Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java (.../DisabledUserManageController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/DisabledUserManageController.java (.../DisabledUserManageController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -50,7 +50,7 @@ @RequestMapping("/disabledmanage") public String execute(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "DisabledUserManageAction"); request.setAttribute("errorMessage", adminMessageService.getMessage("error.need.sysadmin")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java =================================================================== diff -u -rb5d493f6a41f8161b6a62a0cea53e78e069bac36 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java (.../OrgManageController.java) (revision b5d493f6a41f8161b6a62a0cea53e78e069bac36) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrgManageController.java (.../OrgManageController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -29,7 +29,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.apache.log4j.Logger; import org.lamsfoundation.lams.admin.web.form.OrgManageForm; import org.lamsfoundation.lams.security.ISecurityService; import org.lamsfoundation.lams.usermanagement.Organisation; @@ -60,8 +59,6 @@ */ @Controller public class OrgManageController { - private static Logger log = Logger.getLogger(UserSaveController.class); - @Autowired private ISecurityService securityService; @Autowired @@ -98,15 +95,14 @@ } // check if user is allowed to view and edit groups - if (!request.isUserInRole(Role.SYSADMIN) && !userManagementService.isUserGlobalGroupAdmin() - && !(isRootOrganisation - ? request.isUserInRole(Role.GROUP_ADMIN) || request.isUserInRole(Role.GROUP_MANAGER) - : securityService.hasOrgRole(orgId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER }, "manage courses", false))) { + if (!request.isUserInRole(Role.SYSADMIN) && !userManagementService.isUserGlobalGroupManager() + && !(isRootOrganisation ? request.isUserInRole(Role.GROUP_MANAGER) + : securityService.hasOrgRole(orgId, userId, new String[] { Role.GROUP_MANAGER }, + "manage courses", false))) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a manager or admin in the organisation"); return null; } - + // get number of users figure // TODO use hql that does a count instead of getting whole objects int numUsers = org == rootOrganisation ? userManagementService.getCountUsers() @@ -147,7 +143,7 @@ // let the jsp know whether to display links request.setAttribute("createGroup", - request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin()); + request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager()); request.setAttribute("editGroup", true); request.setAttribute("manageGlobalRoles", request.isUserInRole(Role.SYSADMIN)); return "organisation/list"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java (.../OrganisationController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/OrganisationController.java (.../OrganisationController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -111,7 +111,7 @@ } request.getSession().setAttribute("status", status); if (userManagementService.isUserSysAdmin() - || userManagementService.isUserGlobalGroupAdmin()) { + || userManagementService.isUserGlobalGroupManager()) { return "organisation/createOrEdit"; } else { return "organisation/courseAdminEdit"; @@ -128,7 +128,7 @@ throws Exception { initLocalesAndStatus(); - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { // only sysadmins and global group admins can create groups if (((organisationForm.getTypeId() != null) && organisationForm.getTypeId().equals(OrganisationType.COURSE_TYPE)) Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SysAdminStartController.java =================================================================== diff -u -rfd2cfad55c7c517931f69334ce644d509ec28140 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SysAdminStartController.java (.../SysAdminStartController.java) (revision fd2cfad55c7c517931f69334ce644d509ec28140) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/SysAdminStartController.java (.../SysAdminStartController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -83,7 +83,7 @@ links.add(new LinkBean("ldap/start.do", "sysadmin.ldap.configuration")); groupedLinks.add(new Object[] { AdminConstants.START_COURSE_LINKS, links }); - } else if (userManagementService.isUserGlobalGroupAdmin()) { + } else if (userManagementService.isUserGlobalGroupManager()) { ArrayList links = new ArrayList<>(); links.add(new LinkBean("usersearch.do", "admin.user.find")); links.add(new LinkBean("importgroups.do", "sysadmin.import.groups.title")); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java (.../UserBasicListController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserBasicListController.java (.../UserBasicListController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -70,8 +70,7 @@ } else { // get all potential users of this org instead... filters results according to user's roles // get group - Organisation org = (Organisation) userManagementService.findById(Organisation.class, - orgId); + Organisation org = (Organisation) userManagementService.findById(Organisation.class, orgId); Organisation group; if (org != null) { if (org.getOrganisationType().getOrganisationTypeId().equals(OrganisationType.CLASS_TYPE)) { @@ -81,12 +80,11 @@ } // get users List users = new