Search in sources :

Example 6 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method getObject.

@RequestMapping(value = "/{uid}", method = RequestMethod.GET)
@ResponseBody
public RootNode getObject(@PathVariable("uid") String pvUid, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
    User user = currentUserService.getCurrentUser();
    if (!aclService.canRead(user, getEntityClass())) {
        throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
    }
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
    if (fields.isEmpty()) {
        fields.add(":all");
    }
    return getObjectInternal(pvUid, rpParameters, filters, fields, user);
}
Also used : User(org.hisp.dhis.user.User) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 7 with ReadAccessDeniedException

use of org.hisp.dhis.hibernate.exception.ReadAccessDeniedException in project dhis2-core by dhis2.

the class AppController method renderApp.

@RequestMapping(value = "/{app}/**", method = RequestMethod.GET)
public void renderApp(@PathVariable("app") String app, HttpServletRequest request, HttpServletResponse response) throws IOException {
    Iterable<Resource> locations = Lists.newArrayList(resourceLoader.getResource("file:" + appManager.getAppFolderPath() + "/" + app + "/"), resourceLoader.getResource("classpath*:/apps/" + app + "/"));
    Resource manifest = findResource(locations, "manifest.webapp");
    if (manifest == null) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    ObjectMapper jsonMapper = DefaultRenderService.getJsonMapper();
    App application = jsonMapper.readValue(manifest.getInputStream(), App.class);
    if (application.getName() == null || !appManager.isAccessible(application)) {
        throw new ReadAccessDeniedException("You don't have access to application " + app + ".");
    }
    String pageName = getUrl(request.getPathInfo(), app);
    // if request was for manifest.webapp, check for * and replace with host
    if ("manifest.webapp".equals(pageName)) {
        if ("*".equals(application.getActivities().getDhis().getHref())) {
            String contextPath = ContextUtils.getContextPath(request);
            application.getActivities().getDhis().setHref(contextPath);
            jsonMapper.writeValue(response.getOutputStream(), application);
            return;
        }
    }
    Resource resource = findResource(locations, pageName);
    if (resource == null) {
        response.sendError(HttpServletResponse.SC_NOT_FOUND);
        return;
    }
    if (new ServletWebRequest(request, response).checkNotModified(resource.lastModified())) {
        response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
        return;
    }
    String mimeType = request.getSession().getServletContext().getMimeType(resource.getFilename());
    if (mimeType != null) {
        response.setContentType(mimeType);
    }
    response.setContentLength((int) resource.contentLength());
    response.setHeader("Last-Modified", DateUtils.getHttpDateString(new Date(resource.lastModified())));
    StreamUtils.copy(resource.getInputStream(), response.getOutputStream());
}
Also used : App(org.hisp.dhis.appmanager.App) Resource(org.springframework.core.io.Resource) ReadAccessDeniedException(org.hisp.dhis.hibernate.exception.ReadAccessDeniedException) ServletWebRequest(org.springframework.web.context.request.ServletWebRequest) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper) Date(java.util.Date) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

ReadAccessDeniedException (org.hisp.dhis.hibernate.exception.ReadAccessDeniedException)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 User (org.hisp.dhis.user.User)5 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)4 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)3 ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)2 ArrayList (java.util.ArrayList)2 Pager (org.hisp.dhis.common.Pager)2 DataSet (org.hisp.dhis.dataset.DataSet)2 TranslateParams (org.hisp.dhis.dxf2.common.TranslateParams)2 JsonNode (com.fasterxml.jackson.databind.JsonNode)1 XmlMapper (com.fasterxml.jackson.dataformat.xml.XmlMapper)1 Enums (com.google.common.base.Enums)1 Joiner (com.google.common.base.Joiner)1 Optional (com.google.common.base.Optional)1 Lists (com.google.common.collect.Lists)1 IOException (java.io.IOException)1 ParameterizedType (java.lang.reflect.ParameterizedType)1 Type (java.lang.reflect.Type)1 Charset (java.nio.charset.Charset)1