=== modified file 'dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java' --- dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java 2013-02-07 12:57:52 +0000 +++ dhis-2/dhis-services/dhis-service-core/src/main/java/org/hisp/dhis/organisationunit/hibernate/HibernateOrganisationUnitStore.java 2013-03-07 09:24:35 +0000 @@ -35,7 +35,6 @@ import org.hibernate.Query; import org.hibernate.criterion.Restrictions; import org.hisp.dhis.common.AuditLogUtil; -import org.hisp.dhis.common.SharingUtils; import org.hisp.dhis.common.hibernate.HibernateIdentifiableObjectStore; import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.organisationunit.OrganisationUnitGroup; @@ -79,7 +78,7 @@ { OrganisationUnit object = getObject( Restrictions.eq( "uuid", uuid ) ); - if ( !SharingUtils.canRead( currentUserService.getCurrentUser(), object ) ) + if ( !isReadAllowed( object ) ) { AuditLogUtil.infoWrapper( log, currentUserService.getCurrentUsername(), object, AuditLogUtil.ACTION_READ_DENIED ); throw new AccessDeniedException( "You do not have read access to object with uuid " + uuid ); @@ -89,7 +88,7 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getAllOrganisationUnitsByStatus( boolean active ) { Query query = getQuery( "from OrganisationUnit o where o.active is :active" ); @@ -105,7 +104,7 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getAllOrganisationUnitsByStatusLastUpdated( boolean active, Date lastUpdated ) { return getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ).add( Restrictions.eq( "active", active ) ).list(); @@ -118,21 +117,21 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getRootOrganisationUnits() { return getQuery( "from OrganisationUnit o where o.parent is null" ).list(); } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getOrganisationUnitsWithoutGroups() { return getQuery( "from OrganisationUnit o where o.groups.size = 0" ).list(); } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getOrganisationUnitsByNameAndGroups( String query, Collection groups, boolean limit ) { @@ -235,7 +234,7 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getBetweenByStatus( boolean status, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.eq( "active", status ) ); @@ -246,7 +245,7 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getBetweenByLastUpdated( Date lastUpdated, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ); @@ -257,7 +256,7 @@ } @Override - @SuppressWarnings( "unchecked" ) + @SuppressWarnings("unchecked") public Collection getBetweenByStatusLastUpdated( boolean status, Date lastUpdated, int first, int max ) { Criteria criteria = getCriteria().add( Restrictions.ge( "lastUpdated", lastUpdated ) ).add( Restrictions.eq( "active", status ) ); === modified file 'dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java' --- dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2013-02-19 16:12:47 +0000 +++ dhis-2/dhis-support/dhis-support-hibernate/src/main/java/org/hisp/dhis/hibernate/HibernateGenericStore.java 2013-03-07 09:24:35 +0000 @@ -955,13 +955,13 @@ // Helpers //---------------------------------------------------------------------------------------------------------------- - private boolean sharingEnabled() + protected boolean sharingEnabled() { return SharingUtils.isSupported( clazz ) && !(currentUserService.getCurrentUser() == null || currentUserService.getCurrentUser().getUserCredentials().getAllAuthorities().contains( SharingUtils.SHARING_OVERRIDE_AUTHORITY )); } - private boolean isReadAllowed( T object ) + protected boolean isReadAllowed( T object ) { if ( IdentifiableObject.class.isInstance( object ) ) { @@ -976,7 +976,7 @@ return true; } - private boolean isWriteAllowed( T object ) + protected boolean isWriteAllowed( T object ) { if ( IdentifiableObject.class.isInstance( object ) ) { @@ -991,7 +991,7 @@ return true; } - private boolean isUpdateAllowed( T object ) + protected boolean isUpdateAllowed( T object ) { if ( IdentifiableObject.class.isInstance( object ) ) { @@ -1006,7 +1006,7 @@ return true; } - private boolean isDeleteAllowed( T object ) + protected boolean isDeleteAllowed( T object ) { if ( IdentifiableObject.class.isInstance( object ) ) { === modified file 'dhis-2/dhis-web/dhis-web-api-fred/pom.xml' --- dhis-2/dhis-web/dhis-web-api-fred/pom.xml 2013-03-06 10:24:51 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/pom.xml 2013-03-07 09:24:35 +0000 @@ -106,6 +106,14 @@ javax.servlet servlet-api + + com.jayway.jsonpath + json-path + + + org.hamcrest + hamcrest-library + === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/FredSpringWebTest.