diff --git a/src/main/java/de/bps/course/nodes/VCCourseNode.java b/src/main/java/de/bps/course/nodes/VCCourseNode.java
index 329771112e0cf22f33a7fe4efe7504dd6e167507..73ec2d81d72b97011bd12dfc1ef3a4de60ece303 100644
--- a/src/main/java/de/bps/course/nodes/VCCourseNode.java
+++ b/src/main/java/de/bps/course/nodes/VCCourseNode.java
@@ -139,7 +139,7 @@ public class VCCourseNode extends AbstractAccessableCourseNode {
boolean moderator = roles.isOLATAdmin();
Long key = userCourseEnv.getCourseEnvironment().getCourseResourceableId();
if (!moderator) {
- if(roles.isLearnResourceManager() || roles.isAuthor()) {
+ if(roles.isLearnResourceManager() || roles.isAuthor() || roles.isOLATAdmin()) {
RepositoryManager rm = RepositoryManager.getInstance();
RepositoryEntry re = userCourseEnv.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
if (re != null) {
diff --git a/src/main/java/org/olat/admin/landingpages/model/Rule.java b/src/main/java/org/olat/admin/landingpages/model/Rule.java
index 1306923c2b6407ca2694cbae8429d2a479b22253..f5351a19a241bbd8d76763eedff0624724265b78 100644
--- a/src/main/java/org/olat/admin/landingpages/model/Rule.java
+++ b/src/main/java/org/olat/admin/landingpages/model/Rule.java
@@ -91,7 +91,7 @@ public class Rule {
case USER_MGR: match &= roles.isUserManager(); break;
case GROUP_MGR: match &= roles.isGroupManager(); break;
case RSRC_MGR: match &= roles.isLearnResourceManager(); break;
- case POOL_MGR: match &= roles.isPoolAdmin(); break;
+ case POOL_MGR: match &= roles.isQPoolManager(); break;
case ADMIN: match &= roles.isOLATAdmin(); break;
default: {
match &= false;
diff --git a/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java b/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
index b806bcc6cad6ec257e446e1fe1f2697b5e95ada7..cb86d3f7270d02fc76142c9ea1ed0f7d38d3e469 100644
--- a/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
+++ b/src/main/java/org/olat/admin/user/SystemRolesAndRightsController.java
@@ -515,7 +515,7 @@ public class SystemRolesAndRightsController extends FormBasicController {
}
RolesByOrganisation updatedRoles = RolesByOrganisation.roles(wrapper.getOrganisation(),
- invitee, user, coach, author,
+ false, invitee, user, coach, author,
groupManager, poolmanager, curriculummanager,
usermanager, learnresourcemanager, admin);
securityManager.updateRoles(getIdentity(), editedIdentity, updatedRoles);
diff --git a/src/main/java/org/olat/admin/user/bulkChange/UserBulkChangeStep01.java b/src/main/java/org/olat/admin/user/bulkChange/UserBulkChangeStep01.java
index 3966fbd8911f7af7e117479752fd229867765197..d704709e2f88892d17fff61c9aba1109258919e1 100644
--- a/src/main/java/org/olat/admin/user/bulkChange/UserBulkChangeStep01.java
+++ b/src/main/java/org/olat/admin/user/bulkChange/UserBulkChangeStep01.java
@@ -236,7 +236,7 @@ class UserBulkChangeStep01 extends BasicStep {
}
//pool manager
- if (roles.isOLATAdmin() || roles.isPoolAdmin()) {
+ if (roles.isOLATAdmin() || roles.isQPoolManager()) {
chkPoolManager = uifactory.addCheckboxesHorizontal("PoolManager", "table.role.poolManager", innerFormLayout, onKeys, onValues);
chkPoolManager.select("Author", false);
chkPoolManager.addActionListener(FormEvent.ONCLICK);
diff --git a/src/main/java/org/olat/basesecurity/BaseSecurity.java b/src/main/java/org/olat/basesecurity/BaseSecurity.java
index dbcdb22b42716ad6caa3edf28f6ac9172819fd3f..63abc99a00d6ec87091c5fea14d34611c848acc0 100644
--- a/src/main/java/org/olat/basesecurity/BaseSecurity.java
+++ b/src/main/java/org/olat/basesecurity/BaseSecurity.java
@@ -70,7 +70,7 @@ public interface BaseSecurity {
* @param updatedIdentity The identity that is changed
* @param roles The new roles to set on updatedIdentity
*/
- public void updateRoles(Identity actingIdentity, Identity updatedIdentity, Organisation organisation, Roles roles);
+ //public void updateRoles(Identity actingIdentity, Identity updatedIdentity, Organisation organisation, Roles roles);
public void updateRoles(Identity actingIdentity, Identity updatedIdentity, RolesByOrganisation organisation);
diff --git a/src/main/java/org/olat/basesecurity/BaseSecurityManager.java b/src/main/java/org/olat/basesecurity/BaseSecurityManager.java
index 615d02aa74bfc4da59066882f9e0b0890d40dbff..4abb99e2f4350e19c03223782ee1bf8513b3a412 100644
--- a/src/main/java/org/olat/basesecurity/BaseSecurityManager.java
+++ b/src/main/java/org/olat/basesecurity/BaseSecurityManager.java
@@ -168,7 +168,7 @@ public class BaseSecurityManager implements BaseSecurity {
for(Object[] rawObject:rawObjects) {
Long organisationKey = (Long)rawObject[0];
- String organisationId = (String)rawObject[1];
+ //String organisationId = (String)rawObject[1];
String role = (String)rawObject[2];
List<OrganisationRoles> roleList = orgToRoles
@@ -183,25 +183,13 @@ public class BaseSecurityManager implements BaseSecurity {
resourceManager |= role.equals(OrganisationRoles.learnresourcemanager.name());
poolManager |= role.equals(OrganisationRoles.poolmanager.name());
curriculumnManager |= role.equals(OrganisationRoles.curriculummanager.name());
-
author |= role.equals(OrganisationRoles.author.name());
coach |= role.equals(OrganisationRoles.coach.name());
}
- admin |= sysAdmin;
-
- groupManager |= admin;
- userManager |= admin;
- poolManager |= admin;
- curriculumnManager |= admin;
-
- author |= admin;
- coach |= admin;
List<String> rolesStr = getRolesAsString(identity);
-
-
if(!rolesStr.contains(OrganisationRoles.user.name())) {
isInvitee = invitationDao.isInvitee(identity);
isGuestOnly = rolesStr.contains(OrganisationRoles.guest.name());
@@ -243,52 +231,6 @@ public class BaseSecurityManager implements BaseSecurity {
.setParameter("organisationKey", organisation.getKey())
.getResultList();
}
-
- @Override
- public void updateRoles(Identity actingIdentity, Identity updatedIdentity, Organisation organisation, Roles roles) {
- List<String> currentRoles = getRolesAsString(updatedIdentity);
-
- boolean hasBeenAnonymous = currentRoles.contains(OrganisationRoles.guest.name());
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.guest, hasBeenAnonymous, roles.isGuestOnly());
-
- // system users - opposite of anonymous users
- boolean hasBeenUser = currentRoles.contains(OrganisationRoles.user.name());
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.user, hasBeenUser, !roles.isGuestOnly());
-
- boolean hasBeenGroupManager = currentRoles.contains(OrganisationRoles.groupmanager.name());
- boolean groupManager = roles.isGroupManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.groupmanager, hasBeenGroupManager, groupManager);
-
- // author
- boolean hasBeenAuthor = currentRoles.contains(OrganisationRoles.author.name());
- boolean isAuthor = (roles.isAuthor() || roles.isLearnResourceManager()) && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.author, hasBeenAuthor, isAuthor);
-
- // user manager, only allowed by admin
- boolean hasBeenUserManager = currentRoles.contains(OrganisationRoles.usermanager.name());
- boolean userManager = roles.isUserManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.usermanager, hasBeenUserManager, userManager);
-
- // institutional resource manager
- boolean hasBeenInstitutionalResourceManager = currentRoles.contains(OrganisationRoles.learnresourcemanager.name());
- boolean institutionalResourceManager = roles.isLearnResourceManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.learnresourcemanager, hasBeenInstitutionalResourceManager, institutionalResourceManager);
-
- // institutional resource manager
- boolean hasBeenPoolManager = currentRoles.contains(OrganisationRoles.poolmanager.name());
- boolean poolManager = roles.isPoolAdmin() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.poolmanager, hasBeenPoolManager, poolManager);
-
- // institutional resource manager
- boolean hasBeenCurriculumManager = currentRoles.contains(OrganisationRoles.curriculummanager.name());
- boolean curriculumManager = roles.isCurriculumManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.curriculummanager, hasBeenCurriculumManager, curriculumManager);
-
- // system administrator
- boolean hasBeenAdmin = currentRoles.contains(OrganisationRoles.administrator.name());
- boolean isOLATAdmin = roles.isOLATAdmin() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.administrator, hasBeenAdmin, isOLATAdmin);
- }
@Override
public void updateRoles(Identity actingIdentity, Identity updatedIdentity, RolesByOrganisation roles) {
@@ -297,58 +239,69 @@ public class BaseSecurityManager implements BaseSecurity {
List<String> currentRoles = getRolesAsString(updatedIdentity, organisation);
boolean hasBeenAnonymous = currentRoles.contains(OrganisationRoles.guest.name());
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.guest, hasBeenAnonymous, roles.isGuestOnly());
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.guest, GroupMembershipInheritance.none, hasBeenAnonymous, roles.isGuestOnly());
// system users - opposite of anonymous users
boolean hasBeenUser = currentRoles.contains(OrganisationRoles.user.name());
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.user, hasBeenUser, !roles.isGuestOnly());
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.user, GroupMembershipInheritance.none, hasBeenUser, !roles.isGuestOnly());
// coach
boolean hasBeenAuthor = currentRoles.contains(OrganisationRoles.author.name());
boolean isAuthor = (roles.isAuthor() || roles.isLearnResourceManager()) && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.author, hasBeenAuthor, isAuthor);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.author, GroupMembershipInheritance.none, hasBeenAuthor, isAuthor);
// author
boolean hasBeenCoach = currentRoles.contains(OrganisationRoles.coach.name());
boolean isCoach = roles.isCoach() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.coach, hasBeenCoach, isCoach);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.coach, GroupMembershipInheritance.none, hasBeenCoach, isCoach);
// group manager
boolean hasBeenGroupManager = currentRoles.contains(OrganisationRoles.groupmanager.name());
boolean groupManager = roles.isGroupManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.groupmanager, hasBeenGroupManager, groupManager);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.groupmanager, GroupMembershipInheritance.none, hasBeenGroupManager, groupManager);
// user manager, only allowed by admin
boolean hasBeenUserManager = currentRoles.contains(OrganisationRoles.usermanager.name());
boolean userManager = roles.isUserManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.usermanager, hasBeenUserManager, userManager);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.usermanager, GroupMembershipInheritance.root, hasBeenUserManager, userManager);
// institutional resource manager
boolean hasBeenInstitutionalResourceManager = currentRoles.contains(OrganisationRoles.learnresourcemanager.name());
boolean institutionalResourceManager = roles.isLearnResourceManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.learnresourcemanager, hasBeenInstitutionalResourceManager, institutionalResourceManager);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.learnresourcemanager, GroupMembershipInheritance.root, hasBeenInstitutionalResourceManager, institutionalResourceManager);
// institutional resource manager
boolean hasBeenPoolManager = currentRoles.contains(OrganisationRoles.poolmanager.name());
boolean poolManager = roles.isPoolManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.poolmanager, hasBeenPoolManager, poolManager);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.poolmanager, GroupMembershipInheritance.none, hasBeenPoolManager, poolManager);
