use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserController method updateUserGroups.
protected void updateUserGroups(String pvUid, User parsed, User currentUser) {
User user = userService.getUser(pvUid);
// TODO: what is this doing? I don't understand how this is possible.
if (currentUser != null && currentUser.getId() == user.getId()) {
currentUser = currentUserService.getCurrentUser();
}
List<String> uids = getUids(parsed.getGroups());
userGroupService.updateUserGroups(user, uids, currentUser);
}
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class UserRoleController method addUserToRole.
@RequestMapping(value = "/{id}/users/{userId}", method = { RequestMethod.POST, RequestMethod.PUT })
@ResponseStatus(HttpStatus.NO_CONTENT)
public void addUserToRole(@PathVariable(value = "id") String pvId, @PathVariable("userId") String pvUserId, @CurrentUser User currentUser, HttpServletResponse response) throws WebMessageException {
UserAuthorityGroup userAuthorityGroup = userService.getUserAuthorityGroup(pvId);
if (userAuthorityGroup == null) {
throw new WebMessageException(notFound("UserRole does not exist: " + pvId));
}
User user = userService.getUser(pvUserId);
if (user == null) {
throw new WebMessageException(notFound("User does not exist: " + pvId));
}
if (!aclService.canUpdate(currentUser, userAuthorityGroup)) {
throw new UpdateAccessDeniedException("You don't have the proper permissions to update this object.");
}
if (!user.getUserAuthorityGroups().contains(userAuthorityGroup)) {
user.getUserAuthorityGroups().add(userAuthorityGroup);
userService.updateUser(user);
}
}
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class AbstractFullReadOnlyController method getObjectListCsv.
@GetMapping(produces = "application/csv")
public void getObjectListCsv(@RequestParam Map<String, String> rpParameters, OrderParams orderParams, @CurrentUser User currentUser, @RequestParam(defaultValue = ",") char separator, @RequestParam(defaultValue = "false") boolean skipHeader, HttpServletResponse response) throws IOException {
List<Order> orders = orderParams.getOrders(getSchema());
List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
List<String> filters = Lists.newArrayList(contextService.getParameterValues("filter"));
WebOptions options = new WebOptions(rpParameters);
WebMetadata metadata = new WebMetadata();
if (fields.isEmpty()) {
fields.addAll(Preset.defaultPreset().getFields());
}
// only support metadata
if (!getSchema().isMetadata()) {
throw new HttpClientErrorException(HttpStatus.NOT_FOUND);
}
if (!aclService.canRead(currentUser, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
List<T> entities = getEntityList(metadata, options, filters, orders);
CsvSchema schema;
CsvSchema.Builder schemaBuilder = CsvSchema.builder();
List<Property> properties = new ArrayList<>();
for (String field : fields) {
// then the group[id] part is simply ignored.
for (String splitField : field.split(",")) {
Property property = getSchema().getProperty(splitField);
if (property == null || !property.isSimple()) {
continue;
}
schemaBuilder.addColumn(property.getName());
properties.add(property);
}
}
schema = schemaBuilder.build().withColumnSeparator(separator);
if (!skipHeader) {
schema = schema.withHeader();
}
CsvMapper csvMapper = new CsvMapper();
csvMapper.configure(JsonGenerator.Feature.IGNORE_UNKNOWN, true);
List<Map<String, Object>> csvObjects = entities.stream().map(e -> {
Map<String, Object> map = new HashMap<>();
for (Property property : properties) {
Object value = ReflectionUtils.invokeMethod(e, property.getGetterMethod());
map.put(property.getName(), value);
}
return map;
}).collect(toList());
csvMapper.writer(schema).writeValue(response.getWriter(), csvObjects);
response.flushBuffer();
}
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class AbstractFullReadOnlyController method getCollectionItem.
@GetMapping("/{uid}/{property}/{itemId}")
@ResponseBody
public RootNode getCollectionItem(@PathVariable("uid") String pvUid, @PathVariable("property") String pvProperty, @PathVariable("itemId") String pvItemId, @RequestParam Map<String, String> parameters, TranslateParams translateParams, HttpServletResponse response, @CurrentUser User currentUser) throws Exception {
setUserContext(currentUser, translateParams);
try {
if (!aclService.canRead(currentUser, getEntityClass())) {
throw new ReadAccessDeniedException("You don't have the proper permissions to read objects of this type.");
}
RootNode rootNode = getObjectInternal(pvUid, parameters, Lists.newArrayList(), Lists.newArrayList(pvProperty + "[:all]"), currentUser);
// TODO optimize this using field filter (collection filtering)
if (!rootNode.getChildren().isEmpty() && rootNode.getChildren().get(0).isCollection()) {
rootNode.getChildren().get(0).getChildren().stream().filter(Node::isComplex).forEach(node -> {
node.getChildren().stream().filter(child -> child.isSimple() && child.getName().equals("id") && !((SimpleNode) child).getValue().equals(pvItemId)).forEach(child -> rootNode.getChildren().get(0).removeChild(node));
});
}
if (rootNode.getChildren().isEmpty() || rootNode.getChildren().get(0).getChildren().isEmpty()) {
throw new WebMessageException(notFound(pvProperty + " with ID " + pvItemId + " could not be found."));
}
cachePrivate(response);
return rootNode;
} finally {
UserContext.reset();
}
}
use of org.hisp.dhis.user.CurrentUser in project dhis2-core by dhis2.
the class MessageConversationController method setUserAssigned.
// --------------------------------------------------------------------------
// Assign user
// --------------------------------------------------------------------------
@PostMapping(value = "/{uid}/assign", produces = { MediaType.APPLICATION_JSON_VALUE, MediaType.APPLICATION_XML_VALUE })
@ResponseBody
public RootNode setUserAssigned(@PathVariable String uid, @RequestParam(required = false) String userId, @CurrentUser User currentUser, HttpServletResponse response) {
RootNode responseNode = new RootNode("response");
if (!canModifyUserConversation(currentUser, currentUser) && (messageService.hasAccessToManageFeedbackMessages(currentUser))) {
throw new UpdateAccessDeniedException("Not authorized to modify this object.");
}
org.hisp.dhis.message.MessageConversation messageConversation = messageService.getMessageConversation(uid);
if (messageConversation == null) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
responseNode.addChild(new SimpleNode("message", "No MessageConversation found for the given ID."));
return responseNode;
}
User userToAssign;
if ((userToAssign = userService.getUser(userId)) == null) {
response.setStatus(HttpServletResponse.SC_NOT_FOUND);
responseNode.addChild(new SimpleNode("message", "Could not find user to assign"));
return responseNode;
}
if (messageConversation.getMessageType() == MessageType.TICKET && !configurationService.isUserInFeedbackRecipientUserGroup(userToAssign)) {
response.setStatus(HttpServletResponse.SC_CONFLICT);
responseNode.addChild(new SimpleNode("message", "User provided is not a member of the system's feedback recipient group"));
return responseNode;
}
messageConversation.setAssignee(userToAssign);
messageService.updateMessageConversation(messageConversation);
responseNode.addChild(new SimpleNode("message", "User " + userToAssign.getName() + " was assigned successfully"));
response.setStatus(HttpServletResponse.SC_OK);
return responseNode;
}
Aggregations