dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #16268
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 6151: updated controllers to have proper authorities for CRUD operations
------------------------------------------------------------
revno: 6151
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2012-03-02 13:39:20 +0100
message:
updated controllers to have proper authorities for CRUD operations
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AttributeTypeController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryComboController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryOptionController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ChartController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ConstantController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupSetController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataSetController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueSetController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DocumentController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupSetController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorTypeController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupSetController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitLevelController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ReportTableController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SqlViewController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserGroupController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleGroupController.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/resources/struts.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AttributeTypeController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AttributeTypeController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AttributeTypeController.java 2012-03-02 12:39:20 +0000
@@ -36,6 +36,7 @@
import org.hisp.dhis.attribute.Attributes;
import org.hisp.dhis.common.Pager;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@@ -118,6 +119,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ATTRIBUTE_ADD')" )
public void postAttributeTypeXML( HttpServletResponse response, InputStream input ) throws Exception
{
Attribute attribute = (Attribute) Jaxb2Utils.unmarshal( Attribute.class, input );
@@ -125,6 +127,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ATTRIBUTE_ADD')" )
public void postAttributeTypeJSON( HttpServletResponse response, InputStream input ) throws Exception
{
Attribute attribute = JacksonUtils.readValueAs( Attribute.class, input );
@@ -165,6 +168,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ATTRIBUTE_UPDATE')" )
public void putAttributeTypeXML( @PathVariable( "uid" ) String uid, InputStream input, HttpServletResponse response ) throws Exception
{
Attribute updateAttribute = (Attribute) Jaxb2Utils.unmarshal( Attribute.class, input );
@@ -173,6 +177,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ATTRIBUTE_UPDATE')" )
public void putAttributeTypeJSON( @PathVariable( "uid" ) String uid, InputStream input, HttpServletResponse response ) throws Exception
{
Attribute updateAttribute = JacksonUtils.readValueAs( Attribute.class, input );
@@ -223,6 +228,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ATTRIBUTE_DELETE')" )
public void deleteAttributeType( @PathVariable( "uid" ) String uid, HttpServletResponse response ) throws Exception
{
Attribute attribute = attributeService.getAttribute( uid );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryComboController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryComboController.java 2011-12-19 18:07:12 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryComboController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.dataelement.DataElementCategoryService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -120,6 +121,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postCategoryComboXML( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -127,6 +129,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postCategoryComboJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryComboXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryComboJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteCategoryCombo( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryController.java 2011-12-19 18:07:12 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.dataelement.DataElementCategoryService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -120,6 +121,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postCategoryXML( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -127,6 +129,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postCategoryJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteCategory( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryOptionController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryOptionController.java 2011-12-19 18:07:12 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/CategoryOptionController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.dataelement.DataElementCategoryService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postCategoryOptionXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postCategoryOptionJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryOptionXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putCategoryOptionJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteCategoryOption( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ChartController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ChartController.java 2012-01-24 14:43:36 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ChartController.java 2012-03-02 12:39:20 +0000
@@ -44,6 +44,7 @@
