Example 46 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class EventAnalyticsController method getQueryHtml.
@PreAuthorize("hasRole('ALL') or hasRole('F_VIEW_EVENT_ANALYTICS')")
@RequestMapping(value = RESOURCE_PATH + "/query/{program}.html", method = RequestMethod.GET)
public void getQueryHtml(@PathVariable String program, @RequestParam(required = false) String stage, @RequestParam(required = false) Date startDate, @RequestParam(required = false) Date endDate, @RequestParam Set<String> dimension, @RequestParam(required = false) Set<String> filter, @RequestParam(required = false) OrganisationUnitSelectionMode ouMode, @RequestParam(required = false) Set<String> asc, @RequestParam(required = false) Set<String> desc, @RequestParam(required = false) boolean skipMeta, @RequestParam(required = false) boolean skipData, @RequestParam(required = false) boolean completedOnly, @RequestParam(required = false) boolean hierarchyMeta, @RequestParam(required = false) boolean coordinatesOnly, @RequestParam(required = false) EventStatus eventStatus, @RequestParam(required = false) ProgramStatus programStatus, @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer pageSize, @RequestParam(required = false) DisplayProperty displayProperty, @RequestParam(required = false) Date relativePeriodDate, @RequestParam(required = false) String userOrgUnit, @RequestParam(required = false) String coordinateField, DhisApiVersion apiVersion, Model model, HttpServletResponse response) throws Exception {
EventQueryParams params = eventDataQueryService.getFromUrl(program, stage, startDate, endDate, dimension, filter, ouMode, asc, desc, skipMeta, skipData, completedOnly, hierarchyMeta, coordinatesOnly, eventStatus, programStatus, displayProperty, relativePeriodDate, userOrgUnit, coordinateField, page, pageSize, apiVersion);
contextUtils.configureResponse(response, ContextUtils.CONTENT_TYPE_HTML, CacheStrategy.RESPECT_SYSTEM_SETTING, "events.html", false);
Grid grid = analyticsService.getEvents(params);
GridUtils.toHtml(substituteMetaData(grid), response.getWriter());
}
Also used :
EventQueryParams(org.hisp.dhis.analytics.event.EventQueryParams)
Grid(org.hisp.dhis.common.Grid)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 47 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class DataValueSetController method postAdxDataValueSet.
@RequestMapping(method = RequestMethod.POST, consumes = CONTENT_TYPE_XML_ADX)
@PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
public void postAdxDataValueSet(ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
if (importOptions.isAsync()) {
startAsyncImport(importOptions, ImportDataValueTask.FORMAT_ADX, request, response);
} else {
try {
ImportSummary summary = adxDataService.saveDataValueSet(request.getInputStream(), importOptions, null);
summary.setImportOptions(importOptions);
response.setContentType(CONTENT_TYPE_XML);
renderService.toXml(response.getOutputStream(), summary);
} catch (Exception ex) {
log.error("ADX Import error: ", ex);
throw ex;
}
}
}
Also used :
ImportSummary(org.hisp.dhis.dxf2.importsummary.ImportSummary)
AdxException(org.hisp.dhis.dxf2.adx.AdxException)
IOException(java.io.IOException)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 48 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class DataValueSetController method postDxf2DataValueSet.
// -------------------------------------------------------------------------
// Post
// -------------------------------------------------------------------------
@RequestMapping(method = RequestMethod.POST, consumes = "application/xml")
@PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
public void postDxf2DataValueSet(ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
if (importOptions.isAsync()) {
startAsyncImport(importOptions, ImportDataValueTask.FORMAT_XML, request, response);
} else {
ImportSummary summary = dataValueSetService.saveDataValueSet(request.getInputStream(), importOptions);
summary.setImportOptions(importOptions);
response.setContentType(CONTENT_TYPE_XML);
renderService.toXml(response.getOutputStream(), summary);
}
}
Also used :
ImportSummary(org.hisp.dhis.dxf2.importsummary.ImportSummary)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 49 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class DataValueController method saveDataValue.
