Search in sources :

Example 1 with UserGroupAccess

use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.

the class SharingController method setSharing.

@RequestMapping(method = { RequestMethod.POST, RequestMethod.PUT }, consumes = MediaType.APPLICATION_JSON_VALUE)
public void setSharing(@RequestParam String type, @RequestParam String id, HttpServletResponse response, HttpServletRequest request) throws IOException, WebMessageException {
    Class<? extends IdentifiableObject> sharingClass = aclService.classForType(type);
    if (sharingClass == null || !aclService.isShareable(sharingClass)) {
        throw new WebMessageException(WebMessageUtils.conflict("Type " + type + " is not supported."));
    }
    BaseIdentifiableObject object = (BaseIdentifiableObject) manager.get(sharingClass, id);
    if (object == null) {
        throw new WebMessageException(WebMessageUtils.notFound("Object of type " + type + " with ID " + id + " was not found."));
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canManage(user, object)) {
        throw new AccessDeniedException("You do not have manage access to this object.");
    }
    Sharing sharing = renderService.fromJson(request.getInputStream(), Sharing.class);
    if (!AccessStringHelper.isValid(sharing.getObject().getPublicAccess())) {
        throw new WebMessageException(WebMessageUtils.conflict("Invalid public access string: " + sharing.getObject().getPublicAccess()));
    }
    if (aclService.canMakeExternal(user, object.getClass())) {
        object.setExternalAccess(sharing.getObject().hasExternalAccess());
    }
    if (aclService.canMakePublic(user, object.getClass())) {
        object.setPublicAccess(sharing.getObject().getPublicAccess());
    }
    if (object.getUser() == null) {
        object.setUser(user);
    }
    Iterator<UserGroupAccess> userGroupAccessIterator = object.getUserGroupAccesses().iterator();
    while (userGroupAccessIterator.hasNext()) {
        UserGroupAccess userGroupAccess = userGroupAccessIterator.next();
        userGroupAccessIterator.remove();
        userGroupAccessService.deleteUserGroupAccess(userGroupAccess);
    }
    for (SharingUserGroupAccess sharingUserGroupAccess : sharing.getObject().getUserGroupAccesses()) {
        UserGroupAccess userGroupAccess = new UserGroupAccess();
        if (!AccessStringHelper.isValid(sharingUserGroupAccess.getAccess())) {
            throw new WebMessageException(WebMessageUtils.conflict("Invalid user group access string: " + sharingUserGroupAccess.getAccess()));
        }
        userGroupAccess.setAccess(sharingUserGroupAccess.getAccess());
        UserGroup userGroup = manager.get(UserGroup.class, sharingUserGroupAccess.getId());
        if (userGroup != null) {
            userGroupAccess.setUserGroup(userGroup);
            userGroupAccessService.addUserGroupAccess(userGroupAccess);
            object.getUserGroupAccesses().add(userGroupAccess);
        }
    }
    Iterator<UserAccess> userAccessIterator = object.getUserAccesses().iterator();
    while (userAccessIterator.hasNext()) {
        UserAccess userAccess = userAccessIterator.next();
        userAccessIterator.remove();
        userAccessService.deleteUserAccess(userAccess);
    }
    for (SharingUserAccess sharingUserAccess : sharing.getObject().getUserAccesses()) {
        UserAccess userAccess = new UserAccess();
        if (!AccessStringHelper.isValid(sharingUserAccess.getAccess())) {
            throw new WebMessageException(WebMessageUtils.conflict("Invalid user access string: " + sharingUserAccess.getAccess()));
        }
        userAccess.setAccess(sharingUserAccess.getAccess());
        User sharingUser = manager.get(User.class, sharingUserAccess.getId());
        if (sharingUser != null) {
            userAccess.setUser(sharingUser);
            userAccessService.addUserAccess(userAccess);
            object.getUserAccesses().add(userAccess);
        }
    }
    manager.updateNoAcl(object);
    log.info(sharingToString(object));
    webMessageService.send(WebMessageUtils.ok("Access control set"), response, request);
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) UserAccess(org.hisp.dhis.user.UserAccess) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) UserGroup(org.hisp.dhis.user.UserGroup) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with UserGroupAccess

use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.

the class SharingController method getSharing.

