=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2014-11-18 12:55:20 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/setting/SystemSettingManager.java 2014-11-24 18:14:38 +0000 @@ -91,7 +91,6 @@ final String KEY_OPENID_PROVIDER = "keyOpenIdProvider"; final String KEY_OPENID_PROVIDER_LABEL = "keyOpenIdProviderLabel"; final String KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS = "keyCanGrantOwnUserAuthorityGroups"; - final String KEY_ONLY_MANAGE_WITHIN_USER_GROUPS = "keyOnlyManageWithinUserGroups"; final String KEY_HIDE_UNAPPROVED_DATA_IN_ANALYTICS = "keyHideUnapprovedDataInAnalytics"; final String KEY_ANALYTICS_MAX_LIMIT = "keyAnalyticsMaxLimit"; final String KEY_CUSTOM_LOGIN_PAGE_LOGO = "keyCustomLoginPageLogo"; === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-10-17 20:57:35 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/user/DefaultUserService.java 2014-11-24 18:14:38 +0000 @@ -29,7 +29,6 @@ */ import static org.hisp.dhis.setting.SystemSettingManager.KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS; -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; import java.io.Serializable; import java.util.ArrayList; @@ -680,7 +679,7 @@ @Override public boolean canUpdate( UserCredentials userCredentials ) { - return hasAuthorityToUpdateUser( userCredentials ) && hasGroupsToUpdateUser( userCredentials ); + return hasAuthorityToUpdateUser( userCredentials ); } // ------------------------------------------------------------------------- @@ -819,38 +818,4 @@ return currentUserCredentials != null && userCredentials != null && currentUserCredentials.canIssueAll( userCredentials.getUserAuthorityGroups(), canGrantOwnUserAuthorityGroups ); } - - /** - * Determines if the current user read/write access to at least one group - * to which the user belongs, if this is a requirement on this system - * for updating a user. - * - * @param userCredentials The user to be updated. - * @return true if current user has read/write access to a group to which - * the user belongs, or if this requirement is not applicable, else false. - */ - private boolean hasGroupsToUpdateUser( UserCredentials userCredentials ) - { - User user = currentUserService.getCurrentUser(); - - boolean onlyManageWithinUserGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - - if ( onlyManageWithinUserGroups && !user.getUserCredentials().getAllAuthorities().contains( UserAuthorityGroup.AUTHORITY_ALL ) ) - { - if ( userCredentials.getUser().getGroups() != null ) - { - for ( UserGroup group : userCredentials.getUser().getGroups() ) - { - if ( securityService.canWrite( group ) ) - { - return true; - } - } - } - - return false; - } - - return true; - } } === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/UserController.java 2014-11-24 18:14:38 +0000 @@ -28,8 +28,6 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - import java.io.InputStream; import java.util.ArrayList; import java.util.List; @@ -330,18 +328,12 @@ /** * Before adding the user, checks to see that any specified user groups - * exist. Also checks to see that user can be created by the current - * user, if it is required that the current user have read/write access - * to a user group that is assigned to the new user. + * exist. * * @param user user object parsed from the POST request */ private void checkUserGroups( User user ) { - boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - - boolean writeGroupFound = false; - if ( currentUserService.getCurrentUser() != null && user.getGroups() != null ) { for ( UserGroup ug : user.getGroups() ) @@ -353,19 +345,12 @@ throw new CreateAccessDeniedException( "Can't add user: Can't find user group with UID = " + ug.getUid() ); } - if ( writeGroupRequired && securityService.canWrite( group ) ) + if ( !securityService.canRead( group ) ) { - writeGroupFound = true; - - break; + throw new CreateAccessDeniedException( "Can't add user: Can't read the group with UID = " + ug.getUid() ); } } } - - if ( writeGroupRequired && !writeGroupFound && !currentUserService.currentUserIsSuper() ) - { - throw new CreateAccessDeniedException( "The new user must be assigned to a user group to which you have write access." ); - } } /** @@ -377,18 +362,13 @@ { if ( user.getGroups() != null ) { - boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - for ( UserGroup ug : new ArrayList<>( user.getGroups() ) ) { UserGroup group = userGroupService.getUserGroup( ug.getUid() ); - if ( group != null && ( !writeGroupRequired || securityService.canRead( group ) ) ) - { - group.addUser( user ); + group.addUser( user ); - userGroupService.updateUserGroup( group ); - } + userGroupService.updateUserGroup( group ); } } } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java 2014-08-15 07:40:20 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/commons/action/GetUsersAction.java 2014-11-24 18:14:38 +0000 @@ -41,8 +41,6 @@ import org.hisp.dhis.user.comparator.UserComparator; import org.hisp.dhis.util.ContextUtils; -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - /** * @author mortenoh */ @@ -111,13 +109,6 @@ users = users.subList( paging.getStartPos(), paging.getEndPos() ); } - boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - - if ( writeGroupRequired ) - { - userService.canUpdateUsersFilter( users ); - } - return SUCCESS; } === modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java' --- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2014-11-18 