Commit 2d4fd82d authored by COTONNEC's avatar COTONNEC
Browse files

Merge remote-tracking branch 'origin/develop' into develop

parents a035a519 3ca75b9d
......@@ -588,14 +588,12 @@ public class ReferentialDaoImpl
statusIdsClause = builder.in(entityRoot.get(IWithStatusEntity.Fields.STATUS).get(IEntity.Fields.ID)).value(statusIdsParam);
}
// Excluded Ids
// Included Ids
Predicate includedClause = null;
ParameterExpression<Collection> includedIdsParam = null;
if (ArrayUtils.isNotEmpty(includedIds)) {
includedIdsParam = builder.parameter(Collection.class);
includedClause = builder.not(
builder.in(entityRoot.get(IEntity.Fields.ID)).value(includedIdsParam)
);
includedClause = builder.in(entityRoot.get(IEntity.Fields.ID)).value(includedIdsParam);
}
// Excluded Ids
......
......@@ -98,6 +98,10 @@ public class SumarisServerConfiguration extends SumarisConfiguration {
super.overrideExternalModulesDefaultOptions(applicationConfig);
}
public int getSupervisorDepartment() {
return applicationConfig.getOptionAsInt(SumarisServerConfigurationOption.SUPERVISOR_DEPARTMENT.getKey());
}
public String getAuthRoleForNotSelfData() {
return applicationConfig.getOption(SumarisServerConfigurationOption.AUTH_ROLE_NOT_SELF_DATA_ACCESS.getKey());
}
......
......@@ -162,6 +162,13 @@ public enum SumarisServerConfigurationOption implements ConfigOptionDef {
null, // NUll == auto detected
String.class),
SUPERVISOR_DEPARTMENT(
"sumaris.supervisor.department",
n("sumaris.config.option.supervisor.department.description"),
null,
Integer.class,
false),
APP_MIN_VERSION(
"sumaris.app.version.min",
n("sumaris.config.option.sumaris.app.version.min.description"),
......
......@@ -1395,32 +1395,38 @@ public class DataGraphQLService {
protected TripFilterVO fillTripFilterDefaults(TripFilterVO filter) {
TripFilterVO result = filter != null ? filter : new TripFilterVO();
// Restrict to self data - issue #199
if (!canAccessNotSelfData()) {
PersonVO user = authService.getAuthenticatedUser().orElse(null);
if (user != null) {
result.setRecorderDepartmentId(null);
// Restrict to self data and/or department data
PersonVO user = authService.getAuthenticatedUser().orElse(null);
if (user != null) {
if (!canAccessNotSelfData()) {
result.setRecorderPersonId(user.getId());
} else {
result.setRecorderPersonId(-999); // Hide all. Should never occur
}
if (!canAccessNotSelfDepartmentData(user)) {
result.setRecorderDepartmentId(user.getDepartment().getId());
}
} else {
result.setRecorderPersonId(-999); // Hide all. Should never occur
}
return result;
}
protected ObservedLocationFilterVO fillObserveLocationFilterDefaults(ObservedLocationFilterVO filter) {
ObservedLocationFilterVO result = filter != null ? filter : new ObservedLocationFilterVO();
// Restrict to self data - issue #199
if (!canAccessNotSelfData()) {
PersonVO user = authService.getAuthenticatedUser().orElse(null);
if (user != null) {
result.setRecorderDepartmentId(null);
// Restrict to self data and/or department data
PersonVO user = authService.getAuthenticatedUser().orElse(null);
if (user != null) {
if (!canAccessNotSelfData()) {
result.setRecorderPersonId(user.getId());
} else {
result.setRecorderPersonId(-999); // Hide all. Should never occur
}
if (!canAccessNotSelfDepartmentData(user)) {
result.setRecorderDepartmentId(user.getDepartment().getId());
}
} else {
result.setRecorderPersonId(-999); // Hide all. Should never occur
}
return result;
}
......@@ -1429,6 +1435,11 @@ public class DataGraphQLService {
return StringUtils.isBlank(minRole) || authService.hasAuthority(minRole);
}
protected boolean canAccessNotSelfDepartmentData(PersonVO user) {
int supervisorDepartment = config.getSupervisorDepartment();
return supervisorDepartment == 0 || supervisorDepartment == user.getDepartment().getId();
}
/**
* Check user is admin
*/
......
......@@ -94,5 +94,7 @@
<SOFTWARE_PROPERTY ID="111" STATUS_FK="1" SOFTWARE_FK="5" CREATION_DATE="2019-02-11" LABEL="sumaris.analyticReferences.enable" NAME="true"/>
<SOFTWARE_PROPERTY ID="112" STATUS_FK="1" SOFTWARE_FK="5" CREATION_DATE="2019-02-11" LABEL="sumaris.persistence.technicalTables.update" NAME="false"/>
<SOFTWARE_PROPERTY ID="113" STATUS_FK="1" SOFTWARE_FK="5" CREATION_DATE="2019-02-11" LABEL="sumaris.menu.items" NAME="[{&#34;title&#34;: &#34;Lignes de plan&#34;, &#34;path&#34;: &#34;/referential/programs/40/strategies&#34;,&#34;before&#34;:&#34;MENU.OCCASIONS&#34;, &#34;icon&#34;: &#34;contract&#34;, &#34;profile&#34;: &#34;USER&#34;}]"/>
<SOFTWARE_PROPERTY ID="114" STATUS_FK="1" SOFTWARE_FK="5" CREATION_DATE="2019-02-11" LABEL="sumaris.auth.notSelfDataAccess.role" NAME="ROLE_USER"/>
<SOFTWARE_PROPERTY ID="115" STATUS_FK="1" SOFTWARE_FK="5" CREATION_DATE="2019-02-11" LABEL="sumaris.supervisor.department" NAME="3"/>
</dataset>
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment