-
Notifications
You must be signed in to change notification settings - Fork 519
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
RESTWS-946: /session endpoint throws an error if user doesn't have Ge…
…t Providers privilege (#613)
- Loading branch information
1 parent
57b2e5e
commit 5564667
Showing
4 changed files
with
123 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
60 changes: 60 additions & 0 deletions
60
.../openmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| /** | ||
| * This Source Code Form is subject to the terms of the Mozilla Public License, | ||
| * v. 2.0. If a copy of the MPL was not distributed with this file, You can | ||
| * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under | ||
| * the terms of the Healthcare Disclaimer located at http://openmrs.org/license. | ||
| * | ||
| * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS | ||
| * graphic logo is a trademark of OpenMRS Inc. | ||
| */ | ||
| package org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs2_0; | ||
|
|
||
| import java.util.Collection; | ||
| import java.util.HashSet; | ||
|
|
||
| import org.openmrs.Provider; | ||
| import org.openmrs.User; | ||
| import org.openmrs.api.context.Context; | ||
| import org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs1_9.SessionController1_9; | ||
| import org.openmrs.util.PrivilegeConstants; | ||
| import org.slf4j.Logger; | ||
| import org.slf4j.LoggerFactory; | ||
| import org.springframework.stereotype.Controller; | ||
| import org.springframework.web.bind.annotation.RequestMapping; | ||
|
|
||
| /** | ||
| * @see SessionController1_9 | ||
| */ | ||
| @Controller | ||
| @RequestMapping | ||
| public class SessionController2_0 extends SessionController1_9 { | ||
|
|
||
| private static final Logger log = LoggerFactory.getLogger(SessionController2_0.class); | ||
|
|
||
| /** | ||
| * @see SessionController1_9#getCurrentProvider() | ||
| */ | ||
| @Override | ||
| protected Provider getCurrentProvider() { | ||
| Provider currentProvider = null; | ||
| User currentUser = Context.getAuthenticatedUser(); | ||
| if (currentUser != null) { | ||
| Collection<Provider> providers = new HashSet<Provider>(); | ||
| try { | ||
| Context.addProxyPrivilege(PrivilegeConstants.GET_PROVIDERS); | ||
| if (currentUser.getPerson() != null) { | ||
| providers = Context.getProviderService().getProvidersByPerson(currentUser.getPerson(), false); | ||
| } | ||
| } | ||
| finally { | ||
| Context.removeProxyPrivilege(PrivilegeConstants.GET_PROVIDERS); | ||
| } | ||
| if (providers.size() > 1) { | ||
| log.warn("Can't handle users with multiple provider accounts"); | ||
| } else if (providers.size() == 1) { | ||
| currentProvider = providers.iterator().next(); | ||
| } | ||
| } | ||
| return currentProvider; | ||
| } | ||
| } |
43 changes: 43 additions & 0 deletions
43
...nmrs/module/webservices/rest/web/v1_0/controller/openmrs2_0/SessionController2_0Test.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| /** | ||
| * This Source Code Form is subject to the terms of the Mozilla Public License, | ||
| * v. 2.0. If a copy of the MPL was not distributed with this file, You can | ||
| * obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under | ||
| * the terms of the Healthcare Disclaimer located at http://openmrs.org/license. | ||
| * | ||
| * Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS | ||
| * graphic logo is a trademark of OpenMRS Inc. | ||
| */ | ||
| package org.openmrs.module.webservices.rest.web.v1_0.controller.openmrs2_0; | ||
|
|
||
| import org.apache.commons.beanutils.PropertyUtils; | ||
| import org.junit.Assert; | ||
| import org.junit.Test; | ||
| import org.openmrs.api.context.Context; | ||
| import org.openmrs.web.test.BaseModuleWebContextSensitiveTest; | ||
|
|
||
| /** | ||
| * Tests functionality of {@link SessionController2_0} | ||
| */ | ||
| public class SessionController2_0Test extends BaseModuleWebContextSensitiveTest { | ||
|
|
||
| /** | ||
| * @see SessionController2_0#get() | ||
| * @verifies return the session with current provider if the user doesn't have Get Providers privilege | ||
| */ | ||
| @Test | ||
| public void get_shouldReturnCurrentProviderIfTheUserDoesNotHaveGetProvidersPrivilege() throws Exception { | ||
| executeDataSet("sessionControllerTestDataset.xml"); | ||
|
|
||
| // authenticate new user without privileges | ||
| Context.logout(); | ||
| Context.authenticate("test_user", "test"); | ||
| Assert.assertTrue(Context.isAuthenticated()); | ||
|
|
||
| SessionController2_0 controller = Context.getRegisteredComponents(SessionController2_0.class).iterator().next(); | ||
|
|
||
| Object ret = controller.get(); | ||
| Object currentProvider = PropertyUtils.getProperty(ret, "currentProvider"); | ||
| Assert.assertNotNull(currentProvider); | ||
| Assert.assertTrue(currentProvider.toString().contains("Test Provider")); | ||
| } | ||
| } |
19 changes: 19 additions & 0 deletions
19
omod-2.0/src/test/resources/sessionControllerTestDataset.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| <?xml version='1.0' encoding='UTF-8'?> | ||
| <!-- | ||
| This Source Code Form is subject to the terms of the Mozilla Public License, | ||
| v. 2.0. If a copy of the MPL was not distributed with this file, You can | ||
| obtain one at http://mozilla.org/MPL/2.0/. OpenMRS is also distributed under | ||
| the terms of the Healthcare Disclaimer located at http://openmrs.org/license. | ||
| Copyright (C) OpenMRS Inc. OpenMRS is a registered trademark and the OpenMRS | ||
| graphic logo is a trademark of OpenMRS Inc. | ||
| --> | ||
| <dataset> | ||
|
|
||
| <person person_id="601" gender="M" dead="false" birthdate_estimated="0" creator="1" date_created="2008-08-15 15:57:09.0" voided="false" uuid="hy6b4e41-790c-484f-b6ed-71dc3e4222de"/> | ||
| <users user_id="601" person_id="601" system_id="7-5" username="test_user" password="4a1750c8607d0fa237de36c6305715c223415189" salt="c788c6ad82a157b712392ca695dfcf2eed193d7f" creator="1" date_created="2008-08-15 15:57:09.0" retired="false" uuid="06d05314-e132-11de-babe-001e37123456"/> | ||
| <provider provider_id="601" person_id="601" name="Mr. Test Provider" identifier="Test Provider" creator="1" date_created="2008-08-15 15:57:09.0" retired="false" uuid="e1009293-c561-47ae-b112-214052c17888" /> | ||
|
|
||
| </dataset> |