Search in sources :

Example 41 with Program

use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.

the class DefaultTrackerAccessManager method canUpdate.

@Override
public List<String> canUpdate(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
    List<String> errors = new ArrayList<>();
    // always allow if user == null (internal process) or user is superuser
    if (user == null || user.isSuper() || programInstance == null) {
        return errors;
    }
    Program program = programInstance.getProgram();
    if (!aclService.canDataWrite(user, program)) {
        errors.add("User has no data write access to program: " + program.getUid());
    }
    if (!program.isWithoutRegistration()) {
        if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
            errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
        }
        if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
            errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
        }
    } else {
        OrganisationUnit ou = programInstance.getOrganisationUnit();
        if (ou != null) {
            if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
                errors.add("User has no write access to organisation unit: " + ou.getUid());
            }
        }
    }
    return errors;
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) Program(org.hisp.dhis.program.Program) ArrayList(java.util.ArrayList)

Example 42 with Program

use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.

the class DefaultTrackerAccessManager method canCreate.

@Override
public List<String> canCreate(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
    List<String> errors = new ArrayList<>();
    // always allow if user == null (internal process) or user is superuser
    if (user == null || user.isSuper() || programInstance == null) {
        return errors;
    }
    Program program = programInstance.getProgram();
    OrganisationUnit ou = programInstance.getOrganisationUnit();
    if (ou != null) {
        if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
            errors.add("User has no create access to organisation unit: " + ou.getUid());
        }
    }
    if (!aclService.canDataWrite(user, program)) {
        errors.add("User has no data write access to program: " + program.getUid());
    }
    if (!program.isWithoutRegistration()) {
        if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
            errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
        }
        if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
            errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
        }
    }
    return errors;
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) Program(org.hisp.dhis.program.Program) ArrayList(java.util.ArrayList)

Example 43 with Program

use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.

the class DefaultTrackerAccessManager method canDelete.

@Override
public List<String> canDelete(User user, ProgramStageInstance programStageInstance, boolean skipOwnershipCheck) {
    List<String> errors = new ArrayList<>();
    // always allow if user == null (internal process) or user is superuser
    if (user == null || user.isSuper() || programStageInstance == null) {
        return errors;
    }
    ProgramStage programStage = programStageInstance.getProgramStage();
    if (isNull(programStage)) {
        return errors;
    }
    Program program = programStage.getProgram();
    if (program.isWithoutRegistration()) {
        OrganisationUnit ou = programStageInstance.getOrganisationUnit();
        if (ou != null) {
            if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
                errors.add("User has no delete access to organisation unit: " + ou.getUid());
            }
        }
        if (!aclService.canDataWrite(user, program)) {
            errors.add("User has no data write access to program: " + program.getUid());
        }
    } else {
        if (!aclService.canDataWrite(user, programStage)) {
            errors.add("User has no data write access to program stage: " + programStage.getUid());
        }
        if (!aclService.canDataRead(user, program)) {
            errors.add("User has no data read access to program: " + program.getUid());
        }
        if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
            errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
        }
        if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programStageInstance.getProgramInstance().getEntityInstance(), program)) {
            errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
        }
    }
    errors.addAll(canWrite(user, programStageInstance.getAttributeOptionCombo()));
    return errors;
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) Program(org.hisp.dhis.program.Program) ArrayList(java.util.ArrayList) ProgramStage(org.hisp.dhis.program.ProgramStage)

Example 44 with Program

use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.

the class DefaultTrackerAccessManager method canRead.

@Override
public List<String> canRead(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
    List<String> errors = new ArrayList<>();
    // always allow if user == null (internal process) or user is superuser
    if (user == null || user.isSuper() || programInstance == null) {
        return errors;
    }
    Program program = programInstance.getProgram();
    if (!aclService.canDataRead(user, program)) {
        errors.add("User has no data read access to program: " + program.getUid());
    }
    if (!program.isWithoutRegistration()) {
        if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
            errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
        }
        if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
            errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
        }
    } else // this branch will only happen if coming from /events
    {
        OrganisationUnit ou = programInstance.getOrganisationUnit();
        if (!canAccess(user, program, ou)) {
            errors.add("User has no read access to organisation unit: " + ou.getUid());
        }
    }
    return errors;
}
Also used : OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit) Program(org.hisp.dhis.program.Program) ArrayList(java.util.ArrayList)

Example 45 with Program

use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.

the class HibernateTrackedEntityAttributeStore method getTrackedEntityAttributesByProgram.

@Override
@SuppressWarnings({ "unchecked", "rawtypes" })
public Map<Program, Set<TrackedEntityAttribute>> getTrackedEntityAttributesByProgram() {
    Map<Program, Set<TrackedEntityAttribute>> result = new HashMap<>();
    Query query = sessionFactory.getCurrentSession().createQuery("select p.programAttributes from Program p");
    List<ProgramTrackedEntityAttribute> programTrackedEntityAttributes = query.list();
    for (ProgramTrackedEntityAttribute programTrackedEntityAttribute : programTrackedEntityAttributes) {
        if (!result.containsKey(programTrackedEntityAttribute.getProgram())) {
            result.put(programTrackedEntityAttribute.getProgram(), Sets.newHashSet(programTrackedEntityAttribute.getAttribute()));
        } else {
            result.get(programTrackedEntityAttribute.getProgram()).add(programTrackedEntityAttribute.getAttribute());
        }
    }
    return result;
}
Also used : Program(org.hisp.dhis.program.Program) HashSet(java.util.HashSet) Set(java.util.Set) Query(org.hibernate.query.Query) HashMap(java.util.HashMap) ProgramTrackedEntityAttribute(org.hisp.dhis.program.ProgramTrackedEntityAttribute)

Aggregations

Program (org.hisp.dhis.program.Program)344 Test (org.junit.jupiter.api.Test)160 OrganisationUnit (org.hisp.dhis.organisationunit.OrganisationUnit)123 ProgramStage (org.hisp.dhis.program.ProgramStage)109 ProgramInstance (org.hisp.dhis.program.ProgramInstance)79 TrackedEntityInstance (org.hisp.dhis.trackedentity.TrackedEntityInstance)68 Date (java.util.Date)47 Collectors (java.util.stream.Collectors)44 User (org.hisp.dhis.user.User)44 CategoryOptionCombo (org.hisp.dhis.category.CategoryOptionCombo)42 TrackedEntityType (org.hisp.dhis.trackedentity.TrackedEntityType)42 BeforeEach (org.junit.jupiter.api.BeforeEach)42 TrackedEntityAttribute (org.hisp.dhis.trackedentity.TrackedEntityAttribute)41 ValidationErrorReporter (org.hisp.dhis.tracker.report.ValidationErrorReporter)41 DhisConvenienceTest (org.hisp.dhis.DhisConvenienceTest)40 DhisConvenienceTest.createProgram (org.hisp.dhis.DhisConvenienceTest.createProgram)39 CategoryCombo (org.hisp.dhis.category.CategoryCombo)39 DataElement (org.hisp.dhis.dataelement.DataElement)39 Event (org.hisp.dhis.tracker.domain.Event)38 Enrollment (org.hisp.dhis.tracker.domain.Enrollment)37