import org.jfree.chart.JFreeChart;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -173,6 +174,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CHART_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postChartXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -180,6 +182,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CHART_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postChartJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -191,6 +194,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CHART_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putChartXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -198,6 +202,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CHART_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putChartJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -209,6 +214,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CHART_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteChart( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ConstantController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ConstantController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ConstantController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.constant.Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CONSTANT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postConstantXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CONSTANT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postConstantJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CONSTANT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putConstantXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CONSTANT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putConstantJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_CONSTANT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteConstant( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementController.java 2011-12-19 17:20:37 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementController.java 2012-03-02 12:39:20 +0000
@@ -125,7 +125,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postDataElementXML( HttpServletResponse response, InputStream input ) throws Exception
{
DataElement dataElement = Jaxb2Utils.unmarshal( DataElement.class, input );
@@ -133,7 +133,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_ADD')" )
public void postDataElementJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -175,7 +175,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
public void putDataElementXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -183,7 +183,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_UPDATE')" )
public void putDataElementJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -195,7 +195,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_DELETE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENT_DELETE')" )
public void deleteDataElement( @PathVariable( "uid" ) String uid ) throws Exception
{
DataElement dataElement = dataElementService.getDataElement( uid );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupController.java 2012-03-02 12:39:20 +0000
@@ -122,7 +122,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUP_ADD')" )
public void postDataElementGroupXML( HttpServletResponse response, InputStream input ) throws Exception
{
DataElementGroup dataElementGroup = Jaxb2Utils.unmarshal( DataElementGroup.class, input );
@@ -130,7 +130,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUP_ADD')" )
public void postDataElementGroupJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -170,7 +170,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUP_UPDATE')" )
public void putDataElementGroupXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() );
@@ -178,7 +178,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUP_UPDATE')" )
public void putDataElementGroupJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -190,7 +190,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_DELETE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUP_DELETE')" )
public void deleteDataElementGroup( @PathVariable( "uid" ) String uid ) throws Exception
{
DataElementGroup dataElementGroup = dataElementService.getDataElementGroup( uid );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupSetController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupSetController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataElementGroupSetController.java 2012-03-02 12:39:20 +0000
@@ -125,7 +125,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUPSET_ADD')" )
public void postDataElementGroupSetXML( HttpServletResponse response, InputStream input ) throws Exception
{
DataElementGroupSet dataElementGroupSet = Jaxb2Utils.unmarshal( DataElementGroupSet.class, input );
@@ -133,7 +133,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUPSET_ADD')" )
public void postDataElementGroupSetJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -174,7 +174,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUPSET_UPDATE')" )
public void putDataElementGroupSetXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -182,7 +182,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_UPDATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUPSET_UPDATE')" )
public void putDataElementGroupSetJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -194,7 +194,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_DELETE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAELEMENTGROUPSET_DELETE')" )
public void deleteDataElementGroupSet( @PathVariable( "uid" ) String uid ) throws Exception
{
DataElementGroupSet dataElementGroupSet = dataElementService.getDataElementGroupSet( uid );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataSetController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataSetController.java 2011-12-19 17:20:37 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataSetController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.dataset.DataSets;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -118,6 +119,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATASET_ADD')" )
public void postDataSetXML( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -125,6 +127,7 @@
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.CREATED )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATASET_ADD')" )
public void postDataSetJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -136,6 +139,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATASET_UPDATE')" )
public void putDataSetXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -143,6 +147,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATASET_UPDATE')" )
public void putDataSetJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -154,6 +159,7 @@
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATASET_DELETE')" )
public void deleteDataSet( @PathVariable( "uid" ) String uid ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueSetController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueSetController.java 2012-02-16 09:03:14 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueSetController.java 2012-03-02 12:39:20 +0000
@@ -33,6 +33,7 @@
import org.hisp.dhis.importexport.dxf2.model.DataValueSet;
import org.hisp.dhis.importexport.dxf2.service.DataValueSetService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestBody;
@@ -59,11 +60,12 @@
}
@RequestMapping( method = RequestMethod.POST )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAVALUE_ADD')" )
public void storeDataValueSet( @RequestBody DataValueSet dataValueSet )
{
dataValueSetService.saveDataValueSet( dataValueSet );
- log.debug( "Saved data value set for data set: " + dataValueSet.getDataSetIdentifier() +
