← Back to team overview

dhis2-devs team mailing list archive

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14791: Analytics, impl access check for data view org units in analytics engine

 

------------------------------------------------------------
revno: 14791
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-04-11 09:50:58 +0200
message:
  Analytics, impl access check for data view org units in analytics engine
modified:
  dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java
  dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java
  dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java
  dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java
  dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java
  dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java	2014-03-24 13:53:21 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java	2014-04-11 07:50:58 +0000
@@ -347,7 +347,29 @@
 
         return false;
     }
-    
+
+    public boolean isEqualOrChildOf( Set<OrganisationUnit> ancestors )
+    {
+        if ( ancestors == null || ancestors.isEmpty() )
+        {
+            return false;
+        }
+        
+        OrganisationUnit unit = this;
+
+        while ( unit != null )
+        {
+            if ( ancestors.contains( unit ) )
+            {
+                return true;
+            }
+            
+            unit = unit.getParent();
+        }
+        
+        return false;        
+    }
+
     public boolean hasCoordinatesUp()
     {
         if ( parent != null )
@@ -524,7 +546,7 @@
         Collections.reverse( units );
         return units;
     }
-
+    
     public Set<DataElement> getDataElementsInDataSets()
     {
         Set<DataElement> dataElements = new HashSet<DataElement>();
@@ -741,7 +763,6 @@
     }
 
     @JsonProperty
-    //@JsonSerialize( contentAs = BaseIdentifiableObject.class )
     @JsonSerialize( contentUsing = JacksonOrganisationUnitChildrenSerializer.class)
     @JsonView( { DetailedView.class } )
     @JacksonXmlElementWrapper( localName = "children", namespace = DxfNamespaces.DXF_2_0 )

=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java	2014-04-10 21:12:18 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java	2014-04-11 07:50:58 +0000
@@ -113,6 +113,15 @@
     List<DataQueryParams> groupByPeriodType( DataQueryParams params );
     
     /**
+     * Decides whether the current user has privileges to execute the given query.
+     * 
+     * @param params the data query params.
+     * @throws IllegalQueryException if the current user does not have privileges
+     *         to execute the given query.
+     */
+    void decideAccess( DataQueryParams params );
+    
+    /**
      * Applies dimension constraints to the given params. Dimension constraints
      * with all accessible dimension items will be added as filters to this query.
      * If current user has no dimension constraints, no action is taken. If the 

=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java	2014-04-08 18:25:25 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java	2014-04-11 07:50:58 +0000
@@ -203,6 +203,8 @@
     @Override
     public Grid getAggregatedDataValues( DataQueryParams params )
     {
+        queryPlanner.decideAccess( params );
+        
         queryPlanner.applyDimensionConstraints( params );
         
         queryPlanner.validate( params );

=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java	2014-04-10 22:52:55 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java	2014-04-11 07:50:58 +0000
@@ -295,6 +295,34 @@
     // Dimension constraints methods
     // -------------------------------------------------------------------------
     
+    public void decideAccess( DataQueryParams params )
+    {
+        // ---------------------------------------------------------------------
+        // Check current user data view access to org units
+        // ---------------------------------------------------------------------
+        
+        User user = currentUserService.getCurrentUser();
+        
+        List<NameableObject> queryOrgUnits = params.getDimensionOrFilter( DimensionalObject.ORGUNIT_DIM_ID );
+        
+        if ( queryOrgUnits == null || user == null || !user.hasDataViewOrganisationUnit() )
+        {
+            return;
+        }
+        
+        Set<OrganisationUnit> viewOrgUnits = user.getDataViewOrganisationUnits();
+        
+        for ( NameableObject object : queryOrgUnits )
+        {
+            OrganisationUnit queryOrgUnit = (OrganisationUnit) object;
+            
+            if ( !queryOrgUnit.isEqualOrChildOf( viewOrgUnits ) )
+            {
+                throw new IllegalQueryException( "Org unit is not viewable for current user: " + queryOrgUnit.getUid() );
+            }
+        }
+    }
+    
     public void applyDimensionConstraints( DataQueryParams params )
     {
         applyOrganisationUnitConstraint( params );

=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java	2014-04-11 07:50:58 +0000
@@ -28,9 +28,12 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.hisp.dhis.DhisSpringTest;
-import org.junit.Ignore;
-import org.junit.Test;
+import static org.hisp.dhis.system.util.CollectionUtils.asSet;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
 
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -39,7 +42,9 @@
 import java.util.Iterator;
 import java.util.List;
 
-import static org.junit.Assert.*;
+import org.hisp.dhis.DhisSpringTest;
+import org.junit.Ignore;
+import org.junit.Test;
 
 /**
  * @author Kristian Nordal
@@ -306,6 +311,32 @@
         assertTrue( organisationUnitService.getOrganisationUnit( unit1.getId() ).getOrganisationUnitLevel() == 1 );
         assertTrue( organisationUnitService.getOrganisationUnit( unit6.getId() ).getOrganisationUnitLevel() == 4 );
     }
+    
+    @Test
+    public void testIsEqualOrChildOf()
+    {
+        OrganisationUnit unit1 = createOrganisationUnit( '1' );
+        organisationUnitService.addOrganisationUnit( unit1 );
+
+        OrganisationUnit unit2 = createOrganisationUnit( '2', unit1 );
+        unit1.getChildren().add( unit2 );
+        organisationUnitService.addOrganisationUnit( unit2 );
+
+        OrganisationUnit unit3 = createOrganisationUnit( '3', unit2 );
+        unit2.getChildren().add( unit3 );
+        organisationUnitService.addOrganisationUnit( unit3 );
+
+        OrganisationUnit unit4 = createOrganisationUnit( '4' );
+        organisationUnitService.addOrganisationUnit( unit4 );
+        
+        assertTrue( unit1.isEqualOrChildOf( asSet( unit1 ) ) );
+        assertTrue( unit2.isEqualOrChildOf( asSet( unit1 ) ) );
+        assertTrue( unit3.isEqualOrChildOf( asSet( unit1 ) ) );
+        assertTrue( unit2.isEqualOrChildOf( asSet( unit1, unit3 ) ) );
+        
+        assertFalse( unit2.isEqualOrChildOf( asSet( unit3 ) ) );
+        assertFalse( unit4.isEqualOrChildOf( asSet( unit1 ) ) );
+    }
 
     @Test
     public void testGetOrganisationUnitAtLevelAndBranch()

=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java	2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java	2014-04-11 07:50:58 +0000
@@ -83,4 +83,16 @@
     {
         return collection != null ? collection : new HashSet<T>();
     }
+    
+    public static <T> Set<T> asSet( T... items )
+    {
+        Set<T> set = new HashSet<T>();
+        
+        for ( T item : items )
+        {
+            set.add( item );
+        }
+        
+        return set;
+    }
 }