[Dhis2-devs] [Branch ~dhis2-devs-core/dhis2/trunk] Rev 14473: for update, delete check for sharing, require auth + sharing if sharing is enabled, only require a...

Thu, 27 Mar 2014 01:40:35 -0700 

------------------------------------------------------------
revno: 14473
committer: Morten Olav Hansen <morte...@gmail.com>
branch nick: dhis2
timestamp: Thu 2014-03-27 09:38:49 +0100
message:
  for update,delete check for sharing, require auth + sharing if sharing is 
enabled, only require auth if sharing is not enabled
modified:
  
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to 
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 08:25:39 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java	2014-03-27 08:38:49 +0000
@@ -151,17 +151,17 @@
     {
         Schema schema = schemaService.getSchema( object.getClass() );
 
-        if ( schema == null || !schema.isShareable() )
+        if ( schema == null )
         {
             return false;
         }
 
-        if ( schema.getAuthorityByType( AuthorityType.UPDATE ).isEmpty() )
+        if ( schema.isShareable() )
         {
-            return canWrite( user, object );
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
         }
 
-        return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) ) && canWrite( user, object );
+        return canAccess( user, schema.getAuthorityByType( AuthorityType.UPDATE ) );
     }
 
     @Override
@@ -169,17 +169,17 @@
     {
         Schema schema = schemaService.getSchema( object.getClass() );
 
-        if ( schema == null || !schema.isShareable() )
+        if ( schema == null )
         {
             return false;
         }
 
-        if ( schema.getAuthorityByType( AuthorityType.DELETE ).isEmpty() )
+        if ( schema.isShareable() )
         {
-            return canWrite( user, object );
+            return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
         }
 
-        return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) ) && canWrite( user, object );
+        return canAccess( user, schema.getAuthorityByType( AuthorityType.DELETE ) );
     }
 
     @Override
@@ -193,8 +193,8 @@
         }
 
         if ( haveOverrideAuthority( user )
+            || user.equals( object.getUser() )
             || (object.getUser() == null && canCreatePublic( user, object.getClass() ) && !schema.getAuthorityByType( AuthorityType.CREATE_PRIVATE ).isEmpty())
-            || user.equals( object.getUser() )
             || AccessStringHelper.canWrite( object.getPublicAccess() ) )
         {
             return true;
@@ -262,6 +262,6 @@
 
     private boolean canAccess( User user, Collection<String> requiredAuthorities )
     {
-        return haveOverrideAuthority( user ) || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
+        return haveOverrideAuthority( user ) || requiredAuthorities.isEmpty() || containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
     }
 }


_______________________________________________
Mailing list: https://launchpad.net/~dhis2-devs
Post to     : dhis2-devs@lists.launchpad.net
Unsubscribe : https://launchpad.net/~dhis2-devs
More help   : https://help.launchpad.net/ListHelp

Reply via email to