dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #25042
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 12346: update some authorities in tracker controllers
------------------------------------------------------------
revno: 12346
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2013-10-01 10:36:25 +0200
message:
update some authorities in tracker controllers
modified:
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java 2013-09-26 08:03:57 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java 2013-10-01 08:36:25 +0000
@@ -47,6 +47,7 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
+import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PathVariable;
@@ -88,7 +89,7 @@
@RequestParam( value = "program", required = false ) String programUid,
@RequestParam( value = "person", required = false ) String personUid,
@RequestParam( value = "status", required = false ) EnrollmentStatus status,
- @RequestParam Map<String, String> parameters, Model model, HttpServletRequest request ) throws NotFoundException
+ @RequestParam Map<String, String> parameters, Model model ) throws NotFoundException
{
WebOptions options = new WebOptions( parameters );
Enrollments enrollments;
@@ -152,6 +153,7 @@
// -------------------------------------------------------------------------
@RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')")
public void postEnrollmentXml( HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummaries importSummaries = enrollmentService.saveEnrollmentsXml( request.getInputStream() );
@@ -176,6 +178,7 @@
}
@RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')")
public void postEnrollmentJson( HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummaries importSummaries = enrollmentService.saveEnrollmentsJson( request.getInputStream() );
@@ -205,6 +208,7 @@
@RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
public void updateEnrollmentXml( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummary importSummary = enrollmentService.updateEnrollmentXml( id, request.getInputStream() );
@@ -213,6 +217,7 @@
@RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE )
@ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
public void updateEnrollmentJson( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException
{
ImportSummary importSummary = enrollmentService.updateEnrollmentJson( id, request.getInputStream() );
@@ -221,7 +226,8 @@
@RequestMapping( value = "/{id}/cancelled", method = RequestMethod.PUT )
@ResponseStatus( HttpStatus.NO_CONTENT )
- public void cancelEnrollment( @PathVariable String id, @RequestParam Map<String, String> parameters, Model model ) throws NotFoundException
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
+ public void cancelEnrollment( @PathVariable String id ) throws NotFoundException
{
Enrollment enrollment = getEnrollment( id );
enrollmentService.cancelEnrollment( enrollment );
@@ -229,7 +235,8 @@
@RequestMapping( value = "/{id}/completed", method = RequestMethod.PUT )
@ResponseStatus( HttpStatus.NO_CONTENT )
- public void completedEnrollment( @PathVariable String id, @RequestParam Map<String, String> parameters, Model model ) throws NotFoundException
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
+ public void completedEnrollment( @PathVariable String id ) throws NotFoundException
{
Enrollment enrollment = getEnrollment( id );
enrollmentService.completeEnrollment( enrollment );
@@ -241,7 +248,8 @@
@RequestMapping( value = "/{id}", method = RequestMethod.DELETE )
@ResponseStatus( HttpStatus.NO_CONTENT )
- public void deleteEnrollment( @PathVariable String id, @RequestParam Map<String, String> parameters, Model model ) throws NotFoundException
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')")
+ public void deleteEnrollment( @PathVariable String id ) throws NotFoundException
{
Enrollment enrollment = getEnrollment( id );
enrollmentService.deleteEnrollment( enrollment );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java 2013-09-26 13:26:16 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java 2013-10-01 08:36:25 +0000
@@ -95,11 +95,11 @@
private EventService eventService;
// -------------------------------------------------------------------------
- // Controller
+ // READ
// -------------------------------------------------------------------------
- @RequestMapping( value = "", method = RequestMethod.GET )
- @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')" )
+ @RequestMapping(value = "", method = RequestMethod.GET)
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')")
public String getEvents(
@RequestParam(value = "program", required = false) String programUid,
@RequestParam(value = "programStage", required = false) String programStageUid,
@@ -167,7 +167,7 @@
}
@RequestMapping(value = "/{uid}", method = RequestMethod.GET)
- @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')" )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')")
public String getEvent( @PathVariable("uid") String uid, @RequestParam Map<String, String> parameters,
Model model, HttpServletRequest request, HttpServletResponse response ) throws Exception
{
@@ -191,6 +191,10 @@
return "event";
}
+ // -------------------------------------------------------------------------
+ // CREATE
+ // -------------------------------------------------------------------------
+
@RequestMapping(method = RequestMethod.POST, consumes = "application/xml")
@PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')")
public void postXmlEvent( HttpServletResponse response, HttpServletRequest request, ImportOptions importOptions ) throws Exception
@@ -282,21 +286,9 @@
}
- @RequestMapping(value = "/{uid}", method = RequestMethod.DELETE)
- @ResponseStatus(value = HttpStatus.NO_CONTENT)
- @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_DELETE')")
- public void deleteEvent( HttpServletResponse response, @PathVariable("uid") String uid )
- {
- Event event = eventService.getEvent( uid );
-
- if ( event == null )
- {
- ContextUtils.notFoundResponse( response, "Event not found for uid: " + uid );
- return;
- }
-
- eventService.deleteEvent( event );
- }
+ // -------------------------------------------------------------------------
+ // UPDATE
+ // -------------------------------------------------------------------------
@RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" })
@PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')")
@@ -335,4 +327,24 @@
eventService.updateEvent( updatedEvent );
ContextUtils.okResponse( response, "Event updated: " + uid );
}
+
+ // -------------------------------------------------------------------------
+ // DELETE
+ // -------------------------------------------------------------------------
+
+ @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_DELETE')" )
+ public void deleteEvent( HttpServletResponse response, @PathVariable( "uid" ) String uid )
+ {
+ Event event = eventService.getEvent( uid );
+
+ if ( event == null )
+ {
+ ContextUtils.notFoundResponse( response, "Event not found for uid: " + uid );
+ return;
+ }
+
+ eventService.deleteEvent( event );
+ }
}
\ No newline at end of file
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-09-27 15:16:29 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-10-01 08:36:25 +0000
@@ -59,7 +59,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
-import java.util.Date;
import java.util.Map;
/**
@@ -83,6 +82,7 @@
// -------------------------------------------------------------------------
@RequestMapping( value = "", method = RequestMethod.GET )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_ACCESS_PATIENT_ATTRIBUTES')")
public String getPersons(
@RequestParam( value = "orgUnit", required = false ) String orgUnitUid,
@RequestParam( required = false ) Gender gender,
@@ -90,7 +90,7 @@
@RequestParam( required = false ) String identifierType,
@RequestParam( required = false ) String identifier,
@RequestParam( required = false ) String nameLike,
- @RequestParam Map<String, String> parameters, Model model, HttpServletRequest request ) throws Exception
+ @RequestParam Map<String, String> parameters, Model model ) throws Exception
{
WebOptions options = new WebOptions( parameters );
Persons persons = new Persons();
@@ -143,6 +143,7 @@
}
@RequestMapping( value = "/{id}", method = RequestMethod.GET )
+ @PreAuthorize("hasRole('ALL') or hasRole('F_ACCESS_PATIENT_ATTRIBUTES')")
public String getPerson( @PathVariable String id, @RequestParam Map<String, String> parameters, Model model ) throws NotFoundException
{
WebOptions options = new WebOptions( parameters );
