Example 1 with UserGroupAccess
use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.
the class SharingController method setSharing.
@RequestMapping(method = { RequestMethod.POST, RequestMethod.PUT }, consumes = MediaType.APPLICATION_JSON_VALUE)
public void setSharing(@RequestParam String type, @RequestParam String id, HttpServletResponse response, HttpServletRequest request) throws IOException, WebMessageException {
Class<? extends IdentifiableObject> sharingClass = aclService.classForType(type);
if (sharingClass == null || !aclService.isShareable(sharingClass)) {
throw new WebMessageException(WebMessageUtils.conflict("Type " + type + " is not supported."));
}
BaseIdentifiableObject object = (BaseIdentifiableObject) manager.get(sharingClass, id);
if (object == null) {
throw new WebMessageException(WebMessageUtils.notFound("Object of type " + type + " with ID " + id + " was not found."));
}
User user = currentUserService.getCurrentUser();
if (!aclService.canManage(user, object)) {
throw new AccessDeniedException("You do not have manage access to this object.");
}
Sharing sharing = renderService.fromJson(request.getInputStream(), Sharing.class);
if (!AccessStringHelper.isValid(sharing.getObject().getPublicAccess())) {
throw new WebMessageException(WebMessageUtils.conflict("Invalid public access string: " + sharing.getObject().getPublicAccess()));
}
if (aclService.canMakeExternal(user, object.getClass())) {
object.setExternalAccess(sharing.getObject().hasExternalAccess());
}
if (aclService.canMakePublic(user, object.getClass())) {
object.setPublicAccess(sharing.getObject().getPublicAccess());
}
if (object.getUser() == null) {
object.setUser(user);
}
Iterator<UserGroupAccess> userGroupAccessIterator = object.getUserGroupAccesses().iterator();
while (userGroupAccessIterator.hasNext()) {
UserGroupAccess userGroupAccess = userGroupAccessIterator.next();
userGroupAccessIterator.remove();
userGroupAccessService.deleteUserGroupAccess(userGroupAccess);
}
for (SharingUserGroupAccess sharingUserGroupAccess : sharing.getObject().getUserGroupAccesses()) {
UserGroupAccess userGroupAccess = new UserGroupAccess();
if (!AccessStringHelper.isValid(sharingUserGroupAccess.getAccess())) {
throw new WebMessageException(WebMessageUtils.conflict("Invalid user group access string: " + sharingUserGroupAccess.getAccess()));
}
userGroupAccess.setAccess(sharingUserGroupAccess.getAccess());
UserGroup userGroup = manager.get(UserGroup.class, sharingUserGroupAccess.getId());
if (userGroup != null) {
userGroupAccess.setUserGroup(userGroup);
userGroupAccessService.addUserGroupAccess(userGroupAccess);
object.getUserGroupAccesses().add(userGroupAccess);
}
}
Iterator<UserAccess> userAccessIterator = object.getUserAccesses().iterator();
while (userAccessIterator.hasNext()) {
UserAccess userAccess = userAccessIterator.next();
userAccessIterator.remove();
userAccessService.deleteUserAccess(userAccess);
}
for (SharingUserAccess sharingUserAccess : sharing.getObject().getUserAccesses()) {
UserAccess userAccess = new UserAccess();
if (!AccessStringHelper.isValid(sharingUserAccess.getAccess())) {
throw new WebMessageException(WebMessageUtils.conflict("Invalid user access string: " + sharingUserAccess.getAccess()));
}
userAccess.setAccess(sharingUserAccess.getAccess());
User sharingUser = manager.get(User.class, sharingUserAccess.getId());
if (sharingUser != null) {
userAccess.setUser(sharingUser);
userAccessService.addUserAccess(userAccess);
object.getUserAccesses().add(userAccess);
}
}
manager.updateNoAcl(object);
log.info(sharingToString(object));
webMessageService.send(WebMessageUtils.ok("Access control set"), response, request);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
User(org.hisp.dhis.user.User)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
UserAccess(org.hisp.dhis.user.UserAccess)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
UserGroup(org.hisp.dhis.user.UserGroup)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with UserGroupAccess
use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.
the class SharingController method getSharing.
