Skip to content

Commit

Permalink
fix: Add program param in attribute image endpoint [DHIS2-17173][2.39]
Browse files Browse the repository at this point in the history
  • Loading branch information
muilpp committed Oct 17, 2024
1 parent 5214754 commit 3c4bd5d
Show file tree
Hide file tree
Showing 6 changed files with 301 additions and 38 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -120,6 +120,10 @@ public interface TrackedEntityAttributeService {

Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(User user);

Set<TrackedEntityAttribute> getProgramAttributes(Program program);

Set<TrackedEntityAttribute> getTrackedEntityTypeAttributes(TrackedEntityType trackedEntityType);

Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(
User user, List<Program> programs, List<TrackedEntityType> trackedEntityTypes);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -328,6 +328,21 @@ public Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(Use
return getAllUserReadableTrackedEntityAttributes(user, programs, trackedEntityTypes);
}

@Transactional(readOnly = true)
@Override
public Set<TrackedEntityAttribute> getProgramAttributes(Program program) {
return getAllUserReadableTrackedEntityAttributes(
currentUserService.getCurrentUser(), List.of(program), List.of());
}

@Transactional(readOnly = true)
@Override
public Set<TrackedEntityAttribute> getTrackedEntityTypeAttributes(
TrackedEntityType trackedEntityType) {
return getAllUserReadableTrackedEntityAttributes(
currentUserService.getCurrentUser(), List.of(), List.of(trackedEntityType));
}

@Override
@Transactional(readOnly = true)
public Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import java.util.stream.Collectors;
import javax.imageio.ImageIO;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
Expand Down Expand Up @@ -86,13 +85,12 @@
import org.hisp.dhis.schema.descriptors.TrackedEntityInstanceSchemaDescriptor;
import org.hisp.dhis.system.grid.GridUtils;
import org.hisp.dhis.trackedentity.TrackedEntityInstanceQueryParams;
import org.hisp.dhis.trackedentity.TrackerAccessManager;
import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.webapi.controller.event.mapper.TrackedEntityCriteriaMapper;
import org.hisp.dhis.webapi.controller.event.webrequest.TrackedEntityInstanceCriteria;
import org.hisp.dhis.webapi.controller.exception.BadRequestException;
import org.hisp.dhis.webapi.controller.exception.NotFoundException;
import org.hisp.dhis.webapi.mvc.annotation.ApiVersion;
import org.hisp.dhis.webapi.service.ContextService;
import org.hisp.dhis.webapi.service.TrackedEntityInstanceSupportService;
Expand Down Expand Up @@ -141,8 +139,6 @@ public class TrackedEntityInstanceController {

private final FileResourceService fileResourceService;

private final TrackerAccessManager trackerAccessManager;

private final TrackedEntityInstanceSupportService trackedEntityInstanceSupportService;

private final TrackedEntityCriteriaMapper criteriaMapper;
Expand Down Expand Up @@ -199,35 +195,23 @@ public class TrackedEntityInstanceController {
public void getAttributeImage(
@PathVariable("teiId") String teiId,
@PathVariable("attributeId") String attributeId,
@RequestParam(required = false) String programId,
@RequestParam(required = false) Integer width,
@RequestParam(required = false) Integer height,
@RequestParam(required = false) ImageFileDimension dimension,
HttpServletResponse response)
throws WebMessageException {
User user = currentUserService.getCurrentUser();

org.hisp.dhis.trackedentity.TrackedEntityInstance trackedEntityInstance =
instanceService.getTrackedEntityInstance(teiId);

List<String> trackerAccessErrors = trackerAccessManager.canRead(user, trackedEntityInstance);

