dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #20359
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 9255: FRED-API: Added authorities for accessing the FRED API
------------------------------------------------------------
revno: 9255
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2012-12-10 16:53:34 +0300
message:
FRED-API: Added authorities for accessing the FRED API
modified:
dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java
dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityServiceController.java
dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java
dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/META-INF/dhis/webapi-fred.xml
dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/struts.xml
dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm
dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2012-12-10 12:34:13 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2012-12-10 13:53:34 +0000
@@ -35,6 +35,7 @@
import org.hisp.dhis.hierarchy.HierarchyViolationException;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.organisationunit.OrganisationUnitService;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.web.webapi.v1.domain.Facilities;
import org.hisp.dhis.web.webapi.v1.domain.Facility;
import org.hisp.dhis.web.webapi.v1.utils.ValidationUtils;
@@ -46,6 +47,7 @@
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.*;
@@ -66,6 +68,7 @@
*/
@Controller( value = "facility-controller-" + FredController.PREFIX )
@RequestMapping( FacilityController.RESOURCE_PATH )
+@PreAuthorize( "hasRole('M_dhis-web-api-fred') or hasRole('ALL')" )
public class FacilityController
{
public static final String RESOURCE_PATH = "/" + FredController.PREFIX + "/facilities";
@@ -77,6 +80,9 @@
private DataSetService dataSetService;
@Autowired
+ private CurrentUserService currentUserService;
+
+ @Autowired
private ConversionService conversionService;
@Autowired
@@ -101,6 +107,8 @@
facilities.getFacilities().add( facility );
}
+ setAccessRights( model );
+
model.addAttribute( "esc", StringEscapeUtils.class );
model.addAttribute( "entity", facilities );
model.addAttribute( "baseUrl", linkTo( FredController.class ).toString() );
@@ -117,6 +125,8 @@
Facility facility = conversionService.convert( organisationUnit, Facility.class );
+ setAccessRights( model );
+
model.addAttribute( "esc", StringEscapeUtils.class );
model.addAttribute( "entity", facility );
model.addAttribute( "baseUrl", linkTo( FredController.class ).toString() );
@@ -126,11 +136,22 @@
return FredController.PREFIX + "/layout";
}
+ private void setAccessRights( Model model )
+ {
+ Set<String> authorities = currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities();
+
+ model.addAttribute( "canCreate", authorities.contains( "F_FRED_CREATE" ) || currentUserService.currentUserIsSuper() );
+ model.addAttribute( "canRead", authorities.contains( "M-dhis-web-api-fred" ) || currentUserService.currentUserIsSuper() );
+ model.addAttribute( "canUpdate", authorities.contains( "F_FRED_UPDATE" ) || currentUserService.currentUserIsSuper() );
+ model.addAttribute( "canDelete", authorities.contains( "F_FRED_DELETE" ) || currentUserService.currentUserIsSuper() );
+ }
+
//--------------------------------------------------------------------------
// POST JSON
//--------------------------------------------------------------------------
@RequestMapping( value = "", method = RequestMethod.POST )
+ @PreAuthorize( "hasRole('F_FRED_CREATE') or hasRole('ALL')" )
public ResponseEntity<String> createFacility( @RequestBody Facility facility ) throws IOException
{
Set<ConstraintViolation<Facility>> constraintViolations = validator.validate( facility, Default.class, Create.class );
@@ -164,6 +185,7 @@
//--------------------------------------------------------------------------
@RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE )
+ @PreAuthorize( "hasRole('F_FRED_UPDATE') or hasRole('ALL')" )
public ResponseEntity<String> updateFacility( @PathVariable String id, @RequestBody Facility facility ) throws IOException
{
facility.setId( id );
@@ -202,6 +224,7 @@
//--------------------------------------------------------------------------
@RequestMapping( value = "/{id}", method = RequestMethod.DELETE )
+ @PreAuthorize( "hasRole('F_FRED_DELETE') or hasRole('ALL')" )
public ResponseEntity<Void> deleteFacility( @PathVariable String id ) throws HierarchyViolationException
{