ArrayList(); - if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin()) { + if (request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager()) { users = userManagementService.getAllUsers(org.getOrganisationId()); } else if (userManagementService.isUserInRole(userId, group.getOrganisationId(), - Role.GROUP_ADMIN) - || userManagementService.isUserInRole(userId, group.getOrganisationId(), - Role.GROUP_MANAGER)) { + Role.GROUP_MANAGER)) { if (group.getCourseAdminCanBrowseAllUsers()) { users = userManagementService.getAllUsers(org.getOrganisationId()); } else if (org.getOrganisationType().getOrganisationTypeId() Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserController.java (.../UserController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -72,7 +72,7 @@ @RequestMapping("/user") public class UserController { private static Logger log = Logger.getLogger(UserController.class); - + @Autowired private ILogEventService logEventService; @Autowired @@ -84,7 +84,7 @@ private ITimezoneService timezoneService; @Autowired private IUserManagementService userManagementService; - + private static List locales; private static List authenticationMethods; @@ -119,7 +119,7 @@ // test requestor's permission Organisation org = null; - Boolean canEdit = userManagementService.isUserGlobalGroupAdmin(); + Boolean canEdit = userManagementService.isUserGlobalGroupManager(); if (orgId != null) { org = (Organisation) userManagementService.findById(Organisation.class, orgId); if (!canEdit) { @@ -128,9 +128,9 @@ ? org.getParentOrganisation().getOrganisationId() : orgId; User requestor = userManagementService.getUserByLogin(request.getRemoteUser()); - if (userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_ADMIN) - || userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_MANAGER)) { - Organisation course = (Organisation) userManagementService.findById(Organisation.class, orgIdOfCourse); + if (userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_MANAGER)) { + Organisation course = (Organisation) userManagementService.findById(Organisation.class, + orgIdOfCourse); canEdit = course.getCourseAdminCanAddNewUsers(); } } @@ -283,7 +283,7 @@ // determine whether to disable or delete user based on their lams data @RequestMapping(path = "/remove") public String remove(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -303,7 +303,7 @@ @RequestMapping(path = "/disable") public String disable(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserController"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -328,7 +328,7 @@ @RequestMapping(path = "/delete") public String delete(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserAction"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; @@ -360,7 +360,7 @@ // called from disabled users screen @RequestMapping(path = "/enable") public String enable(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { request.setAttribute("errorName", "UserController"); request.setAttribute("errorMessage", messageService.getMessage("error.authorisation")); return "error"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java =================================================================== diff -u -rb5d493f6a41f8161b6a62a0cea53e78e069bac36 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java (.../UserManageController.java) (revision b5d493f6a41f8161b6a62a0cea53e78e069bac36) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserManageController.java (.../UserManageController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -54,7 +54,7 @@ @Controller public class UserManageController { private static final Logger log = Logger.getLogger(UserManageController.class); - + @Autowired private IUserManagementService userManagementService; @Autowired @@ -63,7 +63,7 @@ @RequestMapping(path = "/usermanage") public String execute(HttpServletRequest request, HttpServletResponse response) throws Exception { - + // get id of org to list users for Integer orgId = WebUtil.readIntParam(request, "org", true); if (orgId == null) { @@ -98,7 +98,8 @@ : organisation; // check permission Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - if (request.isUserInRole(Role.SYSADMIN) || (userManagementService.isUserGlobalGroupAdmin() && !orgId.equals(rootOrgId))) { + if (request.isUserInRole(Role.SYSADMIN) + || (userManagementService.isUserGlobalGroupManager() && !orgId.equals(rootOrgId))) { userManageForm.setCourseAdminCanAddNewUsers(true); userManageForm.setCourseAdminCanBrowseAllUsers(true); userManageForm.setCanEditRole(true); @@ -109,12 +110,6 @@ userManageForm.setCourseAdminCanBrowseAllUsers(orgOfCourseAdmin.getCourseAdminCanBrowseAllUsers()); userManageForm.setCanEditRole(true); request.setAttribute("canDeleteUser", false); - } else if (userManagementService.isUserInRole(userId, orgOfCourseAdmin.getOrganisationId(), Role.GROUP_ADMIN) - && !orgId.equals(rootOrgId)) { - userManageForm.setCourseAdminCanAddNewUsers(orgOfCourseAdmin.getCourseAdminCanAddNewUsers()); - userManageForm.setCourseAdminCanBrowseAllUsers(orgOfCourseAdmin.getCourseAdminCanBrowseAllUsers()); - userManageForm.setCanEditRole(false); - request.setAttribute("canDeleteUser", false); } else { return forwardError(request, "error.authorisation"); } @@ -135,13 +130,12 @@ HashMap roleCount = new HashMap<>(); if (orgId.equals(rootOrgId)) { roleCount.put(Role.SYSADMIN, Role.ROLE_SYSADMIN); - roleCount.put(Role.GROUP_ADMIN, Role.ROLE_GROUP_ADMIN); + roleCount.put(Role.GROUP_MANAGER, Role.ROLE_GROUP_MANAGER); } else { roleCount.put(Role.LEARNER, Role.ROLE_LEARNER); roleCount.put(Role.MONITOR, Role.ROLE_MONITOR); roleCount.put(Role.AUTHOR, Role.ROLE_AUTHOR); roleCount.put(Role.GROUP_MANAGER, Role.ROLE_GROUP_MANAGER); - roleCount.put(Role.GROUP_ADMIN, Role.ROLE_GROUP_ADMIN); } for (String role : roleCount.keySet()) { Integer count = userManagementService.getCountRoleForOrg(orgId, roleCount.get(role), null); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java =================================================================== diff -u -rb5d493f6a41f8161b6a62a0cea53e78e069bac36 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision b5d493f6a41f8161b6a62a0cea53e78e069bac36) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserOrgSaveController.java (.../UserOrgSaveController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -54,7 +54,7 @@ @Controller public class UserOrgSaveController { private static Logger log = Logger.getLogger(UserOrgSaveController.class); - + @Autowired private IUserManagementService userManagementService; private List rolelist; @@ -67,16 +67,18 @@ request.setAttribute("org", orgId); boolean canEditRole = false; - + // sysadmin, global course admins can add/change users and their roles. // course manager can add existing users in any role except sysadmin // course admin can add existing users but only as learner Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - if (request.isUserInRole(Role.SYSADMIN) || (userManagementService.isUserGlobalGroupAdmin() && !orgId.equals(rootOrgId))) { + if (request.isUserInRole(Role.SYSADMIN) + || (userManagementService.isUserGlobalGroupManager() && !orgId.equals(rootOrgId))) { canEditRole = true; } else { - - Integer loggeduserId = ((UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER)).getUserID(); + + Integer loggeduserId = ((UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER)) + .getUserID(); Organisation organisation = (Organisation) userManagementService.findById(Organisation.class, orgId); if (organisation == null) { String message = "Adding users to organisation: No permission to access organisation " + orgId; @@ -90,17 +92,14 @@ if (userManagementService.isUserInRole(loggeduserId, organisation.getOrganisationId(), Role.GROUP_MANAGER) && !orgId.equals(rootOrgId)) { canEditRole = true; - } else if (userManagementService.isUserInRole(loggeduserId, organisation.getOrganisationId(), - Role.GROUP_ADMIN) && !orgId.equals(rootOrgId)) { - canEditRole = false; } else { String message = "Adding users to organisation: No permission to access organisation " + orgId; log.error(message); response.sendError(HttpServletResponse.SC_FORBIDDEN, message); return null; } } - + if (rolelist == null) { rolelist = userManagementService.findAll(Role.class); } @@ -155,16 +154,17 @@ if (newUserOrganisations.isEmpty()) { log.debug("no new users to add to orgId=" + orgId); return "redirect:/usermanage.do?org=" + orgId; - } else if ( !canEditRole ){ + } else if (!canEditRole) { // course admin can only setup learners log.debug("adding new users as learners to orgId=" + orgId); - for ( UserOrganisation uo : newUserOrganisations ) { - userManagementService.setRolesForUserOrganisation(uo.getUser(), orgId, Arrays.asList(Role.ROLE_LEARNER.toString())); + for (UserOrganisation uo : newUserOrganisations) { + userManagementService.setRolesForUserOrganisation(uo.getUser(), orgId, + Arrays.asList(Role.ROLE_LEARNER.toString())); } return "redirect:/usermanage.do?org=" + orgId; } else { - request.setAttribute("roles", userManagementService.filterRoles(rolelist, request.isUserInRole(Role.SYSADMIN), - organisation.getOrganisationType())); + request.setAttribute("roles", userManagementService.filterRoles(rolelist, + request.isUserInRole(Role.SYSADMIN), organisation.getOrganisationType())); request.setAttribute("newUserOrganisations", newUserOrganisations); request.setAttribute("orgId", orgId); return "forward:/userorgrole.do"; Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java =================================================================== diff -u -rb5d493f6a41f8161b6a62a0cea53e78e069bac36 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java (.../UserRolesController.java) (revision b5d493f6a41f8161b6a62a0cea53e78e069bac36) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserRolesController.java (.../UserRolesController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -55,13 +55,13 @@ @Controller public class UserRolesController { private static Logger log = Logger.getLogger(UserRolesController.class); - + @Autowired private IUserManagementService userManagementService; @Autowired @Qualifier("adminMessageService") private MessageService messageService; - + private static List rolelist; @RequestMapping("/userroles") @@ -73,18 +73,18 @@ } MultiValueMap errorMap = new LinkedMultiValueMap<>(); - + Integer orgId = WebUtil.readIntParam(request, "orgId", true); Integer userId = WebUtil.readIntParam(request, "userId", true); // user and org ids passed as attributes by UserSaveAction if (orgId == null) { orgId = (Integer) request.getAttribute("orgId"); } - + userRolesForm.setOrgId(orgId); userRolesForm.setUserId(userId); - + if (orgId == null) { errorMap.add("GLOBAL", messageService.getMessage("error.org.invalid")); request.setAttribute("errorMap", errorMap); @@ -110,10 +110,8 @@ Boolean isSysadmin = request.isUserInRole(Role.SYSADMIN); User requestor = userManagementService.getUserByLogin(request.getRemoteUser()); Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - Boolean requestorHasRole = userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_MANAGER) - || (userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, Role.GROUP_ADMIN) - && !rootOrgId.equals(orgId)) - || (userManagementService.isUserGlobalGroupAdmin() && !rootOrgId.equals(orgId)); + Boolean requestorHasRole = userManagementService.isUserInRole(requestor.getUserId(), orgIdOfCourse, + Role.GROUP_MANAGER) || (userManagementService.isUserGlobalGroupManager() && !rootOrgId.equals(orgId)); if (!