Examples with UpdateAccessDeniedException org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException used on opensource projects

Example 1 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class DashboardItemController method putDashboardItemShape.

@RequestMapping(value = "/{uid}/shape/{shape}", method = RequestMethod.PUT)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void putDashboardItemShape(@PathVariable String uid, @PathVariable DashboardItemShape shape, HttpServletRequest request, HttpServletResponse response) throws Exception {
    DashboardItem item = dashboardService.getDashboardItem(uid);
    if (item == null) {
        throw new WebMessageException(WebMessageUtils.notFound("Dashboard item does not exist: " + uid));
    }
    Dashboard dashboard = dashboardService.getDashboardFromDashboardItem(item);
    if (!aclService.canUpdate(currentUserService.getCurrentUser(), dashboard)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this dashboard.");
    }
    item.setShape(shape);
    dashboardService.updateDashboardItem(item);
}

Example 2 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method replaceTranslations.

@RequestMapping(value = "/{uid}/translations", method = RequestMethod.PUT)
public void replaceTranslations(@PathVariable("uid") String pvUid, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
    WebOptions options = new WebOptions(rpParameters);
    List<T> entities = getEntity(pvUid, options);
    if (entities.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    T persistedObject = entities.get(0);
    User user = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(user, persistedObject)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    T object = renderService.fromJson(request.getInputStream(), getEntityClass());
    TypeReport typeReport = new TypeReport(ObjectTranslation.class);
    List<ObjectTranslation> objectTranslations = Lists.newArrayList(object.getTranslations());
    for (int idx = 0; idx < object.getTranslations().size(); idx++) {
        ObjectReport objectReport = new ObjectReport(ObjectTranslation.class, idx);
        ObjectTranslation translation = objectTranslations.get(idx);
        if (translation.getLocale() == null) {
            objectReport.addErrorReport(new ErrorReport(ObjectTranslation.class, ErrorCode.E4000, "locale").setErrorKlass(getEntityClass()));
        }
        if (translation.getProperty() == null) {
            objectReport.addErrorReport(new ErrorReport(ObjectTranslation.class, ErrorCode.E4000, "property").setErrorKlass(getEntityClass()));
        }
        if (translation.getValue() == null) {
            objectReport.addErrorReport(new ErrorReport(ObjectTranslation.class, ErrorCode.E4000, "value").setErrorKlass(getEntityClass()));
        }
        typeReport.addObjectReport(objectReport);
        if (!objectReport.isEmpty()) {
            typeReport.getStats().incIgnored();
        }
    }
    if (!typeReport.getErrorReports().isEmpty()) {
        WebMessage webMessage = WebMessageUtils.typeReport(typeReport);
        webMessageService.send(webMessage, response, request);
        return;
    }
    manager.updateTranslations(persistedObject, object.getTranslations());
    manager.update(persistedObject);
    response.setStatus(HttpServletResponse.SC_NO_CONTENT);
}

Example 3 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method putJsonObject.

//--------------------------------------------------------------------------
// PUT
//--------------------------------------------------------------------------
@RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE)
public void putJsonObject(@PathVariable("uid") String pvUid, HttpServletRequest request, HttpServletResponse response) throws Exception {
    List<T> objects = getEntity(pvUid);
    if (objects.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(user, objects.get(0))) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    T parsed = deserializeJsonEntity(request, response);
    ((BaseIdentifiableObject) parsed).setUid(pvUid);
    preUpdateEntity(objects.get(0), parsed);
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.UPDATE).addObject(parsed);
    ImportReport importReport = importService.importMetadata(params);
    WebMessage webMessage = WebMessageUtils.objectReport(importReport);
    if (importReport.getStatus() == Status.OK) {
        T entity = manager.get(getEntityClass(), pvUid);
        postUpdateEntity(entity);
    } else {
        webMessage.setStatus(Status.ERROR);
    }
    webMessageService.send(webMessage, response, request);
}

Example 4 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method partialUpdateObject.

@RequestMapping(value = "/{uid}", method = RequestMethod.PATCH)
public void partialUpdateObject(@PathVariable("uid") String pvUid, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
    WebOptions options = new WebOptions(rpParameters);
    List<T> entities = getEntity(pvUid, options);
    if (entities.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    T persistedObject = entities.get(0);
    User user = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(user, persistedObject)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    String payload = StreamUtils.copyToString(request.getInputStream(), Charset.forName("UTF-8"));
    List<String> properties = new ArrayList<>();
    T object = null;
    if (isJson(request)) {
        properties = getJsonProperties(payload);
        object = renderService.fromJson(payload, getEntityClass());
    } else if (isXml(request)) {
        properties = getXmlProperties(payload);
        object = renderService.fromXml(payload, getEntityClass());
    }
    prePatchEntity(persistedObject, object);
    properties = getPersistedProperties(properties);
    if (properties.isEmpty() || object == null) {
        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
        return;
    }
    Schema schema = getSchema();
    for (String keyProperty : properties) {
        Property property = schema.getProperty(keyProperty);
        Object value = property.getGetterMethod().invoke(object);
        property.getSetterMethod().invoke(persistedObject, value);
    }
    manager.update(persistedObject);
    postPatchEntity(persistedObject);
}

Example 5 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class MessageConversationController method markMessageConversationFollowup.

//--------------------------------------------------------------------------
// Mark conversations for follow up
//--------------------------------------------------------------------------
@RequestMapping(value = "followup", method = RequestMethod.POST, produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE })
@ResponseBody
public RootNode markMessageConversationFollowup(@RequestParam(value = "user", required = false) String userUid, @RequestBody List<String> uids, HttpServletResponse response) {
    RootNode responseNode = new RootNode("response");
    User currentUser = currentUserService.getCurrentUser();
    User user = userUid != null ? userService.getUser(userUid) : currentUser;
    if (user == null) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        responseNode.addChild(new SimpleNode("message", "No user with uid: " + userUid));
        return responseNode;
    }
    if (!canModifyUserConversation(currentUser, user)) {
        throw new UpdateAccessDeniedException("Not authorized to modify this object.");
    }
    Collection<org.hisp.dhis.message.MessageConversation> messageConversations = messageService.getMessageConversations(user, uids);
    if (messageConversations.isEmpty()) {
        response.setStatus(HttpServletResponse.SC_NOT_FOUND);
        responseNode.addChild(new SimpleNode("message", "No MessageConversations found for the given UIDs"));
        return responseNode;
    }
    CollectionNode marked = responseNode.addChild(new CollectionNode("markedFollowup"));
    marked.setWrapping(false);
    for (org.hisp.dhis.message.MessageConversation conversation : messageConversations) {
        if (!conversation.isFollowUp()) {
            conversation.toggleFollowUp(user);
            messageService.updateMessageConversation(conversation);
        }
        marked.addChild(new SimpleNode("uid", conversation.getUid()));
    }
    response.setStatus(HttpServletResponse.SC_OK);
    return responseNode;
}