Search in sources :

Example 1 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObjectProperty.

@RequestMapping(value = "/{uid}/{property}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectProperty(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @RequestParam Map<String, String> rpParameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!"translations".equals(pvProperty)) {
        setUserContext(user, translateParams);
    } else {
        setUserContext(null, new TranslateParams(false));
    }
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    if (fields.isEmpty()) {
        fields.add(":all");
    }
    String fieldFilter = "[" + Joiner.on(',').join(fields) + "]";
    return getObjectInternal(pvUid, rpParameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + fieldFilter), user);
}
Also used : User(org.hisp.dhis.user.User) TranslateParams(org.hisp.dhis.dxf2.common.TranslateParams) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 2 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObjectList.

//--------------------------------------------------------------------------
// GET
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectList(@RequestParam Map<String, String> rpParameters, OrderParams orderParams, HttpServletResponse response, HttpServletRequest request, User currentUser) throws QueryParserException {
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
    List<Order> orders = orderParams.getOrders(getSchema());
    if (fields.isEmpty()) {
        fields.addAll(Preset.defaultPreset().getFields());
    }
    WebOptions options = new WebOptions(rpParameters);
    WebMetadata metadata = new WebMetadata();
    if (!aclService.canRead(currentUser, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<T> entities = getEntityList(metadata, options, filters, orders);
    Pager pager = metadata.getPager();
    if (options.hasPaging() && pager == null) {
        pager = new Pager(options.getPage(), entities.size(), options.getPageSize());
        entities = PagerUtils.pageCollection(entities, pager);
    }
    postProcessEntities(entities);
    postProcessEntities(entities, options, rpParameters);
    handleLinksAndAccess(entities, fields, false, currentUser);
    linkService.generatePagerLinks(pager, getEntityClass());
    RootNode rootNode = NodeUtils.createMetadata();
    rootNode.getConfig().setInclusionStrategy(getInclusionStrategy(rpParameters.get("inclusionStrategy")));
    if (pager != null) {
        rootNode.addChild(NodeUtils.createPager(pager));
    }
    rootNode.addChild(fieldFilterService.filter(getEntityClass(), entities, fields));
    return rootNode;
}
Also used : Order(org.hisp.dhis.query.Order) RootNode(org.hisp.dhis.node.types.RootNode) Pager(org.hisp.dhis.common.Pager) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) WebOptions(org.hisp.dhis.webapi.webdomain.WebOptions) WebMetadata(org.hisp.dhis.webapi.webdomain.WebMetadata) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 3 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class LockExceptionController method deleteLockException.

@RequestMapping(method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
    User user = userService.getCurrentUser();
    DataSet dataSet = dataSetService.getDataSet(dataSetId);
    Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
    OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(organisationUnitId);
    if (!ObjectUtils.allNonNull(dataSet, period)) {
        throw new WebMessageException(WebMessageUtils.conflict("Can't find LockException with combination: dataSet=" + dataSetId + ", period=" + periodId));
    }
    if (!aclService.canDelete(user, dataSet)) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to delete this object.");
    }
    if (organisationUnit != null) {
        dataSetService.deleteLockExceptionCombination(dataSet, period, organisationUnit);
    } else {
        dataSetService.deleteLockExceptionCombination(dataSet, period);
    }
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) User(org.hisp.dhis.user.User) DataSet(org.hisp.dhis.dataset.DataSet) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) Period(org.hisp.dhis.period.Period) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class LockExceptionController method addLockException.