(requestorHasRole || isSysadmin)) { request.setAttribute("errorName", "UserRolesController"); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java =================================================================== diff -u -rb5d493f6a41f8161b6a62a0cea53e78e069bac36 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision b5d493f6a41f8161b6a62a0cea53e78e069bac36) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSaveController.java (.../UserSaveController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -89,11 +89,12 @@ // course manager can add/change users and their roles iff CourseAdminCanAddNewUsers // course admin can add/change users but only set role to learner iff CourseAdminCanAddNewUsers Integer rootOrgId = userManagementService.getRootOrganisation().getOrganisationId(); - if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin() ) { + if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager()) { canEditRole = true; } else { - - Integer loggeduserId = ((UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER)).getUserID(); + + Integer loggeduserId = ((UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER)) + .getUserID(); Organisation organisation = (Organisation) userManagementService.findById(Organisation.class, orgId); if (organisation == null) { String message = "No permission to access organisation " + orgId; @@ -107,9 +108,6 @@ if (userManagementService.isUserInRole(loggeduserId, organisation.getOrganisationId(), Role.GROUP_MANAGER) && !orgId.equals(rootOrgId)) { canEditRole = true; - } else if (userManagementService.isUserInRole(loggeduserId, organisation.getOrganisationId(), - Role.GROUP_ADMIN) && !orgId.equals(rootOrgId)) { - canEditRole = false; } else { String message = "No permission to edit user in organisation " + orgId; logErrorMessage(userId, message); @@ -232,10 +230,12 @@ user.setLocale(locale); Theme theme = null; - if ( userForm.getUserTheme() != null ) - theme = (Theme) userManagementService.findById(Theme.class, userForm.getUserTheme()); - if ( theme == null ) + if (userForm.getUserTheme() != null) { + theme = (Theme) userManagementService.findById(Theme.class, userForm.getUserTheme()); + } + if (theme == null) { theme = userManagementService.getDefaultTheme(); + } user.setTheme(theme); userManagementService.saveUser(user); @@ -253,13 +253,13 @@ if ((orgId == null) || (orgId == 1)) { return "forward:/usersearch.do"; } - if ( !edit && !canEditRole) { + if (!edit && !canEditRole) { // Course Admin created new learner - userManagementService.setRolesForUserOrganisation(user, orgId, Arrays.asList(Role.ROLE_LEARNER.toString())); + userManagementService.setRolesForUserOrganisation(user, orgId, + Arrays.asList(Role.ROLE_LEARNER.toString())); request.setAttribute("org", orgId); return "forward:/usermanage.do"; - } - else if (edit) { + } else if (edit) { request.setAttribute("org", orgId); return "forward:/usermanage.do"; } else { @@ -274,17 +274,17 @@ } } - private void logErrorMessage(Integer userId, String message) { + private void logErrorMessage(Integer userId, String message) { String fullError = null; - if ( userId != null ) { - fullError = new StringBuilder("Updating user ").append(userId).append(": ").append(message).toString(); + if (userId != null) { + fullError = new StringBuilder("Updating user ").append(userId).append(": ").append(message).toString(); } else { - fullError = new StringBuilder("Creating new user: ").append(message).toString(); + fullError = new StringBuilder("Creating new user: ").append(message).toString(); } log.error(fullError); } - @RequestMapping(path = "/changePass") + @RequestMapping(path = "/changePass") public String changePass(@ModelAttribute UserForm userForm, HttpServletRequest request, HttpServletResponse response) throws Exception { Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java (.../UserSearchController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchController.java (.../UserSearchController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -62,7 +62,7 @@ @RequestMapping("/usersearch") public String unspecified(HttpServletRequest request) throws Exception { - if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin())) { + if (!