=== removed directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol' === removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/Access.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/Access.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/Access.java 1970-01-01 00:00:00 +0000 @@ -1,129 +0,0 @@ -package org.hisp.dhis.accesscontrol; - -/* - * Copyright (c) 2004-2014, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -import com.fasterxml.jackson.annotation.JsonProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; -import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; -import org.hisp.dhis.common.DxfNamespaces; - -/** - * @author Morten Olav Hansen - */ -@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 ) -public class Access -{ - private boolean manage; - - private boolean externalize; - - private boolean write; - - private boolean read; - - private boolean update; - - private boolean delete; - - public Access() - { - } - - @JsonProperty - @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isManage() - { - return manage; - } - - public void setManage( boolean manage ) - { - this.manage = manage; - } - - @JsonProperty - @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isExternalize() - { - return externalize; - } - - public void setExternalize( boolean externalize ) - { - this.externalize = externalize; - } - - @JsonProperty - @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isWrite() - { - return write; - } - - public void setWrite( boolean write ) - { - this.write = write; - } - - @JsonProperty - @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isRead() - { - return read; - } - - public void setRead( boolean read ) - { - this.read = read; - } - - @JsonProperty - @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isUpdate() - { - return update; - } - - public void setUpdate( boolean update ) - { - this.update = update; - } - - @JsonProperty - @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 ) - public boolean isDelete() - { - return delete; - } - - public void setDelete( boolean delete ) - { - this.delete = delete; - } -} === removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessControlService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessControlService.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessControlService.java 1970-01-01 00:00:00 +0000 @@ -1,150 +0,0 @@ -package org.hisp.dhis.accesscontrol; - -/* - * Copyright (c) 2004-2014, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -import org.hisp.dhis.common.IdentifiableObject; -import org.hisp.dhis.user.User; - -import java.util.Arrays; -import java.util.List; - -/** - * @author Morten Olav Hansen - */ -public interface AccessControlService -{ - public static final List SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" ); - - boolean isSupported( String type ); - - boolean isSupported( Class klass ); - - /** - * Can user write to this object (create) - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Is the user for the object null? - * 3. Is the user of the object equal to current user? - * 4. Is the object public write? - * 5. Does any of the userGroupAccesses contain public write and the current user is in that group - * - * @param user User to check against - * @param object Object to check - * @return Result of test - */ - boolean canWrite( User user, IdentifiableObject object ); - - /** - * Can user read this object - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Is the user for the object null? - * 3. Is the user of the object equal to current user? - * 4. Is the object public read? - * 5. Does any of the userGroupAccesses contain public read and the current user is in that group - * - * @param user User to check against - * @param object Object to check - * @return Result of test - */ - boolean canRead( User user, IdentifiableObject object ); - - /** - * Can user update this object - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Can user write to this object? - * - * @param user User to check against - * @param object Object to check - * @return Result of test - */ - boolean canUpdate( User user, IdentifiableObject object ); - - /** - * Can user delete this object - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Can user write to this object? - * - * @param user User to check against - * @param object Object to check - * @return Result of test - */ - boolean canDelete( User user, IdentifiableObject object ); - - /** - * Can user manage (make public) this object - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Can user write to this object? - * - * @param user User to check against - * @param object Object to check - * @return Result of test - */ - boolean canManage( User user, IdentifiableObject object ); - - /** - * Checks if a user can create a public instance of a certain object. - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Does user have the authority to create public instances of that object - * - * @param user User to check against - * @param klass Class to check - * @return Result of test - */ - boolean canCreatePublic( User user, Class klass ); - - /** - * Checks if a user can create a private instance of a certain object. - *

- * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? - * 2. Does user have the authority to create private instances of that object - * - * @param user User to check against - * @param klass Class to check - * @return Result of test - */ - boolean canCreatePrivate( User user, Class klass ); - - /** - * Can user make this object external? (read with no login) - * - * @param user User to check against - * @param klass Type to check - * @return Result of test - */ - boolean canExternalize( User user, Class klass ); - - boolean defaultPublic( Class klass ); - - Class classForType( String type ); -} === removed file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessStringHelper.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessStringHelper.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/accesscontrol/AccessStringHelper.java 1970-01-01 00:00:00 +0000 @@ -1,129 +0,0 @@ -package org.hisp.dhis.accesscontrol; - -/* - * Copyright (c) 2004-2014, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/** - * Currently only the two first positions in the access string are used - rw. - * - * @author Morten Olav Hansen - */ -public class AccessStringHelper -{ - public static final String DEFAULT_ACCESS = "--------"; - - public static enum Permission - { - READ( 'r', 0 ), WRITE( 'w', 1 ); - - private char value; - - private int position; - - private Permission( char value, int position ) - { - this.value = value; - this.position = position; - } - - public char getValue() - { - return value; - } - - public int getPosition() - { - return position; - } - } - - private char[] access = DEFAULT_ACCESS.toCharArray(); - - public AccessStringHelper() - { - } - - public AccessStringHelper( char[] access ) - { - this.access = access; - } - - public AccessStringHelper( String access ) - { - this.access = access.toCharArray(); - } - - public static AccessStringHelper newInstance() - { - return new AccessStringHelper(); - } - - public static AccessStringHelper newInstance( char[] access ) - { - return new AccessStringHelper( access ); - } - - public AccessStringHelper enable( Permission permission ) - { - access[permission.getPosition()] = permission.getValue(); - - return this; - } - - public AccessStringHelper disable( Permission permission ) - { - access[permission.getPosition()] = '-'; - - return this; - } - - public String build() - { - return new String( access ); - } - - public String toString() - { - return build(); - } - - public static boolean canRead( String access ) - { - return isEnabled( access, Permission.READ ); - } - - public static boolean canWrite( String access ) - { - return isEnabled( access, Permission.WRITE ); - } - - public static boolean isEnabled( String access, Permission permission ) - { - return access != null && access.charAt( permission.getPosition() ) == permission.getValue(); - } -} === added directory 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl' === added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/Access.java 2014-03-27 04:44:41 +0000 @@ -0,0 +1,129 @@ +package org.hisp.dhis.acl; + +/* + * Copyright (c) 2004-2014, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import com.fasterxml.jackson.annotation.JsonProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; +import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; +import org.hisp.dhis.common.DxfNamespaces; + +/** + * @author Morten Olav Hansen + */ +@JacksonXmlRootElement( localName = "access", namespace = DxfNamespaces.DXF_2_0 ) +public class Access +{ + private boolean manage; + + private boolean externalize; + + private boolean write; + + private boolean read; + + private boolean update; + + private boolean delete; + + public Access() + { + } + + @JsonProperty + @JacksonXmlProperty( localName = "manage", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isManage() + { + return manage; + } + + public void setManage( boolean manage ) + { + this.manage = manage; + } + + @JsonProperty + @JacksonXmlProperty( localName = "externalize", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isExternalize() + { + return externalize; + } + + public void setExternalize( boolean externalize ) + { + this.externalize = externalize; + } + + @JsonProperty + @JacksonXmlProperty( localName = "write", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isWrite() + { + return write; + } + + public void setWrite( boolean write ) + { + this.write = write; + } + + @JsonProperty + @JacksonXmlProperty( localName = "read", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isRead() + { + return read; + } + + public void setRead( boolean read ) + { + this.read = read; + } + + @JsonProperty + @JacksonXmlProperty( localName = "update", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isUpdate() + { + return update; + } + + public void