Examples with ReadAccessDeniedException org.hisp.dhis.hibernate.exception.ReadAccessDeniedException used on opensource projects

Example 6 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObject.

@RequestMapping(value = "/{uid}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObject(@PathVariable("uid") String pvUid, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
    if (fields.isEmpty()) {
        fields.add(":all");
    }
    return getObjectInternal(pvUid, rpParameters, filters, fields, user);
}

Example 7 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AppController method renderApp.

@RequestMapping(value = "/{app}/**", method = RequestMethod.GET)
public void renderApp(@PathVariable("app") String app, HttpServletRequest request, HttpServletResponse response) throws IOException {
    Iterable<Resource> locations = Lists.newArrayList(resourceLoader.getResource("file:" + appManager.getAppFolderPath() + "/" + app + "/"), resourceLoader.getResource("classpath*:/apps/" + app + "/"));
    Resource manifest = findResource(locations, "manifest.webapp");
    if (manifest == null) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    ObjectMapper jsonMapper = DefaultRenderService.getJsonMapper();
    App application = jsonMapper.readValue(manifest.getInputStream(), App.class);
    if (application.getName() == null || !appManager.isAccessible(application)) {
        throw new ReadAccessDeniedException("You don't have access to application " + app + ".");
    }
    String pageName = getUrl(request.getPathInfo(), app);
    // if request was for manifest.webapp, check for * and replace with host
    if ("manifest.webapp".equals(pageName)) {
        if ("*".equals(application.getActivities().getDhis().getHref())) {
            String contextPath = ContextUtils.getContextPath(request);
            application.getActivities().getDhis().setHref(contextPath);
            jsonMapper.writeValue(response.getOutputStream(), application);
            return;
        }
    }
    Resource resource = findResource(locations, pageName);
    if (resource == null) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    if (new ServletWebRequest(request, response).checkNotModified(resource.lastModified())) {
        response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
        return;
    }
    String mimeType = request.getSession().getServletContext().getMimeType(resource.getFilename());
    if (mimeType != null) {
        response.setContentType(mimeType);
    }
    response.setContentLength((int) resource.contentLength());
    response.setHeader("Last-Modified", DateUtils.getHttpDateString(new Date(resource.lastModified())));
    StreamUtils.copy(resource.getInputStream(), response.getOutputStream());
}