dhis2 · muilpp · Oct 18, 2024 · Oct 17, 2024 · Oct 17, 2024 · Oct 17, 2024
diff --git a/dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttributeService.java b/dhis-2/dhis-api/src/main/java/org/hisp/dhis/trackedentity/TrackedEntityAttributeService.java
@@ -120,6 +120,10 @@ public interface TrackedEntityAttributeService {
 
   Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(User user);
 
+  Set<TrackedEntityAttribute> getProgramAttributes(Program program);
+
+  Set<TrackedEntityAttribute> getTrackedEntityTypeAttributes(TrackedEntityType trackedEntityType);
+
   Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(
       User user, List<Program> programs, List<TrackedEntityType> trackedEntityTypes);
 

diff --git a/...-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java b/...-core/src/main/java/org/hisp/dhis/trackedentity/DefaultTrackedEntityAttributeService.java
@@ -328,6 +328,21 @@ public Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(Use
     return getAllUserReadableTrackedEntityAttributes(user, programs, trackedEntityTypes);
   }
 
+  @Transactional(readOnly = true)
+  @Override
+  public Set<TrackedEntityAttribute> getProgramAttributes(Program program) {
+    return getAllUserReadableTrackedEntityAttributes(
+        currentUserService.getCurrentUser(), List.of(program), List.of());
+  }
+
+  @Transactional(readOnly = true)
+  @Override
+  public Set<TrackedEntityAttribute> getTrackedEntityTypeAttributes(
+      TrackedEntityType trackedEntityType) {
+    return getAllUserReadableTrackedEntityAttributes(
+        currentUserService.getCurrentUser(), List.of(), List.of(trackedEntityType));
+  }
+
   @Override
   @Transactional(readOnly = true)
   public Set<TrackedEntityAttribute> getAllUserReadableTrackedEntityAttributes(

diff --git a/.../src/main/java/org/hisp/dhis/webapi/controller/event/TrackedEntityInstanceController.java b/.../src/main/java/org/hisp/dhis/webapi/controller/event/TrackedEntityInstanceController.java
@@ -47,7 +47,6 @@
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.List;
-import java.util.stream.Collectors;
 import javax.imageio.ImageIO;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -86,13 +85,12 @@
 import org.hisp.dhis.schema.descriptors.TrackedEntityInstanceSchemaDescriptor;
 import org.hisp.dhis.system.grid.GridUtils;
 import org.hisp.dhis.trackedentity.TrackedEntityInstanceQueryParams;
-import org.hisp.dhis.trackedentity.TrackerAccessManager;
 import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
 import org.hisp.dhis.user.CurrentUserService;
-import org.hisp.dhis.user.User;
 import org.hisp.dhis.webapi.controller.event.mapper.TrackedEntityCriteriaMapper;
 import org.hisp.dhis.webapi.controller.event.webrequest.TrackedEntityInstanceCriteria;
 import org.hisp.dhis.webapi.controller.exception.BadRequestException;
+import org.hisp.dhis.webapi.controller.exception.NotFoundException;
 import org.hisp.dhis.webapi.mvc.annotation.ApiVersion;
 import org.hisp.dhis.webapi.service.ContextService;
 import org.hisp.dhis.webapi.service.TrackedEntityInstanceSupportService;
@@ -141,8 +139,6 @@ public class TrackedEntityInstanceController {
 
   private final FileResourceService fileResourceService;
 
-  private final TrackerAccessManager trackerAccessManager;
-
   private final TrackedEntityInstanceSupportService trackedEntityInstanceSupportService;
 
