=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2015-01-27 13:26:13 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroup.java 2015-02-01 23:02:22 +0000
@@ -57,6 +57,7 @@
public static final String AUTH_USER_DELETE = "F_USER_DELETE";
public static final String AUTH_USER_VIEW = "F_USER_VIEW";
public static final String AUTH_USER_ADD_IN_GROUP = "F_USER_ADD_WITHIN_MANAGED_GROUP";
+ public static final String AUTH_ADD_MEMBERS_TO_READ_ONLY_USER_GROUPS = "F_USER_GROUPS_READ_ONLY_ADD_MEMBERS";
/**
* Determines if a de-serialized file is compatible with this class.
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2015-01-27 13:26:13 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/UserGroupService.java 2015-02-01 23:02:22 +0000
@@ -48,7 +48,7 @@
/**
* Indicates whether the current user can add or remove members for the user
* group with the given UID. To to so the current user must have write access
- * to the group or have read access as well as the F_USER_ADD_WITHIN_MANAGED_GROUP
+ * to the group or have read access as well as the F_USER_GROUPS_READ_ONLY_ADD_MEMBERS
* authority.
*
* @param uid the user group UID.
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2015-01-27 13:26:13 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserGroupService.java 2015-02-01 23:02:22 +0000
@@ -121,7 +121,7 @@
}
boolean canUpdate = aclService.canUpdate( currentUser, userGroup );
- boolean canAddMember = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD_IN_GROUP );
+ boolean canAddMember = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_ADD_MEMBERS_TO_READ_ONLY_USER_GROUPS );
return canUpdate || canAddMember;
}
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml'
--- dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-01-27 13:26:13 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/resources/META-INF/dhis/security.xml 2015-02-01 23:02:22 +0000
@@ -340,6 +340,7 @@
F_USERGROUP_MANAGING_RELATIONSHIPS_ADD
F_USERGROUP_MANAGING_RELATIONSHIPS_VIEW
F_USER_ADD_WITHIN_MANAGED_GROUP
+ F_USER_GROUPS_READ_ONLY_ADD_MEMBERS
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2015-01-29 16:27:12 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2015-02-01 23:02:22 +0000
@@ -116,6 +116,7 @@
F_USERGROUP_LIST=List User Groups
F_USERGROUP_MANAGING_RELATIONSHIPS_ADD=Add/Update User Group Managing Relationships
F_USERGROUP_MANAGING_RELATIONSHIPS_VIEW=View User Group Managing Relationships
+F_USER_GROUPS_READ_ONLY_ADD_MEMBERS=Add/Remove Members In Read-Only User Groups
F_USER_ADD=Add/Update User
F_USER_DELETE=Delete User
F_USER_VIEW=View User