=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-08-15 07:02:10 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/acl/DefaultAclService.java 2014-09-16 05:18:47 +0000 @@ -254,7 +254,7 @@ } @Override - @SuppressWarnings("unchecked") + @SuppressWarnings( "unchecked" ) public Class classForType( String type ) { Schema schema = schemaService.getSchemaBySingularName( type ); === modified file 'dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java' --- dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-09-14 08:48:18 +0000 +++ dhis-2/dhis-services/dhis-service-dxf2/src/main/java/org/hisp/dhis/dxf2/metadata/importers/DefaultIdentifiableObjectImporter.java 2014-09-16 05:18:47 +0000 @@ -41,6 +41,7 @@ import org.hisp.dhis.common.BaseIdentifiableObject; import org.hisp.dhis.common.IdentifiableObject; import org.hisp.dhis.common.NameableObject; +import org.hisp.dhis.dashboard.DashboardItem; import org.hisp.dhis.dataelement.DataElementOperand; import org.hisp.dhis.dataelement.DataElementOperandService; import org.hisp.dhis.dataentryform.DataEntryForm; @@ -220,9 +221,9 @@ if ( !aclService.canDelete( user, persistedObject ) ) { summaryType.getImportConflicts().add( - new ImportConflict( ImportUtils.getDisplayName( persistedObject ), "You do not have delete access to class type." ) ); + new ImportConflict( ImportUtils.getDisplayName( persistedObject ), "Permission denied for deletion of object " + persistedObject.getUid() ) ); - log.debug( "You do not have delete access to class type." ); + log.debug( "Permission denied for deletion of object " + persistedObject.getUid() ); return false; } @@ -258,9 +259,9 @@ if ( !aclService.canCreate( user, object.getClass() ) ) { summaryType.getImportConflicts().add( - new ImportConflict( ImportUtils.getDisplayName( object ), "You do not have create access to class type." ) ); + new ImportConflict( ImportUtils.getDisplayName( object ), "Permission denied, you are not allowed to create objects of type " + object.getClass() ) ); - log.debug( "You do not have create access to class type." ); + log.debug( "Permission denied, you are not allowed to create objects of type " + object.getClass() ); return false; } @@ -344,7 +345,9 @@ if ( !aclService.canUpdate( user, persistedObject ) ) { summaryType.getImportConflicts().add( - new ImportConflict( ImportUtils.getDisplayName( object ), "You do not have update access to object." ) ); + new ImportConflict( ImportUtils.getDisplayName( persistedObject ), "Permission denied for update of object " + persistedObject.getUid() ) ); + + log.debug( "Permission denied for update of object " + persistedObject.getUid() ); return false; } @@ -514,7 +517,8 @@ return success; } - if ( object.getName() == null || object.getName().length() == 0 ) + if ( (object.getName() == null || object.getName().length() == 0) + && !DashboardItem.class.isInstance( object ) ) { conflict = new ImportConflict( ImportUtils.getDisplayName( object ), "Empty name for object " + object ); } @@ -526,7 +530,8 @@ if ( (nameableObject.getShortName() == null || nameableObject.getShortName().length() == 0) // this is nasty, but we have types in the system which have shortName, but which do -not- require not-null ) && !TrackedEntityAttribute.class.isAssignableFrom( object.getClass() ) - && !TrackedEntity.class.isAssignableFrom( object.getClass() ) ) + && !TrackedEntity.class.isAssignableFrom( object.getClass() ) + && !DashboardItem.class.isAssignableFrom( object.getClass() ) ) { conflict = new ImportConflict( ImportUtils.getDisplayName( object ), "Empty shortName for object " + object ); } === modified file 'dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MetaDataController.java' --- dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MetaDataController.java 2014-06-18 11:19:27 +0000 +++ dhis-2/dhis-web/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/MetaDataController.java 2014-09-16 05:18:47 +0000 @@ -91,7 +91,6 @@ //-------------------------------------------------------------------------- @RequestMapping( value = MetaDataController.RESOURCE_PATH ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public String export( @RequestParam Map parameters, Model model ) { WebOptions options = new WebOptions( parameters ); @@ -104,33 +103,30 @@ } @RequestMapping( value = MetaDataController.RESOURCE_PATH + ".xml", produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportXml( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_XML, CacheStrategy.NO_CACHE, "metaData.xml", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_XML, CacheStrategy.NO_CACHE, "metadata.xml", true ); Class viewClass = JacksonUtils.getViewClass( options.getViewClass( "export" ) ); JacksonUtils.toXmlWithView( response.getOutputStream(), metaData, viewClass ); } @RequestMapping( value = MetaDataController.RESOURCE_PATH + ".json", produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportJson( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_JSON, CacheStrategy.NO_CACHE, "metaData.json", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_JSON, CacheStrategy.NO_CACHE, "metadata.json", true ); Class viewClass = JacksonUtils.getViewClass( options.getViewClass( "export" ) ); JacksonUtils.toJsonWithView( response.getOutputStream(), metaData, viewClass ); } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".zip" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportZipped( @RequestParam Map parameters, HttpServletResponse response, HttpServletRequest request ) throws IOException { String accept = request.getHeader( "Accept" ); @@ -146,41 +142,38 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".xml.zip" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportZippedXML( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_ZIP, CacheStrategy.NO_CACHE, "metaData.xml.zip", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_ZIP, CacheStrategy.NO_CACHE, "metadata.xml.zip", true ); response.addHeader( ContextUtils.HEADER_CONTENT_TRANSFER_ENCODING, "binary" ); ZipOutputStream zip = new ZipOutputStream( response.getOutputStream() ); - zip.putNextEntry( new ZipEntry( "metaData.xml" ) ); + zip.putNextEntry( new