// -------------------------------------------------------------------------
// Resources
// -------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public void getSharing(@RequestParam String type, @RequestParam String id, HttpServletResponse response) throws IOException, WebMessageException {
if (!aclService.isShareable(type)) {
throw new WebMessageException(WebMessageUtils.conflict("Type " + type + " is not supported."));
}
Class<? extends IdentifiableObject> klass = aclService.classForType(type);
IdentifiableObject object = manager.get(klass, id);
if (object == null) {
throw new WebMessageException(WebMessageUtils.notFound("Object of type " + type + " with ID " + id + " was not found."));
}
User user = currentUserService.getCurrentUser();
if (!aclService.canRead(user, object)) {
throw new AccessDeniedException("You do not have manage access to this object.");
}
Sharing sharing = new Sharing();
sharing.getMeta().setAllowPublicAccess(aclService.canMakePublic(user, object.getClass()));
sharing.getMeta().setAllowExternalAccess(aclService.canMakeExternal(user, object.getClass()));
sharing.getObject().setId(object.getUid());
sharing.getObject().setName(object.getDisplayName());
sharing.getObject().setDisplayName(object.getDisplayName());
sharing.getObject().setExternalAccess(object.getExternalAccess());
if (object.getPublicAccess() == null) {
String access;
if (aclService.canMakePublic(user, klass)) {
access = AccessStringHelper.newInstance().enable(AccessStringHelper.Permission.READ).enable(AccessStringHelper.Permission.WRITE).build();
} else {
access = AccessStringHelper.newInstance().build();
}
sharing.getObject().setPublicAccess(access);
} else {
sharing.getObject().setPublicAccess(object.getPublicAccess());
}
if (object.getUser() != null) {
sharing.getObject().getUser().setId(object.getUser().getUid());
sharing.getObject().getUser().setName(object.getUser().getDisplayName());
}
for (UserGroupAccess userGroupAccess : object.getUserGroupAccesses()) {
SharingUserGroupAccess sharingUserGroupAccess = new SharingUserGroupAccess();
sharingUserGroupAccess.setId(userGroupAccess.getUserGroup().getUid());
sharingUserGroupAccess.setName(userGroupAccess.getUserGroup().getDisplayName());
sharingUserGroupAccess.setDisplayName(userGroupAccess.getUserGroup().getDisplayName());
sharingUserGroupAccess.setAccess(userGroupAccess.getAccess());
sharing.getObject().getUserGroupAccesses().add(sharingUserGroupAccess);
}
for (UserAccess userAccess : object.getUserAccesses()) {
SharingUserAccess sharingUserAccess = new SharingUserAccess();
sharingUserAccess.setId(userAccess.getUser().getUid());
sharingUserAccess.setName(userAccess.getUser().getDisplayName());
sharingUserAccess.setDisplayName(userAccess.getUser().getDisplayName());
sharingUserAccess.setAccess(userAccess.getAccess());
sharing.getObject().getUserAccesses().add(sharingUserAccess);
}
sharing.getObject().getUserGroupAccesses().sort(SharingUserGroupAccessNameComparator.INSTANCE);
response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
renderService.toJson(response.getOutputStream(), sharing);
}
Also used :
AccessDeniedException(org.springframework.security.access.AccessDeniedException)
User(org.hisp.dhis.user.User)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
Sharing(org.hisp.dhis.webapi.webdomain.sharing.Sharing)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
UserAccess(org.hisp.dhis.user.UserAccess)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
SharingUserAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)
IdentifiableObject(org.hisp.dhis.common.IdentifiableObject)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
SharingUserGroupAccess(org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 3 with UserGroupAccess
use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.
the class DefaultFieldFilterService method buildNode.
