Merge pull request #336 from phoenixctms/reject_probandlistmove

restrict moving subject positions
phoenixctms · Dec 10, 2024 · 9b80da1 · 9b80da1
2 parents 84b999c + febb09f
commit 9b80da1
Show file tree

Hide file tree

Showing 28 changed files with 9,444 additions and 8,808 deletions.
diff --git a/common/src/main/java/org/phoenixctms/ctsms/util/AuthorisationExceptionCodes.java b/common/src/main/java/org/phoenixctms/ctsms/util/AuthorisationExceptionCodes.java
@@ -13,8 +13,9 @@ public interface AuthorisationExceptionCodes {
 	public final static String NOT_AUTHENTICATED = "not_authenticated";
 	public static final String PARAMETER_DISJUNCTIVE_RESTRICTION_NOT_SATISFIED = "parameter_disjunctive_restriction_not_satisfied";
 	public static final String PARAMETER_RESTRICTION_VIOLATED = "parameter_restriction_violated";
-	public final static String FILE_NOT_PUBLIC = "file_not_public";
-	public final static String FILE_NOT_ACTIVE = "file_not_active";
-	public final static String HYPERLINK_NOT_ACTIVE = "hyperlink_not_active";
-	public final static String ENCRYPTED_FILE = "encrypted_file";
+	//	public final static String FILE_NOT_PUBLIC = "file_not_public";
+	//	public final static String FILE_NOT_ACTIVE = "file_not_active";
+	//	public final static String ALL_DEPARMTENTS_PERMISSION_REQUIRED = "all_deparmtents_permission_required";
+	//	public final static String HYPERLINK_NOT_ACTIVE = "hyperlink_not_active";
+	//public final static String ENCRYPTED_FILE = "encrypted_file";
 }
diff --git a/common/src/main/java/org/phoenixctms/ctsms/util/ServiceExceptionCodes.java b/common/src/main/java/org/phoenixctms/ctsms/util/ServiceExceptionCodes.java
@@ -835,4 +835,9 @@ public interface ServiceExceptionCodes {
 	public static final String JOB_INVALID_EMAIL_RECIPIENTS = "job_invalid_email_recipients";
 	public static final String JOB_ALREADY_EXISTS = "job_already_exists";
 	public static final String VISIT_ID_NOT_NULL = "visit_id_not_null";
+	public final static String FILE_NOT_PUBLIC = "file_not_public";
+	public final static String FILE_NOT_ACTIVE = "file_not_active";
+	public final static String ALL_DEPARMTENTS_PERMISSION_REQUIRED = "all_deparmtents_permission_required";
+	public final static String HYPERLINK_NOT_ACTIVE = "hyperlink_not_active";
+	public final static String ENCRYPTED_FILE = "encrypted_file";
 }
diff --git a/core/src/main/java/org/phoenixctms/ctsms/adapt/MoveAdapter.java b/core/src/main/java/org/phoenixctms/ctsms/adapt/MoveAdapter.java
@@ -17,6 +17,9 @@ public abstract class MoveAdapter<ROOT, LISTITEM, LISTITEMVO> {
 	protected MoveAdapter() {
 	}
 
+	protected void reset() {
+	}
+
 	protected abstract ROOT aquireWriteLock(Long rootId) throws ServiceException;
 
 	protected abstract void checkItem(LISTITEM groupItem) throws ServiceException;
@@ -55,6 +58,7 @@ protected abstract void logUpdatedPositionsSystemMessage(ROOT root, PositionMove
 			throws Exception;
 
 	public LISTITEMVO move(Long itemId, PositionMovement movement) throws Exception {
+		reset();
 		LISTITEM item = checkItemId(itemId);
 		checkItem(item);
 		ROOT root = aquireWriteLock(getRootId(getRoot(item)));
@@ -146,6 +150,7 @@ public LISTITEMVO move(Long itemId, PositionMovement movement) throws Exception
 	}
 
 	public ArrayList<LISTITEMVO> moveTo(Long itemId, long targetPosition) throws Exception {
+		reset();
 		LISTITEM item = checkItemId(itemId);
 		checkItem(item);
 		ROOT root = aquireWriteLock(getRootId(getRoot(item)));
@@ -251,6 +256,7 @@ public ArrayList<LISTITEMVO> moveTo(Long itemId, long targetPosition) throws Exc
 	}
 
