Examples with DeleteAccessDeniedException org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException used on opensource projects

Example 1 with DeleteAccessDeniedException

use of org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method deleteObject.

//--------------------------------------------------------------------------
// DELETE
//--------------------------------------------------------------------------
@RequestMapping(value = "/{uid}", method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.OK)
public void deleteObject(@PathVariable("uid") String pvUid, HttpServletRequest request, HttpServletResponse response) throws Exception {
    List<T> objects = getEntity(pvUid);
    if (objects.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canDelete(user, objects.get(0))) {
        throw new DeleteAccessDeniedException("You don't have the proper permissions to delete this object.");
    }
    preDeleteEntity(objects.get(0));
    MetadataImportParams params = new MetadataImportParams().setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.DELETE).addObject(objects.get(0));
    ImportReport importReport = importService.importMetadata(params);
    postDeleteEntity();
    webMessageService.send(WebMessageUtils.objectReport(importReport), response, request);
}

Example 2 with DeleteAccessDeniedException

use of org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException in project dhis2-core by dhis2.

the class MessageConversationController method removeUserFromMessageConversations.

//--------------------------------------------------------------------------
// Remove a user from one or more MessageConversations (batch operation)
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.DELETE, produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE })
@ResponseBody
public RootNode removeUserFromMessageConversations(@RequestParam("mc") List<String> mcUids, @RequestParam(value = "user", required = false) String userUid, HttpServletResponse response) throws DeleteAccessDeniedException {
    RootNode responseNode = new RootNode("response");
    User currentUser = currentUserService.getCurrentUser();
    User user = userUid == null ? currentUser : userService.getUser(userUid);
    if (user == null) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        responseNode.addChild(new SimpleNode("message", "User does not exist: " + userUid));
        return responseNode;
    }
    if (!canModifyUserConversation(currentUser, user)) {
        throw new DeleteAccessDeniedException("Not authorized to modify user: " + user.getUid());
    }
    Collection<org.hisp.dhis.message.MessageConversation> messageConversations = messageService.getMessageConversations(user, mcUids);
    if (messageConversations.isEmpty()) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        responseNode.addChild(new SimpleNode("message", "No MessageConversations found for the given UIDs."));
        return responseNode;
    }
    CollectionNode removed = responseNode.addChild(new CollectionNode("removed"));
    for (org.hisp.dhis.message.MessageConversation mc : messageConversations) {
        if (mc.remove(user)) {
            messageService.updateMessageConversation(mc);
            removed.addChild(new SimpleNode("uid", mc.getUid()));
        }
    }
    response.setStatus(HttpServletResponse.SC_OK);
    return responseNode;
}

Example 3 with DeleteAccessDeniedException

use of org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException in project dhis2-core by dhis2.

the class UserRoleController method removeUserFromRole.

@RequestMapping(value = "/{id}/users/{userId}", method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void removeUserFromRole(@PathVariable(value = "id") String pvId, @PathVariable("userId") String pvUserId, HttpServletResponse response) throws WebMessageException {
    UserAuthorityGroup userAuthorityGroup = userService.getUserAuthorityGroup(pvId);
    if (userAuthorityGroup == null) {
        throw new WebMessageException(WebMessageUtils.notFound("UserRole does not exist: " + pvId));
    }
    User user = userService.getUser(pvUserId);
    if (user == null || user.getUserCredentials() == null) {
        throw new WebMessageException(WebMessageUtils.notFound("User does not exist: " + pvId));
    }
    if (!aclService.canUpdate(currentUserService.getCurrentUser(), userAuthorityGroup)) {
        throw new DeleteAccessDeniedException("You don't have the proper permissions to delete this object.");
    }
    if (user.getUserCredentials().getUserAuthorityGroups().contains(userAuthorityGroup)) {
        user.getUserCredentials().getUserAuthorityGroups().remove(userAuthorityGroup);
        userService.updateUserCredentials(user.getUserCredentials());
    }
}

Example 4 with DeleteAccessDeniedException

use of org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException in project dhis2-core by dhis2.

the class MessageConversationController method removeUserFromMessageConversation.

//--------------------------------------------------------------------------
// Remove a user from a MessageConversation
// In practice a DELETE on MessageConversation <-> User relationship
//--------------------------------------------------------------------------
@RequestMapping(value = "/{mc-uid}/{user-uid}", method = RequestMethod.DELETE, produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE })
@ResponseBody
public RootNode removeUserFromMessageConversation(@PathVariable(value = "mc-uid") String mcUid, @PathVariable(value = "user-uid") String userUid, HttpServletResponse response) throws DeleteAccessDeniedException {
    RootNode responseNode = new RootNode("reply");
    User user = userService.getUser(userUid);
    if (user == null) {
        responseNode.addChild(new SimpleNode("message", "No user with uid: " + userUid));
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return responseNode;
    }
    if (!canModifyUserConversation(currentUserService.getCurrentUser(), user)) {
        throw new DeleteAccessDeniedException("Not authorized to modify user: " + user.getUid());
    }
    org.hisp.dhis.message.MessageConversation messageConversation = messageService.getMessageConversation(mcUid);
    if (messageConversation == null) {
        responseNode.addChild(new SimpleNode("message", "No messageConversation with uid: " + mcUid));
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        return responseNode;
    }
    CollectionNode removed = responseNode.addChild(new CollectionNode("removed"));
    if (messageConversation.remove(user)) {
        messageService.updateMessageConversation(messageConversation);
        removed.addChild(new SimpleNode("uid", messageConversation.getUid()));
    }
    response.setStatus(HttpServletResponse.SC_OK);
    return responseNode;
}