dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #27925
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 13919: DataValueController, checking that org unit in data value is in sub-hierarchy of currently logged...
Merge authors:
Lars Helge Øverland (larshelge)
------------------------------------------------------------
revno: 13919 [merge]
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2014-02-03 16:30:41 +0200
message:
DataValueController, checking that org unit in data value is in sub-hierarchy of currently logged in user
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueController.java
dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java 2014-01-07 19:37:58 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java 2014-02-03 11:42:39 +0000
@@ -392,6 +392,8 @@
*/
Collection<OrganisationUnit> getWithinCoordinateArea( double longitude, double latitude, double distance );
+ boolean isInUserHierarchy( OrganisationUnit organisationUnit );
+
// -------------------------------------------------------------------------
// OrganisationUnitHierarchy
// -------------------------------------------------------------------------
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java 2013-12-12 15:26:13 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java 2014-02-03 11:42:39 +0000
@@ -651,6 +651,36 @@
return organisationUnitStore.getBetweenByStatusLastUpdated( status, lastUpdated, first, max );
}
+ @Override
+ public boolean isInUserHierarchy( OrganisationUnit organisationUnit )
+ {
+ User user = currentUserService.getCurrentUser();
+
+ if ( user == null )
+ {
+ return false;
+ }
+
+ Set<OrganisationUnit> userRootUnits = user.getOrganisationUnits();
+
+ if ( userRootUnits == null )
+ {
+ return false;
+ }
+
+ while ( organisationUnit != null )
+ {
+ if ( userRootUnits.contains( organisationUnit ) )
+ {
+ return true;
+ }
+
+ organisationUnit = organisationUnit.getParent();
+ }
+
+ return false;
+ }
+
// -------------------------------------------------------------------------
// OrganisationUnitHierarchy
// -------------------------------------------------------------------------
@@ -806,7 +836,8 @@
{
Collection<OrganisationUnit> objects = organisationUnitStore.getWithinCoordinateArea( GeoUtils.getBoxShape( longitude, latitude, distance ) );
- // Go through the list and remove the ones located farther than the distance.
+ // Go through the list and remove the ones located outside radius
+
if ( objects != null && objects.size() > 0 )
{
Iterator<OrganisationUnit> iter = objects.iterator();
@@ -822,8 +853,6 @@
if ( distancebetween > distance )
{
- // Remove the orgUnits that is outside of the distance range
- // - due to the 'getWithinCoordinateArea' looking at square area instead of circle.
iter.remove();
}
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueController.java 2013-12-26 15:31:04 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/DataValueController.java 2014-02-03 11:42:39 +0000
@@ -149,6 +149,14 @@
ContextUtils.conflictResponse( response, "Illegal organisation unit identifier: " + ou );
return;
}
+
+ boolean isInHierarchy = organisationUnitService.isInUserHierarchy( organisationUnit );
+
+ if ( !isInHierarchy )
+ {
+ ContextUtils.conflictResponse( response, "Organisation unit is not in the hierarchy of the current user: " + ou );
+ return;
+ }
String valid = ValidationUtils.dataValueIsValid( value, dataElement );
=== modified file 'dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java'
--- dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java 2013-08-23 16:05:01 +0000
+++ dhis-2/dhis-web/dhis-web-commons/src/main/java/org/hisp/dhis/security/action/RestrictOrganisationUnitsAction.java 2014-02-03 11:42:39 +0000
@@ -28,7 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.util.Collection;
+import java.util.Set;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.oust.manager.SelectionTreeManager;
@@ -85,7 +85,7 @@
// Initialize ouwt and selection tree
// -----------------------------------------------------------------
- Collection<OrganisationUnit> orgUnits = user.getOrganisationUnits();
+ Set<OrganisationUnit> orgUnits = user.getOrganisationUnits();
if ( orgUnits.size() > 0 )
{