setUpdate( boolean update ) + { + this.update = update; + } + + @JsonProperty + @JacksonXmlProperty( localName = "delete", namespace = DxfNamespaces.DXF_2_0 ) + public boolean isDelete() + { + return delete; + } + + public void setDelete( boolean delete ) + { + this.delete = delete; + } +} === added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessControlService.java 2014-03-27 04:44:41 +0000 @@ -0,0 +1,150 @@ +package org.hisp.dhis.acl; + +/* + * Copyright (c) 2004-2014, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.common.IdentifiableObject; +import org.hisp.dhis.user.User; + +import java.util.Arrays; +import java.util.List; + +/** + * @author Morten Olav Hansen + */ +public interface AccessControlService +{ + public static final List SHARING_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL", "F_METADATA_IMPORT" ); + + boolean isSupported( String type ); + + boolean isSupported( Class klass ); + + /** + * Can user write to this object (create) + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Is the user for the object null? + * 3. Is the user of the object equal to current user? + * 4. Is the object public write? + * 5. Does any of the userGroupAccesses contain public write and the current user is in that group + * + * @param user User to check against + * @param object Object to check + * @return Result of test + */ + boolean canWrite( User user, IdentifiableObject object ); + + /** + * Can user read this object + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Is the user for the object null? + * 3. Is the user of the object equal to current user? + * 4. Is the object public read? + * 5. Does any of the userGroupAccesses contain public read and the current user is in that group + * + * @param user User to check against + * @param object Object to check + * @return Result of test + */ + boolean canRead( User user, IdentifiableObject object ); + + /** + * Can user update this object + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Can user write to this object? + * + * @param user User to check against + * @param object Object to check + * @return Result of test + */ + boolean canUpdate( User user, IdentifiableObject object ); + + /** + * Can user delete this object + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Can user write to this object? + * + * @param user User to check against + * @param object Object to check + * @return Result of test + */ + boolean canDelete( User user, IdentifiableObject object ); + + /** + * Can user manage (make public) this object + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Can user write to this object? + * + * @param user User to check against + * @param object Object to check + * @return Result of test + */ + boolean canManage( User user, IdentifiableObject object ); + + /** + * Checks if a user can create a public instance of a certain object. + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Does user have the authority to create public instances of that object + * + * @param user User to check against + * @param klass Class to check + * @return Result of test + */ + boolean canCreatePublic( User user, Class klass ); + + /** + * Checks if a user can create a private instance of a certain object. + *

+ * 1. Does user have SHARING_OVERRIDE_AUTHORITY authority? + * 2. Does user have the authority to create private instances of that object + * + * @param user User to check against + * @param klass Class to check + * @return Result of test + */ + boolean canCreatePrivate( User user, Class klass ); + + /** + * Can user make this object external? (read with no login) + * + * @param user User to check against + * @param klass Type to check + * @return Result of test + */ + boolean canExternalize( User user, Class klass ); + + boolean defaultPublic( Class klass ); + + Class classForType( String type ); +} === added file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AccessStringHelper.java 2014-03-27 04:44:41 +0000 @@ -0,0 +1,129 @@ +package org.hisp.dhis.acl; + +/* + * Copyright (c) 2004-2014, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * Currently only the two first positions in the access string are used - rw. + * + * @author Morten Olav Hansen + */ +public class AccessStringHelper +{ + public static final String DEFAULT_ACCESS = "--------"; + + public static enum Permission + { + READ( 'r', 0 ), WRITE( 'w', 1 ); + + private char value; + + private int position; + + private Permission( char value, int position ) + { + this.value = value; + this.position = position; + } + + public char getValue() + { + return value; + } + + public int getPosition() + { + return position; + } + } + + private char[] access = DEFAULT_ACCESS.toCharArray(); + + public AccessStringHelper() + { + } + + public AccessStringHelper( char[] access ) + { + this.access = access; + } + + public AccessStringHelper( String access ) + { + this.access = access.toCharArray(); + } + + public static AccessStringHelper newInstance() + { + return new AccessStringHelper(); + } + + public