dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #19736
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8739: Added methods to HibernateGenericStore and IdentifiableObjectManager for objects which have 'acce...
------------------------------------------------------------
revno: 8739
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2012-10-26 17:53:06 +0200
message:
Added methods to HibernateGenericStore and IdentifiableObjectManager for objects which have 'access control' - certain objects like Maps and Charts can either be public or user specific. Made the Map web api controller respect this so that a user can only view maps which are public or owned by himself. Will make this more advanced/generic soon but this will do for next release.
added:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractAccessControlController.java
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/GenericIdentifiableObjectStore.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObjectManager.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultIdentifiableObjectManager.java
dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/mapping/MapController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/GenericIdentifiableObjectStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/GenericIdentifiableObjectStore.java 2012-10-26 12:49:31 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/GenericIdentifiableObjectStore.java 2012-10-26 15:53:06 +0000
@@ -31,7 +31,6 @@
import java.util.Date;
import java.util.List;
-import org.hisp.dhis.mapping.Map;
import org.hisp.dhis.user.User;
/**
@@ -113,7 +112,7 @@
/**
* Returns all objects that are equal to or newer than given date.
*
- * @param lastUpdated Date to compare to.
+ * @param lastUpdated Date to compare with.
* @return All objects equal or newer than given date.
*/
List<T> getByLastUpdated( Date lastUpdated );
@@ -150,10 +149,21 @@
* @param user the user.
* @return a list of objects.
*/
- Collection<Map> getAccessibleByUser( User user );
+ List<T> getAccessibleByUser( User user );
/**
* Retrieves objects which are accessible to the given user, which includes
+ * public objects and objects owned by this user, that are equal to or newer
+ * than given date.
+ *
+ * @param user the user.
+ * @param lastUpdated the Date to compare with.
+ * @return a list of objects.
+ */
+ List<T> getAccessibleByLastUpdated( User user, Date lastUpdated );
+
+ /**
+ * Retrieves objects which are accessible to the given user, which includes
* public objects and objects owned by this user, which name is like the
* given name.
*
@@ -161,8 +171,20 @@
* @param name the name.
* @return a list of objects.
*/
- List<Map> getAccessibleByName( User user, String name );
-
+ List<T> getAccessibleLikeName( User user, String name );
+
+ /**
+ * Retrieves objects which are accessible to the given user, which includes
+ * public objects and objects owned by this user, limited by the given offset
+ * and max result.
+ *
+ * @param user the user.
+ * @param first the first result object to return.
+ * @param max the max number of result objects to return.
+ * @return a list of objects.
+ */
+ List<T> getAccessibleBetween( User user, int first, int max );
+
/**
* Retrieves objects which are accessible to the given user, which includes
* public objects and objects owned by this user, which name is like the
@@ -174,5 +196,5 @@
* @param max the max number of result objects to return.
* @return a list of objects.
*/
- List<Map> getAccessibleBetweenByName( User user, String name, int first, int max );
+ List<T> getAccessibleBetweenLikeName( User user, String name, int first, int max );
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObjectManager.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObjectManager.java 2012-10-26 14:18:18 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/IdentifiableObjectManager.java 2012-10-26 15:53:06 +0000
@@ -32,6 +32,7 @@
import java.util.Collection;
import java.util.Date;
+import java.util.List;
import java.util.Map;
/**
@@ -54,17 +55,17 @@
<T extends IdentifiableObject> Collection<T> getAll( Class<T> clazz );
<T extends IdentifiableObject> Collection<T> getAllSorted( Class<T> clazz );
-
+
<T extends IdentifiableObject> Collection<T> getLikeName( Class<T> clazz, String name );
<T extends IdentifiableObject> Collection<T> getBetween( Class<T> clazz, int first, int max );
<T extends IdentifiableObject> Collection<T> getBetweenByName( Class<T> clazz, String name, int first, int max );
-
+
<T extends IdentifiableObject> Collection<T> getByLastUpdated( Class<T> clazz, Date lastUpdated );
<T extends IdentifiableObject> Collection<T> getByLastUpdatedSorted( Class<T> clazz, Date lastUpdated );
-
+
void delete( IdentifiableObject object );
<T extends IdentifiableObject> Map<String, T> getIdMap( Class<T> clazz, IdentifiableProperty property );
@@ -78,4 +79,14 @@
IdentifiableObject getObject( int id, String simpleClassName );
<T extends IdentifiableObject> int getCount( Class<T> clazz );
+
+ <T extends IdentifiableObject> List<T> getAllAccessible( Class<T> clazz );
+