   private final TrackedEntityCriteriaMapper criteriaMapper;
@@ -199,35 +195,23 @@ public class TrackedEntityInstanceController {
   public void getAttributeImage(
       @PathVariable("teiId") String teiId,
       @PathVariable("attributeId") String attributeId,
+      @RequestParam(required = false) String programId,
       @RequestParam(required = false) Integer width,
       @RequestParam(required = false) Integer height,
       @RequestParam(required = false) ImageFileDimension dimension,
       HttpServletResponse response)
       throws WebMessageException {
-    User user = currentUserService.getCurrentUser();
-
-    org.hisp.dhis.trackedentity.TrackedEntityInstance trackedEntityInstance =
-        instanceService.getTrackedEntityInstance(teiId);
-
-    List<String> trackerAccessErrors = trackerAccessManager.canRead(user, trackedEntityInstance);
-
-    List<TrackedEntityAttributeValue> attribute =
-        trackedEntityInstance.getTrackedEntityAttributeValues().stream()
-            .filter(val -> val.getAttribute().getUid().equals(attributeId))
-            .collect(Collectors.toList());
-
-    if (!trackerAccessErrors.isEmpty()) {
-      throw new WebMessageException(
-          unauthorized(
-              "You're not authorized to access the TrackedEntityInstance with id: " + teiId));
-    }
-
-    if (attribute.size() == 0) {
-      throw new WebMessageException(notFound("Attribute not found for ID " + attributeId));
+    TrackedEntityAttributeValue value;
+    try {
+      value =
+          trackedEntityInstanceSupportService.getTrackedEntityAttributeValue(
+              teiId, attributeId, programId);
+    } catch (NotFoundException e) {
+      throw new WebMessageException(notFound(e.getMessage()));
+    } catch (IllegalAccessException e) {
+      throw new WebMessageException(unauthorized(e.getMessage()));
     }
 
-    TrackedEntityAttributeValue value = attribute.get(0);
-
     if (value == null) {
       throw new WebMessageException(notFound("Value not found for ID " + attributeId));
     }

diff --git a/...b-api/src/main/java/org/hisp/dhis/webapi/service/TrackedEntityInstanceSupportService.java b/...b-api/src/main/java/org/hisp/dhis/webapi/service/TrackedEntityInstanceSupportService.java
@@ -31,6 +31,7 @@
 
 import com.google.common.base.Joiner;
 import java.util.List;
+import java.util.Set;
 import java.util.stream.Collectors;
 import lombok.RequiredArgsConstructor;
 import lombok.SneakyThrows;
@@ -43,14 +44,17 @@
 import org.hisp.dhis.program.Program;
 import org.hisp.dhis.program.ProgramService;
 import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
+import org.hisp.dhis.trackedentity.TrackedEntityAttributeService;
 import org.hisp.dhis.trackedentity.TrackedEntityType;
 import org.hisp.dhis.trackedentity.TrackedEntityTypeService;
 import org.hisp.dhis.trackedentity.TrackerAccessManager;
 import org.hisp.dhis.trackedentity.TrackerOwnershipManager;
+import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
 import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.webapi.controller.exception.NotFoundException;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 /** This service should not be used in the new tracker. */
 @Service
@@ -69,6 +73,8 @@ public class TrackedEntityInstanceSupportService {
 
   private final TrackedEntityTypeService trackedEntityTypeService;
 
+  private final TrackedEntityAttributeService attributeService;
+
   @SneakyThrows
   public TrackedEntityInstance getTrackedEntityInstance(String id, String pr, List<String> fields) {
     User user = currentUserService.getCurrentUser();
@@ -167,4 +173,49 @@ public TrackedEntityInstanceParams getTrackedEntityInstanceParams(List<String> f
 
