------------------------------------------------------------ revno: 17140 committer: Lars Helge Overland <larshe...@gmail.com> branch nick: dhis2 timestamp: Thu 2014-10-16 19:23:01 +0200 message: SecurityService, split function for validating user restore/invite to separate method modified: dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java
-- lp:dhis2 https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk Your team DHIS 2 developers is subscribed to branch lp:dhis2. To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java' --- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java 2014-10-16 06:17:19 +0000 +++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java 2014-10-16 17:23:01 +0000 @@ -510,7 +510,7 @@ if ( queries.size() > 1 ) { - log.info( "Split on org unit level: " + queries.size() ); + log.debug( "Split on org unit level: " + queries.size() ); } return queries; === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-10-16 06:17:19 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/DefaultSecurityService.java 2014-10-16 17:23:01 +0000 @@ -149,6 +149,36 @@ } @Override + public String validateRestore( UserCredentials credentials ) + { + if ( !systemSettingManager.emailEnabled() ) + { + log.info( "Could not send restore/invite message as email is not configured" ); + return "email_not_configured_for_system"; + } + + if ( credentials == null || credentials.getUser() == null ) + { + log.info( "Could not send restore/invite message as user does not exist: " + credentials ); + return "user_does_not_exist"; + } + + if ( credentials.getUser().getEmail() == null || !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) ) + { + log.info( "Could not send restore/invite message as user has no email or email is invalid" ); + return "user_does_not_have_valid_email"; + } + + if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) ) + { + log.info( "Not allowed to restore/invite users with critical authorities" ); + return "user_has_critical_authorities"; + } + + return null; + } + + @Override public boolean sendRestoreMessage( UserCredentials credentials, String rootPath, RestoreOptions restoreOptions ) { if ( credentials == null || rootPath == null ) @@ -156,32 +186,13 @@ return false; } + if ( validateRestore( credentials ) != null ) + { + return false; + } + RestoreType restoreType = restoreOptions.getRestoreType(); - if ( credentials.getUser() == null || credentials.getUser().getEmail() == null ) - { - log.info( "Could not send " + restoreType.name() + " message as user does not exist or has no email: " + credentials ); - return false; - } - - if ( !ValidationUtils.emailIsValid( credentials.getUser().getEmail() ) ) - { - log.info( "Could not send " + restoreType.name() + " message as email is invalid" ); - return false; - } - - if ( !systemSettingManager.emailEnabled() ) - { - log.info( "Could not send " + restoreType.name() + " message as email is not configured" ); - return false; - } - - if ( credentials.hasAnyAuthority( Arrays.asList( UserAuthorityGroup.CRITICAL_AUTHS ) ) ) - { - log.info( "Not allowed to " + restoreType.name() + " users with critical authorities" ); - return false; - } - String[] result = initRestore( credentials, restoreOptions ); Set<User> users = new HashSet<>(); @@ -351,7 +362,7 @@ if ( restoreCode == null ) { - return "account_restoreCode_is_null"; + return "account_restore_code_is_null"; } boolean validCode = passwordManager.tokenMatches( code, restoreCode, credentials.getUsername() ); === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java 2014-09-30 12:29:45 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/security/SecurityService.java 2014-10-16 17:23:01 +0000 @@ -45,6 +45,22 @@ * @return true if the invitation was sent, otherwise false. */ boolean prepareUserForInvite( User user ); + + /** + * Indicates whether a restore/invite is allowed for the given user. The + * requirements are:</p> + * + * <ul> + * <li>email_not_configured_for_system</li> + * <li>user_does_not_exist</li> + * <li>user_does_not_have_valid_email</li> + * <li>user_has_critical_authorities</li> + * </ul> + * + * @param credentials + * @return a string if restore cannot be performed, null otherwise. + */ + String validateRestore( UserCredentials credentials ); /** * Invokes the initRestore method and dispatches email messages with === modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java' --- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-10-16 06:17:19 +0000 +++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/java/org/hisp/dhis/user/action/AddUserAction.java 2014-10-16 17:23:01 +0000 @@ -447,7 +447,7 @@ if ( ACCOUNT_ACTION_INVITE.equals( accountAction ) ) { - RestoreOptions restoreOptions = inviteUsername.isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME; + RestoreOptions restoreOptions = inviteUsername == null || inviteUsername.isEmpty() ? RestoreOptions.INVITE_WITH_USERNAME_CHOICE : RestoreOptions.INVITE_WITH_DEFINED_USERNAME; securityService.sendRestoreMessage( userCredentials, getRootPath(), restoreOptions ); }
_______________________________________________ Mailing list: https://launchpad.net/~dhis2-devs Post to : dhis2-devs@lists.launchpad.net Unsubscribe : https://launchpad.net/~dhis2-devs More help : https://help.launchpad.net/ListHelp