 	protected ArrayList<LISTITEMVO> normalizePositions(LISTITEM groupItem, ROOT root) throws Exception {
+		reset();
 		checkRoot(root);
 		Timestamp now = new Timestamp(System.currentTimeMillis());
 		User user = CoreUtil.getUser();

diff --git a/core/src/main/java/org/phoenixctms/ctsms/adapt/ProbandListEntryMoveAdapter.java b/core/src/main/java/org/phoenixctms/ctsms/adapt/ProbandListEntryMoveAdapter.java
@@ -3,20 +3,27 @@
 import java.sql.Timestamp;
 import java.text.MessageFormat;
 import java.util.ArrayList;
+import java.util.HashSet;
 
 import org.hibernate.LockMode;
+import org.phoenixctms.ctsms.domain.Department;
 import org.phoenixctms.ctsms.domain.JournalEntryDao;
 import org.phoenixctms.ctsms.domain.ProbandListEntry;
 import org.phoenixctms.ctsms.domain.ProbandListEntryDao;
 import org.phoenixctms.ctsms.domain.Trial;
 import org.phoenixctms.ctsms.domain.TrialDao;
 import org.phoenixctms.ctsms.domain.User;
+import org.phoenixctms.ctsms.domain.UserPermissionProfileDao;
 import org.phoenixctms.ctsms.enumeration.JournalModule;
+import org.phoenixctms.ctsms.enumeration.PermissionProfile;
+import org.phoenixctms.ctsms.enumeration.PermissionProfileGroup;
 import org.phoenixctms.ctsms.enumeration.PositionMovement;
 import org.phoenixctms.ctsms.exception.ServiceException;
 import org.phoenixctms.ctsms.util.CheckIDUtil;
 import org.phoenixctms.ctsms.util.CommonUtil;
 import org.phoenixctms.ctsms.util.CoreUtil;
+import org.phoenixctms.ctsms.util.L10nUtil;
+import org.phoenixctms.ctsms.util.ServiceExceptionCodes;
 import org.phoenixctms.ctsms.util.ServiceUtil;
 import org.phoenixctms.ctsms.util.SystemMessageCodes;
 import org.phoenixctms.ctsms.vo.ProbandListEntryOutVO;
@@ -26,13 +33,23 @@ public class ProbandListEntryMoveAdapter extends MoveAdapter<Trial, ProbandListE
 	private TrialDao trialDao;
 	private ProbandListEntryDao probandListEntryDao;
 	private JournalEntryDao journalEntryDao;
+	private UserPermissionProfileDao userPermissionProfileDao;
 	private static final String ENUMERATED_PROBAND_LIST_ENTRY_NAME = "{0}. {1}";
+	private HashSet<Department> departments;
 
-	public ProbandListEntryMoveAdapter(JournalEntryDao journalEntryDao, ProbandListEntryDao probandListEntryDao, TrialDao trialDao) {
+	public ProbandListEntryMoveAdapter(UserPermissionProfileDao userPermissionProfileDao, JournalEntryDao journalEntryDao, ProbandListEntryDao probandListEntryDao,
+			TrialDao trialDao) {
 		super();
+		this.userPermissionProfileDao = userPermissionProfileDao;
 		this.journalEntryDao = journalEntryDao;
 		this.probandListEntryDao = probandListEntryDao;
 		this.trialDao = trialDao;
+		departments = new HashSet<Department>();
+	}
+
+	@Override
+	protected void reset() {
+		departments.clear();
 	}
 
 	@Override
@@ -58,6 +75,13 @@ protected void checkRoot(Trial root) throws ServiceException {
 
 	@Override
 	protected void daoUpdate(ProbandListEntry item) throws Exception {
+		if (departments.add(item.getProband().getDepartment())
+				&& departments.size() > 1
+				&& !ServiceUtil.hasInheritedPermissionProfile(CoreUtil.getUser(), PermissionProfileGroup.PROBAND, userPermissionProfileDao,
+						PermissionProfile.PROBAND_MASTER_ALL_DEPARTMENTS,
+						PermissionProfile.PROBAND_DETAIL_ALL_DEPARTMENTS)) {
+			throw L10nUtil.initServiceException(ServiceExceptionCodes.ALL_DEPARMTENTS_PERMISSION_REQUIRED);
+		}
 		probandListEntryDao.update(item);
 	}
 