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id );
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityServiceController.java'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityServiceController.java 2012-12-10 12:34:13 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityServiceController.java 2012-12-10 13:53:34 +0000
@@ -34,10 +34,10 @@
import org.hisp.dhis.web.webapi.v1.validation.group.Create;
import org.hisp.dhis.web.webapi.v1.validation.group.Update;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestBody;
@@ -53,14 +53,14 @@
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
*/
-@Controller(value = "facility-service-controller-" + FredController.PREFIX)
+@Controller( value = "facility-service-controller-" + FredController.PREFIX )
@RequestMapping(FacilityServiceController.RESOURCE_PATH)
+@PreAuthorize("hasRole('M_dhis-web-api-fred') or hasRole('ALL')")
public class FacilityServiceController
{
public static final String RESOURCE_PATH = "/" + FredController.PREFIX + "/facility-service";
@Autowired
- @Qualifier("org.hisp.dhis.organisationunit.OrganisationUnitService")
private OrganisationUnitService organisationUnitService;
@Autowired
@@ -70,7 +70,8 @@
// EXTRA WEB METHODS
//--------------------------------------------------------------------------
- @RequestMapping(value = "/{id}/activate", method = RequestMethod.POST)
+ @RequestMapping( value = "/{id}/activate", method = RequestMethod.POST )
+ @PreAuthorize("hasRole('F_FRED_UPDATE') or hasRole('ALL')")
public ResponseEntity<Void> activateFacility( @PathVariable String id )
{
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id );
@@ -86,7 +87,8 @@
return new ResponseEntity<Void>( HttpStatus.NOT_FOUND );
}
- @RequestMapping(value = "/{id}/deactivate", method = RequestMethod.POST)
+ @RequestMapping( value = "/{id}/deactivate", method = RequestMethod.POST )
+ @PreAuthorize("hasRole('F_FRED_UPDATE') or hasRole('ALL')")
public ResponseEntity<Void> deactivateFacility( @PathVariable String id )
{
OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id );
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java 2012-12-07 14:16:37 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java 2012-12-10 13:53:34 +0000
@@ -28,6 +28,7 @@
*/
import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -40,6 +41,7 @@
*/
@Controller( value = "fred-controller-" + FredController.PREFIX )
@RequestMapping( value = FredController.PREFIX )
+@PreAuthorize( "hasRole('M_dhis-web-api-fred') or hasRole('ALL')" )
public class FredController
{
public static final String PREFIX = "v1";
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/META-INF/dhis/webapi-fred.xml'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/META-INF/dhis/webapi-fred.xml 2012-12-08 16:07:13 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/META-INF/dhis/webapi-fred.xml 2012-12-10 13:53:34 +0000
@@ -2,12 +2,16 @@
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns="http://www.springframework.org/schema/beans";
xmlns:context="http://www.springframework.org/schema/context";
+ xmlns:sec="http://www.springframework.org/schema/security";
xmlns:mvc="http://www.springframework.org/schema/mvc";
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd";>
+ <sec:global-method-security pre-post-annotations="enabled" />
+
<context:component-scan base-package="org.hisp.dhis.web.webapi" />
<context:annotation-config />
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/struts.xml 2012-12-06 20:06:23 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/resources/struts.xml 2012-12-10 13:53:34 +0000
@@ -1,18 +1,15 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
- "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
- "http://struts.apache.org/dtds/struts-2.0.dtd";>
+ "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
+ "http://struts.apache.org/dtds/struts-2.0.dtd";>
<struts>
<include file="dhis-web-commons.xml" />
- <package name="dhis-web-api-fred" extends="dhis-web-commons"
- namespace="/api-fred">
+ <package name="dhis-web-api-fred" extends="dhis-web-commons" namespace="/api-fred">
- <!--
- <action name="index" class="org.hisp.dhis.commons.action.NoAction">
- <result type="redirect">/mobile</result>
+ <action name="" class="org.hisp.dhis.commons.action.NoAction">
+ <param name="requiredAuthorities">F_FRED_CREATE, F_FRED_UPDATE, F_FRED_DELETE</param>
</action>
- -->
</package>
