Examples with ReadAccessDeniedException org.hisp.dhis.hibernate.exception.ReadAccessDeniedException used on opensource projects

Search in sources :

Example 1 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObjectProperty.

@RequestMapping(value = "/{uid}/{property}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectProperty(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @RequestParam Map<String, String> rpParameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!"translations".equals(pvProperty)) {
        setUserContext(user, translateParams);
    } else {
        setUserContext(null, new TranslateParams(false));
    }
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    if (fields.isEmpty()) {
        fields.add(":all");
    }
    String fieldFilter = "[" + Joiner.on(',').join(fields) + "]";
    return getObjectInternal(pvUid, rpParameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + fieldFilter), user);
}
Also used : User(org.hisp.dhis.user.User) TranslateParams(org.hisp.dhis.dxf2.common.TranslateParams) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 2 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObjectList.

//--------------------------------------------------------------------------
// GET
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectList(@RequestParam Map<String, String> rpParameters, OrderParams orderParams, HttpServletResponse response, HttpServletRequest request, User currentUser) throws QueryParserException {
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
    List<Order> orders = orderParams.getOrders(getSchema());
    if (fields.isEmpty()) {
        fields.addAll(Preset.defaultPreset().getFields());
    }
    WebOptions options = new WebOptions(rpParameters);
    WebMetadata metadata = new WebMetadata();
    if (!aclService.canRead(currentUser, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<T> entities = getEntityList(metadata, options, filters, orders);
    Pager pager = metadata.getPager();
    if (options.hasPaging() && pager == null) {
        pager = new Pager(options.getPage(), entities.size(), options.getPageSize());
        entities = PagerUtils.pageCollection(entities, pager);
    }
    postProcessEntities(entities);
    postProcessEntities(entities, options, rpParameters);
    handleLinksAndAccess(entities, fields, false, currentUser);
    linkService.generatePagerLinks(pager, getEntityClass());
    RootNode rootNode = NodeUtils.createMetadata();
    rootNode.getConfig().setInclusionStrategy(getInclusionStrategy(rpParameters.get("inclusionStrategy")));
    if (pager != null) {
        rootNode.addChild(NodeUtils.createPager(pager));
    }
    rootNode.addChild(fieldFilterService.filter(getEntityClass(), entities, fields));
    return rootNode;
}
Also used : Order(org.hisp.dhis.query.Order) RootNode(org.hisp.dhis.node.types.RootNode) Pager(org.hisp.dhis.common.Pager) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) WebOptions(org.hisp.dhis.webapi.webdomain.WebOptions) WebMetadata(org.hisp.dhis.webapi.webdomain.WebMetadata) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 3 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class LockExceptionController method deleteLockException.

@RequestMapping(method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
    User user = userService.getCurrentUser();
    DataSet dataSet = dataSetService.getDataSet(dataSetId);
    Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
    OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(organisationUnitId);
    if (!ObjectUtils.allNonNull(dataSet, period)) {
        throw new WebMessageException(WebMessageUtils.conflict("Can't find LockException with combination: dataSet=" + dataSetId + ", period=" + periodId));
    }
    if (!aclService.canDelete(user, dataSet)) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to delete this object.");
    }
    if (organisationUnit != null) {
        dataSetService.deleteLockExceptionCombination(dataSet, period, organisationUnit);
    } else {
        dataSetService.deleteLockExceptionCombination(dataSet, period);
    }
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) User(org.hisp.dhis.user.User) DataSet(org.hisp.dhis.dataset.DataSet) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) Period(org.hisp.dhis.period.Period) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 4 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class LockExceptionController method addLockException.

