dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 12252: minor auth update in PersonController

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 26 Sep 2013 11:25:37 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 12252
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2013-09-26 13:25:19 +0200
message:
  minor auth update in PersonController
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java
  dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java	2013-09-17 15:53:05 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java	2013-09-26 11:25:19 +0000
@@ -45,6 +45,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -64,6 +65,7 @@
  */
 @Controller
 @RequestMapping( value = PersonController.RESOURCE_PATH )
+@PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_LIST')")
 public class PersonController
 {
     public static final String RESOURCE_PATH = "/persons";
@@ -154,6 +156,7 @@
     // -------------------------------------------------------------------------
 
     @RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
     public void postPersonXml( HttpServletRequest request, HttpServletResponse response ) throws IOException
     {
         ImportSummaries importSummaries = personService.savePersonXml( request.getInputStream() );
@@ -178,6 +181,7 @@
     }
 
     @RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
     public void postPersonJson( HttpServletRequest request, HttpServletResponse response ) throws IOException
     {
         ImportSummaries importSummaries = personService.savePersonJson( request.getInputStream() );
@@ -207,6 +211,7 @@
 
     @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE )
     @ResponseStatus( value = HttpStatus.NO_CONTENT )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
     public void updatePersonXml( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
     {
         ImportSummary importSummary = personService.updatePersonXml( id, request.getInputStream() );
@@ -215,6 +220,7 @@
 
     @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE )
     @ResponseStatus( value = HttpStatus.NO_CONTENT )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_ADD')")
     public void updatePersonJson( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
     {
         ImportSummary importSummary = personService.updatePersonJson( id, request.getInputStream() );
@@ -227,6 +233,7 @@
 
     @RequestMapping( value = "/{id}", method = RequestMethod.DELETE )
     @ResponseStatus( value = HttpStatus.NO_CONTENT )
+    @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DELETE')")
     public void deletePerson( @PathVariable String id ) throws NotFoundException
     {
         Person person = getPerson( id );
@@ -276,4 +283,4 @@
 
         return organisationUnit;
     }
-}
+}
\ No newline at end of file

=== modified file 'dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties'
--- dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties	2013-09-18 02:45:29 +0000
+++ dhis-2/dhis-web/dhis-web-maintenance/dhis-web-maintenance-user/src/main/resources/org/hisp/dhis/user/i18n_module.properties	2013-09-26 11:25:19 +0000
@@ -119,6 +119,7 @@
 F_EXCEL_REPORT_ADMINISTRATION=Excel Reporting Administration
 F_RELATIONSHIPTYPE_DELETE=Delete Relationship Type
 F_RELATIONSHIPTYPE_ADD=Add Relationship Type
+F_RELATIONSHIPTYPE_UPDATE=Update Relationship Type
 F_ORGANISATION_REGISTRATION=Organisation Unit Registration
 F_PATIENT_REMOVE_EMPTY_EVENTS=Remove Empty Person Events
 F_ACCESS_PATIENT_ATTRIBUTES = View and Search Person identifiers
@@ -128,9 +129,6 @@
 F_PATIENTATTRIBUTE_ADD=Add/Update Person Attribute
 F_PATIENTATTRIBUTE_DELETE=Delete Person Attribute
 F_PATIENTATTRIBUTEVALUE_ADD=Add Person Attribute Value
-F_RELATIONSHIP_ADD=Add Relationship
-F_PATIENT_ADD=Add/Update Person
-F_PATIENT_DELETE=Delete Person
 F_ADD_PROGRAM_INDICATOR = Add/Update Program Indicator
 F_PATIENT_CHANGE_LOCATION = Change Person Location
 F_SEARCH_PATIENT_IN_ALL_FACILITIES = Search Person In All Facilities
@@ -153,6 +151,8 @@
 F_PROGRAM_ATTRIBUTE_DELETE=Delete Program Attribute
 F_PATIENT_DATAVALUE_ADD = Add/Update Person Data Value
 F_PATIENT_DATAVALUE_DELETE = Delete Person Data Value
+F_PATIENT_ADD=Add/Update Person
+F_PATIENT_DELETE=Delete Person
 F_PATIENT_SEARCH = Search Person
 F_PATIENT_LIST = List Person
 F_PATIENT_HISTORY = Load Person History
@@ -195,8 +195,6 @@
 F_EXCEL_TEMPLATE_MAMAGEMENT_UPLOAD=Upload Excel Template
 F_EXCEL_TEMPLATE_MANAGEMENT_RENAME=Rename Excel Template file
 F_PATIENTATTRIBUTEVALUE_DELETE=Delete Person Attribute Value
-F_RELATIONSHIPTYPE_UPDATE=Update Relationship Type
-F_RELATIONSHIP_DELETE=Delete Relationship
 F_GIS_ADMIN=Administrate GIS
 F_MAP_PUBLIC_ADD=Add Public Map
 F_MAP_EXTERNAL=Map External Access
@@ -251,7 +249,6 @@
 self_registered_user=Self Registered User
 user_by_orgunit=User by Organisation Unit
 user_role=User Role
-data_sets=Data sets
 change=Change
 username_in_use=The username is already used, please specify a different username
 name_in_use=The name is already in use, please specify a different name