Examples with UserAccess org.hisp.dhis.user.sharing.UserAccess used on opensource projects

Search in sources :

Example 16 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class AclServiceTest method testUserCantUpdateDeletePrivateDashboard.

@Test
void testUserCantUpdateDeletePrivateDashboard() {
    User user1 = createUser('A');
    User user2 = createUser('B');
    manager.save(user1);
    manager.save(user2);
    Dashboard dashboard = new Dashboard("Dashboard");
    dashboard.setCreatedBy(user1);
    dashboard.getSharing().setOwner(user1);
    dashboard.setAutoFields();
    manager.save(dashboard);
    assertTrue(aclService.canRead(user1, dashboard));
    assertTrue(aclService.canUpdate(user1, dashboard));
    assertTrue(aclService.canDelete(user1, dashboard));
    assertTrue(aclService.canManage(user1, dashboard));
    UserAccess userAccess = new UserAccess();
    userAccess.setUser(user2);
    userAccess.setAccess(AccessStringHelper.READ);
    dashboard.getSharing().addUserAccess(userAccess);
    assertTrue(aclService.canRead(user2, dashboard));
    assertFalse(aclService.canUpdate(user2, dashboard));
    assertFalse(aclService.canDelete(user2, dashboard));
    assertFalse(aclService.canManage(user2, dashboard));
}
Also used : User(org.hisp.dhis.user.User) UserAccess(org.hisp.dhis.user.sharing.UserAccess) Dashboard(org.hisp.dhis.dashboard.Dashboard) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 17 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class AclServiceTest method testUserBCanUpdateEventVisualizationWithoutAuthority.

@Test
void testUserBCanUpdateEventVisualizationWithoutAuthority() {
    // Given
    User userA = createUser('A');
    manager.save(userA);
    EventVisualization eventVisualization = new EventVisualization();
    eventVisualization.setAutoFields();
    eventVisualization.setName("FavA");
    eventVisualization.setCreatedBy(userA);
    eventVisualization.getSharing().setOwner(userA);
    eventVisualization.setPublicAccess(AccessStringHelper.DEFAULT);
    eventVisualization.setType(EventVisualizationType.COLUMN);
    assertTrue(aclService.canUpdate(userA, eventVisualization));
    manager.save(eventVisualization);
    // Then
    User userB = createUser('B');
    manager.save(userB);
    eventVisualization.getSharing().addUserAccess(new UserAccess(userB, AccessStringHelper.FULL));
    manager.update(eventVisualization);
    assertTrue(aclService.canUpdate(userB, eventVisualization));
}
Also used : User(org.hisp.dhis.user.User) UserAccess(org.hisp.dhis.user.sharing.UserAccess) EventVisualization(org.hisp.dhis.eventvisualization.EventVisualization) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 18 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class MetadataImportServiceTest method testImportWithSkipSharingIsTrueAndNoPermission.

/**
 * User only have READ access to Dashboard object User try to update
 * Dashboard with: skipSharing=true, and payload doesn't include sharing
 * data. Expected: import error
 */
@Test
void testImportWithSkipSharingIsTrueAndNoPermission() {
    clearSecurityContext();
    User userA = createUser("A");
    userService.addUser(userA);
    Dashboard dashboard = new Dashboard();
    dashboard.setName("DashboardA");
    Sharing sharing = new Sharing();
    sharing.addUserAccess(new UserAccess(userA, AccessStringHelper.READ));
    dashboard.setSharing(sharing);
    Map<Class<? extends IdentifiableObject>, List<IdentifiableObject>> metadata = new HashMap<>();
    metadata.put(Dashboard.class, Collections.singletonList(dashboard));
    MetadataImportParams params = createParams(ImportStrategy.CREATE, metadata);
    params.setSkipSharing(false);
    // Create Dashboard
    ImportReport report = importService.importMetadata(params);
    assertEquals(Status.OK, report.getStatus());
    // Check sharing data
    IdentifiableObject savedDashboard = manager.get(Dashboard.class, dashboard.getUid());
    boolean condition = aclService.canWrite(userA, savedDashboard);
    assertFalse(condition);
    assertTrue(aclService.canRead(userA, savedDashboard));
    // Update dashboard with skipSharing=true and no sharing data in payload
    dashboard.setSharing(null);
    metadata.put(Dashboard.class, Collections.singletonList(dashboard));
    params = createParams(ImportStrategy.UPDATE, metadata);
    params.setSkipSharing(true);
    params.setUser(userA);
    report = importService.importMetadata(params);
    assertEquals(Status.ERROR, report.getStatus());
}
Also used : User(org.hisp.dhis.user.User) Sharing(org.hisp.dhis.user.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) HashMap(java.util.HashMap) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) Dashboard(org.hisp.dhis.dashboard.Dashboard) List(java.util.List) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 19 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class MetadataImportServiceTest method testImportWithSkipSharingIsTrueAndWritePermission.

