fix: Skip tmp tables check for closed programs [TECH-1671] [2.39]

dhis2 · Dec 6, 2023 · 1eb8da6 · 1eb8da6
1 parent dff245b
commit 1eb8da6
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 2 deletions.
diff --git a/...ervice-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java b/...ervice-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java
@@ -250,9 +250,11 @@ public boolean hasAccess(User user, TrackedEntityInstance entityInstance, Progra
 
     if (program.isOpen() || program.isAudited()) {
       return organisationUnitService.isInUserSearchHierarchyCached(user, ou);
-    } else {
+    } else if (program.isProtected()) {
       return organisationUnitService.isInUserHierarchyCached(user, ou)
           || hasTemporaryAccess(entityInstance, program, user);
+    } else {
+      return organisationUnitService.isInUserHierarchyCached(user, ou);
     }
   }
 
@@ -266,9 +268,11 @@ public boolean hasAccess(
 
     if (program.isOpen() || program.isAudited()) {
       return organisationUnitService.isInUserSearchHierarchyCached(user, owningOrgUnit);
-    } else {
+    } else if (program.isProtected()) {
       return organisationUnitService.isInUserHierarchyCached(user, owningOrgUnit)
           || hasTemporaryAccessWithUid(entityInstance, program, user);
+    } else {
+      return organisationUnitService.isInUserHierarchyCached(user, owningOrgUnit);
     }
   }
 

diff --git a/...st-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java b/...st-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java
@@ -66,6 +66,8 @@ class TrackerOwnershipManagerTest extends IntegrationTestBase {
 
   private Program programA;
 
+  private Program programB;
+
   private User userA;
 
   private User userB;
@@ -87,6 +89,9 @@ protected void setUpTest() throws Exception {
     programA = createProgram('A');
     programA.setAccessLevel(AccessLevel.PROTECTED);
     programService.addProgram(programA);
+    programB = createProgram('B');
+    programB.setAccessLevel(AccessLevel.CLOSED);
+    programService.addProgram(programB);
 
     userA = createUserWithAuth("userA");
     userA.addOrganisationUnit(organisationUnitA);
@@ -129,4 +134,48 @@ void testTransferOwnership() {
     assertFalse(trackerOwnershipAccessManager.hasAccess(userA, entityInstanceA1, programA));
     assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA));
   }
+
+  @Test
+  void shouldHaveAccessWhenProgramProtectedAndUserInCaptureScope() {
+    assertTrue(trackerOwnershipAccessManager.hasAccess(userA, entityInstanceA1, programA));
+    assertTrue(
+        trackerOwnershipAccessManager.hasAccess(
+            userA, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA));
+  }
+
+  @Test
+  void shouldHaveAccessWhenProgramProtectedAndHasTemporaryAccess() {
+    trackerOwnershipAccessManager.grantTemporaryOwnership(
+        entityInstanceA1, programA, userB, "test protected program");
+    assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA));
+    assertTrue(
+        trackerOwnershipAccessManager.hasAccess(
+            userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA));
+  }
+
+  @Test
+  void shouldNotHaveAccessWhenProgramProtectedAndUserNotInCaptureScopeNorHasTemporaryAccess() {
+    assertFalse(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA));
+    assertFalse(
+        trackerOwnershipAccessManager.hasAccess(
+            userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA));
+  }
+
+  @Test
+  void shouldHaveAccessWhenProgramClosedAndUserInCaptureScope() {
+    assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceB1, programB));
+    assertTrue(
+        trackerOwnershipAccessManager.hasAccess(
+            userB, entityInstanceB1.getUid(), entityInstanceB1.getOrganisationUnit(), programB));
+  }
+
+  @Test
+  void shouldNotHaveAccessWhenProgramClosedAndUserHasTemporaryAccess() {
+    trackerOwnershipAccessManager.grantTemporaryOwnership(
+        entityInstanceA1, programB, userB, "test closed program");
+    assertFalse(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programB));
+    assertFalse(
+        trackerOwnershipAccessManager.hasAccess(
+            userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programB));
+  }
 }