Examples with UserGroupAccess org.hisp.dhis.user.sharing.UserGroupAccess used on opensource projects

Example 6 with UserGroupAccess

use of org.hisp.dhis.user.sharing.UserGroupAccess in project dhis2-core by dhis2.

the class DeduplicationServiceMergeIntegrationTest method getUserSharing.

private Sharing getUserSharing(User user, String accessStringHelper) {
    UserGroup userGroup = new UserGroup();
    userGroup.setName("UserGroupA");
    user.getGroups().add(userGroup);
    Map<String, org.hisp.dhis.user.sharing.UserAccess> userSharing = new HashMap<>();
    userSharing.put(user.getUid(), new org.hisp.dhis.user.sharing.UserAccess(user, AccessStringHelper.DEFAULT));
    Map<String, UserGroupAccess> userGroupSharing = new HashMap<>();
    userGroupSharing.put(userGroup.getUid(), new UserGroupAccess(userGroup, accessStringHelper));
    return Sharing.builder().external(false).publicAccess(AccessStringHelper.DEFAULT).owner("testOwner").userGroups(userGroupSharing).users(userSharing).build();
}

Example 7 with UserGroupAccess

use of org.hisp.dhis.user.sharing.UserGroupAccess in project dhis2-core by dhis2.

the class DefaultAclService method verifySharing.

@Override
public <T extends IdentifiableObject> List<ErrorReport> verifySharing(T object, User user) {
    List<ErrorReport> errorReports = new ArrayList<>();
    if (object == null || haveOverrideAuthority(user) || !isShareable(object)) {
        return errorReports;
    }
    if (!AccessStringHelper.isValid(object.getSharing().getPublicAccess())) {
        errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3010, object.getPublicAccess()));
        return errorReports;
    }
    Schema schema = schemaService.getSchema(HibernateProxyUtils.getRealClass(object));
    if (!schema.isDataShareable()) {
        ErrorReport errorReport = null;
        if (object.getSharing().getPublicAccess() != null && AccessStringHelper.hasDataSharing(object.getSharing().getPublicAccess())) {
            errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
        } else {
            for (UserAccess userAccess : object.getSharing().getUsers().values()) {
                if (AccessStringHelper.hasDataSharing(userAccess.getAccess())) {
                    errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
                    break;
                }
            }
            for (UserGroupAccess userGroupAccess : object.getSharing().getUserGroups().values()) {
                if (AccessStringHelper.hasDataSharing(userGroupAccess.getAccess())) {
                    errorReport = new ErrorReport(object.getClass(), ErrorCode.E3011, object.getClass());
                    break;
                }
            }
        }
        if (errorReport != null) {
            errorReports.add(errorReport);
        }
    }
    boolean canMakePublic = canMakePublic(user, object);
    boolean canMakePrivate = canMakePrivate(user, object);
    boolean canMakeExternal = canMakeExternal(user, object);
    if (object.getExternalAccess()) {
        if (!canMakeExternal) {
            errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3006, user.getUsername(), object.getClass()));
        }
    }
    errorReports.addAll(verifyImplicitSharing(user, object));
    if (AccessStringHelper.DEFAULT.equals(object.getPublicAccess())) {
        if (canMakePublic || canMakePrivate) {
            return errorReports;
        }
        errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3009, user.getUsername(), object.getClass()));
    } else {
        if (canMakePublic) {
            return errorReports;
        }
        errorReports.add(new ErrorReport(object.getClass(), ErrorCode.E3008, user.getUsername(), object.getClass()));
    }
    return errorReports;
}

Example 8 with UserGroupAccess

use of org.hisp.dhis.user.sharing.UserGroupAccess in project dhis2-core by dhis2.

the class IdentifiableObjectManagerTest method readUserGroupSharedObjects.

@Test
void readUserGroupSharedObjects() {
    User loginUser = createUserAndInjectSecurityContext(false, "F_DATAELEMENT_PUBLIC_ADD", "F_USER_ADD", "F_USERGROUP_PUBLIC_ADD");
    User user = createUser('B');
    identifiableObjectManager.save(user);
    UserGroup userGroup = createUserGroup('A', Sets.newHashSet(loginUser));
    identifiableObjectManager.save(userGroup);
    user.getGroups().add(userGroup);
    loginUser.getGroups().add(userGroup);
    identifiableObjectManager.save(loginUser);
    identifiableObjectManager.save(user);
    identifiableObjectManager.save(createDataElement('A'));
    identifiableObjectManager.save(createDataElement('B'));
    identifiableObjectManager.save(createDataElement('C'));
    identifiableObjectManager.save(createDataElement('D'));
    assertEquals(4, identifiableObjectManager.getCount(DataElement.class));
    assertEquals(4, identifiableObjectManager.getAll(DataElement.class).size());
    List<DataElement> dataElements = new ArrayList<>(identifiableObjectManager.getAll(DataElement.class));
    for (DataElement dataElement : dataElements) {
        dataElement.getSharing().setOwner(user);
        dataElement.getSharing().setPublicAccess(AccessStringHelper.newInstance().build());
        dataElement.getSharing().addUserGroupAccess(new UserGroupAccess(userGroup, AccessStringHelper.READ));
        sessionFactory.getCurrentSession().update(dataElement);
    }
    identifiableObjectManager.flush();
    assertEquals(4, identifiableObjectManager.getCount(DataElement.class));
    assertEquals(4, identifiableObjectManager.getAll(DataElement.class).size());
}

Example 9 with UserGroupAccess

use of org.hisp.dhis.user.sharing.UserGroupAccess in project dhis2-core by dhis2.

the class IdentifiableObjectManagerTest method testRemoveUserGroupFromSharing.