@RequestMapping(method = RequestMethod.POST)
public void addLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
    User user = userService.getCurrentUser();
    DataSet dataSet = dataSetService.getDataSet(dataSetId);
    Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
    if (dataSet == null || period == null) {
        throw new WebMessageException(WebMessageUtils.conflict(" DataSet or Period is invalid"));
    }
    if (!aclService.canUpdate(user, dataSet)) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to update this object");
    }
    boolean created = false;
    List<String> listOrgUnitIds = new ArrayList<>();
    if (organisationUnitId.startsWith("[") && organisationUnitId.endsWith("]")) {
        String[] arrOrgUnitIds = organisationUnitId.substring(1, organisationUnitId.length() - 1).split(",");
        Collections.addAll(listOrgUnitIds, arrOrgUnitIds);
    } else {
        listOrgUnitIds.add(organisationUnitId);
    }
    if (listOrgUnitIds.size() == 0) {
        throw new WebMessageException(WebMessageUtils.conflict(" OrganisationUnit ID is invalid."));
    }
    for (String id : listOrgUnitIds) {
        OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(id);
        if (organisationUnit == null) {
            throw new WebMessageException(WebMessageUtils.conflict("Can't find OrganisationUnit with id =" + id));
        }
        if (organisationUnit.getDataSets().contains(dataSet)) {
            LockException lockException = new LockException();
            lockException.setOrganisationUnit(organisationUnit);
            lockException.setDataSet(dataSet);
            lockException.setPeriod(period);
            dataSetService.addLockException(lockException);
            created = true;
        }
    }
    if (created) {
        webMessageService.send(WebMessageUtils.created("LockException created successfully."), response, request);
    }
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) User(org.hisp.dhis.user.User) DataSet(org.hisp.dhis.dataset.DataSet) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) LockException(org.hisp.dhis.dataset.LockException) ArrayList(java.util.ArrayList) Period(org.hisp.dhis.period.Period) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getCollectionItem.

