/** * Tests whether the user has the given authority. Returns true in any case * if the user has the ALL authority. */ public boolean isAuthorized( String auth ) { return userCredentials != null && userCredentials.isAuthorized( auth ); }
@Override @Transactional public boolean currentUserIsAuthorized( String auth ) { User user = getCurrentUser(); return user != null && user.getUserCredentials().isAuthorized( auth ); } }
boolean hideUnapprovedData = systemSettingManager.hideUnapprovedDataInAnalytics(); ev.authorizedToApprove = ev.user.getUserCredentials().isAuthorized( DataApproval.AUTH_APPROVE ); ev.authorizedToApproveAtLowerLevels = ev.user.getUserCredentials().isAuthorized( DataApproval.AUTH_APPROVE_LOWER_LEVELS ); ev.authorizedToAcceptAtLowerLevels = ev.user.getUserCredentials().isAuthorized( DataApproval.AUTH_ACCEPT_LOWER_LEVELS ); Boolean authorizedToViewUnapprovedData = ev.user.getUserCredentials().isAuthorized( DataApproval.AUTH_VIEW_UNAPPROVED_DATA );
@Override public boolean canAddOrUpdateUser( Collection<String> userGroups, User currentUser ) { if ( currentUser == null ) { return false; } boolean canAdd = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD ); if ( canAdd ) { return true; } boolean canAddInGroup = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD_IN_GROUP ); if ( !canAddInGroup ) { return false; } boolean canManageAnyGroup = false; for ( String uid : userGroups ) { UserGroup userGroup = userGroupService.getUserGroup( uid ); if ( currentUser.canManage( userGroup ) ) { canManageAnyGroup = true; break; } } return canManageAnyGroup; }
@Override public boolean hasAnyAuthority( String... authorities ) { User user = currentUserService.getCurrentUser(); if ( user != null && user.getUserCredentials() != null ) { UserCredentials userCredentials = user.getUserCredentials(); for ( String authority : authorities ) { if ( userCredentials.isAuthorized( authority ) ) { return true; } } } return false; }
@Override public boolean canAddOrRemoveMember( String uid, User currentUser ) { UserGroup userGroup = getUserGroup( uid ); if ( userGroup == null || currentUser == null || currentUser.getUserCredentials() == null ) { return false; } boolean canUpdate = aclService.canUpdate( currentUser, userGroup ); boolean canAddMember = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_ADD_MEMBERS_TO_READ_ONLY_USER_GROUPS ); return canUpdate || canAddMember; }
if ( user.getUserCredentials().isAuthorized( DataApproval.AUTH_APPROVE_LOWER_LEVELS ) )
boolean canAdd = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD ); boolean canAddInGroup = currentUser.getUserCredentials().isAuthorized( UserGroup.AUTH_USER_ADD_IN_GROUP );
@Override public DataQueryParams withDataApprovalConstraints( DataQueryParams params ) { DataQueryParams.Builder paramsBuilder = DataQueryParams.newBuilder( params ); User user = currentUserService.getCurrentUser(); boolean hideUnapprovedData = systemSettingManager.hideUnapprovedDataInAnalytics(); boolean canViewUnapprovedData = user != null ? user.getUserCredentials().isAuthorized( DataApproval.AUTH_VIEW_UNAPPROVED_DATA ) : true; if ( hideUnapprovedData && user != null ) { Map<OrganisationUnit, Integer> approvalLevels = null; if ( params.hasApprovalLevel() ) { // Set approval level from query DataApprovalLevel approvalLevel = approvalLevelService.getDataApprovalLevel( params.getApprovalLevel() ); throwExWhenTrue( approvalLevel == null, String.format( "Approval level does not exist: %s", params.getApprovalLevel() ) ); approvalLevels = approvalLevelService.getUserReadApprovalLevels( approvalLevel ); } else if ( !canViewUnapprovedData ) { // Set approval level from user level approvalLevels = approvalLevelService.getUserReadApprovalLevels(); } if ( approvalLevels != null && !approvalLevels.isEmpty() ) { paramsBuilder.withDataApprovalLevels( approvalLevels ); log.debug( String.format( "User: %s constrained by data approval levels: %s", user.getUsername(), approvalLevels.values() ) ); } } return paramsBuilder.build(); }
&& !userCredentials.isAuthorized( "F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS" ) )
if ( !userCredentials.isSuper() && !userCredentials.isAuthorized( "F_UNCOMPLETE_EVENT" ) )