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/FredSpringWebTest.java 2013-03-07 07:42:15 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/FredSpringWebTest.java 2013-03-07 09:24:35 +0000 @@ -27,6 +27,7 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.hisp.dhis.organisationunit.OrganisationUnit; import org.junit.Before; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; @@ -48,6 +49,7 @@ import java.lang.reflect.Method; import java.util.ArrayList; +import java.util.Date; import java.util.List; /** @@ -127,6 +129,20 @@ return wac.getBean( beanId ); } + protected OrganisationUnit createOrganisationUnit( char identifier ) + { + OrganisationUnit organisationUnit = new OrganisationUnit(); + organisationUnit.setAutoFields(); + organisationUnit.setName( "OrgUnit" + identifier ); + organisationUnit.setShortName( organisationUnit.getName() ); + organisationUnit.setCreated( new Date() ); + organisationUnit.setLastUpdated( organisationUnit.getCreated() ); + organisationUnit.setActive( true ); + organisationUnit.setLevel( 1 ); + + return organisationUnit; + } + // ------------------------------------------------------------------------- // Supportive methods // ------------------------------------------------------------------------- === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2013-03-07 07:40:16 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FacilityController.java 2013-03-07 09:24:35 +0000 @@ -65,7 +65,9 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.client.HttpClientErrorException; import org.springframework.web.client.HttpServerErrorException; +import org.springframework.web.client.HttpStatusCodeException; import javax.servlet.http.HttpServletRequest; import javax.validation.ConstraintViolation; @@ -357,7 +359,7 @@ if ( organisationUnit == null ) { - throw new HttpServerErrorException( HttpStatus.NOT_FOUND ); + throw new HttpClientErrorException( HttpStatus.NOT_FOUND ); } List organisationUnitLevels = organisationUnitService.getOrganisationUnitLevels(); @@ -583,7 +585,8 @@ if ( organisationUnit == null ) { - throw new HttpServerErrorException( HttpStatus.NOT_FOUND ); + return new ResponseEntity( MessageResponseUtils.jsonMessage( HttpStatus.NOT_FOUND.toString(), + "Facility with that ID not found" ), headers, HttpStatus.NOT_FOUND ); } checkIdentifier( facility, organisationUnit.getUid() ); @@ -674,8 +677,14 @@ // EXCEPTION HANDLERS //-------------------------------------------------------------------------- + @ExceptionHandler( { HttpClientErrorException.class, HttpServerErrorException.class } ) + public ResponseEntity statusCodeExceptionHandler( HttpStatusCodeException ex ) + { + return new ResponseEntity( ex.getMessage(), ex.getStatusCode() ); + } + @ExceptionHandler( { DeleteNotAllowedException.class, HierarchyViolationException.class } ) - public ResponseEntity exceptionHandler( Exception ex ) + public ResponseEntity dhisExceptionHandler( Exception ex ) { return new ResponseEntity( ex.getMessage(), HttpStatus.FORBIDDEN ); } === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java 2013-03-07 06:17:19 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/main/java/org/hisp/dhis/web/webapi/v1/controller/FredController.java 2013-03-07 09:24:35 +0000 @@ -43,8 +43,8 @@ * @author Morten Olav Hansen */ @Controller(value = "fred-controller-" + FredController.PREFIX) -@RequestMapping( value = FredController.PREFIX ) -@PreAuthorize( "hasRole('M_dhis-web-api-fred') or hasRole('ALL')" ) +@RequestMapping(value = FredController.PREFIX) +@PreAuthorize("hasRole('M_dhis-web-api-fred') or hasRole('ALL')") public class