- ", org unit: " + dataValueSet.getOrganisationUnitIdentifier() + ", period: " + dataValueSet.getPeriodIsoDate() );
+ log.debug( "Saved data value set for data set: " + dataValueSet.getDataSetIdentifier() +
+ ", org unit: " + dataValueSet.getOrganisationUnitIdentifier() + ", period: " + dataValueSet.getPeriodIsoDate() );
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DocumentController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DocumentController.java 2012-01-24 14:43:36 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DocumentController.java 2012-03-02 12:39:20 +0000
@@ -28,6 +28,7 @@
*/
import org.apache.commons.io.IOUtils;
+import org.hisp.dhis.api.utils.ContextUtils;
import org.hisp.dhis.api.utils.IdentifiableObjectParams;
import org.hisp.dhis.api.utils.WebLinkPopulator;
import org.hisp.dhis.common.Pager;
@@ -35,9 +36,9 @@
import org.hisp.dhis.document.DocumentService;
import org.hisp.dhis.document.Documents;
import org.hisp.dhis.external.location.LocationManager;
-import org.hisp.dhis.api.utils.ContextUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -144,6 +145,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DOCUMENT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postDocumentXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -151,6 +153,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DOCUMENT_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postDocumentJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -162,6 +165,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DOCUMENT_ADD')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putDocumentXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -169,6 +173,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DOCUMENT_ADD')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putDocumentJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -180,6 +185,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DOCUMENT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteDocument( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorController.java 2011-12-19 17:20:37 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.indicator.Indicators;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATOR_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATOR_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATOR_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATOR_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATOR_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteIndicator( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.indicator.IndicatorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorGroupXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorGroupJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorGroupXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorGroupJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUP_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteIndicatorGroup( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupSetController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupSetController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorGroupSetController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.indicator.IndicatorService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUPSET_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorGroupSetXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUPSET_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorGroupSetJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUPSET_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorGroupSetXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUPSET_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorGroupSetJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORGROUPSET_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteIndicatorGroupSet( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorTypeController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorTypeController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/IndicatorTypeController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.indicator.IndicatorTypes;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORTYPE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorTypeXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORTYPE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postIndicatorTypeJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORTYPE_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorTypeXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORTYPE_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putIndicatorTypeJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_INDICATORTYPE_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteIndicatorType( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitController.java 2012-03-02 12:39:20 +0000
@@ -98,7 +98,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNIT_ADD')" )
public void postOrganisationUnitXML( HttpServletResponse response, InputStream input ) throws Exception
{
OrganisationUnit organisationUnit = Jaxb2Utils.unmarshal( OrganisationUnit.class, input );
@@ -106,7 +106,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNIT_ADD')" )
public void postOrganisationUnitJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -146,6 +146,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNIT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -153,6 +154,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNIT_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -164,6 +166,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNIT_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteOrganisationUnit( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupController.java 2012-03-02 12:39:20 +0000
@@ -98,7 +98,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUP_ADD')" )
public void postOrganisationUnitGroupXML( HttpServletResponse response, InputStream input ) throws Exception
{
OrganisationUnitGroup organisationUnitGroup = Jaxb2Utils.unmarshal( OrganisationUnitGroup.class, input );
@@ -107,7 +107,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUP_ADD')" )
public void postOrganisationUnitGroupJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -147,6 +147,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitGroupXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -154,6 +155,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitGroupJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -165,6 +167,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUP_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteOrganisationUnitGroup( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupSetController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupSetController.java 2012-02-21 07:42:09 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitGroupSetController.java 2012-03-02 12:39:20 +0000
