dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-devs-core/dhis2/trunk] Rev 20075: ConfigurationController. Added authentication. Added response status code.

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Thu, 10 Sep 2015 10:28:30 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 20075
committer: Lars Helge Overland <larshelge@xxxxxxxxx>
branch nick: dhis2
timestamp: Thu 2015-09-10 12:27:32 +0200
message:
  ConfigurationController. Added authentication. Added response status code.
modified:
  dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java


--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk

Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription

=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java	2015-09-09 15:25:28 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/ConfigurationController.java	2015-09-10 10:27:32 +0000
@@ -28,13 +28,13 @@
  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-import org.bouncycastle.ocsp.Req;
+import javax.servlet.http.HttpServletRequest;
+
 import org.hisp.dhis.common.BaseIdentifiableObject;
 import org.hisp.dhis.common.IdentifiableObjectManager;
 import org.hisp.dhis.configuration.Configuration;
 import org.hisp.dhis.configuration.ConfigurationService;
 import org.hisp.dhis.dataelement.DataElementGroup;
-import org.hisp.dhis.hibernate.exception.CreateAccessDeniedException;
 import org.hisp.dhis.indicator.IndicatorGroup;
 import org.hisp.dhis.organisationunit.OrganisationUnit;
 import org.hisp.dhis.organisationunit.OrganisationUnitLevel;
@@ -44,13 +44,14 @@
 import org.hisp.dhis.user.UserGroup;
 import org.hisp.dhis.webapi.controller.exception.NotFoundException;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
-
-import javax.servlet.http.HttpServletRequest;
+import org.springframework.web.bind.annotation.ResponseStatus;
 
 /**
  * @author Lars Helge Overland
@@ -68,6 +69,8 @@
     @Autowired
     private PeriodService periodService;
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/systemId", method = RequestMethod.GET )
     private String getSystemId( Model model, HttpServletRequest request )
     {
@@ -80,6 +83,8 @@
         return setModel( model, configurationService.getConfiguration().getFeedbackRecipients() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/feedbackRecipients/{uid}", method = RequestMethod.POST )
     private void setFeedbackRecipients( @PathVariable( "uid" ) String uid )
         throws NotFoundException
@@ -104,6 +109,8 @@
         return setModel( model, configurationService.getConfiguration().getOfflineOrganisationUnitLevel() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/offlineOrganisationUnitLevel/{uid}", method = RequestMethod.POST )
     private void setOfflineOrganisationUnitLevels( @PathVariable( "uid" ) String uid )
         throws NotFoundException
@@ -128,6 +135,8 @@
         return setModel( model, configurationService.getConfiguration().getInfrastructuralIndicators() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/infrastructuralIndicators/{uid}", method = RequestMethod.POST )
     private void setInfrastructuralIndicators( @PathVariable( "uid" ) String uid )
         throws NotFoundException
@@ -152,6 +161,8 @@
         return setModel( model, configurationService.getConfiguration().getInfrastructuralDataElements() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/infrastructuralDataElements/{uid}", method = RequestMethod.POST )
     private void setInfrastructuralDataElements( @PathVariable("uid") String uid )
         throws NotFoundException
@@ -179,6 +190,8 @@
         return setModel( model, entity );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/infrastructuralPeriodType/{name}", method = RequestMethod.POST )
     private void setInfrastructuralPeriodType( @PathVariable( "name" ) String name )
         throws NotFoundException
@@ -191,8 +204,10 @@
         }
 
         Configuration config = configurationService.getConfiguration();
+        
+        periodType = periodService.reloadPeriodType( periodType );
 
-        config.setInfrastructuralPeriodType( periodService.reloadPeriodType( periodType ) );
+        config.setInfrastructuralPeriodType( periodType );
 
         configurationService.setConfiguration( config );
     }
@@ -203,6 +218,8 @@
         return setModel( model, configurationService.getConfiguration().getSelfRegistrationRole() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/selfRegistrationRole/{uid}", method = RequestMethod.POST )
     private void setSelfRegistrationRole( @PathVariable( "uid" ) String uid )
         throws NotFoundException
@@ -221,12 +238,14 @@
         configurationService.setConfiguration( config );
     }
 
+    @ResponseStatus( value = HttpStatus.OK )
     @RequestMapping( value = "/selfRegistrationOrgUnit", method = RequestMethod.GET )
     private String getSelfRegistrationOrgUnit( Model model, HttpServletRequest request )
     {
         return setModel( model, configurationService.getConfiguration().getSelfRegistrationOrgUnit() );
     }
 
+    @PreAuthorize( "hasRole('ALL') or hasRole('F_SYSTEM_SETTING')" )
     @RequestMapping( value = "/selfRegistrationOrgUnit/{uid}", method = RequestMethod.POST )
     private void setSelfRegistrationOrgUnit( @PathVariable( "uid" ) String uid )
         throws NotFoundException