/**
 * User have READ-WRITE access to Dashboard object User try to update
 * Dashboard with: skipSharing=true, and payload doesn't include sharing
 * data. Expected: import successfully
 */
@Test
void testImportWithSkipSharingIsTrueAndWritePermission() {
    User userA = createUser('A');
    userService.addUser(userA);
    injectSecurityContext(userA);
    Dashboard dashboard = new Dashboard();
    dashboard.setName("DashboardA");
    Sharing sharing = new Sharing();
    sharing.setPublicAccess(AccessStringHelper.DEFAULT);
    sharing.addUserAccess(new UserAccess(userA, AccessStringHelper.READ_WRITE));
    dashboard.setSharing(sharing);
    Map<Class<? extends IdentifiableObject>, List<IdentifiableObject>> metadata = new HashMap<>();
    metadata.put(Dashboard.class, Collections.singletonList(dashboard));
    MetadataImportParams params = createParams(ImportStrategy.CREATE, metadata);
    params.setSkipSharing(false);
    // Create Dashboard
    ImportReport report = importService.importMetadata(params);
    assertEquals(Status.OK, report.getStatus());
    // Check all sharing data
    IdentifiableObject savedDashboard = manager.get(Dashboard.class, dashboard.getUid());
    assertTrue(aclService.canWrite(userA, savedDashboard));
    assertTrue(aclService.canRead(userA, savedDashboard));
    // Update Dashboard with skipSharing=true and no sharing data in payload
    dashboard.setSharing(null);
    metadata.put(Dashboard.class, Collections.singletonList(dashboard));
    params = createParams(ImportStrategy.UPDATE, metadata);
    params.setSkipSharing(true);
    params.setUser(userA);
    report = importService.importMetadata(params);
    assertEquals(Status.OK, report.getStatus());
}
Also used : User(org.hisp.dhis.user.User) Sharing(org.hisp.dhis.user.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) HashMap(java.util.HashMap) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) Dashboard(org.hisp.dhis.dashboard.Dashboard) List(java.util.List) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 20 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class DefaultAclStoreTest method getAccessibleProgramsReturnsUserAccessibleOnes.

@Test
void getAccessibleProgramsReturnsUserAccessibleOnes() {
    // a private program
    Program programA = createProgram('A');
    programA.setPublicAccess("--------");
    programA.getSharing().setOwner(owner);
    manager.save(programA, false);
    // a private program readable by the user
    Program programB = createProgram('B');
    programB.setPublicAccess("--------");
    programB.getSharing().setOwner(owner);
    UserAccess a = new UserAccess();
    a.setUser(user);
    a.setAccess("--r-----");
    programB.getSharing().addUserAccess(a);
    manager.save(programB, false);
    List<Long> programIds = aclStore.getAccessiblePrograms(user.getUid(), Collections.emptyList());
    assertContainsOnly(programIds, programB.getId());
}
Also used : Program(org.hisp.dhis.program.Program) UserAccess(org.hisp.dhis.user.sharing.UserAccess) Test(org.junit.jupiter.api.Test)

Aggregations

UserAccess (org.hisp.dhis.user.sharing.UserAccess)31 Test (org.junit.jupiter.api.Test)25 User (org.hisp.dhis.user.User)19 TransactionalIntegrationTest (org.hisp.dhis.TransactionalIntegrationTest)14 Sharing (org.hisp.dhis.user.sharing.Sharing)12 UserGroupAccess (org.hisp.dhis.user.sharing.UserGroupAccess)9 DataElement (org.hisp.dhis.dataelement.DataElement)8 Dashboard (org.hisp.dhis.dashboard.Dashboard)7 EventVisualization (org.hisp.dhis.eventvisualization.EventVisualization)6 UserGroup (org.hisp.dhis.user.UserGroup)6 HashMap (java.util.HashMap)4 List (java.util.List)3 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3 Schema (org.hisp.dhis.schema.Schema)3 UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)3 Visualization (org.hisp.dhis.visualization.Visualization)3 Date (java.util.Date)2 DhisSpringTest (org.hisp.dhis.DhisSpringTest)2 CategoryOptionCombo (org.hisp.dhis.category.CategoryOptionCombo)2 BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial