diff --git a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AssignedUserQueryParam.java b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AssignedUserQueryParam.java index 186bbab1b79c..0b2ec7ce5ec9 100644 --- a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AssignedUserQueryParam.java +++ b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/common/AssignedUserQueryParam.java @@ -27,8 +27,6 @@ */ package org.hisp.dhis.common; -import static org.hisp.dhis.user.CurrentUserUtil.getCurrentUserDetails; - import java.util.Collections; import java.util.Set; import lombok.Value; @@ -41,7 +39,7 @@ public class AssignedUserQueryParam { public static final AssignedUserQueryParam ALL = - new AssignedUserQueryParam(AssignedUserSelectionMode.ALL, Collections.emptySet()); + new AssignedUserQueryParam(AssignedUserSelectionMode.ALL, Collections.emptySet(), null); private final AssignedUserSelectionMode mode; @@ -53,7 +51,8 @@ public class AssignedUserQueryParam { * @param mode assigned user mode * @param assignedUsers assigned user uids */ - public AssignedUserQueryParam(AssignedUserSelectionMode mode, Set assignedUsers) { + public AssignedUserQueryParam( + AssignedUserSelectionMode mode, Set assignedUsers, String userUid) { if (mode == AssignedUserSelectionMode.PROVIDED && (assignedUsers == null || assignedUsers.isEmpty())) { throw new IllegalQueryException( @@ -70,7 +69,7 @@ public AssignedUserQueryParam(AssignedUserSelectionMode mode, Set assign if (mode == AssignedUserSelectionMode.CURRENT) { this.mode = AssignedUserSelectionMode.PROVIDED; - this.assignedUsers = Collections.singleton(getCurrentUserDetails().getUid()); + this.assignedUsers = Collections.singleton(userUid); } else if ((mode == null || mode == AssignedUserSelectionMode.PROVIDED) && (assignedUsers != null && !assignedUsers.isEmpty())) { this.mode = AssignedUserSelectionMode.PROVIDED; diff --git a/dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AssignedUserQueryParamTest.java b/dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AssignedUserQueryParamTest.java index 052727ea3af5..ec00f615016f 100644 --- a/dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AssignedUserQueryParamTest.java +++ b/dhis-2/dhis-api/src/test/java/org/hisp/dhis/common/AssignedUserQueryParamTest.java @@ -38,16 +38,10 @@ import java.util.Collection; import java.util.Set; -import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserDetails; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.EnumSource; import org.junit.jupiter.params.provider.NullAndEmptySource; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; class AssignedUserQueryParamTest { public static final String CURRENT_USER_UID = "Kj6vYde4LHh"; @@ -59,7 +53,8 @@ class AssignedUserQueryParamTest { @Test void testUserWithAssignedUsersGivenUsersAndModeProvided() { - AssignedUserQueryParam param = new AssignedUserQueryParam(PROVIDED, NON_CURRENT_USER_UIDS); + AssignedUserQueryParam param = + new AssignedUserQueryParam(PROVIDED, NON_CURRENT_USER_UIDS, CURRENT_USER_UID); assertEquals(PROVIDED, param.getMode()); assertEquals(NON_CURRENT_USER_UIDS, param.getAssignedUsers()); @@ -69,7 +64,8 @@ void testUserWithAssignedUsersGivenUsersAndModeProvided() { @Test void testUserWithAssignedUsersGivenUsersAndNoMode() { - AssignedUserQueryParam param = new AssignedUserQueryParam(null, NON_CURRENT_USER_UIDS); + AssignedUserQueryParam param = + new AssignedUserQueryParam(null, NON_CURRENT_USER_UIDS, CURRENT_USER_UID); assertEquals(PROVIDED, param.getMode()); assertEquals(NON_CURRENT_USER_UIDS, param.getAssignedUsers()); @@ -80,7 +76,7 @@ void testUserWithAssignedUsersGivenUsersAndNoMode() { @NullAndEmptySource void testUserWithAssignedUsersGivenNoModeAndNoUsers(Set users) { - AssignedUserQueryParam param = new AssignedUserQueryParam(null, users); + AssignedUserQueryParam param = new AssignedUserQueryParam(null, users, CURRENT_USER_UID); assertEquals(ALL, param.getMode()); assertIsEmpty(param.getAssignedUsers()); @@ -91,18 +87,15 @@ void testUserWithAssignedUsersGivenNoModeAndNoUsers(Set users) { @NullAndEmptySource void testUserWithAssignedUsersFailsGivenNoUsersAndProvided(Set users) { - assertThrows(IllegalQueryException.class, () -> new AssignedUserQueryParam(PROVIDED, users)); + assertThrows( + IllegalQueryException.class, + () -> new AssignedUserQueryParam(PROVIDED, users, CURRENT_USER_UID)); } @ParameterizedTest @NullAndEmptySource void testUserWithAssignedUsersGivenCurrentUserAndModeCurrentAndUsersNull(Set users) { - User user = new User(); - user.setUid(CURRENT_USER_UID); - - injectSecurityContext(UserDetails.fromUser(user)); - - AssignedUserQueryParam param = new AssignedUserQueryParam(CURRENT, users); + AssignedUserQueryParam param = new AssignedUserQueryParam(CURRENT, users, CURRENT_USER_UID); assertEquals(PROVIDED, param.getMode()); assertEquals(Set.of(CURRENT_USER_UID), param.getAssignedUsers()); @@ -118,7 +111,8 @@ void testUserWithAssignedUsersFailsGivenUsersAndModeOtherThanProvided( AssignedUserSelectionMode mode) { assertThrows( - IllegalQueryException.class, () -> new AssignedUserQueryParam(mode, NON_CURRENT_USER_UIDS)); + IllegalQueryException.class, + () -> new AssignedUserQueryParam(mode, NON_CURRENT_USER_UIDS, CURRENT_USER_UID)); } @ParameterizedTest @@ -128,7 +122,7 @@ void testUserWithAssignedUsersFailsGivenUsersAndModeOtherThanProvided( names = {"PROVIDED", "CURRENT"}) void testUserWithAssignedUsersGivenNullUsersAndModeOtherThanProvided( AssignedUserSelectionMode mode) { - AssignedUserQueryParam param = new AssignedUserQueryParam(mode, null); + AssignedUserQueryParam param = new AssignedUserQueryParam(mode, null, CURRENT_USER_UID); assertEquals(mode, param.getMode()); assertIsEmpty(param.getAssignedUsers()); @@ -139,13 +133,4 @@ private static void assertIsEmpty(Collection actual) { assertNotNull(actual); assertTrue(actual.isEmpty(), actual.toString()); } - - private void injectSecurityContext(UserDetails currentUserDetails) { - Authentication authentication = - new UsernamePasswordAuthenticationToken( - currentUserDetails, "", currentUserDetails.getAuthorities()); - SecurityContext context = SecurityContextHolder.createEmptyContext(); - context.setAuthentication(authentication); - SecurityContextHolder.setContext(context); - } } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/OperationsParamsValidator.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/OperationsParamsValidator.java index d1a27463e790..7068195d40b6 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/OperationsParamsValidator.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/OperationsParamsValidator.java @@ -29,8 +29,6 @@ import static org.hisp.dhis.changelog.ChangeLogType.READ; import static org.hisp.dhis.security.Authorities.F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS; -import static org.hisp.dhis.user.CurrentUserUtil.getCurrentUserDetails; -import static org.hisp.dhis.user.CurrentUserUtil.getCurrentUsername; import java.util.HashSet; import java.util.Set; @@ -48,8 +46,7 @@ import org.hisp.dhis.trackedentity.TrackedEntityType; import org.hisp.dhis.trackedentity.TrackedEntityTypeService; import org.hisp.dhis.tracker.deprecated.audit.TrackedEntityAuditService; -import org.hisp.dhis.user.CurrentUserUtil; -import org.hisp.dhis.user.User; +import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Component; @Component @@ -78,38 +75,40 @@ public class OperationsParamsValidator { * @throws BadRequestException if a validation error occurs for any of the three aforementioned * modes */ - public static void validateOrgUnitMode(OrganisationUnitSelectionMode orgUnitMode, Program program) + public static void validateOrgUnitMode( + OrganisationUnitSelectionMode orgUnitMode, Program program, UserDetails user) throws BadRequestException { switch (orgUnitMode) { - case ALL -> validateUserCanSearchOrgUnitModeALL(); - case SELECTED, ACCESSIBLE, DESCENDANTS, CHILDREN -> validateUserScope(program); - case CAPTURE -> validateCaptureScope(); + case ALL -> validateUserCanSearchOrgUnitModeALL(user); + case SELECTED, ACCESSIBLE, DESCENDANTS, CHILDREN -> validateUserScope(program, user); + case CAPTURE -> validateCaptureScope(user); } } - private static void validateUserCanSearchOrgUnitModeALL() throws BadRequestException { - if (!CurrentUserUtil.getCurrentUserDetails() - .isAuthorized(F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS)) { + private static void validateUserCanSearchOrgUnitModeALL(UserDetails user) + throws BadRequestException { + if (!user.isAuthorized(F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS)) { throw new BadRequestException( - "Current user is not authorized to query across all organisation units"); + "User is not authorized to query across all organisation units"); } } - private static void validateUserScope(Program program) throws BadRequestException { + private static void validateUserScope(Program program, UserDetails user) + throws BadRequestException { if (program != null && (program.isClosed() || program.isProtected())) { - if (getCurrentUserDetails().getUserOrgUnitIds().isEmpty()) { + if (user.getUserOrgUnitIds().isEmpty()) { throw new BadRequestException("User needs to be assigned data capture org units"); } - } else if (getCurrentUserDetails().getUserEffectiveSearchOrgUnitIds().isEmpty()) { + } else if (user.getUserEffectiveSearchOrgUnitIds().isEmpty()) { throw new BadRequestException( "User needs to be assigned either search or data capture org units"); } } - private static void validateCaptureScope() throws BadRequestException { - if (getCurrentUserDetails().getUserOrgUnitIds().isEmpty()) { + private static void validateCaptureScope(UserDetails user) throws BadRequestException { + if (user.getUserOrgUnitIds().isEmpty()) { throw new BadRequestException("User needs to be assigned data capture org units"); } } @@ -122,9 +121,9 @@ private static void validateCaptureScope() throws BadRequestException { * @throws ForbiddenException if the user has no data read access to the program or its tracked * entity type */ - public Program validateTrackerProgram(String programUid) + public Program validateTrackerProgram(String programUid, UserDetails user) throws BadRequestException, ForbiddenException { - Program program = validateProgramAccess(programUid); + Program program = validateProgramAccess(programUid, user); if (program == null) { return null; @@ -135,9 +134,9 @@ public Program validateTrackerProgram(String programUid) } if (program.getTrackedEntityType() != null - && !aclService.canDataRead(getCurrentUserDetails(), program.getTrackedEntityType())) { + && !aclService.canDataRead(user, program.getTrackedEntityType())) { throw new ForbiddenException( - "Current user is not authorized to read data from selected program's tracked entity type: " + "User is not authorized to read data from selected program's tracked entity type: " + program.getTrackedEntityType().getUid()); } @@ -152,7 +151,7 @@ public Program validateTrackerProgram(String programUid) * @throws BadRequestException if the program uid does not exist * @throws ForbiddenException if the user has no data read access to the program */ - public Program validateProgramAccess(String programUid) + public Program validateProgramAccess(String programUid, UserDetails user) throws BadRequestException, ForbiddenException { if (programUid == null) { return null; @@ -163,7 +162,7 @@ public Program validateProgramAccess(String programUid) throw new BadRequestException("Program is specified but does not exist: " + programUid); } - if (!aclService.canDataRead(getCurrentUserDetails(), program)) { + if (!aclService.canDataRead(user, program)) { throw new ForbiddenException("User has no access to program: " + program.getUid()); } @@ -177,7 +176,7 @@ public Program validateProgramAccess(String programUid) * @throws BadRequestException if the tracked entity uid does not exist * @throws ForbiddenException if the user has no data read access to type of the tracked entity */ - public TrackedEntity validateTrackedEntity(String trackedEntityUid, User user) + public TrackedEntity validateTrackedEntity(String trackedEntityUid, UserDetails user) throws BadRequestException, ForbiddenException { if (trackedEntityUid == null) { return null; @@ -189,12 +188,12 @@ public TrackedEntity validateTrackedEntity(String trackedEntityUid, User user) throw new BadRequestException( "Tracked entity is specified but does not exist: " + trackedEntityUid); } - trackedEntityAuditService.addTrackedEntityAudit(trackedEntity, getCurrentUsername(), READ); + trackedEntityAuditService.addTrackedEntityAudit(trackedEntity, user.getUsername(), READ); if (trackedEntity.getTrackedEntityType() != null && !aclService.canDataRead(user, trackedEntity.getTrackedEntityType())) { throw new ForbiddenException( - "Current user is not authorized to read data from type of selected tracked entity: " + "User is not authorized to read data from type of selected tracked entity: " + trackedEntity.getTrackedEntityType().getUid()); } @@ -208,7 +207,7 @@ public TrackedEntity validateTrackedEntity(String trackedEntityUid, User user) * @throws BadRequestException if the tracked entity type uid does not exist * @throws ForbiddenException if the user has no data read access to the tracked entity type */ - public TrackedEntityType validateTrackedEntityType(String uid) + public TrackedEntityType validateTrackedEntityType(String uid, UserDetails user) throws BadRequestException, ForbiddenException { if (uid == null) { return null; @@ -219,9 +218,9 @@ public TrackedEntityType validateTrackedEntityType(String uid) throw new BadRequestException("Tracked entity type is specified but does not exist: " + uid); } - if (!aclService.canDataRead(getCurrentUserDetails(), trackedEntityType)) { + if (!aclService.canDataRead(user, trackedEntityType)) { throw new ForbiddenException( - "Current user is not authorized to read data from selected tracked entity type: " + "User is not authorized to read data from selected tracked entity type: " + trackedEntityType.getUid()); } @@ -235,7 +234,7 @@ public TrackedEntityType validateTrackedEntityType(String uid) * @throws BadRequestException if the org unit uid does not exist * @throws ForbiddenException if the org unit is not part of the user scope */ - public Set validateOrgUnits(Set orgUnitIds) + public Set validateOrgUnits(Set orgUnitIds, UserDetails user) throws BadRequestException, ForbiddenException { Set orgUnits = new HashSet<>(); for (String orgUnitUid : orgUnitIds) { @@ -244,8 +243,7 @@ public Set validateOrgUnits(Set orgUnitIds) throw new BadRequestException("Organisation unit does not exist: " + orgUnitUid); } - if (!getCurrentUserDetails().isSuper() - && !getCurrentUserDetails().isInUserEffectiveSearchOrgUnitHierarchy(orgUnit.getPath())) { + if (!user.isSuper() && !user.isInUserEffectiveSearchOrgUnitHierarchy(orgUnit.getPath())) { throw new ForbiddenException( "Organisation unit is not part of the search scope: " + orgUnit.getUid()); } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/DefaultEnrollmentService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/DefaultEnrollmentService.java index acc55cdaa41b..7e4407e8f9fe 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/DefaultEnrollmentService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/DefaultEnrollmentService.java @@ -55,7 +55,6 @@ import org.hisp.dhis.tracker.acl.TrackerOwnershipManager; import org.hisp.dhis.tracker.export.Page; import org.hisp.dhis.tracker.export.PageParams; -import org.hisp.dhis.user.CurrentUserUtil; import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Service; import org.springframework.transaction.annotation.Transactional; @@ -75,25 +74,16 @@ class DefaultEnrollmentService implements EnrollmentService { private final EnrollmentOperationParamsMapper paramsMapper; @Override - public Enrollment getEnrollment(String uid) throws ForbiddenException, NotFoundException { - return getEnrollment(uid, EnrollmentParams.FALSE, false); - } - - @Override - public Enrollment getEnrollment(String uid, UserDetails currentUser) + public Enrollment getEnrollment(@Nonnull String uid) throws ForbiddenException, NotFoundException { - return getEnrollment(uid, EnrollmentParams.FALSE, false, currentUser); + return getEnrollment(uid, EnrollmentParams.FALSE, false); } @Override - public Enrollment getEnrollment(String uid, EnrollmentParams params, boolean includeDeleted) - throws NotFoundException, ForbiddenException { - return getEnrollment(uid, params, includeDeleted, getCurrentUserDetails()); - } - - private Enrollment getEnrollment( - String uid, EnrollmentParams params, boolean includeDeleted, UserDetails currentUser) + public Enrollment getEnrollment( + @Nonnull String uid, @Nonnull EnrollmentParams params, boolean includeDeleted) throws NotFoundException, ForbiddenException { + UserDetails currentUser = getCurrentUserDetails(); Enrollment enrollment = enrollmentStore.getByUid(uid); if (enrollment == null) { @@ -111,9 +101,9 @@ private Enrollment getEnrollment( private Enrollment getEnrollment( @Nonnull Enrollment enrollment, - EnrollmentParams params, + @Nonnull EnrollmentParams params, boolean includeDeleted, - UserDetails currentUser) { + @Nonnull UserDetails user) { Enrollment result = new Enrollment(); result.setId(enrollment.getId()); @@ -143,16 +133,15 @@ private Enrollment getEnrollment( result.setDeleted(enrollment.isDeleted()); result.setNotes(enrollment.getNotes()); if (params.isIncludeEvents()) { - result.setEvents(getEvents(currentUser, enrollment, includeDeleted)); + result.setEvents(getEvents(user, enrollment, includeDeleted)); } if (params.isIncludeRelationships()) { - result.setRelationshipItems(getRelationshipItems(currentUser, enrollment, includeDeleted)); + result.setRelationshipItems(getRelationshipItems(user, enrollment, includeDeleted)); } if (params.isIncludeAttributes()) { result .getTrackedEntity() - .setTrackedEntityAttributeValues( - getTrackedEntityAttributeValues(currentUser, enrollment)); + .setTrackedEntityAttributeValues(getTrackedEntityAttributeValues(user, enrollment)); } return result; @@ -160,7 +149,8 @@ private Enrollment getEnrollment( @Override public RelationshipItem getEnrollmentInRelationshipItem( - String uid, EnrollmentParams params, boolean includeDeleted) throws NotFoundException { + @Nonnull String uid, @Nonnull EnrollmentParams params, boolean includeDeleted) + throws NotFoundException { RelationshipItem relationshipItem = new RelationshipItem(); Enrollment enrollment = enrollmentStore.getByUid(uid); @@ -226,8 +216,7 @@ private Set getTrackedEntityAttributeValues( @Override public List getEnrollments(@Nonnull List uids) throws ForbiddenException { List enrollments = enrollmentStore.getByUid(uids); - UserDetails user = CurrentUserUtil.getCurrentUserDetails(); - + UserDetails user = getCurrentUserDetails(); List errors = enrollments.stream() .flatMap(e -> trackerAccessManager.canRead(user, e, false).stream()) @@ -261,9 +250,9 @@ public List getEnrollments( } @Override - public List getEnrollments(EnrollmentOperationParams params) + public List getEnrollments(@Nonnull EnrollmentOperationParams params) throws ForbiddenException, BadRequestException, NotFoundException { - EnrollmentQueryParams queryParams = paramsMapper.map(params); + EnrollmentQueryParams queryParams = paramsMapper.map(params, getCurrentUserDetails()); return getEnrollments( new ArrayList<>(enrollmentStore.getEnrollments(queryParams)), @@ -273,9 +262,10 @@ public List getEnrollments(EnrollmentOperationParams params) } @Override - public Page getEnrollments(EnrollmentOperationParams params, PageParams pageParams) + public Page getEnrollments( + @Nonnull EnrollmentOperationParams params, PageParams pageParams) throws ForbiddenException, BadRequestException, NotFoundException { - EnrollmentQueryParams queryParams = paramsMapper.map(params); + EnrollmentQueryParams queryParams = paramsMapper.map(params, getCurrentUserDetails()); Page enrollmentsPage = enrollmentStore.getEnrollments(queryParams, pageParams); List enrollments = diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapper.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapper.java index f1d9d3b6e91c..fe2b18bce0ec 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapper.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapper.java @@ -32,18 +32,19 @@ import static org.hisp.dhis.common.OrganisationUnitSelectionMode.DESCENDANTS; import static org.hisp.dhis.tracker.export.OperationsParamsValidator.validateOrgUnitMode; +import java.util.HashSet; import java.util.Set; +import javax.annotation.Nonnull; import lombok.RequiredArgsConstructor; import org.hisp.dhis.feedback.BadRequestException; import org.hisp.dhis.feedback.ForbiddenException; import org.hisp.dhis.organisationunit.OrganisationUnit; +import org.hisp.dhis.organisationunit.OrganisationUnitService; import org.hisp.dhis.program.Program; import org.hisp.dhis.trackedentity.TrackedEntity; import org.hisp.dhis.trackedentity.TrackedEntityType; import org.hisp.dhis.tracker.export.OperationsParamsValidator; -import org.hisp.dhis.user.CurrentUserUtil; -import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserService; +import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -54,24 +55,23 @@ @Component @RequiredArgsConstructor class EnrollmentOperationParamsMapper { - private final UserService userService; + private final OrganisationUnitService organisationUnitService; private final OperationsParamsValidator paramsValidator; @Transactional(readOnly = true) - public EnrollmentQueryParams map(EnrollmentOperationParams operationParams) + public EnrollmentQueryParams map( + @Nonnull EnrollmentOperationParams operationParams, @Nonnull UserDetails user) throws BadRequestException, ForbiddenException { - User currentUser = userService.getUserByUsername(CurrentUserUtil.getCurrentUsername()); - - Program program = paramsValidator.validateTrackerProgram(operationParams.getProgramUid()); + Program program = paramsValidator.validateTrackerProgram(operationParams.getProgramUid(), user); TrackedEntityType trackedEntityType = - paramsValidator.validateTrackedEntityType(operationParams.getTrackedEntityTypeUid()); + paramsValidator.validateTrackedEntityType(operationParams.getTrackedEntityTypeUid(), user); TrackedEntity trackedEntity = - paramsValidator.validateTrackedEntity(operationParams.getTrackedEntityUid(), currentUser); + paramsValidator.validateTrackedEntity(operationParams.getTrackedEntityUid(), user); Set orgUnits = - paramsValidator.validateOrgUnits(operationParams.getOrgUnitUids()); - validateOrgUnitMode(operationParams.getOrgUnitMode(), program); + paramsValidator.validateOrgUnits(operationParams.getOrgUnitUids(), user); + validateOrgUnitMode(operationParams.getOrgUnitMode(), program, user); EnrollmentQueryParams params = new EnrollmentQueryParams(); params.setProgram(program); @@ -86,11 +86,10 @@ public EnrollmentQueryParams map(EnrollmentOperationParams operationParams) params.addOrganisationUnits(orgUnits); params.setOrganisationUnitMode(operationParams.getOrgUnitMode()); params.setIncludeDeleted(operationParams.isIncludeDeleted()); - params.setUser(currentUser); params.setOrder(operationParams.getOrder()); params.setEnrollmentUids(operationParams.getEnrollmentUids()); - mergeOrgUnitModes(operationParams, currentUser, params); + mergeOrgUnitModes(operationParams, params, user); return params; } @@ -100,12 +99,19 @@ public EnrollmentQueryParams map(EnrollmentOperationParams operationParams) * org unit modes. */ private void mergeOrgUnitModes( - EnrollmentOperationParams operationParams, User user, EnrollmentQueryParams queryParams) { - if (user != null && operationParams.getOrgUnitMode() == ACCESSIBLE) { - queryParams.addOrganisationUnits(user.getEffectiveSearchOrganisationUnits()); + EnrollmentOperationParams operationParams, + EnrollmentQueryParams queryParams, + UserDetails user) { + if (operationParams.getOrgUnitMode() == ACCESSIBLE) { + queryParams.addOrganisationUnits( + new HashSet<>( + organisationUnitService.getOrganisationUnitsByUid( + user.getUserEffectiveSearchOrgUnitIds()))); queryParams.setOrganisationUnitMode(DESCENDANTS); - } else if (user != null && operationParams.getOrgUnitMode() == CAPTURE) { - queryParams.addOrganisationUnits(user.getOrganisationUnits()); + } else if (operationParams.getOrgUnitMode() == CAPTURE) { + queryParams.addOrganisationUnits( + new HashSet<>( + organisationUnitService.getOrganisationUnitsByUid(user.getUserOrgUnitIds()))); queryParams.setOrganisationUnitMode(DESCENDANTS); } } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentService.java index 4c4e9d989d17..6273e2bb9efc 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentService.java @@ -39,14 +39,10 @@ import org.hisp.dhis.relationship.RelationshipItem; import org.hisp.dhis.tracker.export.Page; import org.hisp.dhis.tracker.export.PageParams; -import org.hisp.dhis.user.UserDetails; public interface EnrollmentService { Enrollment getEnrollment(String uid) throws ForbiddenException, NotFoundException; - Enrollment getEnrollment(String uid, UserDetails currentUser) - throws ForbiddenException, NotFoundException; - Enrollment getEnrollment(String uid, EnrollmentParams params, boolean includeDeleted) throws NotFoundException, ForbiddenException; diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/DefaultEventService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/DefaultEventService.java index dfa67e598280..56157564c258 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/DefaultEventService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/DefaultEventService.java @@ -81,7 +81,7 @@ class DefaultEventService implements EventService { private final EventOperationParamsMapper paramsMapper; @Override - public FileResourceStream getFileResource(UID event, UID dataElement) + public FileResourceStream getFileResource(@Nonnull UID event, @Nonnull UID dataElement) throws NotFoundException, ForbiddenException { FileResource fileResource = getFileResourceMetadata(event, dataElement); return FileResourceStream.of(fileResourceService, fileResource); @@ -89,7 +89,7 @@ public FileResourceStream getFileResource(UID event, UID dataElement) @Override public FileResourceStream getFileResourceImage( - UID event, UID dataElement, ImageFileDimension dimension) + @Nonnull UID event, @Nonnull UID dataElement, ImageFileDimension dimension) throws NotFoundException, ForbiddenException { FileResource fileResource = getFileResourceMetadata(event, dataElement); return FileResourceStream.ofImage(fileResourceService, fileResource, dimension); @@ -137,13 +137,13 @@ public Event getEvent(@Nonnull UID event) throws ForbiddenException, NotFoundExc } @Override - public Event getEvent(@Nonnull UID event, UserDetails user) + public Event getEvent(@Nonnull UID event, @Nonnull UserDetails user) throws ForbiddenException, NotFoundException { return getEvent(event, EventParams.FALSE, user); } @Override - public Event getEvent(@Nonnull UID event, EventParams eventParams) + public Event getEvent(@Nonnull UID event, @Nonnull EventParams eventParams) throws ForbiddenException, NotFoundException { return getEvent(event, eventParams, CurrentUserUtil.getCurrentUserDetails()); } @@ -163,7 +163,7 @@ public Event getEvent(@Nonnull UID eventUid, EventParams eventParams, UserDetail return getEvent(event, eventParams, user); } - private Event getEvent(@Nonnull Event event, EventParams eventParams, UserDetails currentUser) { + private Event getEvent(@Nonnull Event event, EventParams eventParams, UserDetails user) { Event result = new Event(); result.setId(event.getId()); result.setUid(event.getUid()); @@ -221,7 +221,7 @@ private Event getEvent(@Nonnull Event event, EventParams eventParams, UserDetail for (RelationshipItem relationshipItem : event.getRelationshipItems()) { Relationship daoRelationship = relationshipItem.getRelationship(); - if (trackerAccessManager.canRead(currentUser, daoRelationship).isEmpty() + if (trackerAccessManager.canRead(user, daoRelationship).isEmpty() && (!daoRelationship.isDeleted())) { relationshipItems.add(relationshipItem); } @@ -234,22 +234,23 @@ private Event getEvent(@Nonnull Event event, EventParams eventParams, UserDetail } @Override - public List getEvents(EventOperationParams operationParams) + public List getEvents(@Nonnull EventOperationParams operationParams) throws BadRequestException, ForbiddenException, NotFoundException { - EventQueryParams queryParams = paramsMapper.map(operationParams); + EventQueryParams queryParams = paramsMapper.map(operationParams, getCurrentUserDetails()); return eventStore.getEvents(queryParams); } @Override - public Page getEvents(EventOperationParams operationParams, PageParams pageParams) + public Page getEvents( + @Nonnull EventOperationParams operationParams, @Nonnull PageParams pageParams) throws BadRequestException, ForbiddenException, NotFoundException { - EventQueryParams queryParams = paramsMapper.map(operationParams); + EventQueryParams queryParams = paramsMapper.map(operationParams, getCurrentUserDetails()); return eventStore.getEvents(queryParams, pageParams); } @Override - public RelationshipItem getEventInRelationshipItem(String uid, EventParams eventParams) - throws NotFoundException { + public RelationshipItem getEventInRelationshipItem( + @Nonnull String uid, @Nonnull EventParams eventParams) throws NotFoundException { RelationshipItem relationshipItem = new RelationshipItem(); Event event = manager.get(Event.class, uid); diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapper.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapper.java index 6ea6ac3e6f5e..f421d513594d 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapper.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapper.java @@ -32,6 +32,7 @@ import java.util.List; import java.util.Map; import java.util.Map.Entry; +import javax.annotation.Nonnull; import lombok.RequiredArgsConstructor; import org.hisp.dhis.category.CategoryOptionCombo; import org.hisp.dhis.common.AssignedUserQueryParam; @@ -52,9 +53,7 @@ import org.hisp.dhis.trackedentity.TrackedEntityAttributeService; import org.hisp.dhis.tracker.export.OperationsParamsValidator; import org.hisp.dhis.tracker.export.Order; -import org.hisp.dhis.user.CurrentUserUtil; -import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserService; +import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -74,8 +73,6 @@ class EventOperationParamsMapper { private final CategoryOptionComboService categoryOptionComboService; - private final UserService userService; - private final TrackedEntityAttributeService trackedEntityAttributeService; private final DataElementService dataElementService; @@ -83,19 +80,15 @@ class EventOperationParamsMapper { private final OperationsParamsValidator paramsValidator; @Transactional(readOnly = true) - public EventQueryParams map(EventOperationParams operationParams) + public EventQueryParams map( + @Nonnull EventOperationParams operationParams, @Nonnull UserDetails user) throws BadRequestException, ForbiddenException { - User currentUser = userService.getUserByUsername(CurrentUserUtil.getCurrentUsername()); - - Program program = paramsValidator.validateProgramAccess(operationParams.getProgramUid()); - ProgramStage programStage = - validateProgramStage(operationParams.getProgramStageUid(), currentUser); + Program program = paramsValidator.validateProgramAccess(operationParams.getProgramUid(), user); + ProgramStage programStage = validateProgramStage(operationParams.getProgramStageUid(), user); TrackedEntity trackedEntity = - paramsValidator.validateTrackedEntity(operationParams.getTrackedEntityUid(), currentUser); - - OrganisationUnit orgUnit = - validateRequestedOrgUnit(operationParams.getOrgUnitUid(), currentUser); - validateOrgUnitMode(operationParams.getOrgUnitMode(), program); + paramsValidator.validateTrackedEntity(operationParams.getTrackedEntityUid(), user); + OrganisationUnit orgUnit = validateRequestedOrgUnit(operationParams.getOrgUnitUid(), user); + validateOrgUnitMode(operationParams.getOrgUnitMode(), program, user); CategoryOptionCombo attributeOptionCombo = categoryOptionComboService.getAttributeOptionCombo( @@ -105,7 +98,7 @@ public EventQueryParams map(EventOperationParams operationParams) operationParams.getAttributeCategoryOptions(), true); - validateAttributeOptionCombo(attributeOptionCombo, currentUser); + validateAttributeOptionCombo(attributeOptionCombo, user); EventQueryParams queryParams = new EventQueryParams(); @@ -123,7 +116,9 @@ public EventQueryParams map(EventOperationParams operationParams) .setOrgUnitMode(operationParams.getOrgUnitMode()) .setAssignedUserQueryParam( new AssignedUserQueryParam( - operationParams.getAssignedUserMode(), operationParams.getAssignedUsers())) + operationParams.getAssignedUserMode(), + operationParams.getAssignedUsers(), + user.getUid())) .setOccurredStartDate(operationParams.getOccurredAfter()) .setOccurredEndDate(operationParams.getOccurredBefore()) .setScheduledStartDate(operationParams.getScheduledAfter()) @@ -146,7 +141,7 @@ public EventQueryParams map(EventOperationParams operationParams) .setIncludeRelationships(operationParams.getEventParams().isIncludeRelationships()); } - private ProgramStage validateProgramStage(String programStageUid, User user) + private ProgramStage validateProgramStage(String programStageUid, UserDetails user) throws BadRequestException, ForbiddenException { if (programStageUid == null) { return null; @@ -165,7 +160,7 @@ private ProgramStage validateProgramStage(String programStageUid, User user) return programStage; } - private OrganisationUnit validateRequestedOrgUnit(String orgUnitUid, User user) + private OrganisationUnit validateRequestedOrgUnit(String orgUnitUid, UserDetails user) throws BadRequestException, ForbiddenException { if (orgUnitUid == null) { return null; @@ -175,8 +170,7 @@ private OrganisationUnit validateRequestedOrgUnit(String orgUnitUid, User user) throw new BadRequestException("Org unit is specified but does not exist: " + orgUnitUid); } - if (!organisationUnitService.isInUserHierarchy( - orgUnit.getUid(), user.getEffectiveSearchOrganisationUnits())) { + if (!user.isInUserEffectiveSearchOrgUnitHierarchy(orgUnit.getPath())) { throw new ForbiddenException( "Organisation unit is not part of your search scope: " + orgUnit.getUid()); } @@ -184,10 +178,10 @@ private OrganisationUnit validateRequestedOrgUnit(String orgUnitUid, User user) return orgUnit; } - private void validateAttributeOptionCombo(CategoryOptionCombo attributeOptionCombo, User user) - throws ForbiddenException { + private void validateAttributeOptionCombo( + CategoryOptionCombo attributeOptionCombo, UserDetails user) throws ForbiddenException { if (attributeOptionCombo != null - && (user != null && !user.isSuper()) + && !user.isSuper() && !aclService.canDataRead(user, attributeOptionCombo)) { throw new ForbiddenException( "User has no access to attribute category option combo: " diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/DefaultRelationshipService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/DefaultRelationshipService.java index dbff742a34a5..363b04e8bcdd 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/DefaultRelationshipService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/DefaultRelationshipService.java @@ -59,7 +59,7 @@ public class DefaultRelationshipService implements RelationshipService { private final RelationshipOperationParamsMapper mapper; @Override - public List getRelationships(RelationshipOperationParams params) + public List getRelationships(@Nonnull RelationshipOperationParams params) throws ForbiddenException, NotFoundException, BadRequestException { RelationshipQueryParams queryParams = mapper.map(params); @@ -68,7 +68,7 @@ public List getRelationships(RelationshipOperationParams params) @Override public Page getRelationships( - RelationshipOperationParams params, PageParams pageParams) + @Nonnull RelationshipOperationParams params, @Nonnull PageParams pageParams) throws ForbiddenException, NotFoundException, BadRequestException { RelationshipQueryParams queryParams = mapper.map(params); @@ -76,7 +76,8 @@ public Page getRelationships( } @Override - public Relationship getRelationship(String uid) throws ForbiddenException, NotFoundException { + public Relationship getRelationship(@Nonnull String uid) + throws ForbiddenException, NotFoundException { Relationship relationship = relationshipStore.getByUid(uid); if (relationship == null) { diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapper.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapper.java index 50d06a58166e..47916daf8f60 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapper.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapper.java @@ -27,21 +27,17 @@ */ package org.hisp.dhis.tracker.export.relationship; -import java.util.List; +import javax.annotation.Nonnull; import lombok.RequiredArgsConstructor; import org.hisp.dhis.common.IdentifiableObject; import org.hisp.dhis.common.UID; import org.hisp.dhis.feedback.BadRequestException; import org.hisp.dhis.feedback.ForbiddenException; import org.hisp.dhis.feedback.NotFoundException; -import org.hisp.dhis.trackedentity.TrackedEntity; import org.hisp.dhis.tracker.acl.TrackerAccessManager; import org.hisp.dhis.tracker.export.enrollment.EnrollmentService; import org.hisp.dhis.tracker.export.event.EventService; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; -import org.hisp.dhis.user.CurrentUserUtil; -import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -59,14 +55,12 @@ class RelationshipOperationParamsMapper { private final TrackerAccessManager accessManager; @Transactional(readOnly = true) - public RelationshipQueryParams map(RelationshipOperationParams params) + public RelationshipQueryParams map(@Nonnull RelationshipOperationParams params) throws NotFoundException, ForbiddenException, BadRequestException { - UserDetails currentUser = CurrentUserUtil.getCurrentUserDetails(); - IdentifiableObject entity = switch (params.getType()) { - case TRACKED_ENTITY -> validateTrackedEntity(currentUser, params.getIdentifier()); + case TRACKED_ENTITY -> trackedEntityService.getTrackedEntity(params.getIdentifier()); case ENROLLMENT -> enrollmentService.getEnrollment(params.getIdentifier()); case EVENT -> eventService.getEvent(UID.of(params.getIdentifier())); case RELATIONSHIP -> throw new IllegalArgumentException("Unsupported type"); @@ -78,20 +72,4 @@ public RelationshipQueryParams map(RelationshipOperationParams params) .includeDeleted(params.isIncludeDeleted()) .build(); } - - private TrackedEntity validateTrackedEntity(UserDetails user, String uid) - throws NotFoundException, ForbiddenException, BadRequestException { - TrackedEntity trackedEntity = - trackedEntityService.getTrackedEntity(uid, null, TrackedEntityParams.FALSE, false); - if (trackedEntity == null) { - throw new NotFoundException(TrackedEntity.class, uid); - } - - List errors = accessManager.canRead(user, trackedEntity); - if (!errors.isEmpty()) { - throw new ForbiddenException(TrackedEntity.class, uid); - } - - return trackedEntity; - } } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityChangeLogService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityChangeLogService.java index 8e01488c6927..ffb882064380 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityChangeLogService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityChangeLogService.java @@ -123,8 +123,7 @@ public Page getTrackedEntityChangeLog( PageParams pageParams) throws NotFoundException, ForbiddenException, BadRequestException { TrackedEntity trackedEntity = - trackedEntityService.getTrackedEntity( - trackedEntityUid.getValue(), null, TrackedEntityParams.FALSE, false); + trackedEntityService.getTrackedEntity(trackedEntityUid.getValue()); if (trackedEntity == null) { throw new NotFoundException(TrackedEntity.class, trackedEntityUid.getValue()); } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityService.java index c2a174e99a00..77b7c2ead843 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/DefaultTrackedEntityService.java @@ -39,6 +39,7 @@ import java.util.Set; import java.util.stream.Collectors; import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; import lombok.RequiredArgsConstructor; import org.apache.commons.lang3.StringUtils; import org.hisp.dhis.changelog.ChangeLogType; @@ -109,14 +110,18 @@ class DefaultTrackedEntityService implements TrackedEntityService { @Override public FileResourceStream getFileResource( - UID trackedEntity, UID attribute, @CheckForNull UID program) throws NotFoundException { + @Nonnull UID trackedEntity, @Nonnull UID attribute, @CheckForNull UID program) + throws NotFoundException { FileResource fileResource = getFileResourceMetadata(trackedEntity, attribute, program); return FileResourceStream.of(fileResourceService, fileResource); } @Override public FileResourceStream getFileResourceImage( - UID trackedEntity, UID attribute, @CheckForNull UID program, ImageFileDimension dimension) + @Nonnull UID trackedEntity, + @Nonnull UID attribute, + @CheckForNull UID program, + ImageFileDimension dimension) throws NotFoundException { FileResource fileResource = getFileResourceMetadata(trackedEntity, attribute, program); return FileResourceStream.ofImage(fileResourceService, fileResource, dimension); @@ -207,9 +212,26 @@ private static TrackedEntityAttribute getAttribute( () -> new NotFoundException(TrackedEntityAttribute.class, attribute.getValue())); } + @Override + public TrackedEntity getTrackedEntity(@Nonnull String uid) + throws NotFoundException, ForbiddenException { + UserDetails currentUser = getCurrentUserDetails(); + TrackedEntity trackedEntity = + mapTrackedEntity( + getTrackedEntity(uid, currentUser), + TrackedEntityParams.FALSE, + currentUser, + null, + false); + mapTrackedEntityTypeAttributes(trackedEntity); + return trackedEntity; + } + @Override public TrackedEntity getTrackedEntity( - String uid, String programIdentifier, TrackedEntityParams params, boolean includeDeleted) + @Nonnull String uid, + @CheckForNull String programIdentifier, + @Nonnull TrackedEntityParams params) throws NotFoundException, ForbiddenException { Program program = null; @@ -222,7 +244,7 @@ public TrackedEntity getTrackedEntity( TrackedEntity trackedEntity; if (program != null) { - trackedEntity = getTrackedEntity(uid, program, params, includeDeleted); + trackedEntity = getTrackedEntity(uid, program, params); if (params.isIncludeProgramOwners()) { Set filteredProgramOwners = @@ -235,8 +257,7 @@ public TrackedEntity getTrackedEntity( UserDetails userDetails = getCurrentUserDetails(); trackedEntity = - mapTrackedEntity( - getTrackedEntity(uid, userDetails), params, userDetails, null, includeDeleted); + mapTrackedEntity(getTrackedEntity(uid, userDetails), params, userDetails, null, false); mapTrackedEntityTypeAttributes(trackedEntity); } @@ -250,8 +271,7 @@ public TrackedEntity getTrackedEntity( * @throws NotFoundException if uid does not exist * @throws ForbiddenException if TE owner is not in user's scope or not enough sharing access */ - private TrackedEntity getTrackedEntity( - String uid, Program program, TrackedEntityParams params, boolean includeDeleted) + private TrackedEntity getTrackedEntity(String uid, Program program, TrackedEntityParams params) throws NotFoundException, ForbiddenException { TrackedEntity trackedEntity = trackedEntityStore.getByUid(uid); trackedEntityAuditService.addTrackedEntityAudit(trackedEntity, getCurrentUsername(), READ); @@ -273,7 +293,7 @@ private TrackedEntity getTrackedEntity( throw new ForbiddenException(error); } - return mapTrackedEntity(trackedEntity, params, userDetails, program, includeDeleted); + return mapTrackedEntity(trackedEntity, params, userDetails, program, false); } /** @@ -317,7 +337,7 @@ private void mapTrackedEntityTypeAttributes(TrackedEntity trackedEntity) { private TrackedEntity mapTrackedEntity( TrackedEntity trackedEntity, TrackedEntityParams params, - UserDetails currentUser, + UserDetails user, Program program, boolean includeDeleted) { TrackedEntity result = new TrackedEntity(); @@ -338,10 +358,10 @@ private TrackedEntity mapTrackedEntity( result.setLastUpdatedByUserInfo(trackedEntity.getLastUpdatedByUserInfo()); result.setGeometry(trackedEntity.getGeometry()); if (params.isIncludeRelationships()) { - result.setRelationshipItems(getRelationshipItems(trackedEntity, currentUser, includeDeleted)); + result.setRelationshipItems(getRelationshipItems(trackedEntity, user, includeDeleted)); } if (params.isIncludeEnrollments()) { - result.setEnrollments(getEnrollments(trackedEntity, currentUser, includeDeleted, program)); + result.setEnrollments(getEnrollments(trackedEntity, user, includeDeleted, program)); } if (params.isIncludeProgramOwners()) { result.setProgramOwners(trackedEntity.getProgramOwners()); @@ -466,9 +486,10 @@ private RelationshipItem getTrackedEntityInRelationshipItem( } @Override - public List getTrackedEntities(TrackedEntityOperationParams operationParams) + public List getTrackedEntities( + @Nonnull TrackedEntityOperationParams operationParams) throws ForbiddenException, NotFoundException, BadRequestException { - TrackedEntityQueryParams queryParams = mapper.map(operationParams); + TrackedEntityQueryParams queryParams = mapper.map(operationParams, getCurrentUserDetails()); final List ids = getTrackedEntityIds(queryParams); List trackedEntities = @@ -490,9 +511,9 @@ public List getTrackedEntities(TrackedEntityOperationParams opera @Override public Page getTrackedEntities( - TrackedEntityOperationParams operationParams, PageParams pageParams) + @Nonnull TrackedEntityOperationParams operationParams, @Nonnull PageParams pageParams) throws BadRequestException, ForbiddenException, NotFoundException { - TrackedEntityQueryParams queryParams = mapper.map(operationParams); + TrackedEntityQueryParams queryParams = mapper.map(operationParams, getCurrentUserDetails()); final Page ids = getTrackedEntityIds(queryParams, pageParams); List trackedEntities = @@ -527,7 +548,7 @@ private Page getTrackedEntityIds(TrackedEntityQueryParams params, PagePara */ private void mapRelationshipItems( List trackedEntities, TrackedEntityParams params, boolean includeDeleted) - throws ForbiddenException, NotFoundException { + throws NotFoundException { if (params.isIncludeRelationships()) { for (TrackedEntity trackedEntity : trackedEntities) { mapRelationshipItems(trackedEntity, includeDeleted); diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/HibernateTrackedEntityStore.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/HibernateTrackedEntityStore.java index fb55dea59b35..d48b75d9835e 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/HibernateTrackedEntityStore.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/HibernateTrackedEntityStore.java @@ -657,12 +657,11 @@ private String getFromSubQueryJoinOrgUnitConditions(TrackedEntityQueryParams par */ private void handleOrganisationUnits(TrackedEntityQueryParams params) { UserDetails user = getCurrentUserDetails(); - if (user != null && params.isOrganisationUnitMode(OrganisationUnitSelectionMode.ACCESSIBLE)) { + if (params.isOrganisationUnitMode(OrganisationUnitSelectionMode.ACCESSIBLE)) { params.setOrgUnits( new HashSet<>(organisationUnitStore.getByUid(user.getUserEffectiveSearchOrgUnitIds()))); params.setOrgUnitMode(OrganisationUnitSelectionMode.DESCENDANTS); - } else if (user != null - && params.isOrganisationUnitMode(OrganisationUnitSelectionMode.CAPTURE)) { + } else if (params.isOrganisationUnitMode(OrganisationUnitSelectionMode.CAPTURE)) { params.setOrgUnits(new HashSet<>(organisationUnitStore.getByUid(user.getUserOrgUnitIds()))); params.setOrgUnitMode(OrganisationUnitSelectionMode.DESCENDANTS); } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapper.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapper.java index 672483a47a91..7302ab2db209 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapper.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapper.java @@ -33,7 +33,6 @@ import static org.hisp.dhis.common.OrganisationUnitSelectionMode.DESCENDANTS; import static org.hisp.dhis.common.OrganisationUnitSelectionMode.SELECTED; import static org.hisp.dhis.tracker.export.OperationsParamsValidator.validateOrgUnitMode; -import static org.hisp.dhis.user.CurrentUserUtil.getCurrentUserDetails; import java.util.ArrayList; import java.util.HashSet; @@ -59,6 +58,7 @@ import org.hisp.dhis.trackedentity.TrackedEntityTypeService; import org.hisp.dhis.tracker.export.OperationsParamsValidator; import org.hisp.dhis.tracker.export.Order; +import org.hisp.dhis.user.UserDetails; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; @@ -88,21 +88,22 @@ class TrackedEntityOperationParamsMapper { private final OperationsParamsValidator paramsValidator; @Transactional(readOnly = true) - public TrackedEntityQueryParams map(TrackedEntityOperationParams operationParams) + public TrackedEntityQueryParams map( + TrackedEntityOperationParams operationParams, UserDetails user) throws BadRequestException, ForbiddenException { - Program program = paramsValidator.validateTrackerProgram(operationParams.getProgramUid()); + Program program = paramsValidator.validateTrackerProgram(operationParams.getProgramUid(), user); ProgramStage programStage = validateProgramStage(operationParams, program); TrackedEntityType requestedTrackedEntityType = - paramsValidator.validateTrackedEntityType(operationParams.getTrackedEntityTypeUid()); + paramsValidator.validateTrackedEntityType(operationParams.getTrackedEntityTypeUid(), user); - List trackedEntityTypes = getTrackedEntityTypes(program); + List trackedEntityTypes = getTrackedEntityTypes(program, user); - List programs = getTrackerPrograms(program); + List programs = getTrackerPrograms(program, user); Set orgUnits = - paramsValidator.validateOrgUnits(operationParams.getOrganisationUnits()); - validateOrgUnitMode(operationParams.getOrgUnitMode(), program); + paramsValidator.validateOrgUnits(operationParams.getOrganisationUnits(), user); + validateOrgUnitMode(operationParams.getOrgUnitMode(), program, user); TrackedEntityQueryParams params = new TrackedEntityQueryParams(); mapAttributeFilters(params, operationParams.getFilters()); @@ -137,25 +138,26 @@ public TrackedEntityQueryParams map(TrackedEntityOperationParams operationParams .setIncludeDeleted(operationParams.isIncludeDeleted()) .setPotentialDuplicate(operationParams.getPotentialDuplicate()); - validateGlobalSearchParameters(params); + validateGlobalSearchParameters(params, user); return params; } - private List getTrackedEntityTypes(Program program) + private List getTrackedEntityTypes(Program program, UserDetails user) throws BadRequestException { if (program != null) { return List.of(program.getTrackedEntityType()); } else { - return filterAndValidateTrackedEntityTypes(); + return filterAndValidateTrackedEntityTypes(user); } } - private List filterAndValidateTrackedEntityTypes() throws BadRequestException { + private List filterAndValidateTrackedEntityTypes(UserDetails user) + throws BadRequestException { List trackedEntityTypes = trackedEntityTypeService.getAllTrackedEntityType().stream() - .filter(tet -> aclService.canDataRead(getCurrentUserDetails(), tet)) + .filter(tet -> aclService.canDataRead(user, tet)) .toList(); if (trackedEntityTypes.isEmpty()) { @@ -165,11 +167,11 @@ private List filterAndValidateTrackedEntityTypes() throws Bad return trackedEntityTypes; } - private List getTrackerPrograms(Program program) { + private List getTrackerPrograms(Program program, UserDetails user) { if (program == null) { return programService.getAllPrograms().stream() .filter(Program::isRegistration) - .filter(p -> aclService.canDataRead(getCurrentUserDetails(), p)) + .filter(p -> aclService.canDataRead(user, p)) .toList(); } @@ -277,9 +279,9 @@ private void validateTrackedEntityAttributeFilters( } } - private void validateGlobalSearchParameters(TrackedEntityQueryParams params) + private void validateGlobalSearchParameters(TrackedEntityQueryParams params, UserDetails user) throws IllegalQueryException { - if (!isLocalSearch(params)) { + if (!isLocalSearch(params, user)) { if (params.hasFilters()) { List searchableAttributeIds = getSearchableAttributeIds(params); @@ -357,10 +359,9 @@ private int getMaxTeiLimit(TrackedEntityQueryParams params) { return maxTeiLimit; } - private boolean isLocalSearch(TrackedEntityQueryParams params) { + private boolean isLocalSearch(TrackedEntityQueryParams params, UserDetails user) { List localOrgUnits = - organisationUnitService.getOrganisationUnitsByUid( - getCurrentUserDetails().getUserOrgUnitIds()); + organisationUnitService.getOrganisationUnitsByUid(user.getUserOrgUnitIds()); Set searchOrgUnits = new HashSet<>(); if (params.isOrganisationUnitMode(SELECTED)) { @@ -374,8 +375,7 @@ private boolean isLocalSearch(TrackedEntityQueryParams params) { searchOrgUnits.addAll(organisationUnitService.getRootOrganisationUnits()); } else { searchOrgUnits.addAll( - organisationUnitService.getOrganisationUnitsByUid( - getCurrentUserDetails().getUserSearchOrgUnitIds())); + organisationUnitService.getOrganisationUnitsByUid(user.getUserSearchOrgUnitIds())); } for (OrganisationUnit ou : searchOrgUnits) { diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityService.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityService.java index b79b695e46ef..5297892fb1c7 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityService.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityService.java @@ -50,8 +50,23 @@ FileResourceStream getFileResourceImage( UID trackedEntity, UID attribute, UID program, ImageFileDimension dimension) throws NotFoundException; - TrackedEntity getTrackedEntity( - String uid, String programIdentifier, TrackedEntityParams params, boolean includeDeleted) + /** + * Get the tracked entity matching given {@code UID} under the privileges of the currently + * authenticated user. No program attributes are included, only TETAs. Enrollments and + * relationships are not included. Use {@link #getTrackedEntity(String, String, + * TrackedEntityParams)} instead to also get the relationships, enrollments and program + * attributes. + */ + TrackedEntity getTrackedEntity(String uid) + throws NotFoundException, ForbiddenException, BadRequestException; + + /** + * Get the tracked entity matching given {@code UID} under the privileges of the currently + * authenticated user. If @param programIdentifier is defined, program attributes for such program + * are included, otherwise only TETAs are included. It will include enrollments, relationships, + * attributes and ownerships as defined in @param params + */ + TrackedEntity getTrackedEntity(String uid, String programIdentifier, TrackedEntityParams params) throws NotFoundException, ForbiddenException, BadRequestException; /** Get all tracked entities matching given params. */ diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/EnrollmentSMSListener.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/EnrollmentSMSListener.java index 7b5dd193ce35..42224765d79e 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/EnrollmentSMSListener.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/EnrollmentSMSListener.java @@ -99,8 +99,7 @@ protected SmsResponse postProcess(IncomingSms sms, SmsSubmission submission, Str trackedEntityService.getTrackedEntity( subm.getTrackedEntityInstance().getUid(), subm.getTrackerProgram().getUid(), - TrackedEntityParams.FALSE.withIncludeAttributes(true), - false); + TrackedEntityParams.FALSE.withIncludeAttributes(true)); } catch (NotFoundException e) { // new TE will be created } catch (ForbiddenException | BadRequestException e) { diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/TrackedEntityRegistrationSMSListener.java b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/TrackedEntityRegistrationSMSListener.java index 21ea82c928b2..b51a941fad0b 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/TrackedEntityRegistrationSMSListener.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/main/java/org/hisp/dhis/tracker/imports/sms/TrackedEntityRegistrationSMSListener.java @@ -58,7 +58,6 @@ import org.hisp.dhis.trackedentity.TrackedEntityAttribute; import org.hisp.dhis.trackedentity.TrackedEntityTypeService; import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; import org.hisp.dhis.tracker.trackedentityattributevalue.TrackedEntityAttributeValueService; import org.hisp.dhis.user.UserService; @@ -157,8 +156,7 @@ protected void postProcess( try { smsEnrollmentService.enrollTrackedEntity( - trackedEntityService.getTrackedEntity( - trackedEntity.getUid(), null, TrackedEntityParams.FALSE, false), + trackedEntityService.getTrackedEntity(trackedEntity.getUid()), program, orgUnit, occurredDate); diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/OperationsParamsValidatorTest.java b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/OperationsParamsValidatorTest.java index 60aa346d6821..f4492e2245c2 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/OperationsParamsValidatorTest.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/OperationsParamsValidatorTest.java @@ -32,7 +32,6 @@ import static org.hisp.dhis.program.ProgramType.WITHOUT_REGISTRATION; import static org.hisp.dhis.tracker.export.OperationsParamsValidator.validateOrgUnitMode; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.Mockito.mockStatic; import static org.mockito.Mockito.when; import com.google.common.collect.Sets; @@ -50,7 +49,6 @@ import org.hisp.dhis.trackedentity.TrackedEntityType; import org.hisp.dhis.trackedentity.TrackedEntityTypeService; import org.hisp.dhis.tracker.deprecated.audit.TrackedEntityAuditService; -import org.hisp.dhis.user.CurrentUserUtil; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserDetails; import org.hisp.dhis.user.UserRole; @@ -62,7 +60,6 @@ import org.junit.jupiter.params.provider.EnumSource; import org.mockito.InjectMocks; import org.mockito.Mock; -import org.mockito.MockedStatic; import org.mockito.junit.jupiter.MockitoExtension; @ExtendWith(MockitoExtension.class) @@ -104,6 +101,8 @@ class OperationsParamsValidatorTest { @InjectMocks private OperationsParamsValidator paramsValidator; + private final UserDetails user = UserDetails.fromUser(new User()); + @BeforeEach public void setUp() { OrganisationUnit organisationUnit = createOrgUnit("orgUnit", PARENT_ORG_UNIT_UID); @@ -112,16 +111,11 @@ public void setUp() { @Test void shouldFailWhenOuModeCaptureAndUserHasNoOrgUnitsAssigned() { - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - Exception exception = - Assertions.assertThrows( - BadRequestException.class, () -> validateOrgUnitMode(CAPTURE, program)); - - assertEquals("User needs to be assigned data capture org units", exception.getMessage()); - } + Exception exception = + Assertions.assertThrows( + BadRequestException.class, () -> validateOrgUnitMode(CAPTURE, program, user)); + + assertEquals("User needs to be assigned data capture org units", exception.getMessage()); } @ParameterizedTest @@ -131,34 +125,23 @@ void shouldFailWhenOuModeCaptureAndUserHasNoOrgUnitsAssigned() { void shouldFailWhenOuModeRequiresUserScopeOrgUnitAndUserHasNoOrgUnitsAssigned( OrganisationUnitSelectionMode orgUnitMode) { - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - Exception exception = - Assertions.assertThrows( - BadRequestException.class, () -> validateOrgUnitMode(orgUnitMode, program)); - - assertEquals( - "User needs to be assigned either search or data capture org units", - exception.getMessage()); - } + Exception exception = + Assertions.assertThrows( + BadRequestException.class, () -> validateOrgUnitMode(orgUnitMode, program, user)); + + assertEquals( + "User needs to be assigned either search or data capture org units", + exception.getMessage()); } @Test void shouldFailWhenOuModeAllAndNotSuperuser() { - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - Exception exception = - Assertions.assertThrows( - BadRequestException.class, () -> validateOrgUnitMode(ALL, program)); - - assertEquals( - "Current user is not authorized to query across all organisation units", - exception.getMessage()); - } + Exception exception = + Assertions.assertThrows( + BadRequestException.class, () -> validateOrgUnitMode(ALL, program, user)); + + assertEquals( + "User is not authorized to query across all organisation units", exception.getMessage()); } @Test @@ -167,7 +150,8 @@ void shouldThrowBadRequestExceptionWhenProgramDoesNotExist() { Exception exception = Assertions.assertThrows( - BadRequestException.class, () -> paramsValidator.validateTrackerProgram(PROGRAM_UID)); + BadRequestException.class, + () -> paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); assertEquals( String.format("Program is specified but does not exist: %s", PROGRAM_UID), @@ -177,102 +161,73 @@ void shouldThrowBadRequestExceptionWhenProgramDoesNotExist() { @Test void shouldReturnProgramWhenUserHasAccessToProgram() throws ForbiddenException, BadRequestException { - User user = new User(); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(aclService.canDataRead(UserDetails.fromUser(user), program)).thenReturn(true); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - assertEquals(program, paramsValidator.validateTrackerProgram(PROGRAM_UID)); - } + when(aclService.canDataRead(user, program)).thenReturn(true); + assertEquals(program, paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); } @Test void shouldThrowForbiddenExceptionWhenUserHasNoAccessToProgram() { - User user = new User(); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(aclService.canDataRead(UserDetails.fromUser(user), program)).thenReturn(false); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - Assertions.assertThrows( - ForbiddenException.class, () -> paramsValidator.validateTrackerProgram(PROGRAM_UID)); - - assertEquals( - String.format("User has no access to program: %s", program.getUid()), - exception.getMessage()); - } + when(aclService.canDataRead(user, program)).thenReturn(false); + + Exception exception = + Assertions.assertThrows( + ForbiddenException.class, + () -> paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); + + assertEquals( + String.format("User has no access to program: %s", program.getUid()), + exception.getMessage()); } @Test void shouldReturnProgramWhenUserHasAccessToProgramTrackedEntityType() throws ForbiddenException, BadRequestException { - User user = new User(); TrackedEntityType trackedEntityType = new TrackedEntityType("trackedEntityType", ""); program.setTrackedEntityType(trackedEntityType); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(aclService.canDataRead(UserDetails.fromUser(user), program)).thenReturn(true); - when(aclService.canDataRead(UserDetails.fromUser(user), program.getTrackedEntityType())) - .thenReturn(true); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - assertEquals(program, paramsValidator.validateTrackerProgram(PROGRAM_UID)); - } + when(aclService.canDataRead(user, program)).thenReturn(true); + when(aclService.canDataRead(user, program.getTrackedEntityType())).thenReturn(true); + + assertEquals(program, paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); } @Test void shouldThrowForbiddenExceptionWhenUserHasNoAccessToProgramTrackedEntityType() { - User user = new User(); + TrackedEntityType trackedEntityType = new TrackedEntityType("trackedEntityType", ""); program.setTrackedEntityType(trackedEntityType); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(aclService.canDataRead(UserDetails.fromUser(user), program)).thenReturn(true); - when(aclService.canDataRead(UserDetails.fromUser(user), program.getTrackedEntityType())) - .thenReturn(false); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - Assertions.assertThrows( - ForbiddenException.class, () -> paramsValidator.validateTrackerProgram(PROGRAM_UID)); - - assertEquals( - String.format( - "Current user is not authorized to read data from selected program's tracked entity type: %s", - trackedEntityType.getUid()), - exception.getMessage()); - } + when(aclService.canDataRead(user, program)).thenReturn(true); + when(aclService.canDataRead(user, program.getTrackedEntityType())).thenReturn(false); + + Exception exception = + Assertions.assertThrows( + ForbiddenException.class, + () -> paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); + + assertEquals( + String.format( + "User is not authorized to read data from selected program's tracked entity type: %s", + trackedEntityType.getUid()), + exception.getMessage()); } @Test void shouldThrowBadRequestExceptionWhenRequestingTrackedEntitiesAndProgramIsNotATrackerProgram() { - User user = new User(); program.setProgramType(WITHOUT_REGISTRATION); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(aclService.canDataRead(UserDetails.fromUser(user), program)).thenReturn(true); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - Assertions.assertThrows( - BadRequestException.class, () -> paramsValidator.validateTrackerProgram(PROGRAM_UID)); - - assertEquals( - String.format("Program specified is not a tracker program: %s", PROGRAM_UID), - exception.getMessage()); - } + when(aclService.canDataRead(user, program)).thenReturn(true); + + Exception exception = + Assertions.assertThrows( + BadRequestException.class, + () -> paramsValidator.validateTrackerProgram(PROGRAM_UID, user)); + + assertEquals( + String.format("Program specified is not a tracker program: %s", PROGRAM_UID), + exception.getMessage()); } @Test @@ -280,8 +235,7 @@ void shouldReturnTrackedEntityWhenTrackedEntityUidExists() throws ForbiddenException, BadRequestException { when(manager.get(TrackedEntity.class, TRACKED_ENTITY_UID)).thenReturn(trackedEntity); - assertEquals( - trackedEntity, paramsValidator.validateTrackedEntity(TRACKED_ENTITY_UID, new User())); + assertEquals(trackedEntity, paramsValidator.validateTrackedEntity(TRACKED_ENTITY_UID, user)); } @Test @@ -291,7 +245,7 @@ void shouldThrowBadRequestExceptionWhenTrackedEntityDoesNotExist() { Exception exception = Assertions.assertThrows( BadRequestException.class, - () -> paramsValidator.validateTrackedEntity(TRACKED_ENTITY_UID, new User())); + () -> paramsValidator.validateTrackedEntity(TRACKED_ENTITY_UID, user)); assertEquals( String.format("Tracked entity is specified but does not exist: %s", TRACKED_ENTITY_UID), @@ -301,7 +255,7 @@ void shouldThrowBadRequestExceptionWhenTrackedEntityDoesNotExist() { @Test void shouldReturnTrackedEntityWhenUserHasAccessToTrackedEntity() throws ForbiddenException, BadRequestException { - User user = new User(); + TrackedEntityType trackedEntityType = new TrackedEntityType("trackedEntityType", ""); trackedEntity.setTrackedEntityType(trackedEntityType); when(manager.get(TrackedEntity.class, TRACKED_ENTITY_UID)).thenReturn(trackedEntity); @@ -312,7 +266,7 @@ void shouldReturnTrackedEntityWhenUserHasAccessToTrackedEntity() @Test void shouldThrowForbiddenExceptionWhenUserHasNoAccessToTrackedEntity() { - User user = new User(); + TrackedEntityType trackedEntityType = new TrackedEntityType("trackedEntityType", ""); trackedEntity.setTrackedEntityType(trackedEntityType); when(manager.get(TrackedEntity.class, TRACKED_ENTITY_UID)).thenReturn(trackedEntity); @@ -325,7 +279,7 @@ void shouldThrowForbiddenExceptionWhenUserHasNoAccessToTrackedEntity() { assertEquals( String.format( - "Current user is not authorized to read data from type of selected tracked entity: %s", + "User is not authorized to read data from type of selected tracked entity: %s", trackedEntity.getUid()), exception.getMessage()); } @@ -337,7 +291,7 @@ void shouldThrowBadRequestExceptionWhenTrackedEntityTypeDoesNotExist() { Exception exception = Assertions.assertThrows( BadRequestException.class, - () -> paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID)); + () -> paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID, user)); assertEquals( String.format( @@ -348,42 +302,32 @@ void shouldThrowBadRequestExceptionWhenTrackedEntityTypeDoesNotExist() { @Test void shouldReturnTrackedEntityTypeWhenUserHasAccessToTrackedEntityType() throws ForbiddenException, BadRequestException { - User user = new User(); + when(trackedEntityTypeService.getTrackedEntityType(TRACKED_ENTITY_TYPE_UID)) .thenReturn(trackedEntityType); - when(aclService.canDataRead(UserDetails.fromUser(user), trackedEntityType)).thenReturn(true); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - assertEquals( - trackedEntityType, paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID)); - } + when(aclService.canDataRead(user, trackedEntityType)).thenReturn(true); + + assertEquals( + trackedEntityType, + paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID, user)); } @Test void shouldThrowForbiddenExceptionWhenUserHasNoAccessToTrackedEntityType() { - User user = new User(); when(trackedEntityTypeService.getTrackedEntityType(TRACKED_ENTITY_TYPE_UID)) .thenReturn(trackedEntityType); - when(aclService.canDataRead(UserDetails.fromUser(user), trackedEntityType)).thenReturn(false); - - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - Assertions.assertThrows( - ForbiddenException.class, - () -> paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID)); - - assertEquals( - String.format( - "Current user is not authorized to read data from selected tracked entity type: %s", - trackedEntityType.getUid()), - exception.getMessage()); - } + when(aclService.canDataRead(user, trackedEntityType)).thenReturn(false); + + Exception exception = + Assertions.assertThrows( + ForbiddenException.class, + () -> paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID, user)); + + assertEquals( + String.format( + "User is not authorized to read data from selected tracked entity type: %s", + trackedEntityType.getUid()), + exception.getMessage()); } @Test @@ -393,7 +337,7 @@ void shouldThrowBadRequestExceptionWhenOrgUnitDoesNotExist() { Exception exception = Assertions.assertThrows( BadRequestException.class, - () -> paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID))); + () -> paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID), user)); assertEquals( String.format("Organisation unit does not exist: %s", ORG_UNIT_UID), @@ -403,55 +347,44 @@ void shouldThrowBadRequestExceptionWhenOrgUnitDoesNotExist() { @Test void shouldReturnOrgUnitWhenUserHasAccessToOrgUnit() throws ForbiddenException, BadRequestException { - User user = new User(); - user.setOrganisationUnits(Set.of(orgUnit)); + User userWithOrgUnits = new User(); + userWithOrgUnits.setOrganisationUnits(Set.of(orgUnit)); when(organisationUnitService.getOrganisationUnit(ORG_UNIT_UID)).thenReturn(orgUnit); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - assertEquals(Set.of(orgUnit), paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID))); - } + assertEquals( + Set.of(orgUnit), + paramsValidator.validateOrgUnits( + Set.of(ORG_UNIT_UID), UserDetails.fromUser(userWithOrgUnits))); } @Test void shouldThrowForbiddenExceptionWhenUserHasNoAccessToOrgUnit() { - User user = new User(); when(organisationUnitService.getOrganisationUnit(ORG_UNIT_UID)).thenReturn(orgUnit); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - Assertions.assertThrows( - ForbiddenException.class, - () -> paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID))); - - assertEquals( - String.format("Organisation unit is not part of the search scope: %s", orgUnit.getUid()), - exception.getMessage()); - } + Exception exception = + Assertions.assertThrows( + ForbiddenException.class, + () -> paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID), user)); + + assertEquals( + String.format("Organisation unit is not part of the search scope: %s", orgUnit.getUid()), + exception.getMessage()); } @Test void shouldReturnOrgUnitsWhenUserIsSuperButHasNoAccessToOrgUnit() throws ForbiddenException, BadRequestException { - User user = new User(); + + User userWithRoles = new User(); UserRole userRole = new UserRole(); userRole.setAuthorities(Sets.newHashSet("ALL")); - user.setUserRoles(Set.of(userRole)); + userWithRoles.setUserRoles(Set.of(userRole)); when(organisationUnitService.getOrganisationUnit(ORG_UNIT_UID)).thenReturn(orgUnit); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Set orgUnits = paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID)); + Set orgUnits = + paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_UID), UserDetails.fromUser(userWithRoles)); - assertEquals(Set.of(orgUnit), orgUnits); - } + assertEquals(Set.of(orgUnit), orgUnits); } private OrganisationUnit createOrgUnit(String name, String uid) { diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapperTest.java b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapperTest.java index 995bd8fc13b5..34d35afa6e93 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapperTest.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentOperationParamsMapperTest.java @@ -31,16 +31,15 @@ import static org.hisp.dhis.common.OrganisationUnitSelectionMode.CAPTURE; import static org.hisp.dhis.common.OrganisationUnitSelectionMode.CHILDREN; import static org.hisp.dhis.common.OrganisationUnitSelectionMode.DESCENDANTS; -import static org.hisp.dhis.test.TestBase.injectSecurityContext; import static org.hisp.dhis.test.utils.Assertions.assertIsEmpty; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.verifyNoInteractions; import static org.mockito.Mockito.when; import java.util.List; import java.util.Set; +import java.util.stream.Collectors; +import org.hisp.dhis.common.BaseIdentifiableObject; import org.hisp.dhis.common.SortDirection; import org.hisp.dhis.feedback.BadRequestException; import org.hisp.dhis.feedback.ForbiddenException; @@ -98,14 +97,12 @@ class EnrollmentOperationParamsMapperTest { private OrganisationUnit orgUnit2; - private User user; + private UserDetails user; @BeforeEach void setUp() throws ForbiddenException, BadRequestException { - user = new User(); - user.setUsername("admin"); - - when(userService.getUserByUsername(anyString())).thenReturn(user); + User testUser = new User(); + testUser.setUsername("admin"); orgUnit1 = new OrganisationUnit("orgUnit1"); orgUnit1.setUid(ORG_UNIT_1_UID); @@ -115,9 +112,18 @@ void setUp() throws ForbiddenException, BadRequestException { orgUnit2.setParent(orgUnit1); orgUnit1.setChildren(Set.of(orgUnit2)); when(organisationUnitService.getOrganisationUnit(orgUnit2.getUid())).thenReturn(orgUnit2); + when(organisationUnitService.getOrganisationUnitsByUid( + Set.of(orgUnit2.getUid(), orgUnit1.getUid()))) + .thenReturn(List.of(orgUnit1, orgUnit2)); + when(organisationUnitService.getOrganisationUnitsByUid(Set.of(orgUnit2.getUid()))) + .thenReturn(List.of(orgUnit2)); + when(organisationUnitService.getOrganisationUnitsByUid(Set.of(orgUnit1.getUid()))) + .thenReturn(List.of(orgUnit1)); + when(organisationUnitService.getOrganisationUnit(orgUnit2.getUid())).thenReturn(orgUnit2); - user.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); - user.setOrganisationUnits(Set.of(orgUnit2)); + testUser.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); + testUser.setOrganisationUnits(Set.of(orgUnit2)); + user = UserDetails.fromUser(testUser); TrackedEntityType trackedEntityType = new TrackedEntityType(); trackedEntityType.setUid(TRACKED_ENTITY_TYPE_UID); @@ -133,13 +139,12 @@ void setUp() throws ForbiddenException, BadRequestException { trackedEntity.setUid(TRACKED_ENTITY_UID); trackedEntity.setTrackedEntityType(trackedEntityType); - when(paramsValidator.validateTrackerProgram(PROGRAM_UID)).thenReturn(program); - when(paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID)) + when(paramsValidator.validateTrackerProgram(PROGRAM_UID, user)).thenReturn(program); + when(paramsValidator.validateTrackedEntityType(TRACKED_ENTITY_TYPE_UID, user)) .thenReturn(trackedEntityType); when(paramsValidator.validateTrackedEntity(TRACKED_ENTITY_UID, user)).thenReturn(trackedEntity); - when(paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_1_UID, ORG_UNIT_2_UID))) + when(paramsValidator.validateOrgUnits(Set.of(ORG_UNIT_1_UID, ORG_UNIT_2_UID), user)) .thenReturn(Set.of(orgUnit1, orgUnit2)); - injectSecurityContext(UserDetails.fromUser(user)); } @Test @@ -148,10 +153,9 @@ void shouldMapWithoutFetchingNullParamsWhenParamsAreNotSpecified() EnrollmentOperationParams operationParams = EnrollmentOperationParams.builder().orgUnitMode(ACCESSIBLE).build(); - mapper.map(operationParams); + mapper.map(operationParams, user); verifyNoInteractions(programService); - verifyNoInteractions(organisationUnitService); verifyNoInteractions(trackedEntityTypeService); verifyNoInteractions(trackedEntityService); } @@ -165,7 +169,7 @@ void shouldMapOrderInGivenOrder() throws BadRequestException, ForbiddenException .orgUnitMode(ACCESSIBLE) .build(); - EnrollmentQueryParams params = mapper.map(operationParams); + EnrollmentQueryParams params = mapper.map(operationParams, user); assertEquals( List.of( @@ -180,7 +184,7 @@ void shouldMapNullOrderingParamsWhenNoOrderingParamsAreSpecified() EnrollmentOperationParams operationParams = EnrollmentOperationParams.builder().orgUnitMode(ACCESSIBLE).build(); - EnrollmentQueryParams params = mapper.map(operationParams); + EnrollmentQueryParams params = mapper.map(operationParams, user); assertIsEmpty(params.getOrder()); } @@ -188,40 +192,38 @@ void shouldMapNullOrderingParamsWhenNoOrderingParamsAreSpecified() @Test void shouldMapDescendantsOrgUnitModeWhenAccessibleProvided() throws ForbiddenException, BadRequestException { - when(userService.getUserByUsername(any())).thenReturn(user); - EnrollmentOperationParams operationParams = EnrollmentOperationParams.builder().orgUnitMode(ACCESSIBLE).build(); - EnrollmentQueryParams params = mapper.map(operationParams); + EnrollmentQueryParams params = mapper.map(operationParams, user); assertEquals(DESCENDANTS, params.getOrganisationUnitMode()); - assertEquals(user.getEffectiveSearchOrganisationUnits(), params.getOrganisationUnits()); + assertEquals( + user.getUserEffectiveSearchOrgUnitIds(), + params.getOrganisationUnits().stream() + .map(BaseIdentifiableObject::getUid) + .collect(Collectors.toSet())); } @Test void shouldMapDescendantsOrgUnitModeWhenCaptureProvided() throws ForbiddenException, BadRequestException { - when(userService.getUserByUsername(any())).thenReturn(user); - EnrollmentOperationParams operationParams = EnrollmentOperationParams.builder().orgUnitMode(CAPTURE).build(); - EnrollmentQueryParams params = mapper.map(operationParams); + EnrollmentQueryParams params = mapper.map(operationParams, user); assertEquals(DESCENDANTS, params.getOrganisationUnitMode()); - assertEquals(user.getOrganisationUnits(), params.getOrganisationUnits()); + assertEquals( + user.getUserOrgUnitIds(), + params.getOrganisationUnits().stream() + .map(BaseIdentifiableObject::getUid) + .collect(Collectors.toSet())); } @Test void shouldMapChildrenOrgUnitModeWhenChildrenProvided() throws ForbiddenException, BadRequestException { - when(organisationUnitService.isInUserHierarchy( - orgUnit1.getUid(), user.getEffectiveSearchOrganisationUnits())) - .thenReturn(true); - when(organisationUnitService.isInUserHierarchy( - orgUnit2.getUid(), user.getEffectiveSearchOrganisationUnits())) - .thenReturn(true); EnrollmentOperationParams operationParams = EnrollmentOperationParams.builder() @@ -229,7 +231,7 @@ void shouldMapChildrenOrgUnitModeWhenChildrenProvided() .orgUnitMode(CHILDREN) .build(); - EnrollmentQueryParams params = mapper.map(operationParams); + EnrollmentQueryParams params = mapper.map(operationParams, user); assertEquals(CHILDREN, params.getOrganisationUnitMode()); } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapperTest.java b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapperTest.java index b8012ac01aa1..ec04c4f54f5f 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapperTest.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/event/EventOperationParamsMapperTest.java @@ -36,7 +36,6 @@ import static org.hisp.dhis.common.OrganisationUnitSelectionMode.DESCENDANTS; import static org.hisp.dhis.common.OrganisationUnitSelectionMode.SELECTED; import static org.hisp.dhis.security.Authorities.F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS; -import static org.hisp.dhis.test.TestBase.injectSecurityContext; import static org.hisp.dhis.test.utils.Assertions.assertContains; import static org.hisp.dhis.test.utils.Assertions.assertContainsOnly; import static org.hisp.dhis.test.utils.Assertions.assertStartsWith; @@ -48,7 +47,6 @@ import static org.junit.jupiter.api.Assertions.assertTrue; import static org.junit.jupiter.params.provider.Arguments.arguments; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.ArgumentMatchers.anyString; import static org.mockito.Mockito.when; import java.util.HashMap; @@ -124,7 +122,7 @@ class EventOperationParamsMapperTest { @InjectMocks private EventOperationParamsMapper mapper; - private User user; + private UserDetails user; private final Map userMap = new HashMap<>(); @@ -140,12 +138,10 @@ public void setUp() { createOrgUnit("captureScopeChild", "captureScopeChildUid"), createOrgUnit("searchScopeChild", "searchScopeChildUid"))); - user = new User(); - user.setUsername("test"); - user.setOrganisationUnits(Set.of(orgUnit)); - - injectSecurityContext(UserDetails.fromUser(user)); - when(userService.getUserByUsername(anyString())).thenReturn(user); + User testUser = new User(); + testUser.setUsername("test"); + testUser.setOrganisationUnits(Set.of(orgUnit)); + user = UserDetails.fromUser(testUser); // By default, set to ACCESSIBLE for tests that don't set an orgUnit. The orgUnitMode needs to // be @@ -167,7 +163,7 @@ void shouldFailWithForbiddenExceptionWhenUserHasNoAccessToProgramStage() { when(programStageService.getProgramStage("PlZSBEN7iZd")).thenReturn(programStage); Exception exception = - assertThrows(ForbiddenException.class, () -> mapper.map(eventOperationParams)); + assertThrows(ForbiddenException.class, () -> mapper.map(eventOperationParams, user)); assertEquals( "User has no access to program stage: " + programStage.getUid(), exception.getMessage()); } @@ -178,7 +174,7 @@ void shouldFailWithBadRequestExceptionWhenMappingWithUnknownProgramStage() { EventOperationParams.builder().programStageUid("NeU85luyD4w").build(); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(eventOperationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(eventOperationParams, user)); assertEquals( "Program stage is specified but does not exist: NeU85luyD4w", exception.getMessage()); } @@ -196,10 +192,11 @@ void shouldFailWithBadRequestExceptionWhenMappingWithUnknownProgramStage() { when(categoryOptionComboService.getAttributeOptionCombo( "NeU85luyD4w", Set.of("tqrzUqNMHib", "bT6OSf4qnnk"), true)) .thenReturn(combo); - when(aclService.canDataRead(any(User.class), any(CategoryOptionCombo.class))).thenReturn(false); + when(aclService.canDataRead(any(UserDetails.class), any(CategoryOptionCombo.class))) + .thenReturn(false); Exception exception = - assertThrows(ForbiddenException.class, () -> mapper.map(eventOperationParams)); + assertThrows(ForbiddenException.class, () -> mapper.map(eventOperationParams, user)); assertEquals( "User has no access to attribute category option combo: " + combo.getUid(), @@ -219,9 +216,10 @@ void shouldMapGivenAttributeCategoryOptionsWhenUserHasAccessToCategoryCombo() when(categoryOptionComboService.getAttributeOptionCombo( "NeU85luyD4w", Set.of("tqrzUqNMHib", "bT6OSf4qnnk"), true)) .thenReturn(combo); - when(aclService.canDataRead(any(User.class), any(CategoryOptionCombo.class))).thenReturn(true); + when(aclService.canDataRead(any(UserDetails.class), any(CategoryOptionCombo.class))) + .thenReturn(true); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, user); assertEquals(combo, queryParams.getCategoryOptionCombo()); } @@ -234,7 +232,7 @@ void testMappingAssignedUser() throws BadRequestException, ForbiddenException { .assignedUserMode(AssignedUserSelectionMode.PROVIDED) .build(); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, user); assertContainsOnly( Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), @@ -262,7 +260,7 @@ void shouldMapAttributeFilters() throws BadRequestException, ForbiddenException List.of(new QueryFilter(QueryOperator.LIKE, "foo")))) .build(); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, user); Map> attributes = queryParams.getAttributes(); assertNotNull(attributes); @@ -284,7 +282,7 @@ void shouldFailWhenAttributeInGivenAttributeFilterDoesNotExist() { when(trackedEntityAttributeService.getTrackedEntityAttribute(filterName)).thenReturn(null); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertContains( "Tracked entity attribute '" + filterName + "' does not exist", exception.getMessage()); @@ -310,7 +308,7 @@ void shouldMapOrderInGivenOrder() throws BadRequestException, ForbiddenException .orderBy("scheduledDate", SortDirection.ASC) .build(); - EventQueryParams params = mapper.map(operationParams); + EventQueryParams params = mapper.map(operationParams, user); assertEquals( List.of( @@ -336,7 +334,7 @@ void shouldFailToMapOrderIfUIDIsNeitherDataElementNorAttribute() { eventBuilder.orderBy(UID.of(TEA_1_UID), SortDirection.ASC).build(); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertStartsWith("Cannot order by '" + TEA_1_UID, exception.getMessage()); } @@ -351,7 +349,7 @@ void shouldFailToMapGivenInvalidOrderNameWhichIsAValidUID() { eventBuilder.orderBy(UID.of("lastUpdated"), SortDirection.ASC).build(); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertStartsWith("Cannot order by 'lastUpdated'", exception.getMessage()); } @@ -374,7 +372,7 @@ void shouldMapDataElementFilters() throws BadRequestException, ForbiddenExceptio List.of(new QueryFilter(QueryOperator.LIKE, "foo")))) .build(); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, user); Map> dataElements = queryParams.getDataElements(); assertNotNull(dataElements); @@ -396,7 +394,7 @@ void shouldFailWhenDataElementInGivenDataElementFilterDoesNotExist() { when(dataElementService.getDataElement(filterName)).thenReturn(null); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertContains("Data element '" + filterName + "' does not exist", exception.getMessage()); } @@ -434,14 +432,8 @@ void shouldMapOrgUnitWhenProgramProvidedAndRequestedOrgUnitInSearchScope( user.setOrganisationUnits(Set.of(createOrgUnit("captureScopeOrgUnit", "uid"))); user.setTeiSearchOrganisationUnits(Set.of(searchScopeOrgUnit)); - injectSecurityContext(UserDetails.fromUser(user)); - when(userService.getUserByUsername(anyString())).thenReturn(user); - when(organisationUnitService.getOrganisationUnit(searchScopeChildOrgUnit.getUid())) .thenReturn(searchScopeChildOrgUnit); - when(organisationUnitService.isInUserHierarchy( - searchScopeChildOrgUnit.getUid(), user.getEffectiveSearchOrganisationUnits())) - .thenReturn(true); EventOperationParams operationParams = eventBuilder @@ -450,7 +442,7 @@ void shouldMapOrgUnitWhenProgramProvidedAndRequestedOrgUnitInSearchScope( .orgUnitMode(orgUnitMode) .build(); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, UserDetails.fromUser(user)); assertEquals(searchScopeChildOrgUnit, queryParams.getOrgUnit()); } @@ -473,14 +465,8 @@ void shouldMapOrgUnitWhenModeAllProgramProvidedAndRequestedOrgUnitInSearchScope( userRole.setAuthorities(Set.of(F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS.name())); user.setUserRoles(Set.of(userRole)); - injectSecurityContext(UserDetails.fromUser(user)); - when(userService.getUserByUsername(anyString())).thenReturn(user); - when(organisationUnitService.getOrganisationUnit(searchScopeChildOrgUnit.getUid())) .thenReturn(searchScopeChildOrgUnit); - when(organisationUnitService.isInUserHierarchy( - searchScopeChildOrgUnit.getUid(), user.getEffectiveSearchOrganisationUnits())) - .thenReturn(true); EventOperationParams operationParams = eventBuilder @@ -489,7 +475,7 @@ void shouldMapOrgUnitWhenModeAllProgramProvidedAndRequestedOrgUnitInSearchScope( .orgUnitMode(ALL) .build(); - EventQueryParams queryParams = mapper.map(operationParams); + EventQueryParams queryParams = mapper.map(operationParams, UserDetails.fromUser(user)); assertEquals(searchScopeChildOrgUnit, queryParams.getOrgUnit()); } @@ -507,7 +493,9 @@ void shouldFailWhenRequestedOrgUnitOutsideOfSearchScope( .build(); ForbiddenException exception = - assertThrows(ForbiddenException.class, () -> mapper.map(operationParams)); + assertThrows( + ForbiddenException.class, + () -> mapper.map(operationParams, UserDetails.fromUser(new User()))); assertEquals( "Organisation unit is not part of your search scope: " + orgUnit.getUid(), exception.getMessage()); @@ -517,16 +505,12 @@ void shouldFailWhenRequestedOrgUnitOutsideOfSearchScope( @ValueSource(strings = {"admin", "superuser"}) void shouldMapOrgUnitAndModeWhenModeAllAndUserIsAuthorized(String userName) throws ForbiddenException, BadRequestException { - User mappedUser = userMap.get(userName); mappedUser.setUsername(userName); - injectSecurityContext(UserDetails.fromUser(mappedUser)); - when(userService.getUserByUsername(anyString())).thenReturn(mappedUser); - EventOperationParams operationParams = eventBuilder.orgUnitMode(ALL).build(); - EventQueryParams params = mapper.map(operationParams); + EventQueryParams params = mapper.map(operationParams, UserDetails.fromUser(mappedUser)); assertNull(params.getOrgUnit()); assertEquals(ALL, params.getOrgUnitMode()); } @@ -537,12 +521,9 @@ void shouldIncludeRelationshipsWhenFieldPathIncludeRelationships() User mappedUser = userMap.get("admin"); mappedUser.setUsername("admin"); - injectSecurityContext(UserDetails.fromUser(mappedUser)); - when(userService.getUserByUsername(anyString())).thenReturn(mappedUser); - EventOperationParams operationParams = eventBuilder.orgUnitMode(ALL).eventParams(EventParams.TRUE).build(); - EventQueryParams params = mapper.map(operationParams); + EventQueryParams params = mapper.map(operationParams, UserDetails.fromUser(mappedUser)); assertTrue(params.isIncludeRelationships()); } @@ -552,12 +533,9 @@ void shouldNotIncludeRelationshipsWhenFieldPathDoNotIncludeRelationships() User mappedUser = userMap.get("admin"); mappedUser.setUsername("admin"); - injectSecurityContext(UserDetails.fromUser(mappedUser)); - when(userService.getUserByUsername(anyString())).thenReturn(mappedUser); - EventOperationParams operationParams = eventBuilder.orgUnitMode(ALL).eventParams(EventParams.FALSE).build(); - EventQueryParams params = mapper.map(operationParams); + EventQueryParams params = mapper.map(operationParams, UserDetails.fromUser(mappedUser)); assertFalse(params.isIncludeRelationships()); } diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapperTest.java b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapperTest.java index 0b7ed64915c1..8fd771d67ede 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapperTest.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/relationship/RelationshipOperationParamsMapperTest.java @@ -33,7 +33,6 @@ import static org.hisp.dhis.tracker.TrackerType.TRACKED_ENTITY; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertInstanceOf; -import static org.junit.jupiter.api.Assertions.assertThrows; import static org.mockito.Mockito.when; import java.util.List; @@ -53,10 +52,7 @@ import org.hisp.dhis.tracker.export.Order; import org.hisp.dhis.tracker.export.enrollment.EnrollmentService; import org.hisp.dhis.tracker.export.event.EventService; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; -import org.hisp.dhis.user.User; -import org.hisp.dhis.user.UserDetails; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -89,8 +85,6 @@ class RelationshipOperationParamsMapperTest extends TestBase { private Event event; - private UserDetails user; - @BeforeEach public void setUp() { OrganisationUnit organisationUnit = createOrganisationUnit('A'); @@ -103,20 +97,12 @@ public void setUp() { enrollment.setUid(EN_UID); event = createEvent(programStage, enrollment, organisationUnit); event.setUid(EV_UID); - - User u = new User(); - u.setUsername("admin"); - - user = UserDetails.fromUser(u); - injectSecurityContext(user); } @Test void shouldMapTrackedEntityWhenATrackedEntityIsPassed() throws NotFoundException, ForbiddenException, BadRequestException { - when(trackedEntityService.getTrackedEntity(TE_UID, null, TrackedEntityParams.FALSE, false)) - .thenReturn(trackedEntity); - when(accessManager.canRead(user, trackedEntity)).thenReturn(List.of()); + when(trackedEntityService.getTrackedEntity(TE_UID)).thenReturn(trackedEntity); RelationshipOperationParams params = RelationshipOperationParams.builder().type(TRACKED_ENTITY).identifier(TE_UID).build(); @@ -126,29 +112,6 @@ void shouldMapTrackedEntityWhenATrackedEntityIsPassed() assertEquals(TE_UID, queryParams.getEntity().getUid()); } - @Test - void shouldThrowWhenTrackedEntityIsNotFound() - throws ForbiddenException, NotFoundException, BadRequestException { - when(trackedEntityService.getTrackedEntity(TE_UID, null, TrackedEntityParams.FALSE, false)) - .thenReturn(null); - RelationshipOperationParams params = - RelationshipOperationParams.builder().type(TRACKED_ENTITY).identifier(TE_UID).build(); - - assertThrows(NotFoundException.class, () -> mapper.map(params)); - } - - @Test - void shouldThrowWhenUserHasNoAccessToTrackedEntity() - throws ForbiddenException, NotFoundException, BadRequestException { - when(trackedEntityService.getTrackedEntity(TE_UID, null, TrackedEntityParams.FALSE, false)) - .thenReturn(trackedEntity); - when(accessManager.canRead(user, trackedEntity)).thenReturn(List.of("error")); - RelationshipOperationParams params = - RelationshipOperationParams.builder().type(TRACKED_ENTITY).identifier(TE_UID).build(); - - assertThrows(ForbiddenException.class, () -> mapper.map(params)); - } - @Test void shouldMapEnrollmentWhenAEnrollmentIsPassed() throws NotFoundException, ForbiddenException, BadRequestException { @@ -178,9 +141,7 @@ void shouldMapEventWhenAEventIsPassed() @Test void shouldMapOrderInGivenOrder() throws ForbiddenException, NotFoundException, BadRequestException { - when(trackedEntityService.getTrackedEntity(TE_UID, null, TrackedEntityParams.FALSE, false)) - .thenReturn(trackedEntity); - when(accessManager.canRead(user, trackedEntity)).thenReturn(List.of()); + when(trackedEntityService.getTrackedEntity(TE_UID)).thenReturn(trackedEntity); RelationshipOperationParams operationParams = RelationshipOperationParams.builder() @@ -197,9 +158,7 @@ void shouldMapOrderInGivenOrder() @Test void shouldMapNullOrderingParamsWhenNoOrderingParamsAreSpecified() throws ForbiddenException, NotFoundException, BadRequestException { - when(trackedEntityService.getTrackedEntity(TE_UID, null, TrackedEntityParams.FALSE, false)) - .thenReturn(trackedEntity); - when(accessManager.canRead(user, trackedEntity)).thenReturn(List.of()); + when(trackedEntityService.getTrackedEntity(TE_UID)).thenReturn(trackedEntity); RelationshipOperationParams operationParams = RelationshipOperationParams.builder().type(TRACKED_ENTITY).identifier(TE_UID).build(); diff --git a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapperTest.java b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapperTest.java index b9ae9100ada0..512762e675da 100644 --- a/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapperTest.java +++ b/dhis-2/dhis-services/dhis-service-tracker/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityOperationParamsMapperTest.java @@ -41,7 +41,6 @@ import static org.junit.jupiter.api.Assertions.assertThrows; import static org.junit.jupiter.api.Assertions.assertTrue; import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.mockStatic; import static org.mockito.Mockito.when; import java.util.Date; @@ -75,7 +74,6 @@ import org.hisp.dhis.trackedentity.TrackedEntityTypeService; import org.hisp.dhis.tracker.export.OperationsParamsValidator; import org.hisp.dhis.tracker.export.Order; -import org.hisp.dhis.user.CurrentUserUtil; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserDetails; import org.junit.jupiter.api.BeforeEach; @@ -84,7 +82,6 @@ import org.junit.jupiter.api.function.Executable; import org.mockito.InjectMocks; import org.mockito.Mock; -import org.mockito.MockedStatic; import org.mockito.junit.jupiter.MockitoExtension; import org.mockito.junit.jupiter.MockitoSettings; import org.mockito.quality.Strictness; @@ -122,7 +119,7 @@ class TrackedEntityOperationParamsMapperTest { @InjectMocks private TrackedEntityOperationParamsMapper mapper; - private User user; + private UserDetails user; private Program program; @@ -141,18 +138,17 @@ public void setUp() { orgUnit1.setUid(ORG_UNIT_1_UID); orgUnit2 = new OrganisationUnit("orgUnit2"); orgUnit2.setUid(ORG_UNIT_2_UID); - user = new User(); - user.setOrganisationUnits(Set.of(orgUnit1, orgUnit2)); - - // when(getCurrentUser()).thenReturn(user); + User testUser = new User(); + testUser.setOrganisationUnits(Set.of(orgUnit1, orgUnit2)); + user = UserDetails.fromUser(testUser); when(organisationUnitService.getOrganisationUnit(orgUnit1.getUid())).thenReturn(orgUnit1); when(organisationUnitService.isInUserHierarchy( - orgUnit1.getUid(), user.getEffectiveSearchOrganisationUnits())) + orgUnit1.getUid(), testUser.getEffectiveSearchOrganisationUnits())) .thenReturn(true); when(organisationUnitService.getOrganisationUnit(orgUnit2.getUid())).thenReturn(orgUnit2); when(organisationUnitService.isInUserHierarchy( - orgUnit2.getUid(), user.getEffectiveSearchOrganisationUnits())) + orgUnit2.getUid(), testUser.getEffectiveSearchOrganisationUnits())) .thenReturn(true); trackedEntityType = new TrackedEntityType(); @@ -185,59 +181,54 @@ public void setUp() { void testMapping() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(any(UserDetails.class), any(TrackedEntityType.class))) .thenReturn(true); - when(paramsValidator.validateTrackedEntityType(trackedEntityType.getUid())) + when(paramsValidator.validateTrackedEntityType(trackedEntityType.getUid(), user)) .thenReturn(trackedEntityType); when(trackedEntityTypeService.getAllTrackedEntityType()).thenReturn(List.of(trackedEntityType)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityOperationParams operationParams = - TrackedEntityOperationParams.builder() - .orgUnitMode(ACCESSIBLE) - .assignedUserQueryParam( - new AssignedUserQueryParam(AssignedUserSelectionMode.CURRENT, null)) - .orgUnitMode(OrganisationUnitSelectionMode.DESCENDANTS) - .enrollmentStatus(EnrollmentStatus.ACTIVE) - .followUp(true) - .lastUpdatedStartDate(getDate(2019, 1, 1)) - .lastUpdatedEndDate(getDate(2020, 1, 1)) - .lastUpdatedDuration("20") - .programEnrollmentStartDate(getDate(2019, 5, 5)) - .programEnrollmentEndDate(getDate(2020, 5, 5)) - .trackedEntityTypeUid(TRACKED_ENTITY_TYPE_UID) - .eventStatus(EventStatus.COMPLETED) - .eventStartDate(getDate(2019, 7, 7)) - .eventEndDate(getDate(2020, 7, 7)) - .includeDeleted(true) - .build(); - - final TrackedEntityQueryParams params = mapper.map(operationParams); - - assertThat(params.getTrackedEntityType(), is(trackedEntityType)); - assertThat(params.getEnrollmentStatus(), is(EnrollmentStatus.ACTIVE)); - assertThat(params.getFollowUp(), is(true)); - assertThat(params.getLastUpdatedStartDate(), is(operationParams.getLastUpdatedStartDate())); - assertThat(params.getLastUpdatedEndDate(), is(operationParams.getLastUpdatedEndDate())); - assertThat( - params.getProgramEnrollmentStartDate(), - is(operationParams.getProgramEnrollmentStartDate())); - assertThat( - params.getProgramEnrollmentEndDate(), is(operationParams.getProgramEnrollmentEndDate())); - assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); - assertThat(params.getEventStartDate(), is(operationParams.getEventStartDate())); - assertThat(params.getEventEndDate(), is(operationParams.getEventEndDate())); - assertThat( - params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); - assertThat(params.isIncludeDeleted(), is(true)); - } + TrackedEntityOperationParams operationParams = + TrackedEntityOperationParams.builder() + .orgUnitMode(ACCESSIBLE) + .assignedUserQueryParam( + new AssignedUserQueryParam(AssignedUserSelectionMode.CURRENT, null, user.getUid())) + .orgUnitMode(OrganisationUnitSelectionMode.DESCENDANTS) + .enrollmentStatus(EnrollmentStatus.ACTIVE) + .followUp(true) + .lastUpdatedStartDate(getDate(2019, 1, 1)) + .lastUpdatedEndDate(getDate(2020, 1, 1)) + .lastUpdatedDuration("20") + .programEnrollmentStartDate(getDate(2019, 5, 5)) + .programEnrollmentEndDate(getDate(2020, 5, 5)) + .trackedEntityTypeUid(TRACKED_ENTITY_TYPE_UID) + .eventStatus(EventStatus.COMPLETED) + .eventStartDate(getDate(2019, 7, 7)) + .eventEndDate(getDate(2020, 7, 7)) + .includeDeleted(true) + .build(); + + final TrackedEntityQueryParams params = mapper.map(operationParams, user); + + assertThat(params.getTrackedEntityType(), is(trackedEntityType)); + assertThat(params.getEnrollmentStatus(), is(EnrollmentStatus.ACTIVE)); + assertThat(params.getFollowUp(), is(true)); + assertThat(params.getLastUpdatedStartDate(), is(operationParams.getLastUpdatedStartDate())); + assertThat(params.getLastUpdatedEndDate(), is(operationParams.getLastUpdatedEndDate())); + assertThat( + params.getProgramEnrollmentStartDate(), + is(operationParams.getProgramEnrollmentStartDate())); + assertThat( + params.getProgramEnrollmentEndDate(), is(operationParams.getProgramEnrollmentEndDate())); + assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); + assertThat(params.getEventStartDate(), is(operationParams.getEventStartDate())); + assertThat(params.getEventEndDate(), is(operationParams.getEventEndDate())); + assertThat( + params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); + assertThat(params.isIncludeDeleted(), is(true)); } @Test void testMappingProgramEnrollmentStartDate() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); Date date = parseDate("2022-12-13"); TrackedEntityOperationParams operationParams = @@ -247,19 +238,14 @@ void testMappingProgramEnrollmentStartDate() throws BadRequestException, Forbidd .programUid(program.getUid()) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); - assertEquals(date, params.getProgramEnrollmentStartDate()); - } + TrackedEntityQueryParams params = mapper.map(operationParams, user); + assertEquals(date, params.getProgramEnrollmentStartDate()); } @Test void testMappingProgramEnrollmentEndDate() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); Date date = parseDate("2022-12-13"); TrackedEntityOperationParams operationParams = @@ -269,20 +255,15 @@ void testMappingProgramEnrollmentEndDate() throws BadRequestException, Forbidden .programUid(program.getUid()) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); + TrackedEntityQueryParams params = mapper.map(operationParams, user); - assertEquals(date, params.getProgramEnrollmentEndDate()); - } + assertEquals(date, params.getProgramEnrollmentEndDate()); } @Test void testFilter() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -296,54 +277,48 @@ void testFilter() throws BadRequestException, ForbiddenException { List.of(new QueryFilter(QueryOperator.LIKE, "foo")))) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); - - Map> items = params.getFilters(); - assertNotNull(items); - // mapping to UIDs as the error message by just relying on QueryItem - // equals() is not helpful - assertContainsOnly( - List.of(TEA_1_UID, TEA_2_UID), - items.keySet().stream().map(BaseIdentifiableObject::getUid).collect(Collectors.toList())); - - // QueryItem equals() does not take the QueryFilter into account so - // assertContainsOnly alone does not ensure operators and filter value - // are correct - // the following block is needed because of that - // assertion is order independent as the order of QueryItems is not - // guaranteed - Map expectedFilters = - Map.of( - TEA_1_UID, - new QueryFilter(QueryOperator.EQ, "2"), - TEA_2_UID, - new QueryFilter(QueryOperator.LIKE, "foo")); - assertAll( - items.entrySet().stream() - .map( - i -> - (Executable) - () -> { - String uid = i.getKey().getUid(); - QueryFilter expected = expectedFilters.get(uid); - assertEquals( - expected, - i.getValue().get(0), - () -> - String.format("QueryFilter mismatch for TEA with UID %s", uid)); - }) - .collect(Collectors.toList())); - } + TrackedEntityQueryParams params = mapper.map(operationParams, user); + + Map> items = params.getFilters(); + assertNotNull(items); + // mapping to UIDs as the error message by just relying on QueryItem + // equals() is not helpful + assertContainsOnly( + List.of(TEA_1_UID, TEA_2_UID), + items.keySet().stream().map(BaseIdentifiableObject::getUid).collect(Collectors.toList())); + + // QueryItem equals() does not take the QueryFilter into account so + // assertContainsOnly alone does not ensure operators and filter value + // are correct + // the following block is needed because of that + // assertion is order independent as the order of QueryItems is not + // guaranteed + Map expectedFilters = + Map.of( + TEA_1_UID, + new QueryFilter(QueryOperator.EQ, "2"), + TEA_2_UID, + new QueryFilter(QueryOperator.LIKE, "foo")); + assertAll( + items.entrySet().stream() + .map( + i -> + (Executable) + () -> { + String uid = i.getKey().getUid(); + QueryFilter expected = expectedFilters.get(uid); + assertEquals( + expected, + i.getValue().get(0), + () -> String.format("QueryFilter mismatch for TEA with UID %s", uid)); + }) + .collect(Collectors.toList())); } @Test void testFilterWhenTEAHasMultipleFilters() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -357,33 +332,28 @@ void testFilterWhenTEAHasMultipleFilters() throws BadRequestException, Forbidden new QueryFilter(QueryOperator.LT, "20")))) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); - - Map> items = params.getFilters(); - assertNotNull(items); - // mapping to UIDs as the error message by just relying on QueryItem - // equals() is not helpful - assertContainsOnly( - List.of(TEA_1_UID), - items.keySet().stream().map(BaseIdentifiableObject::getUid).collect(Collectors.toList())); - - // QueryItem equals() does not take the QueryFilter into account so - // assertContainsOnly alone does not ensure operators and filter value - // are correct - assertContainsOnly( - Set.of(new QueryFilter(QueryOperator.GT, "10"), new QueryFilter(QueryOperator.LT, "20")), - items.values().stream().findAny().get()); - } + TrackedEntityQueryParams params = mapper.map(operationParams, user); + + Map> items = params.getFilters(); + assertNotNull(items); + // mapping to UIDs as the error message by just relying on QueryItem + // equals() is not helpful + assertContainsOnly( + List.of(TEA_1_UID), + items.keySet().stream().map(BaseIdentifiableObject::getUid).collect(Collectors.toList())); + + // QueryItem equals() does not take the QueryFilter into account so + // assertContainsOnly alone does not ensure operators and filter value + // are correct + assertContainsOnly( + Set.of(new QueryFilter(QueryOperator.GT, "10"), new QueryFilter(QueryOperator.LT, "20")), + items.values().stream().findAny().get()); } @Test void testMappingProgram() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -391,20 +361,15 @@ void testMappingProgram() throws BadRequestException, ForbiddenException { .programUid(PROGRAM_UID) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); + TrackedEntityQueryParams params = mapper.map(operationParams, user); - assertEquals(program, params.getProgram()); - } + assertEquals(program, params.getProgram()); } @Test void testMappingProgramStage() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -413,14 +378,9 @@ void testMappingProgramStage() throws BadRequestException, ForbiddenException { .programStageUid(PROGRAM_STAGE_UID) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); + TrackedEntityQueryParams params = mapper.map(operationParams, user); - assertEquals(programStage, params.getProgramStage()); - } + assertEquals(programStage, params.getProgramStage()); } @Test @@ -429,7 +389,7 @@ void testMappingProgramStageGivenWithoutProgram() { TrackedEntityOperationParams.builder().programStageUid(PROGRAM_STAGE_UID).build(); BadRequestException e = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertEquals( "Program does not contain the specified programStage: " + PROGRAM_STAGE_UID, e.getMessage()); @@ -441,7 +401,7 @@ void testMappingProgramStageNotFound() { TrackedEntityOperationParams.builder().programStageUid("NeU85luyD4w").build(); BadRequestException e = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); assertEquals( "Program does not contain the specified programStage: NeU85luyD4w", e.getMessage()); } @@ -449,7 +409,7 @@ void testMappingProgramStageNotFound() { @Test void testMappingAssignedUsers() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -457,27 +417,23 @@ void testMappingAssignedUsers() throws BadRequestException, ForbiddenException { .programUid(program.getUid()) .assignedUserQueryParam( new AssignedUserQueryParam( - AssignedUserSelectionMode.PROVIDED, Set.of("IsdLBTOBzMi", "l5ab8q5skbB"))) + AssignedUserSelectionMode.PROVIDED, + Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), + user.getUid())) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); - - assertContainsOnly( - Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), - params.getAssignedUserQueryParam().getAssignedUsers()); - assertEquals( - AssignedUserSelectionMode.PROVIDED, params.getAssignedUserQueryParam().getMode()); - } + TrackedEntityQueryParams params = mapper.map(operationParams, user); + + assertContainsOnly( + Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), + params.getAssignedUserQueryParam().getAssignedUsers()); + assertEquals(AssignedUserSelectionMode.PROVIDED, params.getAssignedUserQueryParam().getMode()); } @Test void shouldMapOrderInGivenOrder() throws BadRequestException, ForbiddenException { when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityAttribute tea1 = new TrackedEntityAttribute(); tea1.setUid(TEA_1_UID); @@ -492,19 +448,14 @@ void shouldMapOrderInGivenOrder() throws BadRequestException, ForbiddenException .orderBy("createdAtClient", SortDirection.DESC) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - TrackedEntityQueryParams params = mapper.map(operationParams); - - assertEquals( - List.of( - new Order("created", SortDirection.ASC), - new Order(tea1, SortDirection.ASC), - new Order("createdAtClient", SortDirection.DESC)), - params.getOrder()); - } + TrackedEntityQueryParams params = mapper.map(operationParams, user); + + assertEquals( + List.of( + new Order("created", SortDirection.ASC), + new Order(tea1, SortDirection.ASC), + new Order("createdAtClient", SortDirection.DESC)), + params.getOrder()); } @Test @@ -513,7 +464,7 @@ void shouldFailToMapOrderIfUIDIsNotAnAttribute() throws ForbiddenException, BadR tea1.setUid(TEA_1_UID); when(attributeService.getTrackedEntityAttribute(TEA_1_UID)).thenReturn(null); when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -522,14 +473,9 @@ void shouldFailToMapOrderIfUIDIsNotAnAttribute() throws ForbiddenException, BadR .orderBy(UID.of(TEA_1_UID), SortDirection.ASC) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); - assertStartsWith("Cannot order by '" + TEA_1_UID, exception.getMessage()); - } + Exception exception = + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); + assertStartsWith("Cannot order by '" + TEA_1_UID, exception.getMessage()); } @Test @@ -540,7 +486,7 @@ void shouldFailToMapGivenInvalidOrderNameWhichIsAValidUID() // invalid field names and UIDs. Such invalid order values will be caught in this mapper. assertTrue(CodeGenerator.isValidUid("lastUpdated")); when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), user)).thenReturn(program); TrackedEntityOperationParams operationParams = TrackedEntityOperationParams.builder() @@ -549,24 +495,22 @@ void shouldFailToMapGivenInvalidOrderNameWhichIsAValidUID() .programUid(program.getUid()) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); - assertStartsWith("Cannot order by 'lastUpdated'", exception.getMessage()); - } + Exception exception = + assertThrows(BadRequestException.class, () -> mapper.map(operationParams, user)); + assertStartsWith("Cannot order by 'lastUpdated'", exception.getMessage()); } @Test void shouldFailWhenGlobalSearchAndNoAttributeSpecified() throws ForbiddenException, BadRequestException { - user.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); - user.setOrganisationUnits(emptySet()); - - when(aclService.canDataRead(user, program)).thenReturn(true); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + User userWithOrgUnits = new User(); + userWithOrgUnits.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); + userWithOrgUnits.setOrganisationUnits(emptySet()); + UserDetails currentUserWithOrgUnits = UserDetails.fromUser(userWithOrgUnits); + + when(aclService.canDataRead(currentUserWithOrgUnits, program)).thenReturn(true); + when(paramsValidator.validateTrackerProgram(program.getUid(), currentUserWithOrgUnits)) + .thenReturn(program); when(organisationUnitService.getOrganisationUnitsByUid( Set.of(orgUnit1.getUid(), orgUnit2.getUid()))) .thenReturn(List.of(orgUnit1, orgUnit2)); @@ -577,30 +521,30 @@ void shouldFailWhenGlobalSearchAndNoAttributeSpecified() .programUid(PROGRAM_UID) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception IllegalQueryException = - assertThrows(IllegalQueryException.class, () -> mapper.map(operationParams)); - - assertEquals( - "At least 1 attributes should be mentioned in the search criteria.", - IllegalQueryException.getMessage()); - } + Exception IllegalQueryException = + assertThrows( + IllegalQueryException.class, + () -> mapper.map(operationParams, currentUserWithOrgUnits)); + + assertEquals( + "At least 1 attributes should be mentioned in the search criteria.", + IllegalQueryException.getMessage()); } @Test void shouldFailWhenGlobalSearchAndMaxTeLimitReached() throws ForbiddenException, BadRequestException { - user.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); - user.setOrganisationUnits(emptySet()); + User userWithOrgUnits = new User(); + userWithOrgUnits.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); + userWithOrgUnits.setOrganisationUnits(emptySet()); + UserDetails currentUserWithOrgUnits = UserDetails.fromUser(userWithOrgUnits); when(aclService.canDataRead(any(UserDetails.class), any(Program.class))).thenReturn(true); program.setMinAttributesRequiredToSearch(0); program.setMaxTeiCountToReturn(1); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); - when(paramsValidator.validateTrackerProgram(program.getUid())).thenReturn(program); + when(paramsValidator.validateTrackerProgram(program.getUid(), currentUserWithOrgUnits)) + .thenReturn(program); when(trackedEntityStore.getTrackedEntityCountWithMaxTrackedEntityLimit(any())).thenReturn(100); when(organisationUnitService.getOrganisationUnitsByUid( @@ -613,21 +557,20 @@ void shouldFailWhenGlobalSearchAndMaxTeLimitReached() .programUid(PROGRAM_UID) .build(); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(user)); - Exception IllegalQueryException = - assertThrows(IllegalQueryException.class, () -> mapper.map(operationParams)); - assertEquals("maxteicountreached", IllegalQueryException.getMessage()); - } + Exception IllegalQueryException = + assertThrows( + IllegalQueryException.class, + () -> mapper.map(operationParams, currentUserWithOrgUnits)); + assertEquals("maxteicountreached", IllegalQueryException.getMessage()); } @Test void shouldFailWhenUserHasNoAccessToAnyTrackedEntityType() { - user.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); - user.setOrganisationUnits(emptySet()); - when(aclService.canDataRead(user, program)).thenReturn(true); + User userWithOrgUnits = new User(); + userWithOrgUnits.setTeiSearchOrganisationUnits(Set.of(orgUnit1, orgUnit2)); + userWithOrgUnits.setOrganisationUnits(emptySet()); + UserDetails currentUserWithOrgUnits = UserDetails.fromUser(userWithOrgUnits); + when(aclService.canDataRead(currentUserWithOrgUnits, program)).thenReturn(true); program.setMinAttributesRequiredToSearch(0); program.setMaxTeiCountToReturn(1); when(programService.getProgram(PROGRAM_UID)).thenReturn(program); @@ -638,7 +581,8 @@ void shouldFailWhenUserHasNoAccessToAnyTrackedEntityType() { TrackedEntityOperationParams.builder().orgUnitMode(ACCESSIBLE).build(); Exception BadRequestException = - assertThrows(BadRequestException.class, () -> mapper.map(operationParams)); + assertThrows( + BadRequestException.class, () -> mapper.map(operationParams, currentUserWithOrgUnits)); assertEquals("User has no access to any Tracked Entity Type", BadRequestException.getMessage()); } diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/maintenance/MaintenanceServiceTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/maintenance/MaintenanceServiceTest.java index c19fe5256523..072179f7baff 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/maintenance/MaintenanceServiceTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/maintenance/MaintenanceServiceTest.java @@ -81,7 +81,6 @@ import org.hisp.dhis.tracker.export.enrollment.EnrollmentService; import org.hisp.dhis.tracker.export.event.EventChangeLogService; import org.hisp.dhis.tracker.export.event.TrackedEntityDataValueChangeLog; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; import org.joda.time.DateTime; import org.junit.jupiter.api.BeforeEach; @@ -314,15 +313,11 @@ void testDeleteSoftDeletedTrackedEntityAProgramMessage() .build(); manager.save(trackedEntityB); programMessageService.saveProgramMessage(message); - assertNotNull( - trackedEntityService.getTrackedEntity( - trackedEntityB.getUid(), null, TrackedEntityParams.FALSE, false)); + assertNotNull(trackedEntityService.getTrackedEntity(trackedEntityB.getUid())); manager.delete(trackedEntityB); assertThrows( NotFoundException.class, - () -> - trackedEntityService.getTrackedEntity( - trackedEntityB.getUid(), null, TrackedEntityParams.FALSE, false)); + () -> trackedEntityService.getTrackedEntity(trackedEntityB.getUid())); assertTrue(trackedEntityExistsIncludingDeleted(trackedEntityB.getUid())); maintenanceService.deleteSoftDeletedTrackedEntities(); diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerAccessManagerTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerAccessManagerTest.java index f7163812237b..94ab3adddf2d 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerAccessManagerTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerAccessManagerTest.java @@ -63,7 +63,6 @@ import org.hisp.dhis.test.integration.PostgresIntegrationTestBase; import org.hisp.dhis.tracker.acl.TrackerAccessManager; import org.hisp.dhis.tracker.acl.TrackerOwnershipManager; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; import org.hisp.dhis.user.User; import org.hisp.dhis.user.UserDetails; @@ -201,9 +200,7 @@ void checkAccessPermissionForTeWhenTeOuInCaptureScope() UserDetails userDetails = UserDetails.fromUser(user); trackedEntityType.setPublicAccess(AccessStringHelper.FULL); manager.update(trackedEntityType); - TrackedEntity te = - trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.FALSE, false); + TrackedEntity te = trackedEntityService.getTrackedEntity(trackedEntityA.getUid()); // Can read te assertNoErrors(trackerAccessManager.canRead(userDetails, te)); // can write te @@ -221,9 +218,7 @@ void checkAccessPermissionForTeWhenTeOuInSearchScope() UserDetails userDetails = UserDetails.fromUser(user); trackedEntityType.setPublicAccess(AccessStringHelper.FULL); manager.update(trackedEntityType); - TrackedEntity te = - trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.FALSE, false); + TrackedEntity te = trackedEntityService.getTrackedEntity(trackedEntityA.getUid()); // Can Read assertNoErrors(trackerAccessManager.canRead(userDetails, te)); // Can write @@ -240,9 +235,7 @@ void checkAccessPermissionForTeWhenTeOuOutsideSearchScope() UserDetails userDetails = UserDetails.fromUser(user); trackedEntityType.setPublicAccess(AccessStringHelper.FULL); manager.update(trackedEntityType); - TrackedEntity te = - trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.FALSE, false); + TrackedEntity te = trackedEntityService.getTrackedEntity(trackedEntityA.getUid()); // Cannot Read assertHasError(trackerAccessManager.canRead(userDetails, te), OWNERSHIP_ACCESS_DENIED); // Cannot write diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java index d13c7978cb97..4b89b18c9a76 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/trackedentity/TrackerOwnershipManagerTest.java @@ -197,7 +197,7 @@ void shouldNotHaveAccessToEnrollmentWithUserAWhenTransferredToAnotherOrgUnit() ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); assertEquals("OWNERSHIP_ACCESS_DENIED", exception.getMessage()); } @@ -212,7 +212,7 @@ void shouldHaveAccessToEnrollmentWithUserBWhenTransferredToOwnOrgUnit() assertEquals( trackedEntityA1, trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); } @Test @@ -228,7 +228,7 @@ void shouldHaveAccessToEnrollmentWithSuperUserWhenTransferredToOwnOrgUnit() assertEquals( trackedEntityA1, trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); } @Test @@ -238,8 +238,7 @@ void shouldHaveAccessToTEWhenProgramNotProvidedButUserHasAccessToAtLeastOneProgr assertEquals( trackedEntityA1, - trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), null, defaultParams, false)); + trackedEntityService.getTrackedEntity(trackedEntityA1.getUid(), null, defaultParams)); } @Test @@ -253,7 +252,7 @@ void shouldNotHaveAccessToTEWhenProgramNotProvidedAndUserHasNoAccessToAnyProgram ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), null, defaultParams, false)); + trackedEntityA1.getUid(), null, defaultParams)); assertEquals( String.format("User has no access to TrackedEntity:%s", trackedEntityA1.getUid()), @@ -300,7 +299,7 @@ void shouldNotHaveAccessWhenProgramProtectedAndUserNotInSearchScopeNorHasTempora ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); assertEquals(TrackerOwnershipManager.NO_READ_ACCESS_TO_ORG_UNIT, exception.getMessage()); } @@ -323,7 +322,7 @@ void shouldNotHaveAccessWhenProgramProtectedAndUserNotInCaptureScopeNorHasTempor ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); assertEquals(TrackerOwnershipManager.OWNERSHIP_ACCESS_DENIED, exception.getMessage()); } @@ -356,7 +355,7 @@ void shouldNotHaveAccessWhenProgramClosedAndUserHasTemporaryAccess() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programB.