private AbstractNode buildNode(FieldMap fieldMap, Class<?> klass, Object object, User user, String nodeName, Defaults defaults) {
Schema schema = schemaService.getDynamicSchema(klass);
ComplexNode complexNode = new ComplexNode(nodeName);
complexNode.setNamespace(schema.getNamespace());
if (object == null) {
return new SimpleNode(schema.getName(), null);
}
if (shouldExclude(object, defaults)) {
return null;
}
updateFields(fieldMap, schema.getKlass());
if (fieldMap.containsKey("access") && schema.isIdentifiableObject()) {
Access access = aclService.getAccess((IdentifiableObject) object, user);
((BaseIdentifiableObject) object).setAccess(access);
}
if (fieldMap.containsKey("attribute") && AttributeValue.class.isAssignableFrom(object.getClass())) {
AttributeValue attributeValue = (AttributeValue) object;
attributeValue.setAttribute(attributeService.getAttribute(attributeValue.getAttribute().getUid()));
}
if (UserGroupAccess.class.isAssignableFrom(object.getClass())) {
UserGroupAccess userGroupAccess = (UserGroupAccess) object;
userGroupAccess.setDisplayName(userGroupService.getDisplayName(userGroupAccess.getUserGroupUid()));
}
if (UserAccess.class.isAssignableFrom(object.getClass())) {
UserAccess userAccess = (UserAccess) object;
userAccess.setDisplayName(userService.getDisplayName(userAccess.getUserUid()));
}
for (String fieldKey : fieldMap.keySet()) {
AbstractNode child = null;
Property property = schema.getProperty(fieldKey);
FieldMap fieldValue = fieldMap.get(fieldKey);
if (property == null || !property.isReadable()) {
// throw new FieldFilterException( fieldKey, schema );
log.debug("Unknown field property `" + fieldKey + "`, available fields are " + schema.getPropertyMap().keySet());
continue;
}
Object returnValue = ReflectionUtils.invokeMethod(object, property.getGetterMethod());
Class<?> propertyClass = property.getKlass();
Schema propertySchema = schemaService.getDynamicSchema(propertyClass);
if (property.hasPropertyTransformer()) {
PropertyTransformer propertyTransformer = transformerCache.get(property.getPropertyTransformer().getName(), s -> {
try {
return property.getPropertyTransformer().newInstance();
} catch (InstantiationException | IllegalAccessException e) {
throw new RuntimeException(e);
}
});
if (returnValue != null) {
returnValue = propertyTransformer.transform(returnValue);
propertyClass = returnValue.getClass();
propertySchema = schemaService.getDynamicSchema(propertyClass);
updateFields(fieldValue, propertyTransformer.getKlass());
}
}
if (returnValue != null && propertySchema.getProperties().isEmpty() && !property.isCollection() && property.getKlass().isInterface() && !property.isIdentifiableObject()) {
// try to retrieve schema from concrete class
propertyClass = returnValue.getClass();
propertySchema = schemaService.getDynamicSchema(propertyClass);
}
if (returnValue == null && property.isCollection()) {
continue;
}
if (property.isCollection()) {
updateFields(fieldValue, property.getItemKlass());
} else {
updateFields(fieldValue, propertyClass);
}
if (fieldValue.isEmpty()) {
List<String> fields = Preset.defaultAssociationPreset().getFields();
if (property.isCollection()) {
Collection<?> collection = (Collection<?>) returnValue;
child = new CollectionNode(property.getCollectionName(), collection.size());
child.setNamespace(property.getNamespace());
if (property.isIdentifiableObject() && isProperIdObject(property.getItemKlass())) {
final boolean mayExclude = collection.isEmpty() || mayExclude(property.getItemKlass(), defaults);
for (Object collectionObject : collection) {
if (!mayExclude || !shouldExclude(collectionObject, defaults)) {
child.addChild(getProperties(property, collectionObject, fields));
}
}
} else if (!property.isSimple()) {
