Merge branch 'master' into TECH-1668-validate-non-superuser-events-acl

dhis2 · Nov 28, 2023 · dcc5beb · dcc5beb
2 parents bec38a0 + e434a0b
commit dcc5beb
Show file tree

Hide file tree

Showing 2 changed files with 62 additions and 4 deletions.
diff --git a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/CurrentUserUtil.java b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/user/CurrentUserUtil.java
@@ -94,10 +94,6 @@ public static CurrentUserDetails getCurrentUserDetails() {
     // Principal being a string implies anonymous authentication
     // This is the state before the user is authenticated.
     if (principal instanceof String) {
-      if (!"anonymousUser".equals(principal)) {
-        return null;
-      }
-
       return null;
     }
 

diff --git a/.../dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/CurrentUserUtilTest.java b/.../dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/CurrentUserUtilTest.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2004-2023, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+package org.hisp.dhis.webapi.controller;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import org.hisp.dhis.user.CurrentUserDetails;
+import org.hisp.dhis.user.CurrentUserUtil;
+import org.hisp.dhis.webapi.DhisControllerConvenienceTest;
+import org.junit.jupiter.api.Test;
+
+/**
+ * @author david mackessy
+ */
+class CurrentUserUtilTest extends DhisControllerConvenienceTest {
+
+  @Test
+  void testCurrentUserDetailsIsSuper() {
+    switchToNewUser("newSuperuser", "ALL");
+    CurrentUserDetails newSuperuser = CurrentUserUtil.getCurrentUserDetails();
+    assertNotNull(newSuperuser);
+    assertEquals("newSuperuser", newSuperuser.getUsername());
+    assertTrue(newSuperuser.isSuper());
+  }
+
+  @Test
+  void testCurrentUserDetailsIsNotSuper() {
+    switchToNewUser("basicUser", "NONE");
+    CurrentUserDetails basicUser = CurrentUserUtil.getCurrentUserDetails();
+    assertNotNull(basicUser);
+    assertEquals("basicUser", basicUser.getUsername());
+    assertFalse(basicUser.isSuper());
+  }
+}