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programB.getUid(), defaultParams)); assertEquals(TrackerOwnershipManager.PROGRAM_ACCESS_CLOSED, exception.getMessage()); } @@ -369,7 +368,7 @@ void shouldHaveAccessWhenProgramOpenAndUserInScope() assertEquals( trackedEntityA1, trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); } @Test @@ -387,7 +386,7 @@ void shouldNotHaveAccessWhenProgramOpenAndUserNotInSearchScope() throws Forbidde ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), programA.getUid(), defaultParams, false)); + trackedEntityA1.getUid(), programA.getUid(), defaultParams)); assertEquals(TrackerOwnershipManager.NO_READ_ACCESS_TO_ORG_UNIT, exception.getMessage()); } @@ -401,8 +400,7 @@ void shouldHaveAccessWhenProgramNotProvidedAndTEEnrolledButHaveAccessToTEOwner() injectSecurityContextUser(userB); assertEquals( trackedEntityA1, - trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), null, defaultParams, false)); + trackedEntityService.getTrackedEntity(trackedEntityA1.getUid(), null, defaultParams)); } @Test @@ -414,7 +412,7 @@ void shouldNotHaveAccessWhenProgramNotProvidedAndTEEnrolledAndNoAccessToTEOwner( ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA1.getUid(), null, defaultParams, false)); + trackedEntityA1.getUid(), null, defaultParams)); assertEquals( String.format("User has no access to TrackedEntity:%s", trackedEntityA1.getUid()), exception.getMessage()); @@ -427,8 +425,7 @@ void shouldHaveAccessWhenProgramNotProvidedAndTENotEnrolledButHaveAccessToTeRegi assertEquals( trackedEntityB1, - trackedEntityService.getTrackedEntity( - trackedEntityB1.getUid(), null, defaultParams, false)); + trackedEntityService.getTrackedEntity(trackedEntityB1.getUid(), null, defaultParams)); } @Test @@ -440,7 +437,7 @@ void shouldNotHaveAccessWhenProgramNotProvidedAndTENotEnrolledAndNoAccessToTeReg ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityB1.getUid(), null, defaultParams, false)); + trackedEntityB1.getUid(), null, defaultParams)); assertEquals( String.format("User has no access to TrackedEntity:%s", trackedEntityB1.getUid()), exception.getMessage()); diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentServiceTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentServiceTest.java index a46737e450e7..4269665008ac 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentServiceTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/enrollment/EnrollmentServiceTest.java @@ -676,8 +676,7 @@ void shouldFailWhenOrgUnitModeAllAndUserNotAuthorized() { assertThrows( BadRequestException.class, () -> enrollmentService.getEnrollments(operationParams)); assertEquals( - "Current user is not authorized to query across all organisation units", - exception.getMessage()); + "User is not authorized to query across all organisation units", exception.getMessage()); } @Test diff --git a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityServiceTest.java b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityServiceTest.java index 2427cba82a1e..f7177c4afdc6 100644 --- a/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityServiceTest.java +++ b/dhis-2/dhis-test-integration/src/test/java/org/hisp/dhis/tracker/export/trackedentity/TrackedEntityServiceTest.java @@ -611,7 +611,7 @@ void shouldReturnTrackedEntityIncludingAllAttributesEnrollmentsEventsRelationshi TrackedEntity te = trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE, false); + trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE); assertEquals(1, te.getEnrollments().size()); assertEquals(enrollmentA.getUid(), te.getEnrollments().stream().findFirst().get().getUid()); @@ -690,7 +690,7 @@ void shouldReturnEnrollmentsFromSpecifiedProgramWhenRequestingSingleTrackedEntit TrackedEntity trackedEntity = trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE, false); + trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE); assertContainsOnly(Set.of(enrollmentA), trackedEntity.getEnrollments()); } @@ -705,7 +705,7 @@ void shouldReturnAllEnrollmentsWhenRequestingSingleTrackedEntityAndNoProgramSpec TrackedEntity trackedEntity = trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE); assertContainsOnly( Set.of(enrollmentA, enrollmentB, enrollmentProgramB), trackedEntity.getEnrollments()); @@ -1091,7 +1091,7 @@ void shouldReturnTrackedEntityWithEventFilters() TrackedEntityOperationParamsBuilder builder = TrackedEntityOperationParams.builder() - .assignedUserQueryParam(new AssignedUserQueryParam(null, null)) + .assignedUserQueryParam(new AssignedUserQueryParam(null, null, user.getUid())) .organisationUnits(Set.of(orgUnitA.getUid())) .programUid(programA.getUid()) .eventStartDate(Date.from(Instant.now().minus(10, ChronoUnit.DAYS))) @@ -1779,7 +1779,7 @@ void shouldFailWhenRequestingSingleTEAndProvidedProgramDoesNotExist() { NotFoundException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), programUid, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), programUid, TrackedEntityParams.TRUE)); assertEquals( String.format("Program with id %s could not be found.", programUid), exception.getMessage()); @@ -1793,7 +1793,7 @@ void shouldFailWhenRequestingSingleTEAndProvidedTEDoesNotExist() { NotFoundException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityUid, programA.getUid(), TrackedEntityParams.TRUE, false)); + trackedEntityUid, programA.getUid(), TrackedEntityParams.TRUE)); assertEquals( String.format("TrackedEntity with id %s could not be found.", trackedEntityUid), exception.getMessage()); @@ -1815,8 +1815,7 @@ void shouldFailWhenRequestingSingleTEAndNoDataAccessToProvidedProgram() { trackedEntityService.getTrackedEntity( trackedEntityA.getUid(), inaccessibleProgram.getUid(), - TrackedEntityParams.TRUE, - false)); + TrackedEntityParams.TRUE)); assertContains( String.format("User has no data read access to program: %s", inaccessibleProgram.getUid()), exception.getMessage()); @@ -1836,7 +1835,7 @@ void shouldFailWhenRequestingSingleTEAndTETNotAccessible() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntity.getUid(), programA.getUid(), TrackedEntityParams.TRUE, false)); + trackedEntity.getUid(), programA.getUid(), TrackedEntityParams.TRUE)); assertContains( String.format( "User has no data read access to tracked entity type: %s", @@ -1857,7 +1856,7 @@ void shouldFailWhenRequestingSingleTEAndNoMetadataAccessToAnyProgram() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE)); assertContains( String.format("User has no access to TrackedEntity:%s", trackedEntityA.getUid()), exception.getMessage()); @@ -1878,7 +1877,7 @@ void shouldFailWhenRequestingSingleTEAndOnlyEventProgramAccessible() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE)); assertContains( String.format("User has no access to TrackedEntity:%s", trackedEntityA.getUid()), @@ -1903,7 +1902,7 @@ void shouldFailWhenRequestingSingleTEAndTETDoesNotMatchAnyProgram() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE)); assertContains( String.format("User has no access to TrackedEntity:%s", trackedEntityA.getUid()), @@ -1923,7 +1922,7 @@ void shouldFailWhenRequestingSingleTEAndNoDataAccessToAnyProgram() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE)); assertContains( String.format("User has no access to TrackedEntity:%s", trackedEntityA.getUid()), @@ -1942,7 +1941,7 @@ void shouldFailWhenRequestingSingleTEAndNoAccessToTET() { ForbiddenException.class, () -> trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE)); assertEquals( String.format("User has no access to TrackedEntity:%s", trackedEntityA.getUid()), @@ -1954,7 +1953,7 @@ void shouldReturnProgramAttributesWhenSingleTERequestedAndProgramSpecified() throws ForbiddenException, NotFoundException, BadRequestException { TrackedEntity trackedEntity = trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE, false); + trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE); assertContainsOnly( Set.of( @@ -1969,7 +1968,7 @@ void shouldReturnTrackedEntityTypeAttributesWhenSingleTERequestedAndNoProgramSpe throws ForbiddenException, NotFoundException, BadRequestException { TrackedEntity trackedEntity = trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), null, TrackedEntityParams.TRUE, false); + trackedEntityA.getUid(), null, TrackedEntityParams.TRUE); assertContainsOnly( Set.of(trackedEntityAttributeValueA, trackedEntityAttributeValueB), @@ -1993,7 +1992,7 @@ void shouldReturnTrackedEntityTypeAttributesWhenSingleTERequestedAndNoProgramSpe assertEquals( trackedEntityA, trackedEntityService.getTrackedEntity( - trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE, false)); + trackedEntityA.getUid(), programA.getUid(), TrackedEntityParams.TRUE)); } private Set attributeNames(final Collection attributes) { diff --git a/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerEnrollmentSMSTest.java b/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerEnrollmentSMSTest.java index 8fbc64189e6e..567c0e49ae39 100644 --- a/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerEnrollmentSMSTest.java +++ b/dhis-2/dhis-test-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerEnrollmentSMSTest.java @@ -251,14 +251,12 @@ void shouldCreateTrackedEntityAndEnrollIt() trackedEntityService.getTrackedEntity( submission.getTrackedEntityInstance().getUid(), submission.getTrackerProgram().getUid(), - TrackedEntityParams.FALSE, - false)); + TrackedEntityParams.FALSE)); TrackedEntity actualTe = trackedEntityService.getTrackedEntity( submission.getTrackedEntityInstance().getUid(), submission.getTrackerProgram().getUid(), - TrackedEntityParams.FALSE.withIncludeAttributes(true), - false); + TrackedEntityParams.FALSE.withIncludeAttributes(true)); assertAll( "created tracked entity with tracked entity attribute values", () -> assertEqualUids(submission.getTrackedEntityInstance(), actualTe), @@ -357,14 +355,12 @@ void shouldEnrollExistingTrackedEntityAndAddUpdateAndDeleteAttributes() trackedEntityService.getTrackedEntity( submission.getTrackedEntityInstance().getUid(), submission.getTrackerProgram().getUid(), - TrackedEntityParams.FALSE, - false)); + TrackedEntityParams.FALSE)); TrackedEntity actualTe = trackedEntityService.getTrackedEntity( submission.getTrackedEntityInstance().getUid(), submission.getTrackerProgram().getUid(), - TrackedEntityParams.FALSE.withIncludeAttributes(true), - false); + TrackedEntityParams.FALSE.withIncludeAttributes(true)); assertAll( "update tracked entity with tracked entity attribute values", () -> assertEqualUids(submission.getTrackedEntityInstance(), actualTe), diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntitiesExportController.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntitiesExportController.java index 67dc927f5117..4d1cc3b387b5 100644 --- a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntitiesExportController.java +++ b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntitiesExportController.java @@ -64,6 +64,8 @@ import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityOperationParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; +import org.hisp.dhis.user.CurrentUser; +import org.hisp.dhis.user.UserDetails; import org.hisp.dhis.webapi.controller.tracker.export.ChangeLogRequestParams; import org.hisp.dhis.webapi.controller.tracker.export.CsvService; import org.hisp.dhis.webapi.controller.tracker.export.FieldFilterRequestHandler; @@ -157,10 +159,11 @@ public TrackedEntitiesExportController( // use the text/html Accept header to default to a Json response when a generic request comes // from a browser ) - ResponseEntity> getTrackedEntities(TrackedEntityRequestParams requestParams) + ResponseEntity> getTrackedEntities( + TrackedEntityRequestParams requestParams, @CurrentUser UserDetails currentUser) throws BadRequestException, ForbiddenException, NotFoundException { validatePaginationParameters(requestParams); - TrackedEntityOperationParams operationParams = paramsMapper.map(requestParams); + TrackedEntityOperationParams operationParams = paramsMapper.map(requestParams, currentUser); if (requestParams.isPaged()) { PageParams pageParams = @@ -195,10 +198,11 @@ ResponseEntity> getTrackedEntities(TrackedEntityRequestParams r void getTrackedEntitiesAsCsv( TrackedEntityRequestParams trackedEntityRequestParams, HttpServletResponse response, - @RequestParam(required = false, defaultValue = "false") boolean skipHeader) + @RequestParam(required = false, defaultValue = "false") boolean skipHeader, + @CurrentUser UserDetails currentUser) throws IOException, BadRequestException, ForbiddenException, NotFoundException { TrackedEntityOperationParams operationParams = - paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS); + paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS, currentUser); ResponseHeader.addContentDispositionAttachment(response, TE_CSV_FILE); ResponseHeader.addContentTransferEncodingBinary(response); @@ -215,10 +219,11 @@ void getTrackedEntitiesAsCsv( void getTrackedEntitiesAsCsvZip( TrackedEntityRequestParams trackedEntityRequestParams, HttpServletResponse response, - @RequestParam(required = false, defaultValue = "false") boolean skipHeader) + @RequestParam(required = false, defaultValue = "false") boolean skipHeader, + @CurrentUser UserDetails currentUser) throws IOException, BadRequestException, ForbiddenException, NotFoundException { TrackedEntityOperationParams operationParams = - paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS); + paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS, currentUser); ResponseHeader.addContentDispositionAttachment(response, TE_CSV_FILE + ZIP_EXT); ResponseHeader.addContentTransferEncodingBinary(response); @@ -236,10 +241,11 @@ void getTrackedEntitiesAsCsvZip( void getTrackedEntitiesAsCsvGZip( TrackedEntityRequestParams trackedEntityRequestParams, HttpServletResponse response, - @RequestParam(required = false, defaultValue = "false") boolean skipHeader) + @RequestParam(required = false, defaultValue = "false") boolean skipHeader, + @CurrentUser UserDetails currentUser) throws IOException, BadRequestException, ForbiddenException, NotFoundException { TrackedEntityOperationParams operationParams = - paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS); + paramsMapper.map(trackedEntityRequestParams, CSV_FIELDS, currentUser); ResponseHeader.addContentDispositionAttachment(response, TE_CSV_FILE + GZIP_EXT); ResponseHeader.addContentTransferEncodingBinary(response); @@ -265,10 +271,7 @@ ResponseEntity getTrackedEntityByUid( TrackedEntity trackedEntity = TRACKED_ENTITY_MAPPER.from( trackedEntityService.getTrackedEntity( - uid.getValue(), - program == null ? null : program.getValue(), - trackedEntityParams, - false)); + uid.getValue(), program == null ? null : program.getValue(), trackedEntityParams)); return ResponseEntity.ok(fieldFilterService.toObjectNode(trackedEntity, fields)); } @@ -286,7 +289,7 @@ void getTrackedEntityByUidAsCsv( TrackedEntity trackedEntity = TRACKED_ENTITY_MAPPER.from( - trackedEntityService.getTrackedEntity(uid, program, trackedEntityParams, false)); + trackedEntityService.getTrackedEntity(uid, program, trackedEntityParams)); OutputStream outputStream = response.getOutputStream(); response.setContentType(CONTENT_TYPE_CSV); diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapper.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapper.java index 3e9e9908520f..c55efa061828 100644 --- a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapper.java +++ b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapper.java @@ -48,6 +48,7 @@ import org.hisp.dhis.program.EnrollmentStatus; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityOperationParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityOperationParams.TrackedEntityOperationParamsBuilder; +import org.hisp.dhis.user.UserDetails; import org.hisp.dhis.util.DateUtils; import org.hisp.dhis.util.ObjectUtils; import org.hisp.dhis.webapi.controller.event.webrequest.OrderCriteria; @@ -68,13 +69,16 @@ class TrackedEntityRequestParamsMapper { private final TrackedEntityFieldsParamMapper fieldsParamMapper; - public TrackedEntityOperationParams map(TrackedEntityRequestParams trackedEntityRequestParams) + public TrackedEntityOperationParams map( + TrackedEntityRequestParams trackedEntityRequestParams, UserDetails user) throws BadRequestException { - return map(trackedEntityRequestParams, trackedEntityRequestParams.getFields()); + return map(trackedEntityRequestParams, trackedEntityRequestParams.getFields(), user); } public TrackedEntityOperationParams map( - TrackedEntityRequestParams trackedEntityRequestParams, List fields) + TrackedEntityRequestParams trackedEntityRequestParams, + List fields, + UserDetails user) throws BadRequestException { validateRemovedParameters(trackedEntityRequestParams); @@ -159,7 +163,8 @@ public TrackedEntityOperationParams map( .assignedUserQueryParam( new AssignedUserQueryParam( trackedEntityRequestParams.getAssignedUserMode(), - UID.toValueSet(assignedUsers))) + UID.toValueSet(assignedUsers), + user.getUid())) .trackedEntityUids(UID.toValueSet(trackedEntities)) .filters(filters) .includeDeleted(trackedEntityRequestParams.isIncludeDeleted()) diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportController.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportController.java index e5bef37f9cd9..7e9912f05307 100644 --- a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportController.java +++ b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportController.java @@ -60,7 +60,7 @@ import org.hisp.dhis.tracker.imports.domain.TrackerObjects; import org.hisp.dhis.tracker.imports.report.ImportReport; import org.hisp.dhis.tracker.imports.report.Status; -import org.hisp.dhis.user.CurrentUserUtil; +import org.hisp.dhis.user.CurrentUser; import org.hisp.dhis.user.UserDetails; import org.hisp.dhis.webapi.controller.tracker.export.CsvService; import org.hisp.dhis.webapi.controller.tracker.view.Event; @@ -106,12 +106,12 @@ public class TrackerImportController { @PostMapping(value = "", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE) @ResponseBody public WebMessage asyncPostJsonTracker( - HttpServletRequest request, ImportRequestParams importRequestParams, @RequestBody Body body) + HttpServletRequest request, + ImportRequestParams importRequestParams, + @RequestBody Body body, + @CurrentUser UserDetails currentUser) throws ConflictException, NotFoundException, IOException { - UserDetails currentUserDetails = CurrentUserUtil.getCurrentUserDetails(); - String userUid = currentUserDetails.getUid(); - TrackerImportParams trackerImportParams = TrackerImportParamsMapper.trackerImportParams(importRequestParams); TrackerObjects trackerObjects = @@ -121,7 +121,7 @@ public WebMessage asyncPostJsonTracker( trackerImportParams, MimeType.valueOf("application/json"), trackerObjects, - userUid, + currentUser.getUid(), request); } @@ -177,12 +177,10 @@ public ResponseEntity syncPostJsonTracker( public WebMessage asyncPostCsvTracker( HttpServletRequest request, ImportRequestParams importRequest, - @RequestParam(required = false, defaultValue = "true") boolean skipFirst) + @RequestParam(required = false, defaultValue = "true") boolean skipFirst, + @CurrentUser UserDetails currentUser) throws IOException, ParseException, ConflictException, NotFoundException { - UserDetails currentUserDetails = CurrentUserUtil.getCurrentUserDetails(); - String userUid = currentUserDetails.getUid(); - InputStream inputStream = StreamUtils.wrapAndCheckCompressionFormat(request.getInputStream()); List events = csvEventService.read(inputStream, skipFirst); @@ -196,7 +194,11 @@ public WebMessage asyncPostCsvTracker( TrackerImportParamsMapper.trackerObjects(body, trackerImportParams.getIdSchemes()); return startAsyncTracker( - trackerImportParams, MimeType.valueOf("application/csv"), trackerObjects, userUid, request); + trackerImportParams, + MimeType.valueOf("application/csv"), + trackerObjects, + currentUser.getUid(), + request); } @PostMapping( diff --git a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/ownership/TrackerOwnershipController.java b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/ownership/TrackerOwnershipController.java index b709aeb03f3b..6b023a3f4b8d 100644 --- a/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/ownership/TrackerOwnershipController.java +++ b/dhis-2/dhis-web-api/src/main/java/org/hisp/dhis/webapi/controller/tracker/ownership/TrackerOwnershipController.java @@ -43,7 +43,6 @@ import org.hisp.dhis.program.Program; import org.hisp.dhis.program.ProgramService; import org.hisp.dhis.tracker.acl.TrackerOwnershipManager; -import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityParams; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityService; import org.hisp.dhis.user.CurrentUserUtil; import org.hisp.dhis.user.UserDetails; @@ -96,8 +95,7 @@ public WebMessage updateTrackerProgramOwner( "trackedEntityInstance", trackedEntityInstance, "trackedEntity", trackedEntity); trackerOwnershipAccessManager.transferOwnership( - trackedEntityService.getTrackedEntity( - trackedEntityUid.getValue(), null, TrackedEntityParams.FALSE, false), + trackedEntityService.getTrackedEntity(trackedEntityUid.getValue()), programService.getProgram(program), organisationUnitService.getOrganisationUnit(ou)); return ok("Ownership transferred"); @@ -117,8 +115,7 @@ public WebMessage overrideOwnershipAccess( UserDetails currentUser = CurrentUserUtil.getCurrentUserDetails(); trackerOwnershipAccessManager.grantTemporaryOwnership( - trackedEntityService.getTrackedEntity( - trackedEntityUid.getValue(), null, TrackedEntityParams.FALSE, false), + trackedEntityService.getTrackedEntity(trackedEntityUid.getValue()), programService.getProgram(program), currentUser, reason); diff --git a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/event/EventRequestParamsMapperTest.java b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/event/EventRequestParamsMapperTest.java index b940c6f68d4b..8f2aad201667 100644 --- a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/event/EventRequestParamsMapperTest.java +++ b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/event/EventRequestParamsMapperTest.java @@ -150,7 +150,7 @@ public void setUp() throws ForbiddenException, NotFoundException, BadRequestExce when(organisationUnitService.isInUserHierarchy(user, orgUnit)).thenReturn(true); TrackedEntity trackedEntity = new TrackedEntity(); - when(trackedEntityService.getTrackedEntity("qnR1RK4cTIZ", null, FALSE, false)) + when(trackedEntityService.getTrackedEntity("qnR1RK4cTIZ", null, FALSE)) .thenReturn(trackedEntity); TrackedEntityAttribute tea1 = new TrackedEntityAttribute(); tea1.setUid(TEA_1_UID); diff --git a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapperTest.java b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapperTest.java index 7bd875538b21..51c0d3ac2a4b 100644 --- a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapperTest.java +++ b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/export/trackedentity/TrackedEntityRequestParamsMapperTest.java @@ -39,7 +39,6 @@ import static org.junit.jupiter.api.Assertions.assertAll; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertThrows; -import static org.mockito.Mockito.mockStatic; import java.util.List; import java.util.Map; @@ -54,8 +53,7 @@ import org.hisp.dhis.program.EnrollmentStatus; import org.hisp.dhis.tracker.export.Order; import org.hisp.dhis.tracker.export.trackedentity.TrackedEntityOperationParams; -import org.hisp.dhis.user.CurrentUserUtil; -import org.hisp.dhis.user.User; +import org.hisp.dhis.user.SystemUser; import org.hisp.dhis.user.UserDetails; import org.hisp.dhis.webapi.controller.event.webrequest.OrderCriteria; import org.hisp.dhis.webapi.webdomain.EndDateTime; @@ -65,7 +63,6 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.InjectMocks; import org.mockito.Mock; -import org.mockito.MockedStatic; import org.mockito.junit.jupiter.MockitoExtension; @ExtendWith(MockitoExtension.class) @@ -86,6 +83,8 @@ class TrackedEntityRequestParamsMapperTest { private TrackedEntityRequestParams trackedEntityRequestParams; + UserDetails user = new SystemUser(); + @BeforeEach public void setUp() { trackedEntityRequestParams = new TrackedEntityRequestParams(); @@ -108,38 +107,31 @@ void shouldMapCorrectlyWhenProgramAndSpecificUpdateDatesSupplied() throws BadReq trackedEntityRequestParams.setEventOccurredBefore(EndDateTime.of("2020-07-07")); trackedEntityRequestParams.setIncludeDeleted(true); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - final TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); - - assertThat(params.getProgramUid(), is(PROGRAM_UID)); - assertThat(params.getProgramStageUid(), is(PROGRAM_STAGE_UID)); - assertThat(params.getFollowUp(), is(true)); - assertThat( - params.getLastUpdatedStartDate(), - is(trackedEntityRequestParams.getUpdatedAfter().toDate())); - assertThat( - params.getLastUpdatedEndDate(), - is(trackedEntityRequestParams.getUpdatedBefore().toDate())); - assertThat( - params.getProgramIncidentStartDate(), - is(trackedEntityRequestParams.getEnrollmentOccurredAfter().toDate())); - assertThat( - params.getProgramIncidentEndDate(), - is(trackedEntityRequestParams.getEnrollmentOccurredBefore().toDate())); - assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); - assertThat( - params.getEventStartDate(), - is(trackedEntityRequestParams.getEventOccurredAfter().toDate())); - assertThat( - params.getEventEndDate(), - is(trackedEntityRequestParams.getEventOccurredBefore().toDate())); - assertThat( - params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); - assertThat(params.isIncludeDeleted(), is(true)); - } + final TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); + + assertThat(params.getProgramUid(), is(PROGRAM_UID)); + assertThat(params.getProgramStageUid(), is(PROGRAM_STAGE_UID)); + assertThat(params.getFollowUp(), is(true)); + assertThat( + params.getLastUpdatedStartDate(), + is(trackedEntityRequestParams.getUpdatedAfter().toDate())); + assertThat( + params.getLastUpdatedEndDate(), is(trackedEntityRequestParams.getUpdatedBefore().toDate())); + assertThat( + params.getProgramIncidentStartDate(), + is(trackedEntityRequestParams.getEnrollmentOccurredAfter().toDate())); + assertThat( + params.getProgramIncidentEndDate(), + is(trackedEntityRequestParams.getEnrollmentOccurredBefore().toDate())); + assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); + assertThat( + params.getEventStartDate(), + is(trackedEntityRequestParams.getEventOccurredAfter().toDate())); + assertThat( + params.getEventEndDate(), is(trackedEntityRequestParams.getEventOccurredBefore().toDate())); + assertThat( + params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); + assertThat(params.isIncludeDeleted(), is(true)); } @Test @@ -153,33 +145,26 @@ void shouldMapCorrectlyWhenTrackedEntityAndSpecificUpdatedRangeSupplied() trackedEntityRequestParams.setEventOccurredBefore(EndDateTime.of("2020-07-07")); trackedEntityRequestParams.setIncludeDeleted(true); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - final TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); - - assertThat(params.getTrackedEntityTypeUid(), is(TRACKED_ENTITY_TYPE_UID)); - assertThat( - params.getLastUpdatedStartDate(), is(trackedEntityRequestParams.getUpdatedAfter())); - assertThat(params.getLastUpdatedEndDate(), is(trackedEntityRequestParams.getUpdatedBefore())); - assertThat( - params.getProgramIncidentStartDate(), - is(trackedEntityRequestParams.getEnrollmentOccurredAfter())); - assertThat( - params.getProgramIncidentEndDate(), - is(trackedEntityRequestParams.getEnrollmentOccurredBefore())); - assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); - assertThat( - params.getEventStartDate(), - is(trackedEntityRequestParams.getEventOccurredAfter().toDate())); - assertThat( - params.getEventEndDate(), - is(trackedEntityRequestParams.getEventOccurredBefore().toDate())); - assertThat( - params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); - assertThat(params.isIncludeDeleted(), is(true)); - } + final TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); + + assertThat(params.getTrackedEntityTypeUid(), is(TRACKED_ENTITY_TYPE_UID)); + assertThat(params.getLastUpdatedStartDate(), is(trackedEntityRequestParams.getUpdatedAfter())); + assertThat(params.getLastUpdatedEndDate(), is(trackedEntityRequestParams.getUpdatedBefore())); + assertThat( + params.getProgramIncidentStartDate(), + is(trackedEntityRequestParams.getEnrollmentOccurredAfter())); + assertThat( + params.getProgramIncidentEndDate(), + is(trackedEntityRequestParams.getEnrollmentOccurredBefore())); + assertThat(params.getEventStatus(), is(EventStatus.COMPLETED)); + assertThat( + params.getEventStartDate(), + is(trackedEntityRequestParams.getEventOccurredAfter().toDate())); + assertThat( + params.getEventEndDate(), is(trackedEntityRequestParams.getEventOccurredBefore().toDate())); + assertThat( + params.getAssignedUserQueryParam().getMode(), is(AssignedUserSelectionMode.PROVIDED)); + assertThat(params.isIncludeDeleted(), is(true)); } @Test @@ -188,7 +173,7 @@ void shouldMapOrgUnitModeGivenOrgUnitModeParam() throws BadRequestException { trackedEntityRequestParams.setOrgUnitMode(CAPTURE); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null, user); assertEquals(CAPTURE, params.getOrgUnitMode()); } @@ -199,7 +184,7 @@ void shouldMapOrgUnitModeGivenOuModeParam() throws BadRequestException { trackedEntityRequestParams.setOuMode(CAPTURE); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null, user); assertEquals(CAPTURE, params.getOrgUnitMode()); } @@ -209,7 +194,7 @@ void shouldMapOrgUnitModeToDefaultGivenNoOrgUnitModeParamIsSet() throws BadReque trackedEntityRequestParams = new TrackedEntityRequestParams(); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, null, user); assertEquals(ACCESSIBLE, params.getOrgUnitMode()); } @@ -220,7 +205,8 @@ void shouldThrowIfDeprecatedAndNewOrgUnitModeParameterIsSet() { trackedEntityRequestParams.setOrgUnitMode(SELECTED); BadRequestException exception = - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null)); + assertThrows( + BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null, user)); assertStartsWith("Only one parameter of 'ouMode' and 'orgUnitMode'", exception.getMessage()); } @@ -231,7 +217,8 @@ void shouldFailIfDeprecatedAndNewEnrollmentStatusParameterIsSet() { trackedEntityRequestParams.setEnrollmentStatus(EnrollmentStatus.ACTIVE); BadRequestException exception = - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null)); + assertThrows( + BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null, user)); assertStartsWith( "Only one parameter of 'programStatus' and 'enrollmentStatus'", exception.getMessage()); @@ -243,28 +230,18 @@ void testMappingProgramEnrollmentStartDate() throws BadRequestException { trackedEntityRequestParams.setEnrollmentEnrolledAfter(startDate); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); - assertEquals(startDate.toDate(), params.getProgramEnrollmentStartDate()); - } + assertEquals(startDate.toDate(), params.getProgramEnrollmentStartDate()); } @Test void testMappingProgram() throws BadRequestException { trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); - assertEquals(PROGRAM_UID, params.getProgramUid()); - } + assertEquals(PROGRAM_UID, params.getProgramUid()); } @Test @@ -272,28 +249,17 @@ void testMappingProgramStage() throws BadRequestException { trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); trackedEntityRequestParams.setProgramStage(UID.of(PROGRAM_STAGE_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); - assertEquals(PROGRAM_STAGE_UID, params.getProgramStageUid()); - } + assertEquals(PROGRAM_STAGE_UID, params.getProgramStageUid()); } @Test void testMappingTrackedEntityType() throws BadRequestException { trackedEntityRequestParams.setTrackedEntityType(UID.of(TRACKED_ENTITY_TYPE_UID)); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); - - assertEquals(TRACKED_ENTITY_TYPE_UID, params.getTrackedEntityTypeUid()); - } + assertEquals(TRACKED_ENTITY_TYPE_UID, params.getTrackedEntityTypeUid()); } @Test @@ -302,7 +268,7 @@ void testMappingAssignedUser() throws BadRequestException { trackedEntityRequestParams.setAssignedUserMode(AssignedUserSelectionMode.PROVIDED); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); assertContainsOnly( Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), @@ -317,7 +283,7 @@ void testMappingAssignedUsers() throws BadRequestException { trackedEntityRequestParams.setAssignedUserMode(AssignedUserSelectionMode.PROVIDED); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); assertContainsOnly( Set.of("IsdLBTOBzMi", "l5ab8q5skbB"), @@ -331,7 +297,8 @@ void shouldFailIfProgramStatusIsSetWithoutProgram() { trackedEntityRequestParams.setProgramStatus(EnrollmentStatus.ACTIVE); BadRequestException exception = - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null)); + assertThrows( + BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null, user)); assertStartsWith("`program` must be defined when `programStatus`", exception.getMessage()); } @@ -342,7 +309,8 @@ void shouldFailIfEnrollmentStatusIsSetWithoutProgram() { trackedEntityRequestParams.setEnrollmentStatus(EnrollmentStatus.ACTIVE); BadRequestException exception = - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null)); + assertThrows( + BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, null, user)); assertStartsWith("`program` must be defined when `enrollmentStatus`", exception.getMessage()); } @@ -351,7 +319,7 @@ void shouldFailIfEnrollmentStatusIsSetWithoutProgram() { void shouldFailIfGivenStatusAndNotOccurredEventDates() { trackedEntityRequestParams.setEventStatus(EventStatus.ACTIVE); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test @@ -359,7 +327,7 @@ void shouldFailIfGivenStatusAndOccurredAfterEventDateButNoOccurredBeforeEventDat trackedEntityRequestParams.setEventStatus(EventStatus.ACTIVE); trackedEntityRequestParams.setEventOccurredAfter(StartDateTime.of("2020-10-10")); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test @@ -367,7 +335,7 @@ void shouldFailIfGivenOccurredEventDatesAndNotEventStatus() { trackedEntityRequestParams.setEventOccurredBefore(EndDateTime.of("2020-11-11")); trackedEntityRequestParams.setEventOccurredAfter(StartDateTime.of("2020-10-10")); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test @@ -375,7 +343,7 @@ void shouldFailIfGivenOrgUnitAndOrgUnits() { trackedEntityRequestParams.setOrgUnit("IsdLBTOBzMi"); trackedEntityRequestParams.setOrgUnits(Set.of(UID.of("IsdLBTOBzMi"))); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test @@ -383,28 +351,28 @@ void shouldFailIfGivenTrackedEntityAndTrackedEntities() { trackedEntityRequestParams.setTrackedEntity("IsdLBTOBzMi"); trackedEntityRequestParams.setTrackedEntities(Set.of(UID.of("IsdLBTOBzMi"))); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test void shouldFailIfGivenRemovedQueryParameter() { trackedEntityRequestParams.setQuery("query"); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test void shouldFailIfGivenRemovedAttributeParameter() { trackedEntityRequestParams.setAttribute("IsdLBTOBzMi"); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test void shouldFailIfGivenRemovedIncludeAllAttributesParameter() { trackedEntityRequestParams.setIncludeAllAttributes("true"); - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); } @Test @@ -413,33 +381,23 @@ void shouldMapOrderParameterInGivenOrderWhenFieldsAreOrderable() throws BadReque OrderCriteria.fromOrderString("createdAt:asc,zGlzbfreTOH,enrolledAt:desc")); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); - - assertEquals( - List.of( - new Order("created", SortDirection.ASC), - new Order(UID.of("zGlzbfreTOH"), SortDirection.ASC), - new Order("enrollment.enrollmentDate", SortDirection.DESC)), - params.getOrder()); - } + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); + + assertEquals( + List.of( + new Order("created", SortDirection.ASC), + new Order(UID.of("zGlzbfreTOH"), SortDirection.ASC), + new Order("enrollment.enrollmentDate", SortDirection.DESC)), + params.getOrder()); } @Test void testMappingOrderParamsNoOrder() throws BadRequestException { trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams); + TrackedEntityOperationParams params = mapper.map(trackedEntityRequestParams, user); - assertIsEmpty(params.getOrder()); - } + assertIsEmpty(params.getOrder()); } @Test @@ -448,7 +406,7 @@ void shouldFailGivenInvalidOrderFieldName() { OrderCriteria.fromOrderString("unsupportedProperty1:asc,enrolledAt:asc")); Exception exception = - assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams)); + assertThrows(BadRequestException.class, () -> mapper.map(trackedEntityRequestParams, user)); assertAll( () -> assertStartsWith("order parameter is invalid", exception.getMessage()), () -> assertContains("unsupportedProperty1", exception.getMessage())); @@ -460,19 +418,15 @@ void shouldMapFilterParameter() throws BadRequestException { trackedEntityRequestParams.setFilter(TEA_1_UID + ":like:value1," + TEA_2_UID + ":like:value2"); trackedEntityRequestParams.setProgram(UID.of(PROGRAM_UID)); - try (MockedStatic userUtilMockedStatic = mockStatic(CurrentUserUtil.class)) { - userUtilMockedStatic - .when(CurrentUserUtil::getCurrentUserDetails) - .thenReturn(UserDetails.fromUser(new User())); - Map> filters = mapper.map(trackedEntityRequestParams).getFilters(); - - assertEquals( - Map.of( - TEA_1_UID, - List.of(new QueryFilter(QueryOperator.LIKE, "value1")), - TEA_2_UID, - List.of(new QueryFilter(QueryOperator.LIKE, "value2"))), - filters); - } + Map> filters = + mapper.map(trackedEntityRequestParams, user).getFilters(); + + assertEquals( + Map.of( + TEA_1_UID, + List.of(new QueryFilter(QueryOperator.LIKE, "value1")), + TEA_2_UID, + List.of(new QueryFilter(QueryOperator.LIKE, "value2"))), + filters); } } diff --git a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportControllerTest.java b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportControllerTest.java index c8b051bd9854..3c7b0b1c6a60 100644 --- a/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportControllerTest.java +++ b/dhis-2/dhis-web-api/src/test/java/org/hisp/dhis/webapi/controller/tracker/imports/TrackerImportControllerTest.java @@ -64,9 +64,11 @@ import org.hisp.dhis.tracker.imports.report.Status; import org.hisp.dhis.tracker.imports.report.ValidationReport; import org.hisp.dhis.user.SystemUser; +import org.hisp.dhis.user.UserService; import org.hisp.dhis.webapi.controller.CrudControllerAdvice; import org.hisp.dhis.webapi.controller.tracker.export.CsvService; import org.hisp.dhis.webapi.controller.tracker.view.Event; +import org.hisp.dhis.webapi.mvc.CurrentUserHandlerMethodArgumentResolver; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -96,6 +98,8 @@ class TrackerImportControllerTest { @Mock private JobConfigurationService jobConfigurationService; + @Mock private UserService userService; + private RenderService renderService; @BeforeEach @@ -121,6 +125,7 @@ public void setUp() { mockMvc = MockMvcBuilders.standaloneSetup(controller) .setControllerAdvice(new CrudControllerAdvice()) + .setCustomArgumentResolvers(new CurrentUserHandlerMethodArgumentResolver(userService)) .build(); }