(request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager())) { log.debug("user not sysadmin or global group admin"); request.setAttribute("errorName", "UserSearchAction authorisation"); Index: lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java (.../UserSearchSingleTermController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_admin/src/java/org/lamsfoundation/lams/admin/web/controller/UserSearchSingleTermController.java (.../UserSearchSingleTermController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -61,8 +61,7 @@ List users = new ArrayList(); if (orgId != null) { // filter results according to user's roles - Organisation org = (Organisation) userManagementService.findById(Organisation.class, - orgId); + Organisation org = (Organisation) userManagementService.findById(Organisation.class, orgId); Organisation group; if (org != null) { HttpSession session = SessionManager.getSession(); @@ -76,12 +75,11 @@ group = org; } // get search results, filtered according to orgId - if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin()) { + if (request.isUserInRole(Role.SYSADMIN) + || userManagementService.isUserGlobalGroupManager()) { users = userManagementService.findUsers(term, orgId); } else if (userManagementService.isUserInRole(userId, group.getOrganisationId(), - Role.GROUP_ADMIN) - || userManagementService.isUserInRole(userId, group.getOrganisationId(), - Role.GROUP_MANAGER)) { + Role.GROUP_MANAGER)) { if (group.getCourseAdminCanBrowseAllUsers()) { users = userManagementService.findUsers(term, orgId); } else if (org.getOrganisationType().getOrganisationTypeId() Index: lams_central/src/java/org/lamsfoundation/lams/authoring/web/AuthoringController.java =================================================================== diff -u -r36d9af9cb71edbbf24ae3fee278917346a8dba56 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/authoring/web/AuthoringController.java (.../AuthoringController.java) (revision 36d9af9cb71edbbf24ae3fee278917346a8dba56) +++ lams_central/src/java/org/lamsfoundation/lams/authoring/web/AuthoringController.java (.../AuthoringController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -152,7 +152,7 @@ request.setAttribute("licenses", authoringService.getAvailableLicenses()); boolean canSetReadOnly = userManagementService.isUserSysAdmin() - || userManagementService.isUserGlobalGroupAdmin(); + || userManagementService.isUserGlobalGroupManager(); request.setAttribute("canSetReadOnly", canSetReadOnly); return "authoring/authoring"; Index: lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_central/src/java/org/lamsfoundation/lams/web/DisplayGroupController.java (.../DisplayGroupController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -145,16 +145,14 @@ links.add(new IndexLinkBean("index.coursegradebook.learner", link, "fa fa-fw fa-list-ol", null)); } - if (roles.contains(Role.ROLE_GROUP_ADMIN) || roles.contains(Role.ROLE_GROUP_MANAGER) - || roles.contains(Role.ROLE_MONITOR)) { + if (roles.contains(Role.ROLE_GROUP_MANAGER) || roles.contains(Role.ROLE_MONITOR)) { if (orgBean.getType().equals(OrganisationType.COURSE_TYPE)) { - if ((!isSysAdmin) - && (roles.contains(Role.ROLE_GROUP_ADMIN) || roles.contains(Role.ROLE_GROUP_MANAGER))) { + if ((!isSysAdmin) && (roles.contains(Role.ROLE_GROUP_MANAGER))) { moreLinks.add(new IndexLinkBean("index.classman", "javascript:openOrgManagement(" + organisationId + ")", "fa fa-fw fa-ellipsis-v", null)); } - if ((roles.contains(Role.ROLE_GROUP_ADMIN) || roles.contains(Role.ROLE_GROUP_MANAGER) - || roles.contains(Role.ROLE_AUTHOR) || roles.contains(Role.ROLE_MONITOR))) { + if ((roles.contains(Role.ROLE_GROUP_MANAGER) || roles.contains(Role.ROLE_AUTHOR) + || roles.contains(Role.ROLE_MONITOR))) { moreLinks.add(new IndexLinkBean("index.orggroup", "javascript:showOrgGroupingDialog(" + organisationId + ")", "fa fa-fw fa-users", null)); } @@ -192,7 +190,7 @@ } // Adding gradebook course monitor links if enabled - if (roles.contains(Role.ROLE_GROUP_MANAGER) || roles.contains(Role.ROLE_GROUP_ADMIN)) { + if (roles.contains(Role.ROLE_GROUP_MANAGER)) { String link = "javascript:showGradebookCourseDialog(" + organisationId + ")"; moreLinks.add(new IndexLinkBean("index.coursegradebook", link, "fa fa-fw fa-list-ol", "index.coursegradebook.tooltip")); @@ -208,7 +206,7 @@ } // Adding gradebook course monitor links if enabled - if (roles.contains(Role.ROLE_GROUP_MANAGER) || roles.contains(Role.ROLE_GROUP_ADMIN)) { + if (roles.contains(Role.ROLE_GROUP_MANAGER)) { String link = "javascript:showGradebookCourseDialog(" + organisationId + ")"; moreLinks.add( new IndexLinkBean("index.coursegradebook.subgroup", link, "fa fa-fw fa-list-ol", null)); @@ -255,7 +253,7 @@ .getUserOrganisationRoles(organisation.getOrganisationId(), username); // don't list the subgroup if user is not a member, and not a group admin/manager if (((userOrganisationRoles == null) || userOrganisationRoles.isEmpty()) && !isSysAdmin - && !roles.contains(Role.ROLE_GROUP_ADMIN) && !roles.contains(Role.ROLE_GROUP_MANAGER)) { + && !roles.contains(Role.ROLE_GROUP_MANAGER)) { continue; } Index: lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java =================================================================== diff -u -r35c310fa1c049061df6f0c0f43523015ae75b4a0 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 35c310fa1c049061df6f0c0f43523015ae75b4a0) +++ lams_central/src/java/org/lamsfoundation/lams/web/EmailUserController.java (.../EmailUserController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -142,7 +142,7 @@ currentUser = (UserDTO) SessionManager.getSession().getAttribute(AttributeNames.USER); } - boolean result = request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin(); + boolean result = request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager(); if (!result) { String orgId = request.getParameter(AttributeNames.PARAM_ORGANISATION_ID); if (StringUtils.isBlank(orgId)) { Index: lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java (.../IndexController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_central/src/java/org/lamsfoundation/lams/web/IndexController.java (.../IndexController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -140,8 +140,7 @@ boolean isIntegrationUser = integrationService.isIntegrationUser(userDTO.getUserID()); //prevent integration users with mere learner rights from accessing index.do if (isIntegrationUser && !request.isUserInRole(Role.AUTHOR) && !request.isUserInRole(Role.MONITOR) - && !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.GROUP_ADMIN) - && !request.isUserInRole(Role.SYSADMIN)) { + && !request.isUserInRole(Role.GROUP_MANAGER) && !request.isUserInRole(Role.SYSADMIN)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "Integration users with learner right are not allowed to access this page"); return null; @@ -192,12 +191,11 @@ private void setAdminLinks(HttpServletRequest request) { List adminLinks = new ArrayList<>(); - if (request.isUserInRole(Role.SYSADMIN) || request.isUserInRole(Role.GROUP_ADMIN) - || request.isUserInRole(Role.GROUP_MANAGER)) { + if (request.isUserInRole(Role.GROUP_MANAGER)) { adminLinks.add(new IndexLinkBean("index.courseman", "javascript:openOrgManagement(" + userManagementService.getRootOrganisation().getOrganisationId() + ')')); } - if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupAdmin()) { + if (request.isUserInRole(Role.SYSADMIN) || userManagementService.isUserGlobalGroupManager()) { adminLinks.add(new IndexLinkBean("index.sysadmin", "javascript:openSysadmin()")); } request.setAttribute("adminLinks", adminLinks); Index: lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java (.../LoginAsController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_central/src/java/org/lamsfoundation/lams/web/LoginAsController.java (.../LoginAsController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -52,7 +52,7 @@ */ @Controller public class LoginAsController { - + @Autowired @Qualifier("centralMessageService") private MessageService messageService; @@ -118,8 +118,7 @@ for (Set orgRoleSet : orgRoleSets.values()) { for (Integer role : orgRoleSet) { if (role.equals(Role.ROLE_AUTHOR) || role.equals(Role.ROLE_MONITOR) - || role.equals(Role.ROLE_GROUP_MANAGER) || role.equals(Role.ROLE_GROUP_ADMIN) - || role.equals(Role.ROLE_SYSADMIN)) { + || role.equals(Role.ROLE_GROUP_MANAGER) || role.equals(Role.ROLE_SYSADMIN)) { return false; } } Index: lams_central/src/java/org/lamsfoundation/lams/web/OrganisationGroupController.java =================================================================== diff -u -r6dcc39917657070688863ede60eac6f094929d6a -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_central/src/java/org/lamsfoundation/lams/web/OrganisationGroupController.java (.../OrganisationGroupController.java) (revision 6dcc39917657070688863ede60eac6f094929d6a) +++ lams_central/src/java/org/lamsfoundation/lams/web/OrganisationGroupController.java (.../OrganisationGroupController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -127,8 +127,7 @@ // check if user is allowed to view and edit groupings if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, - "view organisation groupings", false)) { + new String[] { Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, "view organisation groupings", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a participant in the organisation"); return null; } @@ -172,8 +171,7 @@ return "extGroups"; } - boolean isGroupSuperuser = userManagementService.isUserInRole(userId, organisationId, Role.GROUP_ADMIN) - || userManagementService.isUserInRole(userId, organisationId, Role.GROUP_MANAGER); + boolean isGroupSuperuser = userManagementService.isUserInRole(userId, organisationId, Role.GROUP_MANAGER); request.setAttribute("canEdit", isGroupSuperuser || (activityID != null)); Set orgGroupingDTOs = new TreeSet<>(); @@ -206,14 +204,12 @@ // check if user is allowed to view and edit groups if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, - "view organisation groups", false)) { + new String[] { Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, "view organisation groups", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a participant in the organisation"); return null; } - boolean isGroupSuperuser = userManagementService.isUserInRole(userId, organisationId, Role.GROUP_ADMIN) - || userManagementService.isUserInRole(userId, organisationId, Role.GROUP_MANAGER); + boolean isGroupSuperuser = userManagementService.isUserInRole(userId, organisationId, Role.GROUP_MANAGER); if (OrganisationGroupController.log.isDebugEnabled()) { OrganisationGroupController.log @@ -364,7 +360,7 @@ Integer userId = getUserDTO().getUserID(); int organisationId = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); // check if user is allowed to save grouping - if (!securityService.hasOrgRole(organisationId, userId, new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER }, + if (!securityService.hasOrgRole(organisationId, userId, new String[] { Role.GROUP_MANAGER }, "save organisation grouping", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a manager or admin in the organisation"); } @@ -435,7 +431,7 @@ // check if user is allowed to edit groups Integer userId = getUserDTO().getUserID(); int organisationId = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); - if (!securityService.hasOrgRole(organisationId, userId, new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER }, + if (!securityService.hasOrgRole(organisationId, userId, new String[] { Role.GROUP_MANAGER }, "remove organisation grouping", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a manager or admin in the organisation"); return null; Index: lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java (.../SecurityService.java) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_common/src/java/org/lamsfoundation/lams/security/SecurityService.java (.../SecurityService.