+ <T extends IdentifiableObject> List<T> getAccessibleLikeName( Class<T> clazz, String name );
+
+ <T extends IdentifiableObject> List<T> getAccessibleBetween( Class<T> clazz, int first, int max );
+
+ <T extends IdentifiableObject> List<T> getAccessibleBetweenLikeName( Class<T> clazz, String name, int first, int max );
+
+ <T extends IdentifiableObject> List<T> getAccessibleByLastUpdated( Class<T> clazz, Date lastUpdated );
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultIdentifiableObjectManager.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultIdentifiableObjectManager.java 2012-10-26 14:18:18 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/common/DefaultIdentifiableObjectManager.java 2012-10-26 15:53:06 +0000
@@ -31,6 +31,8 @@
import org.apache.commons.logging.LogFactory;
import org.hisp.dhis.common.IdentifiableObject.IdentifiableProperty;
import org.hisp.dhis.common.NameableObject.NameableProperty;
+import org.hisp.dhis.user.CurrentUserService;
+import org.hisp.dhis.user.User;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
@@ -47,6 +49,9 @@
private static final Log log = LogFactory.getLog( DefaultIdentifiableObjectManager.class );
@Autowired
+ private CurrentUserService currentUserService;
+
+ @Autowired
private Set<GenericIdentifiableObjectStore<IdentifiableObject>> identifiableObjectStores;
@Autowired
@@ -74,6 +79,10 @@
}
}
+ //--------------------------------------------------------------------------
+ // IdentifiableObjectManager implementation
+ //--------------------------------------------------------------------------
+
@Override
public void save( IdentifiableObject object )
{
@@ -208,7 +217,7 @@
return (Collection<T>) store.getLikeName( name );
}
-
+
@Override
@SuppressWarnings( "unchecked" )
public <T extends IdentifiableObject> Collection<T> getBetween( Class<T> clazz, int first, int max )
@@ -264,7 +273,7 @@
return (Collection<T>) store.getByLastUpdatedSorted( lastUpdated );
}
-
+
@Override
@SuppressWarnings( "unchecked" )
public <T extends IdentifiableObject> Map<String, T> getIdMap( Class<T> clazz, IdentifiableProperty property )
@@ -439,4 +448,88 @@
return store;
}
+
+ //--------------------------------------------------------------------------
+ // Accessible
+ //--------------------------------------------------------------------------
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public <T extends IdentifiableObject> List<T> getAllAccessible( Class<T> clazz )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ GenericIdentifiableObjectStore<IdentifiableObject> store = getIdentifiableObjectStore( clazz );
+
+ if ( user == null || store == null )
+ {
+ return new ArrayList<T>();
+ }
+
+ return (List<T>) store.getAccessibleByUser( user );
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public <T extends IdentifiableObject> List<T> getAccessibleLikeName( Class<T> clazz, String name )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ GenericIdentifiableObjectStore<IdentifiableObject> store = getIdentifiableObjectStore( clazz );
+
+ if ( user == null || store == null )
+ {
+ return new ArrayList<T>();
+ }
+
+ return (List<T>) store.getAccessibleLikeName( user, name );
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public <T extends IdentifiableObject> List<T> getAccessibleBetween( Class<T> clazz, int first, int max )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ GenericIdentifiableObjectStore<IdentifiableObject> store = getIdentifiableObjectStore( clazz );
+
+ if ( user == null || store == null )
+ {
+ return new ArrayList<T>();
+ }
+
+ return (List<T>) store.getAccessibleBetween( user, first, max );
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public <T extends IdentifiableObject> List<T> getAccessibleBetweenLikeName( Class<T> clazz, String name, int first, int max )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ GenericIdentifiableObjectStore<IdentifiableObject> store = getIdentifiableObjectStore( clazz );
+
+ if ( user == null || store == null )
+ {
+ return new ArrayList<T>();
+ }
+
+ return (List<T>) store.getAccessibleBetweenLikeName( user, name, first, max );
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public <T extends IdentifiableObject> List<T> getAccessibleByLastUpdated( Class<T> clazz, Date lastUpdated )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ GenericIdentifiableObjectStore<IdentifiableObject> store = getIdentifiableObjectStore( clazz );
+
+ if ( store == null )
+ {
+ return new ArrayList<T>();
+ }
+
+ return (List<T>) store.getAccessibleByLastUpdated( user, lastUpdated );
+ }
}
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2012-10-26 12:49:31 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2012-10-26 15:53:06 +0000
@@ -27,6 +27,11 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.List;
+
import org.hibernate.Criteria;
import org.hibernate.Query;
import org.hibernate.SQLQuery;
@@ -36,16 +41,10 @@
import org.hibernate.criterion.Projections;
import org.hibernate.criterion.Restrictions;
import org.hisp.dhis.common.GenericNameableObjectStore;
-import org.hisp.dhis.mapping.Map;
