=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/dataelement/DataElementCategoryService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/dataelement/DataElementCategoryService.java 2015-05-28 03:33:28 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/dataelement/DataElementCategoryService.java 2015-05-28 20:17:44 +0000 @@ -33,6 +33,7 @@ import java.util.Map; import java.util.Set; +import org.hisp.dhis.common.IdentifiableProperty; import org.hisp.dhis.hierarchy.HierarchyViolationException; /** @@ -516,7 +517,17 @@ * combos. */ void updateAllOptionCombos(); - + + /** + * Returns the category option combo with the given uid. Respects access control + * by only returning objects which all category options are accessible. + * + * @param property the property. + * @param id the id. + * @return a category option combo. + */ + DataElementCategoryOptionCombo getDataElementCategoryOptionComboAcl( IdentifiableProperty property, String id ); + /** * Populates all transient properties on each Operand in the given * collection. === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataelement/DefaultDataElementCategoryService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataelement/DefaultDataElementCategoryService.java 2015-05-28 18:21:56 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/dataelement/DefaultDataElementCategoryService.java 2015-05-28 20:17:44 +0000 @@ -42,6 +42,9 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.hisp.dhis.common.GenericDimensionalObjectStore; +import org.hisp.dhis.common.IdentifiableObjectManager; +import org.hisp.dhis.common.IdentifiableObjectUtils; +import org.hisp.dhis.common.IdentifiableProperty; import org.hisp.dhis.i18n.I18nService; import org.hisp.dhis.commons.filter.Filter; import org.hisp.dhis.util.FilterUtils; @@ -110,6 +113,13 @@ { this.dataElementService = dataElementService; } + + private IdentifiableObjectManager idObjectManager; + + public void setIdObjectManager( IdentifiableObjectManager idObjectManager ) + { + this.idObjectManager = idObjectManager; + } private I18nService i18nService; @@ -587,8 +597,7 @@ } @Override - public DataElementCategoryOptionCombo getDataElementCategoryOptionCombo( - DataElementCategoryOptionCombo categoryOptionCombo ) + public DataElementCategoryOptionCombo getDataElementCategoryOptionCombo( DataElementCategoryOptionCombo categoryOptionCombo ) { for ( DataElementCategoryOptionCombo dcoc : getAllDataElementCategoryOptionCombos() ) { @@ -859,6 +868,27 @@ return categoryOptionComboStore.getCountLikeName( name ); } + @Override + public DataElementCategoryOptionCombo getDataElementCategoryOptionComboAcl( IdentifiableProperty property, String id ) + { + DataElementCategoryOptionCombo coc = idObjectManager.getObject( DataElementCategoryOptionCombo.class, property, id ); + + return canReadDataElementCategoryOptionCombo( coc ) ? coc : null; + } + + private boolean canReadDataElementCategoryOptionCombo( DataElementCategoryOptionCombo categoryOptionCombo ) + { + if ( categoryOptionCombo == null ) + { + return false; + } + + List options = categoryOptionStore.getByUid( + IdentifiableObjectUtils.getUids( categoryOptionCombo.getCategoryOptions() ) ); + + return options.size() == categoryOptionCombo.getCategoryOptions().size(); + } + // ------------------------------------------------------------------------- // CategoryOptionGroup // ------------------------------------------------------------------------- @@ -1036,5 +1066,4 @@ { return categoryOptionGroupSetStore.getCountLikeName( name ); } - } === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml' --- dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2015-05-28 18:21:56 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/resources/META-INF/dhis/beans.xml 2015-05-28 20:17:44 +0000 @@ -530,6 +530,7 @@ + === modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/datavalueset/DefaultDataValueSetService.java' --- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/datavalueset/DefaultDataValueSetService.java 2015-05-28 18:00:59 +0000 +++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/datavalueset/DefaultDataValueSetService.java 2015-05-28 20:17:44 +0000 @@ -87,6 +87,7 @@ import org.hisp.dhis.period.PeriodService; import org.hisp.dhis.period.PeriodType; import org.hisp.dhis.scheduling.TaskId; +import org.hisp.dhis.system.callable.CategoryOptionComboAclCallable; import org.hisp.dhis.system.callable.IdentifiableObjectCallable; import org.hisp.dhis.system.notification.Notifier; import org.hisp.dhis.system.util.DateUtils; @@ -627,7 +628,7 @@ CachingMap dataElementMap = new CachingMap<>(); CachingMap orgUnitMap = new CachingMap<>(); - Map categoryOptionComboMap = identifiableObjectManager.getIdMap( DataElementCategoryOptionCombo.class, idScheme ); + CachingMap optionComboMap = new CachingMap<>(); Map periodMap = new