// -------------------------------------------------------------------------
// Resources
// -------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public void getSharing(@RequestParam String type, @RequestParam String id, HttpServletResponse response) throws IOException, WebMessageException {
    if (!aclService.isShareable(type)) {
        throw new WebMessageException(WebMessageUtils.conflict("Type " + type + " is not supported."));
    }
    Class<? extends IdentifiableObject> klass = aclService.classForType(type);
    IdentifiableObject object = manager.get(klass, id);
    if (object == null) {
        throw new WebMessageException(WebMessageUtils.notFound("Object of type " + type + " with ID " + id + " was not found."));
    }
    User user = currentUserService.getCurrentUser();
    if (!aclService.canRead(user, object)) {
        throw new AccessDeniedException("You do not have manage access to this object.");
    }
    Sharing sharing = new Sharing();
    sharing.getMeta().setAllowPublicAccess(aclService.canMakePublic(user, object.getClass()));
    sharing.getMeta().setAllowExternalAccess(aclService.canMakeExternal(user, object.getClass()));
    sharing.getObject().setId(object.getUid());
    sharing.getObject().setName(object.getDisplayName());
    sharing.getObject().setDisplayName(object.getDisplayName());
    sharing.getObject().setExternalAccess(object.getExternalAccess());
    if (object.getPublicAccess() == null) {
        String access;
        if (aclService.canMakePublic(user, klass)) {
            access = AccessStringHelper.newInstance().enable(AccessStringHelper.Permission.READ).enable(AccessStringHelper.Permission.WRITE).build();
        } else {
            access = AccessStringHelper.newInstance().build();
        }
        sharing.getObject().setPublicAccess(access);
    } else {
        sharing.getObject().setPublicAccess(object.getPublicAccess());
    }
    if (object.getUser() != null) {
        sharing.getObject().getUser().setId(object.getUser().getUid());
        sharing.getObject().getUser().setName(object.getUser().getDisplayName());
    }
    for (UserGroupAccess userGroupAccess : object.getUserGroupAccesses()) {
        SharingUserGroupAccess sharingUserGroupAccess = new SharingUserGroupAccess();
        sharingUserGroupAccess.setId(userGroupAccess.getUserGroup().getUid());
        sharingUserGroupAccess.setName(userGroupAccess.getUserGroup().getDisplayName());
        sharingUserGroupAccess.setDisplayName(userGroupAccess.getUserGroup().getDisplayName());
        sharingUserGroupAccess.setAccess(userGroupAccess.getAccess());
        sharing.getObject().getUserGroupAccesses().add(sharingUserGroupAccess);
    }
    for (UserAccess userAccess : object.getUserAccesses()) {
        SharingUserAccess sharingUserAccess = new SharingUserAccess();
        sharingUserAccess.setId(userAccess.getUser().getUid());
        sharingUserAccess.setName(userAccess.getUser().getDisplayName());
        sharingUserAccess.setDisplayName(userAccess.getUser().getDisplayName());
        sharingUserAccess.setAccess(userAccess.getAccess());
        sharing.getObject().getUserAccesses().add(sharingUserAccess);
    }
    sharing.getObject().getUserGroupAccesses().sort(SharingUserGroupAccessNameComparator.INSTANCE);
    response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
    renderService.toJson(response.getOutputStream(), sharing);
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(org.hisp.dhis.user.User) WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException) Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) UserAccess(org.hisp.dhis.user.UserAccess) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with UserGroupAccess

use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.

the class DefaultFieldFilterService method buildNode.

