=== modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java 2013-09-26 08:03:57 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EnrollmentController.java 2013-10-01 08:36:25 +0000 @@ -47,6 +47,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.PathVariable; @@ -88,7 +89,7 @@ @RequestParam( value = "program", required = false ) String programUid, @RequestParam( value = "person", required = false ) String personUid, @RequestParam( value = "status", required = false ) EnrollmentStatus status, - @RequestParam Map parameters, Model model, HttpServletRequest request ) throws NotFoundException + @RequestParam Map parameters, Model model ) throws NotFoundException { WebOptions options = new WebOptions( parameters ); Enrollments enrollments; @@ -152,6 +153,7 @@ // ------------------------------------------------------------------------- @RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_XML_VALUE ) + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')") public void postEnrollmentXml( HttpServletRequest request, HttpServletResponse response ) throws IOException { ImportSummaries importSummaries = enrollmentService.saveEnrollmentsXml( request.getInputStream() ); @@ -176,6 +178,7 @@ } @RequestMapping( value = "", method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE ) + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_ENROLLMENT')") public void postEnrollmentJson( HttpServletRequest request, HttpServletResponse response ) throws IOException { ImportSummaries importSummaries = enrollmentService.saveEnrollmentsJson( request.getInputStream() ); @@ -205,6 +208,7 @@ @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_XML_VALUE ) @ResponseStatus( value = HttpStatus.NO_CONTENT ) + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')") public void updateEnrollmentXml( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException { ImportSummary importSummary = enrollmentService.updateEnrollmentXml( id, request.getInputStream() ); @@ -213,6 +217,7 @@ @RequestMapping( value = "/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE ) @ResponseStatus( value = HttpStatus.NO_CONTENT ) + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')") public void updateEnrollmentJson( @PathVariable String id, HttpServletRequest request, HttpServletResponse response ) throws IOException { ImportSummary importSummary = enrollmentService.updateEnrollmentJson( id, request.getInputStream() ); @@ -221,7 +226,8 @@ @RequestMapping( value = "/{id}/cancelled", method = RequestMethod.PUT ) @ResponseStatus( HttpStatus.NO_CONTENT ) - public void cancelEnrollment( @PathVariable String id, @RequestParam Map parameters, Model model ) throws NotFoundException + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')") + public void cancelEnrollment( @PathVariable String id ) throws NotFoundException { Enrollment enrollment = getEnrollment( id ); enrollmentService.cancelEnrollment( enrollment ); @@ -229,7 +235,8 @@ @RequestMapping( value = "/{id}/completed", method = RequestMethod.PUT ) @ResponseStatus( HttpStatus.NO_CONTENT ) - public void completedEnrollment( @PathVariable String id, @RequestParam Map parameters, Model model ) throws NotFoundException + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')") + public void completedEnrollment( @PathVariable String id ) throws NotFoundException { Enrollment enrollment = getEnrollment( id ); enrollmentService.completeEnrollment( enrollment ); @@ -241,7 +248,8 @@ @RequestMapping( value = "/{id}", method = RequestMethod.DELETE ) @ResponseStatus( HttpStatus.NO_CONTENT ) - public void deleteEnrollment( @PathVariable String id, @RequestParam Map parameters, Model model ) throws NotFoundException + @PreAuthorize("hasRole('ALL') or hasRole('F_PROGRAM_UNENROLLMENT')") + public void deleteEnrollment( @PathVariable String id ) throws NotFoundException { Enrollment enrollment = getEnrollment( id ); enrollmentService.deleteEnrollment( enrollment ); === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java 2013-09-26 13:26:16 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/EventController.java 2013-10-01 08:36:25 +0000 @@ -95,11 +95,11 @@ private EventService eventService; // ------------------------------------------------------------------------- - // Controller + // READ // ------------------------------------------------------------------------- - @RequestMapping( value = "", method = RequestMethod.GET ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')" ) + @RequestMapping(value = "", method = RequestMethod.GET) + @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')") public String getEvents( @RequestParam(value = "program", required = false) String programUid, @RequestParam(value = "programStage", required = false) String programStageUid, @@ -167,7 +167,7 @@ } @RequestMapping(value = "/{uid}", method = RequestMethod.GET) - @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')" ) + @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')") public String getEvent( @PathVariable("uid") String uid, @RequestParam Map parameters, Model model, HttpServletRequest request, HttpServletResponse response ) throws Exception { @@ -191,6 +191,10 @@ return "event"; } + // ------------------------------------------------------------------------- + // CREATE + // ------------------------------------------------------------------------- + @RequestMapping(method = RequestMethod.POST, consumes = "application/xml") @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')") public void postXmlEvent( HttpServletResponse response, HttpServletRequest request, ImportOptions importOptions ) throws Exception @@ -282,21 +286,9 @@ } - @RequestMapping(value = "/{uid}", method = RequestMethod.DELETE) - @ResponseStatus(value = HttpStatus.NO_CONTENT) - @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_DELETE')") - public void deleteEvent( HttpServletResponse response, @PathVariable("uid") String uid ) - { - Event event = eventService.getEvent( uid ); - - if ( event == null ) - { - ContextUtils.notFoundResponse( response, "Event not found for uid: " + uid ); - return; - } - - eventService.deleteEvent( event ); - } + // ------------------------------------------------------------------------- + // UPDATE + // ------------------------------------------------------------------------- @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" }) @PreAuthorize("hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_ADD')") @@ -335,4 +327,24 @@ eventService.updateEvent( updatedEvent ); ContextUtils.okResponse( response, "Event updated: " + uid ); } + + // ------------------------------------------------------------------------- + // DELETE + // ------------------------------------------------------------------------- + + @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE ) + @ResponseStatus( value = HttpStatus.NO_CONTENT ) + @PreAuthorize( "hasRole('ALL') or hasRole('F_PATIENT_DATAVALUE_DELETE')" ) + public void deleteEvent( HttpServletResponse response, @PathVariable( "uid" ) String uid ) + { + Event event = eventService.getEvent( uid ); + + if ( event == null ) + { + ContextUtils.notFoundResponse( response, "Event not found for uid: " + uid ); + return; + } + + eventService.deleteEvent( event ); + } } \ No newline at end of file === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-09-27 15:16:29 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/event/PersonController.java 2013-10-01 08:36:25 +0000 @@ -59,7 +59,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Date; import java.util.Map; /** @@ -83,6 +82,7 @@ // ------------------------------------------------------------------------- @RequestMapping( value = "", method = RequestMethod.GET ) + @PreAuthorize("hasRole('ALL') or hasRole('F_ACCESS_PATIENT_ATTRIBUTES')") public String getPersons( @RequestParam( value = "orgUnit", required = false ) String orgUnitUid, @RequestParam( required = false ) Gender gender, @@ -90,7 +90,7 @@ @RequestParam( required = false ) String identifierType, @RequestParam( required = false ) String identifier, @RequestParam( required = false ) String nameLike, - @RequestParam Map parameters, Model model, HttpServletRequest request ) throws Exception + @RequestParam Map parameters, Model model ) throws Exception { WebOptions options = new WebOptions( parameters ); Persons persons = new Persons(); @@ -143,6 +143,7 @@ } @RequestMapping( value = "/{id}", method = RequestMethod.GET ) + @PreAuthorize("hasRole('ALL') or hasRole('F_ACCESS_PATIENT_ATTRIBUTES')") public String getPerson( @PathVariable String id, @RequestParam Map parameters, Model model ) throws NotFoundException { WebOptions options = new WebOptions( parameters );