ZipEntry( "metadata.xml" ) ); Class viewClass = JacksonUtils.getViewClass( options.getViewClass( "export" ) ); JacksonUtils.toXmlWithView( zip, metaData, viewClass ); } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".json.zip" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportZippedJSON( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_ZIP, CacheStrategy.NO_CACHE, "metaData.json.zip", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_ZIP, CacheStrategy.NO_CACHE, "metadata.json.zip", true ); response.addHeader( ContextUtils.HEADER_CONTENT_TRANSFER_ENCODING, "binary" ); ZipOutputStream zip = new ZipOutputStream( response.getOutputStream() ); - zip.putNextEntry( new ZipEntry( "metaData.json" ) ); + zip.putNextEntry( new ZipEntry( "metadata.json" ) ); Class viewClass = JacksonUtils.getViewClass( options.getViewClass( "export" ) ); JacksonUtils.toJsonWithView( zip, metaData, viewClass ); } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".gz" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportGZipped( @RequestParam Map parameters, HttpServletResponse response, HttpServletRequest request ) throws IOException { String accept = request.getHeader( "Accept" ); @@ -196,13 +189,12 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".xml.gz" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportGZippedXML( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_GZIP, CacheStrategy.NO_CACHE, "metaData.xml.gz", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_GZIP, CacheStrategy.NO_CACHE, "metadata.xml.gz", true ); response.addHeader( ContextUtils.HEADER_CONTENT_TRANSFER_ENCODING, "binary" ); GZIPOutputStream gzip = new GZIPOutputStream( response.getOutputStream() ); @@ -212,13 +204,12 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".json.gz" }, produces = "*/*" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_EXPORT')" ) public void exportGZippedJSON( @RequestParam Map parameters, HttpServletResponse response ) throws IOException { WebOptions options = new WebOptions( parameters ); MetaData metaData = exportService.getMetaData( options ); - contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_GZIP, CacheStrategy.NO_CACHE, "metaData.json.gz", true ); + contextUtils.configureResponse( response, ContextUtils.CONTENT_TYPE_GZIP, CacheStrategy.NO_CACHE, "metadata.json.gz", true ); response.addHeader( ContextUtils.HEADER_CONTENT_TRANSFER_ENCODING, "binary" ); GZIPOutputStream gzip = new GZIPOutputStream( response.getOutputStream() ); @@ -232,7 +223,6 @@ //-------------------------------------------------------------------------- @RequestMapping( value = MetaDataController.RESOURCE_PATH, method = RequestMethod.POST, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { MetaData metaData = JacksonUtils.fromXml( request.getInputStream(), MetaData.class ); @@ -248,7 +238,6 @@ } @RequestMapping( value = MetaDataController.RESOURCE_PATH, method = RequestMethod.DELETE, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() ); @@ -256,7 +245,6 @@ } @RequestMapping( value = MetaDataController.RESOURCE_PATH, method = RequestMethod.POST, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { MetaData metaData = JacksonUtils.fromJson( request.getInputStream(), MetaData.class ); @@ -272,7 +260,6 @@ } @RequestMapping( value = MetaDataController.RESOURCE_PATH, method = RequestMethod.DELETE, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() ); @@ -280,7 +267,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".zip", MetaDataController.RESOURCE_PATH + ".xml.zip" }, method = RequestMethod.POST, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importZippedXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { ZipInputStream zip = new ZipInputStream( request.getInputStream() ); @@ -299,7 +285,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".zip", MetaDataController.RESOURCE_PATH + ".xml.zip" }, method = RequestMethod.DELETE, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteZippedXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() ); @@ -307,7 +292,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".zip", MetaDataController.RESOURCE_PATH + ".json.zip" }, method = RequestMethod.POST, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importZippedJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { ZipInputStream zip = new ZipInputStream( request.getInputStream() ); @@ -326,7 +310,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".zip", MetaDataController.RESOURCE_PATH + ".json.zip" }, method = RequestMethod.DELETE, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteZippedJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() ); @@ -334,7 +317,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".gz", MetaDataController.RESOURCE_PATH + ".xml.gz" }, method = RequestMethod.POST, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importGZippedXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { GZIPInputStream gzip = new GZIPInputStream( request.getInputStream() ); @@ -351,7 +333,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".gz", MetaDataController.RESOURCE_PATH + ".xml.gz" }, method = RequestMethod.DELETE, consumes = { "application/xml", "text/*" } ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteGZippedXml( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() ); @@ -359,7 +340,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".gz", MetaDataController.RESOURCE_PATH + ".json.gz" }, method = RequestMethod.POST, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void importGZippedJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { GZIPInputStream gzip = new GZIPInputStream( request.getInputStream() ); @@ -376,7 +356,6 @@ } @RequestMapping( value = { MetaDataController.RESOURCE_PATH + ".gz", MetaDataController.RESOURCE_PATH + ".json.gz" }, method = RequestMethod.DELETE, consumes = "application/json" ) - @PreAuthorize( "hasRole('ALL') or hasRole('F_METADATA_IMPORT')" ) public void deleteGZippedJson( ImportOptions importOptions, HttpServletResponse response, HttpServletRequest request ) throws IOException { importOptions.setImportStrategy( ImportStrategy.DELETE.name() );