=== modified file 'dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java' --- dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java 2014-03-21 09:35:30 +0000 +++ dhis-2/dhis-api/src/main/java/org/hisp/dhis/schema/SchemaService.java 2014-03-27 10:14:49 +0000 @@ -28,8 +28,6 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import org.hisp.dhis.schema.Schema; - import java.util.List; /** === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 09:08:59 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-03-27 10:14:49 +0000 @@ -56,14 +56,14 @@ public boolean isSupported( String type ) { Schema schema = schemaService.getSchemaBySingularName( type ); - return schema != null && schema.isShareable(); + return schema != null; } @Override public boolean isSupported( Class klass ) { Schema schema = schemaService.getSchema( klass ); - return schema != null && schema.isShareable(); + return schema != null; } @Override @@ -134,6 +134,10 @@ return true; } } + else + { + return false; + } if ( haveOverrideAuthority( user ) || UserGroup.class.isAssignableFrom( object.getClass() ) === modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java 2014-03-26 11:38:14 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/schema/DefaultSchemaService.java 2014-03-27 10:14:49 +0000 @@ -30,6 +30,7 @@ import com.google.common.collect.Lists; import com.google.common.collect.Maps; +import javassist.util.proxy.ProxyFactory; import org.springframework.beans.factory.annotation.Autowired; import javax.annotation.PostConstruct; @@ -71,13 +72,20 @@ @Override public Schema getSchema( Class klass ) { - try + if ( klass == null ) + { + return null; + } + + if ( ProxyFactory.isProxyClass( klass ) ) + { + klass = klass.getSuperclass(); + } + + if ( classSchemaMap.containsKey( klass ) ) { return classSchemaMap.get( klass ); } - catch ( NullPointerException ignored ) - { - } return null; } === modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 06:38:37 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2014-03-27 10:14:49 +0000 @@ -227,7 +227,7 @@ @Override public int save( T object ) { - if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && aclService.isSupported( clazz ) ) + if ( !Interpretation.class.isAssignableFrom( clazz ) && currentUserService.getCurrentUser() != null && aclService.isShareable( clazz ) ) { BaseIdentifiableObject identifiableObject = (BaseIdentifiableObject) object; @@ -400,7 +400,7 @@ protected boolean sharingEnabled() { - boolean enabled = forceAcl() || (aclService.isSupported( clazz ) && !(currentUserService.getCurrentUser() == null || + boolean enabled = forceAcl() || (aclService.isShareable( clazz ) && !(currentUserService.getCurrentUser() == null || CollectionUtils.containsAny( currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities(), AclService.ACL_OVERRIDE_AUTHORITIES ))); return enabled; @@ -442,7 +442,7 @@ { IdentifiableObject idObject = (IdentifiableObject) object; - if ( aclService.isSupported( clazz ) ) + if ( aclService.isShareable( clazz ) ) { return aclService.canUpdate( currentUserService.getCurrentUser(), idObject ); } @@ -457,7 +457,7 @@ { IdentifiableObject idObject = (IdentifiableObject) object; - if ( aclService.isSupported( clazz ) ) + if ( aclService.isShareable( clazz ) ) { return aclService.canDelete( currentUserService.getCurrentUser(), idObject ); } === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 06:07:15 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/api/controller/AbstractCrudController.java 2014-03-27 10:14:49 +0000 @@ -28,16 +28,9 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import java.io.IOException; -import java.io.InputStream; -import java.lang.reflect.ParameterizedType; -import java.lang.reflect.Type; -import java.util.List; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - +import com.google.common.collect.Lists; +import com.google.common.collect.Maps; +import org.hisp.dhis.acl.Access; import org.hisp.dhis.acl.AclService; import org.hisp.dhis.api.controller.exception.NotFoundException; import org.hisp.dhis.api.utils.WebUtils; @@ -50,9 +43,9 @@ import org.hisp.dhis.dxf2.metadata.ExchangeClasses; import org.hisp.dhis.dxf2.render.RenderService; import org.hisp.dhis.dxf2.utils.JacksonUtils; +import org.hisp.dhis.hibernate.exception.DeleteAccessDeniedException; import org.hisp.dhis.schema.Schema; import org.hisp.dhis.schema.SchemaService; -import org.hisp.dhis.acl.Access; import org.hisp.dhis.system.util.ReflectionUtils; import org.hisp.dhis.user.CurrentUserService; import org.springframework.beans.factory.annotation.Autowired; @@ -67,8 +60,14 @@ import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.ResponseStatus; -import com.google.common.collect.Lists; -import com.google.common.collect.Maps; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.InputStream; +import java.lang.reflect.ParameterizedType; +import java.lang.reflect.Type; +import java.util.List; +import java.util.Map; /** * @author Morten Olav Hansen @@ -101,7 +100,7 @@ // GET //-------------------------------------------------------------------------- - @RequestMapping(method = RequestMethod.GET) + @RequestMapping( method = RequestMethod.GET ) public String getObjectList( @RequestParam Map parameters, Model model, HttpServletResponse response, HttpServletRequest request ) { @@ -130,11 +129,11 @@ return StringUtils.uncapitalize( getEntitySimpleName() ) + "List"; } - @RequestMapping(method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE }) + @RequestMapping( method = RequestMethod.GET, produces = { MediaType.APPLICATION_JSON_VALUE } ) public void getObjectListJson( - @RequestParam(required = false) String include, - @RequestParam(required = false) String exclude, - @RequestParam(value = "filter", required = false) List filters, + @RequestParam( required = false ) String include, + @RequestParam( required = false ) String exclude, + @RequestParam( value = "filter", required = false ) List filters, @RequestParam Map parameters, Model model, HttpServletResponse response, HttpServletRequest request ) throws IOException { WebOptions options = new WebOptions( parameters ); @@ -174,6 +173,8 @@ postProcessEntities( entityList ); postProcessEntities( entityList, options, parameters ); + response.setContentType( MediaType.APPLICATION_JSON_VALUE + "; charset=UTF-8" ); + // enable property filter if ( include != null || exclude != null ) { @@ -216,8 +217,8 @@ } - @RequestMapping(value = "/{uid}", method = RequestMethod.GET) - public String getObject( @PathVariable("uid") String uid, @RequestParam Map parameters, + @RequestMapping( value = "/{uid}", method = RequestMethod.GET ) + public String getObject( @PathVariable( "uid" ) String uid, @RequestParam Map parameters, Model model, HttpServletRequest request, HttpServletResponse response ) throws Exception { WebOptions options = new WebOptions( parameters ); @@ -251,13 +252,13 @@ // POST //-------------------------------------------------------------------------- - @RequestMapping(method = RequestMethod.POST, consumes = { "application/xml", "text/xml" }) + @RequestMapping( method = RequestMethod.POST, consumes = { "application/xml", "text/xml" } ) public void postXmlObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception { throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() ); } - @RequestMapping(method = RequestMethod.POST, consumes = "application/json") + @RequestMapping( method = RequestMethod.POST, consumes = "application/json" ) public void postJsonObject( HttpServletResponse response, HttpServletRequest request, InputStream input ) throws Exception { throw new HttpRequestMethodNotSupportedException( RequestMethod.POST.toString() ); @@ -266,17 +267,17 @@ // PUT //-------------------------------------------------------------------------- - @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" }) - @ResponseStatus(value = HttpStatus.NO_CONTENT) - public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream + @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = { "application/xml", "text/xml" } ) + @ResponseStatus( value = HttpStatus.NO_CONTENT ) + public void putXmlObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream input ) throws Exception { throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() ); } - @RequestMapping(value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json") - @ResponseStatus(value = HttpStatus.NO_CONTENT) - public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid, InputStream + @RequestMapping( value = "/{uid}", method = RequestMethod.PUT, consumes = "application/json" ) + @ResponseStatus( value = HttpStatus.NO_CONTENT ) + public void putJsonObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid, InputStream input ) throws Exception { throw new HttpRequestMethodNotSupportedException( RequestMethod.PUT.toString() ); @@ -286,12 +287,19 @@ // DELETE //-------------------------------------------------------------------------- - @RequestMapping(value = "/{uid}", method = RequestMethod.DELETE) - @ResponseStatus(value = HttpStatus.NO_CONTENT) - public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable("uid") String uid ) throws + @RequestMapping( value = "/{uid}", method = RequestMethod.DELETE ) + @ResponseStatus( value = HttpStatus.NO_CONTENT ) + public void deleteObject( HttpServletResponse response, HttpServletRequest request, @PathVariable( "uid" ) String uid ) throws Exception { - throw new HttpRequestMethodNotSupportedException( RequestMethod.DELETE.toString() ); + T object = getEntity( uid ); + + if ( !aclService.canDelete( currentUserService.getCurrentUser(), object ) ) + { + throw new DeleteAccessDeniedException( "You don't have the proper permissions to delete this object." ); + } + + manager.delete( object ); } //-------------------------------------------------------------------------- @@ -413,7 +421,7 @@ private String entitySimpleName; - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) protected Class getEntityClass() { if ( entityClass == null ) @@ -445,7 +453,7 @@ return entitySimpleName; } - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) protected T getEntityInstance() { try