dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #32121
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 16412: centralized code for getting Access object, added access properties to /api/me/ APIs.
------------------------------------------------------------
revno: 16412
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Fri 2014-08-15 14:02:10 +0700
message:
centralized code for getting Access object, added access properties to /api/me/ APIs.
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java
dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 2014-04-13 04:08:20 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/acl/AclService.java 2014-08-15 07:02:10 +0000
@@ -185,4 +185,20 @@
<T extends IdentifiableObject> boolean defaultPublic( Class<T> klass );
Class<? extends IdentifiableObject> classForType( String type );
+
+ /**
+ * Return the access object for a object.
+ *
+ * @param object Object to check for access
+ * @return Populated access instance
+ */
+ <T extends IdentifiableObject> Access getAccess( T object );
+
+ /**
+ * Return the access object for a object.
+ *
+ * @param object Object to check for access
+ * @return Populated access instance
+ */
+ <T extends IdentifiableObject> Access getAccess( T object, User user );
}
=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java'
--- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-06-18 10:07:33 +0000
+++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-08-15 07:02:10 +0000
@@ -33,6 +33,7 @@
import org.hisp.dhis.schema.AuthorityType;
import org.hisp.dhis.schema.Schema;
import org.hisp.dhis.schema.SchemaService;
+import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.user.UserGroup;
import org.hisp.dhis.user.UserGroupAccess;
@@ -52,6 +53,9 @@
@Autowired
private SchemaService schemaService;
+ @Autowired
+ private CurrentUserService currentUserService;
+
@Override
public boolean isSupported( String type )
{
@@ -239,7 +243,7 @@
Schema schema = schemaService.getSchema( klass );
return !(schema == null || !schema.isShareable())
&& ((!schema.getAuthorityByType( AuthorityType.EXTERNALIZE ).isEmpty() && haveOverrideAuthority( user ))
- || haveAuthority( user, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ));
+ || haveAuthority( user, schema.getAuthorityByType( AuthorityType.EXTERNALIZE ) ));
}
@Override
@@ -250,7 +254,7 @@
}
@Override
- @SuppressWarnings( "unchecked" )
+ @SuppressWarnings("unchecked")
public Class<? extends IdentifiableObject> classForType( String type )
{
Schema schema = schemaService.getSchemaBySingularName( type );
@@ -277,4 +281,24 @@
{
return containsAny( user.getUserCredentials().getAllAuthorities(), requiredAuthorities );
}
+
+ @Override
+ public <T extends IdentifiableObject> Access getAccess( T object )
+ {
+ return getAccess( object, currentUserService.getCurrentUser() );
+ }
+
+ @Override
+ public <T extends IdentifiableObject> Access getAccess( T object, User user )
+ {
+ Access access = new Access();
+ access.setManage( canManage( user, object ) );
+ access.setExternalize( canExternalize( user, object.getClass() ) );
+ access.setWrite( canWrite( user, object ) );
+ access.setRead( canRead( user, object ) );
+ access.setUpdate( canUpdate( user, object ) );
+ access.setDelete( canDelete( user, object ) );
+
+ return access;
+ }
}
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java 2014-08-13 11:34:42 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java 2014-08-15 07:02:10 +0000
@@ -31,7 +31,6 @@
import com.google.common.base.Enums;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
-import org.hisp.dhis.acl.Access;
import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.BaseIdentifiableObject;
import org.hisp.dhis.common.DxfNamespaces;
@@ -57,7 +56,6 @@
import org.hisp.dhis.schema.Schema;
import org.hisp.dhis.schema.SchemaService;
import org.hisp.dhis.user.CurrentUserService;
-import org.hisp.dhis.user.User;
import org.hisp.dhis.webapi.controller.exception.NotFoundException;
import org.hisp.dhis.webapi.service.ContextService;
import org.hisp.dhis.webapi.service.LinkService;
@@ -128,7 +126,7 @@
// GET
//--------------------------------------------------------------------------
- @RequestMapping( method = RequestMethod.GET )
+ @RequestMapping(method = RequestMethod.GET)
public @ResponseBody RootNode getObjectList(
@RequestParam Map<String, String> parameters, HttpServletResponse response, HttpServletRequest request )