@RequestMapping(method = RequestMethod.POST)
public void addLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
    User user = userService.getCurrentUser();
    DataSet dataSet = dataSetService.getDataSet(dataSetId);
    Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
    if (dataSet == null || period == null) {
        throw new WebMessageException(WebMessageUtils.conflict(" DataSet or Period is invalid"));
    }
    if (!aclService.canUpdate(user, dataSet)) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to update this object");
    }
    boolean created = false;
    List<String> listOrgUnitIds = new ArrayList<>();
    if (organisationUnitId.startsWith("[") && organisationUnitId.endsWith("]")) {
        String[] arrOrgUnitIds = organisationUnitId.substring(1, organisationUnitId.length() - 1).split(",");
        Collections.addAll(listOrgUnitIds, arrOrgUnitIds);
    } else {
        listOrgUnitIds.add(organisationUnitId);
    }
    if (listOrgUnitIds.size() == 0) {
        throw new WebMessageException(WebMessageUtils.conflict(" OrganisationUnit ID is invalid."));
    }
    for (String id : listOrgUnitIds) {
        OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(id);
        if (organisationUnit == null) {
            throw new WebMessageException(WebMessageUtils.conflict("Can't find OrganisationUnit with id =" + id));
        }
        if (organisationUnit.getDataSets().contains(dataSet)) {
            LockException lockException = new LockException();
            lockException.setOrganisationUnit(organisationUnit);
            lockException.setDataSet(dataSet);
            lockException.setPeriod(period);
            dataSetService.addLockException(lockException);
            created = true;
        }
    }
    if (created) {
        webMessageService.send(WebMessageUtils.created("LockException created successfully."), response, request);
    }
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) User(org.hisp.dhis.user.User) DataSet(org.hisp.dhis.dataset.DataSet) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) LockException(org.hisp.dhis.dataset.LockException) ArrayList(java.util.ArrayList) Period(org.hisp.dhis.period.Period) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getCollectionItem.