// institutional resource manager
boolean hasBeenCurriculumManager = currentRoles.contains(OrganisationRoles.curriculummanager.name());
boolean curriculumManager = roles.isCurriculumManager() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.curriculummanager, hasBeenCurriculumManager, curriculumManager);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.curriculummanager,
+ GroupMembershipInheritance.none, hasBeenCurriculumManager, curriculumManager);
// system administrator
boolean hasBeenAdmin = currentRoles.contains(OrganisationRoles.administrator.name());
boolean isOLATAdmin = roles.isAdministrator() && !roles.isGuestOnly() && !roles.isInvitee();
- updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity, OrganisationRoles.administrator, hasBeenAdmin, isOLATAdmin);
+ updateRolesInSecurityGroup(organisation, actingIdentity, updatedIdentity,
+ OrganisationRoles.administrator, GroupMembershipInheritance.none, hasBeenAdmin, isOLATAdmin);
}
- private void updateRolesInSecurityGroup(Organisation organisation, Identity actingIdentity, Identity updatedIdentity, OrganisationRoles role, boolean hasBeen, boolean isNow) {
+ private void updateRolesInSecurityGroup(Organisation organisation, Identity actingIdentity, Identity updatedIdentity,
+ OrganisationRoles role, GroupMembershipInheritance inheritanceMode, boolean hasBeen, boolean isNow) {
if (!hasBeen && isNow) {
// user not yet in security group, add him
- organisationService.addMember(organisation, updatedIdentity, role, GroupMembershipInheritance.none);
+ organisationService.addMember(organisation, updatedIdentity, role, inheritanceMode);
log.audit("User::" + (actingIdentity == null ? "unkown" : actingIdentity.getName()) + " added system role::" + role.name() + " to user::" + updatedIdentity.getName(), null);
} else if (hasBeen && !isNow) {
// user not anymore in security group, remove him
diff --git a/src/main/java/org/olat/basesecurity/manager/OrganisationServiceImpl.java b/src/main/java/org/olat/basesecurity/manager/OrganisationServiceImpl.java
index ea250469501b114ba4afb7599d8df8b143bdd99e..e8c680d5f174bab07153c5b945bfc88109b28c0a 100644
--- a/src/main/java/org/olat/basesecurity/manager/OrganisationServiceImpl.java
+++ b/src/main/java/org/olat/basesecurity/manager/OrganisationServiceImpl.java
@@ -178,7 +178,7 @@ public class OrganisationServiceImpl implements OrganisationService, Initializin
Set<OrganisationRef> organisations = new HashSet<>();
for(OrganisationRoles organisationRole:organisationRoles) {
if(organisationRole != null) {
- organisations.addAll(roles.getOrganisationsWithRoles(organisationRole));
+ organisations.addAll(roles.getOrganisationsWithRole(organisationRole));
}
}
return organisationDao.getOrganisations(organisations);
diff --git a/src/main/java/org/olat/core/extensions/security/GroupManagerOnlyExtensionSecurityCallback.java b/src/main/java/org/olat/core/extensions/security/GroupManagerOnlyExtensionSecurityCallback.java
index ef61513c32219b3ddd4870654d4be8acc4692980..4f225f21de32c3741746b29b35bca17c0de65f08 100644
--- a/src/main/java/org/olat/core/extensions/security/GroupManagerOnlyExtensionSecurityCallback.java
+++ b/src/main/java/org/olat/core/extensions/security/GroupManagerOnlyExtensionSecurityCallback.java
@@ -21,6 +21,8 @@ package org.olat.core.extensions.security;
import org.olat.core.extensions.action.ActionExtensionSecurityCallback;
import org.olat.core.gui.UserRequest;
+import org.olat.core.id.Roles;
+import org.olat.core.util.UserSession;
/**
*
@@ -30,16 +32,17 @@ import org.olat.core.gui.UserRequest;
*/
public class GroupManagerOnlyExtensionSecurityCallback implements ActionExtensionSecurityCallback {
- /**
- *
- * @see org.olat.core.extensions.action.ActionExtensionSecurityCallback#isAllowedToLaunchActionController(org.olat.core.gui.UserRequest)
- */
@Override
public boolean isAllowedToLaunchActionController(UserRequest ureq) {
- if(ureq == null || ureq.getUserSession() == null || ureq.getUserSession().getRoles() == null) {
+ if(ureq == null) {
return false;
}
- return ureq.getUserSession().getRoles().isOLATAdmin() || ureq.getUserSession().getRoles().isGroupManager();
+ UserSession usess = ureq.getUserSession();
+ if(usess == null || usess.getRoles() == null) {
+ return false;
+ }
+
+ Roles roles = usess.getRoles();
+ return roles.isOLATAdmin() || roles.isGroupManager();
}
-
}
diff --git a/src/main/java/org/olat/core/gui/control/generic/portal/PortalMainController.java b/src/main/java/org/olat/core/gui/control/generic/portal/PortalMainController.java
index c8d0f782620f3bc689414f875479ab5e66334851..aeb884f15d414add44bd9706b336b91b05398ff5 100644
--- a/src/main/java/org/olat/core/gui/control/generic/portal/PortalMainController.java
+++ b/src/main/java/org/olat/core/gui/control/generic/portal/PortalMainController.java
@@ -79,7 +79,7 @@ public class PortalMainController extends BasicController {
portalEditButton.setEnabled(false);
portalEditButton.setVisible(false);
} else if((roles.isGroupManager() || roles.isLearnResourceManager() || roles.isOLATAdmin()
- || roles.isPoolAdmin() || roles.isUserManager() || roles.isCurriculumManager())
+ || roles.isQPoolManager() || roles.isUserManager() || roles.isCurriculumManager())
&& CoreSpringFactory.containsBean("authorportal")) {
portalTemplate = ((PortalImpl)CoreSpringFactory.getBean("authorportal"));
} else {
diff --git a/src/main/java/org/olat/core/gui/control/navigation/callback/ManagersSecurityCallback.java b/src/main/java/org/olat/core/gui/control/navigation/callback/ManagersSecurityCallback.java
index 6f3a8d3b2802c6b73c6d203a1640aa105ded5bcc..87c99b532810b9e290e7a730f6d718b07a573a28 100644
--- a/src/main/java/org/olat/core/gui/control/navigation/callback/ManagersSecurityCallback.java
+++ b/src/main/java/org/olat/core/gui/control/navigation/callback/ManagersSecurityCallback.java
@@ -45,7 +45,7 @@ public class ManagersSecurityCallback implements SiteSecurityCallback {
|| usess.getRoles().isGroupManager()
|| usess.getRoles().isLearnResourceManager()
|| usess.getRoles().isUserManager()
- || usess.getRoles().isPoolAdmin()
+ || usess.getRoles().isQPoolManager()
|| usess.getRoles().isCurriculumManager();
}
}
diff --git a/src/main/java/org/olat/core/gui/control/navigation/callback/SiteSecurityCallbackWithRolesRestriction.java b/src/main/java/org/olat/core/gui/control/navigation/callback/SiteSecurityCallbackWithRolesRestriction.java
index 0c2f8db9c72c45daba8d20786c365583ff1a5933..996170af0a18b81062834837b186fb9445015433 100644
--- a/src/main/java/org/olat/core/gui/control/navigation/callback/SiteSecurityCallbackWithRolesRestriction.java
+++ b/src/main/java/org/olat/core/gui/control/navigation/callback/SiteSecurityCallbackWithRolesRestriction.java
@@ -52,7 +52,7 @@ public class SiteSecurityCallbackWithRolesRestriction implements SiteSecurityCal
return true;
} else if (theRole.equals("usermanager") && (roles.isOLATAdmin() || roles.isUserManager())) {
return true;
- } else if (theRole.equals("pooladmin") && (roles.isOLATAdmin() || roles.isPoolAdmin())) {
+ } else if (theRole.equals("pooladmin") && (roles.isOLATAdmin() || roles.isQPoolManager())) {
return true;
} else if (theRole.equals("institutionalresourcemanager") && (roles.isOLATAdmin() || roles.isLearnResourceManager())) {
return true;
diff --git a/src/main/java/org/olat/core/id/Roles.java b/src/main/java/org/olat/core/id/Roles.java
index 2b624b6fa0f80a0ba6caec70333144fb7a9185e3..85dee2cbe39196ec94f13b8b51a4a1f49348f3cc 100644
--- a/src/main/java/org/olat/core/id/Roles.java
+++ b/src/main/java/org/olat/core/id/Roles.java
@@ -47,8 +47,8 @@ public class Roles implements Serializable {
private final boolean isAuthor;
private final boolean isCoach;
private final boolean isGuestOnly;
- private final boolean isInstitutionalResourceManager;
- private final boolean isPoolAdmin;
+ private final boolean isLearnResourceManager;
+ private final boolean isQPoolManager;
private final boolean isCurriculumManager;
private final boolean isInvitee;
@@ -63,20 +63,20 @@ public class Roles implements Serializable {
* @param isUniCourseManager
*/
public Roles(boolean isOLATAdmin, boolean isUserManager, boolean isGroupManager, boolean isAuthor, boolean isGuestOnly,
- boolean isInstitutionalResourceManager, boolean isInvitee) {
- this(false, isOLATAdmin, isGroupManager, isUserManager, isAuthor, isGuestOnly, isInstitutionalResourceManager, false, false, false, isInvitee);
+ boolean isLearnResourceManager, boolean isInvitee) {
+ this(false, isOLATAdmin, isGroupManager, isUserManager, isAuthor, isGuestOnly, isLearnResourceManager, false, false, false, isInvitee);
}
public Roles(boolean isSystemAdmin, boolean isOLATAdmin, boolean isUserManager, boolean isGroupManager, boolean isAuthor, boolean isGuestOnly,
- boolean isInstitutionalResourceManager, boolean isPoolAdmin, boolean isCurriculumManager, boolean isCoach, boolean isInvitee) {
+ boolean isLearnResourceManager, boolean isQPoolManager, boolean isCurriculumManager, boolean isCoach, boolean isInvitee) {
this.isSystemAdmin = isSystemAdmin;
this.isOLATAdmin = isOLATAdmin;
this.isGroupManager = isGroupManager;
this.isUserManager = isUserManager;
this.isAuthor = isAuthor;
this.isGuestOnly = isGuestOnly;
- this.isInstitutionalResourceManager = isInstitutionalResourceManager;
- this.isPoolAdmin = isPoolAdmin;
+ this.isLearnResourceManager = isLearnResourceManager;
+ this.isQPoolManager = isQPoolManager;
this.isCurriculumManager = isCurriculumManager;
this.isInvitee = isInvitee;
this.isCoach = isCoach;
@@ -95,6 +95,44 @@ public class Roles implements Serializable {
return new Roles(false, false, false, true, false, false, false);
}
+ public static final Roles roles(OrganisationRoles... organisationRoles) {
+ boolean systemAdmin = false;
+ boolean olatAdmin = false;
+ boolean groupManager = false;
+ boolean userManager = false;
+ boolean author = false;
+ boolean guestOnly = false;
+ boolean learnResourceManager = false;
+ boolean poolAdmin = false;
+ boolean curriculumManager = false;
+ boolean invitee = false;
+ boolean coach = false;
+
+ if(organisationRoles != null && organisationRoles.length > 0) {
+ for(OrganisationRoles organisationRole:organisationRoles) {
+ if(organisationRole != null) {
+ switch(organisationRole) {
+ case sysadmin: systemAdmin = true; break;
+ case administrator: olatAdmin = true; break;
+ case usermanager: userManager = true; break;
+ case learnresourcemanager: learnResourceManager = true; break;
+ case groupmanager: groupManager = true; break;
+ case poolmanager: poolAdmin = true; break;
+ case curriculummanager: curriculumManager = true; break;
+ case author: author = true; break;
+ case coach: coach = true; break;
+ case user: break;
+ case invitee: invitee = true; break;
+ case guest: guestOnly = true; break;
+ }
+ }
+ }
+ }
+
+ return new Roles(systemAdmin, olatAdmin, userManager, groupManager, author, guestOnly,
+ learnResourceManager, poolAdmin, curriculumManager, coach, invitee);
+ }
+
public void setRolesByOrganisation(List<RolesByOrganisation> rolesByOrganisations) {
this.rolesByOrganisations = new ArrayList<>(rolesByOrganisations);
}
@@ -126,7 +164,7 @@ public class Roles implements Serializable {
return new ArrayList<>(organisations);
}
- public List<OrganisationRef> getOrganisationsWithRoles(OrganisationRoles role) {
+ public List<OrganisationRef> getOrganisationsWithRole(OrganisationRoles role) {
List<OrganisationRef> organisations = new ArrayList<>();
if(rolesByOrganisations != null) {
for(int i=rolesByOrganisations.size(); i--> 0; ) {
@@ -222,14 +260,14 @@ public class Roles implements Serializable {
* @return boolean True if the user has the role "learn resource manager" in some organizations.