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm 2012-12-09 19:31:01 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facilities.vm 2012-12-10 13:53:34 +0000
@@ -180,15 +180,15 @@
<td class='facility-actions' style='width: 1px;'>
<div class='btn-group'>
#if( $facility.active )
- <button style='width: 44px;' class='deactivateButton btn btn-mini btn-success' title='Deactivate Facility'>
+ <button #if(!$canUpdate)disabled#end style='width: 44px;' class='deactivateButton btn btn-mini btn-success' title='Deactivate Facility'>
<span class='icon-white icon-ok-circle'> </span>
</button>
#else
- <button style='width: 44px;' class='activateButton btn btn-mini btn-inverse' title='Activate Facility'>
+ <button #if(!$canUpdate)disabled#end style='width: 44px;' class='activateButton btn btn-mini btn-inverse' title='Activate Facility'>
<span class='icon-white icon-ban-circle'> </span>
</button>
#end
- <button disabled='disabled' style='width: 42px;' class='deleteButton btn btn-mini btn-danger' title='Delete Facility'>
+ <button #if(true)disabled#end disabled='disabled' style='width: 42px;' class='deleteButton btn btn-mini btn-danger' title='Delete Facility'>
<span class='icon-white icon-trash'> </span>
</button>
</div>
=== modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm'
--- dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm 2012-12-09 19:31:01 +0000
+++ dhis-2/dhis-web/dhis-web-api-fred/src/main/webapp/WEB-INF/api-fred-velocity/v1/facility.vm 2012-12-10 13:53:34 +0000
@@ -65,8 +65,6 @@
data.coordinates = [ lng, lat ];
- console.log(data.coordinates);
-
$.ajax({
url: '$baseUrl/facilities/${entity.id}',
contentType: 'application/json; charset=UTF-8',
@@ -93,7 +91,6 @@
<div class="span6">
<form id="facilityForm">
#set( $inputSize = "span12")
- #set( $canEdit = true )
<fieldset>
<legend>Facility</legend>
@@ -102,28 +99,28 @@
<input id="facilityID" disabled="disabled" type="text" class="$inputSize" value="$entity.id"/>
<label for="facilityName">Name</label>
- <input #if(!$canEdit)disabled#end id="facilityName" type="text" class="$inputSize" value="$esc.escapeHtml4($entity.name)"/>
+ <input #if(!$canUpdate)disabled#end id="facilityName" type="text" class="$inputSize" value="$esc.escapeHtml4($entity.name)"/>
<label for="facilityActive">Active</label>
- <select id="facilityActive" #if(!$canEdit)disabled#end class="$inputSize">
+ <select id="facilityActive" #if(!$canUpdate)disabled#end class="$inputSize">
<option value="true" #if($entity.active)selected#end>Yes</option>
<option value="false" #if(!$entity.active)selected#end>No</option>
</select>
<label for="facilityLatitude">Latitude</label>
- <input #if(!$canEdit)disabled#end id="facilityLatitude" type="text" class="$inputSize" value=""/>
+ <input #if(!$canUpdate)disabled#end id="facilityLatitude" type="text" class="$inputSize" value=""/>
<label for="facilityLongitude">Longitude</label>
- <input #if(!$canEdit)disabled#end id="facilityLongitude" type="text" class="$inputSize" value=""/>
+ <input #if(!$canUpdate)disabled#end id="facilityLongitude" type="text" class="$inputSize" value=""/>
</fieldset>
- <button #if(!$canEdit)disabled#end type="submit" id="facilitySubmit" class="btn btn-info">Save</button>
+ <button #if(!$canUpdate)disabled#end type="submit" id="facilitySubmit" class="btn btn-info">Save</button>
</form>
</div>
<div class="span1">
- <button disabled="disabled" style="width: 42px;" class="deleteButton btn btn-mini btn-danger pull-right" title="Delete Facility">
+ <button #if(true)disabled#end style="width: 42px;" class="deleteButton btn btn-mini btn-danger pull-right" title="Delete Facility">
<span class="icon-white icon-trash"> </span>
</button>
</div>
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2012-12-03 18:00:31 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2012-12-10 13:53:34 +0000
@@ -2,6 +2,7 @@
#-- See module privilegies ----------------------------------------------------#
M_dhis-web-api=See API Module
+M_dhis-web-api-fred=See FRED API Module
M_dhis-web-exportdatamart=See Export Data Mart Module
M_dhis-web-maintenance-datadictionary=See Data Dictionary Maintenance module
M_dhis-web-maintenance-dataset=See Data Set Maintenance module
@@ -294,4 +295,9 @@
created=Created
disabled=Disabled
disable=Disable
-enable=Enable
\ No newline at end of file
+enable=Enable
+
+#-- FRED API module ---------------------------------------------------------------#
+F_FRED_CREATE=Add Facility
+F_FRED_UPDATE=Update Facility
+F_FRED_DELETE=Delete Facility