FieldMap map = getFullFieldMap(schemaService.getDynamicSchema(property.getItemKlass()));
for (Object collectionObject : collection) {
Node node = buildNode(map, property.getItemKlass(), collectionObject, user, defaults);
if (node != null && !node.getChildren().isEmpty()) {
child.addChild(node);
}
}
} else {
for (Object collectionObject : collection) {
SimpleNode simpleNode = child.addChild(new SimpleNode(property.getName(), collectionObject));
simpleNode.setProperty(property);
}
}
} else if (property.isIdentifiableObject() && isProperIdObject(propertyClass)) {
if (!shouldExclude(returnValue, defaults)) {
child = getProperties(property, returnValue, fields);
}
} else {
if (propertySchema.getProperties().isEmpty()) {
SimpleNode simpleNode = new SimpleNode(fieldKey, returnValue);
simpleNode.setAttribute(property.isAttribute());
simpleNode.setNamespace(property.getNamespace());
child = simpleNode;
} else {
child = buildNode(getFullFieldMap(propertySchema), propertyClass, returnValue, user, defaults);
}
}
} else {
if (property.isCollection()) {
child = new CollectionNode(property.getCollectionName());
child.setNamespace(property.getNamespace());
for (Object collectionObject : (Collection<?>) Objects.requireNonNull(returnValue)) {
Node node;
if (property.hasPropertyTransformer()) {
// if it has a transformer, re-get the schema (the
// item klass has probably changed)
Schema sch = schemaService.getDynamicSchema(HibernateProxyUtils.getRealClass(collectionObject));
node = buildNode(fieldValue, sch.getKlass(), collectionObject, user, property.getName(), defaults);
} else {
node = buildNode(fieldValue, property.getItemKlass(), collectionObject, user, property.getName(), defaults);
}
if (!Objects.requireNonNull(node).getChildren().isEmpty()) {
child.addChild(node);
}
}
} else {
returnValue = handleJsonbObjectProperties(klass, propertyClass, returnValue);
child = buildNode(fieldValue, propertyClass, returnValue, user, defaults);
}
}
if (child != null) {
child.setName(fieldKey);
child.setProperty(property);
// serializer/deserializer
if (child.isSimple() && (((SimpleNode) child).getValue()) instanceof PeriodType) {
child = new SimpleNode(child.getName(), ((PeriodType) ((SimpleNode) child).getValue()).getName());
}
complexNode.addChild(fieldValue.getPipeline().process(child));
}
}
return complexNode;
}
Also used :
PeriodType(org.hisp.dhis.period.PeriodType)
AttributeValue(org.hisp.dhis.attribute.AttributeValue)
AbstractNode(org.hisp.dhis.node.AbstractNode)
Schema(org.hisp.dhis.schema.Schema)
SimpleNode(org.hisp.dhis.node.types.SimpleNode)
ComplexNode(org.hisp.dhis.node.types.ComplexNode)
CollectionNode(org.hisp.dhis.node.types.CollectionNode)
AbstractNode(org.hisp.dhis.node.AbstractNode)
Node(org.hisp.dhis.node.Node)
UserAccess(org.hisp.dhis.user.UserAccess)
Access(org.hisp.dhis.security.acl.Access)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
SimpleNode(org.hisp.dhis.node.types.SimpleNode)
Property(org.hisp.dhis.schema.Property)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
UserAccess(org.hisp.dhis.user.UserAccess)
ComplexNode(org.hisp.dhis.node.types.ComplexNode)
CollectionNode(org.hisp.dhis.node.types.CollectionNode)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
PropertyTransformer(org.hisp.dhis.schema.PropertyTransformer)
Collection(java.util.Collection)
EmbeddedObject(org.hisp.dhis.common.EmbeddedObject)
BaseIdentifiableObject(org.hisp.dhis.common.BaseIdentifiableObject)
IdentifiableObject(org.hisp.dhis.common.IdentifiableObject)
Example 4 with UserGroupAccess
use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.
the class ProgramSupplierAclIntegrationTest method verifyUserHasWriteAccessToProgramForUserGroupAccess.