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -25,7 +25,6 @@ import java.util.ArrayList; import java.util.Arrays; -import java.util.Collections; import java.util.List; import org.apache.log4j.Logger; @@ -45,8 +44,6 @@ private static Logger log = Logger.getLogger(SecurityService.class); private static final String[] GROUP_MONITOR_ROLES = new String[] { Role.GROUP_MANAGER, Role.MONITOR }; - private static final List GROUP_SUPER_ROLES = Collections - .unmodifiableList(Arrays.asList(Role.GROUP_ADMIN, Role.GROUP_MANAGER)); private static final String[] EMPTY_STRING_ARRAY = new String[0]; private ISecurityDAO securityDAO; @@ -346,8 +343,7 @@ // check for super roles in the parent organisations List roleList = new ArrayList(Arrays.asList(roles)); - roleList.retainAll(SecurityService.GROUP_SUPER_ROLES); - if (!roleList.isEmpty()) { + if (!roleList.contains(Role.GROUP_MANAGER)) { Organisation organisation = (Organisation) securityDAO.find(Organisation.class, orgId); if (OrganisationType.CLASS_TYPE.equals(organisation.getOrganisationType().getOrganisationTypeId())) { organisation = organisation.getParentOrganisation(); Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/Role.java =================================================================== diff -u -raaa9a8f28fa1b2a222690dbb3a2d7647efb30cd5 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/Role.java (.../Role.java) (revision aaa9a8f28fa1b2a222690dbb3a2d7647efb30cd5) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/Role.java (.../Role.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -49,7 +49,7 @@ public static final String GROUP_MANAGER = "GROUP MANAGER"; - public static final String GROUP_ADMIN = "GROUP ADMIN"; +// public static final String GROUP_ADMIN = "GROUP ADMIN"; public static final String SYSADMIN = "SYSADMIN";// for future use @@ -64,7 +64,7 @@ public static final Integer ROLE_AUTHOR = 3; public static final Integer ROLE_MONITOR = 4; public static final Integer ROLE_LEARNER = 5; - public static final Integer ROLE_GROUP_ADMIN = 6; +// public static final Integer ROLE_GROUP_ADMIN = 6; /***********************************************************/ @Id @@ -137,10 +137,6 @@ return this.roleId.equals(Role.ROLE_GROUP_MANAGER); } - public boolean isGroupAdmin() { - return this.roleId.equals(Role.ROLE_GROUP_ADMIN); - } - public boolean isMonitor() { return this.roleId.equals(Role.ROLE_MONITOR); } Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java =================================================================== diff -u -r62aaf160878735888d077bf28fac3c1989bb8fbd -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java (.../IUserManagementService.java) (revision 62aaf160878735888d077bf28fac3c1989bb8fbd) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/IUserManagementService.java (.../IUserManagementService.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -358,7 +358,7 @@ /** * Return true if user is a global group admin. */ - boolean isUserGlobalGroupAdmin(); + boolean isUserGlobalGroupManager(); /** * Return true if user has sysadmin role in root organisation. Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java =================================================================== diff -u -r62aaf160878735888d077bf28fac3c1989bb8fbd -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java (.../LdapService.java) (revision 62aaf160878735888d077bf28fac3c1989bb8fbd) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/LdapService.java (.../LdapService.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -370,10 +370,6 @@ && !roleIds.contains(Role.ROLE_AUTHOR.toString())) { roleIds.add(Role.ROLE_AUTHOR.toString()); } - if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_GROUP_ADMIN_MAP), role) - && !roleIds.contains(Role.ROLE_GROUP_ADMIN.toString())) { - roleIds.add(Role.ROLE_GROUP_ADMIN.toString()); - } if (isRoleInList(Configuration.get(ConfigurationKeys.LDAP_GROUP_MANAGER_MAP), role) && !roleIds.contains(Role.ROLE_GROUP_MANAGER.toString())) { roleIds.add(Role.ROLE_GROUP_MANAGER.toString()); Index: lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java =================================================================== diff -u -r47043f84205046a23497bf8c57060e2dcadf0c9a -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java (.../UserManagementService.java) (revision 47043f84205046a23497bf8c57060e2dcadf0c9a) +++ lams_common/src/java/org/lamsfoundation/lams/usermanagement/service/UserManagementService.java (.../UserManagementService.