dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #22697
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10994: minor changes, added security to controller. Allow anyone to export pdf for dataset/programstage
------------------------------------------------------------
revno: 10994
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2013-05-25 13:24:41 +0700
message:
minor changes, added security to controller. Allow anyone to export pdf for dataset/programstage
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java 2013-05-25 06:19:23 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java 2013-05-25 06:24:41 +0000
@@ -48,6 +48,7 @@
import org.hisp.dhis.system.util.StreamUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -91,11 +92,9 @@
@Autowired
private ContextUtils contextUtils;
- // -------------------------------------------------------------------------
- // GET / POST
- // -------------------------------------------------------------------------
-
- // --------------------- Data Set Related ---------------------
+ //--------------------------------------------------------------------------
+ // DataSet
+ //--------------------------------------------------------------------------
@RequestMapping(value = "/dataSet/{dataSetUid}", method = RequestMethod.GET)
public void getFormPDF_DataSet( HttpServletRequest request, HttpServletResponse response,
@@ -127,15 +126,13 @@
// STEP 4. - Output the data into Stream and close the stream.
// write ByteArrayOutputStream to the ServletOutputStream
writeToOutputStream( baos, response );
-
}
- @RequestMapping(value = "/DataSet", method = RequestMethod.POST)
- // , consumes = MEDIA_TYPE_PDF)
+ @RequestMapping(value = "/dataSet", method = RequestMethod.POST)
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAVALUE_ADD')" )
public void sendFormPDF_DataSet( HttpServletRequest request, HttpServletResponse response )
throws Exception
{
-
// Step 1. Set up Import Option
ImportStrategy strategy = ImportStrategy.NEW_AND_UPDATES;
IdentifiableProperty dataElementIdScheme = IdentifiableProperty.UID;
@@ -168,14 +165,15 @@
}
- // --------------------- Program Stage Related ---------------------
+ //--------------------------------------------------------------------------
+ // Program Stage
+ //--------------------------------------------------------------------------
@RequestMapping(value = "/programStage/{programStageUid}", method = RequestMethod.GET)
- public void getFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response, @PathVariable
- String programStageUid )
+ public void getFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response,
+ @PathVariable String programStageUid )
throws IOException, DocumentException, ParseException, I18nManagerException
{
-
// STEP 1. - Create Document and PdfWriter - with OutputStream and
// document tie.
Document document = new Document();
@@ -204,12 +202,11 @@
writeToOutputStream( baos, response );
}
- @RequestMapping(value = "/programStage", method = RequestMethod.POST)
- // , consumes = MEDIA_TYPE_PDF)
+ @RequestMapping( value = "/programStage", method = RequestMethod.POST )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
public void sendFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response )
throws IOException, Exception
{
-
InputStream in = request.getInputStream();
// Temporarily using Util class from same project.
@@ -219,12 +216,11 @@
// Step 5. Set the response - just simple OK response.
ContextUtils.okResponse( response, "" );
-
}
- // -----------------------------------------------------------------------------
- // ---------------------- Helper Class Related [START]
- // ----------------------
+ //--------------------------------------------------------------------------
+ // Helpers
+ //--------------------------------------------------------------------------
private void writeToOutputStream( ByteArrayOutputStream baos, HttpServletResponse response )
throws IOException
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm 2013-05-23 04:30:18 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm 2013-05-25 06:24:41 +0000
@@ -73,11 +73,7 @@
<img src="../images/edit_layout-denied.png">
#end
- #if( $security.canUpdate( $dataSet ) )
- <a href="../api/pdfForm/DataSet/$dataSet.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
- #else
- <img src="../images/pdf-denied.png">
- #end
+ <a href="../api/pdfForm/dataSet/$dataSet.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
#if( $security.canWrite( $dataSet ) )
<a href="javascript:window.location.href='displayCompulsoryDataElementsForm.action?id=${dataSet.id}'" title="$i18n.getString( 'edit_compulsory_data_elements' )"><img src="../images/edit_compulsory_data_elements.png" alt="$i18n.getString( 'edit_compulsory_data_elements' )"/></a>
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm 2013-05-23 04:30:18 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm 2013-05-25 06:24:41 +0000
@@ -41,10 +41,10 @@
#if( $program.type=='1' )
<a href="javascript:removeItem( '$association.id', '$encoder.jsEncode( $association.name )', i18n_confirm_delete , 'removeProgramStage.action' )" title="$i18n.getString( 'remove' )"><img src="../images/delete.png" alt="$i18n.getString( 'remove' )"></a>
#end
-
+
<a href="javascript:showProgramStageDetails( $association.id )" title="$i18n.getString( "show_details" )"><img src="../images/information.png" alt="$i18n.getString( 'show_details' )"></a>
<a href="programStageSectionList.action?id=$association.id" title="$i18n.getString( 'section_management' )"><img src="images/sections.png" alt="$i18n.getString( 'section_management' )"></a>
- <a href="../api/pdfForm/ProgramStage/$association.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
+ <a href="../api/pdfForm/programStage/$association.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
<a href="viewDataEntryForm.action?programStageId=$association.id" title="$i18n.getString( "design_data_entry_form" )"><img src="../images/edit_layout.png" alt="$i18n.getString( 'design_data_entry_form' )"></a>
</td>
</tr>