private AbstractNode buildNode(FieldMap fieldMap, Class<?> klass, Object object, User user, String nodeName, Defaults defaults) {
    Schema schema = schemaService.getDynamicSchema(klass);
    ComplexNode complexNode = new ComplexNode(nodeName);
    complexNode.setNamespace(schema.getNamespace());
    if (object == null) {
        return new SimpleNode(schema.getName(), null);
    }
    if (shouldExclude(object, defaults)) {
        return null;
    }
    updateFields(fieldMap, schema.getKlass());
    if (fieldMap.containsKey("access") && schema.isIdentifiableObject()) {
        Access access = aclService.getAccess((IdentifiableObject) object, user);
        ((BaseIdentifiableObject) object).setAccess(access);
    }
    if (fieldMap.containsKey("attribute") && AttributeValue.class.isAssignableFrom(object.getClass())) {
        AttributeValue attributeValue = (AttributeValue) object;
        attributeValue.setAttribute(attributeService.getAttribute(attributeValue.getAttribute().getUid()));
    }
    if (UserGroupAccess.class.isAssignableFrom(object.getClass())) {
        UserGroupAccess userGroupAccess = (UserGroupAccess) object;
        userGroupAccess.setDisplayName(userGroupService.getDisplayName(userGroupAccess.getUserGroupUid()));
    }
    if (UserAccess.class.isAssignableFrom(object.getClass())) {
        UserAccess userAccess = (UserAccess) object;
        userAccess.setDisplayName(userService.getDisplayName(userAccess.getUserUid()));
    }
    for (String fieldKey : fieldMap.keySet()) {
        AbstractNode child = null;
        Property property = schema.getProperty(fieldKey);
        FieldMap fieldValue = fieldMap.get(fieldKey);
        if (property == null || !property.isReadable()) {
            // throw new FieldFilterException( fieldKey, schema );
            log.debug("Unknown field property `" + fieldKey + "`, available fields are " + schema.getPropertyMap().keySet());
            continue;
        }
        Object returnValue = ReflectionUtils.invokeMethod(object, property.getGetterMethod());
        Class<?> propertyClass = property.getKlass();
        Schema propertySchema = schemaService.getDynamicSchema(propertyClass);
        if (property.hasPropertyTransformer()) {
            PropertyTransformer propertyTransformer = transformerCache.get(property.getPropertyTransformer().getName(), s -> {
                try {
                    return property.getPropertyTransformer().newInstance();
                } catch (InstantiationException | IllegalAccessException e) {
                    throw new RuntimeException(e);
                }
            });
            if (returnValue != null) {
                returnValue = propertyTransformer.transform(returnValue);
                propertyClass = returnValue.getClass();
                propertySchema = schemaService.getDynamicSchema(propertyClass);
                updateFields(fieldValue, propertyTransformer.getKlass());
            }
        }
        if (returnValue != null && propertySchema.getProperties().isEmpty() && !property.isCollection() && property.getKlass().isInterface() && !property.isIdentifiableObject()) {
            // try to retrieve schema from concrete class
            propertyClass = returnValue.getClass();
            propertySchema = schemaService.getDynamicSchema(propertyClass);
        }
        if (returnValue == null && property.isCollection()) {
            continue;
        }
        if (property.isCollection()) {
            updateFields(fieldValue, property.getItemKlass());
        } else {
            updateFields(fieldValue, propertyClass);
        }
        if (fieldValue.isEmpty()) {
            List<String> fields = Preset.defaultAssociationPreset().getFields();
            if (property.isCollection()) {
                Collection<?> collection = (Collection<?>) returnValue;
                child = new CollectionNode(property.getCollectionName(), collection.size());
                child.setNamespace(property.getNamespace());
                if (property.isIdentifiableObject() && isProperIdObject(property.getItemKlass())) {
                    final boolean mayExclude = collection.isEmpty() || mayExclude(property.getItemKlass(), defaults);
                    for (Object collectionObject : collection) {
                        if (!mayExclude || !shouldExclude(collectionObject, defaults)) {
                            child.addChild(getProperties(property, collectionObject, fields));
                        }
                    }
                } else if (!property.isSimple()) {