diff --git a/core/src/main/java/org/phoenixctms/ctsms/js/FieldCalculation.java b/core/src/main/java/org/phoenixctms/ctsms/js/FieldCalculation.java
@@ -15,13 +15,13 @@
 import org.openjdk.nashorn.api.scripting.JSObject;
 import org.phoenixctms.ctsms.domain.File;
 import org.phoenixctms.ctsms.domain.FileDao;
-import org.phoenixctms.ctsms.util.AuthorisationExceptionCodes;
 import org.phoenixctms.ctsms.util.CheckIDUtil;
 import org.phoenixctms.ctsms.util.CommonUtil;
 import org.phoenixctms.ctsms.util.CoreUtil;
 import org.phoenixctms.ctsms.util.DefaultSettings;
 import org.phoenixctms.ctsms.util.L10nUtil;
 import org.phoenixctms.ctsms.util.L10nUtil.Locales;
+import org.phoenixctms.ctsms.util.ServiceExceptionCodes;
 import org.phoenixctms.ctsms.util.SettingCodes;
 import org.phoenixctms.ctsms.util.Settings;
 import org.phoenixctms.ctsms.util.Settings.Bundle;
@@ -217,10 +217,10 @@ public ArrayList<ValidationError> updateInputFieldVariables() throws ScriptExcep
 	public String getScript(String resource, Long fileId) throws Exception {
 		File file = CheckIDUtil.checkFileId(fileId, fileDao);
 		if (CommonUtil.getUseFileEncryption(file.getModule())) {
-			throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.ENCRYPTED_FILE, fileId.toString());
+			throw L10nUtil.initServiceException(ServiceExceptionCodes.ENCRYPTED_FILE, fileId.toString());
 		}
 		if (!file.isPublicFile()) {
-			throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_PUBLIC, fileId.toString());
+			throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_PUBLIC, fileId.toString());
 		}
 		FileContentOutVO result = fileDao.toFileContentOutVO(file);
 		return new String(result.getDatas(), SCRIPT_CHARSET);

diff --git a/core/src/main/java/org/phoenixctms/ctsms/service/shared/FileServiceImpl.java b/core/src/main/java/org/phoenixctms/ctsms/service/shared/FileServiceImpl.java
@@ -45,13 +45,11 @@
 import org.phoenixctms.ctsms.enumeration.FileModule;
 import org.phoenixctms.ctsms.enumeration.PermissionProfile;
 import org.phoenixctms.ctsms.enumeration.PermissionProfileGroup;
-import org.phoenixctms.ctsms.exception.AuthorisationException;
 import org.phoenixctms.ctsms.exception.ServiceException;
 import org.phoenixctms.ctsms.pdf.PDFMerger;
 import org.phoenixctms.ctsms.security.CipherStream;
 import org.phoenixctms.ctsms.security.CipherText;
 import org.phoenixctms.ctsms.security.CryptoUtil;
-import org.phoenixctms.ctsms.util.AuthorisationExceptionCodes;
 import org.phoenixctms.ctsms.util.CheckIDUtil;
 import org.phoenixctms.ctsms.util.CommonUtil;
 import org.phoenixctms.ctsms.util.CoreUtil;
@@ -324,7 +322,7 @@ private void checkMimeType(String mimeType, FileModule module) throws ServiceExc
 		}
 	}
 
-	private void checkActivePermission(File file) throws AuthorisationException {
+	private void checkActivePermission(File file) throws ServiceException {
 		//if (!file.isActive()) {
 		User user = CoreUtil.getUser();
 		//!file.getDepartments().contains(user.getDepartment()
@@ -337,7 +335,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.INVENTORY_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.INVENTORY_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;
@@ -347,7 +345,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.STAFF_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.STAFF_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;
@@ -357,7 +355,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.COURSE_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.COURSE_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;
@@ -367,7 +365,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.TRIAL_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.TRIAL_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;
@@ -377,7 +375,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.PROBAND_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.PROBAND_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;
@@ -387,7 +385,7 @@ private void checkActivePermission(File file) throws AuthorisationException {
 							PermissionProfile.MASS_MAIL_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.MASS_MAIL_VIEW_ALL_DEPARTMENTS)) {
 						if (!file.isActive() || !file.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_ACTIVE, file.getId().toString());
 						}
 					}
 					break;