{
@@ -242,15 +240,15 @@
return rootNode;
}
- @RequestMapping( value = "/{uid}/{property}", method = RequestMethod.GET )
- public @ResponseBody RootNode getObjectProperty( @PathVariable( "uid" ) String uid, @PathVariable( "property" ) String property,
+ @RequestMapping(value = "/{uid}/{property}", method = RequestMethod.GET)
+ public @ResponseBody RootNode getObjectProperty( @PathVariable("uid") String uid, @PathVariable("property") String property,
@RequestParam Map<String, String> parameters, HttpServletRequest request, HttpServletResponse response ) throws Exception
{
return getObjectInternal( uid, parameters, Lists.<String>newArrayList(), Lists.newArrayList( property ) );
}
- @RequestMapping( value = "/{uid}", method = RequestMethod.GET )
- public @ResponseBody RootNode getObject( @PathVariable( "uid" ) String uid, @RequestParam Map<String, String> parameters,
+ @RequestMapping(value = "/{uid}", method = RequestMethod.GET)
+ public @ResponseBody RootNode getObject( @PathVariable("uid") String uid, @RequestParam Map<String, String> parameters,
HttpServletRequest request, HttpServletResponse response ) throws Exception
{
List<String> fields = Lists.newArrayList( contextService.getParameterValues( "fields" ) );
@@ -322,7 +320,7 @@
// POST
//--------------------------------------------------------------------------
- @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } )
+ @RequestMapping(method = RequestMethod.POST, consumes = { "application/xml", "text/xml" })
public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
{
if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
@@ -341,7 +339,7 @@
renderService.toXml( response.getOutputStream(), summary );
}
- @RequestMapping( method = RequestMethod.POST, consumes = "application/json" )
+ @RequestMapping(method = RequestMethod.POST, consumes = "application/json")
public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception
{
if ( !aclService.canCreate( currentUserService.getCurrentUser(), getEntityClass() ) )
@@ -364,9 +362,9 @@
// PUT
//--------------------------------------------------------------------------
- @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { MediaType.APPLICATION_XML_VALUE, MediaType.TEXT_XML_VALUE } )
- @ResponseStatus( value = HttpStatus.NO_CONTENT )
- public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+ @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { MediaType.APPLICATION_XML_VALUE, MediaType.TEXT_XML_VALUE })
+ @ResponseStatus(value = HttpStatus.NO_CONTENT)
+ public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream
input ) throws Exception
{
List<T> objects = getEntity( uid );
@@ -395,9 +393,9 @@
renderService.toXml( response.getOutputStream(), summary );
}
- @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE )
- @ResponseStatus( value = HttpStatus.NO_CONTENT )
- public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream
+ @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE)
+ @ResponseStatus(value = HttpStatus.NO_CONTENT)
+ public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream
input ) throws Exception
{
List<T> objects = getEntity( uid );
@@ -430,9 +428,9 @@
// DELETE
//--------------------------------------------------------------------------
- @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE )
- @ResponseStatus( value = HttpStatus.NO_CONTENT )
- public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid ) throws
+ @RequestMapping(value = "/{uid}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE)
+ @ResponseStatus(value = HttpStatus.NO_CONTENT)
+ public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid ) throws
Exception
{
List<T> objects = getEntity( uid );
@@ -555,19 +553,9 @@
protected void addAccessProperties( List<T> objects )
{
- User user = currentUserService.getCurrentUser();
-
for ( T object : objects )
{
- Access access = new Access();
- access.setManage( aclService.canManage( user, object ) );
- access.setExternalize( aclService.canExternalize( user, object.getClass() ) );
- access.setWrite( aclService.canWrite( user, object ) );
- access.setRead( aclService.canRead( user, object ) );
- access.setUpdate( aclService.canUpdate( user, object ) );
- access.setDelete( aclService.canDelete( user, object ) );
-
- ((BaseIdentifiableObject) object).setAccess( access );
+ ((BaseIdentifiableObject) object).setAccess( aclService.getAccess( object ) );
