dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 10994: minor changes, added security to controller. Allow anyone to export pdf for dataset/programstage

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Sat, 25 May 2013 06:25:22 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 10994
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Sat 2013-05-25 13:24:41 +0700
message:
  minor changes, added security to controller. Allow anyone to export pdf for dataset/programstage
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java	2013-05-25 06:19:23 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/PDFFormController.java	2013-05-25 06:24:41 +0000
@@ -48,6 +48,7 @@
 import org.hisp.dhis.system.util.StreamUtils;
 import org.hisp.dhis.user.CurrentUserService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -91,11 +92,9 @@
     @Autowired
     private ContextUtils contextUtils;
 
-    // -------------------------------------------------------------------------
-    // GET / POST
-    // -------------------------------------------------------------------------
-
-    // --------------------- Data Set Related ---------------------
+    //--------------------------------------------------------------------------
+    // DataSet
+    //--------------------------------------------------------------------------
 
     @RequestMapping(value = "/dataSet/{dataSetUid}", method = RequestMethod.GET)
     public void getFormPDF_DataSet( HttpServletRequest request, HttpServletResponse response,
@@ -127,15 +126,13 @@
         // STEP 4. - Output the data into Stream and close the stream.
         // write ByteArrayOutputStream to the ServletOutputStream
         writeToOutputStream( baos, response );
-
     }
 
-    @RequestMapping(value = "/DataSet", method = RequestMethod.POST)
-    // , consumes = MEDIA_TYPE_PDF)
+    @RequestMapping(value = "/dataSet", method = RequestMethod.POST)
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_DATAVALUE_ADD')" )
     public void sendFormPDF_DataSet( HttpServletRequest request, HttpServletResponse response )
         throws Exception
     {
-
         // Step 1. Set up Import Option
         ImportStrategy strategy = ImportStrategy.NEW_AND_UPDATES;
         IdentifiableProperty dataElementIdScheme = IdentifiableProperty.UID;
@@ -168,14 +165,15 @@
 
     }
 
-    // --------------------- Program Stage Related ---------------------
+    //--------------------------------------------------------------------------
+    // Program Stage
+    //--------------------------------------------------------------------------
 
     @RequestMapping(value = "/programStage/{programStageUid}", method = RequestMethod.GET)
-    public void getFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response, @PathVariable
-    String programStageUid )
+    public void getFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response,
+        @PathVariable String programStageUid )
         throws IOException, DocumentException, ParseException, I18nManagerException
     {
-
         // STEP 1. - Create Document and PdfWriter - with OutputStream and
         // document tie.
         Document document = new Document();
@@ -204,12 +202,11 @@
         writeToOutputStream( baos, response );
     }
 
-    @RequestMapping(value = "/programStage", method = RequestMethod.POST)
-    // , consumes = MEDIA_TYPE_PDF)
+    @RequestMapping( value = "/programStage", method = RequestMethod.POST )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_DATAVALUE_ADD')")
     public void sendFormPDF_ProgramStage( HttpServletRequest request, HttpServletResponse response )
         throws IOException, Exception
     {
-
         InputStream in = request.getInputStream();
 
         // Temporarily using Util class from same project.
@@ -219,12 +216,11 @@
 
         // Step 5. Set the response - just simple OK response.
         ContextUtils.okResponse( response, "" );
-
     }
 
-    // -----------------------------------------------------------------------------
-    // ---------------------- Helper Class Related [START]
-    // ----------------------
+    //--------------------------------------------------------------------------
+    // Helpers
+    //--------------------------------------------------------------------------
 
     private void writeToOutputStream( ByteArrayOutputStream baos, HttpServletResponse response )
         throws IOException

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm	2013-05-23 04:30:18 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-dataset/src/main/webapp/dhis-web-maintenance-dataset/dataSetList.vm	2013-05-25 06:24:41 +0000
@@ -73,11 +73,7 @@
                   <img src="../images/edit_layout-denied.png">
                   #end
 
-                  #if( $security.canUpdate( $dataSet ) )
-                  <a href="../api/pdfForm/DataSet/$dataSet.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
-                  #else
-                  <img src="../images/pdf-denied.png">
-                  #end
+                  <a href="../api/pdfForm/dataSet/$dataSet.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
 
                   #if( $security.canWrite( $dataSet ) )
                   <a href="javascript:window.location.href='displayCompulsoryDataElementsForm.action?id=${dataSet.id}'" title="$i18n.getString( 'edit_compulsory_data_elements' )"><img src="../images/edit_compulsory_data_elements.png" alt="$i18n.getString( 'edit_compulsory_data_elements' )"/></a>

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm	2013-05-23 04:30:18 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-patient/src/main/webapp/dhis-web-maintenance-patient/programStage.vm	2013-05-25 06:24:41 +0000
@@ -41,10 +41,10 @@
 							  #if( $program.type=='1' )
 								<a href="javascript:removeItem( '$association.id', '$encoder.jsEncode( $association.name )', i18n_confirm_delete , 'removeProgramStage.action' )" title="$i18n.getString( 'remove' )"><img src="../images/delete.png" alt="$i18n.getString( 'remove' )"></a>
 							  #end
-							  							  
+
 							  <a href="javascript:showProgramStageDetails( $association.id )" title="$i18n.getString( "show_details" )"><img src="../images/information.png" alt="$i18n.getString( 'show_details' )"></a>
 							  <a href="programStageSectionList.action?id=$association.id" title="$i18n.getString( 'section_management' )"><img src="images/sections.png" alt="$i18n.getString( 'section_management' )"></a>
-	                  		  <a href="../api/pdfForm/ProgramStage/$association.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>	                  
+	                  		  <a href="../api/pdfForm/programStage/$association.uid" title="$i18n.getString( 'pdf_data_entry_form' )" target="_blank"><img src="../images/pdf.png" alt="$i18n.getString( 'pdf_data_entry_form' )" width="24" height="24"/></a>
 							  <a href="viewDataEntryForm.action?programStageId=$association.id" title="$i18n.getString( "design_data_entry_form" )"><img src="../images/edit_layout.png" alt="$i18n.getString( 'design_data_entry_form' )"></a>
 							</td>
 						</tr>