Example 6 with CurrentUser
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method resetToInvite.
@PostMapping("/{id}/reset")
@ResponseStatus(HttpStatus.NO_CONTENT)
public void resetToInvite(@PathVariable String id, HttpServletRequest request) throws Exception {
User user = userService.getUser(id);
if (user == null) {
throw NotFoundException.notFoundUid(id);
}
String valid = securityService.validateRestore(user);
if (valid != null) {
throw new WebMessageException(conflict(valid));
}
User currentUser = currentUserService.getCurrentUser();
if (!aclService.canUpdate(currentUser, user)) {
throw new UpdateAccessDeniedException("You don't have the proper permissions to update this user.");
}
if (!userService.canAddOrUpdateUser(getUids(user.getGroups()), currentUser)) {
throw new UpdateAccessDeniedException("You must have permissions manage at least one user group for the user.");
}
securityService.prepareUserForInvite(user);
securityService.sendRestoreOrInviteMessage(user, ContextUtils.getContextPath(request), RestoreOptions.RECOVER_PASSWORD_OPTION);
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus)
Example 7 with CurrentUser
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method updateUser.
protected ImportReport updateUser(String userUid, User parsedUserObject) throws WebMessageException {
List<User> users = getEntity(userUid, NO_WEB_OPTIONS);
if (users.isEmpty()) {
throw new WebMessageException(conflict(getEntityName() + " does not exist: " + userUid));
}
User currentUser = currentUserService.getCurrentUser();
if (!aclService.canUpdate(currentUser, users.get(0))) {
throw new UpdateAccessDeniedException("You don't have the proper permissions to update this user.");
}
// force initialization of all authorities of current user in order to
// prevent cases where user must be reloaded later
// (in case it gets detached)
currentUser.getAllAuthorities();
parsedUserObject.setId(users.get(0).getId());
parsedUserObject.setUid(userUid);
mergeLastLoginAttribute(users.get(0), parsedUserObject);
boolean isPasswordChangeAttempt = parsedUserObject.getPassword() != null;
List<String> groupsUids = getUids(parsedUserObject.getGroups());
if (!userService.canAddOrUpdateUser(groupsUids, currentUser) || !currentUser.canModifyUser(users.get(0))) {
throw new WebMessageException(conflict("You must have permissions to create user, " + "or ability to manage at least one user group for the user."));
}
MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap());
params.setImportReportMode(ImportReportMode.FULL);
params.setImportStrategy(ImportStrategy.UPDATE);
params.addObject(parsedUserObject);
ImportReport importReport = importService.importMetadata(params);
if (importReport.getStatus() == Status.OK && importReport.getStats().getUpdated() == 1) {
updateUserGroups(userUid, parsedUserObject, currentUser);
// same. i.e. no before & after equals pw check
if (isPasswordChangeAttempt) {
userService.expireActiveSessions(parsedUserObject);
}
}
return importReport;
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException)
ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport)
Example 8 with CurrentUser
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method replicateUser.
@SuppressWarnings("unchecked")
@PreAuthorize("hasRole('ALL') or hasRole('F_REPLICATE_USER')")
@PostMapping("/{uid}/replica")
@ResponseBody
public WebMessage replicateUser(@PathVariable String uid, HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
User existingUser = userService.getUser(uid);
if (existingUser == null) {
return conflict("User not found: " + uid);
}
User currentUser = currentUserService.getCurrentUser();
validateCreateUser(existingUser, currentUser);
Map<String, String> auth = renderService.fromJson(request.getInputStream(), Map.class);
String username = StringUtils.trimToNull(auth != null ? auth.get(KEY_USERNAME) : null);
String password = StringUtils.trimToNull(auth != null ? auth.get(KEY_PASSWORD) : null);
if (auth == null || username == null) {
return conflict("Username must be specified");
}
if (userService.getUserByUsername(username) != null) {
return conflict("Username already taken: " + username);
}
if (password == null) {
return conflict("Password must be specified");
}
if (!ValidationUtils.passwordIsValid(password)) {
return conflict("Password must have at least 8 characters, one digit, one uppercase");
}
User userReplica = new User();
mergeService.merge(new MergeParams<>(existingUser, userReplica).setMergeMode(MergeMode.MERGE));
copyAttributeValues(userReplica);
userReplica.setId(0);
userReplica.setUuid(UUID.randomUUID());
userReplica.setUid(CodeGenerator.generateUid());
userReplica.setCode(null);
userReplica.setCreated(new Date());
userReplica.setLdapId(null);
userReplica.setOpenId(null);
userReplica.setUsername(username);
userService.encodeAndSetPassword(userReplica, password);
userService.addUser(userReplica);
userGroupService.addUserToGroups(userReplica, getUids(existingUser.getGroups()), currentUser);
// ---------------------------------------------------------------------
// Replicate user settings
// ---------------------------------------------------------------------
List<UserSetting> settings = userSettingService.getUserSettings(existingUser);
for (UserSetting setting : settings) {
Optional<UserSettingKey> key = UserSettingKey.getByName(setting.getName());
key.ifPresent(userSettingKey -> userSettingService.saveUserSetting(userSettingKey, setting.getValue(), userReplica));
}
return created("User replica created").setLocation(UserSchemaDescriptor.API_ENDPOINT + "/" + userReplica.getUid());
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
MergeParams(org.hisp.dhis.schema.MergeParams)
UserSettingKey(org.hisp.dhis.user.UserSettingKey)
Date(java.util.Date)
UserSetting(org.hisp.dhis.user.UserSetting)
PostMapping(org.springframework.web.bind.annotation.PostMapping)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
ResponseBody(org.springframework.web.bind.annotation.ResponseBody)
Example 9 with CurrentUser
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method postInvite.
private WebMessage postInvite(HttpServletRequest request, User user) throws WebMessageException {
User currentUser = currentUserService.getCurrentUser();
validateInviteUser(user, currentUser);
return postObject(inviteUser(user, currentUser, request));
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
Example 10 with CurrentUser
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method postObject.
private WebMessage postObject(User user) throws WebMessageException {
populateUserCredentialsDtoFields(user);
User currentUser = currentUserService.getCurrentUser();
validateCreateUser(user, currentUser);
return postObject(getObjectReport(createUser(user, currentUser)));
}
Also used :
CurrentUser(org.hisp.dhis.user.CurrentUser)
User(org.hisp.dhis.user.User)
Aggregations
CurrentUser (org.hisp.dhis.user.CurrentUser)21
User (org.hisp.dhis.user.User)21
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)9
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)8
CollectionNode (org.hisp.dhis.node.types.CollectionNode)8
RootNode (org.hisp.dhis.node.types.RootNode)8
SimpleNode (org.hisp.dhis.node.types.SimpleNode)8
UpdateAccessDeniedException (org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException)7
ArrayList (java.util.ArrayList)3
List (java.util.List)3
IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3
PostMapping (org.springframework.web.bind.annotation.PostMapping)3
JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)2
CsvMapper (com.fasterxml.jackson.dataformat.csv.CsvMapper)2
CsvSchema (com.fasterxml.jackson.dataformat.csv.CsvSchema)2
Enums (com.google.common.base.Enums)2
Joiner (com.google.common.base.Joiner)2
Optional (com.google.common.base.Optional)2
Lists (com.google.common.collect.Lists)2
IOException (java.io.IOException)2
