Search in sources :

Example 6 with CurrentUser

use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.

the class UserController method resetToInvite.

@PostMapping("/{id}/reset")
@ResponseStatus(HttpStatus.NO_CONTENT)
public void resetToInvite(@PathVariable String id, HttpServletRequest request) throws Exception {
    User user = userService.getUser(id);
    if (user == null) {
        throw NotFoundException.notFoundUid(id);
    }
    String valid = securityService.validateRestore(user);
    if (valid != null) {
        throw new WebMessageException(conflict(valid));
    }
    User currentUser = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(currentUser, user)) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this user.");
    }
    if (!userService.canAddOrUpdateUser(getUids(user.getGroups()), currentUser)) {
        throw new UpdateAccessDeniedException("You must have permissions manage at least one user group for the user.");
    }
    securityService.prepareUserForInvite(user);
    securityService.sendRestoreOrInviteMessage(user, ContextUtils.getContextPath(request), RestoreOptions.RECOVER_PASSWORD_OPTION);
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) PostMapping(org.springframework.web.bind.annotation.PostMapping) ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus)

Example 7 with CurrentUser

use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.

the class UserController method updateUser.

protected ImportReport updateUser(String userUid, User parsedUserObject) throws WebMessageException {
    List<User> users = getEntity(userUid, NO_WEB_OPTIONS);
    if (users.isEmpty()) {
        throw new WebMessageException(conflict(getEntityName() + " does not exist: " + userUid));
    }
    User currentUser = currentUserService.getCurrentUser();
    if (!aclService.canUpdate(currentUser, users.get(0))) {
        throw new UpdateAccessDeniedException("You don't have the proper permissions to update this user.");
    }
    // force initialization of all authorities of current user in order to
    // prevent cases where user must be reloaded later
    // (in case it gets detached)
    currentUser.getAllAuthorities();
    parsedUserObject.setId(users.get(0).getId());
    parsedUserObject.setUid(userUid);
    mergeLastLoginAttribute(users.get(0), parsedUserObject);
    boolean isPasswordChangeAttempt = parsedUserObject.getPassword() != null;
    List<String> groupsUids = getUids(parsedUserObject.getGroups());
    if (!userService.canAddOrUpdateUser(groupsUids, currentUser) || !currentUser.canModifyUser(users.get(0))) {
        throw new WebMessageException(conflict("You must have permissions to create user, " + "or ability to manage at least one user group for the user."));
    }
    MetadataImportParams params = importService.getParamsFromMap(contextService.getParameterValuesMap());
    params.setImportReportMode(ImportReportMode.FULL);
    params.setImportStrategy(ImportStrategy.UPDATE);
    params.addObject(parsedUserObject);
    ImportReport importReport = importService.importMetadata(params);
    if (importReport.getStatus() == Status.OK && importReport.getStats().getUpdated() == 1) {
        updateUserGroups(userUid, parsedUserObject, currentUser);
        // same. i.e. no before & after equals pw check
        if (isPasswordChangeAttempt) {
            userService.expireActiveSessions(parsedUserObject);
        }
    }
    return importReport;
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User) MetadataImportParams(org.hisp.dhis.dxf2.metadata.MetadataImportParams) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) UpdateAccessDeniedException(org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException) ImportReport(org.hisp.dhis.dxf2.metadata.feedback.ImportReport)

Example 8 with CurrentUser

use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.

the class UserController method replicateUser.