@Test
void testRemoveUserGroupFromSharing() {
    User userA = createUser('A');
    userService.addUser(userA);
    UserGroup userGroupA = createUserGroup('A', Sets.newHashSet(userA));
    identifiableObjectManager.save(userGroupA);
    String userGroupUid = userGroupA.getUid();
    DataElement de = createDataElement('A');
    Sharing sharing = new Sharing();
    sharing.setUserGroupAccess(singleton(new UserGroupAccess("rw------", userGroupA.getUid())));
    de.setSharing(sharing);
    identifiableObjectManager.save(de, false);
    de = identifiableObjectManager.get(de.getUid());
    assertEquals(1, de.getSharing().getUserGroups().size());
    identifiableObjectManager.delete(userGroupA);
    identifiableObjectManager.removeUserGroupFromSharing(userGroupUid);
    dbmsManager.clearSession();
    de = identifiableObjectManager.get(de.getUid());
    assertEquals(0, de.getSharing().getUserGroups().size());
}

Example 10 with UserGroupAccess

use of org.hisp.dhis.user.sharing.UserGroupAccess in project dhis2-core by dhis2.

the class HibernateIdentifiableObjectStoreTest method testMetadataRead.

/**
 * Test Metadata Read access User and UserGroups mapping User1 | User2 |
 * User3 | User 4 Group1 x | | | Group2 X | | | X
 *
 * DataElementA access defined for Users and UserGroups User1 | User2 |
 * User3 | UserGroup1 | UserGroup2 Can access DEA | X | | X |
 */
@Test
void testMetadataRead() {
    User admin = createAndInjectAdminUser();
    User user1 = new User();
    user1.setAutoFields();
    User user2 = new User();
    user2.setAutoFields();
    User user3 = new User();
    user3.setAutoFields();
    User user4 = new User();
    user4.setAutoFields();
    UserGroup userGroup1 = new UserGroup();
    userGroup1.setAutoFields();
    UserGroup userGroup2 = new UserGroup();
    userGroup2.setAutoFields();
    user1.getGroups().add(userGroup1);
    user1.getGroups().add(userGroup2);
    user4.getGroups().add(userGroup2);
    Map<String, UserAccess> userSharing = new HashMap<>();
    userSharing.put(user1.getUid(), new UserAccess(user1, AccessStringHelper.DEFAULT));
    userSharing.put(user2.getUid(), new UserAccess(user2, AccessStringHelper.READ));
    userSharing.put(user3.getUid(), new UserAccess(user3, AccessStringHelper.DEFAULT));
    userSharing.put(user4.getUid(), new UserAccess(user4, AccessStringHelper.DEFAULT));
    Map<String, UserGroupAccess> userGroupSharing = new HashMap<>();
    userGroupSharing.put(userGroup1.getUid(), new UserGroupAccess(userGroup1, AccessStringHelper.READ_WRITE));
    userGroupSharing.put(userGroup2.getUid(), new UserGroupAccess(userGroup2, AccessStringHelper.DEFAULT));
    DataElement dataElement = createDataElement('A');
    String dataElementUid = "deabcdefghA";
    dataElement.setUid(dataElementUid);
    dataElement.setCreatedBy(admin);
    Sharing sharing = Sharing.builder().external(false).publicAccess(AccessStringHelper.DEFAULT).owner("testOwner").userGroups(userGroupSharing).users(userSharing).build();
    dataElement.setSharing(sharing);
    dataElementStore.save(dataElement, false);
    dataElement = dataElementStore.getByUidNoAcl(dataElementUid);
    assertNotNull(dataElement.getSharing());
    assertEquals(2, dataElement.getSharing().getUserGroups().size());
    assertEquals(4, dataElement.getSharing().getUsers().size());
    // User1 can't access but it belong to UserGroup1 which has access
    assertNotNull(dataElementStore.getDataElement(dataElement.getUid(), user1));
    // User2 has access to DEA
    assertNotNull(dataElementStore.getDataElement(dataElement.getUid(), user2));
    // User3 doesn't have access and also does't belong to any groups
    assertNull(dataElementStore.getDataElement(dataElement.getUid(), user3));
    // User4 doesn't have access and it belong to UserGroup2 which also
    // doesn't have access
    assertNull(dataElementStore.getDataElement(dataElement.getUid(), user4));
}