dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #19881
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8858: secured UserController, requires F_VIEW_USER to get list/object
------------------------------------------------------------
revno: 8858
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2012-11-04 14:18:18 +0100
message:
secured UserController, requires F_VIEW_USER to get list/object
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java
dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2012-06-05 15:36:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java 2012-11-04 13:18:18 +0000
@@ -34,12 +34,19 @@
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
+import java.util.Map;
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
@@ -55,6 +62,21 @@
private UserService userService;
@Override
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+ public String getObjectList( @RequestParam Map<String, String> parameters, Model model, HttpServletRequest request ) throws Exception
+ {
+ return super.getObjectList( parameters, model, request );
+ }
+
+ @Override
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+ public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters, Model model,
+ HttpServletRequest request, HttpServletResponse response ) throws Exception
+ {
+ return super.getObject( uid, parameters, model, request, response );
+ }
+
+ @Override
protected List<User> getEntityList( WebMetaData metaData, WebOptions options )
{
List<User> entityList;
=== modified file 'dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache'
--- dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache 2012-10-30 15:56:43 +0000
+++ dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache 2012-11-04 13:18:18 +0000
@@ -1,5 +1,5 @@
CACHE MANIFEST
-# Version: 23
+# Version: 24
CACHE:
../mobile/index