*/
public boolean isLearnResourceManager() {
- return isInstitutionalResourceManager;
+ return isLearnResourceManager;
}
/**
* @return boolean
*/
- public boolean isPoolAdmin() {
- return isPoolAdmin;
+ public boolean isQPoolManager() {
+ return isQPoolManager;
}
public boolean isCurriculumManager() {
@@ -243,12 +281,9 @@ public class Roles implements Serializable {
return isInvitee;
}
- /**
- * @see java.lang.Object#toString()
- */
@Override
public String toString() {
- return "admin:"+isOLATAdmin+", usermanager:"+isUserManager+", groupmanager:"+isGroupManager+", author:"+isAuthor+", guestonly:"+isGuestOnly+", isInstitutionalResourceManager:"+isInstitutionalResourceManager+", isInvitee:"+isInvitee+", "+super.toString();
+ return "admin:"+isOLATAdmin+", usermanager:"+isUserManager+", groupmanager:"+isGroupManager+", author:"+isAuthor+", guestonly:"+isGuestOnly+", isInstitutionalResourceManager:"+isLearnResourceManager+", isInvitee:"+isInvitee+", "+super.toString();
}
@Override
@@ -258,11 +293,11 @@ public class Roles implements Serializable {
result = prime * result + (isAuthor ? 1231 : 1237);
result = prime * result + (isGroupManager ? 1231 : 1237);
result = prime * result + (isGuestOnly ? 1231 : 1237);
- result = prime * result + (isInstitutionalResourceManager ? 1231 : 1237);
+ result = prime * result + (isLearnResourceManager ? 1231 : 1237);
result = prime * result + (isInvitee ? 1231 : 1237);
result = prime * result + (isOLATAdmin ? 1231 : 1237);
result = prime * result + (isUserManager ? 1231 : 1237);
- result = prime * result + (isPoolAdmin ? 1231 : 1237);
+ result = prime * result + (isQPoolManager ? 1231 : 1237);
result = prime * result + (isCurriculumManager ? 1231 : 1237);
return result;
}
@@ -285,8 +320,8 @@ public class Roles implements Serializable {
&& isGroupManager == other.isGroupManager
&& isAuthor == other.isAuthor
&& isGuestOnly == other.isGuestOnly
- && isInstitutionalResourceManager == other.isInstitutionalResourceManager
- && isPoolAdmin == other.isPoolAdmin
+ && isLearnResourceManager == other.isLearnResourceManager
+ && isQPoolManager == other.isQPoolManager
&& isCurriculumManager == other.isCurriculumManager
&& isInvitee == other.isInvitee;
}
diff --git a/src/main/java/org/olat/core/id/RolesByOrganisation.java b/src/main/java/org/olat/core/id/RolesByOrganisation.java
index 90a47ee68492b3c9de5f5d135dde3bed7d4e0efe..581da7df90c6228eff10dc9675564bdc80c773d0 100644
--- a/src/main/java/org/olat/core/id/RolesByOrganisation.java
+++ b/src/main/java/org/olat/core/id/RolesByOrganisation.java
@@ -48,41 +48,45 @@ public class RolesByOrganisation implements Serializable {
this.roles = roles == null ? new OrganisationRoles[0] : roles.toArray(new OrganisationRoles[roles.size()]);
}
- public static RolesByOrganisation roles(OrganisationRef org, boolean invitee, boolean user,
- boolean coach, boolean author,
+ public static RolesByOrganisation roles(OrganisationRef org, boolean guest, boolean invitee,
+ boolean user, boolean coach, boolean author,
boolean groupManager, boolean poolManager, boolean curriculummanager,
boolean usermanager, boolean learnresourcemanager, boolean admin) {
List<OrganisationRoles> roleList = new ArrayList<>();
- if(user) {
- roleList.add(OrganisationRoles.user);
- }
- if(invitee) {
- roleList.add(OrganisationRoles.invitee);
- }
- if(coach) {
- roleList.add(OrganisationRoles.coach);
- }
- if(groupManager) {
- roleList.add(OrganisationRoles.groupmanager);
- }
- if(poolManager) {
- roleList.add(OrganisationRoles.poolmanager);
- }
- if(curriculummanager) {
- roleList.add(OrganisationRoles.curriculummanager);
- }
- if(author) {
- roleList.add(OrganisationRoles.author);
- }
- if(usermanager) {
- roleList.add(OrganisationRoles.usermanager);
- }
- if(learnresourcemanager) {
- roleList.add(OrganisationRoles.learnresourcemanager);
- }
- if(admin) {
- roleList.add(OrganisationRoles.administrator);
+ if(guest) {
+ roleList.add(OrganisationRoles.guest);
+ } else {
+ if(user) {
+ roleList.add(OrganisationRoles.user);
+ }
+ if(invitee) {
+ roleList.add(OrganisationRoles.invitee);
+ }
+ if(coach) {
+ roleList.add(OrganisationRoles.coach);
+ }
+ if(groupManager) {
+ roleList.add(OrganisationRoles.groupmanager);
+ }
+ if(poolManager) {
+ roleList.add(OrganisationRoles.poolmanager);
+ }
+ if(curriculummanager) {
+ roleList.add(OrganisationRoles.curriculummanager);
+ }
+ if(author) {
+ roleList.add(OrganisationRoles.author);
+ }
+ if(usermanager) {
+ roleList.add(OrganisationRoles.usermanager);
+ }
+ if(learnresourcemanager) {
+ roleList.add(OrganisationRoles.learnresourcemanager);
+ }
+ if(admin) {
+ roleList.add(OrganisationRoles.administrator);
+ }
}
return new RolesByOrganisation(org, roleList.toArray(new OrganisationRoles[roleList.size()]));
}
diff --git a/src/main/java/org/olat/course/nodes/ViteroCourseNode.java b/src/main/java/org/olat/course/nodes/ViteroCourseNode.java
index 80a4a50e40d4e1cc67196f5d779baed06d4fc7fe..8ee6c9da07799b98a9c112255433533ad3d5f55c 100644
--- a/src/main/java/org/olat/course/nodes/ViteroCourseNode.java
+++ b/src/main/java/org/olat/course/nodes/ViteroCourseNode.java
@@ -107,7 +107,7 @@ public class ViteroCourseNode extends AbstractAccessableCourseNode {
boolean moderator = roles.isOLATAdmin();
Long key = userCourseEnv.getCourseEnvironment().getCourseResourceableId();
if (!moderator) {
- if(roles.isLearnResourceManager() || roles.isAuthor()) {
+ if(roles.isLearnResourceManager() || roles.isAuthor() || roles.isOLATAdmin()) {
RepositoryManager rm = RepositoryManager.getInstance();
ICourse course = CourseFactory.loadCourse(key);
RepositoryEntry re = course.getCourseEnvironment().getCourseGroupManager().getCourseEntry();
diff --git a/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java b/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
index 3345475b2bdeb03426c5949d375a680ab280fe1e..6a5097eb95e7bae7b87715ccc0efd9f3947d4447 100644
--- a/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
+++ b/src/main/java/org/olat/course/nodes/cal/CourseCalendars.java
@@ -131,7 +131,8 @@ public class CourseCalendars {
CourseGroupManager cgm = course.getCourseEnvironment().getCourseGroupManager();
// add course group calendars
- boolean isGroupManager = ureq.getUserSession().getRoles().isOLATAdmin() || ureq.getUserSession().getRoles().isGroupManager()
+ Roles roles = ureq.getUserSession().getRoles();
+ boolean isGroupManager = roles.isOLATAdmin() || roles.isGroupManager()
|| cgm.isIdentityCourseAdministrator(identity) || cgm.hasRight(identity, CourseRights.RIGHT_GROUPMANAGEMENT);
boolean readOnly = courseEnv.isCourseReadOnly();
diff --git a/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java b/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
index 205283b828d903dcd5bae34678f0a8a57eefd526..385461a45884dfd66dea4d98cc26c1c6a7aed790 100644
--- a/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
+++ b/src/main/java/org/olat/group/ui/main/AbstractBusinessGroupListController.java
@@ -66,7 +66,6 @@ import org.olat.core.id.context.ContextEntry;
import org.olat.core.id.context.StateEntry;
import org.olat.core.logging.activity.ThreadLocalUserActivityLogger;
import org.olat.core.util.StringHelper;
-import org.olat.core.util.UserSession;
import org.olat.core.util.Util;
import org.olat.core.util.mail.ContactList;
import org.olat.core.util.mail.ContactMessage;
@@ -758,8 +757,8 @@ public abstract class AbstractBusinessGroupListController extends FormBasicContr
return;
}
- UserSession usess = ureq.getUserSession();
- boolean isAuthor = usess.getRoles().isAuthor() || usess.getRoles().isLearnResourceManager();
+ Roles roles = ureq.getUserSession().getRoles();
+ boolean isAuthor = roles.isOLATAdmin() || roles.isAuthor() || roles.isLearnResourceManager();
Step start = new BGConfigToolsStep(ureq, isAuthor);
StepRunnerCallback finish = new StepRunnerCallback() {
@@ -784,7 +783,7 @@ public abstract class AbstractBusinessGroupListController extends FormBasicContr
}
} else if (CollaborationTools.TOOL_CALENDAR.equals(enabledTool)) {
- tools.saveCalendarAccess(new Long(configuration.getCalendarAccess()));
+ tools.saveCalendarAccess(Long.valueOf(configuration.getCalendarAccess()));
}
}
for(String disabledTool:configuration.getToolsToDisable()) {
@@ -1067,7 +1066,8 @@ public abstract class AbstractBusinessGroupListController extends FormBasicContr
}
protected boolean filterEditableGroupKeys(UserRequest ureq, List<Long> groupKeys) {
- if(ureq.getUserSession().getRoles().isOLATAdmin() || ureq.getUserSession().getRoles().isGroupManager()) {
+ Roles roles = ureq.getUserSession().getRoles();
+ if(roles.isOLATAdmin() || roles.isGroupManager()) {
return false;
}
@@ -1094,10 +1094,10 @@ public abstract class AbstractBusinessGroupListController extends FormBasicContr
* @param doSendMail specifies if notification mails should be sent to users of delted group
*/
private void doDelete(UserRequest ureq, boolean doSendMail, List<BusinessGroup> groups) {
+ Roles roles = ureq.getUserSession().getRoles();
for(BusinessGroup group:groups) {
//check security
- boolean ow = ureq.getUserSession().getRoles().isOLATAdmin()
- || ureq.getUserSession().getRoles().isGroupManager()
+ boolean ow = roles.isOLATAdmin() || roles.isGroupManager()
|| businessGroupService.hasRoles(getIdentity(), group, GroupRoles.coach.name());
if (ow) {
diff --git a/src/main/java/org/olat/group/ui/wizard/BGConfigToolsStep.java b/src/main/java/org/olat/group/ui/wizard/BGConfigToolsStep.java
index cac267d3c75d61fc169eb85e7e0f4486d74dc55f..312bbedcb5f1b5ddd24b5604251fd252b0a37431 100644
--- a/src/main/java/org/olat/group/ui/wizard/BGConfigToolsStep.java
+++ b/src/main/java/org/olat/group/ui/wizard/BGConfigToolsStep.java