}
}
@@ -594,7 +582,7 @@
private String entitySimpleName;
- @SuppressWarnings( "unchecked" )
+ @SuppressWarnings("unchecked")
protected Class<T> getEntityClass()
{
if ( entityClass == null )
@@ -626,7 +614,7 @@
return entitySimpleName;
}
- @SuppressWarnings( "unchecked" )
+ @SuppressWarnings("unchecked")
protected T getEntityInstance()
{
try
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java 2014-08-12 06:42:44 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/user/CurrentUserController.java 2014-08-15 07:02:10 +0000
@@ -29,8 +29,8 @@
*/
import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
import org.apache.commons.collections.CollectionUtils;
+import org.hisp.dhis.acl.AclService;
import org.hisp.dhis.common.IdentifiableObjectManager;
import org.hisp.dhis.common.view.DetailedView;
import org.hisp.dhis.dataelement.DataElement;
@@ -38,7 +38,9 @@
import org.hisp.dhis.dataset.DataSetService;
import org.hisp.dhis.dxf2.utils.JacksonUtils;
import org.hisp.dhis.i18n.I18nService;
+import org.hisp.dhis.interpretation.Interpretation;
import org.hisp.dhis.interpretation.InterpretationService;
+import org.hisp.dhis.message.MessageConversation;
import org.hisp.dhis.message.MessageService;
import org.hisp.dhis.organisationunit.OrganisationUnit;
import org.hisp.dhis.organisationunit.OrganisationUnitService;
@@ -134,6 +136,9 @@
@Autowired
private I18nService i18nService;
+ @Autowired
+ protected AclService aclService;
+
@RequestMapping( produces = { "application/json", "text/*" } )
public void getCurrentUser( HttpServletResponse response ) throws Exception
{
@@ -158,12 +163,15 @@
throw new NotAuthenticatedException();
}
- Map<String, List<?>> output = Maps.newHashMap();
List<org.hisp.dhis.dashboard.Dashboard> dashboards = Lists.newArrayList( manager.getAll( org.hisp.dhis.dashboard.Dashboard.class ) );
- output.put( "dashboards", dashboards );
+
+ for ( org.hisp.dhis.dashboard.Dashboard dashboard : dashboards )
+ {
+ dashboard.setAccess( aclService.getAccess( dashboard ) );
+ }
response.setContentType( MediaType.APPLICATION_JSON_VALUE );
- JacksonUtils.toJsonWithView( response.getOutputStream(), output, DetailedView.class );
+ JacksonUtils.toJsonWithView( response.getOutputStream(), dashboards, DetailedView.class );
}
@RequestMapping( value = "/inbox", produces = { "application/json", "text/*" } )
@@ -180,6 +188,16 @@
inbox.setMessageConversations( new ArrayList<>( messageService.getMessageConversations( 0, MAX_OBJECTS ) ) );
inbox.setInterpretations( new ArrayList<>( interpretationService.getInterpretations( 0, MAX_OBJECTS ) ) );
+ for ( org.hisp.dhis.message.MessageConversation messageConversation : inbox.getMessageConversations() )
+ {
+ messageConversation.setAccess( aclService.getAccess( messageConversation ) );
+ }
+
+ for ( Interpretation interpretation : inbox.getInterpretations() )
+ {
+ interpretation.setAccess( aclService.getAccess( interpretation ) );
+ }
+
response.setContentType( MediaType.APPLICATION_JSON_VALUE );
JacksonUtils.toJson( response.getOutputStream(), inbox );
}
@@ -195,7 +213,15 @@
}
response.setContentType( MediaType.APPLICATION_JSON_VALUE );
- JacksonUtils.toJson( response.getOutputStream(), new ArrayList<>( messageService.getMessageConversations( 0, MAX_OBJECTS ) ) );
+
+ List<MessageConversation> messageConversations = new ArrayList<>( messageService.getMessageConversations( 0, MAX_OBJECTS ) );
+
+ for ( org.hisp.dhis.message.MessageConversation messageConversation : messageConversations )
+ {
+ messageConversation.setAccess( aclService.getAccess( messageConversation ) );
+ }
+
+ JacksonUtils.toJson( response.getOutputStream(), messageConversations );
}
@RequestMapping( value = "/inbox/interpretations", produces = { "application/json", "text/*" } )
@@ -209,7 +235,14 @@
}
response.setContentType( MediaType.APPLICATION_JSON_VALUE );
- JacksonUtils.toJson( response.getOutputStream(), new ArrayList<>( interpretationService.getInterpretations( 0, MAX_OBJECTS ) ) );
+ List<Interpretation> interpretations = new ArrayList<>( interpretationService.getInterpretations( 0, MAX_OBJECTS ) );
+
+ for ( Interpretation interpretation : interpretations )
+ {
+ interpretation.setAccess( aclService.getAccess( interpretation ) );
+ }
+
+ JacksonUtils.toJson( response.getOutputStream(), interpretations );
}
@RequestMapping( value = "/dashboard", produces = { "application/json", "text/*" } )