HashMap<>(); //---------------------------------------------------------------------- @@ -645,6 +646,8 @@ identifiableObjectManager, DataElement.class, dataElementIdScheme, null ); IdentifiableObjectCallable orgUnitCallable = new IdentifiableObjectCallable<>( identifiableObjectManager, OrganisationUnit.class, orgUnitIdScheme, trimToNull( dataValueSet.getOrgUnit() ) ); + IdentifiableObjectCallable optionComboCallable = new CategoryOptionComboAclCallable( + categoryService, idScheme, null ); //---------------------------------------------------------------------- // Get outer meta-data @@ -660,8 +663,8 @@ DataElementCategoryOptionCombo fallbackCategoryOptionCombo = categoryService.getDefaultDataElementCategoryOptionCombo(); - DataElementCategoryOptionCombo outerAttrOptionCombo = - dataValueSet.getAttributeOptionCombo() != null ? categoryOptionComboMap.get( dataValueSet.getAttributeOptionCombo() ) : null; + DataElementCategoryOptionCombo outerAttrOptionCombo = dataValueSet.getAttributeOptionCombo() != null ? + optionComboMap.get( trimToNull( dataValueSet.getAttributeOptionCombo() ), optionComboCallable.setId( trimToNull( dataValueSet.getAttributeOptionCombo() ) ) ) : null; // --------------------------------------------------------------------- // Validation @@ -732,9 +735,10 @@ Period period = outerPeriod != null ? outerPeriod : PeriodType.getPeriodFromIsoString( trimToNull( dataValue.getPeriod() ) ); OrganisationUnit orgUnit = outerOrgUnit != null ? outerOrgUnit : orgUnitMap.get( trimToNull( dataValue.getOrgUnit() ), orgUnitCallable.setId( trimToNull( dataValue.getOrgUnit() ) ) ); - DataElementCategoryOptionCombo categoryOptionCombo = categoryOptionComboMap.get( trimToNull( dataValue.getCategoryOptionCombo() ) ); + DataElementCategoryOptionCombo categoryOptionCombo = optionComboMap.get( trimToNull( dataValue.getCategoryOptionCombo() ), + optionComboCallable.setId( trimToNull( dataValue.getCategoryOptionCombo() ) ) ); DataElementCategoryOptionCombo attrOptionCombo = outerAttrOptionCombo != null ? outerAttrOptionCombo : - categoryOptionComboMap.get( trimToNull( dataValue.getAttributeOptionCombo() ) ); + optionComboMap.get( trimToNull( dataValue.getAttributeOptionCombo() ), optionComboCallable.setId( trimToNull( dataValue.getAttributeOptionCombo() ) ) ); // ----------------------------------------------------------------- // Validation === added file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/CategoryOptionComboAclCallable.java' --- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/CategoryOptionComboAclCallable.java 1970-01-01 00:00:00 +0000 +++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/CategoryOptionComboAclCallable.java 2015-05-28 20:17:44 +0000 @@ -0,0 +1,64 @@ +package org.hisp.dhis.system.callable; + +/* + * Copyright (c) 2004-2015, University of Oslo + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * Neither the name of the HISP project nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR + * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON + * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +import java.util.concurrent.ExecutionException; + +import org.hisp.dhis.common.IdentifiableProperty; +import org.hisp.dhis.dataelement.DataElementCategoryOptionCombo; +import org.hisp.dhis.dataelement.DataElementCategoryService; + +/** + * @author Lars Helge Overland + */ +public class CategoryOptionComboAclCallable + extends IdentifiableObjectCallable +{ + private DataElementCategoryService categoryService; + + public CategoryOptionComboAclCallable( DataElementCategoryService categoryService, IdentifiableProperty property, String id ) + { + super( null, DataElementCategoryOptionCombo.class, property, id ); + this.categoryService = categoryService; + } + + @Override + public DataElementCategoryOptionCombo call() + throws ExecutionException + { + return categoryService.getDataElementCategoryOptionComboAcl( property, id ); + } + + @Override + public CategoryOptionComboAclCallable setId( String id ) + { + this.id = id; + return this; + } +} === modified file 'dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/IdentifiableObjectCallable.java' --- dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/IdentifiableObjectCallable.java 2015-05-28 17:30:20 +0000 +++ dhis-2/dhis-support/dhis-support-system/src/main/java/org/hisp/dhis/system/callable/IdentifiableObjectCallable.java 2015-05-28 20:17:44 +0000 @@ -41,10 +41,10 @@ public class IdentifiableObjectCallable implements Callable { - private IdentifiableObjectManager manager; - private Class clazz; - private IdentifiableProperty property; - private String id; + protected IdentifiableObjectManager manager; + protected Class clazz; + protected IdentifiableProperty property; + protected String id; public IdentifiableObjectCallable( IdentifiableObjectManager manager, Class clazz, String id ) {