Examples with PreAuthorize org.springframework.security.access.prepost.PreAuthorize used on opensource projects

Example 81 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class TrackedEntityInstanceController method getTrackedEntityInstanceById.

@RequestMapping(value = "/{id}", method = RequestMethod.GET)
@PreAuthorize("hasRole('ALL') or hasRole('F_TRACKED_ENTITY_INSTANCE_SEARCH')")
@ResponseBody
public RootNode getTrackedEntityInstanceById(@PathVariable("id") String pvId) throws NotFoundException {
    List<String> fields = Lists.newArrayList(contextService.getParameterValues("fields"));
    if (fields.isEmpty()) {
        fields.add(":all");
    }
    CollectionNode collectionNode = fieldFilterService.filter(TrackedEntityInstance.class, Lists.newArrayList(getTrackedEntityInstance(pvId, fields)), fields);
    RootNode rootNode = new RootNode(collectionNode.getChildren().get(0));
    rootNode.setDefaultNamespace(DxfNamespaces.DXF_2_0);
    rootNode.setNamespace(DxfNamespaces.DXF_2_0);
    return rootNode;
}

Example 82 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class EnrollmentController method updateEnrollmentJson.

@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
@PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')")
public void updateEnrollmentJson(@PathVariable String id, ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
    InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream());
    ImportSummary importSummary = enrollmentService.updateEnrollmentJson(id, inputStream, importOptions);
    importSummary.setImportOptions(importOptions);
    webMessageService.send(WebMessageUtils.importSummary(importSummary), response, request);
}

Example 83 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class EnrollmentController method updateEnrollmentXml.

@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE, produces = MediaType.APPLICATION_XML_VALUE)
@PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')")
public void updateEnrollmentXml(@PathVariable String id, ImportOptions importOptions, HttpServletRequest request, HttpServletResponse response) throws IOException {
    InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream());
    ImportSummary importSummary = enrollmentService.updateEnrollmentXml(id, inputStream, importOptions);
    importSummary.setImportOptions(importOptions);
    webMessageService.send(WebMessageUtils.importSummary(importSummary), response, request);
}

Example 84 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class EnrollmentController method deleteEnrollment.

// -------------------------------------------------------------------------
// DELETE
// -------------------------------------------------------------------------
@RequestMapping(value = "/{id}", method = RequestMethod.DELETE)
@PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
@ResponseStatus(HttpStatus.NO_CONTENT)
public void deleteEnrollment(@PathVariable String id, HttpServletRequest request, HttpServletResponse response) throws WebMessageException {
    if (!programInstanceService.programInstanceExists(id)) {
        throw new WebMessageException(WebMessageUtils.notFound("Enrollment not found for ID " + id));
    }
    response.setStatus(HttpServletResponse.SC_OK);
    ImportSummary importSummary = enrollmentService.deleteEnrollment(id);
    webMessageService.send(WebMessageUtils.importSummary(importSummary), response, request);
}

Example 85 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project dhis2-core by dhis2.

the class EventController method postCsvEvents.

@RequestMapping(method = RequestMethod.POST, consumes = { "application/csv", "text/csv" })
@PreAuthorize("hasRole('ALL') or hasRole('F_TRACKED_ENTITY_DATAVALUE_ADD')")
public void postCsvEvents(@RequestParam(required = false, defaultValue = "false") boolean skipFirst, HttpServletResponse response, HttpServletRequest request, ImportOptions importOptions) throws IOException {
    InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream());
    Events events = csvEventService.readEvents(inputStream, skipFirst);
    if (!importOptions.isAsync()) {
        ImportSummaries importSummaries = eventService.addEvents(events.getEvents(), importOptions, null);
        importSummaries.setImportOptions(importOptions);
        webMessageService.send(WebMessageUtils.importSummaries(importSummaries), response, request);
    } else {
        TaskId taskId = new TaskId(TaskCategory.EVENT_IMPORT, currentUserService.getCurrentUser());
        scheduler.executeTask(new ImportEventsTask(events.getEvents(), eventService, importOptions, taskId));
        response.setHeader("Location", ContextUtils.getRootPath(request) + "/system/tasks/" + TaskCategory.EVENT_IMPORT);
        response.setStatus(HttpServletResponse.SC_NO_CONTENT);
    }
}