diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/validation/validator/event/SecurityOwnershipValidator.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/validation/validator/event/SecurityOwnershipValidator.java index 505ad94c96b..69e94d85963 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/validation/validator/event/SecurityOwnershipValidator.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/validation/validator/event/SecurityOwnershipValidator.java @@ -66,9 +66,6 @@ @Slf4j class SecurityOwnershipValidator implements Validator { - private static final String ORG_UNIT_NO_USER_ASSIGNED = - "Event {} has no organisation unit assigned, so we skip user validation"; - @Nonnull private final AclService aclService; @Nonnull private final TrackerOwnershipManager ownershipAccessManager; @@ -93,10 +90,15 @@ public void validate( organisationUnit = bundle.getPreheat().getOrganisationUnit(event.getOrgUnit()); } - // If event is newly created, or going to be deleted, capture scope - // has to be checked if (program.isWithoutRegistration() || strategy.isCreate() || strategy.isDelete()) { - checkOrgUnitInCaptureScope(reporter, event, organisationUnit, bundle.getUser()); + checkEventOrgUnitWriteAccess( + reporter, + event, + organisationUnit, + strategy.isCreate() + ? event.isCreatableInSearchScope() + : preheatEvent.isCreatableInSearchScope(), + bundle.getUser()); } UID teUid = getTeUidFromEvent(bundle, event, program); @@ -228,13 +230,6 @@ public boolean needsToRun(TrackerImportStrategy strategy) { return true; } - private void checkOrgUnitInCaptureScope( - Reporter reporter, TrackerDto dto, OrganisationUnit orgUnit, UserDetails user) { - if (!user.isInUserHierarchy(orgUnit.getPath())) { - reporter.addError(dto, ValidationCode.E1000, user, orgUnit); - } - } - private void checkTeTypeAndTeProgramAccess( Reporter reporter, TrackerDto dto, diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/imports/validation/EventSecurityImportValidationTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/imports/validation/EventSecurityImportValidationTest.java index 7785acafad4..76695043d1d 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/imports/validation/EventSecurityImportValidationTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/imports/validation/EventSecurityImportValidationTest.java @@ -27,6 +27,7 @@ */ package org.hisp.dhis.tracker.imports.validation; +import static org.hisp.dhis.tracker.Assertions.assertHasError; import static org.hisp.dhis.tracker.Assertions.assertHasOnlyErrors; import static org.hisp.dhis.tracker.Assertions.assertNoErrors; import static org.hisp.dhis.tracker.imports.validation.Users.USER_3; @@ -37,6 +38,7 @@ import java.util.Calendar; import java.util.Date; import java.util.HashSet; +import java.util.Set; import org.hisp.dhis.common.IdentifiableObjectManager; import org.hisp.dhis.common.ValueType; import org.hisp.dhis.dataelement.DataElement; @@ -207,15 +209,11 @@ void setUp() throws IOException { trackedEntityProgramOwnerService.updateTrackedEntityProgramOwner( maleA, programA, organisationUnitA); manager.update(programA); - User user = userService.getUser(USER_5); OrganisationUnit qfUVllTs6cS = organisationUnitService.getOrganisationUnit("QfUVllTs6cS"); - user.addOrganisationUnit(qfUVllTs6cS); - user.addOrganisationUnit(organisationUnitA); importUser.addOrganisationUnit(organisationUnitA); Program p = programService.getProgram("prabcdefghA"); p.addOrganisationUnit(qfUVllTs6cS); programService.updateProgram(p); - manager.update(user); manager.update(importUser); } @@ -269,4 +267,32 @@ void testNoUncompleteEventAuth() throws IOException { importReport = trackerImportService.importTracker(params, trackerObjects); assertHasOnlyErrors(importReport, ValidationCode.E1083); } + + @Test + void shouldSucceedWhenCreatingScheduledEventFromInsideSearchOrgUnit() throws IOException { + TrackerObjects trackerObjects = + fromJson("tracker/validations/events-scheduled-with-registration.json"); + TrackerImportParams params = TrackerImportParams.builder().build(); + params.setImportStrategy(TrackerImportStrategy.CREATE); + OrganisationUnit orgUnit = organisationUnitService.getOrganisationUnit("QfUVllTs6cS"); + User user = userService.getUser(USER_5); + user.setTeiSearchOrganisationUnits(Set.of(orgUnit)); + manager.update(user); + injectSecurityContextUser(user); + ImportReport importReport = trackerImportService.importTracker(params, trackerObjects); + + assertNoErrors(importReport); + } + + @Test + void shouldFailWhenCreatingScheduledEventFromOutsideSearchOrgUnit() throws IOException { + TrackerObjects trackerObjects = + fromJson("tracker/validations/events-scheduled-with-registration.json"); + TrackerImportParams params = TrackerImportParams.builder().build(); + params.setImportStrategy(TrackerImportStrategy.CREATE); + injectSecurityContextUser(userService.getUser(USER_5)); + ImportReport importReport = trackerImportService.importTracker(params, trackerObjects); + + assertHasError(importReport, ValidationCode.E1000); + } } diff --git a/dhis-2/dhis-test-integration/src/test/resources/tracker/validations/events-scheduled-with-registration.json b/dhis-2/dhis-test-integration/src/test/resources/tracker/validations/events-scheduled-with-registration.json new file mode 100644 index 00000000000..a4baaa2cc55 --- /dev/null +++ b/dhis-2/dhis-test-integration/src/test/resources/tracker/validations/events-scheduled-with-registration.json @@ -0,0 +1,29 @@ +{ + "events": [ + { + "event": "ZwwuwNp6gVd", + "status": "SCHEDULE", + "program": { + "idScheme": "UID", + "identifier": "E8o1E9tAppy" + }, + "programStage": { + "idScheme": "UID", + "identifier": "Qmqxq907VNz" + }, + "enrollment": "MNWZ6hnuhSw", + "orgUnit": { + "idScheme": "UID", + "identifier": "QfUVllTs6cS" + }, + "orgUnitName": "TA org_unit lvl2", + "scheduledAt": "2019-08-19T13:59:13.688", + "storedBy": "admin", + "deleted": false, + "attributeOptionCombo": { + "idScheme": "UID", + "identifier": "HllvX50cXC0" + } + } + ] +} \ No newline at end of file