// ---------------------------------------------------------------------
// POST
// ---------------------------------------------------------------------
@PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
@RequestMapping(method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public void saveDataValue(@RequestParam String de, @RequestParam(required = false) String co, @RequestParam(required = false) String cc, @RequestParam(required = false) String cp, @RequestParam String pe, @RequestParam String ou, @RequestParam(required = false) String value, @RequestParam(required = false) String comment, @RequestParam(required = false) boolean followUp, HttpServletResponse response) throws WebMessageException {
boolean strictPeriods = (Boolean) systemSettingManager.getSystemSetting(SettingKey.DATA_IMPORT_STRICT_PERIODS);
boolean strictCategoryOptionCombos = (Boolean) systemSettingManager.getSystemSetting(SettingKey.DATA_IMPORT_STRICT_CATEGORY_OPTION_COMBOS);
boolean strictOrgUnits = (Boolean) systemSettingManager.getSystemSetting(SettingKey.DATA_IMPORT_STRICT_ORGANISATION_UNITS);
boolean requireCategoryOptionCombo = (Boolean) systemSettingManager.getSystemSetting(SettingKey.DATA_IMPORT_REQUIRE_CATEGORY_OPTION_COMBO);
// ---------------------------------------------------------------------
// Input validation
// ---------------------------------------------------------------------
DataElement dataElement = getAndValidateDataElement(de);
DataElementCategoryOptionCombo categoryOptionCombo = getAndValidateCategoryOptionCombo(co, requireCategoryOptionCombo);
DataElementCategoryOptionCombo attributeOptionCombo = getAndValidateAttributeOptionCombo(cc, cp);
Period period = getAndValidatePeriod(pe);
OrganisationUnit organisationUnit = getAndValidateOrganisationUnit(ou);
validateInvalidFuturePeriod(period, dataElement);
validateAttributeOptionComboWithOrgUnitAndPeriod(attributeOptionCombo, organisationUnit, period);
String valueValid = ValidationUtils.dataValueIsValid(value, dataElement);
if (valueValid != null) {
throw new WebMessageException(WebMessageUtils.conflict("Invalid value: " + value + ", must match data element type: " + dataElement.getValueType()));
}
String commentValid = ValidationUtils.commentIsValid(comment);
if (commentValid != null) {
throw new WebMessageException(WebMessageUtils.conflict("Invalid comment: " + comment));
}
OptionSet optionSet = dataElement.getOptionSet();
if (!Strings.isNullOrEmpty(value) && optionSet != null && !optionSet.getOptionCodesAsSet().contains(value)) {
throw new WebMessageException(WebMessageUtils.conflict("Data value is not a valid option of the data element option set: " + dataElement.getUid()));
}
if (strictPeriods && !dataElement.getPeriodTypes().contains(period.getPeriodType())) {
throw new WebMessageException(WebMessageUtils.conflict("Period type of period: " + period.getIsoDate() + " not valid for data element: " + dataElement.getUid()));
}
if (strictCategoryOptionCombos && !dataElement.getCategoryOptionCombos().contains(categoryOptionCombo)) {
throw new WebMessageException(WebMessageUtils.conflict("Category option combo: " + categoryOptionCombo.getUid() + " must be part of category combo of data element: " + dataElement.getUid()));
}
if (strictOrgUnits && !organisationUnit.hasDataElement(dataElement)) {
throw new WebMessageException(WebMessageUtils.conflict("Data element: " + dataElement.getUid() + " must be assigned through data sets to organisation unit: " + organisationUnit.getUid()));
}
// ---------------------------------------------------------------------
// Locking validation
// ---------------------------------------------------------------------
validateDataSetNotLocked(dataElement, period, organisationUnit, attributeOptionCombo);
// ---------------------------------------------------------------------
// Period validation
// ---------------------------------------------------------------------
validateDataInputPeriodForDataElementAndPeriod(dataElement, period);
// ---------------------------------------------------------------------
// Assemble and save data value
// ---------------------------------------------------------------------
String storedBy = currentUserService.getCurrentUsername();
