Example 1 with SystemDefaultMetadataObject
use of org.hisp.dhis.common.SystemDefaultMetadataObject in project dhis2-core by dhis2.
the class DefaultSharingService method saveSharing.
@Override
public <T extends IdentifiableObject> ObjectReport saveSharing(@NotNull Class<T> entityClass, @NotNull T entity, @NotNull Sharing sharing) {
ObjectReport objectReport = new ObjectReport(Sharing.class, 0);
BaseIdentifiableObject object = (BaseIdentifiableObject) entity;
if ((object instanceof SystemDefaultMetadataObject) && ((SystemDefaultMetadataObject) object).isDefault()) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3013, entityClass.getSimpleName()).setErrorKlass(entityClass));
}
User user = currentUserService.getCurrentUser();
if (!aclService.canManage(user, object)) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3014).setErrorKlass(entityClass));
}
if (!AccessStringHelper.isValid(sharing.getPublicAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3015, sharing.getPublicAccess()).setErrorKlass(entityClass));
}
if (aclService.canMakeClassExternal(user, entityClass)) {
object.getSharing().setExternal(sharing.isExternal());
}
// ---------------------------------------------------------------------
// Ignore publicAccess if user is not allowed to make objects public
// ---------------------------------------------------------------------
Schema schema = schemaService.getDynamicSchema(entityClass);
if (aclService.canMakePublic(user, object)) {
object.setPublicAccess(sharing.getPublicAccess());
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(object.getSharing().getPublicAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3016).setErrorKlass(entityClass));
}
}
object.getSharing().setOwner(sharing.getOwner());
// --------------------------------------
// Handle UserGroupAccesses
// --------------------------------------
object.getSharing().getUserGroups().clear();
if (sharing.hasUserGroupAccesses()) {
for (UserGroupAccess sharingUserGroupAccess : sharing.getUserGroups().values()) {
if (!AccessStringHelper.isValid(sharingUserGroupAccess.getAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3017, sharingUserGroupAccess.getAccess()).setErrorKlass(entityClass));
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(sharingUserGroupAccess.getAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3016).setErrorKlass(entityClass));
}
}
UserGroup userGroup = userGroupService.getUserGroup(sharingUserGroupAccess.getId());
if (userGroup != null) {
object.getSharing().addUserGroupAccess(sharingUserGroupAccess);
}
}
}
// --------------------------------------
// Handle UserAccesses
// --------------------------------------
object.getSharing().getUsers().clear();
if (sharing.hasUserAccesses()) {
for (UserAccess sharingUserAccess : sharing.getUsers().values()) {
if (!AccessStringHelper.isValid(sharingUserAccess.getAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3018, sharingUserAccess.getAccess()).setErrorKlass(entityClass));
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(sharingUserAccess.getAccess())) {
objectReport.addErrorReport(new ErrorReport(Sharing.class, ErrorCode.E3016).setErrorKlass(entityClass));
}
}
User sharingUser = userService.getUser(sharingUserAccess.getId());
if (sharingUser != null) {
object.getSharing().addUserAccess(sharingUserAccess);
}
}
}
manager.updateNoAcl(object);
if (Program.class.isInstance(object)) {
syncSharingForEventProgram((Program) object);
}
log.info(sharingToString(object));
return objectReport;
}
Also used :
ErrorReport(org.hisp.dhis.feedback.ErrorReport)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
User(org.hisp.dhis.user.User)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
Schema(org.hisp.dhis.schema.Schema)
ObjectReport(org.hisp.dhis.feedback.ObjectReport)
SystemDefaultMetadataObject(org.hisp.dhis.common.SystemDefaultMetadataObject)
UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess)
UserGroup(org.hisp.dhis.user.UserGroup)
Example 2 with SystemDefaultMetadataObject
use of org.hisp.dhis.common.SystemDefaultMetadataObject in project dhis2-core by dhis2.
the class SharingController method postSharing.
