Search in sources :

Example 86 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.

the class UserDashboardRestController method getDefaultDashboardForCurrentUser.

@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/search/getDefaultDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
@ResponseBody
public ResponseEntity<?> getDefaultDashboardForCurrentUser(PersistentEntityResourceAssembler persistentEntityResourceAssembler) {
    UserDashboard dashboard = repository.getDefaultDashboardForPersonId(getCurrentAuthenticatedPerson().getId());
    if (dashboard == null) {
        return ResponseEntity.ok().build();
    }
    Resource<Object> resource = persistentEntityResourceAssembler.toResource(dashboard);
    return ResponseEntity.ok(resource);
}
Also used : UserDashboard(org.devgateway.ocds.persistence.dao.UserDashboard) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping) ResponseBody(org.springframework.web.bind.annotation.ResponseBody)

Example 87 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project oc-explorer by devgateway.

the class UserDashboardRestController method saveDashboardForCurrentUser.

@RequestMapping(method = { RequestMethod.POST, RequestMethod.GET }, value = "/userDashboards/saveDashboardForCurrentUser")
@PreAuthorize("hasRole('ROLE_PROCURING_ENTITY')")
public ResponseEntity<Void> saveDashboardForCurrentUser(@ModelAttribute @Valid UserDashboard userDashboard) {
    Person person = personRepository.getOne(getCurrentAuthenticatedPerson().getId());
    userDashboard.getUsers().add(person);
    person.getDashboards().add(userDashboard);
    repository.save(userDashboard);
    return ResponseEntity.ok().build();
}
Also used : Person(org.devgateway.toolkit.persistence.dao.Person) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 88 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmIdentityContractController method saveFormValues.

/**
 * Saves entity's form values
 *
 * @param backendId
 * @param formValues
 * @return
 */
@ResponseBody
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITYCONTRACT_UPDATE + "')")
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.POST)
@ApiOperation(value = "Identity contract form definition - save values", nickname = "postIdentityContractFormValues", tags = { IdmIdentityContractController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITYCONTRACT_UPDATE, description = "") }) })
public Resource<?> saveFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode, @ApiParam(value = "Filled form data.", required = true) @RequestBody @Valid List<IdmFormValueDto> formValues) {
    IdmIdentityContractDto dto = getDto(backendId);
    if (dto == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    checkAccess(dto, IdmBasePermission.UPDATE);
    // 
    IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentityContract.class, definitionCode);
    // 
    return formDefinitionController.saveFormValues(dto, formDefinition, formValues);
}
Also used : ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) IdmIdentityContractDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityContractDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 89 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmIdentityController method getFormValues.

/**
 * Returns filled form values
 *
 * @param backendId
 * @return
 */
@ResponseBody
@RequestMapping(value = "/{backendId}/form-values", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity form definition - read values", nickname = "getIdentityFormValues", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public Resource<?> getFormValues(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable @NotNull String backendId, @ApiParam(value = "Code of form definition (default will be used if no code is given).", required = false, defaultValue = FormService.DEFAULT_DEFINITION_CODE) @RequestParam(name = "definitionCode", required = false) String definitionCode) {
    IdmIdentityDto entity = getDto(backendId);
    if (entity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    // 
    IdmFormDefinitionDto formDefinition = formDefinitionController.getDefinition(IdmIdentity.class, definitionCode);
    // 
    return formDefinitionController.getFormValues(entity, formDefinition);
}
Also used : ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) IdmFormDefinitionDto(eu.bcvsolutions.idm.core.eav.api.dto.IdmFormDefinitionDto) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 90 with PreAuthorize

use of org.springframework.security.access.prepost.PreAuthorize in project CzechIdMng by bcvsolutions.

the class IdmIdentityController method findRevision.

@ResponseBody
@RequestMapping(value = "/{backendId}/revisions/{revId}", method = RequestMethod.GET)
@PreAuthorize("hasAuthority('" + CoreGroupPermission.IDENTITY_READ + "')")
@ApiOperation(value = "Identity audit - read revision detail", nickname = "getIdentityRevision", tags = { IdmIdentityController.TAG }, authorizations = { @Authorization(value = SwaggerConfig.AUTHENTICATION_BASIC, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }), @Authorization(value = SwaggerConfig.AUTHENTICATION_CIDMST, scopes = { @AuthorizationScope(scope = CoreGroupPermission.IDENTITY_READ, description = "") }) })
public ResponseEntity<?> findRevision(@ApiParam(value = "Identity's uuid identifier or username.", required = true) @PathVariable("backendId") String backendId, @ApiParam(value = "Revision identifier.", required = true) @PathVariable("revId") Long revId) {
    IdmIdentityDto originalEntity = getDto(backendId);
    if (originalEntity == null) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("entity", backendId));
    }
    checkAccess(originalEntity, IdmBasePermission.READ);
    // 
    IdmIdentity revisionIdentity;
    try {
        revisionIdentity = this.auditService.findRevision(IdmIdentity.class, originalEntity.getId(), revId);
    // checkAccess(revisionIdentity, IdmBasePermission.READ);
    } catch (RevisionDoesNotExistException ex) {
        throw new ResultCodeException(CoreResultCode.NOT_FOUND, ImmutableMap.of("revision", revId), ex);
    }
    // TODO: dto
    return new ResponseEntity<>(revisionIdentity, HttpStatus.OK);
}
Also used : ResponseEntity(org.springframework.http.ResponseEntity) ResultCodeException(eu.bcvsolutions.idm.core.api.exception.ResultCodeException) RevisionDoesNotExistException(org.hibernate.envers.exception.RevisionDoesNotExistException) IdmIdentityDto(eu.bcvsolutions.idm.core.api.dto.IdmIdentityDto) IdmIdentity(eu.bcvsolutions.idm.core.model.entity.IdmIdentity) ApiOperation(io.swagger.annotations.ApiOperation) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize) ResponseBody(org.springframework.web.bind.annotation.ResponseBody) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

PreAuthorize (org.springframework.security.access.prepost.PreAuthorize)289 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)234 ResponseBody (org.springframework.web.bind.annotation.ResponseBody)88 ApiOperation (io.swagger.annotations.ApiOperation)70 ModelAndView (org.springframework.web.servlet.ModelAndView)51 ResultCodeException (eu.bcvsolutions.idm.core.api.exception.ResultCodeException)44 ResponseEntity (org.springframework.http.ResponseEntity)41 ResponseStatus (org.springframework.web.bind.annotation.ResponseStatus)40 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)36 IOException (java.io.IOException)35 ServiceException (org.nhindirect.common.rest.exceptions.ServiceException)34 InputStream (java.io.InputStream)26 Date (java.util.Date)26 ArrayList (java.util.ArrayList)25 ImportSummary (org.hisp.dhis.dxf2.importsummary.ImportSummary)23 ConfigurationServiceException (org.nhindirect.config.service.ConfigurationServiceException)21 List (java.util.List)17 HttpHeaders (org.springframework.http.HttpHeaders)16 Grid (org.hisp.dhis.common.Grid)14 SearchDomainForm (org.nhindirect.config.ui.form.SearchDomainForm)14