dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #24902
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 12252: minor auth update in PersonController
------------------------------------------------------------
revno: 12252
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-09-26 13:25:19 +0200
message:
minor auth update in PersonController
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java
dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-09-17 15:53:05 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-09-26 11:25:19 +0000
@@ -45,6 +45,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@@ -64,6 +65,7 @@
*/
@Controller
@RequestMapping( value = PersonController.RESOURCE_PATH )
+@PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_LIST')")
public class PersonController
{
public static final String RESOURCE_PATH = "/persons";
@@ -154,6 +156,7 @@
// -------------------------------------------------------------------------
@RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
public void postPersonXml( HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummaries importSummaries = personService.savePersonXml( request.getInputStream() );
@@ -178,6 +181,7 @@
}
@RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
public void postPersonJson( HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummaries importSummaries = personService.savePersonJson( request.getInputStream() );
@@ -207,6 +211,7 @@
@RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
public void updatePersonXml( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummary importSummary = personService.updatePersonXml( id, request.getInputStream() );
@@ -215,6 +220,7 @@
@RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
public void updatePersonJson( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummary importSummary = personService.updatePersonJson( id, request.getInputStream() );
@@ -227,6 +233,7 @@
@RequestMapping( value = "/{id}", method = RequestMethod.DELETE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DELETE')")
public void deletePerson( @PathVariable String id ) throws NotFoundException
{
Person person = getPerson( id );
@@ -276,4 +283,4 @@
return organisationUnit;
}
-}
+}
\ No newline at end of file
=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2013-09-18 02:45:29 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties 2013-09-26 11:25:19 +0000
@@ -119,6 +119,7 @@
F_EXCEL_REPORT_ADMINISTRATION=Excel Reporting Administration
F_RELATIONSHIPTYPE_DELETE=Delete Relationship Type
F_RELATIONSHIPTYPE_ADD=Add Relationship Type
+F_RELATIONSHIPTYPE_UPDATE=Update Relationship Type
F_ORGANISATION_REGISTRATION=Organisation Unit Registration
F_PATIENT_REMOVE_EMPTY_EVENTS=Remove Empty Person Events
F_ACCESS_PATIENT_ATTRIBUTES = View and Search Person identifiers
@@ -128,9 +129,6 @@
F_PATIENTATTRIBUTE_ADD=Add/Update Person Attribute
F_PATIENTATTRIBUTE_DELETE=Delete Person Attribute
F_PATIENTATTRIBUTEVALUE_ADD=Add Person Attribute Value
-F_RELATIONSHIP_ADD=Add Relationship
-F_PATIENT_ADD=Add/Update Person
-F_PATIENT_DELETE=Delete Person
F_ADD_PROGRAM_INDICATOR = Add/Update Program Indicator
F_PATIENT_CHANGE_LOCATION = Change Person Location
F_SEARCH_PATIENT_IN_ALL_FACILITIES = Search Person In All Facilities
@@ -153,6 +151,8 @@
F_PROGRAM_ATTRIBUTE_DELETE=Delete Program Attribute
F_PATIENT_DATAVALUE_ADD = Add/Update Person Data Value
F_PATIENT_DATAVALUE_DELETE = Delete Person Data Value
+F_PATIENT_ADD=Add/Update Person
+F_PATIENT_DELETE=Delete Person
F_PATIENT_SEARCH = Search Person
F_PATIENT_LIST = List Person
F_PATIENT_HISTORY = Load Person History
@@ -195,8 +195,6 @@
F_EXCEL_TEMPLATE_MAMAGEMENT_UPLOAD=Upload Excel Template
F_EXCEL_TEMPLATE_MANAGEMENT_RENAME=Rename Excel Template file
F_PATIENTATTRIBUTEVALUE_DELETE=Delete Person Attribute Value
-F_RELATIONSHIPTYPE_UPDATE=Update Relationship Type
-F_RELATIONSHIP_DELETE=Delete Relationship
F_GIS_ADMIN=Administrate GIS
F_MAP_PUBLIC_ADD=Add Public Map
F_MAP_EXTERNAL=Map External Access
@@ -251,7 +249,6 @@
self_registered_user=Self Registered User
user_by_orgunit=User by Organisation Unit
user_role=User Role
-data_sets=Data sets
change=Change
username_in_use=The username is already used, please specify a different username
name_in_use=The name is already in use, please specify a different name