static AccessStringHelper newInstance( char[] access ) + { + return new AccessStringHelper( access ); + } + + public AccessStringHelper enable( Permission permission ) + { + access[permission.getPosition()] = permission.getValue(); + + return this; + } + + public AccessStringHelper disable( Permission permission ) + { + access[permission.getPosition()] = '-'; + + return this; + } + + public String build() + { + return new String( access ); + } + + public String toString() + { + return build(); + } + + public static boolean canRead( String access ) + { + return isEnabled( access, Permission.READ ); + } + + public static boolean canWrite( String access ) + { + return isEnabled( access, Permission.WRITE ); + } + + public static boolean isEnabled( String access, Permission permission ) + { + return access != null && access.charAt( permission.getPosition() ) == permission.getValue(); + } +} === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/BaseIdentifiableObject.java 2014-03-27 04:44:41 +0000 @@ -40,7 +40,7 @@ import org.hisp.dhis.common.view.SharingBasicView; import org.hisp.dhis.common.view.SharingDetailedView; import org.hisp.dhis.common.view.SharingExportView; -import org.hisp.dhis.accesscontrol.Access; +import org.hisp.dhis.acl.Access; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserGroupAccess; === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObject.java 2014-03-27 04:44:41 +0000 @@ -28,7 +28,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import org.hisp.dhis.accesscontrol.Access; +import org.hisp.dhis.acl.Access; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserGroupAccess; === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/interpretation/Interpretation.java 2014-03-27 04:44:41 +0000 @@ -35,7 +35,7 @@ import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlProperty; import com.fasterxml.jackson.dataformat.xml.annotation.JacksonXmlRootElement; import org.hisp.dhis.chart.Chart; -import org.hisp.dhis.accesscontrol.AccessStringHelper; +import org.hisp.dhis.acl.AccessStringHelper; import org.hisp.dhis.common.BaseIdentifiableObject; import org.hisp.dhis.common.DxfNamespaces; import org.hisp.dhis.common.IdentifiableObject; === modified file 'dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java' --- dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AccessStringHelperTest.java 2014-03-27 04:44:41 +0000 @@ -28,7 +28,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import org.hisp.dhis.accesscontrol.AccessStringHelper; +import org.hisp.dhis.acl.AccessStringHelper; import org.junit.Assert; import org.junit.Test; === modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java' --- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/dimension/DefaultDimensionService.java 2014-03-27 04:44:41 +0000 @@ -56,7 +56,7 @@ import org.hisp.dhis.period.PeriodType; import org.hisp.dhis.period.RelativePeriodEnum; import org.hisp.dhis.period.RelativePeriods; -import org.hisp.dhis.accesscontrol.AccessControlService; +import org.hisp.dhis.acl.AccessControlService; import org.hisp.dhis.system.util.UniqueArrayList; import org.hisp.dhis.trackedentity.TrackedEntityAttribute; import org.hisp.dhis.trackedentity.TrackedEntityAttributeDimension; === removed directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/accesscontrol' === removed file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/accesscontrol/DefaultAccessControlService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/accesscontrol/DefaultAccessControlService.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/accesscontrol/DefaultAccessControlService.java 1970-01-01 00:00:00 +0000 @@ -1,279 +0,0 @@ -package org.hisp.dhis.accesscontrol; - -/* - * Copyright (c) 2004-2014, University of Oslo - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * Neither the name of the HISP project nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE - * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR - * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES - * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON - * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -import org.hisp.dhis.common.IdentifiableObject; -import org.hisp.dhis.dashboard.Dashboard; -import org.hisp.dhis.schema.AuthorityType; -import org.hisp.dhis.schema.Schema; -import org.hisp.dhis.schema.SchemaService; -import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserGroup; -import org.hisp.dhis.user.UserGroupAccess; -import org.springframework.beans.factory.annotation.Autowired; - -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; - -import static org.springframework.util.CollectionUtils.containsAny; - -/** - * @author Morten Olav Hansen - */ -public class DefaultAccessControlService implements AccessControlService -{ - @Autowired - private SchemaService schemaService; - - @Override - public boolean isSupported( String type ) - { - Schema schema = schemaService.getSchemaBySingularName( type ); - return schema != null && schema.isShareable(); - } - - @Override - public boolean isSupported( Class klass ) - { - Schema schema = schemaService.getSchema( klass ); - return schema != null && schema.isShareable(); - } - - @Override - public boolean canWrite( User user, IdentifiableObject object ) - { - Schema schema = schemaService.getSchema( object.getClass() ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import - if ( haveOverrideAuthority( user ) - || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty()) - || (user != null && user.equals( object.getUser() )) - //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) ) - || ((object instanceof User) && canCreatePrivate( user, object.getClass() )) - || AccessStringHelper.canWrite( object.getPublicAccess() ) ) - { - return true; - } - - for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) - { - if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() ) - && userGroupAccess.getUserGroup().getMembers().contains( user ) ) - { - return true; - } - } - - return false; - } - - @Override - public boolean canRead( User user, IdentifiableObject object ) - { - Schema schema = schemaService.getSchema( object.getClass() ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - if ( haveOverrideAuthority( user ) - || UserGroup.class.isAssignableFrom( object.getClass() ) - || object.getUser() == null - || user.equals( object.getUser() ) - || AccessStringHelper.canRead( object.getPublicAccess() ) ) - { - return true; - } - - for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) - { - if ( AccessStringHelper.canRead( userGroupAccess.getAccess() ) - && userGroupAccess.getUserGroup().getMembers().contains( user ) ) - { - return true; - } - } - - return false; - } - - @Override - public boolean canUpdate( User user, IdentifiableObject object ) - { - Schema schema = schemaService.getSchema( object.getClass() ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() ) - { - return canWrite( user, object ); - } - - Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); - - return canAccess( authorities, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object ); - } - - @Override - public boolean canDelete( User user, IdentifiableObject object ) - { - Schema schema = schemaService.getSchema( object.getClass() ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() ) - { - return canWrite( user, object ); - } - - Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); - - return canAccess( authorities, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object ); - } - - private boolean canAccess( Collection userAuthorities, Collection requiredAuthorities ) - { - return containsAny( userAuthorities, SHARING_OVERRIDE_AUTHORITIES ) || - containsAny( userAuthorities, requiredAuthorities ); - } - - @Override - public boolean canManage( User user, IdentifiableObject object ) - { - Schema schema = schemaService.getSchema( object.getClass() ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - if ( haveOverrideAuthority( user ) - || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty()) - || user.equals( object.getUser() ) - || AccessStringHelper.canWrite( object.getPublicAccess() ) ) - { - return true; - } - - for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) - { - if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() ) - && userGroupAccess.getUserGroup().getMembers().contains( user ) ) - { - return true; - } - } - - return false; - } - - @Override - public boolean canCreatePublic( User user, Class klass ) - { - Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); - - Schema schema = schemaService.getSchema( klass ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) ); - } - - @Override - public boolean canCreatePrivate( User user, Class klass ) - { - Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); - - Schema schema = schemaService.getSchema( klass ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) ); - } - - @Override - public boolean canExternalize( User user, Class klass ) - { - Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); - - Schema schema = schemaService.getSchema( klass ); - - if ( schema == null || !schema.isShareable() ) - { - return false; - } - - return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ); - } - - @Override - public boolean defaultPublic( Class klass ) - { - // TODO this is quite nasty, should probably be added to schema - return !Dashboard.class.isAssignableFrom( klass ); - } - - @Override - @SuppressWarnings( "unchecked" ) - public Class classForType( String type ) - { - Schema schema = schemaService.getSchemaBySingularName( type ); - - if ( schema != null && schema.isShareable() && schema.isIdentifiableObject() ) - { - return (Class) schema.getKlass(); - } - - return null; - } - - private boolean haveOverrideAuthority( User user ) - { - return user == null || containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES ); - } -} === added directory 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl' === added file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAccessControlService.java 