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -787,10 +787,6 @@ if (!orgType.getOrganisationTypeId().equals(OrganisationType.COURSE_TYPE)) { role.setRoleId(Role.ROLE_GROUP_MANAGER); allRoles.remove(role); - if (!orgType.getOrganisationTypeId().equals(OrganisationType.ROOT_TYPE)) { - role.setRoleId(Role.ROLE_GROUP_ADMIN); - allRoles.remove(role); - } } return allRoles; } @@ -854,10 +850,10 @@ } @Override - public boolean isUserGlobalGroupAdmin() { + public boolean isUserGlobalGroupManager() { Integer rootOrgId = getRootOrganisation().getOrganisationId(); Integer requestorId = getRequestorId(); - return requestorId != null ? isUserInRole(requestorId, rootOrgId, Role.GROUP_ADMIN) : false; + return requestorId != null ? isUserInRole(requestorId, rootOrgId, Role.GROUP_MANAGER) : false; } @Override @@ -1003,7 +999,7 @@ @Override public boolean canEditGroup(Integer userId, Integer orgId) { - if (isUserSysAdmin() || isUserGlobalGroupAdmin()) { + if (isUserSysAdmin() || isUserGlobalGroupManager()) { return true; } Organisation org = (Organisation) findById(Organisation.class, orgId); @@ -1012,7 +1008,7 @@ if (org.getOrganisationType().getOrganisationTypeId().equals(OrganisationType.CLASS_TYPE)) { groupId = org.getParentOrganisation().getOrganisationId(); } - return isUserInRole(userId, groupId, Role.GROUP_ADMIN) || isUserInRole(userId, groupId, Role.GROUP_MANAGER); + return isUserInRole(userId, groupId, Role.GROUP_MANAGER); } return false; } Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java =================================================================== diff -u -rca79baf0ed380e5f7892841f7088325ea9664f35 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java (.../GradebookController.java) (revision ca79baf0ed380e5f7892841f7088325ea9664f35) +++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java (.../GradebookController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -460,7 +460,7 @@ } else if (view == GBGridView.MON_COURSE || view == GBGridView.LIST) { if (!securityService.hasOrgRole(courseID, viewer.getUserId(), - new String[] { Role.GROUP_MANAGER, Role.GROUP_ADMIN }, "get course gradebook", false)) { + new String[] { Role.GROUP_MANAGER}, "get course gradebook", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a group manager or admin in the organisation"); return null; Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java =================================================================== diff -u -rca79baf0ed380e5f7892841f7088325ea9664f35 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision ca79baf0ed380e5f7892841f7088325ea9664f35) +++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -136,8 +136,8 @@ log.error("User missing from session. "); return "error"; } - if (!securityService.hasOrgRole(organisationID, user.getUserID(), - new String[] { Role.GROUP_MANAGER, Role.GROUP_ADMIN }, "get course gradebook page", false)) { + if (!securityService.hasOrgRole(organisationID, user.getUserID(), new String[] { Role.GROUP_MANAGER }, + "get course gradebook page", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the organisation"); return null; } @@ -311,8 +311,8 @@ public void exportExcelCourseGradebook(HttpServletRequest request, HttpServletResponse response) throws Exception { Integer organisationID = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); UserDTO user = getUser(); - if (!securityService.hasOrgRole(organisationID, user.getUserID(), - new String[] { Role.GROUP_MANAGER, Role.GROUP_ADMIN }, "get course gradebook spreadsheet", false)) { + if (!securityService.hasOrgRole(organisationID, user.getUserID(), new String[] { Role.GROUP_MANAGER }, + "get course gradebook spreadsheet", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the organisation"); } Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingAJAXController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingAJAXController.java (.../GroupingAJAXController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingAJAXController.java (.../GroupingAJAXController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -313,7 +313,7 @@ // check if user is allowed to view and edit groupings if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, + new String[] { Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, "view organisation groupings", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a participant in the organisation"); return null; Index: lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java =================================================================== diff -u -rf2ad75cef0c507a64877942631fee13efbc6ed50 -r29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5 --- lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java (.../GroupingUploadAJAXController.java) (revision f2ad75cef0c507a64877942631fee13efbc6ed50) +++ lams_monitoring/src/java/org/lamsfoundation/lams/monitoring/web/GroupingUploadAJAXController.java (.../GroupingUploadAJAXController.java) (revision 29a37489a63e5a95f42a5ef5fd8a7daeb65c53c5) @@ -142,8 +142,7 @@ // check if user is allowed to view and edit groups if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, - "view organisation groups", false)) { + new String[] { Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, "view organisation groups", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a participant in the organisation"); return; } @@ -287,7 +286,7 @@ // check if user is allowed to save grouping if (!securityService.hasOrgRole(organisationId, userId, - new String[] { Role.GROUP_ADMIN, Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, + new String[] { Role.GROUP_MANAGER, Role.MONITOR, Role.AUTHOR }, "save organisation grouping from spreadsheet", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a manager or admin in the organisation"); return null;