Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/AppAdminStartController.java =================================================================== diff -u -rebb0d2704ad7b786e82c9f170c2a47d604db9235 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/AppAdminStartController.java (.../AppAdminStartController.java) (revision ebb0d2704ad7b786e82c9f170c2a47d604db9235) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/AppAdminStartController.java (.../AppAdminStartController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -65,7 +65,7 @@ groupedLinks.add(new Object[] { AdminConstants.START_SYSADMIN_CONFIG_LINKS, links }); } - if (request.isUserInRole(Role.APPADMIN)) { + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { links = new ArrayList<>(); links.add(new LinkBean("timezonemanagement/start.do", "admin.timezone.title")); links.add(new LinkBean("loginmaintain.do", "appadmin.maintain.loginpage")); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java =================================================================== diff -u -r4d39e9dca40fc4b974cb775f27284fbd582c3615 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java (.../CleanupController.java) (revision 4d39e9dca40fc4b974cb775f27284fbd582c3615) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupController.java (.../CleanupController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -60,7 +60,7 @@ @RequestMapping(path = "/start") public String start(@ModelAttribute CleanupForm cleanupForm, HttpServletRequest request) throws Exception { // check user is sysadmin - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "CleanupAction"); request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); return "error"; @@ -77,7 +77,7 @@ @RequestMapping(path = "/files", method = RequestMethod.POST) public String cleanUpFiles(@ModelAttribute CleanupForm cleanupForm, HttpServletRequest request) throws Exception { // check user is sysadmin - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "CleanupTempFilesAction"); request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); return "error"; @@ -103,7 +103,7 @@ @RequestMapping(path = "/cache", method = RequestMethod.POST) public String cleanUpCache(HttpServletRequest request) throws MalformedObjectNameException { // check user is sysadmin - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "CleanupCacheAction"); request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); return "error"; @@ -116,7 +116,7 @@ @RequestMapping(path = "/garbage", method = RequestMethod.POST) public String cleanUpGarbage(HttpServletRequest request) throws MalformedObjectNameException { // check user is sysadmin - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "CleanupGarbageAction"); request.setAttribute("errorMessage", messageService.getMessage("error.need.sysadmin")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupPreviewLessonsController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupPreviewLessonsController.java (.../CleanupPreviewLessonsController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CleanupPreviewLessonsController.java (.../CleanupPreviewLessonsController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -33,7 +33,6 @@ import org.lamsfoundation.lams.lesson.service.ILessonService; import org.lamsfoundation.lams.monitoring.service.IMonitoringService; import org.lamsfoundation.lams.security.ISecurityService; -import org.lamsfoundation.lams.usermanagement.Role; import org.lamsfoundation.lams.usermanagement.dto.UserDTO; import org.lamsfoundation.lams.util.JsonUtil; import org.lamsfoundation.lams.util.MessageService; @@ -67,18 +66,12 @@ @RequestMapping(path = "/start") public String unspecified(HttpServletRequest request, HttpServletResponse response) throws IOException { - + if (!securityService.isAppadmin(getUserID(), "display cleanup preview lessons")) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not an appadmin"); return null; } - if (!(request.isUserInRole(Role.APPADMIN))) { - request.setAttribute("errorName", "CleanupPreviewLessonsController"); - request.setAttribute("errorMessage", messageService.getMessage("error.need.appadmin")); - return "error"; - } - long[] lessonCount = lessonService.getPreviewLessonCount(); request.setAttribute("previewCount", lessonCount[0]); request.setAttribute("allLessonCount", lessonCount[1]); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CloneLessonsController.java =================================================================== diff -u -rc7c5d74f9c402bdab97bd3fd46436adbfa9202b8 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CloneLessonsController.java (.../CloneLessonsController.java) (revision c7c5d74f9c402bdab97bd3fd46436adbfa9202b8) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/CloneLessonsController.java (.../CloneLessonsController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -64,7 +64,7 @@ @RequestMapping(path = "/start") public String execute(HttpServletRequest request, HttpServletResponse response) throws UserAccessDeniedException { - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { throw new UserAccessDeniedException(); } Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java (.../DisabledUserManageController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java (.../DisabledUserManageController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -50,7 +50,8 @@ @RequestMapping("/disabledmanage") public String execute(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "DisabledUserManageAction"); request.setAttribute("errorMessage", adminMessageService.getMessage("error.need.appadmin")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LogEventController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LogEventController.java (.../LogEventController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/LogEventController.java (.../LogEventController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -71,7 +71,7 @@ public String unspecified(HttpServletRequest request) throws Exception { // check permission - if (!request.isUserInRole(Role.APPADMIN)) { + if (!request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { request.setAttribute("errorName", "EventLogAdmin"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -103,7 +103,7 @@ throws ServletException, IOException { // check permission - if (!request.isUserInRole(Role.APPADMIN)) { + if (!request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { request.setAttribute("errorName", "EventLogAdmin"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java (.../OrgManageController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java (.../OrgManageController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -23,7 +23,6 @@ package org.lamsfoundation.lams.admin.web.controller; import java.io.IOException; -import java.text.SimpleDateFormat; import java.util.List; import javax.servlet.ServletException; @@ -96,7 +95,8 @@ } // check if user is allowed to view and edit groups - if (!request.isUserInRole(Role.APPADMIN) && !userManagementService.isUserGlobalGroupManager() + if (!request.isUserInRole(Role.APPADMIN) && !request.isUserInRole(Role.SYSADMIN) + && !userManagementService.isUserGlobalGroupManager() && !(isRootOrganisation ? request.isUserInRole(Role.GROUP_MANAGER) : securityService.hasOrgRole(orgId, userId, new String[] { Role.GROUP_MANAGER }, "manage courses"))) { @@ -110,7 +110,7 @@ : userManagementService.getUsersFromOrganisation(orgId).size(); String key = org == rootOrganisation ? "label.users.in.system" : "label.users.in.group"; request.setAttribute("numUsers", messageService.getMessage(key, new String[] { String.valueOf(numUsers) })); - request.setAttribute("totalUsers", numUsers); + request.setAttribute("totalUsers", numUsers); // Set OrgManageForm if (orgManageForm == null) { @@ -145,8 +145,8 @@ } // let the jsp know whether to display links - request.setAttribute("createGroup", - request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager()); + request.setAttribute("createGroup", request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager()); request.setAttribute("editGroup", true); request.setAttribute("manageGlobalRoles", request.isUserInRole(Role.SYSADMIN)); return "organisation/list"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java (.../OrganisationController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java (.../OrganisationController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -113,8 +113,7 @@ request.setAttribute("courseToDeleteLessons", courseToDeleteLessons); } request.getSession().setAttribute("status", status); - if (userManagementService.isUserAppAdmin() - || userManagementService.isUserGlobalGroupManager()) { + if (userManagementService.isUserAppAdmin() || userManagementService.isUserGlobalGroupManager()) { return "organisation/createOrEdit"; } else { return "organisation/courseAdminEdit"; @@ -131,7 +130,8 @@ throws Exception { initLocalesAndStatus(); - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { // only appadmins and global group admins can create groups if (((organisationForm.getTypeId() != null) && organisationForm.getTypeId().equals(OrganisationType.COURSE_TYPE)) @@ -174,7 +174,7 @@ return null; } - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "OrganisationAction"); request.setAttribute("errorMessage", messageService.getMessage("error.need.appadmin")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/StatisticsController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/StatisticsController.java (.../StatisticsController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/StatisticsController.java (.../StatisticsController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -48,7 +48,7 @@ public class StatisticsController { @Autowired - private IStatisticsService statisticsService; + private IStatisticsService statisticsService; @Autowired private IUserManagementService userManagementService; @Autowired @@ -59,7 +59,7 @@ public String unspecified(HttpServletRequest request) throws Exception { // check permission - if (!request.isUserInRole(Role.APPADMIN)) { + if (!request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { request.setAttribute("errorName", "StatisticsAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -80,7 +80,7 @@ Integer orgId = WebUtil.readIntParam(request, "orgId"); // check