use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.
the class DefaultTrackerAccessManager method canUpdate.
@Override
public List<String> canUpdate(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
List<String> errors = new ArrayList<>();
// always allow if user == null (internal process) or user is superuser
if (user == null || user.isSuper() || programInstance == null) {
return errors;
}
Program program = programInstance.getProgram();
if (!aclService.canDataWrite(user, program)) {
errors.add("User has no data write access to program: " + program.getUid());
}
if (!program.isWithoutRegistration()) {
if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
}
if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
}
} else {
OrganisationUnit ou = programInstance.getOrganisationUnit();
if (ou != null) {
if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
errors.add("User has no write access to organisation unit: " + ou.getUid());
}
}
}
return errors;
}
use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.
the class DefaultTrackerAccessManager method canCreate.
@Override
public List<String> canCreate(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
List<String> errors = new ArrayList<>();
// always allow if user == null (internal process) or user is superuser
if (user == null || user.isSuper() || programInstance == null) {
return errors;
}
Program program = programInstance.getProgram();
OrganisationUnit ou = programInstance.getOrganisationUnit();
if (ou != null) {
if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
errors.add("User has no create access to organisation unit: " + ou.getUid());
}
}
if (!aclService.canDataWrite(user, program)) {
errors.add("User has no data write access to program: " + program.getUid());
}
if (!program.isWithoutRegistration()) {
if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
}
if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
}
}
return errors;
}
use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.
the class DefaultTrackerAccessManager method canDelete.
@Override
public List<String> canDelete(User user, ProgramStageInstance programStageInstance, boolean skipOwnershipCheck) {
List<String> errors = new ArrayList<>();
// always allow if user == null (internal process) or user is superuser
if (user == null || user.isSuper() || programStageInstance == null) {
return errors;
}
ProgramStage programStage = programStageInstance.getProgramStage();
if (isNull(programStage)) {
return errors;
}
Program program = programStage.getProgram();
if (program.isWithoutRegistration()) {
OrganisationUnit ou = programStageInstance.getOrganisationUnit();
if (ou != null) {
if (!organisationUnitService.isInUserHierarchyCached(user, ou)) {
errors.add("User has no delete access to organisation unit: " + ou.getUid());
}
}
if (!aclService.canDataWrite(user, program)) {
errors.add("User has no data write access to program: " + program.getUid());
}
} else {
if (!aclService.canDataWrite(user, programStage)) {
errors.add("User has no data write access to program stage: " + programStage.getUid());
}
if (!aclService.canDataRead(user, program)) {
errors.add("User has no data read access to program: " + program.getUid());
}
if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
}
if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programStageInstance.getProgramInstance().getEntityInstance(), program)) {
errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
}
}
errors.addAll(canWrite(user, programStageInstance.getAttributeOptionCombo()));
return errors;
}
use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.
the class DefaultTrackerAccessManager method canRead.
@Override
public List<String> canRead(User user, ProgramInstance programInstance, boolean skipOwnershipCheck) {
List<String> errors = new ArrayList<>();
// always allow if user == null (internal process) or user is superuser
if (user == null || user.isSuper() || programInstance == null) {
return errors;
}
Program program = programInstance.getProgram();
if (!aclService.canDataRead(user, program)) {
errors.add("User has no data read access to program: " + program.getUid());
}
if (!program.isWithoutRegistration()) {
if (!aclService.canDataRead(user, program.getTrackedEntityType())) {
errors.add("User has no data read access to tracked entity type: " + program.getTrackedEntityType().getUid());
}
if (!skipOwnershipCheck && !ownershipAccessManager.hasAccess(user, programInstance.getEntityInstance(), program)) {
errors.add(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED);
}
} else // this branch will only happen if coming from /events
{
OrganisationUnit ou = programInstance.getOrganisationUnit();
if (!canAccess(user, program, ou)) {
errors.add("User has no read access to organisation unit: " + ou.getUid());
}
}
return errors;
}
use of org.hisp.dhis.program.Program in project dhis2-core by dhis2.
the class HibernateTrackedEntityAttributeStore method getTrackedEntityAttributesByProgram.
@Override
@SuppressWarnings({ "unchecked", "rawtypes" })
public Map<Program, Set<TrackedEntityAttribute>> getTrackedEntityAttributesByProgram() {
Map<Program, Set<TrackedEntityAttribute>> result = new HashMap<>();
Query query = sessionFactory.getCurrentSession().createQuery("select p.programAttributes from Program p");
List<ProgramTrackedEntityAttribute> programTrackedEntityAttributes = query.list();
for (ProgramTrackedEntityAttribute programTrackedEntityAttribute : programTrackedEntityAttributes) {
if (!result.containsKey(programTrackedEntityAttribute.getProgram())) {
result.put(programTrackedEntityAttribute.getProgram(), Sets.newHashSet(programTrackedEntityAttribute.getAttribute()));
} else {
result.get(programTrackedEntityAttribute.getProgram()).add(programTrackedEntityAttribute.getAttribute());
}
}
return result;
}
Aggregations