FredController { public static final String PREFIX = "v1"; === modified file 'dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java' --- dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java 2013-03-07 07:40:16 +0000 +++ dhis-2/dhis-web/dhis-web-api-fred/src/test/java/org/hisp/dhis/web/webapi/v1/controller/FacilityControllerTest.java 2013-03-07 09:24:35 +0000 @@ -27,13 +27,15 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +import org.hisp.dhis.common.IdentifiableObjectManager; +import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.web.FredSpringWebTest; import org.junit.Test; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.mock.web.MockHttpSession; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; -import static org.springframework.test.web.servlet.result.MockMvcResultHandlers.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; /** @@ -41,6 +43,9 @@ */ public class FacilityControllerTest extends FredSpringWebTest { + @Autowired + private IdentifiableObjectManager manager; + @Test public void testRedirectedToV1() throws Exception { @@ -51,11 +56,83 @@ } @Test - public void testGetFacilities() throws Exception - { - MockHttpSession session = getSession( "ALL" ); - - mvc.perform( get( "/v1/facilities" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + public void testGetFacilitiesWithALL() throws Exception + { + MockHttpSession session = getSession( "ALL" ); + + mvc.perform( get( "/v1/facilities" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( jsonPath( "$.facilities" ).isArray() ) + .andExpect( status().isOk() ); + } + + @Test + public void testGetFacilitiesWithModuleRights() throws Exception + { + MockHttpSession session = getSession( "M_dhis-web-api-fred" ); + + mvc.perform( get( "/v1/facilities" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( jsonPath( "$.facilities" ).isArray() ) + .andExpect( status().isOk() ); + } + + @Test + public void testGetFacilitiesNoAccess() throws Exception + { + OrganisationUnit organisationUnit = createOrganisationUnit( 'A' ); + manager.save( organisationUnit ); + + MockHttpSession session = getSession( "DUMMY" ); + + mvc.perform( get( "/v1/facilities" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( status().isForbidden() ); + } + + @Test + public void testGetFacilitiesWithContent() throws Exception + { + OrganisationUnit organisationUnit = createOrganisationUnit( 'A' ); + manager.save( organisationUnit ); + + MockHttpSession session = getSession( "ALL" ); + + mvc.perform( get( "/v1/facilities" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( jsonPath( "$.facilities" ).isArray() ) + .andExpect( jsonPath( "$.facilities[0].name" ).value( "OrgUnitA" ) ) + .andExpect( status().isOk() ); + } + + @Test + public void testGetFacility404() throws Exception + { + MockHttpSession session = getSession( "ALL" ); + + mvc.perform( get( "/v1/facilities/abc123" ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( status().isNotFound() ); + } + + @Test + public void testGetFacilityUid() throws Exception + { + OrganisationUnit organisationUnit = createOrganisationUnit( 'A' ); + manager.save( organisationUnit ); + + MockHttpSession session = getSession( "ALL" ); + + mvc.perform( get( "/v1/facilities/" + organisationUnit.getUid() ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( jsonPath( "$.name" ).value( "OrgUnitA" ) ) + .andExpect( status().isOk() ); + } + + @Test + public void testGetFacilityUuid() throws Exception + { + OrganisationUnit organisationUnit = createOrganisationUnit( 'A' ); + manager.save( organisationUnit ); + + MockHttpSession session = getSession( "ALL" ); + + mvc.perform( get( "/v1/facilities/" + organisationUnit.getUuid() ).session( session ).accept( MediaType.APPLICATION_JSON ) ) + .andExpect( jsonPath( "$.name" ).value( "OrgUnitA" ) ) .andExpect( status().isOk() ); } } === modified file 'dhis-2/pom.xml' --- dhis-2/pom.xml 2013-01-31 03:22:50 +0000 +++ dhis-2/pom.xml 2013-03-07 09:24:35 +0000 @@ -897,6 +897,20 @@ rxtx 2.1.7 + + + com.jayway.jsonpath + json-path + 0.8.1 + test + + + org.hamcrest + hamcrest-library + 1.3 + test + +