dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #16691
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 6407: added M_dhis-web-maintenance-user to @PreAuthorize for User* controllers
------------------------------------------------------------
revno: 6407
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Wed 2012-03-28 09:18:05 +0200
message:
added M_dhis-web-maintenance-user to @PreAuthorize for User* controllers
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserGroupController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2012-03-22 14:59:55 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2012-03-28 07:18:05 +0000
@@ -27,12 +27,6 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.io.InputStream;
-import java.util.ArrayList;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
import org.hisp.dhis.api.utils.IdentifiableObjectParams;
import org.hisp.dhis.api.utils.WebLinkPopulator;
import org.hisp.dhis.user.User;
@@ -49,6 +43,11 @@
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseStatus;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.InputStream;
+import java.util.ArrayList;
+
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
*/
@@ -66,6 +65,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.GET )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-user')" )
public String getUsers( IdentifiableObjectParams params, Model model, HttpServletRequest request )
{
Users users = new Users();
@@ -83,6 +83,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.GET )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-user')" )
public String getUser( @PathVariable( "uid" ) String uid, IdentifiableObjectParams params, Model model, HttpServletRequest request )
{
User user = userService.getUser( uid );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserGroupController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserGroupController.java 2012-03-22 14:59:55 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserGroupController.java 2012-03-28 07:18:05 +0000
@@ -65,6 +65,7 @@
//-------------------------------------------------------------------------------------------------------
@RequestMapping( method = RequestMethod.GET )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-user')" )
public String getUserGroups( IdentifiableObjectParams params, Model model, HttpServletRequest request )
{
UserGroups userGroups = new UserGroups();
@@ -82,6 +83,7 @@
}
@RequestMapping( value = "/{uid}", method = RequestMethod.GET )
+ @PreAuthorize( "hasRole('ALL') or hasRole('M_dhis-web-maintenance-user')" )
public String getUserGroup( @PathVariable( "uid" ) String uid, IdentifiableObjectParams params, Model model, HttpServletRequest request )
{
UserGroup userGroup = userGroupService.getUserGroup( uid );