List<TrackedEntityAttributeValue> attribute =
trackedEntityInstance.getTrackedEntityAttributeValues().stream()
.filter(val -> val.getAttribute().getUid().equals(attributeId))
.collect(Collectors.toList());

if (!trackerAccessErrors.isEmpty()) {
throw new WebMessageException(
unauthorized(
"You're not authorized to access the TrackedEntityInstance with id: " + teiId));
}

if (attribute.size() == 0) {
throw new WebMessageException(notFound("Attribute not found for ID " + attributeId));
TrackedEntityAttributeValue value;
try {
value =
trackedEntityInstanceSupportService.getTrackedEntityAttributeValue(
teiId, attributeId, programId);
} catch (NotFoundException e) {
throw new WebMessageException(notFound(e.getMessage()));
} catch (IllegalAccessException e) {
throw new WebMessageException(unauthorized(e.getMessage()));
}

TrackedEntityAttributeValue value = attribute.get(0);

if (value == null) {
throw new WebMessageException(notFound("Value not found for ID " + attributeId));
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@

import com.google.common.base.Joiner;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import lombok.RequiredArgsConstructor;
import lombok.SneakyThrows;
Expand All @@ -43,14 +44,17 @@
import org.hisp.dhis.program.Program;
import org.hisp.dhis.program.ProgramService;
import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
import org.hisp.dhis.trackedentity.TrackedEntityAttributeService;
import org.hisp.dhis.trackedentity.TrackedEntityType;
import org.hisp.dhis.trackedentity.TrackedEntityTypeService;
import org.hisp.dhis.trackedentity.TrackerAccessManager;
import org.hisp.dhis.trackedentity.TrackerOwnershipManager;
import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.webapi.controller.exception.NotFoundException;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

/** This service should not be used in the new tracker. */
@Service
Expand All @@ -69,6 +73,8 @@ public class TrackedEntityInstanceSupportService {

private final TrackedEntityTypeService trackedEntityTypeService;

private final TrackedEntityAttributeService attributeService;

@SneakyThrows
public TrackedEntityInstance getTrackedEntityInstance(String id, String pr, List<String> fields) {
User user = currentUserService.getCurrentUser();
Expand Down Expand Up @@ -167,4 +173,49 @@ public TrackedEntityInstanceParams getTrackedEntityInstanceParams(List<String> f

return params;
}

@Transactional(readOnly = true)
public TrackedEntityAttributeValue getTrackedEntityAttributeValue(
String teiUid, String attributeUid, String programUid)
throws NotFoundException, IllegalAccessException {
User currentUser = currentUserService.getCurrentUser();

org.hisp.dhis.trackedentity.TrackedEntityInstance trackedEntity =
instanceService.getTrackedEntityInstance(teiUid);
if (trackedEntity == null) {
throw new NotFoundException("Tracked entity not found for ID " + teiUid);
}

Set<TrackedEntityAttribute> trackedEntityAttributes;
if (programUid != null) {
Program program = programService.getProgram(programUid);
if (program == null) {
throw new NotFoundException("Program not found for ID " + programUid);
}

if (!trackerAccessManager.canRead(currentUser, trackedEntity, program, false).isEmpty()) {
throw new IllegalAccessException(
"You're not authorized to access the TrackedEntity with id: " + teiUid);
}

trackedEntityAttributes = attributeService.getProgramAttributes(program);
} else {
if (!trackerAccessManager.canRead(currentUser, trackedEntity).isEmpty()) {
throw new IllegalAccessException(
"You're not authorized to access the TrackedEntity with id: " + teiUid);
}

trackedEntityAttributes =
attributeService.getTrackedEntityTypeAttributes(trackedEntity.getTrackedEntityType());
}

if (trackedEntityAttributes.stream().noneMatch(tea -> tea.getUid().equals(attributeUid))) {
throw new NotFoundException("Attribute not found for ID " + attributeUid);
}