@Test
void verifyUserHasWriteAccessToProgramForUserGroupAccess() {
// Given
final User user = createUser("A");
final Program program = createProgram('A');
UserGroup userGroup = new UserGroup("test-group", singleton(user));
manager.save(userGroup, true);
user.getGroups().add(userGroup);
UserGroupAccess userGroupAccess = new UserGroupAccess(userGroup, AccessStringHelper.DATA_READ_WRITE);
program.setUserGroupAccesses(singleton(userGroupAccess));
manager.save(program, false);
manager.flush();
// When
final Map<String, Program> programs = programSupplier.get(getDefaultImportOptions(), singletonList(event));
// Then
assertThat(programs.keySet(), hasSize(1));
assertTrue(aclService.canDataWrite(user, programs.get(program.getUid())));
}
Also used :
User(org.hisp.dhis.user.User)
Program(org.hisp.dhis.program.Program)
UserGroup(org.hisp.dhis.user.UserGroup)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest)
Test(org.junit.jupiter.api.Test)
Example 5 with UserGroupAccess
use of org.hisp.dhis.user.UserGroupAccess in project dhis2-core by dhis2.
the class ProgramSupplierAclIntegrationTest method verifyUserHasWriteAccessToTrackedEntityTypeForGroupAccess.
@Test
void verifyUserHasWriteAccessToTrackedEntityTypeForGroupAccess() {
// Given
final User user = createUser("user1");
final TrackedEntityType tet = createTrackedEntityType('A');
manager.save(tet);
UserGroup userGroup = new UserGroup("test-group-tet", singleton(user));
manager.save(userGroup, true);
user.getGroups().add(userGroup);
UserGroupAccess userGroupAccess = new UserGroupAccess(userGroup, AccessStringHelper.DATA_READ_WRITE);
tet.setUserGroupAccesses(singleton(userGroupAccess));
manager.save(tet, false);
final Program program = createProgram('A');
program.setTrackedEntityType(tet);
manager.save(program, false);
manager.flush();
// When
final Map<String, Program> programs = programSupplier.get(getDefaultImportOptions(), singletonList(event));
// Then
assertThat(programs.keySet(), hasSize(1));
assertTrue(aclService.canDataWrite(user, getTrackedEntityType(programs.get(program.getUid()))));
}
Also used :
TrackedEntityType(org.hisp.dhis.trackedentity.TrackedEntityType)
User(org.hisp.dhis.user.User)
Program(org.hisp.dhis.program.Program)
UserGroup(org.hisp.dhis.user.UserGroup)
UserGroupAccess(org.hisp.dhis.user.UserGroupAccess)
TransactionalIntegrationTest(org.hisp.dhis.TransactionalIntegrationTest)
Test(org.junit.jupiter.api.Test)
Aggregations
UserGroupAccess (org.hisp.dhis.user.UserGroupAccess)6
User (org.hisp.dhis.user.User)5
UserAccess (org.hisp.dhis.user.UserAccess)4
UserGroup (org.hisp.dhis.user.UserGroup)4
BaseIdentifiableObject (org.hisp.dhis.common.BaseIdentifiableObject)3
IdentifiableObject (org.hisp.dhis.common.IdentifiableObject)3
TransactionalIntegrationTest (org.hisp.dhis.TransactionalIntegrationTest)2
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)2
Program (org.hisp.dhis.program.Program)2
Sharing (org.hisp.dhis.webapi.webdomain.sharing.Sharing)2
SharingUserAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserAccess)2
SharingUserGroupAccess (org.hisp.dhis.webapi.webdomain.sharing.SharingUserGroupAccess)2
Test (org.junit.jupiter.api.Test)2
AccessDeniedException (org.springframework.security.access.AccessDeniedException)2
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2
Collection (java.util.Collection)1
List (java.util.List)1
AttributeValue (org.hisp.dhis.attribute.AttributeValue)1
EmbeddedObject (org.hisp.dhis.common.EmbeddedObject)1
DataElement (org.hisp.dhis.dataelement.DataElement)1
