use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class AbstractCrudController method getObject.
@RequestMapping(value = "/{uid}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObject(@PathVariable("uid") String pvUid, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
User user = currentUserService.getCurrentUser();
if (!aclService.canRead(user, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
if (fields.isEmpty()) {
fields.add(":all");
}
return getObjectInternal(pvUid, rpParameters, filters, fields, user);
}
use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.
the class AppController method renderApp.
@RequestMapping(value = "/{app}/**", method = RequestMethod.GET)
public void renderApp(@PathVariable("app") String app, HttpServletRequest request, HttpServletResponse response) throws IOException {
Iterable<Resource> locations = Lists.newArrayList(resourceLoader.getResource("file:" + appManager.getAppFolderPath() + "/" + app + "/"), resourceLoader.getResource("classpath*:/apps/" + app + "/"));
Resource manifest = findResource(locations, "manifest.webapp");
if (manifest == null) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
ObjectMapper jsonMapper = DefaultRenderService.getJsonMapper();
App application = jsonMapper.readValue(manifest.getInputStream(), App.class);
if (application.getName() == null || !appManager.isAccessible(application)) {
throw new ReadAccessDeniedException("You don't have access to application " + app + ".");
}
String pageName = getUrl(request.getPathInfo(), app);
// if request was for manifest.webapp, check for * and replace with host
if ("manifest.webapp".equals(pageName)) {
if ("*".equals(application.getActivities().getDhis().getHref())) {
String contextPath = ContextUtils.getContextPath(request);
application.getActivities().getDhis().setHref(contextPath);
jsonMapper.writeValue(response.getOutputStream(), application);
return;
}
}
Resource resource = findResource(locations, pageName);
if (resource == null) {
response.sendError(HttpServletResponse.SC_NOT_FOUND);
return;
}
if (new ServletWebRequest(request, response).checkNotModified(resource.lastModified())) {
response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
return;
}
String mimeType = request.getSession().getServletContext().getMimeType(resource.getFilename());
if (mimeType != null) {
response.setContentType(mimeType);
}
response.setContentLength((int) resource.contentLength());
response.setHeader("Last-Modified", DateUtils.getHttpDateString(new Date(resource.lastModified())));
StreamUtils.copy(resource.getInputStream(), response.getOutputStream());
}
Aggregations