=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 08:25:39 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 08:38:49 +0000 @@ -151,17 +151,17 @@ { Schema schema = schemaService.getSchema( object.getClass() ); - if ( schema == null || !schema.isShareable() ) + if ( schema == null ) { return false; } - if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() ) + if ( schema.isShareable() ) { - return canWrite( user, object ); + return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object ); } - return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object ); + return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ); } @Override @@ -169,17 +169,17 @@ { Schema schema = schemaService.getSchema( object.getClass() ); - if ( schema == null || !schema.isShareable() ) + if ( schema == null ) { return false; } - if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() ) + if ( schema.isShareable() ) { - return canWrite( user, object ); + return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object ); } - return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object ); + return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ); } @Override @@ -193,8 +193,8 @@ } if ( haveOverrideAuthority( user ) + || user.equals( object.getUser() ) || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty()) - || user.equals( object.getUser() ) || AccessStringHelper.canWrite( object.getPublicAccess() ) ) { return true; @@ -262,6 +262,6 @@ private boolean canAccess( User user, Collection requiredAuthorities ) { - return haveOverrideAuthority( user ) || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities ); + return haveOverrideAuthority( user ) || requiredAuthorities.isEmpty() || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities ); } }