permission - if (!request.isUserInRole(Role.APPADMIN)) { + if (!request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { request.setAttribute("errorName", "StatisticsAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java (.../ThemeManagementController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ThemeManagementController.java (.../ThemeManagementController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -64,7 +64,7 @@ public String unspecified(@ModelAttribute ThemeForm themeForm, HttpServletRequest request) throws Exception { // check permission - if (!request.isUserInRole(Role.APPADMIN)) { + if (!request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)) { request.setAttribute("errorName", "ThemeManagementAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ToolContentListController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ToolContentListController.java (.../ToolContentListController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/ToolContentListController.java (.../ToolContentListController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -71,7 +71,7 @@ @RequestMapping(path = "/start") public String execute(HttpServletRequest request) throws Exception { // check permission - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "ToolContentListAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java (.../UserBasicListController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java (.../UserBasicListController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -80,7 +80,7 @@ } // get users List users = new ArrayList(); - if (request.isUserInRole(Role.APPADMIN) + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager()) { users = userManagementService.getAllUsers(org.getOrganisationId()); } else if (userManagementService.isUserInRole(userId, group.getOrganisationId(), Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java =================================================================== diff -u -rc7c5d74f9c402bdab97bd3fd46436adbfa9202b8 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision c7c5d74f9c402bdab97bd3fd46436adbfa9202b8) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -140,7 +140,7 @@ } } - if (!(canEdit || request.isUserInRole(Role.APPADMIN))) { + if (!(canEdit || request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { request.setAttribute("errorName", "UserController"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -197,7 +197,7 @@ userForm.setOrgId(org == null ? null : org.getOrganisationId()); // appadmins can mark users as required to use two-factor authentication - boolean isAppadmin = request.isUserInRole(Role.APPADMIN); + boolean isAppadmin = request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN); if (isAppadmin) { request.setAttribute("isAppadmin", true); } @@ -293,7 +293,8 @@ // determine whether to disable or delete user based on their lams data @RequestMapping("/remove") public String remove(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -313,7 +314,8 @@ @RequestMapping(path = "/disable", method = RequestMethod.POST) public String disable(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserController"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -339,7 +341,8 @@ @RequestMapping(path = "/delete", method = RequestMethod.POST) public String delete(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -370,7 +373,8 @@ // called from disabled users screen @RequestMapping(path = "/enable", method = RequestMethod.POST) public String enable(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserController"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java =================================================================== diff -u -rdd60c645ebe32ff15180cff47caa583cb41b7ee1 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java (.../UserManageController.java) (revision dd60c645ebe32ff15180cff47caa583cb41b7ee1) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java (.../UserManageController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -114,7 +114,8 @@ } else { return forwardError(request, "error.authorisation"); } - userManageForm.setCanResetOrgPassword(request.isUserInRole(Role.APPADMIN)); + userManageForm + .setCanResetOrgPassword(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)); userManageForm.setOrgId(orgId); userManageForm.setOrgName(orgName); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java =================================================================== diff -u -rb1f3169b7b71acb63d6ca0cff04e3d84094af7fc -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision b1f3169b7b71acb63d6ca0cff04e3d84094af7fc) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -78,7 +78,7 @@ // course manager can add existing users in any role except appadmin // course admin can add existing users but only as learner Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - if (request.isUserInRole(Role.APPADMIN) + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) || (userManagementService.isUserGlobalGroupManager() && !orgId.equals(rootOrgId))) { canEditRole = true; } else { @@ -177,8 +177,10 @@ } return "redirect:/usermanage.do?org=" + orgId; } else { - request.setAttribute("roles", userManagementService.filterRoles(rolelist, - request.isUserInRole(Role.APPADMIN), organisation.getOrganisationType())); + request.setAttribute("roles", + userManagementService.filterRoles(rolelist, + request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN), + organisation.getOrganisationType())); request.setAttribute("newUserOrganisations", newUserOrganisations); request.setAttribute("orgId", orgId); return "forward:/userorgrole.do"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java (.../UserRolesController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java (.../UserRolesController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -107,10 +107,10 @@ Integer orgIdOfCourse = (orgType.getOrganisationTypeId().equals(OrganisationType.CLASS_TYPE)) ? org.getParentOrganisation().getOrganisationId() : orgId; - Boolean isAppadmin = request.isUserInRole(Role.APPADMIN); + Boolean isAppadmin = request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN); User requestor = userManagementService.getUserByLogin(request.getRemoteUser()); Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - Boolean requestorHasRole = userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, + boolean requestorHasRole = userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_MANAGER) || (userManagementService.isUserGlobalGroupManager() && !rootOrgId.equals(orgId)); if (!(requestorHasRole || isAppadmin)) { Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java =================================================================== diff -u -rc7c5d74f9c402bdab97bd3fd46436adbfa9202b8 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java (.../UserRolesSaveController.java) (revision c7c5d74f9c402bdab97bd3fd46436adbfa9202b8) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesSaveController.java (.../UserRolesSaveController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -107,8 +107,10 @@ if (!isGlobalRolesSet && (roles == null || roles.length < 1)) { errorMap.add("roles", messageService.getMessage("error.roles.empty")); request.setAttribute("errorMap", errorMap); - request.setAttribute("rolelist", userManagementService.filterRoles(rolelist, - request.isUserInRole(Role.APPADMIN), org.getOrganisationType())); + request.setAttribute("rolelist", + userManagementService.filterRoles(rolelist, + request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN), + org.getOrganisationType())); request.setAttribute("login", user.getLogin()); request.setAttribute("fullName", user.getFullName()); return "forward:/userroles.do"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -89,7 +89,8 @@ // course manager can add/change users and their roles iff CourseAdminCanAddNewUsers // course admin can add/change users but only set role to learner iff CourseAdminCanAddNewUsers Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - if (request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager()) { + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager()) { canEditRole = true; } else { Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java =================================================================== diff -u -rd13f92ca7aa2afe69ccfc88656fa5e1afe8d5f31 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java (.../UserSearchController.java) (revision d13f92ca7aa2afe69ccfc88656fa5e1afe8d5f31) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java (.../UserSearchController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -64,7 +64,8 @@ @RequestMapping("/usersearch") public String unspecified(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager())) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager())) { log.debug("user not appadmin or global group admin"); request.setAttribute("errorName", "UserSearchAction authorisation"); @@ -73,7 +74,7 @@ } boolean loginAsEnable = Configuration.getAsBoolean(ConfigurationKeys.LOGIN_AS_ENABLE) - && request.isUserInRole(Role.SYSADMIN); + && (request.isUserInRole(Role.SYSADMIN) || request.isUserInRole(Role.SYSADMIN)); request.setAttribute("loginAsEnable", loginAsEnable); return "usersearchlist"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java (.../UserSearchSingleTermController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java (.../UserSearchSingleTermController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -75,7 +75,7 @@ group = org; } // get search results, filtered according to orgId - if (request.isUserInRole(Role.APPADMIN) + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager()) { users = userManagementService.findUsers(term, orgId); } else if (userManagementService.isUserInRole(userId, group.getOrganisationId(), Index: lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -101,7 +101,8 @@ roles.add(roleId); } - IndexOrgBean iob = createOrgBean(org, roles, request.getRemoteUser(), request.isUserInRole(Role.APPADMIN)); + IndexOrgBean iob = createOrgBean(org, roles, request.getRemoteUser(), + request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN)); request.setAttribute("orgBean", iob); if (org.getEnableSingleActivityLessons() Index: lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java =================================================================== diff -u -r3f3f34c22194aeaf302e1fd332925dffd35019aa -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 3f3f34c22194aeaf302e1fd332925dffd35019aa) +++ lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -143,7 +143,8 @@ currentUser = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER); } - boolean result = request.isUserInRole(Role.APPADMIN) || userManagementService.isUserGlobalGroupManager(); + boolean result = request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager(); if (!result) { String orgId = request.getParameter(AttributeNames.PARAM_ORGANISATION_ID); if (StringUtils.isBlank(orgId)) { Index: lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java =================================================================== diff -u -r95e29deb7ffaed6c44a37432c3e4f332630e7561 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java (.../IndexController.java) (revision 95e29deb7ffaed6c44a37432c3e4f332630e7561) +++ lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java (.../IndexController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -156,7 +156,8 @@ boolean isIntegrationUser = integrationService.isIntegrationUser(userDTO.getUserID()); //prevent integration users with mere learner rights from accessing index.do if (isIntegrationUser && !request.isUserInRole(Role.AUTHOR) && !request.isUserInRole(Role.MONITOR) - && !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.APPADMIN)) { + && !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.APPADMIN) + && !request.isUserInRole(Role.SYSADMIN)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "Integration users with learner right are not allowed to access this page"); return null; @@ -180,7 +181,7 @@ request.setAttribute("favoriteOrganisations", favoriteOrganisations); request.setAttribute("activeOrgId", user.getLastVisitedOrganisationId()); - boolean isAppadmin = request.isUserInRole(Role.APPADMIN); + boolean isAppadmin = request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN); int userCoursesCount = userManagementService.getCountActiveCoursesByUser(userDTO.getUserID(), isAppadmin, null); request.setAttribute("isCourseSearchOn", userCoursesCount > 10); @@ -204,7 +205,8 @@ private void setAdminLinks(HttpServletRequest request) { List adminLinks = new ArrayList<>(); - if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.GROUP_MANAGER)) { + if (request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN) + || request.isUserInRole(Role.GROUP_MANAGER)) { adminLinks.add(new IndexLinkBean("index.courseman", "javascript:openOrgManagement(" + userManagementService.getRootOrganisation().getOrganisationId() + ')')); } @@ -225,7 +227,7 @@ User loggedInUser = userManagementService.getUserByLogin(request.getRemoteUser()); Integer userId = loggedInUser.getUserId(); - boolean isAppadmin = request.isUserInRole(Role.APPADMIN); + boolean isAppadmin = request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN); String searchString = WebUtil.readStrParam(request, "fcol[1]", true); // paging parameters of tablesorter Index: lams_central/src/java/org/lamsfoundation/lams/web/PortraitSaveController.java =================================================================== diff -u -r5b9f590b301c276f8df06b30c26981b0eb634e69 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_central/src/java/org/lamsfoundation/lams/web/PortraitSaveController.java (.../PortraitSaveController.java) (revision 5b9f590b301c276f8df06b30c26981b0eb634e69) +++ lams_central/src/java/org/lamsfoundation/lams/web/PortraitSaveController.java (.../PortraitSaveController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -171,7 +171,7 @@ Integer userId = WebUtil.readIntParam(request, "userId", true); // check user is appadmin - if (!(request.isUserInRole(Role.APPADMIN))) { + if (!(request.isUserInRole(Role.APPADMIN) || request.isUserInRole(Role.SYSADMIN))) { log.error("Attempt to delete a portrait by user that is not appadmin. User is " + request.getRemoteUser() + " portrait to be deleted is for user " + userId + "."); return deleteResponse(response, "error"); Index: lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java =================================================================== diff -u -ra40a77e307317e8038ed9e6b8699c18386286497 -r1fb317e9f6db7094ec64f77782bf0be389012e43 --- lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision a40a77e307317e8038ed9e6b8699c18386286497) +++ lams_central/src/java/org/lamsfoundation/lams/web/outcome/OutcomeController.java (.../OutcomeController.java) (revision 1fb317e9f6db7094ec64f77782bf0be389012e43) @@ -278,7 +278,8 @@ "Either lesson ID or tool content ID or QB question ID must not be null when fetching outcome mappings"); } Integer userId = OutcomeController.getUserDTO().getUserID(); - if (!request.isUserInRole(Role.APPADMIN) && !request.isUserInRole(Role.AUTHOR)) { + if (!request.isUserInRole(Role.APPADMIN) && !request.isUserInRole(Role.SYSADMIN) + && !request.isUserInRole(Role.AUTHOR)) { String error = "User " + userId + " is not appadmin nor an author and can not map outcome"; log.error(error); throw new SecurityException(error);