use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class EventController method getCsvEvents.
@RequestMapping(value = "", method = RequestMethod.GET, produces = { "application/csv", "application/csv+gzip", "text/csv" })
@PreAuthorize("hasRole('ALL') or hasRole('F_TRACKED_ENTITY_DATAVALUE_ADD') or hasRole('F_TRACKED_ENTITY_DATAVALUE_READ')")
public void getCsvEvents(@RequestParam(required = false) String program, @RequestParam(required = false) String programStage, @RequestParam(required = false) ProgramStatus programStatus, @RequestParam(required = false) Boolean followUp, @RequestParam(required = false) String trackedEntityInstance, @RequestParam(required = false) String orgUnit, @RequestParam(required = false) OrganisationUnitSelectionMode ouMode, @RequestParam(required = false) Date startDate, @RequestParam(required = false) Date endDate, @RequestParam(required = false) Date dueDateStart, @RequestParam(required = false) Date dueDateEnd, @RequestParam(required = false) Date lastUpdated, @RequestParam(required = false) Date lastUpdatedStartDate, @RequestParam(required = false) Date lastUpdatedEndDate, @RequestParam(required = false) EventStatus status, @RequestParam(required = false) String attributeCc, @RequestParam(required = false) String attributeCos, @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer pageSize, @RequestParam(required = false) boolean totalPages, @RequestParam(required = false) boolean skipPaging, @RequestParam(required = false) String order, @RequestParam(required = false) String attachment, @RequestParam(required = false, defaultValue = "false") boolean includeDeleted, @RequestParam(required = false, defaultValue = "false") boolean skipHeader, IdSchemes idSchemes, HttpServletResponse response, HttpServletRequest request) throws IOException, WebMessageException {
boolean allowNoAttrOptionCombo = trackedEntityInstance != null && entityInstanceService.getTrackedEntityInstance(trackedEntityInstance) != null;
DataElementCategoryOptionCombo attributeOptionCombo = inputUtils.getAttributeOptionCombo(attributeCc, attributeCos, allowNoAttrOptionCombo);
if (attributeOptionCombo == null && !allowNoAttrOptionCombo) {
throw new WebMessageException(WebMessageUtils.conflict("Illegal attribute option combo identifier: " + attributeCc + " " + attributeCos));
}
lastUpdatedStartDate = lastUpdatedStartDate != null ? lastUpdatedStartDate : lastUpdated;
EventSearchParams params = eventService.getFromUrl(program, programStage, programStatus, followUp, orgUnit, ouMode, trackedEntityInstance, startDate, endDate, dueDateStart, dueDateEnd, lastUpdatedStartDate, lastUpdatedEndDate, status, attributeOptionCombo, idSchemes, page, pageSize, totalPages, skipPaging, getOrderParams(order), null, false, null, null, null, includeDeleted);
Events events = eventService.getEvents(params);
OutputStream outputStream = response.getOutputStream();
response.setContentType("application/csv");
if (ContextUtils.isAcceptCsvGzip(request)) {
response.addHeader(ContextUtils.HEADER_CONTENT_TRANSFER_ENCODING, "binary");
outputStream = new GZIPOutputStream(outputStream);
response.setContentType("application/csv+gzip");
}
if (!StringUtils.isEmpty(attachment)) {
response.addHeader("Content-Disposition", "attachment; filename=" + attachment);
}
csvEventService.writeEvents(outputStream, events, !skipHeader);
}
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class EnrollmentController method postEnrollmentXml.
@RequestMapping(value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE, produces = MediaType.APPLICATION_XML_VALUE)
@PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')")
public void postEnrollmentXml(@RequestParam(defaultValue = "CREATE") ImportStrategy strategy, ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
importOptions.setStrategy(strategy);
InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream());
ImportSummaries importSummaries = enrollmentService.addEnrollmentsXml(inputStream, importOptions);
importSummaries.setImportOptions(importOptions);
response.setContentType(MediaType.APPLICATION_XML_VALUE);
if (importSummaries.getImportSummaries().size() == 1) {
ImportSummary importSummary = importSummaries.getImportSummaries().get(0);
importSummary.setImportOptions(importOptions);
if (!importSummary.getStatus().equals(ImportStatus.ERROR)) {
response.setHeader("Location", getResourcePath(request, importSummary));
}
}
response.setStatus(HttpServletResponse.SC_CREATED);
webMessageService.send(WebMessageUtils.importSummaries(importSummaries), response, request);
}
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class ProgramMessageController method saveMessages.
// -------------------------------------------------------------------------
// POST
// -------------------------------------------------------------------------
@PreAuthorize("hasRole('ALL') or hasRole('F_MOBILE_SENDSMS')")
@RequestMapping(method = RequestMethod.POST, consumes = { "application/json" }, produces = { "application/json" })
public void saveMessages(HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
ProgramMessageBatch batch = renderService.fromJson(request.getInputStream(), ProgramMessageBatch.class);
for (ProgramMessage programMessage : batch.getProgramMessages()) {
programMessageService.validatePayload(programMessage);
}
BatchResponseStatus status = programMessageService.sendMessages(batch.getProgramMessages());
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
renderService.toJson(response.getOutputStream(), status);
}
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class ProgramMessageController method getProgramMessages.
// -------------------------------------------------------------------------
// GET
// -------------------------------------------------------------------------
@PreAuthorize("hasRole('ALL') or hasRole('F_MOBILE_SENDSMS')")
@RequestMapping(method = RequestMethod.GET, produces = { "application/json" })
public void getProgramMessages(@RequestParam(required = false) Set<String> ou, @RequestParam(required = false) String programInstance, @RequestParam(required = false) String programStageInstance, @RequestParam(required = false) ProgramMessageStatus messageStatus, @RequestParam(required = false) Date afterDate, @RequestParam(required = false) Date beforeDate, @RequestParam(required = false) Integer page, @RequestParam(required = false) Integer pageSize, HttpServletRequest request, HttpServletResponse response) throws IOException, WebMessageException {
ProgramMessageQueryParams params = programMessageService.getFromUrl(ou, programInstance, programStageInstance, messageStatus, page, pageSize, afterDate, beforeDate);
if (programInstance == null && programStageInstance == null) {
throw new WebMessageException(WebMessageUtils.conflict("ProgramInstance or ProgramStageInstance must be specified."));
}
List<ProgramMessage> programMessages = programMessageService.getProgramMessages(params);
renderService.toJson(response.getOutputStream(), programMessages);
}
use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.
the class TrackedEntityInstanceController method updateTrackedEntityInstanceXml.
// -------------------------------------------------------------------------
// UPDATE
// -------------------------------------------------------------------------
@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE)
@PreAuthorize("hasRole('ALL') or hasRole('F_TRACKED_ENTITY_INSTANCE_ADD')")
public void updateTrackedEntityInstanceXml(@PathVariable String id, ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream());
ImportSummary importSummary = trackedEntityInstanceService.updateTrackedEntityInstanceXml(id, inputStream, importOptions);
importSummary.setImportOptions(importOptions);
webMessageService.send(WebMessageUtils.importSummary(importSummary), response, request);
}
Aggregations