                    FieldMap map = getFullFieldMap(schemaService.getDynamicSchema(property.getItemKlass()));
                    for (Object collectionObject : collection) {
                        Node node = buildNode(map, property.getItemKlass(), collectionObject, user, defaults);
                        if (node != null && !node.getChildren().isEmpty()) {
                            child.addChild(node);
                        }
                    }
                } else {
                    for (Object collectionObject : collection) {
                        SimpleNode simpleNode = child.addChild(new SimpleNode(property.getName(), collectionObject));
                        simpleNode.setProperty(property);
                    }
                }
            } else if (property.isIdentifiableObject() && isProperIdObject(propertyClass)) {
                if (!shouldExclude(returnValue, defaults)) {
                    child = getProperties(property, returnValue, fields);
                }
            } else {
                if (propertySchema.getProperties().isEmpty()) {
                    SimpleNode simpleNode = new SimpleNode(fieldKey, returnValue);
                    simpleNode.setAttribute(property.isAttribute());
                    simpleNode.setNamespace(property.getNamespace());
                    child = simpleNode;
                } else {
                    child = buildNode(getFullFieldMap(propertySchema), propertyClass, returnValue, user, defaults);
                }
            }
        } else {
            if (property.isCollection()) {
                child = new CollectionNode(property.getCollectionName());
                child.setNamespace(property.getNamespace());
                for (Object collectionObject : (Collection<?>) Objects.requireNonNull(returnValue)) {
                    Node node;
                    if (property.hasPropertyTransformer()) {
                        // if it has a transformer, re-get the schema (the
                        // item klass has probably changed)
                        Schema sch = schemaService.getDynamicSchema(HibernateProxyUtils.getRealClass(collectionObject));
                        node = buildNode(fieldValue, sch.getKlass(), collectionObject, user, property.getName(), defaults);
                    } else {
                        node = buildNode(fieldValue, property.getItemKlass(), collectionObject, user, property.getName(), defaults);
                    }
                    if (!Objects.requireNonNull(node).getChildren().isEmpty()) {
                        child.addChild(node);
                    }
                }
            } else {
                returnValue = handleJsonbObjectProperties(klass, propertyClass, returnValue);
                child = buildNode(fieldValue, propertyClass, returnValue, user, defaults);
            }
        }
        if (child != null) {
            child.setName(fieldKey);
            child.setProperty(property);
            // serializer/deserializer
            if (child.isSimple() && (((SimpleNode) child).getValue()) instanceof PeriodType) {
                child = new SimpleNode(child.getName(), ((PeriodType) ((SimpleNode) child).getValue()).getName());
            }
            complexNode.addChild(fieldValue.getPipeline().process(child));
        }
    }
    return complexNode;
}
Also used : PeriodType(org.hisp.dhis.period.PeriodType) AttributeValue(org.hisp.dhis.attribute.AttributeValue) AbstractNode(org.hisp.dhis.node.AbstractNode) Schema(org.hisp.dhis.schema.Schema) SimpleNode(org.hisp.dhis.node.types.SimpleNode) ComplexNode(org.hisp.dhis.node.types.ComplexNode) CollectionNode(org.hisp.dhis.node.types.CollectionNode) AbstractNode(org.hisp.dhis.node.AbstractNode) Node(org.hisp.dhis.node.Node) UserAccess(org.hisp.dhis.user.UserAccess) Access(org.hisp.dhis.security.acl.Access) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) SimpleNode(org.hisp.dhis.node.types.SimpleNode) Property(org.hisp.dhis.schema.Property) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) UserAccess(org.hisp.dhis.user.UserAccess) ComplexNode(org.hisp.dhis.node.types.ComplexNode) CollectionNode(org.hisp.dhis.node.types.CollectionNode) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) PropertyTransformer(org.hisp.dhis.schema.PropertyTransformer) Collection(java.util.Collection) EmbeddedObject(org.hisp.dhis.common.EmbeddedObject) BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject) IdentifiableObject(org.hisp.dhis.common.IdentifiableObject)