@@ -58,7 +58,6 @@ public class BGConfigToolsStep extends BasicStep {
@Override
public StepFormController getStepController(UserRequest ureq, WindowControl wControl, StepsRunContext runContext, Form form) {
- BGConfigToolsStepController controller = new BGConfigToolsStepController(ureq, wControl, form, runContext);
- return controller;
+ return new BGConfigToolsStepController(ureq, wControl, form, runContext);
}
}
diff --git a/src/main/java/org/olat/ldap/manager/LDAPLoginManagerImpl.java b/src/main/java/org/olat/ldap/manager/LDAPLoginManagerImpl.java
index 0bb1140b23f11a58bb8168ca48633beda147d488..648c600ba99d439cc0f3d528fb67595b214178e2 100644
--- a/src/main/java/org/olat/ldap/manager/LDAPLoginManagerImpl.java
+++ b/src/main/java/org/olat/ldap/manager/LDAPLoginManagerImpl.java
@@ -67,6 +67,7 @@ import org.olat.core.gui.control.Event;
import org.olat.core.id.Identity;
import org.olat.core.id.Organisation;
import org.olat.core.id.Roles;
+import org.olat.core.id.RolesByOrganisation;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
import org.olat.core.logging.OLog;
@@ -1071,41 +1072,58 @@ public class LDAPLoginManagerImpl implements LDAPLoginManager, GenericEventListe
Identity identity = securityManager.loadIdentityByKey(identityRef.getKey());
Roles roles = securityManager.getRoles(identity);
switch(role) {
- case coach:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), roles.isGroupManager(), true,
- false, roles.isLearnResourceManager(), roles.isPoolAdmin(), roles.isCurriculumManager(), roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ case coach: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ true, roles.isAuthor(), roles.isGroupManager(), roles.isQPoolManager(), roles.isCurriculumManager(),
+ roles.isUserManager(), roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
- case author:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), roles.isGroupManager(), roles.isAuthor(),
- false, roles.isLearnResourceManager(), roles.isPoolAdmin(), roles.isCurriculumManager(), true, false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ }
+ case author: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), true, roles.isGroupManager(), roles.isQPoolManager(), roles.isCurriculumManager(),
+ roles.isUserManager(), roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
- case usermanager:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), true, roles.isGroupManager(), roles.isAuthor(),
- false, roles.isLearnResourceManager(), roles.isPoolAdmin(), roles.isCurriculumManager(), roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ }
+ case usermanager: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), roles.isAuthor(), roles.isGroupManager(), roles.isQPoolManager(), roles.isCurriculumManager(),
+ true, roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
- case groupmanager:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), true, roles.isAuthor(),
- false, roles.isLearnResourceManager(), roles.isPoolAdmin(), roles.isCurriculumManager(), roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ }
+ case groupmanager: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), roles.isAuthor(), true, roles.isQPoolManager(), roles.isCurriculumManager(),
+ roles.isUserManager(), roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
- case poolmanager:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), roles.isGroupManager(), roles.isAuthor(),
- false, roles.isLearnResourceManager(), true, roles.isCurriculumManager(), roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ }
+ case poolmanager: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), roles.isAuthor(), roles.isGroupManager(), true, roles.isCurriculumManager(),
+ roles.isUserManager(), roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
- case curriculummanager:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), roles.isGroupManager(), roles.isAuthor(),
- false, roles.isLearnResourceManager(), roles.isPoolAdmin(), true, roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
- break;
- case learnresourcemanager:
- roles = new Roles(roles.isSystemAdmin(), roles.isOLATAdmin(), roles.isUserManager(), roles.isGroupManager(), roles.isAuthor(),
- false, true, roles.isPoolAdmin(), roles.isCurriculumManager(), roles.isCoach(), false);
- securityManager.updateRoles(null, identity, organisation, roles);
+ }
+ case curriculummanager: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), roles.isAuthor(), roles.isGroupManager(), roles.isQPoolManager(), true,
+ roles.isUserManager(), roles.isLearnResourceManager(), roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
break;
+ }
+ case learnresourcemanager: {
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(organisation, false, false, true,
+ roles.isCoach(), roles.isAuthor(), roles.isGroupManager(), roles.isQPoolManager(), roles.isCurriculumManager(),
+ roles.isUserManager(), true, roles.isOLATAdmin());
+ securityManager.updateRoles(null, identity, modifiedRoles);
+ break;
+ }
+ default: {
+ log.error("LDAP Role synchronization not supported for: " + role);
+ }
}
}
}
diff --git a/src/main/java/org/olat/login/LoginModule.java b/src/main/java/org/olat/login/LoginModule.java
index fe84b96288f7ad44b4ad6f609f9fea36b607e615..3c3ed041d99bd0ebe9457b142ff285d4b678f133 100644
--- a/src/main/java/org/olat/login/LoginModule.java
+++ b/src/main/java/org/olat/login/LoginModule.java
@@ -448,7 +448,7 @@ public class LoginModule extends AbstractSpringModule {
if(roles.isLearnResourceManager()) {
age = getMaxAgeOrDefault(age, passwordMaxAgeLearnResourceManager);
}
- if(roles.isPoolAdmin()) {
+ if(roles.isQPoolManager()) {
age = getMaxAgeOrDefault(age, passwordMaxAgePoolManager);
}
if(roles.isGroupManager()) {
diff --git a/src/main/java/org/olat/modules/curriculum/site/CurriculumManagerSecurityCallback.java b/src/main/java/org/olat/modules/curriculum/site/CurriculumManagerSecurityCallback.java
index 6b07b1ca89bddfadeb845d3f2c31f409ea8c9074..e64d3a63cad04f8c8185a2e63884374f4f4ee5c4 100644
--- a/src/main/java/org/olat/modules/curriculum/site/CurriculumManagerSecurityCallback.java
+++ b/src/main/java/org/olat/modules/curriculum/site/CurriculumManagerSecurityCallback.java
@@ -21,6 +21,7 @@ package org.olat.modules.curriculum.site;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.control.navigation.SiteSecurityCallback;
+import org.olat.core.id.Roles;
import org.olat.core.util.UserSession;
import org.springframework.stereotype.Service;
@@ -35,14 +36,18 @@ public class CurriculumManagerSecurityCallback implements SiteSecurityCallback {
@Override
public boolean isAllowedToLaunchSite(UserRequest ureq) {
- if (ureq == null || ureq.getUserSession() == null) {
+ if (ureq == null) {
return false;
}
UserSession usess = ureq.getUserSession();
- if (usess.getRoles() == null || usess.getRoles().isInvitee() || usess.getRoles().isGuestOnly()) {
+ if(usess == null || usess.getRoles() == null) {
return false;
}
-
- return usess.getRoles().isOLATAdmin() || usess.getRoles().isCurriculumManager();
+
+ Roles roles = usess.getRoles();
+ if (usess.getRoles() == null || roles.isInvitee() || roles.isGuestOnly()) {
+ return false;
+ }
+ return roles.isOLATAdmin() || roles.isCurriculumManager();
}
}
diff --git a/src/main/java/org/olat/modules/lecture/ui/coach/LecturesSearchController.java b/src/main/java/org/olat/modules/lecture/ui/coach/LecturesSearchController.java
index 26344500279bc394b0bf2edc49d2c9dd547e7d97..7249ccc94771660be2cd5c888701efb08948fbf3 100644
--- a/src/main/java/org/olat/modules/lecture/ui/coach/LecturesSearchController.java
+++ b/src/main/java/org/olat/modules/lecture/ui/coach/LecturesSearchController.java
@@ -65,7 +65,7 @@ public class LecturesSearchController extends BasicController implements Activat
super(ureq, wControl, Util.createPackageTranslator(LectureRepositoryAdminController.class, ureq.getLocale()));
this.stackPanel = stackPanel;
Roles roles = ureq.getUserSession().getRoles();
- admin = (roles.isUserManager() || roles.isOLATAdmin());
+ admin = (roles.isUserManager() || roles.isOLATAdmin());//TODO roles
searchForm = new LecturesSearchFormController(ureq, getWindowControl(), admin);
listenTo(searchForm);
diff --git a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
index 5db8350b72cdd9c87566cc6bdb02eab5467253a3..029527b29f77d8e5c239779f1093a61514284a09 100644
--- a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
+++ b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackFactory.java
@@ -53,7 +53,7 @@ public class QPoolSecurityCallbackFactory {
securityCallback.setQuestionItemView(itemView);
securityCallback.setQuestionItemSource(questionItemSource);
securityCallback.setAdmin(roles.isOLATAdmin());
- securityCallback.setPoolAdmin(roles.isPoolAdmin());
+ securityCallback.setPoolAdmin(roles.isQPoolManager());
return securityCallback;
}
diff --git a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
index 68a8feb06f5bd1c5de43e7efe61c9aeb073d9948..2fda40399a3b534eb5f06a12938915494e83fef8 100644
--- a/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
+++ b/src/main/java/org/olat/modules/qpool/security/QPoolSecurityCallbackImpl.java
@@ -45,9 +45,9 @@ public class QPoolSecurityCallbackImpl implements QPoolSecurityCallback {
@Override
public void setRoles(Roles roles) {
- this.admin = roles.isOLATAdmin();
- this.poolAdmin = roles.isPoolAdmin();
- this.olatAuthor = roles.isAuthor();
+ admin = roles.isOLATAdmin();
+ poolAdmin = roles.isQPoolManager();
+ olatAuthor = roles.isAuthor();
}
@Override
diff --git a/src/main/java/org/olat/modules/qpool/site/AuthorAndPoolPrivateMembersSecurityCallback.java b/src/main/java/org/olat/modules/qpool/site/AuthorAndPoolPrivateMembersSecurityCallback.java