@SuppressWarnings("unchecked")
@PreAuthorize("hasRole('ALL') or hasRole('F_REPLICATE_USER')")
@PostMapping("/{uid}/replica")
@ResponseBody
public WebMessage replicateUser(@PathVariable String uid, HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
    User existingUser = userService.getUser(uid);
    if (existingUser == null) {
        return conflict("User not found: " + uid);
    }
    User currentUser = currentUserService.getCurrentUser();
    validateCreateUser(existingUser, currentUser);
    Map<String, String> auth = renderService.fromJson(request.getInputStream(), Map.class);
    String username = StringUtils.trimToNull(auth != null ? auth.get(KEY_USERNAME) : null);
    String password = StringUtils.trimToNull(auth != null ? auth.get(KEY_PASSWORD) : null);
    if (auth == null || username == null) {
        return conflict("Username must be specified");
    }
    if (userService.getUserByUsername(username) != null) {
        return conflict("Username already taken: " + username);
    }
    if (password == null) {
        return conflict("Password must be specified");
    }
    if (!ValidationUtils.passwordIsValid(password)) {
        return conflict("Password must have at least 8 characters, one digit, one uppercase");
    }
    User userReplica = new User();
    mergeService.merge(new MergeParams<>(existingUser, userReplica).setMergeMode(MergeMode.MERGE));
    copyAttributeValues(userReplica);
    userReplica.setId(0);
    userReplica.setUuid(UUID.randomUUID());
    userReplica.setUid(CodeGenerator.generateUid());
    userReplica.setCode(null);
    userReplica.setCreated(new Date());
    userReplica.setLdapId(null);
    userReplica.setOpenId(null);
    userReplica.setUsername(username);
    userService.encodeAndSetPassword(userReplica, password);
    userService.addUser(userReplica);
    userGroupService.addUserToGroups(userReplica, getUids(existingUser.getGroups()), currentUser);
    // ---------------------------------------------------------------------
    // Replicate user settings
    // ---------------------------------------------------------------------
    List<UserSetting> settings = userSettingService.getUserSettings(existingUser);
    for (UserSetting setting : settings) {
        Optional<UserSettingKey> key = UserSettingKey.getByName(setting.getName());
        key.ifPresent(userSettingKey -> userSettingService.saveUserSetting(userSettingKey, setting.getValue(), userReplica));
    }
    return created("User replica created").setLocation(UserSchemaDescriptor.API_ENDPOINT + "/" + userReplica.getUid());
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User) MergeParams(org.hisp.dhis.schema.MergeParams) UserSettingKey(org.hisp.dhis.user.UserSettingKey) Date(java.util.Date) UserSetting(org.hisp.dhis.user.UserSetting) PostMapping(org.springframework.web.bind.annotation.PostMapping) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 9 with CurrentUser

use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.

the class UserController method postInvite.

private WebMessage postInvite(HttpServletRequest request, User user) throws WebMessageException {
    User currentUser = currentUserService.getCurrentUser();
    validateInviteUser(user, currentUser);
    return postObject(inviteUser(user, currentUser, request));
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User)

Example 10 with CurrentUser

use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.

the class UserController method postObject.

private WebMessage postObject(User user) throws WebMessageException {
    populateUserCredentialsDtoFields(user);
    User currentUser = currentUserService.getCurrentUser();
    validateCreateUser(user, currentUser);
    return postObject(getObjectReport(createUser(user, currentUser)));
}
Also used : CurrentUser(org.hisp.dhis.user.CurrentUser) User(org.hisp.dhis.user.User)

Aggregations

CurrentUser (org.hisp.dhis.user.CurrentUser)21 User (org.hisp.dhis.user.User)21 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)9 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)8 CollectionNode (org.hisp.dhis.node.types.CollectionNode)8 RootNode (org.hisp.dhis.node.types.RootNode)8 SimpleNode (org.hisp.dhis.node.types.SimpleNode)8 UpdateAccessDeniedException (org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException)7 ArrayList (java.util.ArrayList)3 List (java.util.List)3 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3 PostMapping (org.springframework.web.bind.annotation.PostMapping)3 JsonGenerator (com.fasterxml.jackson.core.JsonGenerator)2 CsvMapper (com.fasterxml.jackson.dataformat.csv.CsvMapper)2 CsvSchema (com.fasterxml.jackson.dataformat.csv.CsvSchema)2 Enums (com.google.common.base.Enums)2 Joiner (com.google.common.base.Joiner)2 Optional (com.google.common.base.Optional)2 Lists (com.google.common.collect.Lists)2 IOException (java.io.IOException)2