← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 8858: secured UserController, requires F_VIEW_USER to get list/object

 

------------------------------------------------------------
revno: 8858
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sun 2012-11-04 14:18:18 +0100
message:
  secured UserController, requires F_VIEW_USER to get list/object
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java
  dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java	2012-06-05 15:36:07 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/user/UserController.java	2012-11-04 13:18:18 +0000
@@ -34,12 +34,19 @@
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.user.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import java.util.ArrayList;
 import java.util.Date;
 import java.util.List;
+import java.util.Map;
 
 /**
  * @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
@@ -55,6 +62,21 @@
     private UserService userService;
 
     @Override
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+    public String getObjectList( @RequestParam Map<String, String> parameters, Model model, HttpServletRequest request ) throws Exception
+    {
+        return super.getObjectList( parameters, model, request );
+    }
+
+    @Override
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_USER_VIEW')" )
+    public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters, Model model,
+        HttpServletRequest request, HttpServletResponse response ) throws Exception
+    {
+        return super.getObject( uid, parameters, model, request, response );
+    }
+
+    @Override
     protected List<User> getEntityList( WebMetaData metaData, WebOptions options )
     {
         List<User> entityList;

=== modified file 'dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache'
--- dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache	2012-10-30 15:56:43 +0000
+++ dhis-2/dhis-web/dhis-web-mobile/src/main/resources/dhis-mobile-manifest.appcache	2012-11-04 13:18:18 +0000
@@ -1,5 +1,5 @@
 CACHE MANIFEST
-# Version: 23
+# Version: 24
 
 CACHE:
 ../mobile/index