dhis2-devs team mailing list archive
-
dhis2-devs team
-
Mailing list archive
-
Message #42744
[Branch ~dhis2-devs-core/dhis2/trunk] Rev 21814: Don't allow resizing of dashboards if it is only shared to you with read-only permissions
------------------------------------------------------------
revno: 21814
committer: Morten Olav Hansen <mortenoh@xxxxxxxxx>
branch nick: dhis2
timestamp: Tue 2016-01-26 15:55:27 +0700
message:
Don't allow resizing of dashboards if it is only shared to you with read-only permissions
modified:
dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardItemStore.java
dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardService.java
dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/hibernate/HibernateDashboardItemStore.java
dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/impl/DefaultDashboardService.java
dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/DashboardItemController.java
--
lp:dhis2
https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk
Your team DHIS 2 developers is subscribed to branch lp:dhis2.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-devs-core/dhis2/trunk/+edit-subscription
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardItemStore.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardItemStore.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardItemStore.java 2016-01-26 08:55:27 +0000
@@ -50,4 +50,6 @@
int countReportDashboardItems( Report report );
int countDocumentDashboardItems( Document document );
+
+ Dashboard getDashboardFromDashboardItem( DashboardItem dashboardItem );
}
=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardService.java'
--- dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardService.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/dashboard/DashboardService.java 2016-01-26 08:55:27 +0000
@@ -74,7 +74,9 @@
void updateDashboardItem( DashboardItem item );
DashboardItem getDashboardItem( String uid );
-
+
+ Dashboard getDashboardFromDashboardItem( DashboardItem dashboardItem );
+
void deleteDashboardItem( DashboardItem item );
int countMapDashboardItems( Map map );
=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/hibernate/HibernateDashboardItemStore.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/hibernate/HibernateDashboardItemStore.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/hibernate/HibernateDashboardItemStore.java 2016-01-26 08:55:27 +0000
@@ -31,6 +31,7 @@
import org.hibernate.Query;
import org.hisp.dhis.chart.Chart;
import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore;
+import org.hisp.dhis.dashboard.Dashboard;
import org.hisp.dhis.dashboard.DashboardItem;
import org.hisp.dhis.dashboard.DashboardItemStore;
import org.hisp.dhis.document.Document;
@@ -88,4 +89,13 @@
return ((Long) query.uniqueResult()).intValue();
}
+
+ @Override
+ public Dashboard getDashboardFromDashboardItem( DashboardItem dashboardItem )
+ {
+ Query query = getQuery( "from Dashboard d where :item in elements(d.items)" );
+ query.setEntity( "item", dashboardItem );
+
+ return (Dashboard) query.uniqueResult();
+ }
}
=== modified file 'dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/impl/DefaultDashboardService.java'
--- dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/impl/DefaultDashboardService.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-services/dhis-service-reporting/src/main/java/org/hisp/dhis/dashboard/impl/DefaultDashboardService.java 2016-01-26 08:55:27 +0000
@@ -28,11 +28,7 @@
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-import static org.hisp.dhis.common.IdentifiableObjectUtils.getUids;
-
-import java.util.HashSet;
-import java.util.Set;
-
+import com.google.common.collect.Sets;
import org.hisp.dhis.chart.Chart;
import org.hisp.dhis.common.IdentifiableObjectManager;
import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore;
@@ -54,7 +50,10 @@
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Transactional;
-import com.google.common.collect.Sets;
+import java.util.HashSet;
+import java.util.Set;
+
+import static org.hisp.dhis.common.IdentifiableObjectUtils.getUids;
/**
* Note: The remove associations methods must be altered if caching is introduced.
@@ -306,6 +305,12 @@
}
@Override
+ public Dashboard getDashboardFromDashboardItem( DashboardItem dashboardItem )
+ {
+ return dashboardItemStore.getDashboardFromDashboardItem( dashboardItem );
+ }
+
+ @Override
public void deleteDashboardItem( DashboardItem item )
{
dashboardItemStore.delete( item );
=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/DashboardItemController.java'
--- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/DashboardItemController.java 2016-01-04 02:27:49 +0000
+++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/DashboardItemController.java 2016-01-26 08:55:27 +0000
@@ -29,12 +29,13 @@
*/
import com.google.common.collect.Lists;
-
import org.hisp.dhis.common.Pager;
+import org.hisp.dhis.dashboard.Dashboard;
import org.hisp.dhis.dashboard.DashboardItem;
import org.hisp.dhis.dashboard.DashboardItemShape;
import org.hisp.dhis.dashboard.DashboardService;
import org.hisp.dhis.dxf2.webmessage.WebMessageException;
+import org.hisp.dhis.hibernate.exception.UpdateAccessDeniedException;
import org.hisp.dhis.query.Order;
import org.hisp.dhis.schema.descriptors.DashboardItemSchemaDescriptor;
import org.hisp.dhis.webapi.utils.WebMessageUtils;
@@ -48,7 +49,6 @@
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-
import java.util.List;
/**
@@ -95,6 +95,13 @@
throw new WebMessageException( WebMessageUtils.notFound( "Dashboard item does not exist: " + uid ) );
}
+ Dashboard dashboard = dashboardService.getDashboardFromDashboardItem( item );
+
+ if ( !aclService.canUpdate( currentUserService.getCurrentUser(), dashboard ) )
+ {
+ throw new UpdateAccessDeniedException( "You don't have the proper permissions to update this dashboard." );
+ }
+
item.setShape( shape );
dashboardService.updateDashboardItem( item );