index 74f7775c9e16d205ccb13ff3006e89e949c56fc3..b39fc747304085530dd2fe22730c6a21121fd0b9 100644
--- a/src/main/java/org/olat/modules/qpool/site/AuthorAndPoolPrivateMembersSecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/site/AuthorAndPoolPrivateMembersSecurityCallback.java
@@ -59,7 +59,7 @@ public class AuthorAndPoolPrivateMembersSecurityCallback implements SiteSecurity
if (roles == null || roles.isInvitee() || roles.isGuestOnly()) {
return false;
}
- if (roles.isOLATAdmin() || roles.isPoolAdmin() || roles.isAuthor()) {
+ if (roles.isOLATAdmin() || roles.isQPoolManager() || roles.isAuthor()) {
return true;
}
return qPoolService.isMemberOfPrivatePools(ureq.getIdentity());
diff --git a/src/main/java/org/olat/modules/qpool/site/PoolPrivateMembersSecurityCallback.java b/src/main/java/org/olat/modules/qpool/site/PoolPrivateMembersSecurityCallback.java
index c74a5dce9ed5d909b7788c3915fc59b15962f9fd..79f9deeeff4af3daf03ac09dcafb55c66e7988eb 100644
--- a/src/main/java/org/olat/modules/qpool/site/PoolPrivateMembersSecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/site/PoolPrivateMembersSecurityCallback.java
@@ -60,7 +60,7 @@ public class PoolPrivateMembersSecurityCallback implements SiteSecurityCallback
if(roles == null || roles.isInvitee() || roles.isGuestOnly()) {
return false;
}
- if (roles.isOLATAdmin() || roles.isPoolAdmin()) {
+ if (roles.isOLATAdmin() || roles.isQPoolManager()) {
return true;
}
return qPoolService.isMemberOfPrivatePools(ureq.getIdentity());
diff --git a/src/main/java/org/olat/modules/qpool/site/PoolTaxonomySecurityCallback.java b/src/main/java/org/olat/modules/qpool/site/PoolTaxonomySecurityCallback.java
index 65bb25c7cb5f51550180729757763b8b777deab3..f082915a33d5b1b2fb75c4cf60233cd9765ebb2c 100644
--- a/src/main/java/org/olat/modules/qpool/site/PoolTaxonomySecurityCallback.java
+++ b/src/main/java/org/olat/modules/qpool/site/PoolTaxonomySecurityCallback.java
@@ -68,7 +68,7 @@ public class PoolTaxonomySecurityCallback implements SiteSecurityCallback {
if (roles == null || roles.isInvitee() || roles.isGuestOnly()) {
return false;
}
- if (roles.isOLATAdmin() || roles.isPoolAdmin()) {
+ if (roles.isOLATAdmin() || roles.isQPoolManager()) {
return true;
}
diff --git a/src/main/java/org/olat/modules/qpool/site/QuestionPoolSiteDef.java b/src/main/java/org/olat/modules/qpool/site/QuestionPoolSiteDef.java
index 015d8472ef5ac8911da65838530ac5668cf3025b..207a004469a4195e337343096762d7583f7867e6 100644
--- a/src/main/java/org/olat/modules/qpool/site/QuestionPoolSiteDef.java
+++ b/src/main/java/org/olat/modules/qpool/site/QuestionPoolSiteDef.java
@@ -25,7 +25,9 @@ import org.olat.core.gui.control.navigation.AbstractSiteDefinition;
import org.olat.core.gui.control.navigation.SiteConfiguration;
import org.olat.core.gui.control.navigation.SiteDefinition;
import org.olat.core.gui.control.navigation.SiteInstance;
+import org.olat.core.id.Roles;
import org.olat.core.util.StringHelper;
+import org.olat.core.util.UserSession;
/**
*
@@ -40,10 +42,14 @@ public class QuestionPoolSiteDef extends AbstractSiteDefinition implements SiteD
if(StringHelper.containsNonWhitespace(config.getSecurityCallbackBeanId())) {
//already checked
return new QuestionPoolSite(this, ureq.getLocale());
- } else if(ureq.getUserSession() != null
- && ureq.getUserSession().getRoles() != null
- && (ureq.getUserSession().getRoles().isAuthor()
- || ureq.getUserSession().getRoles().isPoolAdmin())) {
+ }
+
+ UserSession usess = ureq.getUserSession();
+ if(usess == null || usess.getRoles() == null) {
+ return null;
+ }
+ Roles roles = usess.getRoles();
+ if(roles.isOLATAdmin() || roles.isAuthor() || roles.isQPoolManager()) {
return new QuestionPoolSite(this, ureq.getLocale());
}
return null;
diff --git a/src/main/java/org/olat/modules/qpool/ui/datasource/SharedItemsSource.java b/src/main/java/org/olat/modules/qpool/ui/datasource/SharedItemsSource.java
index a8ad2776e1a1c9bd974a2b938910b1a56a262186..38cda4a62acc3fb5ba879963bb80062aff355675 100644
--- a/src/main/java/org/olat/modules/qpool/ui/datasource/SharedItemsSource.java
+++ b/src/main/java/org/olat/modules/qpool/ui/datasource/SharedItemsSource.java
@@ -101,7 +101,7 @@ public class SharedItemsSource implements QuestionItemsSource {
@Override
public boolean isRemoveEnabled() {
- return roles.isOLATAdmin() || roles.isPoolAdmin() || admin;
+ return roles.isOLATAdmin() || roles.isQPoolManager() || admin;
}
@Override
diff --git a/src/main/java/org/olat/repository/RepositoryManager.java b/src/main/java/org/olat/repository/RepositoryManager.java
index 0c6fae1e6933b91f50fcdbfbe49ec2ec5266b443..f44bf608ed6422932313f127daf6c0f8fb77e557 100644
--- a/src/main/java/org/olat/repository/RepositoryManager.java
+++ b/src/main/java/org/olat/repository/RepositoryManager.java
@@ -1595,7 +1595,7 @@ public class RepositoryManager {
}
//TODO roles (add administration)
- List<OrganisationRef> learnResourceManagerOrganisations = roles.getOrganisationsWithRoles(OrganisationRoles.learnresourcemanager);
+ List<OrganisationRef> learnResourceManagerOrganisations = roles.getOrganisationsWithRole(OrganisationRoles.learnresourcemanager);
List<OrganisationRef> repositoryOrganisations = repositoryEntryToOrganisationDao.getOrganisationReferences(repositoryEntry);
for(OrganisationRef learnResourceManagerOrganisation:learnResourceManagerOrganisations) {
for(OrganisationRef repositoryOrganisation:repositoryOrganisations) {
diff --git a/src/main/java/org/olat/repository/controllers/RepositorySearchController.java b/src/main/java/org/olat/repository/controllers/RepositorySearchController.java
index b012f180d67dc81b16fe384208e3c8accb49d27e..69d6db7720f66bdc9db3b5e85ebff37546a0b827 100644
--- a/src/main/java/org/olat/repository/controllers/RepositorySearchController.java
+++ b/src/main/java/org/olat/repository/controllers/RepositorySearchController.java
@@ -145,8 +145,6 @@ public class RepositorySearchController extends BasicController implements Activ
tableCtr.setTableDataModel(repoTableModel);
tableCtr.setSortColumn(sortCol, true);
vc.put("repotable", tableCtr.getInitialComponent());
-
- vc.contextPut("isAuthor", Boolean.valueOf(identityRoles.isAuthor()));
vc.contextPut("withCancel", Boolean.valueOf(withCancel));
enableBackToSearchFormLink(false); // default, must be enabled explicitly
enableSearchforAllXXAbleInSearchForm(null); // default
@@ -157,7 +155,7 @@ public class RepositorySearchController extends BasicController implements Activ
* @param enableBack true: back link is shown, back goes to search form; false; no back link
*/
public void enableBackToSearchFormLink(boolean enableBack) {
- vc.contextPut("withBack", new Boolean(enableBack));
+ vc.contextPut("withBack", Boolean.valueOf(enableBack));
}
@Override
@@ -388,7 +386,7 @@ public class RepositorySearchController extends BasicController implements Activ
private void doSearchById(String id, Collection<String> restrictedTypes) {
List<RepositoryEntry> entries = repositoryService.searchByIdAndRefs(id);
- if(restrictedTypes != null && restrictedTypes.size() > 0) {
+ if(restrictedTypes != null && !restrictedTypes.isEmpty()) {
for(Iterator<RepositoryEntry> it=entries.iterator(); it.hasNext(); ) {
RepositoryEntry entry = it.next();
if(!restrictedTypes.contains(entry.getOlatResource().getResourceableTypeName())) {
diff --git a/src/main/java/org/olat/repository/controllers/_content/results.html b/src/main/java/org/olat/repository/controllers/_content/results.html
index a191eec20492e5504bc8f68325859f276addf55e..979683ea86f4dfa28ec86746b1c69853292e0663 100644
--- a/src/main/java/org/olat/repository/controllers/_content/results.html
+++ b/src/main/java/org/olat/repository/controllers/_content/results.html
@@ -10,15 +10,10 @@ $r.render("repotable")
#if ($hasResults)
<div class="o_xsmall">$r.translate("table.header.access.desc")</div>
#if ($withCancel)
- <p>
- $r.render("cancel")
- <p>
+ <div class="o_button_group">$r.render("cancel")<div>
#end
#else
- <br />
#if ($withCancel)
- <p>
- $r.render("cancel")
- <p>
+ <div class="o_button_group">$r.render("cancel")<div>
#end
#end
diff --git a/src/main/java/org/olat/repository/manager/RepositoryEntryAuthorQueries.java b/src/main/java/org/olat/repository/manager/RepositoryEntryAuthorQueries.java
index d4bdb64a865c58fb9a3ba782398229bb09c8eeb5..cf71d8cf18ee0554dc3627faf8b094d90d6a467e 100644
--- a/src/main/java/org/olat/repository/manager/RepositoryEntryAuthorQueries.java
+++ b/src/main/java/org/olat/repository/manager/RepositoryEntryAuthorQueries.java
@@ -344,7 +344,6 @@ public class RepositoryEntryAuthorQueries {
}
if(roles != null && (roles.isAuthor() || roles.isLearnResourceManager())) {
- //TODO roles (author permissions)
sb.append(" (v.access>=").append(RepositoryEntry.ACC_OWNERS_AUTHORS)
.append(" or (v.access=").append(RepositoryEntry.ACC_OWNERS)
.append(" and v.key in (select rel.entry.key from repoentrytogroup as rel, bgroupmember as membership")
@@ -467,6 +466,10 @@ public class RepositoryEntryAuthorQueries {
appendAsc(sb, asc).append(" nulls last, lower(v.displayname) asc");
}
break;
+ case license:
+ sb.append(" order by v.key");
+ appendAsc(sb, asc);
+ break;
}
}
}
diff --git a/src/main/java/org/olat/repository/site/RepositorySiteDef.java b/src/main/java/org/olat/repository/site/RepositorySiteDef.java
index b4c4a4867f18778cec4d44de9ffa597a792ecd8a..dc2c81ca9a25f4446ba767dfdf580cb69fe056de 100644
--- a/src/main/java/org/olat/repository/site/RepositorySiteDef.java
+++ b/src/main/java/org/olat/repository/site/RepositorySiteDef.java
@@ -31,6 +31,7 @@ import org.olat.core.gui.control.navigation.AbstractSiteDefinition;
import org.olat.core.gui.control.navigation.SiteConfiguration;
