dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #28849
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14479: check for proxy class in schemaService, set proper content-type for json output in crudController
------------------------------------------------------------
revno: 14479
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2014-03-27 11:14:49 +0100
message:
check for proxy class in schemaService, set proper content-type for json output in crudController
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java
dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java 2014-03-21 09:35:30 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java 2014-03-27 10:14:49 +0000
@@ -28,8 +28,6 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import org.hisp.dhis.schema.Schema;
-
import java.util.List;
/**
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 09:08:59 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 10:14:49 +0000
@@ -56,14 +56,14 @@
public boolean isSupported( String type )
{
Schema schema = schemaService.getSchemaBySingularName( type );
- return schema != null && schema.isShareable();
+ return schema != null;
}
@Override
public boolean isSupported( Class<?> klass )
{
Schema schema = schemaService.getSchema( klass );
- return schema != null && schema.isShareable();
+ return schema != null;
}
@Override
@@ -134,6 +134,10 @@
return true;
}
}
+ else
+ {
+ return false;
+ }
if ( haveOverrideAuthority( user )
|| UserGroup.class.isAssignableFrom( object.getClass() )
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java 2014-03-26 11:38:14 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java 2014-03-27 10:14:49 +0000
@@ -30,6 +30,7 @@
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
+import javassist.util.proxy.ProxyFactory;
import org.springframework.beans.factory.annotation.Autowired;
import javax.annotation.PostConstruct;
@@ -71,13 +72,20 @@
@Override
public Schema getSchema( Class<?> klass )
{
- try
+ if ( klass == null )
+ {
+ return null;
+ }
+
+ if ( ProxyFactory.isProxyClass( klass ) )
+ {
+ klass = klass.getSuperclass();
+ }
+
+ if ( classSchemaMap.containsKey( klass ) )
{
return classSchemaMap.get( klass );
}
- catch ( NullPointerException ignored )
- {
- }
return null;
}
=== modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java'
--- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 06:38:37 +0000
+++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 10:14:49 +0000
@@ -227,7 +227,7 @@
@Override
public int save( T object )
{
- if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && aclService.isSupported( clazz ) )
+ if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && aclService.isShareable( clazz ) )
{
BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object;
@@ -400,7 +400,7 @@
protected boolean sharingEnabled()
{
- boolean enabled = forceAcl() || (aclService.isSupported( clazz ) && !(currentUserService.getCurrentUser() == null ||
+ boolean enabled = forceAcl() || (aclService.isShareable( clazz ) && !(currentUserService.getCurrentUser() == null ||
CollectionUtils.containsAny( currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities(), AclService.ACL_OVERRIDE_AUTHORITIES )));
return enabled;
@@ -442,7 +442,7 @@
{
IdentifiableObject idObject = (IdentifiableObject) object;
- if ( aclService.isSupported( clazz ) )
+ if ( aclService.isShareable( clazz ) )
{
return aclService.canUpdate( currentUserService.getCurrentUser(), idObject );
}
@@ -457,7 +457,7 @@
{
IdentifiableObject idObject = (IdentifiableObject) object;
- if ( aclService.isSupported( clazz ) )
+ if ( aclService.isShareable( clazz ) )
{
return aclService.canDelete( currentUserService.getCurrentUser(), idObject );
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 06:07:15 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 10:14:49 +0000
@@ -28,16 +28,9 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import java.io.IOException;
-import java.io.InputStream;
-import java.lang.reflect.ParameterizedType;
-import java.lang.reflect.Type;
-import java.util.List;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
+import com.google.common.collect.Lists;
+import com.google.common.collect.Maps;
+import org.hisp.dhis.acl.Access;
import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.api.controller.exception.NotFoundException;
import org.hisp.dhis.api.utils.WebUtils;
@@ -50,9 +43,9 @@
import org.hisp.dhis.dxf2.metadata.ExchangeClasses;
import org.hisp.dhis.dxf2.render.RenderService;
import org.hisp.dhis.dxf2.utils.JacksonUtils;
+import org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException;
import org.hisp.dhis.schema.Schema;
import org.hisp.dhis.schema.SchemaService;
-import org.hisp.dhis.acl.Access;
