use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.
the class HibernateGenericStore method save.
@Override
public void save(T object, User user, boolean clearSharing) {
String username = user != null ? user.getUsername() : "system-process";
if (IdentifiableObject.class.isAssignableFrom(object.getClass())) {
BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
identifiableObject.setAutoFields();
identifiableObject.setLastUpdatedBy(user);
if (clearSharing) {
identifiableObject.setPublicAccess(AccessStringHelper.DEFAULT);
if (identifiableObject.getUserGroupAccesses() != null) {
identifiableObject.getUserGroupAccesses().clear();
}
if (identifiableObject.getUserAccesses() != null) {
identifiableObject.getUserAccesses().clear();
}
}
if (identifiableObject.getUser() == null) {
identifiableObject.setUser(user);
}
}
if (user != null && aclService.isShareable(clazz)) {
BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
if (clearSharing) {
if (aclService.canMakePublic(user, identifiableObject.getClass())) {
if (aclService.defaultPublic(identifiableObject.getClass())) {
identifiableObject.setPublicAccess(AccessStringHelper.READ_WRITE);
}
} else if (aclService.canMakePrivate(user, identifiableObject.getClass())) {
identifiableObject.setPublicAccess(AccessStringHelper.newInstance().build());
}
}
if (!checkPublicAccess(user, identifiableObject)) {
AuditLogUtil.infoWrapper(log, username, object, AuditLogUtil.ACTION_CREATE_DENIED);
throw new CreateAccessDeniedException(object.toString());
}
}
AuditLogUtil.infoWrapper(log, username, object, AuditLogUtil.ACTION_CREATE);
getSession().save(object);
if (MetadataObject.class.isInstance(object)) {
deletedObjectService.deleteDeletedObjects(new DeletedObjectQuery((IdentifiableObject) object));
}
}
use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method postXmlObject.
@RequestMapping(method = RequestMethod.POST, consumes = { "application/xml", "text/xml" })
public void postXmlObject(HttpServletRequest request, HttpServletResponse response) throws Exception {
User user = currentUserService.getCurrentUser();
if (!aclService.canCreate(user, getEntityClass())) {
throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
}
T parsed = deserializeXmlEntity(request, response);
parsed.getTranslations().clear();
preCreateEntity(parsed);
MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(parsed);
ImportReport importReport = importService.importMetadata(params);
ObjectReport objectReport = getObjectReport(importReport);
WebMessage webMessage = WebMessageUtils.objectReport(objectReport);
if (objectReport != null && webMessage.getStatus() == Status.OK) {
String location = contextService.getApiPath() + getSchema().getRelativeApiEndpoint() + "/" + objectReport.getUid();
webMessage.setHttpStatus(HttpStatus.CREATED);
response.setHeader(ContextUtils.HEADER_LOCATION, location);
T entity = manager.get(getEntityClass(), objectReport.getUid());
postCreateEntity(entity);
} else {
webMessage.setStatus(Status.ERROR);
}
webMessageService.send(webMessage, response, request);
}
use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method postJsonObject.
//--------------------------------------------------------------------------
// POST
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
public void postJsonObject(HttpServletRequest request, HttpServletResponse response) throws Exception {
User user = currentUserService.getCurrentUser();
if (!aclService.canCreate(user, getEntityClass())) {
throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
}
T parsed = deserializeJsonEntity(request, response);
parsed.getTranslations().clear();
preCreateEntity(parsed);
MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(parsed);
ImportReport importReport = importService.importMetadata(params);
ObjectReport objectReport = getObjectReport(importReport);
WebMessage webMessage = WebMessageUtils.objectReport(objectReport);
if (objectReport != null && webMessage.getStatus() == Status.OK) {
String location = contextService.getApiPath() + getSchema().getRelativeApiEndpoint() + "/" + objectReport.getUid();
webMessage.setHttpStatus(HttpStatus.CREATED);
response.setHeader(ContextUtils.HEADER_LOCATION, location);
T entity = manager.get(getEntityClass(), objectReport.getUid());
postCreateEntity(entity);
} else {
webMessage.setStatus(Status.ERROR);
}
webMessageService.send(webMessage, response, request);
}
Aggregations