import org.olat.core.gui.control.navigation.SiteDefinition;
import org.olat.core.gui.control.navigation.SiteInstance;
+import org.olat.core.id.Roles;
import org.olat.core.util.StringHelper;
import org.olat.core.util.UserSession;
@@ -55,8 +56,12 @@ public class RepositorySiteDef extends AbstractSiteDefinition implements SiteDef
}
UserSession usess = ureq.getUserSession();
+ if(usess == null || usess.getRoles() == null) {
+ return null;
+ }
- if(usess.getRoles().isAuthor() || usess.getRoles().isLearnResourceManager()) {
+ Roles roles = usess.getRoles();
+ if(roles.isOLATAdmin() || roles.isAuthor() || roles.isLearnResourceManager()) {
// only for authors and institutional resource managers
return new RepositorySite(this, ureq.getLocale());
}
diff --git a/src/main/java/org/olat/repository/ui/author/AuthorSearchController.java b/src/main/java/org/olat/repository/ui/author/AuthorSearchController.java
index f18cc9c2120c9efac1c705135e0a66a7c99420fe..988ece0e588efbe8d9bcd6b4186f5ac7a3b6876a 100644
--- a/src/main/java/org/olat/repository/ui/author/AuthorSearchController.java
+++ b/src/main/java/org/olat/repository/ui/author/AuthorSearchController.java
@@ -334,8 +334,8 @@ public class AuthorSearchController extends FormBasicController implements Exten
e.setResourceUsage(getResourceUsage());
e.setClosed(getClosed());
if (licenseModule.isEnabled(licenseHandler)) {
- Set<Long> keys = licenseEl.getSelectedKeys().stream().map(Long::valueOf).collect(Collectors.toSet());
- e.setLicenseTypeKeys(keys);
+ Set<Long> licenceKeys = licenseEl.getSelectedKeys().stream().map(Long::valueOf).collect(Collectors.toSet());
+ e.setLicenseTypeKeys(licenceKeys);
}
fireEvent(ureq, e);
}
diff --git a/src/main/java/org/olat/repository/ui/catalog/CatalogEntryAddController.java b/src/main/java/org/olat/repository/ui/catalog/CatalogEntryAddController.java
index c3a0770f0e5894ae0587dffec46295828fb025d2..c22ad8097f92bbb0a57a3850399e2b838a986324 100644
--- a/src/main/java/org/olat/repository/ui/catalog/CatalogEntryAddController.java
+++ b/src/main/java/org/olat/repository/ui/catalog/CatalogEntryAddController.java
@@ -22,7 +22,6 @@ package org.olat.repository.ui.catalog;
import java.util.Collections;
import java.util.List;
-import org.olat.basesecurity.BaseSecurity;
import org.olat.core.gui.UserRequest;
import org.olat.core.gui.components.Component;
import org.olat.core.gui.components.link.Link;
@@ -60,8 +59,6 @@ public class CatalogEntryAddController extends BasicController {
private Link okButton, cancelButton;
private RepositoryEntry toBeAddedEntry;
- @Autowired
- private BaseSecurity securityManager;
@Autowired
protected CatalogManager catalogManager;
diff --git a/src/main/java/org/olat/repository/ui/catalog/CatalogNodeManagerController.java b/src/main/java/org/olat/repository/ui/catalog/CatalogNodeManagerController.java
index 6e3c16c4ad926ed7d6197242aa5667dde44f8253..bc066cfc9ce5da7c66489d7f164b8b78f11a298a 100644
--- a/src/main/java/org/olat/repository/ui/catalog/CatalogNodeManagerController.java
+++ b/src/main/java/org/olat/repository/ui/catalog/CatalogNodeManagerController.java
@@ -61,6 +61,7 @@ import org.olat.core.gui.control.generic.modal.DialogBoxUIFactory;
import org.olat.core.helpers.Settings;
import org.olat.core.id.Identity;
import org.olat.core.id.OLATResourceable;
+import org.olat.core.id.Roles;
import org.olat.core.id.context.BusinessControlFactory;
import org.olat.core.id.context.ContextEntry;
import org.olat.core.id.context.StateEntry;
@@ -173,9 +174,10 @@ public class CatalogNodeManagerController extends FormBasicController implements
this.rootwControl = rootwControl;
mapperThumbnailKey = mapperService.register(null, "catalogentryImage", new CatalogEntryImageMapper());
- isAuthor = ureq.getUserSession().getRoles().isAuthor();
- isGuest = ureq.getUserSession().getRoles().isGuestOnly();
- isOLATAdmin = ureq.getUserSession().getRoles().isOLATAdmin();
+ Roles roles = ureq.getUserSession().getRoles();
+ isAuthor = roles.isAuthor();
+ isGuest = roles.isGuestOnly();
+ isOLATAdmin = roles.isOLATAdmin();
if(isOLATAdmin) {
isLocalTreeAdmin = false;
@@ -679,7 +681,7 @@ public class CatalogNodeManagerController extends FormBasicController implements
entrySearchCtrl = new RepositorySearchController(translate("choose"), ureq, getWindowControl(), true, false, new String[0], null);
listenTo(entrySearchCtrl);
// OLAT-Admin has search form
- if (ureq.getUserSession().getRoles().isOLATAdmin()) {
+ if (isOLATAdmin) {
entrySearchCtrl.displaySearchForm();
}
// an Author gets the list of his repository
diff --git a/src/main/java/org/olat/restapi/security/RestSecurityHelper.java b/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
index d934b5f0e7c5c0ae150a92dde35de1e175e79707..a27959e1446f33ed7bc56628ee48620b8b29e7f8 100644
--- a/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
+++ b/src/main/java/org/olat/restapi/security/RestSecurityHelper.java
@@ -159,7 +159,7 @@ public class RestSecurityHelper {
public static boolean isQuestionPoolManager(HttpServletRequest request) {
try {
Roles roles = getRoles(request);
- return (roles.isPoolAdmin() || roles.isOLATAdmin());
+ return (roles.isQPoolManager() || roles.isOLATAdmin());
} catch (Exception e) {
return false;
}
diff --git a/src/main/java/org/olat/upgrade/OLATUpgrade_13_0_0.java b/src/main/java/org/olat/upgrade/OLATUpgrade_13_0_0.java
index 0778cda3174e79b94334592ee80617631535bf19..ef0ae1cbf3fb82dcb6641785998c1074431849b5 100644
--- a/src/main/java/org/olat/upgrade/OLATUpgrade_13_0_0.java
+++ b/src/main/java/org/olat/upgrade/OLATUpgrade_13_0_0.java
@@ -125,7 +125,7 @@ public class OLATUpgrade_13_0_0 extends OLATUpgrade {
List<Long> identitiyKeys = getIdentityInSecurityGroup(secGroupName);
for(int i=0; i<identitiyKeys.size(); i++) {
Identity member = dbInstance.getCurrentEntityManager().getReference(IdentityImpl.class, identitiyKeys.get(i));
- organisationService.addMember(organisation, member, role, GroupMembershipInheritance.none);
+ organisationService.addMember(organisation, member, role, getInheritanceMode(role));
if(i % 20 == 0) {
dbInstance.commitAndCloseSession();
}
@@ -137,6 +137,13 @@ public class OLATUpgrade_13_0_0 extends OLATUpgrade {
log.info("End migration of " + identitiyKeys.size() + " " + secGroupName);
}
+ private GroupMembershipInheritance getInheritanceMode(OrganisationRoles role) {
+ if(role == OrganisationRoles.learnresourcemanager || role == OrganisationRoles.usermanager || role == OrganisationRoles.author) {
+ return GroupMembershipInheritance.root;
+ }
+ return GroupMembershipInheritance.none;
+ }
+
public List<Long> getIdentityInSecurityGroup(String securityGroupName) {
StringBuilder sb = new StringBuilder(128);
sb.append("select msi.identity.key from ").append(SecurityGroupMembershipImpl.class.getName()).append(" as msi ")
diff --git a/src/main/java/org/olat/user/restapi/RolesVO.java b/src/main/java/org/olat/user/restapi/RolesVO.java
index 63d26ae64cceb3ff4b947ddf5a170fa47d37e1dc..95464b2e1b317d827f12be48180a3590662a4332 100644
--- a/src/main/java/org/olat/user/restapi/RolesVO.java
+++ b/src/main/java/org/olat/user/restapi/RolesVO.java
@@ -58,7 +58,7 @@ public class RolesVO {
author = roles.isAuthor();
guestOnly = roles.isGuestOnly();
institutionalResourceManager = roles.isLearnResourceManager();
- poolAdmin = roles.isPoolAdmin();
+ poolAdmin = roles.isQPoolManager();
curriculumManager = roles.isCurriculumManager();
invitee = roles.isInvitee();
}
diff --git a/src/main/java/org/olat/user/restapi/UserWebService.java b/src/main/java/org/olat/user/restapi/UserWebService.java
index 8b63173b95d85c129d976942f209cc0f352cf1eb..af85759f612e2ca2ed56ad8242293cc2a076b124 100644
--- a/src/main/java/org/olat/user/restapi/UserWebService.java
+++ b/src/main/java/org/olat/user/restapi/UserWebService.java
@@ -77,10 +77,9 @@ import org.olat.core.id.Identity;
import org.olat.core.id.Organisation;
import org.olat.core.id.Preferences;
import org.olat.core.id.Roles;
+import org.olat.core.id.RolesByOrganisation;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
-import org.olat.core.logging.OLog;
-import org.olat.core.logging.Tracing;
import org.olat.core.util.StringHelper;
import org.olat.core.util.Util;
import org.olat.restapi.group.MyGroupWebService;
@@ -98,7 +97,6 @@ import org.olat.user.propertyhandlers.UserPropertyHandler;
@Path("users")
public class UserWebService {
- private static final OLog log = Tracing.createLoggerFor(UserWebService.class);
private static final String VERSION = "1.0";
public static final String PROPERTY_HANDLER_IDENTIFIER = UserWebService.class.getName();
@@ -111,9 +109,9 @@ public class UserWebService {
/**
* The version of the User Web Service
- * @response.representation.200.mediaType text/plain
- * @response.representation.200.doc The version of this specific Web Service
- * @response.representation.200.example 1.0
+ * @response.representation.200.mediaType text/plain
+ * @response.representation.200.doc The version of this specific Web Service
+ * @response.representation.200.example 1.0
* @return The version number
*/
@GET
@@ -181,7 +179,7 @@ public class UserWebService {
}
//retrieve and convert the parameters value
- Map<String,String> userProps = new HashMap<String,String>();
+ Map<String,String> userProps = new HashMap<>();
if(!params.isEmpty()) {
UserManager um = UserManager.getInstance();
Locale locale = getLocale(httpRequest);
@@ -289,9 +287,9 @@ public class UserWebService {
* Retrieves the roles of a user given its unique key identifier
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The user
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param httpRequest The HTTP request
* @return an xml or json representation of a the roles being search.