import org.hisp.dhis.system.util.ReflectionUtils;
import org.hisp.dhis.user.CurrentUserService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -67,8 +60,14 @@
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseStatus;
-import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.InputStream;
+import java.lang.reflect.ParameterizedType;
+import java.lang.reflect.Type;
+import java.util.List;
+import java.util.Map;
/**
* @author Morten Olav Hansen <mortenoh@xxxxxxxxx>
@@ -101,7 +100,7 @@
// GET
//--------------------------------------------------------------------------
- @RequestMapping(method = RequestMethod.GET)
+ @RequestMapping( method = RequestMethod.GET )
public String getObjectList(
@RequestParam Map<String, String> parameters, Model model, HttpServletResponse response, HttpServletRequest request )
{
@@ -130,11 +129,11 @@
return StringUtils.uncapitalize( getEntitySimpleName() ) + "List";
}
- @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE })
+ @RequestMapping( method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE } )
public void getObjectListJson(
- @RequestParam(required = false) String include,
- @RequestParam(required = false) String exclude,
- @RequestParam(value = "filter", required = false) List<String> filters,
+ @RequestParam( required = false ) String include,
+ @RequestParam( required = false ) String exclude,
+ @RequestParam( value = "filter", required = false ) List<String> filters,
@RequestParam Map<String, String> parameters, Model model, HttpServletResponse response, HttpServletRequest request ) throws IOException
{
WebOptions options = new WebOptions( parameters );
@@ -174,6 +173,8 @@
postProcessEntities( entityList );
postProcessEntities( entityList, options, parameters );
+ response.setContentType( MediaType.APPLICATION_JSON_VALUE + "; charset=UTF-8" );
+
// enable property filter
if ( include != null || exclude != null )
{
@@ -216,8 +217,8 @@
}
- @RequestMapping(value = "/{uid}", method = RequestMethod.GET)
- public String getObject( @PathVariable("uid") String uid, @RequestParam Map<String, String> parameters,
+ @RequestMapping( value = "/{uid}", method = RequestMethod.GET )
+ public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters,
Model model, HttpServletRequest request, HttpServletResponse response ) throws Exception
{
WebOptions options = new WebOptions( parameters );
@@ -251,13 +252,13 @@
// POST
//--------------------------------------------------------------------------
- @RequestMapping(method = RequestMethod.POST, consumes = { "application/xml", "text/xml" })
+ @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
}
- @RequestMapping(method = RequestMethod.POST, consumes = "application/json")
+ @RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() );
@@ -266,17 +267,17 @@
// PUT
//--------------------------------------------------------------------------
- @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" })
- @ResponseStatus(value = HttpStatus.NO_CONTENT)
- public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream
+ @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
}
- @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json")
- @ResponseStatus(value = HttpStatus.NO_CONTENT)
- public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream
+ @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json" )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
input ) throws Exception
{
throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() );
@@ -286,12 +287,19 @@
// DELETE
//--------------------------------------------------------------------------
- @RequestMapping(value = "/{uid}", method = RequestMethod.DELETE)
- @ResponseStatus(value = HttpStatus.NO_CONTENT)
- public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid ) throws
+ @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE )
+ @ResponseStatus( value = HttpStatus.NO_CONTENT )
+ public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid ) throws
Exception
{
- throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() );
+ T object = getEntity( uid );
+
+ if ( !aclService.canDelete( currentUserService.getCurrentUser(), object ) )
+ {
+ throw new DeleteAccessDeniedException( "You don't have the proper permissions to delete this object." );
+ }
+
+ manager.delete( object );
}
//--------------------------------------------------------------------------
@@ -413,7 +421,7 @@
private String entitySimpleName;
- @SuppressWarnings("unchecked")
+ @SuppressWarnings( "unchecked" )
protected Class<T> getEntityClass()
{
if ( entityClass == null )
@@ -445,7 +453,7 @@
return entitySimpleName;
}
- @SuppressWarnings("unchecked")
+ @SuppressWarnings( "unchecked" )
protected T getEntityInstance()
{
try