//--------------------------------------------------------------------------
// Identifiable object collections add, delete
//--------------------------------------------------------------------------
@RequestMapping(value = "/{uid}/{property}/{itemId}", method = RequestMethod.GET)
@ResponseBody
public RootNode getCollectionItem(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @PathVariable("itemId") String pvItemId, @RequestParam Map<String, String> parameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    setUserContext(user, translateParams);
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    RootNode rootNode = getObjectInternal(pvUid, parameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + "[:all]"), user);
    // TODO optimize this using field filter (collection filtering)
    if (!rootNode.getChildren().isEmpty() && rootNode.getChildren().get(0).isCollection()) {
        rootNode.getChildren().get(0).getChildren().stream().filter(Node::isComplex).forEach(node -> {
            node.getChildren().stream().filter(child -> child.isSimple() && child.getName().equals("id") && !((SimpleNode) child).getValue().equals(pvItemId)).forEach(child -> rootNode.getChildren().get(0).removeChild(node));
        });
    }
    if (rootNode.getChildren().isEmpty() || rootNode.getChildren().get(0).getChildren().isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(pvProperty + " with ID " + pvItemId + " could not be found."));
    }
    return rootNode;
}
Also used : ImportStrategy(org.hisp.dhis.importexport.ImportStrategy) PathVariable(org.springframework.web.bind.annotation.PathVariable) Order(org.hisp.dhis.query.Order) RequestParam(org.springframework.web.bind.annotation.RequestParam) ErrorReport(org.hisp.dhis.feedback.ErrorReport) UserContext(org.hisp.dhis.common.UserContext) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) MergeService(org.hisp.dhis.schema.MergeService) RenderService(org.hisp.dhis.render.RenderService) InclusionStrategy(org.hisp.dhis.node.config.InclusionStrategy) UserSettingKey(org.hisp.dhis.user.UserSettingKey) Autowired(org.springframework.beans.factory.annotation.Autowired) WebMessageService(org.hisp.dhis.webapi.service.WebMessageService) NodeUtils(org.hisp.dhis.node.NodeUtils) UserSettingService(org.hisp.dhis.user.UserSettingService) Optional(com.google.common.base.Optional) MetadataImportService(org.hisp.dhis.dxf2.metadata.MetadataImportService) Locale(java.util.Locale) Map(java.util.Map) JsonNode(com.fasterxml.jackson.databind.JsonNode) Preset(org.hisp.dhis.node.Preset) PagerUtils(org.hisp.dhis.common.PagerUtils) Status(org.hisp.dhis.feedback.Status) Query(org.hisp.dhis.query.Query) ContextService(org.hisp.dhis.webapi.service.ContextService) DefaultRenderService(org.hisp.dhis.render.DefaultRenderService) LinkService(org.hisp.dhis.webapi.service.LinkService) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) FieldFilterService(org.hisp.dhis.fieldfilter.FieldFilterService) MediaType(org.springframework.http.MediaType) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) SchemaService(org.hisp.dhis.schema.SchemaService) QueryService(org.hisp.dhis.query.QueryService) Property(org.hisp.dhis.schema.Property) Collectors(java.util.stream.Collectors) ImportReportMode(org.hisp.dhis.dxf2.metadata.feedback.ImportReportMode) MetadataExportService(org.hisp.dhis.dxf2.metadata.MetadataExportService) SimpleNode(org.hisp.dhis.node.types.SimpleNode) ObjectTranslation(org.hisp.dhis.translation.ObjectTranslation) List(java.util.List) ComplexNode(org.hisp.dhis.node.types.ComplexNode) Type(java.lang.reflect.Type) AclService(org.hisp.dhis.security.acl.AclService) Schema(org.hisp.dhis.schema.Schema) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) RootNode(org.hisp.dhis.node.types.RootNode) Joiner(com.google.common.base.Joiner) HibernateCacheManager(org.hisp.dhis.cache.HibernateCacheManager) DhisApiVersion(org.hisp.dhis.common.DhisApiVersion) WebOptions(org.hisp.dhis.webapi.webdomain.WebOptions) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) CollectionNode(org.hisp.dhis.node.types.CollectionNode) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) HashMap(java.util.HashMap) ApiVersion(org.hisp.dhis.webapi.mvc.annotation.ApiVersion) Enums(com.google.common.base.Enums) TypeReport(org.hisp.dhis.feedback.TypeReport) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) Lists(com.google.common.collect.Lists) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) Charset(java.nio.charset.Charset) IdentifiableObjectManager(org.hisp.dhis.common.IdentifiableObjectManager) WebMetadata(org.hisp.dhis.webapi.webdomain.WebMetadata) User(org.hisp.dhis.user.User) ErrorCode(org.hisp.dhis.feedback.ErrorCode) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) WebMessageUtils(org.hisp.dhis.dxf2.webmessage.WebMessageUtils) ObjectReport(org.hisp.dhis.feedback.ObjectReport) QueryParserException(org.hisp.dhis.query.QueryParserException) IdentifiableObjects(org.hisp.dhis.common.IdentifiableObjects) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) StreamUtils(org.springframework.util.StreamUtils) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) ContextUtils(org.hisp.dhis.webapi.utils.ContextUtils) Node(org.hisp.dhis.node.Node) DeleteAccessDeniedException(org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException) Pager(org.hisp.dhis.common.Pager) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) CollectionService(org.hisp.dhis.dxf2.metadata.collection.CollectionService) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) HttpStatus(org.springframework.http.HttpStatus) OrderParams(org.hisp.dhis.dxf2.common.OrderParams) ParameterizedType(java.lang.reflect.ParameterizedType) CurrentUserService(org.hisp.dhis.user.CurrentUserService) TranslateParams(org.hisp.dhis.dxf2.common.TranslateParams) StringUtils(org.springframework.util.StringUtils) RootNode(org.hisp.dhis.node.types.RootNode) User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

ReadAccessDeniedException (org.hisp.dhis.hibernate.exception.ReadAccessDeniedException)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 User (org.hisp.dhis.user.User)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)4 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 ArrayList (java.util.ArrayList)2 Pager (org.hisp.dhis.common.Pager)2 DataSet (org.hisp.dhis.dataset.DataSet)2 TranslateParams (org.hisp.dhis.dxf2.common.TranslateParams)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)1 Enums (com.google.common.base.Enums)1 Joiner (com.google.common.base.Joiner)1 Optional (com.google.common.base.Optional)1 Lists (com.google.common.collect.Lists)1 IOException (java.io.IOException)1 ParameterizedType (java.lang.reflect.ParameterizedType)1 Type (java.lang.reflect.Type)1 Charset (java.nio.charset.Charset)1