diff --git a/core/src/main/java/org/phoenixctms/ctsms/service/shared/HyperlinkServiceImpl.java b/core/src/main/java/org/phoenixctms/ctsms/service/shared/HyperlinkServiceImpl.java
@@ -31,9 +31,7 @@
 import org.phoenixctms.ctsms.enumeration.JournalModule;
 import org.phoenixctms.ctsms.enumeration.PermissionProfile;
 import org.phoenixctms.ctsms.enumeration.PermissionProfileGroup;
-import org.phoenixctms.ctsms.exception.AuthorisationException;
 import org.phoenixctms.ctsms.exception.ServiceException;
-import org.phoenixctms.ctsms.util.AuthorisationExceptionCodes;
 import org.phoenixctms.ctsms.util.CheckIDUtil;
 import org.phoenixctms.ctsms.util.CommonUtil;
 import org.phoenixctms.ctsms.util.CoreUtil;
@@ -164,7 +162,7 @@ private void checkHyperlinkModuleId(HyperlinkModule module, Long id) throws Serv
 		}
 	}
 
-	private void checkActivePermission(Hyperlink hyperlink) throws AuthorisationException {
+	private void checkActivePermission(Hyperlink hyperlink) throws ServiceException {
 		//if (!hyperlink.isActive()) {
 		User user = CoreUtil.getUser();
 		if (!user.equals(hyperlink.getModifiedUser())) {
@@ -176,7 +174,7 @@ private void checkActivePermission(Hyperlink hyperlink) throws AuthorisationExce
 							PermissionProfile.INVENTORY_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.INVENTORY_VIEW_ALL_DEPARTMENTS)) {
 						if (!hyperlink.isActive() || !hyperlink.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
 						}
 					}
 					break;
@@ -186,7 +184,7 @@ private void checkActivePermission(Hyperlink hyperlink) throws AuthorisationExce
 							PermissionProfile.STAFF_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.STAFF_VIEW_ALL_DEPARTMENTS)) {
 						if (!hyperlink.isActive() || !hyperlink.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
 						}
 					}
 					break;
@@ -196,7 +194,7 @@ private void checkActivePermission(Hyperlink hyperlink) throws AuthorisationExce
 							PermissionProfile.COURSE_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.COURSE_VIEW_ALL_DEPARTMENTS)) {
 						if (!hyperlink.isActive() || !hyperlink.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
 						}
 					}
 					break;
@@ -206,7 +204,7 @@ private void checkActivePermission(Hyperlink hyperlink) throws AuthorisationExce
 							PermissionProfile.TRIAL_DETAIL_ALL_DEPARTMENTS,
 							PermissionProfile.TRIAL_VIEW_ALL_DEPARTMENTS)) {
 						if (!hyperlink.isActive() || !hyperlink.getDepartments().contains(user.getDepartment())) {
-							throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
+							throw L10nUtil.initServiceException(ServiceExceptionCodes.HYPERLINK_NOT_ACTIVE, hyperlink.getId().toString());
 						}
 					}
 					break;

diff --git a/core/src/main/java/org/phoenixctms/ctsms/service/shared/ToolsServiceImpl.java b/core/src/main/java/org/phoenixctms/ctsms/service/shared/ToolsServiceImpl.java
@@ -98,7 +98,6 @@
 import org.phoenixctms.ctsms.security.CryptoUtil;
 import org.phoenixctms.ctsms.security.PasswordPolicy;
 import org.phoenixctms.ctsms.security.otp.OTPAuthenticator;
-import org.phoenixctms.ctsms.util.AuthorisationExceptionCodes;
 import org.phoenixctms.ctsms.util.CheckIDUtil;
 import org.phoenixctms.ctsms.util.CommonUtil;
 import org.phoenixctms.ctsms.util.Compile;
@@ -992,10 +991,10 @@ protected FileStreamOutVO handleGetPublicFileStream(Long fileId)
 		FileDao fileDao = this.getFileDao();
 		File file = CheckIDUtil.checkFileId(fileId, fileDao);
 		if (CommonUtil.getUseFileEncryption(file.getModule())) {
-			throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.ENCRYPTED_FILE, fileId.toString());
+			throw L10nUtil.initServiceException(ServiceExceptionCodes.ENCRYPTED_FILE, fileId.toString());
 		}
 		if (!file.isPublicFile()) {
-			throw L10nUtil.initAuthorisationException(AuthorisationExceptionCodes.FILE_NOT_PUBLIC, fileId.toString());
+			throw L10nUtil.initServiceException(ServiceExceptionCodes.FILE_NOT_PUBLIC, fileId.toString());
 		}
 		FileStreamOutVO result = fileDao.toFileStreamOutVO(file);
 		return result;

