dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #29390
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 14837: AnalyticsSecurityManager, added method for applying data approval level constraints
------------------------------------------------------------
revno: 14837
committer: Lars Helge Øverland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Mon 2014-04-14 10:58:20 +0200
message:
AnalyticsSecurityManager, added method for applying data approval level constraints
modified:
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/AnalyticsSecurityManager.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java
dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/security/DefaultAnalyticsSecurityManager.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/AnalyticsSecurityManager.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/AnalyticsSecurityManager.java 2014-04-14 08:42:46 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/AnalyticsSecurityManager.java 2014-04-14 08:58:20 +0000
@@ -1,7 +1,38 @@
package org.hisp.dhis.analytics;
+/*
+ * Copyright (c) 2004-2014, University of Oslo
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ * Neither the name of the HISP project nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
+ * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
+ * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
import org.hisp.dhis.common.IllegalQueryException;
+/**
+ * @author Lars Helge Overland
+ */
public interface AnalyticsSecurityManager
{
/**
@@ -14,6 +45,15 @@
void decideAccess( DataQueryParams params );
/**
+ * Adds relevant data approval levels to the given query if system is configured
+ * to hide unapproved data from analytics and if there are relevant approval
+ * levels for current user.
+ *
+ * @param params the data query params.
+ */
+ void applyDataApprovalConstraints( DataQueryParams params );
+
+ /**
* Applies dimension constraints to the given params. Dimension constraints
* with all accessible dimension items will be added as filters to this query.
* If current user has no dimension constraints, no action is taken. If the
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java 2014-04-14 08:42:46 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/data/DefaultAnalyticsService.java 2014-04-14 08:58:20 +0000
@@ -209,6 +209,8 @@
{
securityManager.decideAccess( params );
+ securityManager.applyDataApprovalConstraints( params );
+
securityManager.applyDimensionConstraints( params );
queryPlanner.validate( params );
=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/security/DefaultAnalyticsSecurityManager.java'
--- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/security/DefaultAnalyticsSecurityManager.java 2014-04-14 08:42:46 +0000
+++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/security/DefaultAnalyticsSecurityManager.java 2014-04-14 08:58:20 +0000
@@ -2,6 +2,7 @@
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
@@ -14,7 +15,9 @@
import org.hisp.dhis.common.DimensionalObject;
import org.hisp.dhis.common.IllegalQueryException;
import org.hisp.dhis.common.NameableObject;
+import org.hisp.dhis.dataapproval.DataApprovalLevelService;
import org.hisp.dhis.organisationunit.OrganisationUnit;
+import org.hisp.dhis.setting.SystemSettingManager;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.springframework.beans.factory.annotation.Autowired;
@@ -28,8 +31,18 @@
private CurrentUserService currentUserService;
@Autowired
+ private DataApprovalLevelService approvalLevelService;
+
+ @Autowired
+ private SystemSettingManager systemSettingManager;
+
+ @Autowired
private DimensionService dimensionService;
+ // -------------------------------------------------------------------------
+ // AnalyticsSecurityManager implementation
+ // -------------------------------------------------------------------------
+
public void decideAccess( DataQueryParams params )
{
// ---------------------------------------------------------------------
@@ -58,6 +71,25 @@
}
}
+ public void applyDataApprovalConstraints( DataQueryParams params )
+ {
+ boolean approval = (Boolean) systemSettingManager.getSystemSetting( SystemSettingManager.KEY_HIDE_UNAPPROVED_DATA_IN_ANALYTICS, false );
+
+ User user = currentUserService.getCurrentUser();
+
+ if ( approval && user != null )
+ {
+ Map<OrganisationUnit, Integer> approvalLevels = approvalLevelService.getUserReadApprovalLevels();
+
+ if ( approvalLevels != null && !approvalLevels.isEmpty() )
+ {
+ params.setApprovalLevels( approvalLevels );
+
+ log.info( "User: " + user.getUsername() + " constrained by data approval levels: " + approvalLevels.values() );
+ }
+ }
+ }
+
public void applyDimensionConstraints( DataQueryParams params )
{
applyOrganisationUnitConstraint( params );
@@ -152,6 +184,4 @@
log.info( "User: " + user.getUsername() + " constrained by dimension: " + constraint.getDimension() );
}
}
-
-
}
