=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 2015-01-17 07:41:26 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 2015-03-16 13:12:20 +0000 @@ -31,16 +31,11 @@ import org.hisp.dhis.common.IdentifiableObject; import org.hisp.dhis.user.User; -import java.util.Arrays; -import java.util.List; - /** * @author Morten Olav Hansen */ public interface AclService { - public static final List ACL_OVERRIDE_AUTHORITIES = Arrays.asList( "ALL" ); - /** * Is type supported for acl? * === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2015-01-17 07:41:26 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2015-03-16 13:12:20 +0000 @@ -280,7 +280,7 @@ private boolean haveOverrideAuthority( User user ) { - return user == null || haveAuthority( user, ACL_OVERRIDE_AUTHORITIES ); + return user == null || user.isSuper(); } private boolean canAccess( User user, Collection requiredAuthorities ) === modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2015-02-18 13:08:37 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2015-03-16 13:12:20 +0000 @@ -28,7 +28,9 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import com.google.common.collect.Lists; +import java.util.ArrayList; +import java.util.List; + import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.hibernate.Criteria; @@ -62,10 +64,8 @@ import org.springframework.beans.factory.annotation.Required; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.util.Assert; -import org.springframework.util.CollectionUtils; -import java.util.ArrayList; -import java.util.List; +import com.google.common.collect.Lists; /** * @author Lars Helge Overland @@ -186,14 +186,16 @@ public final Criteria getSharingCriteria() { - return getSharingCriteria( currentUserService.getCurrentUser(), "r%" ); + return getSharingCriteria( "r%" ); } - protected final Criteria getSharingCriteria( User user, String access ) + private final Criteria getSharingCriteria( String access ) { Criteria criteria = sessionFactory.getCurrentSession().createCriteria( getClazz(), "c" ).setCacheable( cacheable ); - if ( !sharingEnabled() || user == null ) + User user = currentUserService.getCurrentUser(); + + if ( !sharingEnabled( user ) || user == null ) { return criteria; } @@ -358,8 +360,8 @@ private boolean checkPublicAccess( User user, IdentifiableObject identifiableObject ) { return aclService.canCreatePublic( user, identifiableObject.getClass() ) || - (aclService.canCreatePrivate( user, identifiableObject.getClass() ) && - !AccessStringHelper.canReadOrWrite( identifiableObject.getPublicAccess() )); + ( aclService.canCreatePrivate( user, identifiableObject.getClass() ) && + !AccessStringHelper.canReadOrWrite( identifiableObject.getPublicAccess() ) ); } @Override @@ -535,10 +537,9 @@ return Dashboard.class.isAssignableFrom( clazz ); } - protected boolean sharingEnabled() + protected boolean sharingEnabled( User currentUser ) { - return forceAcl() || (aclService.isShareable( clazz ) && !(currentUserService.getCurrentUser() == null || - CollectionUtils.containsAny( currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities(), AclService.ACL_OVERRIDE_AUTHORITIES ))); + return forceAcl() || ( aclService.isShareable( clazz ) && !( currentUser == null || currentUser.isSuper() ) ); } protected boolean isReadAllowed( T object ) @@ -547,9 +548,11 @@ { IdentifiableObject idObject = (IdentifiableObject) object; - if ( sharingEnabled() ) + User currentUser = currentUserService.getCurrentUser(); + + if ( sharingEnabled( currentUser ) ) { - return aclService.canRead( currentUserService.getCurrentUser(), idObject ); + return aclService.canRead( currentUser, idObject ); } } @@ -562,9 +565,11 @@ { IdentifiableObject idObject = (IdentifiableObject) object; - if ( sharingEnabled() ) + User currentUser = currentUserService.getCurrentUser(); + + if ( sharingEnabled( currentUser ) ) { - return aclService.canWrite( currentUserService.getCurrentUser(), idObject ); + return aclService.canWrite( currentUser, idObject ); } } === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MessageConversationController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MessageConversationController.java 2015-02-25 06:32:18 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MessageConversationController.java 2015-03-16 13:12:20 +0000 @@ -28,12 +28,18 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import com.google.common.collect.Lists; -import org.hisp.dhis.acl.AclService; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.hisp.dhis.common.Pager; import org.hisp.dhis.dxf2.common.ImportOptions; +import org.hisp.dhis.dxf2.common.JacksonUtils; import org.hisp.dhis.dxf2.common.TranslateOptions; -import org.hisp.dhis.dxf2.common.JacksonUtils; import org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException; import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException; import org.hisp.dhis.message.MessageService; @@ -65,12 +71,7 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseBody; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.Map; +import com.google.common.collect.Lists; /** * @author Morten Olav Hansen @@ -548,7 +549,7 @@ */ private boolean canModifyUserConversation( User currentUser, User user ) { - return currentUser.equals( user ) || currentUser.getUserCredentials().hasAnyAuthority( AclService.ACL_OVERRIDE_AUTHORITIES ); + return currentUser.equals( user ) || currentUser.isSuper(); } /** @@ -560,7 +561,7 @@ */ private boolean canReadMessageConversation( User user, org.hisp.dhis.message.MessageConversation messageConversation ) { - return messageConversation.getUsers().contains( user ) || user.getUserCredentials().hasAnyAuthority( AclService.ACL_OVERRIDE_AUTHORITIES ); + return messageConversation.getUsers().contains( user ) || user.isSuper(); } /**