@@ -125,7 +125,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUPSET_ADD')" )
public void postOrganisationUnitGroupSetXML( HttpServletResponse response, InputStream input ) throws Exception
{
OrganisationUnitGroupSet organisationUnitGroupSet = Jaxb2Utils.unmarshal( OrganisationUnitGroupSet.class, input );
@@ -133,7 +133,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUPSET_ADD')" )
public void postOrganisationUnitGroupSetJSON( HttpServletResponse response, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -173,6 +173,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUPSET_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitGroupSetXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -180,6 +181,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUPSET_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitGroupSetJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -191,6 +193,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGUNITGROUPSET_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteOrganisationUnitGroupSet( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitLevelController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitLevelController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/OrganisationUnitLevelController.java 2012-03-02 12:39:20 +0000
@@ -103,57 +103,11 @@
}
//-------------------------------------------------------------------------------------------------------
- // POST
- //-------------------------------------------------------------------------------------------------------
-
- @RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
- public void postOrganisationUnitLevelXML( HttpServletResponse response, InputStream input ) throws Exception
- {
- OrganisationUnitLevel organisationUnitLevel = Jaxb2Utils.unmarshal( OrganisationUnitLevel.class, input );
- postOrganisationUnitLevel( organisationUnitLevel, response );
- }
-
- @RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_WEBAPI_CREATE')" )
- public void postOrganisationUnitLevelJSON( HttpServletResponse response, InputStream input ) throws Exception
- {
- throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
- }
-
- public void postOrganisationUnitLevel( OrganisationUnitLevel organisationUnitLevel, HttpServletResponse response )
- {
- if ( organisationUnitLevel == null )
- {
- response.setStatus( HttpServletResponse.SC_NOT_IMPLEMENTED );
- }
- else
- {
- try
- {
- organisationUnitLevel = objectPersister.persistOrganisationUnitLevel( organisationUnitLevel );
-
- if ( organisationUnitLevel.getUid() == null )
- {
- response.setStatus( HttpServletResponse.SC_INTERNAL_SERVER_ERROR );
- }
- else
- {
- response.setStatus( HttpServletResponse.SC_CREATED );
- response.setHeader( "Location", DataElementController.RESOURCE_PATH + "/" + organisationUnitLevel.getUid() );
- }
- } catch ( Exception e )
- {
- response.setStatus( HttpServletResponse.SC_CONFLICT );
- }
- }
- }
-
- //-------------------------------------------------------------------------------------------------------
// PUT
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNITLEVEL_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitLevelXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -161,20 +115,10 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_ORGANISATIONUNITLEVEL_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putOrganisationUnitLevelJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
}
-
- //-------------------------------------------------------------------------------------------------------
- // DELETE
- //-------------------------------------------------------------------------------------------------------
-
- @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
- @ResponseStatus( value = HttpStatus.NO_CONTENT )
- public void deleteOrganisationUnitLevel( @PathVariable( "uid" ) String uid ) throws Exception
- {
- throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() );
- }
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ReportTableController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ReportTableController.java 2012-01-24 14:43:36 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ReportTableController.java 2012-03-02 12:39:20 +0000
@@ -42,6 +42,7 @@
import org.hisp.dhis.api.utils.ContextUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -221,6 +222,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_REPORTTABLE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postReportTableXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -228,6 +230,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_REPORTTABLE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postReportTableJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -239,6 +242,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_REPORTTABLE_ADD')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putReportTableXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -246,6 +250,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_REPORTTABLE_ADD')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putReportTableJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -257,6 +262,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_REPORTTABLE_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteReportTable( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SqlViewController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SqlViewController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/SqlViewController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.sqlview.SqlViews;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_SQLVIEW_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postSqlViewXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_SQLVIEW_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postSqlViewJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_SQLVIEW_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putSqlViewXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_SQLVIEW_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putSqlViewJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_SQLVIEW_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteSqlView( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserController.java 2012-01-05 21:51:00 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserController.java 2012-03-02 12:39:20 +0000
@@ -40,6 +40,7 @@
