/** * Convenient method that safely checks if user has given encounter privilege * * @param privilege the privilege to test * @param user the user instance to check if it has given privilege * @return true if given user has specified privilege */ private boolean userHasEncounterPrivilege(Privilege privilege, User user) { //If the encounter privilege is null, everyone can see and edit the encounter. if (privilege == null) { return true; } return user.hasPrivilege(privilege.getPrivilege()); }
&& (getAuthenticatedUser().hasPrivilege(privilege) || getAuthenticatedRole().hasPrivilege(privilege))) {
@Test public void changePasswordUsingSecretAnswer_shouldUpdatePasswordIfSecretIsCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); userService.changePasswordUsingSecretAnswer("answer", "userServiceTest2"); Context.authenticate(user.getUsername(), "userServiceTest2"); }
@Test public void changePasswordUsingSecretAnswer_shouldNotUpdatePasswordIfSecretIsNotCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIException.class); expectedException.expectMessage(messages.getMessage("secret.answer.not.correct")); userService.changePasswordUsingSecretAnswer("wrong answer", "userServiceTest2"); }
@Test public void changePassword_shouldNotUpdatePasswordOfGivenUserWhenLoggedInUserDoesNotHaveEditUsersPasswordPrivilege() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIAuthenticationException.class); expectedException.expectMessage( messages.getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user, "testTest123"); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldThrowExceptionIfOldPasswordIsNullAndChangingUserHaveNotPrivileges() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); assertFalse(user6001.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); String oldPassword = null; String newPassword = "newPasswordString"; //log in user without change user passwords privileges //user6001 has not got required priviliges Context.authenticate(user6001.getUsername(), "userServiceTest"); expectedException.expect(APIException.class); expectedException.expectMessage(messages .getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user6001, oldPassword, newPassword); }
private <C extends Collection<Form>> C addAllHtmlForms(C collection) { boolean showUnpublished = Context.getAuthenticatedUser().hasPrivilege(PrivilegeConstants.VIEW_UNPUBLISHED_FORMS); Set<Form> ret = new LinkedHashSet<Form>(); for (HtmlForm form : HtmlFormEntryUtil.getService().getAllHtmlForms()) { if (showUnpublished || form.getForm().getPublished()) ret.add(form.getForm()); } collection.addAll(ret); return collection; }