@@ -300,30 +298,26 @@ public class UserWebService {
@Path("{identityKey}/roles")
@Produces({MediaType.APPLICATION_XML ,MediaType.APPLICATION_JSON})
public Response getRoles(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
- try {
- boolean isUserManager = isUserManager(request);
- if(!isUserManager) {
- return Response.serverError().status(Status.FORBIDDEN).build();
- }
- Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- Roles roles = BaseSecurityManager.getInstance().getRoles(identity);
- return Response.ok(new RolesVO(roles)).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ boolean isUserManager = isUserManager(request);
+ if(!isUserManager) {
+ return Response.serverError().status(Status.FORBIDDEN).build();
+ }
+ Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+
+ Roles roles = BaseSecurityManager.getInstance().getRoles(identity);
+ return Response.ok(new RolesVO(roles)).build();
}
/**
* Update the roles of a user given its unique key identifier
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The user
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param roles The updated roles
* @param httpRequest The HTTP request
@@ -346,11 +340,16 @@ public class UserWebService {
return Response.serverError().status(Status.NOT_FOUND).build();
}
- Roles modRoles = roles.toRoles();
Identity actingIdentity = getIdentity(request);
Organisation defOrganisation = organisationService.getDefaultOrganisation();
- securityManager.updateRoles(actingIdentity, identity, defOrganisation, modRoles);
- return Response.ok(new RolesVO(modRoles)).build();
+ boolean userRole = !roles.isGuestOnly() && !roles.isInvitee();
+ boolean coachRole = false;
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(defOrganisation,
+ roles.isGuestOnly(), roles.isInvitee(), userRole, coachRole,
+ roles.isAuthor(), roles.isGroupManager(), roles.isPoolAdmin(), roles.isCurriculumManager(),
+ roles.isUserManager(), roles.isInstitutionalResourceManager(), roles.isOlatAdmin());
+ securityManager.updateRoles(actingIdentity, identity, modifiedRoles);
+ return Response.ok(new RolesVO(roles.toRoles())).build();
}
/**
@@ -369,22 +368,18 @@ public class UserWebService {
@Path("{identityKey}/status")
@Produces({MediaType.APPLICATION_XML ,MediaType.APPLICATION_JSON})
public Response getStatus(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
- try {
- boolean isUserManager = isUserManager(request);
- if(!isUserManager) {
- return Response.serverError().status(Status.FORBIDDEN).build();
- }
- Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- StatusVO status = new StatusVO();
- status.setStatus(identity.getStatus());
- return Response.ok(status).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ boolean isUserManager = isUserManager(request);
+ if(!isUserManager) {
+ return Response.serverError().status(Status.FORBIDDEN).build();
+ }
+ Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+
+ StatusVO status = new StatusVO();
+ status.setStatus(identity.getStatus());
+ return Response.ok(status).build();
}
/**
@@ -399,9 +394,9 @@ public class UserWebService {
* @response.representation.qname {http://www.example.com}statusVO
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The user
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_ROLESVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param status The status to update
* @param httpRequest The HTTP request
@@ -436,9 +431,9 @@ public class UserWebService {
* Retrieves the preferences of a user given its unique key identifier
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The preferences
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_PREFERENCESVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_PREFERENCESVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param httpRequest The HTTP request
* @return an xml or json representation of a the roles being search.
@@ -465,9 +460,9 @@ public class UserWebService {
* Update the preferences of a user given its unique key identifier
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The user
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_PREFERENCESVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_PREFERENCESVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param preferences The updated preferences
* @param httpRequest The HTTP request
@@ -478,23 +473,19 @@ public class UserWebService {
@Consumes({MediaType.APPLICATION_XML ,MediaType.APPLICATION_JSON})
@Produces({MediaType.APPLICATION_XML ,MediaType.APPLICATION_JSON})
public Response updatePreferences(@PathParam("identityKey") Long identityKey, PreferencesVO preferences, @Context HttpServletRequest request) {
- try {
- boolean isUserManager = isUserManager(request);
- if(!isUserManager) {
- return Response.serverError().status(Status.FORBIDDEN).build();
- }
- Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- Preferences prefs = identity.getUser().getPreferences();
- prefs.setLanguage(preferences.getLanguage());
- UserManager.getInstance().updateUserFromIdentity(identity);
- return Response.ok(new PreferencesVO(prefs)).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ boolean isUserManager = isUserManager(request);
+ if(!isUserManager) {
+ return Response.serverError().status(Status.FORBIDDEN).build();
+ }
+ Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+
+ Preferences prefs = identity.getUser().getPreferences();
+ prefs.setLanguage(preferences.getLanguage());
+ UserManager.getInstance().updateUserFromIdentity(identity);
+ return Response.ok(new PreferencesVO(prefs)).build();
}
@@ -502,9 +493,9 @@ public class UserWebService {
* Retrieves an user given its unique key identifier
* @response.representation.200.mediaType application/xml, application/json
* @response.representation.200.doc The user
- * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVO}
- * @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.200.example {@link org.olat.user.restapi.Examples#SAMPLE_USERVO}
+ * @response.representation.401.doc The roles of the authenticated user are not sufficient
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier of the user being searched
* @param withPortrait If true return the portrait as Base64 (default false)
* @param httpRequest The HTTP request
@@ -517,18 +508,14 @@ public class UserWebService {
@Produces({MediaType.APPLICATION_XML ,MediaType.APPLICATION_JSON})
public Response findById(@PathParam("identityKey") Long identityKey, @QueryParam("withPortrait") @DefaultValue("false") Boolean withPortrait,
@Context HttpServletRequest httpRequest) {
- try {
- Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- boolean isUserManager = isUserManager(httpRequest);
- UserVO userVO = get(identity, null, true, isUserManager, withPortrait);
- return Response.ok(userVO).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+
+ boolean isUserManager = isUserManager(httpRequest);
+ UserVO userVO = get(identity, null, true, isUserManager, withPortrait);
+ return Response.ok(userVO).build();
}
@Path("{identityKey}/folders")
@@ -567,22 +554,18 @@ public class UserWebService {
@Path("{identityKey}/portrait")
@Produces({"image/jpeg","image/jpg",MediaType.APPLICATION_OCTET_STREAM})
public Response getPortraitHead(@PathParam("identityKey") Long identityKey) {
- try {
- IdentityShort identity = BaseSecurityManager.getInstance().loadIdentityShortByKey(identityKey);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- File portrait = DisplayPortraitManager.getInstance().getBigPortrait(identity.getName());
- if(portrait == null || !portrait.exists()) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- Date lastModified = new Date(portrait.lastModified());
- return Response.ok().lastModified(lastModified).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ IdentityShort identity = BaseSecurityManager.getInstance().loadIdentityShortByKey(identityKey);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
+ }
+
+ File portrait = DisplayPortraitManager.getInstance().getBigPortrait(identity.getName());
+ if(portrait == null || !portrait.exists()) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+
+ Date lastModified = new Date(portrait.lastModified());
+ return Response.ok().lastModified(lastModified).build();
}
/**
@@ -597,31 +580,27 @@ public class UserWebService {
@Path("{identityKey}/portrait/{size}")
@Produces({"image/jpeg","image/jpg",MediaType.APPLICATION_OCTET_STREAM})
public Response getOriginalPortraitHead(@PathParam("identityKey") Long identityKey, @PathParam("size") String size) {
- try {
- IdentityShort identity = BaseSecurityManager.getInstance().loadIdentityShortByKey(identityKey);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- DisplayPortraitManager portraitManager = DisplayPortraitManager.getInstance();
-
- File portrait = null;
- if("master".equals(size)) {
- portrait = portraitManager.getMasterPortrait(identity.getName());
- } else if("big".equals(size)) {
- portrait = portraitManager.getBigPortrait(identity.getName());
- } else if("small".equals(size)) {
- portrait = portraitManager.getSmallPortrait(identity.getName());
- }
+ IdentityShort identity = BaseSecurityManager.getInstance().loadIdentityShortByKey(identityKey);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
+ }
+
+ DisplayPortraitManager portraitManager = DisplayPortraitManager.getInstance();
+
+ File portrait = null;
+ if("master".equals(size)) {
+ portrait = portraitManager.getMasterPortrait(identity.getName());
+ } else if("big".equals(size)) {
+ portrait = portraitManager.getBigPortrait(identity.getName());
+ } else if("small".equals(size)) {
+ portrait = portraitManager.getSmallPortrait(identity.getName());
+ }
- if(portrait == null || !portrait.exists()) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
- Date lastModified = new Date(portrait.lastModified());
- return Response.ok().lastModified(lastModified).build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
+ if(portrait == null || !portrait.exists()) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
}
+ Date lastModified = new Date(portrait.lastModified());
+ return Response.ok().lastModified(lastModified).build();
}
/**
@@ -686,7 +665,7 @@ public class UserWebService {
String filename = partsReader.getFilename();