2014-03-27 04:44:41 +0000 @@ -0,0 +1,279 @@ +package org.hisp.dhis.acl; + +/* + * Copyright (c) 2004-2014, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import org.hisp.dhis.common.IdentifiableObject; +import org.hisp.dhis.dashboard.Dashboard; +import org.hisp.dhis.schema.AuthorityType; +import org.hisp.dhis.schema.Schema; +import org.hisp.dhis.schema.SchemaService; +import org.hisp.dhis.user.User; +import org.hisp.dhis.user.UserGroup; +import org.hisp.dhis.user.UserGroupAccess; +import org.springframework.beans.factory.annotation.Autowired; + +import java.util.Collection; +import java.util.HashSet; +import java.util.Set; + +import static org.springframework.util.CollectionUtils.containsAny; + +/** + * @author Morten Olav Hansen + */ +public class DefaultAccessControlService implements AccessControlService +{ + @Autowired + private SchemaService schemaService; + + @Override + public boolean isSupported( String type ) + { + Schema schema = schemaService.getSchemaBySingularName( type ); + return schema != null && schema.isShareable(); + } + + @Override + public boolean isSupported( Class klass ) + { + Schema schema = schemaService.getSchema( klass ); + return schema != null && schema.isShareable(); + } + + @Override + public boolean canWrite( User user, IdentifiableObject object ) + { + Schema schema = schemaService.getSchema( object.getClass() ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + //TODO ( (object instanceof User) && canCreatePrivate( user, object ) ): review possible security breaches and best way to give update access upon user import + if ( haveOverrideAuthority( user ) + || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty()) + || (user != null && user.equals( object.getUser() )) + //|| authorities.contains( PRIVATE_AUTHORITIES.get( object.getClass() ) ) + || ((object instanceof User) && canCreatePrivate( user, object.getClass() )) + || AccessStringHelper.canWrite( object.getPublicAccess() ) ) + { + return true; + } + + for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) + { + if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() ) + && userGroupAccess.getUserGroup().getMembers().contains( user ) ) + { + return true; + } + } + + return false; + } + + @Override + public boolean canRead( User user, IdentifiableObject object ) + { + Schema schema = schemaService.getSchema( object.getClass() ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + if ( haveOverrideAuthority( user ) + || UserGroup.class.isAssignableFrom( object.getClass() ) + || object.getUser() == null + || user.equals( object.getUser() ) + || AccessStringHelper.canRead( object.getPublicAccess() ) ) + { + return true; + } + + for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) + { + if ( AccessStringHelper.canRead( userGroupAccess.getAccess() ) + && userGroupAccess.getUserGroup().getMembers().contains( user ) ) + { + return true; + } + } + + return false; + } + + @Override + public boolean canUpdate( User user, IdentifiableObject object ) + { + Schema schema = schemaService.getSchema( object.getClass() ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() ) + { + return canWrite( user, object ); + } + + Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); + + return canAccess( authorities, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object ); + } + + @Override + public boolean canDelete( User user, IdentifiableObject object ) + { + Schema schema = schemaService.getSchema( object.getClass() ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() ) + { + return canWrite( user, object ); + } + + Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); + + return canAccess( authorities, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object ); + } + + private boolean canAccess( Collection userAuthorities, Collection requiredAuthorities ) + { + return containsAny( userAuthorities, SHARING_OVERRIDE_AUTHORITIES ) || + containsAny( userAuthorities, requiredAuthorities ); + } + + @Override + public boolean canManage( User user, IdentifiableObject object ) + { + Schema schema = schemaService.getSchema( object.getClass() ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + if ( haveOverrideAuthority( user ) + || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty()) + || user.equals( object.getUser() ) + || AccessStringHelper.canWrite( object.getPublicAccess() ) ) + { + return true; + } + + for ( UserGroupAccess userGroupAccess : object.getUserGroupAccesses() ) + { + if ( AccessStringHelper.canWrite( userGroupAccess.getAccess() ) + && userGroupAccess.getUserGroup().getMembers().contains( user ) ) + { + return true; + } + } + + return false; + } + + @Override + public boolean canCreatePublic( User user, Class klass ) + { + Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); + + Schema schema = schemaService.getSchema( klass ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PUBLIC ) ); + } + + @Override + public boolean canCreatePrivate( User user, Class klass ) + { + Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); + + Schema schema = schemaService.getSchema( klass ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ) ); + } + + @Override + public boolean canExternalize( User user, Class klass ) + { + Set authorities = user != null ? user.getUserCredentials().getAllAuthorities() : new HashSet(); + + Schema schema = schemaService.getSchema( klass ); + + if ( schema == null || !schema.isShareable() ) + { + return false; + } + + return containsAny( authorities, SHARING_OVERRIDE_AUTHORITIES ) || containsAny( authorities, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ); + } + + @Override + public boolean defaultPublic( Class klass ) + { + // TODO this is quite nasty, should probably be added to schema + return !Dashboard.class.isAssignableFrom( klass ); + } + + @Override + @SuppressWarnings( "unchecked" ) + public Class classForType( String type ) + { + Schema schema = schemaService.getSchemaBySingularName( type ); + + if ( schema != null && schema.isShareable() && schema.isIdentifiableObject() ) + { + return (Class) schema.getKlass(); + } + + return null; + } + + private boolean haveOverrideAuthority( User user ) + { + return user == null || containsAny( user.getUserCredentials().getAllAuthorities(), SHARING_OVERRIDE_AUTHORITIES ); + } +} === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-03-27 04:44:41 +0000 @@ -35,7 +35,7 @@ import org.hisp.dhis.message.MessageSender; import org.hisp.dhis.period.Cal; import org.hisp.dhis.setting.SystemSettingManager; -import org.hisp.dhis.accesscontrol.AccessControlService; +import org.hisp.dhis.acl.AccessControlService; import org.hisp.dhis.system.util.ValidationUtils; import org.hisp.dhis.system.velocity.VelocityManager; import org.hisp.dhis.user.CurrentUserService; === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-27 04:40:40 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2014-03-27 04:44:41 +0000 @@ -11,7 +11,7 @@ - + === modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java' --- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-03-27 04:44:41 +0000 @@ -55,7 +55,7 @@ import org.hisp.dhis.period.Period; import org.hisp.dhis.period.PeriodService; import org.hisp.dhis.period.PeriodType; -import org.hisp.dhis.accesscontrol.AccessControlService; +import org.hisp.dhis.acl.AccessControlService; import org.hisp.dhis.system.util.CollectionUtils; import org.hisp.dhis.system.util.ReflectionUtils; import org.hisp.dhis.system.util.functional.Function1; === modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 04:44:41 +0000 @@ -46,8 +46,8 @@ import org.hisp.dhis.hibernate.exception.ReadAccessDeniedException; import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException; import org.hisp.dhis.interpretation.Interpretation; -import org.hisp.dhis.accesscontrol.AccessControlService; -import org.hisp.dhis.accesscontrol.AccessStringHelper; +import org.hisp.dhis.acl.AccessControlService; +import org.hisp.dhis.acl.AccessStringHelper; import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.UserGroupAccess; import org.springframework.beans.factory.annotation.Autowired; === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 04:44:41 +0000 @@ -51,8 +51,8 @@ import org.hisp.dhis.dxf2.utils.JacksonUtils; import org.hisp.dhis.schema.Schema; import org.hisp.dhis.schema.SchemaService; -import org.hisp.dhis.accesscontrol.Access; -import org.hisp.dhis.accesscontrol.AccessControlService; +import org.hisp.dhis.acl.Access; +import org.hisp.dhis.acl.AccessControlService; import org.hisp.dhis.system.util.ReflectionUtils; import org.hisp.dhis.user.CurrentUserService; import org.springframework.beans.factory.annotation.Autowired; === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SharingController.java 2014-03-27 04:44:41 +0000 @@ -38,8 +38,8 @@ import org.hisp.dhis.common.IdentifiableObject; import org.hisp.dhis.common.IdentifiableObjectManager; import org.hisp.dhis.dxf2.utils.JacksonUtils; -import org.hisp.dhis.accesscontrol.AccessControlService; -import org.hisp.dhis.accesscontrol.AccessStringHelper; +import org.hisp.dhis.acl.AccessControlService; +import org.hisp.dhis.acl.AccessStringHelper; import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.UserGroup; import org.hisp.dhis.user.UserGroupAccess; === modified file 'dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java' --- dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java 2014-03-27 04:40:10 +0000 +++ dhis-2/dhis-web/dhis-web-dataentry/src/main/java/org/hisp/dhis/de/action/GetMetaDataAction.java 2014-03-27 04:44:41 +0000 @@ -44,7 +44,7 @@ import org.hisp.dhis.indicator.IndicatorService; import org.hisp.dhis.organisationunit.OrganisationUnitDataSetAssociationSet; import org.hisp.dhis.organisationunit.OrganisationUnitService; -import org.hisp.dhis.accesscontrol.AccessControlService; +import org.hisp.dhis.acl.AccessControlService; import org.hisp.dhis.user.CurrentUserService; import org.hisp.dhis.user.User; import org.springframework.beans.factory.annotation.Autowired;