@PostMapping(consumes = APPLICATION_JSON_VALUE)
@ResponseBody
public WebMessage postSharing(@RequestParam String type, @RequestParam String id, HttpServletRequest request) throws Exception {
Class<? extends IdentifiableObject> sharingClass = aclService.classForType(type);
if (sharingClass == null || !aclService.isClassShareable(sharingClass)) {
return conflict("Type " + type + " is not supported.");
}
BaseIdentifiableObject object = (BaseIdentifiableObject) manager.getNoAcl(sharingClass, id);
if (object == null) {
return notFound("Object of type " + type + " with ID " + id + " was not found.");
}
if ((object instanceof SystemDefaultMetadataObject) && ((SystemDefaultMetadataObject) object).isDefault()) {
return conflict("Sharing settings of system default metadata object of type " + type + " cannot be modified.");
}
User user = currentUserService.getCurrentUser();
if (!aclService.canManage(user, object)) {
throw new AccessDeniedException("You do not have manage access to this object.");
}
Sharing sharing = renderService.fromJson(request.getInputStream(), Sharing.class);
if (!AccessStringHelper.isValid(sharing.getObject().getPublicAccess())) {
return conflict("Invalid public access string: " + sharing.getObject().getPublicAccess());
}
if (aclService.canMakeExternal(user, object)) {
object.setExternalAccess(sharing.getObject().hasExternalAccess());
}
// ---------------------------------------------------------------------
// Ignore publicAccess if user is not allowed to make objects public
// ---------------------------------------------------------------------
Schema schema = schemaService.getDynamicSchema(sharingClass);
if (aclService.canMakePublic(user, object)) {
object.setPublicAccess(sharing.getObject().getPublicAccess());
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(object.getSharing().getPublicAccess())) {
object.getSharing().setPublicAccess(AccessStringHelper.disableDataSharing(object.getSharing().getPublicAccess()));
}
}
if (object.getCreatedBy() == null) {
object.setCreatedBy(user);
}
object.getSharing().getUserGroups().clear();
for (SharingUserGroupAccess sharingUserGroupAccess : sharing.getObject().getUserGroupAccesses()) {
UserGroupAccess userGroupAccess = new UserGroupAccess();
if (!AccessStringHelper.isValid(sharingUserGroupAccess.getAccess())) {
return conflict("Invalid user group access string: " + sharingUserGroupAccess.getAccess());
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(sharingUserGroupAccess.getAccess())) {
sharingUserGroupAccess.setAccess(AccessStringHelper.disableDataSharing(sharingUserGroupAccess.getAccess()));
}
}
userGroupAccess.setAccess(sharingUserGroupAccess.getAccess());
UserGroup userGroup = manager.get(UserGroup.class, sharingUserGroupAccess.getId());
if (userGroup != null) {
userGroupAccess.setUserGroup(userGroup);
object.getSharing().addUserGroupAccess(userGroupAccess);
}
}
object.getSharing().getUsers().clear();
for (SharingUserAccess sharingUserAccess : sharing.getObject().getUserAccesses()) {
UserAccess userAccess = new UserAccess();
if (!AccessStringHelper.isValid(sharingUserAccess.getAccess())) {
return conflict("Invalid user access string: " + sharingUserAccess.getAccess());
}
if (!schema.isDataShareable()) {
if (AccessStringHelper.hasDataSharing(sharingUserAccess.getAccess())) {
sharingUserAccess.setAccess(AccessStringHelper.disableDataSharing(sharingUserAccess.getAccess()));
}
}
userAccess.setAccess(sharingUserAccess.getAccess());
User sharingUser = manager.get(User.class, sharingUserAccess.getId());
if (sharingUser != null) {
userAccess.setUser(sharingUser);
object.getSharing().addUserAccess(userAccess);
}
}
manager.updateNoAcl(object);
if (Program.class.isInstance(object)) {
syncSharingForEventProgram((Program) object);
}
log.info(sharingToString(object));
return ok("Access control set");
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
User(org.hisp.dhis.user.User)
Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing)
UserAccess(org.hisp.dhis.user.sharing.UserAccess)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
Schema(org.hisp.dhis.schema.Schema)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
SystemDefaultMetadataObject(org.hisp.dhis.common.SystemDefaultMetadataObject)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
UserGroupAccess(org.hisp.dhis.user.sharing.UserGroupAccess)
UserGroup(org.hisp.dhis.user.UserGroup)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Aggregations
BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)2
SystemDefaultMetadataObject (org.hisp.dhis.common.SystemDefaultMetadataObject)2
Schema (org.hisp.dhis.schema.Schema)2
User (org.hisp.dhis.user.User)2
UserGroup (org.hisp.dhis.user.UserGroup)2
UserAccess (org.hisp.dhis.user.sharing.UserAccess)2
UserGroupAccess (org.hisp.dhis.user.sharing.UserGroupAccess)2
ErrorReport (org.hisp.dhis.feedback.ErrorReport)1
ObjectReport (org.hisp.dhis.feedback.ObjectReport)1
Sharing (org.hisp.dhis.webapi.webdomain.sharing.Sharing)1
SharingUserAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)1
SharingUserGroupAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)1
AccessDeniedException (org.springframework.security.access.AccessDeniedException)1
PostMapping (org.springframework.web.bind.annotation.PostMapping)1
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)1
