dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #22624
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10926: Fixed bug, dashboard charts did not respect access control layer
------------------------------------------------------------
revno: 10926
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2013-05-21 13:39:31 +0200
message:
Fixed bug, dashboard charts did not respect access control layer
removed:
dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/GetSystemAndCurrentUserChartsAction.java
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/ChartService.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/MappingService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/mapping/DefaultMappingService.java
dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/chart/impl/DefaultChartService.java
dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/action/ProvideContentAction.java
dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dashboard/action/ProvideContentAction.java
dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/AddOrUpdateChartAction.java
dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/META-INF/dhis/beans.xml
dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/struts.xml
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/ChartService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/ChartService.java 2013-04-24 14:11:57 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/chart/ChartService.java 2013-05-21 11:39:31 +0000
@@ -93,8 +93,6 @@
Collection<Chart> getAllCharts();
- Collection<Chart> getSystemAndUserCharts();
-
Chart getChartByName( String name );
Collection<Chart> getCharts( final Collection<Integer> identifiers );
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/MappingService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/MappingService.java 2013-03-14 04:50:21 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/mapping/MappingService.java 2013-05-21 11:39:31 +0000
@@ -129,9 +129,7 @@
Map getMap( String uid );
void deleteMap( Map map );
-
- Collection<Map> getSystemAndUserMaps();
-
+
List<Map> getMapsBetweenLikeName( String name, int first, int max );
// -------------------------------------------------------------------------
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/mapping/DefaultMappingService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/mapping/DefaultMappingService.java 2013-03-14 10:21:07 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/mapping/DefaultMappingService.java 2013-05-21 11:39:31 +0000
@@ -412,11 +412,6 @@
mapStore.delete( map );
}
- public Collection<Map> getSystemAndUserMaps()
- {
- return mapStore.getAll();
- }
-
public List<Map> getMapsBetweenLikeName( String name, int first, int max )
{
return mapStore.getAllLikeNameOrderedName( name, first, max );
=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/chart/impl/DefaultChartService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/chart/impl/DefaultChartService.java 2013-05-19 18:49:47 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/chart/impl/DefaultChartService.java 2013-05-21 11:39:31 +0000
@@ -817,11 +817,6 @@
return chartStore.getAll();
}
- public Collection<Chart> getSystemAndUserCharts()
- {
- return chartStore.getSystemAndUserCharts( currentUserService.getCurrentUser() );
- }
-
public Chart getChartByName( String name )
{
return chartStore.getByName( name );
=== modified file 'dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/action/ProvideContentAction.java'
--- dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/action/ProvideContentAction.java 2012-12-11 21:17:31 +0000
+++ dhis-2/dhis-web/dhis-web-dashboard-integration/src/main/java/org/hisp/dhis/dashboard/action/ProvideContentAction.java 2013-05-21 11:39:31 +0000
@@ -37,6 +37,7 @@
import org.hisp.dhis.chart.ChartService;
import org.hisp.dhis.common.comparator.IdentifiableObjectNameComparator;
import org.hisp.dhis.dashboard.DashboardManager;
+import org.hisp.dhis.hibernate.exception.ReadAccessDeniedException;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
@@ -131,7 +132,7 @@
providerNames = manager.getContentProviderNames();
- charts = new ArrayList<Chart>( chartService.getSystemAndUserCharts() );
+ charts = new ArrayList<Chart>( chartService.getAllCharts() );
Collections.sort( charts, IdentifiableObjectNameComparator.INSTANCE );
@@ -145,7 +146,14 @@
if ( id != null )
{
- chart = chartService.getChart( Integer.valueOf( String.valueOf( id ) ) );
+ try
+ {
+ chart = chartService.getChart( Integer.valueOf( String.valueOf( id ) ) );
+ }
+ catch ( ReadAccessDeniedException ex )
+ {
+ // Chart has been made private, do nothing and continue
+ }
}
chartAreas.add( chart );
=== modified file 'dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dashboard/action/ProvideContentAction.java'
--- dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dashboard/action/ProvideContentAction.java 2012-12-18 08:47:37 +0000
+++ dhis-2/dhis-web/dhis-web-light/src/main/java/org/hisp/dhis/light/dashboard/action/ProvideContentAction.java 2013-05-21 11:39:31 +0000
@@ -91,7 +91,7 @@
public String execute()
throws Exception
{
- chartsForAll = new ArrayList<Chart>( chartService.getSystemAndUserCharts() );
+ chartsForAll = new ArrayList<Chart>( chartService.getAllCharts() );
DashboardConfiguration config = dashboardManager.getConfiguration();
=== modified file 'dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/AddOrUpdateChartAction.java'
--- dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/AddOrUpdateChartAction.java 2013-05-09 14:04:30 +0000
+++ dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/AddOrUpdateChartAction.java 2013-05-21 11:39:31 +0000
@@ -27,14 +27,17 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import com.opensymphony.xwork2.Action;
+import static org.hisp.dhis.system.util.DateUtils.setNames;
+
+import java.util.ArrayList;
+import java.util.List;
+
import org.hisp.dhis.chart.Chart;
import org.hisp.dhis.chart.ChartService;
import org.hisp.dhis.dataelement.DataElementService;
import org.hisp.dhis.dataset.DataSetService;
import org.hisp.dhis.i18n.I18nManager;
import org.hisp.dhis.indicator.IndicatorService;
-import org.hisp.dhis.organisationunit.OrganisationUnitGroupService;
import org.hisp.dhis.organisationunit.OrganisationUnitService;
import org.hisp.dhis.period.Period;
import org.hisp.dhis.period.PeriodService;
@@ -42,10 +45,7 @@
import org.hisp.dhis.period.RelativePeriods;
import org.hisp.dhis.user.CurrentUserService;
-import java.util.ArrayList;
-import java.util.List;
-
-import static org.hisp.dhis.system.util.DateUtils.setNames;
+import com.opensymphony.xwork2.Action;
/**
* @author Jan Henrik Overland
@@ -152,13 +152,6 @@
this.category = category;
}
- private String filter; //TODO fix
-
- public void setFilter( String filter )
- {
- this.filter = filter;
- }
-
private List<String> indicatorIds;
public void setIndicatorIds( List<String> indicatorIds )
=== removed file 'dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/GetSystemAndCurrentUserChartsAction.java'
--- dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/GetSystemAndCurrentUserChartsAction.java 2012-01-25 10:30:44 +0000
+++ dhis-2/dhis-web/dhis-web-visualizer/src/main/java/org/hisp/dhis/visualizer/action/GetSystemAndCurrentUserChartsAction.java 1970-01-01 00:00:00 +0000
@@ -1,76 +0,0 @@
-package org.hisp.dhis.visualizer.action;
-
-/*
- * Copyright (c) 2004-2012, University of Oslo
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions are met:
- * * Redistributions of source code must retain the above copyright notice, this
- * list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright notice,
- * this list of conditions and the following disclaimer in the documentation
- * and/or other materials provided with the distribution.
- * * Neither the name of the HISP project nor the names of its contributors may
- * be used to endorse or promote products derived from this software without
- * specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
- * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
- * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
- * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
- * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-import java.util.Collection;
-
-import org.hisp.dhis.chart.Chart;
-import org.hisp.dhis.chart.ChartService;
-
-import com.opensymphony.xwork2.Action;
-
-/**
- * @author Jan Henrik Overland
- */
-public class GetSystemAndCurrentUserChartsAction
- implements Action
-{
- // -------------------------------------------------------------------------
- // Dependencies
- // -------------------------------------------------------------------------
-
- private ChartService chartService;
-
- public void setChartService( ChartService chartService )
- {
- this.chartService = chartService;
- }
-
- // -------------------------------------------------------------------------
- // Output
- // -------------------------------------------------------------------------
-
- private Collection<Chart> object;
-
- public Collection<Chart> getObject()
- {
- return object;
- }
-
- // -------------------------------------------------------------------------
- // Action implementation
- // -------------------------------------------------------------------------
-
- public String execute()
- throws Exception
- {
- object = chartService.getSystemAndUserCharts();
-
- return SUCCESS;
- }
-}
=== modified file 'dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/META-INF/dhis/beans.xml'
--- dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/META-INF/dhis/beans.xml 2013-04-23 17:32:47 +0000
+++ dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/META-INF/dhis/beans.xml 2013-05-21 11:39:31 +0000
@@ -83,13 +83,6 @@
<property name="chartService" ref="org.hisp.dhis.chart.ChartService" />
</bean>
- <bean id="org.hisp.dhis.visualizer.action.GetSystemAndCurrentUserChartsAction"
- class="org.hisp.dhis.visualizer.action.GetSystemAndCurrentUserChartsAction"
- scope="prototype">
- <property name="chartService"
- ref="org.hisp.dhis.chart.ChartService" />
- </bean>
-
<bean id="org.hisp.dhis.visualizer.action.DeleteChartsAction"
class="org.hisp.dhis.visualizer.action.DeleteChartsAction"
scope="prototype">
=== modified file 'dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/struts.xml'
--- dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/struts.xml 2013-03-13 15:03:10 +0000
+++ dhis-2/dhis-web/dhis-web-visualizer/src/main/resources/struts.xml 2013-05-21 11:39:31 +0000
@@ -91,13 +91,6 @@
</result>
</action>
- <action name="getSystemAndCurrentUserCharts"
- class="org.hisp.dhis.visualizer.action.GetSystemAndCurrentUserChartsAction">
- <result name="success" type="velocity-json">
- /dhis-web-visualizer/jsonminCharts.vm
- </result>
- </action>
-
<action name="deleteCharts"
class="org.hisp.dhis.visualizer.action.DeleteChartsAction">
<result name="success" type="velocity-json">