diff --git a/core/src/main/java/org/phoenixctms/ctsms/service/trial/TrialServiceImpl.java b/core/src/main/java/org/phoenixctms/ctsms/service/trial/TrialServiceImpl.java
@@ -7450,7 +7450,8 @@ protected Collection<InquiryOutVO> handleMoveInquiryTo(
 	protected ProbandListEntryOutVO handleMoveProbandListEntry(
 			AuthenticationVO auth, Long probandListEntryId, PositionMovement movement)
 			throws Exception {
-		return (new ProbandListEntryMoveAdapter(this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao())).move(probandListEntryId,
+		return (new ProbandListEntryMoveAdapter(this.getUserPermissionProfileDao(), this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao())).move(
+				probandListEntryId,
 				movement);
 	}
 
@@ -7472,7 +7473,8 @@ protected Collection<ProbandListEntryTagOutVO> handleMoveProbandListEntryTagTo(
 	protected Collection<ProbandListEntryOutVO> handleMoveProbandListEntryTo(
 			AuthenticationVO auth, Long probandListEntryId, Long targetPosition)
 			throws Exception {
-		return (new ProbandListEntryMoveAdapter(this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao())).moveTo(probandListEntryId,
+		return (new ProbandListEntryMoveAdapter(this.getUserPermissionProfileDao(), this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao())).moveTo(
+				probandListEntryId,
 				targetPosition);
 	}
 
@@ -7491,7 +7493,8 @@ protected Collection<InquiryOutVO> handleNormalizeInquiryPositions(
 	@Override
 	protected Collection<ProbandListEntryOutVO> handleNormalizeProbandListEntryPositions(
 			AuthenticationVO auth, Long trialId) throws Exception {
-		return (new ProbandListEntryMoveAdapter(this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao())).normalizePositions(trialId);
+		return (new ProbandListEntryMoveAdapter(this.getUserPermissionProfileDao(), this.getJournalEntryDao(), this.getProbandListEntryDao(), this.getTrialDao()))
+				.normalizePositions(trialId);
 	}
 
 	@Override

diff --git a/core/src/main/resources/ctsms-authorisationexceptionmessages.properties b/core/src/main/resources/ctsms-authorisationexceptionmessages.properties
@@ -13,8 +13,6 @@ criteria_modified_different_property=not allowed to perform unsaved query - prop
 no_host=not allowed to perform operation {0} - host address unknown
 host_not_allowed_or_unknown_host=not allowed to perform operation {0} from host address {1}
 
-file_not_public=file ID {0} is not exposed to the internet
-file_not_active=file ID {0} is not approved
-hyperlink_not_active=hyperlink ID {0} is not approved
 
-encrypted_file=file ID {0} is encrypted
+
+
diff --git a/core/src/main/resources/ctsms-authorisationexceptionmessages_de.properties b/core/src/main/resources/ctsms-authorisationexceptionmessages_de.properties
@@ -13,8 +13,5 @@ criteria_modified_different_property=Ausf\u00FChrung nicht gespeicherter Abfrage
 no_host=Ausf\u00FChrung der Operation {0} nicht erlaubt - Host-Adresse nicht bekannt
 host_not_allowed_or_unknown_host=Ausf\u00FChrung der Operation {0} von Host-Adresse {1} nicht erlaubt
 
-file_not_public=Datei ID {0} ist nicht im Internet abrufbar
-file_not_active=Datei ID {0} ist nicht freigegeben
-hyperlink_not_active=Hyperlink ID {0} ist nicht freigegeben
 
-encrypted_file=Datei ID {0} ist verschl\u00FCsselt
+
diff --git a/core/src/main/resources/ctsms-serviceexceptionmessages.properties b/core/src/main/resources/ctsms-serviceexceptionmessages.properties
@@ -982,4 +982,12 @@ job_email_recipients_not_null=no email address(es) required
 job_invalid_email_recipients=invalid email address(es): {1}
 job_already_exists=repeating job ''{0}'' already exists
 
-visit_id_not_null=visit ID must be null
+visit_id_not_null=visit ID must be null
+
+file_not_public=file ID {0} is not exposed to the internet
+file_not_active=file ID {0} is not approved
+hyperlink_not_active=hyperlink ID {0} is not approved
+
+all_deparmtents_permission_required=permission for all sites required
+
+encrypted_file=file ID {0} is encrypted