DisplayPortraitManager.getInstance().setPortrait(tmpFile, filename, identity.getName());
return Response.ok().build();
- } catch (Throwable e) {
+ } catch (Exception e) {
throw new WebApplicationException(e);
} finally {
MultipartReader.closeQuietly(partsReader);
@@ -696,7 +675,7 @@ public class UserWebService {
/**
* Deletes the portrait of an user
* @response.representation.200.doc The portrait deleted
- * @response.representation.401.doc Not authorized
+ * @response.representation.401.doc Not authorized
* @param identityKey The identity key identifier of the user being searched
* @param request The REST request
* @return The image
@@ -704,20 +683,16 @@ public class UserWebService {
@DELETE
@Path("{identityKey}/portrait")
public Response deletePortrait(@PathParam("identityKey") Long identityKey, @Context HttpServletRequest request) {
- try {
- Identity authIdentity = getUserRequest(request).getIdentity();
- Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
- if(identity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- } else if(!isUserManager(request) && !identity.equalsByPersistableKey(authIdentity)) {
- return Response.serverError().status(Status.UNAUTHORIZED).build();
- }
-
- DisplayPortraitManager.getInstance().deletePortrait(identity);
- return Response.ok().build();
- } catch (Throwable e) {
- throw new WebApplicationException(e);
- }
+ Identity authIdentity = getUserRequest(request).getIdentity();
+ Identity identity = BaseSecurityManager.getInstance().loadIdentityByKey(identityKey, false);
+ if(identity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
+ } else if(!isUserManager(request) && !identity.equalsByPersistableKey(authIdentity)) {
+ return Response.serverError().status(Status.UNAUTHORIZED).build();
+ }
+
+ DisplayPortraitManager.getInstance().deletePortrait(identity);
+ return Response.ok().build();
}
@Path("{identityKey}/groups")
@@ -755,43 +730,38 @@ public class UserWebService {
@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
public Response update(@PathParam("identityKey") Long identityKey, UserVO user, @Context HttpServletRequest request) {
- try {
- if(user == null) {
- return Response.serverError().status(Status.NO_CONTENT).build();
- }
- if(!isUserManager(request)) {
- return Response.serverError().status(Status.UNAUTHORIZED).build();
- }
+ if(user == null) {
+ return Response.serverError().status(Status.NO_CONTENT).build();
+ }
+ if(!isUserManager(request)) {
+ return Response.serverError().status(Status.UNAUTHORIZED).build();
+ }
- BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
- Identity retrievedIdentity = baseSecurity.loadIdentityByKey(identityKey, false);
- if(retrievedIdentity == null) {
- return Response.serverError().status(Status.NOT_FOUND).build();
- }
-
- User retrievedUser = retrievedIdentity.getUser();
- List<ErrorVO> errors = validateUser(retrievedUser, user, request);
- if(errors.isEmpty()) {
- if(StringHelper.containsNonWhitespace(user.getExternalId())
- && !user.getExternalId().equals(retrievedIdentity.getExternalId())) {
- retrievedIdentity = baseSecurity.setExternalId(retrievedIdentity, user.getExternalId());
- retrievedUser = retrievedIdentity.getUser();
- }
- String oldEmail = retrievedUser.getEmail();
- post(retrievedUser, user, getLocale(request));
- UserManager.getInstance().updateUser(retrievedUser);
- BaseSecurityManager.getInstance().deleteInvalidAuthenticationsByEmail(oldEmail);
- return Response.ok(get(retrievedIdentity, true, true)).build();
+ BaseSecurity baseSecurity = BaseSecurityManager.getInstance();
+ Identity retrievedIdentity = baseSecurity.loadIdentityByKey(identityKey, false);
+ if(retrievedIdentity == null) {
+ return Response.serverError().status(Status.NOT_FOUND).build();
+ }
+
+ User retrievedUser = retrievedIdentity.getUser();
+ List<ErrorVO> errors = validateUser(retrievedUser, user, request);
+ if(errors.isEmpty()) {
+ if(StringHelper.containsNonWhitespace(user.getExternalId())
+ && !user.getExternalId().equals(retrievedIdentity.getExternalId())) {
+ retrievedIdentity = baseSecurity.setExternalId(retrievedIdentity, user.getExternalId());
+ retrievedUser = retrievedIdentity.getUser();
}
-
- //content not ok
- ErrorVO[] errorVos = new ErrorVO[errors.size()];
- errors.toArray(errorVos);
- return Response.ok(errorVos).status(Status.NOT_ACCEPTABLE).build();
- } catch (Exception e) {
- log.error("Error updating an user", e);
- return Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build();
+ String oldEmail = retrievedUser.getEmail();
+ post(retrievedUser, user, getLocale(request));
+ UserManager.getInstance().updateUser(retrievedUser);
+ BaseSecurityManager.getInstance().deleteInvalidAuthenticationsByEmail(oldEmail);
+ return Response.ok(get(retrievedIdentity, true, true)).build();
}
+
+ //content not ok
+ ErrorVO[] errorVos = new ErrorVO[errors.size()];
+ errors.toArray(errorVos);
+ return Response.ok(errorVos).status(Status.NOT_ACCEPTABLE).build();
}
private List<ErrorVO> validateUser(User user, UserVO userVo, HttpServletRequest request) {
@@ -862,7 +832,7 @@ public class UserWebService {
* Delete an user from the system
* @response.representation.200.doc The user is removed from the group
* @response.representation.401.doc The roles of the authenticated user are not sufficient
- * @response.representation.404.doc The identity not found
+ * @response.representation.404.doc The identity not found
* @param identityKey The user key identifier
* @param request The HTTP request
* @return <code>Response</code> object. The operation status (success or fail)
diff --git a/src/test/java/org/olat/basesecurity/BaseSecurityManagerTest.java b/src/test/java/org/olat/basesecurity/BaseSecurityManagerTest.java
index d4b114e41467fb194688c6fff5edd065301ac4c9..269e813afe01d5f5babd7599964631c5b017d299 100644
--- a/src/test/java/org/olat/basesecurity/BaseSecurityManagerTest.java
+++ b/src/test/java/org/olat/basesecurity/BaseSecurityManagerTest.java
@@ -36,6 +36,7 @@ import org.olat.core.commons.services.webdav.manager.WebDAVAuthManager;
import org.olat.core.id.Identity;
import org.olat.core.id.Organisation;
import org.olat.core.id.Roles;
+import org.olat.core.id.RolesByOrganisation;
import org.olat.core.id.User;
import org.olat.core.id.UserConstants;
import org.olat.core.util.Encoder;
@@ -316,8 +317,8 @@ public class BaseSecurityManagerTest extends OlatTestCase {
//update roles
Organisation defOrganisation = organisationService.getDefaultOrganisation();
- Roles modifiedRoles = new Roles(false, true, true, true, true, false, true, true, true, false, false);
- securityManager.updateRoles(id2, id1, defOrganisation, modifiedRoles);
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(defOrganisation, false, false, true, false, true, true, true, true, true, true, true);
+ securityManager.updateRoles(id2, id1, modifiedRoles);
dbInstance.commitAndCloseSession();
//check roles
@@ -329,7 +330,7 @@ public class BaseSecurityManagerTest extends OlatTestCase {
Assert.assertTrue(reloadRoles.isLearnResourceManager());
Assert.assertFalse(reloadRoles.isInvitee());
Assert.assertTrue(reloadRoles.isOLATAdmin());
- Assert.assertTrue(reloadRoles.isPoolAdmin());
+ Assert.assertTrue(reloadRoles.isQPoolManager());
Assert.assertTrue(reloadRoles.isCurriculumManager());
Assert.assertTrue(reloadRoles.isUserManager());
}
@@ -347,8 +348,8 @@ public class BaseSecurityManagerTest extends OlatTestCase {
//update roles
Organisation defOrganisation = organisationService.getDefaultOrganisation();
- Roles modifiedRoles = new Roles(false, false, true, false, true, false, false, false, true, false, false);
- securityManager.updateRoles(id2, id1, defOrganisation, modifiedRoles);
+ RolesByOrganisation modifiedRoles = RolesByOrganisation.roles(defOrganisation, false, false, true, false, true, false, false, true, true, false, false);
+ securityManager.updateRoles(id2, id1, modifiedRoles);
dbInstance.commitAndCloseSession();
//check roles
@@ -360,7 +361,7 @@ public class BaseSecurityManagerTest extends OlatTestCase {
Assert.assertFalse(reloadRoles.isLearnResourceManager());
Assert.assertFalse(reloadRoles.isInvitee());
Assert.assertFalse(reloadRoles.isOLATAdmin());
- Assert.assertFalse(reloadRoles.isPoolAdmin());
+ Assert.assertFalse(reloadRoles.isQPoolManager());
Assert.assertTrue(reloadRoles.isCurriculumManager());
Assert.assertTrue(reloadRoles.isUserManager());
}
@@ -370,16 +371,16 @@ public class BaseSecurityManagerTest extends OlatTestCase {
*/
@Test
public void testUpdateRoles_guest() {
- Identity invitee = JunitTestHelper.createAndPersistIdentityAsUser("invitee-" + UUID.randomUUID().toString());
- Identity user = JunitTestHelper.createAndPersistIdentityAsUser("invitee-" + UUID.randomUUID().toString());
+ Identity invitee = JunitTestHelper.createAndPersistIdentityAsRndUser("invitee-1");
+ Identity user = JunitTestHelper.createAndPersistIdentityAsRndUser("invitee-2");
Roles roles = securityManager.getRoles(invitee);
Assert.assertNotNull(roles);
dbInstance.commitAndCloseSession();
//update roles
Organisation defOrganisation = organisationService.getDefaultOrganisation();
- Roles modifiedRoles = new Roles(true, true, true, true, true, true, false);
- securityManager.updateRoles(user, invitee, defOrganisation, modifiedRoles);
+ RolesByOrganisation modifiedRoles = new RolesByOrganisation(defOrganisation, new OrganisationRoles[] { OrganisationRoles.guest, OrganisationRoles.administrator });
+ securityManager.updateRoles(user, invitee, modifiedRoles);
dbInstance.commitAndCloseSession();
//check roles
diff --git a/src/test/java/org/olat/restapi/UserMgmtTest.java b/src/test/java/org/olat/restapi/UserMgmtTest.java
index f373ce0d31a457b8a686427078a94caaf0ac11d2..44eba95c7054327aa7fed3e33ae642a377a24f43 100644
--- a/src/test/java/org/olat/restapi/UserMgmtTest.java
+++ b/src/test/java/org/olat/restapi/UserMgmtTest.java
@@ -1021,7 +1021,7 @@ public class UserMgmtTest extends OlatJerseyTestCase {
Assert.assertFalse(reloadRoles.isLearnResourceManager());
Assert.assertFalse(reloadRoles.isInvitee());
Assert.assertFalse(reloadRoles.isOLATAdmin());
- Assert.assertFalse(reloadRoles.isPoolAdmin());
+ Assert.assertFalse(reloadRoles.isQPoolManager());
Assert.assertTrue(reloadRoles.isUserManager());
conn.shutdown();
}