=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java 2014-10-01 13:56:33 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserCredentialsStore.java 2014-12-26 18:56:34 +0000 @@ -32,6 +32,7 @@ import java.util.Collection; import java.util.Date; +import java.util.List; /** * @author Lars Helge Overland @@ -98,6 +99,10 @@ */ void deleteUserCredentials( UserCredentials userCredentials ); + UserCredentials getUserCredentialsByOpenID( String openId ); + + List getUserCredentialsWithLessAuthorities( UserCredentials userCredentials ); + Collection searchUsersByName( String key ); Collection searchUsersByName( String key, int first, int max ); @@ -140,6 +145,4 @@ int getUsersByOrganisationUnitCountByName( OrganisationUnit orgUnit, String name ); Collection getUsernames( String key, Integer max ); - - UserCredentials getUserCredentialsByOpenID( String openId ); } === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-26 13:22:45 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-12-26 18:56:34 +0000 @@ -729,7 +729,7 @@ { return userCredentialsStore.getActiveUsersCount( since ); } - + @Override public void canUpdateUsersFilter( Collection users ) { === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2014-12-19 15:42:38 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/hibernate/HibernateUserCredentialsStore.java 2014-12-26 18:56:34 +0000 @@ -32,6 +32,7 @@ import java.util.Collection; import java.util.Date; import java.util.List; +import java.util.Set; import org.hibernate.Criteria; import org.hibernate.Query; @@ -72,7 +73,7 @@ { this.userService = userService; } - + // ------------------------------------------------------------------------- // UserCredentials // ------------------------------------------------------------------------- @@ -134,6 +135,25 @@ return (UserCredentials) query.uniqueResult(); } + @SuppressWarnings("unchecked") + public List getUserCredentialsWithLessAuthorities( UserCredentials userCredentials ) + { + Session session = sessionFactory.getCurrentSession(); + + Set auths = userCredentials.getAllAuthorities(); + + String hql = + "select uc from UserCredentials uc " + + "where not exists (" + + "select uc2 from UserCredentials uc2 " + + "inner join uc2.userAuthorityGroups ag " + + "inner join ag.authorities a " + + "where uc2.id = uc.id " + + "and a not in (:auths) )"; + + return session.createQuery( hql ).setParameterList( "auths", auths ).list(); + } + @Override @SuppressWarnings("unchecked") public Collection getAllUserCredentials() === added file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserCredentialsStoreTest.java' --- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserCredentialsStoreTest.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserCredentialsStoreTest.java 2014-12-26 18:56:34 +0000 @@ -0,0 +1,144 @@ +package org.hisp.dhis.user; + +/* + * Copyright (c) 2004-2014, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import java.util.List; + +import org.hisp.dhis.DhisSpringTest; +import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; + +/** + * @author Lars Helge Overland + */ +public class UserCredentialsStoreTest + extends DhisSpringTest +{ + @Autowired + private UserCredentialsStore userCredentialsStore; + + @Autowired + private UserService userService; + + private UserAuthorityGroup roleA; + private UserAuthorityGroup roleB; + private UserAuthorityGroup roleC; + + @Override + public void setUpTest() + throws Exception + { + roleA = createUserAuthorityGroup( 'A' ); + roleB = createUserAuthorityGroup( 'B' ); + roleC = createUserAuthorityGroup( 'C' ); + + roleA.getAuthorities().add( "AuthA" ); + roleA.getAuthorities().add( "AuthB" ); + roleA.getAuthorities().add( "AuthC" ); + roleA.getAuthorities().add( "AuthD" ); + + roleB.getAuthorities().add( "AuthA" ); + roleB.getAuthorities().add( "AuthB" ); + + roleC.getAuthorities().add( "AuthC" ); + + userService.addUserAuthorityGroup( roleA ); + userService.addUserAuthorityGroup( roleB ); + userService.addUserAuthorityGroup( roleC ); + } + + @Test + public void testAddGetUserCredentials() + { + User userA = createUser( 'A' ); + User userB = createUser( 'B' ); + + UserCredentials credentialsA = createUserCredentials( 'A', userA ); + UserCredentials credentialsB = createUserCredentials( 'B', userB ); + + int idA = userCredentialsStore.addUserCredentials( credentialsA ); + int idB = userCredentialsStore.addUserCredentials( credentialsB ); + + assertEquals( credentialsA, userCredentialsStore.getUserCredentials( idA ) ); + assertEquals( credentialsB, userCredentialsStore.getUserCredentials( idB ) ); + } + + @Test + public void testGetUserCredentialsWithLessAuthorities() + { + User userA = createUser( 'A' ); + User userB = createUser( 'B' ); + User userC = createUser( 'C' ); + User userD = createUser( 'D' ); + + UserCredentials credentialsA = createUserCredentials( 'A', userA ); + UserCredentials credentialsB = createUserCredentials( 'B', userB ); + UserCredentials credentialsC = createUserCredentials( 'C', userC ); + UserCredentials credentialsD = createUserCredentials( 'D', userD ); + + credentialsA.getUserAuthorityGroups().add( roleA ); + credentialsB.getUserAuthorityGroups().add( roleB ); + credentialsB.getUserAuthorityGroups().add( roleC ); + credentialsC.getUserAuthorityGroups().add( roleB ); + credentialsD.getUserAuthorityGroups().add( roleC ); + + userCredentialsStore.addUserCredentials( credentialsA ); + userCredentialsStore.addUserCredentials( credentialsB ); + userCredentialsStore.addUserCredentials( credentialsC ); + userCredentialsStore.addUserCredentials( credentialsD ); + + List userCredentials = userCredentialsStore.getUserCredentialsWithLessAuthorities( credentialsA ); + + assertEquals( 4, userCredentials.size() ); + assertTrue( userCredentials.contains( credentialsA ) ); + assertTrue( userCredentials.contains( credentialsB ) ); + assertTrue( userCredentials.contains( credentialsC ) ); + assertTrue( userCredentials.contains( credentialsD ) ); + + userCredentials = userCredentialsStore.getUserCredentialsWithLessAuthorities( credentialsB ); + + assertEquals( 3, userCredentials.size() ); + assertTrue( userCredentials.contains( credentialsB ) ); + assertTrue( userCredentials.contains( credentialsC ) ); + assertTrue( userCredentials.contains( credentialsD ) ); + + userCredentials = userCredentialsStore.getUserCredentialsWithLessAuthorities( credentialsC ); + + assertEquals( 1, userCredentials.size() ); + assertTrue( userCredentials.contains( credentialsC ) ); + + userCredentials = userCredentialsStore.getUserCredentialsWithLessAuthorities( credentialsD ); + + assertEquals( 1, userCredentials.size() ); + assertTrue( userCredentials.contains( credentialsD ) ); + } +} === modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserStoreTest.java' --- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserStoreTest.java 2014-12-26 16:55:20 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/user/UserStoreTest.java 2014-12-26 18:56:34 +0000 @@ -53,9 +53,6 @@ private UserStore userStore; @Autowired - private UserCredentialsStore userCredentialsStore; - - @Autowired private OrganisationUnitService organisationUnitService; private OrganisationUnit unit1; @@ -134,22 +131,6 @@ } @Test - public void testAddGetUserCredentials() - { - User userA = createUser( 'A' ); - User userB = createUser( 'B' ); - - UserCredentials credentialsA = createUserCredentials( 'A', userA ); - UserCredentials credentialsB = createUserCredentials( 'B', userB ); - - int idA = userCredentialsStore.addUserCredentials( credentialsA ); - int idB = userCredentialsStore.addUserCredentials( credentialsB ); - - assertEquals( credentialsA, userCredentialsStore.getUserCredentials( idA ) ); - assertEquals( credentialsB, userCredentialsStore.getUserCredentials( idB ) ); - } - - @Test public void testGetUsersWithoutOrganisationUnit() { User userA = createUser( 'A' );