Date now = new Date();
DataValue dataValue = dataValueService.getDataValue(dataElement, period, organisationUnit, categoryOptionCombo, attributeOptionCombo);
FileResource fileResource = null;
if (dataValue == null) {
if (dataElement.getValueType() == ValueType.FILE_RESOURCE) {
if (value != null) {
fileResource = fileResourceService.getFileResource(value);
if (fileResource == null || fileResource.getDomain() != FileResourceDomain.DATA_VALUE) {
throw new WebMessageException(WebMessageUtils.notFound(FileResource.class, value));
}
if (fileResource.isAssigned()) {
throw new WebMessageException(WebMessageUtils.conflict("File resource already assigned or linked to another data value"));
}
fileResource.setAssigned(true);
} else {
throw new WebMessageException(WebMessageUtils.conflict("Missing parameter 'value'"));
}
}
dataValue = new DataValue(dataElement, period, organisationUnit, categoryOptionCombo, attributeOptionCombo, StringUtils.trimToNull(value), storedBy, now, StringUtils.trimToNull(comment));
dataValueService.addDataValue(dataValue);
} else {
if (value == null && ValueType.TRUE_ONLY.equals(dataElement.getValueType())) {
if (comment == null) {
dataValueService.deleteDataValue(dataValue);
return;
} else {
value = "false";
}
}
if (dataElement.isFileType()) {
fileResourceService.deleteFileResource(dataValue.getValue());
}
if (value != null) {
dataValue.setValue(StringUtils.trimToNull(value));
}
if (comment != null) {
dataValue.setComment(StringUtils.trimToNull(comment));
}
if (followUp) {
dataValue.toggleFollowUp();
}
dataValue.setLastUpdated(now);
dataValue.setStoredBy(storedBy);
dataValueService.updateDataValue(dataValue);
}
if (fileResource != null) {
fileResourceService.updateFileResource(fileResource);
}
}
Also used :
DataElement(org.hisp.dhis.dataelement.DataElement)
OrganisationUnit(org.hisp.dhis.organisationunit.OrganisationUnit)
WebMessageException(org.hisp.dhis.dxf2.webmessage.WebMessageException)
DataValue(org.hisp.dhis.datavalue.DataValue)
FileResource(org.hisp.dhis.fileresource.FileResource)
Period(org.hisp.dhis.period.Period)
OptionSet(org.hisp.dhis.option.OptionSet)
DataElementCategoryOptionCombo(org.hisp.dhis.dataelement.DataElementCategoryOptionCombo)
Date(java.util.Date)
ResponseStatus(org.springframework.web.bind.annotation.ResponseStatus)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 50 with PreAuthorize
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class DataValueSetController method postCsvDataValueSet.
@RequestMapping(method = RequestMethod.POST, consumes = "application/csv")
@PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
public void postCsvDataValueSet(ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
if (importOptions.isAsync()) {
startAsyncImport(importOptions, ImportDataValueTask.FORMAT_CSV, request, response);
} else {
ImportSummary summary = dataValueSetService.saveDataValueSetCsv(request.getInputStream(), importOptions);
summary.setImportOptions(importOptions);
response.setContentType(CONTENT_TYPE_XML);
renderService.toXml(response.getOutputStream(), summary);
}
}
Also used :
ImportSummary(org.hisp.dhis.dxf2.importsummary.ImportSummary)
PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)289
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)234
ResponseBody (org.springframework.web.bind.annotation.ResponseBody)88
ApiOperation (io.swagger.annotations.ApiOperation)70
ModelAndView (org.springframework.web.servlet.ModelAndView)51
ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)44
ResponseEntity (org.springframework.http.ResponseEntity)41
ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)40
WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)36
IOException (java.io.IOException)35
ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)34
InputStream (java.io.InputStream)26
Date (java.util.Date)26
ArrayList (java.util.ArrayList)25
ImportSummary (org.hisp.dhis.dxf2.importsummary.ImportSummary)23
ConfigurationServiceException (org.nhindirect.config.service.ConfigurationServiceException)21
List (java.util.List)17
HttpHeaders (org.springframework.http.HttpHeaders)16
Grid (org.hisp.dhis.common.Grid)14
SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)14
