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-25 15:05:06 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-26 12:27:14 +0000 @@ -210,9 +210,9 @@ } @Override - public List getManagedUsers( User user, int first, int max ) + public List getManagedUsersBetween( User user, int first, int max ) { - return userStore.getManagedUsers( user, first, max ); + return userStore.getManagedUsersBetween( user, first, max ); } @Override === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java 2014-12-25 15:05:06 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserStore.java 2014-12-26 12:27:14 +0000 @@ -131,7 +131,7 @@ @Override @SuppressWarnings("unchecked") - public List getManagedUsers( User user, int first, int max ) + public List getManagedUsersBetween( User user, int first, int max ) { Collection managedGroups = IdentifiableObjectUtils.getIdentifiers( user.getManagedGroups() ); === modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java' --- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java 2014-12-25 15:05:06 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserServiceTest.java 2014-12-26 12:27:14 +0000 @@ -224,7 +224,7 @@ assertTrue( users.contains( userC ) ); assertTrue( users.contains( userD ) ); - users = userService.getManagedUsers( userA, 0, 1 ); + users = userService.getManagedUsersBetween( userA, 0, 1 ); assertEquals( 1, users.size() ); @@ -234,6 +234,10 @@ assertTrue( users.contains( userC ) ); assertTrue( users.contains( userD ) ); + users = userService.getManagedUsersBetween( userB, 0, 1 ); + + assertEquals( 1, users.size() ); + users = userService.getManagedUsers( userC ); assertEquals( 0, users.size() ); === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java 2014-12-25 10:43:54 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java 2014-12-26 12:27:14 +0000 @@ -194,7 +194,7 @@ } else { - // Get full list when using filters other than name + // Get full list when using filters other than name / objects without persisted name if ( !filters.isEmpty() ) { === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-24 14:44:09 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-12-26 12:27:14 +0000 @@ -33,7 +33,6 @@ import java.io.InputStream; import java.util.ArrayList; import java.util.List; -import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -44,11 +43,11 @@ import org.hisp.dhis.dxf2.importsummary.ImportSummary; import org.hisp.dhis.dxf2.metadata.ImportTypeSummary; import org.hisp.dhis.importexport.ImportStrategy; -import org.hisp.dhis.node.types.RootNode; import org.hisp.dhis.schema.descriptors.UserSchemaDescriptor; import org.hisp.dhis.security.RestoreOptions; import org.hisp.dhis.security.SecurityService; import org.hisp.dhis.setting.SystemSettingManager; +import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserAuthorityGroup; import org.hisp.dhis.user.UserCredentials; @@ -60,12 +59,10 @@ import org.hisp.dhis.webapi.webdomain.WebMetaData; import org.hisp.dhis.webapi.webdomain.WebOptions; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; import com.google.common.base.Optional; import com.google.common.collect.Lists; @@ -87,6 +84,9 @@ @Autowired private UserGroupService userGroupService; + + @Autowired + private CurrentUserService currentUserService; @Autowired private SecurityService securityService; @@ -99,27 +99,10 @@ // ------------------------------------------------------------------------- @Override - @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" ) - public RootNode getObjectList( @RequestParam Map parameters, HttpServletResponse response, HttpServletRequest request ) - { - //TODO: Allow user with F_USER_VIEW_WITHIN_MANAGED_GROUP and restrict viewing to within managed groups. - - return super.getObjectList( parameters, response, request ); - } - - @Override - @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" ) - public RootNode getObject( @PathVariable( "uid" ) String uid, @RequestParam Map parameters, - HttpServletRequest request, HttpServletResponse response ) throws Exception - { - //TODO: Allow user with F_USER_VIEW_WITHIN_MANAGED_GROUP and restrict viewing to within managed groups. - - return super.getObject( uid, parameters, request, response ); - } - - @Override protected List getEntityList( WebMetaData metaData, WebOptions options, List filters ) { + User user = currentUserService.getCurrentUser(); + List entityList; if ( options.getOptions().containsKey( "query" ) ) @@ -133,11 +116,25 @@ Pager pager = new Pager( options.getPage(), count ); metaData.setPager( pager ); - entityList = new ArrayList<>( userService.getAllUsersBetween( pager.getOffset(), pager.getPageSize() ) ); + if ( options.isManage() ) + { + entityList = new ArrayList<>( userService.getManagedUsersBetween( user, pager.getOffset(), pager.getPageSize() ) ); + } + else + { + entityList = new ArrayList<>( userService.getAllUsersBetween( pager.getOffset(), pager.getPageSize() ) ); + } } else { - entityList = new ArrayList<>( userService.getAllUsers() ); + if ( options.isManage() ) + { + entityList = new ArrayList<>( userService.getManagedUsers( user ) ); + } + else + { + entityList = new ArrayList<>( userService.getAllUsers() ); + } } return entityList; === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/webdomain/WebOptions.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/webdomain/WebOptions.java 2014-06-11 20:27:54 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/webdomain/WebOptions.java 2014-12-26 12:27:14 +0000 @@ -67,7 +67,7 @@ { return stringAsInt( options.get( "page" ), 1 ); } - + public String getViewClass() { return stringAsString( options.get( "viewClass" ), null ); @@ -82,4 +82,9 @@ { return stringAsInt( options.get( "pageSize" ), Pager.DEFAULT_PAGE_SIZE ); } + + public boolean isManage() + { + return stringAsBoolean( options.get( "manage" ), false ); + } }