Search in sources :

Example 21 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class DashboardCascadeSharingTest method testCascadeShareEventVisualizationError.

@Test
void testCascadeShareEventVisualizationError() {
    DataElement dataElementA = createDataElement('A');
    dataElementA.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    objectManager.save(dataElementA, false);
    Program program = createProgram('Y', null, null);
    objectManager.save(program);
    EventVisualization eventVisualizationA = createEventVisualization('A', program);
    eventVisualizationA.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    eventVisualizationA.addDataDimensionItem(dataElementA);
    objectManager.save(eventVisualizationA, false);
    Sharing sharing = new Sharing();
    sharing.setPublicAccess(DEFAULT);
    sharing.addUserAccess(new UserAccess(userB, DEFAULT));
    Dashboard dashboard = createDashboardWithItem("A", sharing);
    dashboard.getItems().get(0).setEventVisualization(eventVisualizationA);
    objectManager.save(dashboard, false);
    CascadeSharingReport report = cascadeSharingService.cascadeSharing(dashboard, new CascadeSharingParameters());
    assertEquals(0, report.getUpdateObjects().size());
    assertFalse(aclService.canRead(userB, eventVisualizationA));
    assertFalse(aclService.canRead(userB, dataElementA));
}
Also used : DataElement(org.hisp.dhis.dataelement.DataElement) Program(org.hisp.dhis.program.Program) Sharing(org.hisp.dhis.user.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) Dashboard(org.hisp.dhis.dashboard.Dashboard) EventVisualization(org.hisp.dhis.eventvisualization.EventVisualization) Test(org.junit.jupiter.api.Test)

Example 22 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class DashboardCascadeSharingTest method testCascadeShareVisualizationError.

@Test
void testCascadeShareVisualizationError() {
    DataElement dataElementA = createDataElement('A');
    dataElementA.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    objectManager.save(dataElementA, false);
    Visualization vzA = createVisualization('A');
    vzA.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    vzA.addDataDimensionItem(dataElementA);
    objectManager.save(vzA, false);
    Sharing sharing = new Sharing();
    sharing.setPublicAccess(DEFAULT);
    sharing.addUserAccess(new UserAccess(userB, DEFAULT));
    Dashboard dashboard = createDashboardWithItem("A", sharing);
    dashboard.getItems().get(0).setVisualization(vzA);
    objectManager.save(dashboard, false);
    CascadeSharingReport report = cascadeSharingService.cascadeSharing(dashboard, new CascadeSharingParameters());
    assertEquals(0, report.getUpdateObjects().size());
    assertFalse(aclService.canRead(userB, vzA));
    assertFalse(aclService.canRead(userB, dataElementA));
}
Also used : DataElement(org.hisp.dhis.dataelement.DataElement) Visualization(org.hisp.dhis.visualization.Visualization) EventVisualization(org.hisp.dhis.eventvisualization.EventVisualization) Sharing(org.hisp.dhis.user.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) Dashboard(org.hisp.dhis.dashboard.Dashboard) Test(org.junit.jupiter.api.Test)

Example 23 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class DashboardCascadeSharingTest method testCascadeShareMapError.

/**
 * Dashboard is shared to userB.
 * <p>
 * But userB's access is DEFAULT('--------')
 * <p>
 * Expected: no objects being updated.
 */
@Test
void testCascadeShareMapError() {
    DataElement dataElementB = createDataElement('B');
    dataElementB.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    objectManager.save(dataElementB, false);
    Map map = createMap("A");
    map.setSharing(Sharing.builder().publicAccess(DEFAULT).build());
    objectManager.save(map, false);
    objectManager.flush();
    Sharing sharing = new Sharing();
    sharing.setPublicAccess(DEFAULT);
    sharing.addUserAccess(new UserAccess(userB, DEFAULT));
    Dashboard dashboard = createDashboardWithItem("dashboardA", sharing);
    dashboard.getItems().get(0).setMap(map);
    objectManager.save(dashboard, false);
    CascadeSharingReport report = cascadeSharingService.cascadeSharing(dashboard, new CascadeSharingParameters());
    assertEquals(0, report.getUpdateObjects().size());
    assertFalse(aclService.canRead(userB, dashboard.getItems().get(0).getMap()));
}
Also used : DataElement(org.hisp.dhis.dataelement.DataElement) Sharing(org.hisp.dhis.user.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) Dashboard(org.hisp.dhis.dashboard.Dashboard) Map(org.hisp.dhis.mapping.Map) Test(org.junit.jupiter.api.Test)

Example 24 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class SharingController method postSharing.