return trackedEntity.getTrackedEntityAttributeValues().stream()
.filter(val -> val.getAttribute().getUid().equals(attributeUid))
.findFirst()
.orElseThrow(() -> new NotFoundException("Value not found for ID " + attributeUid));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.Set;
import java.util.List;
import org.hisp.dhis.common.CodeGenerator;
import org.hisp.dhis.common.ValueType;
import org.hisp.dhis.dxf2.events.trackedentity.TrackedEntityInstanceService;
Expand All @@ -56,11 +56,13 @@
import org.hisp.dhis.schema.descriptors.TrackedEntityInstanceSchemaDescriptor;
import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
import org.hisp.dhis.trackedentity.TrackedEntityInstance;
import org.hisp.dhis.trackedentity.TrackerAccessManager;
import org.hisp.dhis.trackedentity.TrackedEntityType;
import org.hisp.dhis.trackedentity.TrackedEntityTypeAttribute;
import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
import org.hisp.dhis.user.CurrentUserService;
import org.hisp.dhis.user.User;
import org.hisp.dhis.webapi.controller.exception.BadRequestException;
import org.hisp.dhis.webapi.service.TrackedEntityInstanceSupportService;
import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceAsyncStrategyImpl;
import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceStrategyImpl;
import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceSyncStrategyImpl;
Expand Down Expand Up @@ -95,12 +97,12 @@ class TrackedEntityInstanceControllerTest {

@Mock private org.hisp.dhis.trackedentity.TrackedEntityInstanceService instanceService;

@Mock private TrackerAccessManager trackerAccessManager;

@Mock private FileResourceService fileResourceService;

@Mock private TrackedEntityInstance trackedEntityInstance;

@Mock private TrackedEntityInstanceSupportService trackedEntityInstanceSupportService;

private static final String ENDPOINT = TrackedEntityInstanceSchemaDescriptor.API_ENDPOINT;

@BeforeEach
Expand All @@ -114,15 +116,13 @@ public void setUp() throws BadRequestException, IOException {
null,
currentUserService,
fileResourceService,
trackerAccessManager,
null,
trackedEntityInstanceSupportService,
null,
new TrackedEntityInstanceStrategyImpl(
trackedEntityInstanceSyncStrategy, trackedEntityInstanceAsyncStrategy),
config);

mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
when(currentUserService.getCurrentUser()).thenReturn(user);
}

@Test
Expand All @@ -132,6 +132,10 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {
TrackedEntityAttribute attribute = new TrackedEntityAttribute();
attribute.setUid(attributeUid);
attribute.setValueType(ValueType.IMAGE);
TrackedEntityTypeAttribute teta = new TrackedEntityTypeAttribute();
teta.setUid(attributeUid);
TrackedEntityType trackedEntityType = new TrackedEntityType();
trackedEntityType.setTrackedEntityTypeAttributes(List.of(teta));
TrackedEntityAttributeValue attributeValue = new TrackedEntityAttributeValue();
attributeValue.setAttribute(attribute);
attributeValue.setValue("fileName");
Expand All @@ -143,13 +147,13 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {

File file = new ClassPathResource("images/dhis2.png").getFile();

when(instanceService.getTrackedEntityInstance(teUid)).thenReturn(trackedEntityInstance);
when(trackedEntityInstance.getTrackedEntityAttributeValues())
.thenReturn(Set.of(attributeValue));
when(fileResourceService.getFileResource("fileName")).thenReturn(fileResource);
when(fileResourceService.getFileResourceContent(fileResource))
.thenReturn(new FileInputStream(file));
when(config.getProperty(ConfigurationKey.CSP_HEADER_VALUE)).thenReturn("script-src 'none';");
when(trackedEntityInstanceSupportService.getTrackedEntityAttributeValue(
teUid, attributeUid, null))
.thenReturn(attributeValue);

mockMvc
.perform(
Expand All @@ -166,7 +170,7 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {

@Test
void shouldCallSyncStrategy() throws Exception {

when(currentUserService.getCurrentUser()).thenReturn(user);
when(trackedEntityInstanceSyncStrategy.mergeOrDeleteTrackedEntityInstances(any()))
.thenReturn(new ImportSummaries());

Expand All @@ -181,6 +185,7 @@ void shouldCallSyncStrategy() throws Exception {

@Test
void shouldCallAsyncStrategy() throws Exception {
when(currentUserService.getCurrentUser()).thenReturn(user);
mockMvc
.perform(
post(ENDPOINT)
Expand Down
Loading

0 comments on commit 3c4bd5d

Please sign in to comment.