fix: Validate search scope when scheduled event [DHIS2-17335][2.41] (#…

…19458)

dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/validation/validator/event/SecurityOwnershipValidator.java

@@ -110,13 +110,18 @@ public void validate(
       organisationUnit = bundle.getPreheat().getOrganisationUnit(event.getOrgUnit());
     }
 
-    // If event is newly created, or going to be deleted, capture scope
-    // has to be checked
     if (program.isWithoutRegistration() || strategy.isCreate() || strategy.isDelete()) {
       if (organisationUnit == null) {
         log.warn(ORG_UNIT_NO_USER_ASSIGNED, event.getUid());
       } else {
-        checkOrgUnitInCaptureScope(reporter, bundle, event, organisationUnit);
+        checkEventOrgUnitWriteAccess(
+            reporter,
+            event,
+            organisationUnit,
+            strategy.isCreate()
+                ? event.isCreatableInSearchScope()
+                : preheatEvent.isCreatableInSearchScope(),
+            bundle.getUser());
       }
     }
 
@@ -253,18 +258,6 @@ public boolean needsToRun(TrackerImportStrategy strategy) {
     return true;
   }
 
-  private void checkOrgUnitInCaptureScope(
-      Reporter reporter, TrackerBundle bundle, TrackerDto dto, OrganisationUnit orgUnit) {
-    User user = bundle.getUser();
-
-    checkNotNull(user, USER_CANT_BE_NULL);
-    checkNotNull(orgUnit, ORGANISATION_UNIT_CANT_BE_NULL);
-
-    if (!organisationUnitService.isInUserHierarchyCached(user, orgUnit)) {
-      reporter.addError(dto, ValidationCode.E1000, user, orgUnit);
-    }
-  }
-
   private void checkTeTypeAndTeProgramAccess(
       Reporter reporter,
       TrackerDto dto,

dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/imports/validation/EventSecurityImportValidationTest.java

@@ -27,6 +27,7 @@
  */
 package org.hisp.dhis.tracker.imports.validation;
 
+import static org.hisp.dhis.tracker.Assertions.assertHasError;
 import static org.hisp.dhis.tracker.Assertions.assertHasOnlyErrors;
 import static org.hisp.dhis.tracker.Assertions.assertNoErrors;
 import static org.hisp.dhis.tracker.imports.validation.Users.USER_3;
@@ -66,9 +67,7 @@
 import org.hisp.dhis.tracker.imports.TrackerImportStrategy;
 import org.hisp.dhis.tracker.imports.domain.TrackerObjects;
 import org.hisp.dhis.tracker.imports.report.ImportReport;
-import org.hisp.dhis.user.CurrentUserUtil;
 import org.hisp.dhis.user.User;
-import org.hisp.dhis.user.UserDetails;
 import org.hisp.dhis.user.UserService;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -130,9 +129,6 @@ protected void initTest() throws IOException {
     setUpMetadata("tracker/tracker_basic_metadata.json");
     injectAdminUser();
 
-    UserDetails currentUserDetails = CurrentUserUtil.getCurrentUserDetails();
-    Set<String> allAuthorities = currentUserDetails.getAllAuthorities();
-
     assertNoErrors(
         trackerImportService.importTracker(
             new TrackerImportParams(),
@@ -211,16 +207,12 @@ private void setupMetadata() {
     trackedEntityProgramOwnerService.updateTrackedEntityProgramOwner(
         maleA.getUid(), programA.getUid(), organisationUnitA.getUid());
     manager.update(programA);
-    User user = userService.getUser(USER_5);
     OrganisationUnit qfUVllTs6cS = organisationUnitService.getOrganisationUnit("QfUVllTs6cS");
-    user.addOrganisationUnit(qfUVllTs6cS);
-    user.addOrganisationUnit(organisationUnitA);
     User adminUser = userService.getUser(ADMIN_USER_UID);
     adminUser.addOrganisationUnit(organisationUnitA);
     Program p = programService.getProgram("prabcdefghA");
     p.addOrganisationUnit(qfUVllTs6cS);
     programService.updateProgram(p);
-    manager.update(user);
     manager.update(adminUser);
   }
 
@@ -267,4 +259,32 @@ void testNoUncompleteEventAuth() throws IOException {
     importReport = trackerImportService.importTracker(params, trackerObjects);
     assertHasOnlyErrors(importReport, ValidationCode.E1083);
   }
+
+  @Test
+  void shouldSucceedWhenCreatingScheduledEventFromInsideSearchOrgUnit() throws IOException {
+    TrackerObjects trackerObjects =
+        fromJson("tracker/validations/events-scheduled-with-registration.json");
+    TrackerImportParams params = TrackerImportParams.builder().build();
+    params.setImportStrategy(TrackerImportStrategy.CREATE);
+    OrganisationUnit orgUnit = organisationUnitService.getOrganisationUnit("QfUVllTs6cS");
+    User user = userService.getUser(USER_5);
+    user.setTeiSearchOrganisationUnits(Set.of(orgUnit));
+    manager.update(user);
+    injectSecurityContextUser(user);
+    ImportReport importReport = trackerImportService.importTracker(params, trackerObjects);
+
+    assertNoErrors(importReport);
+  }
+
+  @Test
+  void shouldFailWhenCreatingScheduledEventFromOutsideSearchOrgUnit() throws IOException {
+    TrackerObjects trackerObjects =
+        fromJson("tracker/validations/events-scheduled-with-registration.json");
+    TrackerImportParams params = TrackerImportParams.builder().build();
+    params.setImportStrategy(TrackerImportStrategy.CREATE);
+    injectSecurityContextUser(userService.getUser(USER_5));
+    ImportReport importReport = trackerImportService.importTracker(params, trackerObjects);
+
+    assertHasError(importReport, ValidationCode.E1000);
+  }
 }

dhis-2/dhis-test-integration/src/test/resources/tracker/validations/events-scheduled-with-registration.json

@@ -0,0 +1,29 @@
+{
+  "events": [
+    {
+      "event": "ZwwuwNp6gVd",
+      "status": "SCHEDULE",
+      "program": {
+        "idScheme": "UID",
+        "identifier": "E8o1E9tAppy"
+      },
+      "programStage": {
+        "idScheme": "UID",
+        "identifier": "Qmqxq907VNz"
+      },
+      "enrollment": "MNWZ6hnuhSw",
+      "orgUnit": {
+        "idScheme": "UID",
+        "identifier": "QfUVllTs6cS"
+      },
+      "orgUnitName": "TA org_unit lvl2",
+      "scheduledAt": "2019-08-19T13:59:13.688",
+      "storedBy": "admin",
+      "deleted": false,
+      "attributeOptionCombo": {
+        "idScheme": "UID",
+        "identifier": "HllvX50cXC0"
+      }
+    }
+  ]
+}