dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #29332
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14791: Analytics, impl access check for data view org units in analytics engine
------------------------------------------------------------
revno: 14791
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-04-11 09:50:58 +0200
message:
Analytics, impl access check for data view org units in analytics engine
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java
dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java
dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java 2014-03-24 13:53:21 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnit.java 2014-04-11 07:50:58 +0000
@@ -347,7 +347,29 @@
return false;
}
-
+
+ public boolean isEqualOrChildOf( Set<OrganisationUnit> ancestors )
+ {
+ if ( ancestors == null || ancestors.isEmpty() )
+ {
+ return false;
+ }
+
+ OrganisationUnit unit = this;
+
+ while ( unit != null )
+ {
+ if ( ancestors.contains( unit ) )
+ {
+ return true;
+ }
+
+ unit = unit.getParent();
+ }
+
+ return false;
+ }
+
public boolean hasCoordinatesUp()
{
if ( parent != null )
@@ -524,7 +546,7 @@
Collections.reverse( units );
return units;
}
-
+
public Set<DataElement> getDataElementsInDataSets()
{
Set<DataElement> dataElements = new HashSet<DataElement>();
@@ -741,7 +763,6 @@
}
@JsonProperty
- //@JsonSerialize( contentAs = BaseIdentifiableObject.class )
@JsonSerialize( contentUsing = JacksonOrganisationUnitChildrenSerializer.class)
@JsonView( { DetailedView.class } )
@JacksonXmlElementWrapper( localName = "children", namespace = DxfNamespaces.DXF_2_0 )
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java 2014-04-10 21:12:18 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/QueryPlanner.java 2014-04-11 07:50:58 +0000
@@ -113,6 +113,15 @@
List<DataQueryParams> groupByPeriodType( DataQueryParams params );
/**
+ * Decides whether the current user has privileges to execute the given query.
+ *
+ * @param params the data query params.
+ * @throws IllegalQueryException if the current user does not have privileges
+ * to execute the given query.
+ */
+ void decideAccess( DataQueryParams params );
+
+ /**
* Applies dimension constraints to the given params. Dimension constraints
* with all accessible dimension items will be added as filters to this query.
* If current user has no dimension constraints, no action is taken. If the
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java 2014-04-08 18:25:25 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java 2014-04-11 07:50:58 +0000
@@ -203,6 +203,8 @@
@Override
public Grid getAggregatedDataValues( DataQueryParams params )
{
+ queryPlanner.decideAccess( params );
+
queryPlanner.applyDimensionConstraints( params );
queryPlanner.validate( params );
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java 2014-04-10 22:52:55 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultQueryPlanner.java 2014-04-11 07:50:58 +0000
@@ -295,6 +295,34 @@
// Dimension constraints methods
// -------------------------------------------------------------------------
+ public void decideAccess( DataQueryParams params )
+ {
+ // ---------------------------------------------------------------------
+ // Check current user data view access to org units
+ // ---------------------------------------------------------------------
+
+ User user = currentUserService.getCurrentUser();
+
+ List<NameableObject> queryOrgUnits = params.getDimensionOrFilter( DimensionalObject.ORGUNIT_DIM_ID );
+
+ if ( queryOrgUnits == null || user == null || !user.hasDataViewOrganisationUnit() )
+ {
+ return;
+ }
+
+ Set<OrganisationUnit> viewOrgUnits = user.getDataViewOrganisationUnits();
+
+ for ( NameableObject object : queryOrgUnits )
+ {
+ OrganisationUnit queryOrgUnit = (OrganisationUnit) object;
+
+ if ( !queryOrgUnit.isEqualOrChildOf( viewOrgUnits ) )
+ {
+ throw new IllegalQueryException( "Org unit is not viewable for current user: " + queryOrgUnit.getUid() );
+ }
+ }
+ }
+
public void applyDimensionConstraints( DataQueryParams params )
{
applyOrganisationUnitConstraint( params );
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java'
--- dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/test/java/org/hisp/dhis/organisationunit/OrganisationUnitServiceTest.java 2014-04-11 07:50:58 +0000
@@ -28,9 +28,12 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import org.hisp.dhis.DhisSpringTest;
-import org.junit.Ignore;
-import org.junit.Test;
+import static org.hisp.dhis.system.util.CollectionUtils.asSet;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
import java.util.ArrayList;
import java.util.Arrays;
@@ -39,7 +42,9 @@
import java.util.Iterator;
import java.util.List;
-import static org.junit.Assert.*;
+import org.hisp.dhis.DhisSpringTest;
+import org.junit.Ignore;
+import org.junit.Test;
/**
* @author Kristian Nordal
@@ -306,6 +311,32 @@
assertTrue( organisationUnitService.getOrganisationUnit( unit1.getId() ).getOrganisationUnitLevel() == 1 );
assertTrue( organisationUnitService.getOrganisationUnit( unit6.getId() ).getOrganisationUnitLevel() == 4 );
}
+
+ @Test
+ public void testIsEqualOrChildOf()
+ {
+ OrganisationUnit unit1 = createOrganisationUnit( '1' );
+ organisationUnitService.addOrganisationUnit( unit1 );
+
+ OrganisationUnit unit2 = createOrganisationUnit( '2', unit1 );
+ unit1.getChildren().add( unit2 );
+ organisationUnitService.addOrganisationUnit( unit2 );
+
+ OrganisationUnit unit3 = createOrganisationUnit( '3', unit2 );
+ unit2.getChildren().add( unit3 );
+ organisationUnitService.addOrganisationUnit( unit3 );
+
+ OrganisationUnit unit4 = createOrganisationUnit( '4' );
+ organisationUnitService.addOrganisationUnit( unit4 );
+
+ assertTrue( unit1.isEqualOrChildOf( asSet( unit1 ) ) );
+ assertTrue( unit2.isEqualOrChildOf( asSet( unit1 ) ) );
+ assertTrue( unit3.isEqualOrChildOf( asSet( unit1 ) ) );
+ assertTrue( unit2.isEqualOrChildOf( asSet( unit1, unit3 ) ) );
+
+ assertFalse( unit2.isEqualOrChildOf( asSet( unit3 ) ) );
+ assertFalse( unit4.isEqualOrChildOf( asSet( unit1 ) ) );
+ }
@Test
public void testGetOrganisationUnitAtLevelAndBranch()
=== modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java'
--- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java 2014-03-18 08:10:10 +0000
+++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/util/CollectionUtils.java 2014-04-11 07:50:58 +0000
@@ -83,4 +83,16 @@
{
return collection != null ? collection : new HashSet<T>();
}
+
+ public static <T> Set<T> asSet( T... items )
+ {
+ Set<T> set = new HashSet<T>();
+
+ for ( T item : items )
+ {
+ set.add( item );
+ }
+
+ return set;
+ }
}