//--------------------------------------------------------------------------
// Identifiable object collections add, delete
//--------------------------------------------------------------------------
@RequestMapping(value = "/{uid}/{property}/{itemId}", method = RequestMethod.GET)
@ResponseBody
public RootNode getCollectionItem(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @PathVariable("itemId") String pvItemId, @RequestParam Map<String, String> parameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    setUserContext(user, translateParams);
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    RootNode rootNode = getObjectInternal(pvUid, parameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + "[:all]"), user);
    // TODO optimize this using field filter (collection filtering)
    if (!rootNode.getChildren().isEmpty() && rootNode.getChildren().get(0).isCollection()) {
        rootNode.getChildren().get(0).getChildren().stream().filter(Node::isComplex).forEach(node -> {
            node.getChildren().stream().filter(child -> child.isSimple() && child.getName().equals("id") && !((SimpleNode) child).getValue().equals(pvItemId)).forEach(child -> rootNode.getChildren().get(0).removeChild(node));
        });
    }
    if (rootNode.getChildren().isEmpty() || rootNode.getChildren().get(0).getChildren().isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(pvProperty + " with ID " + pvItemId + " could not be found."));
    }
    return rootNode;
}
Also used : ImportStrategy(org.hisp.dhis.importexport.ImportStrategy) PathVariable(org.springframework.web.bind.annotation.PathVariable) Order(org.hisp.dhis.query.Order) RequestParam(org.springframework.web.bind.annotation.RequestParam) ErrorReport(org.hisp.dhis.feedback.ErrorReport) UserContext(org.hisp.dhis.common.UserContext) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) MergeService(org.hisp.dhis.schema.MergeService) RenderService(org.hisp.dhis.render.RenderService) InclusionStrategy(org.hisp.dhis.node.config.InclusionStrategy) UserSettingKey(org.hisp.dhis.user.UserSettingKey) Autowired(org.springframework.beans.factory.annotation.Autowired) WebMessageService(org.hisp.dhis.webapi.service.WebMessageService) NodeUtils(org.hisp.dhis.node.NodeUtils) UserSettingService(org.hisp.dhis.user.UserSettingService) Optional(com.google.common.base.Optional) MetadataImportService(org.hisp.dhis.dxf2.metadata.MetadataImportService) Locale(java.util.Locale) Map(java.util.Map) JsonNode(com.fasterxml.jackson.databind.JsonNode) Preset(org.hisp.dhis.node.Preset) PagerUtils(org.hisp.dhis.common.PagerUtils) Status(org.hisp.dhis.feedback.Status) Query(org.hisp.dhis.query.Query) ContextService(org.hisp.dhis.webapi.service.ContextService) DefaultRenderService(org.hisp.dhis.render.DefaultRenderService) LinkService(org.hisp.dhis.webapi.service.LinkService) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) FieldFilterService(org.hisp.dhis.fieldfilter.FieldFilterService) MediaType(org.springframework.http.MediaType) RequestMethod(org.springframework.web.bind.annotation.RequestMethod) SchemaService(org.hisp.dhis.schema.SchemaService) QueryService(org.hisp.dhis.query.QueryService) Property(org.hisp.dhis.schema.Property) Collectors(java.util.stream.Collectors) ImportReportMode(org.hisp.dhis.dxf2.metadata.feedback.ImportReportMode) MetadataExportService(org.hisp.dhis.dxf2.metadata.MetadataExportService) SimpleNode(org.hisp.dhis.node.types.SimpleNode) ObjectTranslation(org.hisp.dhis.translation.ObjectTranslation) List(java.util.List) ComplexNode(org.hisp.dhis.node.types.ComplexNode) Type(java.lang.reflect.Type) AclService(org.hisp.dhis.security.acl.AclService) Schema(org.hisp.dhis.schema.Schema) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) RootNode(org.hisp.dhis.node.types.RootNode) Joiner(com.google.common.base.Joiner) HibernateCacheManager(org.hisp.dhis.cache.HibernateCacheManager) DhisApiVersion(org.hisp.dhis.common.DhisApiVersion) WebOptions(org.hisp.dhis.webapi.webdomain.WebOptions) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) CollectionNode(org.hisp.dhis.node.types.CollectionNode) XmlMapper(com.fasterxml.jackson.dataformat.xml.XmlMapper) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) CreateAccessDeniedException(org.hisp.dhis.hibernate.exception.CreateAccessDeniedException) HashMap(java.util.HashMap) ApiVersion(org.hisp.dhis.webapi.mvc.annotation.ApiVersion) Enums(com.google.common.base.Enums) TypeReport(org.hisp.dhis.feedback.TypeReport) ArrayList(java.util.ArrayList) HttpServletRequest(javax.servlet.http.HttpServletRequest) Lists(com.google.common.collect.Lists) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) Charset(java.nio.charset.Charset) IdentifiableObjectManager(org.hisp.dhis.common.IdentifiableObjectManager) WebMetadata(org.hisp.dhis.webapi.webdomain.WebMetadata) User(org.hisp.dhis.user.User) ErrorCode(org.hisp.dhis.feedback.ErrorCode) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) WebMessageUtils(org.hisp.dhis.dxf2.webmessage.WebMessageUtils) ObjectReport(org.hisp.dhis.feedback.ObjectReport) QueryParserException(org.hisp.dhis.query.QueryParserException) IdentifiableObjects(org.hisp.dhis.common.IdentifiableObjects) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) StreamUtils(org.springframework.util.StreamUtils) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) ContextUtils(org.hisp.dhis.webapi.utils.ContextUtils) Node(org.hisp.dhis.node.Node) DeleteAccessDeniedException(org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException) Pager(org.hisp.dhis.common.Pager) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) HttpServletResponse(javax.servlet.http.HttpServletResponse) IOException(java.io.IOException) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) CollectionService(org.hisp.dhis.dxf2.metadata.collection.CollectionService) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) HttpStatus(org.springframework.http.HttpStatus) OrderParams(org.hisp.dhis.dxf2.common.OrderParams) ParameterizedType(java.lang.reflect.ParameterizedType) CurrentUserService(org.hisp.dhis.user.CurrentUserService) TranslateParams(org.hisp.dhis.dxf2.common.TranslateParams) StringUtils(org.springframework.util.StringUtils) RootNode(org.hisp.dhis.node.types.RootNode) User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Aggregations

ReadAccessDeniedException (org.hisp.dhis.hibernate.exception.ReadAccessDeniedException)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 User (org.hisp.dhis.user.User)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)4 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 ArrayList (java.util.ArrayList)2 Pager (org.hisp.dhis.common.Pager)2 DataSet (org.hisp.dhis.dataset.DataSet)2 TranslateParams (org.hisp.dhis.dxf2.common.TranslateParams)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)1 Enums (com.google.common.base.Enums)1 Joiner (com.google.common.base.Joiner)1 Optional (com.google.common.base.Optional)1 Lists (com.google.common.collect.Lists)1 IOException (java.io.IOException)1 ParameterizedType (java.lang.reflect.ParameterizedType)1 Type (java.lang.reflect.Type)1 Charset (java.nio.charset.Charset)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial