Examples with UpdateAccessDeniedException org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException used on opensource projects

Search in sources :

Example 16 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class DashboardController method postJsonItemContent.

@RequestMapping(value = "/{dashboardUid}/items/content", method = RequestMethod.POST)
public void postJsonItemContent(HttpServletResponse response, HttpServletRequest request, @PathVariable String dashboardUid, @RequestParam DashboardItemType type, @RequestParam("id") String contentUid) throws Exception {
    Dashboard dashboard = dashboardService.getDashboard(dashboardUid);
    if (dashboard == null) {
        throw new WebMessageException(WebMessageUtils.notFound("Dashboard does not exist: " + dashboardUid));
    }
    if (!aclService.canUpdate(currentUserService.getCurrentUser(), dashboard)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this dashboard.");
    }
    DashboardItem item = dashboardService.addItemContent(dashboardUid, type, contentUid);
    if (item == null) {
        throw new WebMessageException(WebMessageUtils.conflict("Max number of dashboard items reached: " + MAX_ITEMS));
    } else {
        response.addHeader("Location", DashboardItemSchemaDescriptor.API_ENDPOINT + "/" + item.getUid());
        webMessageService.send(WebMessageUtils.created("Dashboard item created"), response, request);
    }
}
Also used : WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) Dashboard(org.hisp.dhis.dashboard.Dashboard) DashboardItem(org.hisp.dhis.dashboard.DashboardItem) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 17 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method updateObjectProperty.

@RequestMapping(value = "/{uid}/{property}", method = { RequestMethod.PUT, RequestMethod.PATCH })
public void updateObjectProperty(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @RequestParam Map<String, String> rpParameters, HttpServletRequest request, HttpServletResponse response) throws Exception {
    WebOptions options = new WebOptions(rpParameters);
    List<T> entities = getEntity(pvUid, options);
    if (entities.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    if (!getSchema().haveProperty(pvProperty)) {
        throw new WebMessageException(WebMessageUtils.notFound("Property " + pvProperty + " does not exist on " + getEntityName()));
    }
    Property property = getSchema().getProperty(pvProperty);
    T persistedObject = entities.get(0);
    if (!aclService.canUpdate(currentUserService.getCurrentUser(), persistedObject)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    if (!property.isWritable()) {
        throw new UpdateAccessDeniedException("This property is read-only.");
    }
    T object = deserialize(request);
    if (object == null) {
        throw new WebMessageException(WebMessageUtils.badRequest("Unknown payload format."));
    }
    Object value = property.getGetterMethod().invoke(object);
    property.getSetterMethod().invoke(persistedObject, value);
    manager.update(persistedObject);
    postPatchEntity(persistedObject);
}
Also used : WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) WebOptions(org.hisp.dhis.webapi.webdomain.WebOptions) Property(org.hisp.dhis.schema.Property) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 18 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class AbstractCrudController method putXmlObject.

@RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { MediaType.APPLICATION_XML_VALUE, MediaType.TEXT_XML_VALUE })
public void putXmlObject(@PathVariable("uid") String pvUid, HttpServletRequest request, HttpServletResponse response) throws Exception {
    List<T> objects = getEntity(pvUid);
    if (objects.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.notFound(getEntityClass(), pvUid));
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(user, objects.get(0))) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    T parsed = deserializeXmlEntity(request, response);
    ((BaseIdentifiableObject) parsed).setUid(pvUid);
    preUpdateEntity(objects.get(0), parsed);
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap()).setImportReportMode(ImportReportMode.FULL).setUser(user).setImportStrategy(ImportStrategy.UPDATE).addObject(parsed);
    ImportReport importReport = importService.importMetadata(params);
    WebMessage webMessage = WebMessageUtils.objectReport(importReport);
    if (importReport.getStatus() == Status.OK) {
        T entity = manager.get(getEntityClass(), pvUid);
        postUpdateEntity(entity);
    } else {
        webMessage.setStatus(Status.ERROR);
    }
    webMessageService.send(webMessage, response, request);
}
Also used : User(org.hisp.dhis.user.User) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) WebMessage(org.hisp.dhis.dxf2.webmessage.WebMessage) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 19 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class UserRoleController method addUserToRole.

@RequestMapping(value = "/{id}/users/{userId}", method = { RequestMethod.POST, RequestMethod.PUT })
@ResponseStatus(HttpStatus.NO_CONTENT)
public void addUserToRole(@PathVariable(value = "id") String pvId, @PathVariable("userId") String pvUserId, HttpServletResponse response) throws WebMessageException {
    UserAuthorityGroup userAuthorityGroup = userService.getUserAuthorityGroup(pvId);
    if (userAuthorityGroup == null) {
        throw new WebMessageException(WebMessageUtils.notFound("UserRole does not exist: " + pvId));
    }
    User user = userService.getUser(pvUserId);
    if (user == null) {
        throw new WebMessageException(WebMessageUtils.notFound("User does not exist: " + pvId));
    }
    if (!aclService.canUpdate(currentUserService.getCurrentUser(), userAuthorityGroup)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
    }
    if (!user.getUserCredentials().getUserAuthorityGroups().contains(userAuthorityGroup)) {
        user.getUserCredentials().getUserAuthorityGroups().add(userAuthorityGroup);
        userService.updateUserCredentials(user.getUserCredentials());
    }
}
Also used : User(org.hisp.dhis.user.User) UserAuthorityGroup(org.hisp.dhis.user.UserAuthorityGroup) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 20 with UpdateAccessDeniedException

use of org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException in project dhis2-core by dhis2.

the class UserController method putJsonObject.

@Override
@RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json")
public void putJsonObject(@PathVariable("uid") String pvUid, HttpServletRequest request, HttpServletResponse response) throws Exception {
    List<User> users = getEntity(pvUid, NO_WEB_OPTIONS);
    if (users.isEmpty()) {
        throw new WebMessageException(WebMessageUtils.conflict(getEntityName() + " does not exist: " + pvUid));
    }
    User currentUser = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(currentUser, users.get(0))) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this user.");
    }
    User parsed = renderService.fromJson(request.getInputStream(), getEntityClass());
    parsed.setUid(pvUid);
    if (!userService.canAddOrUpdateUser(IdentifiableObjectUtils.getUids(parsed.getGroups()), currentUser)) {
        throw new WebMessageException(WebMessageUtils.conflict("You must have permissions to create user, or ability to manage at least one user group for the user."));
    }
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap());
    params.setImportReportMode(ImportReportMode.FULL);
    params.setImportStrategy(ImportStrategy.UPDATE);
    params.addObject(parsed);
    ImportReport importReport = importService.importMetadata(params);
    if (importReport.getStatus() == Status.OK && importReport.getStats().getUpdated() == 1) {
        User user = userService.getUser(pvUid);
        userGroupService.updateUserGroups(user, IdentifiableObjectUtils.getUids(parsed.getGroups()), currentUser);
    }
    renderService.toJson(response.getOutputStream(), importReport);
}
Also used : User(org.hisp.dhis.user.User) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

UpdateAccessDeniedException (org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException)25 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)21 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)17 User (org.hisp.dhis.user.User)14 Dashboard (org.hisp.dhis.dashboard.Dashboard)7 RootNode (org.hisp.dhis.node.types.RootNode)7 SimpleNode (org.hisp.dhis.node.types.SimpleNode)7 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)6 BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)5 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)5 DashboardItem (org.hisp.dhis.dashboard.DashboardItem)5 CollectionNode (org.hisp.dhis.node.types.CollectionNode)5 MetadataImportParams (org.hisp.dhis.dxf2.metadata.MetadataImportParams)4 ImportReport (org.hisp.dhis.dxf2.metadata.feedback.ImportReport)4 Property (org.hisp.dhis.schema.Property)4 WebMessage (org.hisp.dhis.dxf2.webmessage.WebMessage)3 Schema (org.hisp.dhis.schema.Schema)3 MessageConversation (org.hisp.dhis.webapi.webdomain.MessageConversation)3 WebOptions (org.hisp.dhis.webapi.webdomain.WebOptions)3 InvocationTargetException (java.lang.reflect.InvocationTargetException)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial