=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java 2013-02-04 14:57:16 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitService.java 2013-02-07 12:57:52 +0000 @@ -102,6 +102,14 @@ OrganisationUnit getOrganisationUnit( String uid ); /** + * Returns the OrganisationUnit with the given UID. + * + * @param uuid the UID of the OrganisationUnit to return. + * @return the OrganisationUnit with the given UID, or null if no match. + */ + OrganisationUnit getOrganisationUnitByUuid( String uuid ); + + /** * Returns the OrganisationUnit with the given code. * * @param code the code of the OrganisationUnit to return. === modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitStore.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitStore.java 2012-12-13 10:47:58 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/organisationunit/OrganisationUnitStore.java 2013-02-07 12:57:52 +0000 @@ -50,6 +50,14 @@ // ------------------------------------------------------------------------- /** + * Retrieves the object with the given uid. + * + * @param uuid the uid. + * @return the object with the given uid. + */ + OrganisationUnit getByUuid( String uuid ); + + /** * Returns all OrganisationUnits by status. * * @param active Get active or inactive @@ -144,7 +152,7 @@ * Retrieves the objects determined by the given first result and max result * which status is like the current status, and lastUpdated is larger or equal. * - * @param status the name which result object names must be like. + * @param status the name which result object names must be like. * @param lastUpdated the name which result object names must be like. * @param first the first result object to return. * @param max the max number of result objects to return. === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java 2013-02-04 14:57:16 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/DefaultOrganisationUnitService.java 2013-02-07 12:57:52 +0000 @@ -225,6 +225,11 @@ return organisationUnitStore.getByUid( uid ); } + public OrganisationUnit getOrganisationUnitByUuid( String uuid ) + { + return organisationUnitStore.getByUid( uuid ); + } + public List getOrganisationUnitByName( String name ) { return organisationUnitStore.getAllEqName( name ); === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java 2013-01-14 21:35:56 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java 2013-02-07 12:57:52 +0000 @@ -29,9 +29,13 @@ import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang.StringUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import org.hibernate.Criteria; import org.hibernate.Query; import org.hibernate.criterion.Restrictions; +import org.hisp.dhis.common.AuditLogUtil; +import org.hisp.dhis.common.SharingUtils; import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore; import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.organisationunit.OrganisationUnitGroup; @@ -39,7 +43,10 @@ import org.hisp.dhis.organisationunit.OrganisationUnitService; import org.hisp.dhis.organisationunit.OrganisationUnitStore; import org.hisp.dhis.system.objectmapper.OrganisationUnitRelationshipRowMapper; +import org.hisp.dhis.user.CurrentUserService; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.jdbc.core.RowCallbackHandler; +import org.springframework.security.access.AccessDeniedException; import java.sql.ResultSet; import java.sql.SQLException; @@ -58,13 +65,31 @@ extends HibernateIdentifiableObjectStore implements OrganisationUnitStore { + private static final Log log = LogFactory.getLog( HibernateOrganisationUnitStore.class ); + + @Autowired + private CurrentUserService currentUserService; + // ------------------------------------------------------------------------- // OrganisationUnit // ------------------------------------------------------------------------- - - @Override - @SuppressWarnings("unchecked") + @Override + public OrganisationUnit getByUuid( String uuid ) + { + OrganisationUnit object = getObject( Restrictions.eq( "uuid", uuid ) ); + + if ( !SharingUtils.canRead( currentUserService.getCurrentUser(), object ) ) + { + AuditLogUtil.infoWrapper( log, currentUserService.getCurrentUsername(), object, AuditLogUtil.ACTION_READ_DENIED ); + throw new AccessDeniedException( "You do not have read access to object with uuid " + uuid ); + } + + return object; + } + + @Override + @SuppressWarnings( "unchecked" ) public Collection getAllOrganisationUnitsByStatus( boolean active ) { Query query = getQuery( "from OrganisationUnit o where o.active is :active" ); @@ -80,7 +105,7 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getAllOrganisationUnitsByStatusLastUpdated( boolean active, Date lastUpdated ) { return getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ).add( Restrictions.eq( "active", active ) ).list(); @@ -93,21 +118,21 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getRootOrganisationUnits() { return getQuery( "from OrganisationUnit o where o.parent is null" ).list(); } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getOrganisationUnitsWithoutGroups() { return getQuery( "from OrganisationUnit o where o.groups.size = 0" ).list(); } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getOrganisationUnitsByNameAndGroups( String query, Collection groups, boolean limit ) { @@ -210,7 +235,7 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getBetweenByStatus( boolean status, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.eq( "active", status ) ); @@ -221,7 +246,7 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getBetweenByLastUpdated( Date lastUpdated, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ); @@ -232,7 +257,7 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Collection getBetweenByStatusLastUpdated( boolean status, Date lastUpdated, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ).add( Restrictions.eq( "active", status ) ); === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2013-02-07 02:14:21 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2013-02-07 12:57:52 +0000 @@ -500,8 +500,8 @@ } } - @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE ) - @PreAuthorize( "hasRole('F_FRED_UPDATE') or hasRole('ALL')" ) + @RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE) + @PreAuthorize("hasRole('F_FRED_UPDATE') or hasRole('ALL')") public ResponseEntity updateFacility( @PathVariable String id, @RequestBody Facility facility, HttpServletRequest request ) throws Exception { HttpHeaders headers = new HttpHeaders(); @@ -531,7 +531,7 @@ if ( constraintViolations.isEmpty() ) { OrganisationUnit organisationUnitUpdate = conversionService.convert( facility, OrganisationUnit.class ); - OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( facility.getId() ); + OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( organisationUnitUpdate.getUid() ); if ( request.getHeader( "ETag" ) != null ) { @@ -599,8 +599,8 @@ // DELETE JSON //-------------------------------------------------------------------------- - @RequestMapping( value = "/{id}", method = RequestMethod.DELETE ) - @PreAuthorize( "hasRole('F_FRED_DELETE') or hasRole('ALL')" ) + @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) + @PreAuthorize("hasRole('F_FRED_DELETE') or hasRole('ALL')") public ResponseEntity deleteFacility( @PathVariable String id ) throws HierarchyViolationException { OrganisationUnit organisationUnit = organisationUnitService.getOrganisationUnit( id ); @@ -619,7 +619,7 @@ // EXCEPTION HANDLERS //-------------------------------------------------------------------------- - @ExceptionHandler( { DeleteNotAllowedException.class, HierarchyViolationException.class } ) + @ExceptionHandler({ DeleteNotAllowedException.class, HierarchyViolationException.class }) public ResponseEntity exceptionHandler( Exception ex ) { return new ResponseEntity( ex.getMessage(), HttpStatus.FORBIDDEN );