import org.hisp.dhis.user.Users;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -102,6 +103,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postUserXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -109,6 +111,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postUserJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -120,6 +123,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putUserXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -127,6 +131,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putUserJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -138,6 +143,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteUser( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserGroupController.java 2011-12-21 11:37:17 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/UserGroupController.java 2012-03-02 12:39:20 +0000
@@ -34,6 +34,7 @@
import org.hisp.dhis.user.UserGroups;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -101,6 +102,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_GRUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postUserGroupXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -108,6 +110,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_GRUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postUserGroupJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -119,6 +122,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_GRUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putUserGroupXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -126,6 +130,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_GRUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putUserGroupJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -137,6 +142,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_GRUP_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteUserGroup( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.validation.ValidationRules;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postValidationRuleXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULE_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postValidationRuleJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULE_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putValidationRuleXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULE_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putValidationRuleJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULE_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteValidationRule( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleGroupController.java 2011-12-19 19:45:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/ValidationRuleGroupController.java 2012-03-02 12:39:20 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.validation.ValidationRuleService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.HttpRequestMethodNotSupportedException;
@@ -119,6 +120,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULEGROUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postValidationRuleGroupXML( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -126,6 +128,7 @@
}
@RequestMapping( method = RequestMethod.POST, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULEGROUP_ADD')" )
@ResponseStatus( value = HttpStatus.CREATED )
public void postValidationRuleGroupJSON( HttpServletResponse response, InputStream input ) throws Exception
{
@@ -137,6 +140,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/xml, text/xml"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULEGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putValidationRuleGroupXML( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -144,6 +148,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.PUT, headers = {"Content-Type=application/json"} )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULEGROUP_UPDATE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void putValidationRuleGroupJSON( @PathVariable( "uid" ) String uid, InputStream input ) throws Exception
{
@@ -155,6 +160,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_VALIDATIONRULEGROUP_DELETE')" )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
public void deleteValidationGroupRule( @PathVariable( "uid" ) String uid ) throws Exception
{
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/resources/struts.xml 2012-02-29 09:21:50 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataadmin/src/main/resources/struts.xml 2012-03-02 12:39:20 +0000
@@ -468,14 +468,14 @@
<result name="success" type="velocity">/main.vm</result>
<param name="menu">/dhis-web-maintenance-dataadmin/menu.vm</param>
<param name="page">/dhis-web-maintenance-dataadmin/addAttributeForm.vm</param>
- <param name="requiredAuthorities">F_DATAELEMENT_ADD</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_ADD</param>
</action>
<action name="showUpdateAttributeForm" class="org.hisp.dhis.dataadmin.action.attribute.GetAttributeAction">
<result name="success" type="velocity">/main.vm</result>
<param name="menu">/dhis-web-maintenance-dataadmin/menu.vm</param>
<param name="page">/dhis-web-maintenance-dataadmin/updateAttributeForm.vm</param>
- <param name="requiredAuthorities">F_DATAELEMENT_UPDATE</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_UPDATE</param>
</action>
<action name="showSortAttributeForm" class="org.hisp.dhis.dataadmin.action.attribute.GetAttributeListSortOrderAction">
@@ -486,18 +486,18 @@
<action name="addAttribute" class="org.hisp.dhis.dataadmin.action.attribute.AddAttributeAction">
<result name="success" type="redirect">attribute.action</result>
<result name="error" type="redirect">index.action</result>
- <param name="requiredAuthorities">F_DATAELEMENT_ADD</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_ADD</param>
</action>
<action name="saveAttributeSortOrder" class="org.hisp.dhis.dataadmin.action.attribute.SaveAttributeSortOrderAction">
<result name="success" type="redirect">attribute.action</result>
- <param name="requiredAuthorities">F_DATAELEMENT_UPDATE</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_UPDATE</param>
</action>
<action name="updateAttribute" class="org.hisp.dhis.dataadmin.action.attribute.UpdateAttributeAction">
<result name="success" type="redirect">attribute.action</result>
<result name="error" type="redirect">index.action</result>
- <param name="requiredAuthorities">F_DATAELEMENT_UPDATE</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_UPDATE</param>
</action>
<action name="removeAttribute" class="org.hisp.dhis.dataadmin.action.attribute.RemoveAttributeAction">
@@ -508,7 +508,7 @@
/dhis-web-commons/ajax/jsonResponseError.vm
</result>
<param name="onExceptionReturn">plainTextError</param>
- <param name="requiredAuthorities">F_DATAELEMENT_DELETE</param>
+ <param name="requiredAuthorities">F_ATTRIBUTE_DELETE</param>
</action>
<action name="getAttribute" class="org.hisp.dhis.dataadmin.action.attribute.GetAttributeAction">
