dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 19348: Support AuthorityType.READ in AbstractCrudController, if this is not present, it will function as...

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 11 Jun 2015 02:47:27 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 19348
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2015-06-11 09:45:21 +0700
message:
  Support AuthorityType.READ in AbstractCrudController, if this is not present, it will function as before (used in OAuth2ClientSchemaDescriptor for now)
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java	2015-06-10 12:17:45 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/AbstractCrudController.java	2015-06-11 02:45:21 +0000
@@ -167,6 +167,11 @@
         WebOptions options = new WebOptions( rpParameters );
         WebMetaData metaData = new WebMetaData();
 
+        if ( !aclService.canRead( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new ReadAccessDeniedException( "You don't have the proper permissions to read objects of this type." );
+        }
+
         if ( fields.isEmpty() )
         {
             fields.add( ":identifiable" );
@@ -216,6 +221,11 @@
         TranslateOptions translateOptions,
         HttpServletRequest request, HttpServletResponse response ) throws Exception
     {
+        if ( !aclService.canRead( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new ReadAccessDeniedException( "You don't have the proper permissions to read objects of this type." );
+        }
+
         List<String> fields = Lists.newArrayList( contextService.getParameterValues( "fields" ) );
         List<String> filters = Lists.newArrayList( contextService.getParameterValues( "filter" ) );
 
@@ -234,6 +244,11 @@
         TranslateOptions translateOptions,
         HttpServletRequest request, HttpServletResponse response ) throws Exception
     {
+        if ( !aclService.canRead( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new ReadAccessDeniedException( "You don't have the proper permissions to read objects of this type." );
+        }
+
         List<String> fields = Lists.newArrayList( contextService.getParameterValues( "fields" ) );
 
         if ( fields.isEmpty() )
@@ -633,6 +648,11 @@
         TranslateOptions translateOptions,
         HttpServletRequest request, HttpServletResponse response ) throws Exception
     {
+        if ( !aclService.canRead( currentUserService.getCurrentUser(), getEntityClass() ) )
+        {
+            throw new ReadAccessDeniedException( "You don't have the proper permissions to read objects of this type." );
+        }
+
         RootNode rootNode = getObjectInternal( pvUid, parameters, Lists.<String>newArrayList(), Lists.newArrayList( pvProperty + "[:all]" ), translateOptions );
 
         // TODO optimize this using field filter (collection filtering)