Search in sources :

Example 1 with CreateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.

the class HibernateGenericStore method save.

@Override
public void save(T object, User user, boolean clearSharing) {
    String username = user != null ? user.getUsername() : "system-process";
    if (IdentifiableObject.class.isAssignableFrom(object.getClass())) {
        BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
        identifiableObject.setAutoFields();
        identifiableObject.setLastUpdatedBy(user);
        if (clearSharing) {
            identifiableObject.setPublicAccess(AccessStringHelper.DEFAULT);
            if (identifiableObject.getUserGroupAccesses() != null) {
                identifiableObject.getUserGroupAccesses().clear();
            }
            if (identifiableObject.getUserAccesses() != null) {
                identifiableObject.getUserAccesses().clear();
            }
        }
        if (identifiableObject.getUser() == null) {
            identifiableObject.setUser(user);
        }
    }
    if (user != null && aclService.isShareable(clazz)) {
        BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
        if (clearSharing) {
            if (aclService.canMakePublic(user, identifiableObject.getClass())) {
                if (aclService.defaultPublic(identifiableObject.getClass())) {
                    identifiableObject.setPublicAccess(AccessStringHelper.READ_WRITE);
                }
            } else if (aclService.canMakePrivate(user, identifiableObject.getClass())) {
                identifiableObject.setPublicAccess(AccessStringHelper.newInstance().build());
            }
        }
        if (!checkPublicAccess(user, identifiableObject)) {
            AuditLogUtil.infoWrapper(log, username, object, AuditLogUtil.ACTION_CREATE_DENIED);
            throw new CreateAccessDeniedException(object.toString());
        }
    }
    AuditLogUtil.infoWrapper(log, username, object, AuditLogUtil.ACTION_CREATE);
    getSession().save(object);
    if (MetadataObject.class.isInstance(object)) {
        deletedObjectService.deleteDeletedObjects(new DeletedObjectQuery((IdentifiableObject) object));
    }
}
Also used : BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) DeletedObjectQuery(org.hisp.dhis.deletedobject.DeletedObjectQuery) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)

Example 2 with CreateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method postXmlObject.

@RequestMapping(method = RequestMethod.POST, consumes = { "application/xml", "text/xml" })
public void postXmlObject(HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!aclService.canCreate(user, getEntityClass())) {
        throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
    }
    T parsed = deserializeXmlEntity(request, response);
    parsed.getTranslations().clear();
    preCreateEntity(parsed);
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(parsed);
    ImportReport importReport = importService.importMetadata(params);
    ObjectReport objectReport = getObjectReport(importReport);
    WebMessage webMessage = WebMessageUtils.objectReport(objectReport);
    if (objectReport != null && webMessage.getStatus() == Status.OK) {
        String location = contextService.getApiPath() + getSchema().getRelativeApiEndpoint() + "/" + objectReport.getUid();
        webMessage.setHttpStatus(HttpStatus.CREATED);
        response.setHeader(ContextUtils.HEADER_LOCATION, location);
        T entity = manager.get(getEntityClass(), objectReport.getUid());
        postCreateEntity(entity);
    } else {
        webMessage.setStatus(Status.ERROR);
    }
    webMessageService.send(webMessage, response, request);
}
Also used : User(org.hisp.dhis.user.User) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) ObjectReport(org.hisp.dhis.feedback.ObjectReport) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with CreateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.CreateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method postJsonObject.

//--------------------------------------------------------------------------
// POST
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.POST, consumes = "application/json")
public void postJsonObject(HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!aclService.canCreate(user, getEntityClass())) {
        throw new CreateAccessDeniedException("You don't have the proper permissions to create this object.");
    }
    T parsed = deserializeJsonEntity(request, response);
    parsed.getTranslations().clear();
    preCreateEntity(parsed);
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.CREATE).addObject(parsed);
    ImportReport importReport = importService.importMetadata(params);
    ObjectReport objectReport = getObjectReport(importReport);
    WebMessage webMessage = WebMessageUtils.objectReport(objectReport);
    if (objectReport != null && webMessage.getStatus() == Status.OK) {
        String location = contextService.getApiPath() + getSchema().getRelativeApiEndpoint() + "/" + objectReport.getUid();
        webMessage.setHttpStatus(HttpStatus.CREATED);
        response.setHeader(ContextUtils.HEADER_LOCATION, location);
        T entity = manager.get(getEntityClass(), objectReport.getUid());
        postCreateEntity(entity);
    } else {
        webMessage.setStatus(Status.ERROR);
    }
    webMessageService.send(webMessage, response, request);
}
Also used : User(org.hisp.dhis.user.User) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) ObjectReport(org.hisp.dhis.feedback.ObjectReport) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

CreateAccessDeniedException (org.hisp.dhis.hibernate.exception.CreateAccessDeniedException)3 MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)2 ImportReport (org.hisp.dhis.dxf2.metadata.feedback.ImportReport)2 WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)2 ObjectReport (org.hisp.dhis.feedback.ObjectReport)2 User (org.hisp.dhis.user.User)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)1 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)1 DeletedObjectQuery (org.hisp.dhis.deletedobject.DeletedObjectQuery)1