import org.hisp.dhis.user.User;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.jdbc.core.JdbcTemplate;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.List;
-
/**
* @author Lars Helge Overland
* @version $Id$
@@ -381,17 +380,29 @@
@Override
@SuppressWarnings("unchecked")
- public Collection<Map> getAccessibleByUser( User user )
+ public List<T> getAccessibleByUser( User user )
{
//TODO link to interface
- return getCriteria( Restrictions.or(
- Restrictions.eq( "user", user ),
- Restrictions.isNull( "user" ) ) ).list();
- }
-
- @SuppressWarnings( "unchecked" )
- public List<Map> getAccessibleByName( User user, String name )
+ Criteria criteria = getCriteria();
+ criteria.add( Restrictions.or( Restrictions.eq( "user", user ), Restrictions.isNull( "user" ) ) );
+ criteria.addOrder( Order.asc( "name" ) );
+ return criteria.list();
+ }
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public List<T> getAccessibleByLastUpdated( User user, Date lastUpdated )
+ {
+ Criteria criteria = getCriteria();
+ criteria.add( Restrictions.or( Restrictions.eq( "user", user ), Restrictions.isNull( "user" ) ) );
+ criteria.add( Restrictions.ge( "lastUpdated", lastUpdated ) );
+ criteria.addOrder( Order.asc( "name" ) ).list();
+ return criteria.list();
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public List<T> getAccessibleLikeName( User user, String name )
{
Criteria criteria = getCriteria();
criteria.add( Restrictions.ilike( "name", "%" + name + "%" ) );
@@ -399,9 +410,21 @@
criteria.addOrder( Order.asc( "name" ) );
return criteria.list();
}
-
- @SuppressWarnings( "unchecked" )
- public List<Map> getAccessibleBetweenByName( User user, String name, int first, int max )
+
+ @Override
+ @SuppressWarnings( "unchecked" )
+ public List<T> getAccessibleBetween( User user, int first, int max )
+ {
+ Criteria criteria = getCriteria();
+ criteria.add( Restrictions.or( Restrictions.eq( "user", user ), Restrictions.isNull( "user" ) ) );
+ criteria.addOrder( Order.asc( "name" ) );
+ criteria.setFirstResult( first );
+ criteria.setMaxResults( max );
+ return criteria.list();
+ }
+
+ @SuppressWarnings( "unchecked" )
+ public List<T> getAccessibleBetweenLikeName( User user, String name, int first, int max )
{
Criteria criteria = getCriteria();
criteria.add( Restrictions.ilike( "name", "%" + name + "%" ) );
=== added file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractAccessControlController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractAccessControlController.java 1970-01-01 00:00:00 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractAccessControlController.java 2012-10-26 15:53:06 +0000
@@ -0,0 +1,92 @@
+package org.hisp.dhis.api.controller;
+
+/*
+ * Copyright (c) 2004-2012, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.hisp.dhis.common.IdentifiableObject;
+import org.hisp.dhis.common.Pager;
+
+/**
+ * @author Lars Helge Overland
+ */
+public class AbstractAccessControlController<T extends IdentifiableObject>
+ extends AbstractCrudController<T>
+{
+ @Override
+ protected List<T> getEntityList( WebMetaData metaData, WebOptions options )
+ {
+ List<T> entityList;
+
+ Date lastUpdated = options.getLastUpdated();
+
+ if ( lastUpdated != null )
+ {
+ entityList = new ArrayList<T>( manager.getAccessibleByLastUpdated( getEntityClass(), lastUpdated ) );
+ }
+ else if ( options.hasPaging() )
+ {
+ int count = manager.getCount( getEntityClass() );
+
+ Pager pager = new Pager( options.getPage(), count );
+ metaData.setPager( pager );
+
+ entityList = new ArrayList<T>( manager.getAccessibleBetween( getEntityClass(), pager.getOffset(), pager.getPageSize() ) );
+ }
+ else
+ {
+ entityList = new ArrayList<T>( manager.getAllAccessible( getEntityClass() ) );
+ }
+
+ return entityList;
+ }
+
+ @Override
+ protected List<T> queryForEntityList( WebMetaData metaData, WebOptions options, String query )
+ {
+ List<T> entityList;
+
+ if ( options.hasPaging() )
+ {
+ int count = manager.getCount( getEntityClass() );
+
+ Pager pager = new Pager( options.getPage(), count );
+ metaData.setPager( pager );
+
+ entityList = new ArrayList<T>( manager.getAccessibleBetweenLikeName( getEntityClass(), query, pager.getOffset(), pager.getPageSize() ) );
+ }
+ else
+ {
+ entityList = new ArrayList<T>( manager.getAccessibleLikeName( getEntityClass(), query ) );
+ }
+
+ return entityList;
+ }
+}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/mapping/MapController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/mapping/MapController.java 2012-10-25 17:18:52 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/mapping/MapController.java 2012-10-26 15:53:06 +0000
@@ -35,7 +35,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.hisp.dhis.api.controller.AbstractCrudController;
+import org.hisp.dhis.api.controller.AbstractAccessControlController;
import org.hisp.dhis.api.utils.ContextUtils;
import org.hisp.dhis.dataelement.DataElementService;
import org.hisp.dhis.dxf2.utils.JacksonUtils;
@@ -63,7 +63,7 @@
@Controller
@RequestMapping( value = MapController.RESOURCE_PATH )
public class MapController
- extends AbstractCrudController<Map>
+ extends AbstractAccessControlController<Map>
{
public static final String RESOURCE_PATH = "/maps";
