Example 1 with UserAccess
use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.
the class DefaultAclService method verifySharing.
@Override
public <T extends IdentifiableObject> List<ErrorReport> verifySharing(T object, User user) {
List<ErrorReport> errorReports = new ArrayList<>();
if (object == null || haveOverrideAuthority(user) || !isShareable(object)) {
return errorReports;
}
if (!AccessStringHelper.isValid(object.getSharing().getPublicAccess())) {
errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3010, object.getPublicAccess()));
return errorReports;
}
Schema schema = schemaService.getSchema(HibernateProxyUtils.getRealClass(object));
if (!schema.isDataShareable()) {
ErrorReport errorReport = null;
if (object.getSharing().getPublicAccess() != null && AccessStringHelper.hasDataSharing(object.getSharing().getPublicAccess())) {
errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
} else {
for (UserAccess userAccess : object.getSharing().getUsers().values()) {
if (AccessStringHelper.hasDataSharing(userAccess.getAccess())) {
errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
break;
}
}
for (UserGroupAccess userGroupAccess : object.getSharing().getUserGroups().values()) {
if (AccessStringHelper.hasDataSharing(userGroupAccess.getAccess())) {
errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
break;
}
}
}
if (errorReport != null) {
errorReports.add(errorReport);
}
}
boolean canMakePublic = canMakePublic(user, object);
boolean canMakePrivate = canMakePrivate(user, object);
boolean canMakeExternal = canMakeExternal(user, object);
if (object.getExternalAccess()) {
if (!canMakeExternal) {
errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3006, user.getUsername(), object.getClass()));
}
}
errorReports.addAll(verifyImplicitSharing(user, object));
if (AccessStringHelper.DEFAULT.equals(object.getPublicAccess())) {
if (canMakePublic || canMakePrivate) {
return errorReports;
}
errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3009, user.getUsername(), object.getClass()));
} else {
if (canMakePublic) {
return errorReports;
}
errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3008, user.getUsername(), object.getClass()));
}
return errorReports;
}
Also used :
ErrorReport(org.hisp.dhis.feedback.ErrorReport)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
Schema(org.hisp.dhis.schema.Schema)
ArrayList(java.util.ArrayList)
UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess)
Example 2 with UserAccess
use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.
the class DataApprovalStoreIntegrationTest method testApprovalStatusWithUserSharing.
@Test
void testApprovalStatusWithUserSharing() {
transactionTemplate.execute(status -> {
categoryOptionA.getSharing().addUserAccess(new UserAccess(userA, "r-r-----"));
categoryOptionB.getSharing().addUserAccess(new UserAccess(userA, "r-r-----"));
sharingTest(1);
return null;
});
}
Also used :
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest)
Test(org.junit.jupiter.api.Test)
Example 3 with UserAccess
use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.
the class DataApprovalStoreIntegrationTest method testApprovalStatusWithOtherUserAccess.
@Test
void testApprovalStatusWithOtherUserAccess() {
transactionTemplate.execute(status -> {
categoryOptionA.getSharing().setOwner(userB);
categoryOptionB.getSharing().setOwner(userB);
categoryOptionA.getSharing().addUserAccess(new UserAccess(userB, "r-r-----"));
categoryOptionB.getSharing().addUserAccess(new UserAccess(userB, "r-r-----"));
categoryOptionA.getSharing().addUserGroupAccess(new UserGroupAccess(userGroupB, "r-r-----"));
categoryOptionB.getSharing().addUserGroupAccess(new UserGroupAccess(userGroupB, "r-r-----"));
sharingTest(0);
return null;
});
}
Also used :
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess)
TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest)
Test(org.junit.jupiter.api.Test)
Example 4 with UserAccess
use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.
the class HibernateIdentifiableObjectStoreTest method testMetadataRead.
/**
* Test Metadata Read access User and UserGroups mapping User1 | User2 |
* User3 | User 4 Group1 x | | | Group2 X | | | X
*
* DataElementA access defined for Users and UserGroups User1 | User2 |
* User3 | UserGroup1 | UserGroup2 Can access DEA | X | | X |
*/
@Test
void testMetadataRead() {
User admin = createAndInjectAdminUser();
User user1 = new User();
user1.setAutoFields();
User user2 = new User();
user2.setAutoFields();
User user3 = new User();
user3.setAutoFields();
User user4 = new User();
user4.setAutoFields();
UserGroup userGroup1 = new UserGroup();
userGroup1.setAutoFields();
UserGroup userGroup2 = new UserGroup();
userGroup2.setAutoFields();
user1.getGroups().add(userGroup1);
user1.getGroups().add(userGroup2);
user4.getGroups().add(userGroup2);
Map<String, UserAccess> userSharing = new HashMap<>();
userSharing.put(user1.getUid(), new UserAccess(user1, AccessStringHelper.DEFAULT));
userSharing.put(user2.getUid(), new UserAccess(user2, AccessStringHelper.READ));
userSharing.put(user3.getUid(), new UserAccess(user3, AccessStringHelper.DEFAULT));
userSharing.put(user4.getUid(), new UserAccess(user4, AccessStringHelper.DEFAULT));
Map<String, UserGroupAccess> userGroupSharing = new HashMap<>();
userGroupSharing.put(userGroup1.getUid(), new UserGroupAccess(userGroup1, AccessStringHelper.READ_WRITE));
userGroupSharing.put(userGroup2.getUid(), new UserGroupAccess(userGroup2, AccessStringHelper.DEFAULT));
DataElement dataElement = createDataElement('A');
String dataElementUid = "deabcdefghA";
dataElement.setUid(dataElementUid);
dataElement.setCreatedBy(admin);
Sharing sharing = Sharing.builder().external(false).publicAccess(AccessStringHelper.DEFAULT).owner("testOwner").userGroups(userGroupSharing).users(userSharing).build();
dataElement.setSharing(sharing);
dataElementStore.save(dataElement, false);
dataElement = dataElementStore.getByUidNoAcl(dataElementUid);
assertNotNull(dataElement.getSharing());
assertEquals(2, dataElement.getSharing().getUserGroups().size());
assertEquals(4, dataElement.getSharing().getUsers().size());
// User1 can't access but it belong to UserGroup1 which has access
assertNotNull(dataElementStore.getDataElement(dataElement.getUid(), user1));
// User2 has access to DEA
assertNotNull(dataElementStore.getDataElement(dataElement.getUid(), user2));
// User3 doesn't have access and also does't belong to any groups
assertNull(dataElementStore.getDataElement(dataElement.getUid(), user3));
// User4 doesn't have access and it belong to UserGroup2 which also
// doesn't have access
assertNull(dataElementStore.getDataElement(dataElement.getUid(), user4));
}
Also used :
DataElement(org.hisp.dhis.dataelement.DataElement)
User(org.hisp.dhis.user.User)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
HashMap(java.util.HashMap)
Sharing(org.hisp.dhis.user.sharing.Sharing)
UserGroup(org.hisp.dhis.user.UserGroup)
UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess)
TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest)
Test(org.junit.jupiter.api.Test)
Example 5 with UserAccess
use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.
the class DataSetServiceTest method testDataSharingDataSet.
@Test
void testDataSharingDataSet() {
User user = createUser('A');
injectSecurityContext(user);
DataSet dataSet = createDataSet('A', new MonthlyPeriodType());
UserAccess userAccess = new UserAccess();
userAccess.setUser(user);
userAccess.setAccess(AccessStringHelper.DATA_READ_WRITE);
dataSet.getSharing().addUserAccess(userAccess);
Access access = aclService.getAccess(dataSet, user);
assertTrue(access.getData().isRead());
assertTrue(access.getData().isWrite());
}
Also used :
User(org.hisp.dhis.user.User)
MonthlyPeriodType(org.hisp.dhis.period.MonthlyPeriodType)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
Access(org.hisp.dhis.security.acl.Access)
DhisTest(org.hisp.dhis.DhisTest)
Test(org.junit.jupiter.api.Test)
Aggregations
UserAccess (org.hisp.dhis.user.sharing.UserAccess)31
Test (org.junit.jupiter.api.Test)25
User (org.hisp.dhis.user.User)19
TransactionalIntegrationTest (org.hisp.dhis.TransactionalIntegrationTest)14
Sharing (org.hisp.dhis.user.sharing.Sharing)12
UserGroupAccess (org.hisp.dhis.user.sharing.UserGroupAccess)9
DataElement (org.hisp.dhis.dataelement.DataElement)8
Dashboard (org.hisp.dhis.dashboard.Dashboard)7
EventVisualization (org.hisp.dhis.eventvisualization.EventVisualization)6
UserGroup (org.hisp.dhis.user.UserGroup)6
HashMap (java.util.HashMap)4
List (java.util.List)3
IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3
Schema (org.hisp.dhis.schema.Schema)3
UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)3
Visualization (org.hisp.dhis.visualization.Visualization)3
Date (java.util.Date)2
DhisSpringTest (org.hisp.dhis.DhisSpringTest)2
CategoryOptionCombo (org.hisp.dhis.category.CategoryOptionCombo)2
BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)2