12:55:20 +0000 +++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/interceptor/SystemSettingInterceptor.java 2014-11-24 18:14:38 +0000 @@ -119,7 +119,6 @@ map.put( KEY_OPENID_PROVIDER, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER ) ); map.put( KEY_OPENID_PROVIDER_LABEL, systemSettingManager.getSystemSetting( KEY_OPENID_PROVIDER_LABEL ) ); map.put( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, systemSettingManager.getSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, false ) ); - map.put( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ) ); map.put( KEY_CUSTOM_LOGIN_PAGE_LOGO, systemSettingManager.getSystemSetting( KEY_CUSTOM_LOGIN_PAGE_LOGO, false ) ); map.put( KEY_CUSTOM_TOP_MENU_LOGO, systemSettingManager.getSystemSetting( KEY_CUSTOM_TOP_MENU_LOGO, false ) ); map.put( KEY_ANALYTICS_MAINTENANCE_MODE, systemSettingManager.getSystemSetting( KEY_ANALYTICS_MAINTENANCE_MODE, false ) ); === modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java' --- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java 2014-11-12 14:50:59 +0000 +++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/AddUserGroupAction.java 2014-11-24 18:14:38 +0000 @@ -28,8 +28,6 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - import java.util.ArrayList; import java.util.List; @@ -117,8 +115,6 @@ usersSelected = new ArrayList<>(); } - boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - UserGroup userGroup = new UserGroup( name ); for ( String userUid : usersSelected ) @@ -131,11 +127,6 @@ } userGroup.addUser( user ); - - if ( writeGroupRequired && !userGroup.getMembers().contains( user) && !userService.canUpdate( user.getUserCredentials() ) ) - { - throw new CreateAccessDeniedException( "- You don't have permission to add all selected users to this group." ); - } } if ( jsonAttributeValues != null ) === modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java' --- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java 2014-11-12 14:50:59 +0000 +++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/usergroup/action/UpdateUserGroupAction.java 2014-11-24 18:14:38 +0000 @@ -30,7 +30,6 @@ import com.opensymphony.xwork2.Action; import org.hisp.dhis.attribute.AttributeService; -import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException; import org.hisp.dhis.security.SecurityService; import org.hisp.dhis.setting.SystemSettingManager; import org.hisp.dhis.system.util.AttributeUtils; @@ -44,8 +43,6 @@ import java.util.List; import java.util.Set; -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - public class UpdateUserGroupAction implements Action { @@ -129,8 +126,6 @@ usersSelected = new ArrayList<>(); } - boolean writeGroupRequired = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - UserGroup userGroup = userGroupService.getUserGroup( userGroupId ); Set users = new HashSet<>(); @@ -145,36 +140,6 @@ } users.add( user ); - - if ( writeGroupRequired && !userGroup.getMembers().contains( user ) && !userService.canUpdate( user.getUserCredentials() ) ) - { - throw new UpdateAccessDeniedException( "You don't have permission to add all selected users to this group" ); - } - } - - if ( writeGroupRequired ) - { - for ( User member : userGroup.getMembers() ) - { - if ( !users.contains( member ) ) // Trying to remove member user from group. - { - boolean otherGroupFound = false; - - for ( UserGroup ug : member.getGroups() ) - { - if ( !userGroup.equals( ug ) && securityService.canWrite( ug ) ) - { - otherGroupFound = true; - break; - } - } - - if ( !otherGroupFound ) - { - throw new UpdateAccessDeniedException( "You can't remove member who belongs to no other user groups that you control" ); - } - } - } } userGroup.setName( name ); === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java 2014-10-16 06:17:19 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/java/org/hisp/dhis/settings/action/system/SetAccessSettingsAction.java 2014-11-24 18:14:38 +0000 @@ -106,13 +106,6 @@ this.canGrantOwnUserAuthorityGroups = canGrantOwnUserAuthorityGroups; } - private Boolean onlyManageWithinUserGroups; - - public void setOnlyManageWithinUserGroups( Boolean onlyManageWithinUserGroups ) - { - this.onlyManageWithinUserGroups = onlyManageWithinUserGroups; - } - private Integer credentialsExpires; public void setCredentialsExpires( Integer credentialsExpires ) @@ -180,7 +173,6 @@ systemSettingManager.saveSystemSetting( KEY_ACCOUNT_RECOVERY, accountRecovery ); systemSettingManager.saveSystemSetting( KEY_ACCOUNT_INVITE, accountInvite ); systemSettingManager.saveSystemSetting( KEY_CAN_GRANT_OWN_USER_AUTHORITY_GROUPS, canGrantOwnUserAuthorityGroups ); - systemSettingManager.saveSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, onlyManageWithinUserGroups ); systemSettingManager.saveSystemSetting( KEY_SELF_REGISTRATION_NO_RECAPTCHA, selfRegistrationNoRecaptcha ); systemSettingManager.saveSystemSetting( KEY_OPENID_PROVIDER, StringUtils.isEmpty( openIdProvider ) ? null : openIdProvider ); === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2014-11-18 12:55:20 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module.properties 2014-11-24 18:14:38 +0000 @@ -102,7 +102,6 @@ openid_provider_label=OpenID provider label openid_provider=OpenID provider allow_users_to_grant_own_user_roles=Allow users to grant own user roles -users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager object_not_deleted_associated_by_objects=Object not deleted because it is associated by objects of type analytics_max_limit=Maximum number of analytics records unlimited=Unlimited === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties 2014-10-17 08:19:44 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/resources/org/hisp/dhis/settings/i18n_module_lo.properties 2014-11-24 18:14:38 +0000 @@ -96,7 +96,6 @@ never=Never months=Months allow_users_to_grant_own_user_roles=Allow users to grant own user roles -users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager object_not_deleted_associated_by_objects=Object not deleted because it is associated by objects of type analytics_max_limit=Maximum number of analytics records unlimited=Unlimited === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm 2014-05-15 13:16:11 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-settings/src/main/webapp/dhis-web-maintenance-settings/systemAccessSettings.vm 2014-11-24 18:14:38 +0000 @@ -8,7 +8,6 @@ accountRecovery: jQuery( '#accountRecovery' ).is( ':checked' ), accountInvite: jQuery( '#accountInvite' ).is( ':checked' ), canGrantOwnUserAuthorityGroups: jQuery( '#canGrantOwnUserAuthorityGroups' ).is( ':checked' ), - onlyManageWithinUserGroups: jQuery( '#onlyManageWithinUserGroups' ).is( ':checked' ), credentialsExpires: jQuery( '#credentialsExpires' ).val(), openIdProvider: jQuery( '#openIdProvider' ).val(), openIdProviderLabel: jQuery( '#openIdProviderLabel' ).val() @@ -69,11 +68,6 @@ -
- - -
-
$i18n.getString( "user_credentials_expires" )
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-11-24 18:14:38 +0000 @@ -64,8 +64,6 @@ import java.util.List; import java.util.Set; -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - /** * @author Torgeir Lorange Ostby */ @@ -304,36 +302,6 @@ User currentUser = currentUserService.getCurrentUser(); // --------------------------------------------------------------------- - // Check if user group is required, before we add the user - // --------------------------------------------------------------------- - - boolean canManageGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - - if ( canManageGroups && !currentUser.getUserCredentials().getAllAuthorities().contains( "ALL" ) ) - { - boolean groupFound = false; - - for ( String ug : ugSelected ) - { - UserGroup group = userGroupService.getUserGroup( ug ); - - if ( group != null && securityService.canWrite( group ) ) - { - groupFound = true; - - break; - } - } - - if ( !groupFound ) - { - message = i18n.getString( "users_must_belong_to_a_group_controlled_by_the_user_manager" ); - - return ERROR; - } - } - - // --------------------------------------------------------------------- // User credentials and user // --------------------------------------------------------------------- === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-11-24 14:15:14 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/UpdateUserAction.java 2014-11-24 18:14:38 +0000 @@ -61,8 +61,6 @@ import java.util.List; import java.util.Set; -import static org.hisp.dhis.setting.SystemSettingManager.KEY_ONLY_MANAGE_WITHIN_USER_GROUPS; - /** * @author Torgeir Lorange Ostby */ @@ -271,36 +269,6 @@ User currentUser = currentUserService.getCurrentUser(); // --------------------------------------------------------------------- - // Check if user group is required, before we start updating the user - // --------------------------------------------------------------------- - - Boolean canManageGroups = (Boolean) systemSettingManager.getSystemSetting( KEY_ONLY_MANAGE_WITHIN_USER_GROUPS, false ); - - if ( canManageGroups && !currentUser.getUserCredentials().getAllAuthorities().contains( "ALL" ) ) - { - boolean groupFound = false; - - for ( String ug : ugSelected ) - { - UserGroup group = userGroupService.getUserGroup( ug ); - - if ( group != null && securityService.canWrite( group ) ) - { - groupFound = true; - - break; - } - } - - if ( !groupFound ) - { - message = i18n.getString( "users_must_belong_to_a_group_controlled_by_the_user_manager" ); - - return ERROR; - } - } - - // --------------------------------------------------------------------- // User credentials and user // --------------------------------------------------------------------- === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2014-11-03 12:28:28 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2014-11-24 18:14:38 +0000 @@ -328,7 +328,6 @@ user_use_group=There are user associated with this user role. can_not_remove_last_super_user=Can not remove the last super user. can_not_remove_last_super_user_role=Can not remove the last super user role. -users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager. delete_current_user=Delete Current User last_login=Last login inactive_for=Inactive for === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties 2014-10-17 08:19:44 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module_lo.properties 2014-11-24 18:14:38 +0000 @@ -195,7 +195,6 @@ user_use_group=There are user associated with this user role. can_not_remove_last_super_user=Can not remove the last super user. can_not_remove_last_super_user_role=Can not remove the last super user role. -users_must_belong_to_a_group_controlled_by_the_user_manager=Users must belong to a group controlled by the user manager. delete_current_user=Delete Current User last_login=Last login months=months