=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2016-02-18 07:59:49 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2016-02-18 14:45:25 +0000 @@ -434,7 +434,7 @@ } } - if ( !Interpretation.class.isAssignableFrom( clazz ) && !isUpdateAllowed( object ) ) + if ( !Interpretation.class.isAssignableFrom( clazz ) && !isUpdateAllowed( object, user ) ) { AuditLogUtil.infoWrapper( log, username, object, AuditLogUtil.ACTION_UPDATE_DENIED ); throw new UpdateAccessDeniedException( object.toString() ); @@ -459,7 +459,7 @@ { String username = user != null ? user.getUsername() : "system-process"; - if ( !isDeleteAllowed( object ) ) + if ( !isDeleteAllowed( object, user ) ) { AuditLogUtil.infoWrapper( log, username, object, AuditLogUtil.ACTION_DELETE_DENIED ); throw new DeleteAccessDeniedException( object.toString() ); @@ -635,69 +635,55 @@ return Dashboard.class.isAssignableFrom( clazz ); } - protected boolean sharingEnabled( User currentUser ) + protected boolean sharingEnabled( User user ) { - return forceAcl() || (aclService.isShareable( clazz ) && !(currentUser == null || currentUser.isSuper())); + return forceAcl() || (aclService.isShareable( clazz ) && !(user == null || user.isSuper())); } protected boolean isReadAllowed( T object ) { - if ( IdentifiableObject.class.isInstance( object ) ) - { - IdentifiableObject idObject = (IdentifiableObject) object; - - User currentUser = currentUserService.getCurrentUser(); - - if ( sharingEnabled( currentUser ) ) - { - return aclService.canRead( currentUser, idObject ); - } - } - - return true; - } - - protected boolean isWriteAllowed( T object ) - { - if ( IdentifiableObject.class.isInstance( object ) ) - { - IdentifiableObject idObject = (IdentifiableObject) object; - - User currentUser = currentUserService.getCurrentUser(); - - if ( sharingEnabled( currentUser ) ) - { - return aclService.canWrite( currentUser, idObject ); - } - } - - return true; - } - - protected boolean isUpdateAllowed( T object ) - { - if ( IdentifiableObject.class.isInstance( object ) ) - { - IdentifiableObject idObject = (IdentifiableObject) object; - - if ( aclService.isShareable( clazz ) ) - { - return aclService.canUpdate( currentUserService.getCurrentUser(), idObject ); - } - } - - return true; - } - - protected boolean isDeleteAllowed( T object ) - { - if ( IdentifiableObject.class.isInstance( object ) ) - { - IdentifiableObject idObject = (IdentifiableObject) object; - - if ( aclService.isShareable( clazz ) ) - { - return aclService.canDelete( currentUserService.getCurrentUser(), idObject ); + return isReadAllowed( object, currentUserService.getCurrentUser() ); + } + + protected boolean isReadAllowed( T object, User user ) + { + if ( IdentifiableObject.class.isInstance( object ) ) + { + IdentifiableObject idObject = (IdentifiableObject) object; + + if ( sharingEnabled( user ) ) + { + return aclService.canRead( user, idObject ); + } + } + + return true; + } + + protected boolean isUpdateAllowed( T object, User user ) + { + if ( IdentifiableObject.class.isInstance( object ) ) + { + IdentifiableObject idObject = (IdentifiableObject) object; + + if ( aclService.isShareable( clazz ) ) + { + return aclService.canUpdate( user, idObject ); + } + } + + return true; + } + + protected boolean isDeleteAllowed( T object, User user ) + { + if ( IdentifiableObject.class.isInstance( object ) ) + { + IdentifiableObject idObject = (IdentifiableObject) object; + + if ( aclService.isShareable( clazz ) ) + { + return aclService.canDelete( user, idObject ); } }