use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method getObjectProperty.
@RequestMapping(value = "/{uid}/{property}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectProperty(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @RequestParam Map<String, String> rpParameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
User user = currentUserService.getCurrentUser();
if (!"translations".equals(pvProperty)) {
setUserContext(user, translateParams);
} else {
setUserContext(null, new TranslateParams(false));
}
if (!aclService.canRead(user, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
if (fields.isEmpty()) {
fields.add(":all");
}
String fieldFilter = "[" + Joiner.on(',').join(fields) + "]";
return getObjectInternal(pvUid, rpParameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + fieldFilter), user);
}
use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method getObjectList.
//--------------------------------------------------------------------------
// GET
//--------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.GET)
@ResponseBody
public RootNode getObjectList(@RequestParam Map<String, String> rpParameters, OrderParams orderParams, HttpServletResponse response, HttpServletRequest request, User currentUser) throws QueryParserException {
List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
List<Order> orders = orderParams.getOrders(getSchema());
if (fields.isEmpty()) {
fields.addAll(Preset.defaultPreset().getFields());
}
WebOptions options = new WebOptions(rpParameters);
WebMetadata metadata = new WebMetadata();
if (!aclService.canRead(currentUser, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
List<T> entities = getEntityList(metadata, options, filters, orders);
Pager pager = metadata.getPager();
if (options.hasPaging() && pager == null) {
pager = new Pager(options.getPage(), entities.size(), options.getPageSize());
entities = PagerUtils.pageCollection(entities, pager);
}
postProcessEntities(entities);
postProcessEntities(entities, options, rpParameters);
handleLinksAndAccess(entities, fields, false, currentUser);
linkService.generatePagerLinks(pager, getEntityClass());
RootNode rootNode = NodeUtils.createMetadata();
rootNode.getConfig().setInclusionStrategy(getInclusionStrategy(rpParameters.get("inclusionStrategy")));
if (pager != null) {
rootNode.addChild(NodeUtils.createPager(pager));
}
rootNode.addChild(fieldFilterService.filter(getEntityClass(), entities, fields));
return rootNode;
}
use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class LockExceptionController method deleteLockException.
@RequestMapping(method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
User user = userService.getCurrentUser();
DataSet dataSet = dataSetService.getDataSet(dataSetId);
Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(organisationUnitId);
if (!ObjectUtils.allNonNull(dataSet, period)) {
throw new WebMessageException(WebMessageUtils.conflict("Can't find LockException with combination: dataSet=" + dataSetId + ", period=" + periodId));
}
if (!aclService.canDelete(user, dataSet)) {
throw new ReadAccessDeniedException("You don't have the proper permissions to delete this object.");
}
if (organisationUnit != null) {
dataSetService.deleteLockExceptionCombination(dataSet, period, organisationUnit);
} else {
dataSetService.deleteLockExceptionCombination(dataSet, period);
}
}
use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class LockExceptionController method addLockException.
@RequestMapping(method = RequestMethod.POST)
public void addLockException(@RequestParam("ou") String organisationUnitId, @RequestParam("pe") String periodId, @RequestParam("ds") String dataSetId, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
User user = userService.getCurrentUser();
DataSet dataSet = dataSetService.getDataSet(dataSetId);
Period period = periodService.reloadPeriod(PeriodType.getPeriodFromIsoString(periodId));
if (dataSet == null || period == null) {
throw new WebMessageException(WebMessageUtils.conflict(" DataSet or Period is invalid"));
}
if (!aclService.canUpdate(user, dataSet)) {
throw new ReadAccessDeniedException("You don't have the proper permissions to update this object");
}
boolean created = false;
List<String> listOrgUnitIds = new ArrayList<>();
if (organisationUnitId.startsWith("[") && organisationUnitId.endsWith("]")) {
String[] arrOrgUnitIds = organisationUnitId.substring(1, organisationUnitId.length() - 1).split(",");
Collections.addAll(listOrgUnitIds, arrOrgUnitIds);
} else {
listOrgUnitIds.add(organisationUnitId);
}
if (listOrgUnitIds.size() == 0) {
throw new WebMessageException(WebMessageUtils.conflict(" OrganisationUnit ID is invalid."));
}
for (String id : listOrgUnitIds) {
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit(id);
if (organisationUnit == null) {
throw new WebMessageException(WebMessageUtils.conflict("Can't find OrganisationUnit with id =" + id));
}
if (organisationUnit.getDataSets().contains(dataSet)) {
LockException lockException = new LockException();
lockException.setOrganisationUnit(organisationUnit);
lockException.setDataSet(dataSet);
lockException.setPeriod(period);
dataSetService.addLockException(lockException);
created = true;
}
}
if (created) {
webMessageService.send(WebMessageUtils.created("LockException created successfully."), response, request);
}
}
use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method getCollectionItem.
//--------------------------------------------------------------------------
// Identifiable object collections add, delete
//--------------------------------------------------------------------------
@RequestMapping(value = "/{uid}/{property}/{itemId}", method = RequestMethod.GET)
@ResponseBody
public RootNode getCollectionItem(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @PathVariable("itemId") String pvItemId, @RequestParam Map<String, String> parameters, TranslateParams translateParams, HttpServletRequest request, HttpServletResponse response) throws Exception {
User user = currentUserService.getCurrentUser();
setUserContext(user, translateParams);
if (!aclService.canRead(user, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
RootNode rootNode = getObjectInternal(pvUid, parameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + "[:all]"), user);
// TODO optimize this using field filter (collection filtering)
if (!rootNode.getChildren().isEmpty() && rootNode.getChildren().get(0).isCollection()) {
rootNode.getChildren().get(0).getChildren().stream().filter(Node::isComplex).forEach(node -> {
node.getChildren().stream().filter(child -> child.isSimple() && child.getName().equals("id") && !((SimpleNode) child).getValue().equals(pvItemId)).forEach(child -> rootNode.getChildren().get(0).removeChild(node));
});
}
if (rootNode.getChildren().isEmpty() || rootNode.getChildren().get(0).getChildren().isEmpty()) {
throw new WebMessageException(WebMessageUtils.notFound(pvProperty + " with ID " + pvItemId + " could not be found."));
}
return rootNode;
}
Aggregations