@PostMapping(consumes = APPLICATION_JSON_VALUE)
@ResponseBody
public WebMessage postSharing(@RequestParam String type, @RequestParam String id, HttpServletRequest request) throws Exception {
    Class<? extends IdentifiableObject> sharingClass = aclService.classForType(type);
    if (sharingClass == null || !aclService.isClassShareable(sharingClass)) {
        return conflict("Type " + type + " is not supported.");
    }
    BaseIdentifiableObject object = (BaseIdentifiableObject) manager.getNoAcl(sharingClass, id);
    if (object == null) {
        return notFound("Object of type " + type + " with ID " + id + " was not found.");
    }
    if ((object instanceof SystemDefaultMetadataObject) && ((SystemDefaultMetadataObject) object).isDefault()) {
        return conflict("Sharing settings of system default metadata object of type " + type + " cannot be modified.");
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canManage(user, object)) {
        throw new AccessDeniedException("You do not have manage access to this object.");
    }
    Sharing sharing = renderService.fromJson(request.getInputStream(), Sharing.class);
    if (!AccessStringHelper.isValid(sharing.getObject().getPublicAccess())) {
        return conflict("Invalid public access string: " + sharing.getObject().getPublicAccess());
    }
    if (aclService.canMakeExternal(user, object)) {
        object.setExternalAccess(sharing.getObject().hasExternalAccess());
    }
    // ---------------------------------------------------------------------
    // Ignore publicAccess if user is not allowed to make objects public
    // ---------------------------------------------------------------------
    Schema schema = schemaService.getDynamicSchema(sharingClass);
    if (aclService.canMakePublic(user, object)) {
        object.setPublicAccess(sharing.getObject().getPublicAccess());
    }
    if (!schema.isDataShareable()) {
        if (AccessStringHelper.hasDataSharing(object.getSharing().getPublicAccess())) {
            object.getSharing().setPublicAccess(AccessStringHelper.disableDataSharing(object.getSharing().getPublicAccess()));
        }
    }
    if (object.getCreatedBy() == null) {
        object.setCreatedBy(user);
    }
    object.getSharing().getUserGroups().clear();
    for (SharingUserGroupAccess sharingUserGroupAccess : sharing.getObject().getUserGroupAccesses()) {
        UserGroupAccess userGroupAccess = new UserGroupAccess();
        if (!AccessStringHelper.isValid(sharingUserGroupAccess.getAccess())) {
            return conflict("Invalid user group access string: " + sharingUserGroupAccess.getAccess());
        }
        if (!schema.isDataShareable()) {
            if (AccessStringHelper.hasDataSharing(sharingUserGroupAccess.getAccess())) {
                sharingUserGroupAccess.setAccess(AccessStringHelper.disableDataSharing(sharingUserGroupAccess.getAccess()));
            }
        }
        userGroupAccess.setAccess(sharingUserGroupAccess.getAccess());
        UserGroup userGroup = manager.get(UserGroup.class, sharingUserGroupAccess.getId());
        if (userGroup != null) {
            userGroupAccess.setUserGroup(userGroup);
            object.getSharing().addUserGroupAccess(userGroupAccess);
        }
    }
    object.getSharing().getUsers().clear();
    for (SharingUserAccess sharingUserAccess : sharing.getObject().getUserAccesses()) {
        UserAccess userAccess = new UserAccess();
        if (!AccessStringHelper.isValid(sharingUserAccess.getAccess())) {
            return conflict("Invalid user access string: " + sharingUserAccess.getAccess());
        }
        if (!schema.isDataShareable()) {
            if (AccessStringHelper.hasDataSharing(sharingUserAccess.getAccess())) {
                sharingUserAccess.setAccess(AccessStringHelper.disableDataSharing(sharingUserAccess.getAccess()));
            }
        }
        userAccess.setAccess(sharingUserAccess.getAccess());
        User sharingUser = manager.get(User.class, sharingUserAccess.getId());
        if (sharingUser != null) {
            userAccess.setUser(sharingUser);
            object.getSharing().addUserAccess(userAccess);
        }
    }
    manager.updateNoAcl(object);
    if (Program.class.isInstance(object)) {
        syncSharingForEventProgram((Program) object);
    }
    log.info(sharingToString(object));
    return ok("Access control set");
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) User(org.hisp.dhis.user.User) Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing) UserAccess(org.hisp.dhis.user.sharing.UserAccess) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) Schema(org.hisp.dhis.schema.Schema) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) SystemDefaultMetadataObject(org.hisp.dhis.common.SystemDefaultMetadataObject) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess) UserGroup(org.hisp.dhis.user.UserGroup) PostMapping(org.springframework.web.bind.annotation.PostMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 25 with UserAccess

use of org.hisp.dhis.user.sharing.UserAccess in project dhis2-core by dhis2.

the class PatchServiceTest method testEmbeddedObjectCollectionDiff.

@Test
void testEmbeddedObjectCollectionDiff() {
    User adminUser = createAndInjectAdminUser();
    UserGroup userGroup = createUserGroup('A', Sets.newHashSet(adminUser));
    manager.save(userGroup);
    DataElement deA = createDataElement('A');
    DataElement deB = createDataElement('B');
    deA.getAggregationLevels().add(1);
    deB.getAggregationLevels().add(1);
    deB.getAggregationLevels().add(2);
    deB.getAggregationLevels().add(3);
    deB.getSharing().addUserGroupAccess(new UserGroupAccess(userGroup, "rw------"));
    deB.getSharing().addUserAccess(new UserAccess(adminUser, "rw------"));
    Patch patch = patchService.diff(new PatchParams(deA, deB));
    patchService.apply(patch, deA);
    assertEquals(deA.getName(), deB.getName());
    assertEquals(deA.getShortName(), deB.getShortName());
    assertEquals(deA.getDescription(), deB.getDescription());
    assertEquals(deA.getAggregationLevels(), deB.getAggregationLevels());
    assertEquals(deA.getUserGroupAccesses(), deB.getUserGroupAccesses());
    assertEquals(deA.getUserAccesses(), deB.getUserAccesses());
}
Also used : DataElement(org.hisp.dhis.dataelement.DataElement) User(org.hisp.dhis.user.User) UserAccess(org.hisp.dhis.user.sharing.UserAccess) UserGroup(org.hisp.dhis.user.UserGroup) UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess) Test(org.junit.jupiter.api.Test) DhisSpringTest(org.hisp.dhis.DhisSpringTest)

Aggregations

UserAccess (org.hisp.dhis.user.sharing.UserAccess)31 Test (org.junit.jupiter.api.Test)25 User (org.hisp.dhis.user.User)19 TransactionalIntegrationTest (org.hisp.dhis.TransactionalIntegrationTest)14 Sharing (org.hisp.dhis.user.sharing.Sharing)12 UserGroupAccess (org.hisp.dhis.user.sharing.UserGroupAccess)9 DataElement (org.hisp.dhis.dataelement.DataElement)8 Dashboard (org.hisp.dhis.dashboard.Dashboard)7 EventVisualization (org.hisp.dhis.eventvisualization.EventVisualization)6 UserGroup (org.hisp.dhis.user.UserGroup)6 HashMap (java.util.HashMap)4 List (java.util.List)3 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3 Schema (org.hisp.dhis.schema.Schema)3 UserAuthorityGroup (org.hisp.dhis.user.UserAuthorityGroup)3 Visualization (org.hisp.dhis.visualization.Visualization)3 Date (java.util.Date)2 DhisSpringTest (org.hisp.dhis.DhisSpringTest)2 CategoryOptionCombo (org.hisp.dhis.category.CategoryOptionCombo)2 BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)2