Example 4 with UserGroupAccess

use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.

the class ProgramSupplierAclIntegrationTest method verifyUserHasWriteAccessToProgramForUserGroupAccess.

@Test
void verifyUserHasWriteAccessToProgramForUserGroupAccess() {
    // Given
    final User user = createUser("A");
    final Program program = createProgram('A');
    UserGroup userGroup = new UserGroup("test-group", singleton(user));
    manager.save(userGroup, true);
    user.getGroups().add(userGroup);
    UserGroupAccess userGroupAccess = new UserGroupAccess(userGroup, AccessStringHelper.DATA_READ_WRITE);
    program.setUserGroupAccesses(singleton(userGroupAccess));
    manager.save(program, false);
    manager.flush();
    // When
    final Map<String, Program> programs = programSupplier.get(getDefaultImportOptions(), singletonList(event));
    // Then
    assertThat(programs.keySet(), hasSize(1));
    assertTrue(aclService.canDataWrite(user, programs.get(program.getUid())));
}
Also used : User(org.hisp.dhis.user.User) Program(org.hisp.dhis.program.Program) UserGroup(org.hisp.dhis.user.UserGroup) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Example 5 with UserGroupAccess

use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.

the class ProgramSupplierAclIntegrationTest method verifyUserHasWriteAccessToTrackedEntityTypeForGroupAccess.

@Test
void verifyUserHasWriteAccessToTrackedEntityTypeForGroupAccess() {
    // Given
    final User user = createUser("user1");
    final TrackedEntityType tet = createTrackedEntityType('A');
    manager.save(tet);
    UserGroup userGroup = new UserGroup("test-group-tet", singleton(user));
    manager.save(userGroup, true);
    user.getGroups().add(userGroup);
    UserGroupAccess userGroupAccess = new UserGroupAccess(userGroup, AccessStringHelper.DATA_READ_WRITE);
    tet.setUserGroupAccesses(singleton(userGroupAccess));
    manager.save(tet, false);
    final Program program = createProgram('A');
    program.setTrackedEntityType(tet);
    manager.save(program, false);
    manager.flush();
    // When
    final Map<String, Program> programs = programSupplier.get(getDefaultImportOptions(), singletonList(event));
    // Then
    assertThat(programs.keySet(), hasSize(1));
    assertTrue(aclService.canDataWrite(user, getTrackedEntityType(programs.get(program.getUid()))));
}
Also used : TrackedEntityType(org.hisp.dhis.trackedentity.TrackedEntityType) User(org.hisp.dhis.user.User) Program(org.hisp.dhis.program.Program) UserGroup(org.hisp.dhis.user.UserGroup) UserGroupAccess(org.hisp.dhis.user.UserGroupAccess) TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest) Test(org.junit.jupiter.api.Test)

Aggregations

UserGroupAccess (org.hisp.dhis.user.UserGroupAccess)6 User (org.hisp.dhis.user.User)5 UserAccess (org.hisp.dhis.user.UserAccess)4 UserGroup (org.hisp.dhis.user.UserGroup)4 BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)3 IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3 TransactionalIntegrationTest (org.hisp.dhis.TransactionalIntegrationTest)2 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)2 Program (org.hisp.dhis.program.Program)2 Sharing (org.hisp.dhis.webapi.webdomain.sharing.Sharing)2 SharingUserAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)2 SharingUserGroupAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)2 Test (org.junit.jupiter.api.Test)2 AccessDeniedException (org.springframework.security.access.AccessDeniedException)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 Collection (java.util.Collection)1 List (java.util.List)1 AttributeValue (org.hisp.dhis.attribute.AttributeValue)1 EmbeddedObject (org.hisp.dhis.common.EmbeddedObject)1 DataElement (org.hisp.dhis.dataelement.DataElement)1