From 1eb8da6cb3599789033923d2ce3410da3a065116 Mon Sep 17 00:00:00 2001 From: Marc Date: Wed, 6 Dec 2023 17:48:22 +0100 Subject: [PATCH] fix: Skip tmp tables check for closed programs [TECH-1671] [2.39] --- .../DefaultTrackerOwnershipManager.java | 8 ++- .../TrackerOwnershipManagerTest.java | 49 +++++++++++++++++++ 2 files changed, 55 insertions(+), 2 deletions(-) diff --git a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java index 9b622f8775e5..a044f33da826 100644 --- a/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java +++ b/dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackerOwnershipManager.java @@ -250,9 +250,11 @@ public boolean hasAccess(User user, TrackedEntityInstance entityInstance, Progra if (program.isOpen() || program.isAudited()) { return organisationUnitService.isInUserSearchHierarchyCached(user, ou); - } else { + } else if (program.isProtected()) { return organisationUnitService.isInUserHierarchyCached(user, ou) || hasTemporaryAccess(entityInstance, program, user); + } else { + return organisationUnitService.isInUserHierarchyCached(user, ou); } } @@ -266,9 +268,11 @@ public boolean hasAccess( if (program.isOpen() || program.isAudited()) { return organisationUnitService.isInUserSearchHierarchyCached(user, owningOrgUnit); - } else { + } else if (program.isProtected()) { return organisationUnitService.isInUserHierarchyCached(user, owningOrgUnit) || hasTemporaryAccessWithUid(entityInstance, program, user); + } else { + return organisationUnitService.isInUserHierarchyCached(user, owningOrgUnit); } } diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java index 259303852c63..2b2cc93d1d87 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java @@ -66,6 +66,8 @@ class TrackerOwnershipManagerTest extends IntegrationTestBase { private Program programA; + private Program programB; + private User userA; private User userB; @@ -87,6 +89,9 @@ protected void setUpTest() throws Exception { programA = createProgram('A'); programA.setAccessLevel(AccessLevel.PROTECTED); programService.addProgram(programA); + programB = createProgram('B'); + programB.setAccessLevel(AccessLevel.CLOSED); + programService.addProgram(programB); userA = createUserWithAuth("userA"); userA.addOrganisationUnit(organisationUnitA); @@ -129,4 +134,48 @@ void testTransferOwnership() { assertFalse(trackerOwnershipAccessManager.hasAccess(userA, entityInstanceA1, programA)); assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA)); } + + @Test + void shouldHaveAccessWhenProgramProtectedAndUserInCaptureScope() { + assertTrue(trackerOwnershipAccessManager.hasAccess(userA, entityInstanceA1, programA)); + assertTrue( + trackerOwnershipAccessManager.hasAccess( + userA, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA)); + } + + @Test + void shouldHaveAccessWhenProgramProtectedAndHasTemporaryAccess() { + trackerOwnershipAccessManager.grantTemporaryOwnership( + entityInstanceA1, programA, userB, "test protected program"); + assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA)); + assertTrue( + trackerOwnershipAccessManager.hasAccess( + userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA)); + } + + @Test + void shouldNotHaveAccessWhenProgramProtectedAndUserNotInCaptureScopeNorHasTemporaryAccess() { + assertFalse(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programA)); + assertFalse( + trackerOwnershipAccessManager.hasAccess( + userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programA)); + } + + @Test + void shouldHaveAccessWhenProgramClosedAndUserInCaptureScope() { + assertTrue(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceB1, programB)); + assertTrue( + trackerOwnershipAccessManager.hasAccess( + userB, entityInstanceB1.getUid(), entityInstanceB1.getOrganisationUnit(), programB)); + } + + @Test + void shouldNotHaveAccessWhenProgramClosedAndUserHasTemporaryAccess() { + trackerOwnershipAccessManager.grantTemporaryOwnership( + entityInstanceA1, programB, userB, "test closed program"); + assertFalse(trackerOwnershipAccessManager.hasAccess(userB, entityInstanceA1, programB)); + assertFalse( + trackerOwnershipAccessManager.hasAccess( + userB, entityInstanceA1.getUid(), entityInstanceA1.getOrganisationUnit(), programB)); + } }