     return params;
   }
+
+  @Transactional(readOnly = true)
+  public TrackedEntityAttributeValue getTrackedEntityAttributeValue(
+      String teiUid, String attributeUid, String programUid)
+      throws NotFoundException, IllegalAccessException {
+    User currentUser = currentUserService.getCurrentUser();
+
+    org.hisp.dhis.trackedentity.TrackedEntityInstance trackedEntity =
+        instanceService.getTrackedEntityInstance(teiUid);
+    if (trackedEntity == null) {
+      throw new NotFoundException("Tracked entity not found for ID " + teiUid);
+    }
+
+    Set<TrackedEntityAttribute> trackedEntityAttributes;
+    if (programUid != null) {
+      Program program = programService.getProgram(programUid);
+      if (program == null) {
+        throw new NotFoundException("Program not found for ID " + programUid);
+      }
+
+      if (!trackerAccessManager.canRead(currentUser, trackedEntity, program, false).isEmpty()) {
+        throw new IllegalAccessException(
+            "You're not authorized to access the TrackedEntity with id: " + teiUid);
+      }
+
+      trackedEntityAttributes = attributeService.getProgramAttributes(program);
+    } else {
+      if (!trackerAccessManager.canRead(currentUser, trackedEntity).isEmpty()) {
+        throw new IllegalAccessException(
+            "You're not authorized to access the TrackedEntity with id: " + teiUid);
+      }
+
+      trackedEntityAttributes =
+          attributeService.getTrackedEntityTypeAttributes(trackedEntity.getTrackedEntityType());
+    }
+
+    if (trackedEntityAttributes.stream().noneMatch(tea -> tea.getUid().equals(attributeUid))) {
+      throw new NotFoundException("Attribute not found for ID " + attributeUid);
+    }
+
+    return trackedEntity.getTrackedEntityAttributeValues().stream()
+        .filter(val -> val.getAttribute().getUid().equals(attributeUid))
+        .findFirst()
+        .orElseThrow(() -> new NotFoundException("Value not found for ID " + attributeUid));
+  }
 }
diff --git a/.../test/java/org/hisp/dhis/webapi/controller/event/TrackedEntityInstanceControllerTest.java b/.../test/java/org/hisp/dhis/webapi/controller/event/TrackedEntityInstanceControllerTest.java
@@ -42,7 +42,7 @@
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
-import java.util.Set;
+import java.util.List;
 import org.hisp.dhis.common.CodeGenerator;
 import org.hisp.dhis.common.ValueType;
 import org.hisp.dhis.dxf2.events.trackedentity.TrackedEntityInstanceService;
@@ -56,11 +56,13 @@
 import org.hisp.dhis.schema.descriptors.TrackedEntityInstanceSchemaDescriptor;
 import org.hisp.dhis.trackedentity.TrackedEntityAttribute;
 import org.hisp.dhis.trackedentity.TrackedEntityInstance;
-import org.hisp.dhis.trackedentity.TrackerAccessManager;
+import org.hisp.dhis.trackedentity.TrackedEntityType;
+import org.hisp.dhis.trackedentity.TrackedEntityTypeAttribute;
 import org.hisp.dhis.trackedentityattributevalue.TrackedEntityAttributeValue;
 import org.hisp.dhis.user.CurrentUserService;
 import org.hisp.dhis.user.User;
 import org.hisp.dhis.webapi.controller.exception.BadRequestException;
+import org.hisp.dhis.webapi.service.TrackedEntityInstanceSupportService;
 import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceAsyncStrategyImpl;
 import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceStrategyImpl;
 import org.hisp.dhis.webapi.strategy.old.tracker.imports.impl.TrackedEntityInstanceSyncStrategyImpl;
@@ -95,12 +97,12 @@ class TrackedEntityInstanceControllerTest {
 
   @Mock private org.hisp.dhis.trackedentity.TrackedEntityInstanceService instanceService;
 
-  @Mock private TrackerAccessManager trackerAccessManager;
-
   @Mock private FileResourceService fileResourceService;
 
   @Mock private TrackedEntityInstance trackedEntityInstance;
 
+  @Mock private TrackedEntityInstanceSupportService trackedEntityInstanceSupportService;
+
   private static final String ENDPOINT = TrackedEntityInstanceSchemaDescriptor.API_ENDPOINT;
 
   @BeforeEach
@@ -114,15 +116,13 @@ public void setUp() throws BadRequestException, IOException {
             null,
             currentUserService,
             fileResourceService,
-            trackerAccessManager,
-            null,
+            trackedEntityInstanceSupportService,
             null,
             new TrackedEntityInstanceStrategyImpl(
                 trackedEntityInstanceSyncStrategy, trackedEntityInstanceAsyncStrategy),
             config);
 
     mockMvc = MockMvcBuilders.standaloneSetup(controller).build();
-    when(currentUserService.getCurrentUser()).thenReturn(user);
   }
 
   @Test
@@ -132,6 +132,10 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {
     TrackedEntityAttribute attribute = new TrackedEntityAttribute();
     attribute.setUid(attributeUid);
     attribute.setValueType(ValueType.IMAGE);
+    TrackedEntityTypeAttribute teta = new TrackedEntityTypeAttribute();
+    teta.setUid(attributeUid);
+    TrackedEntityType trackedEntityType = new TrackedEntityType();
+    trackedEntityType.setTrackedEntityTypeAttributes(List.of(teta));
     TrackedEntityAttributeValue attributeValue = new TrackedEntityAttributeValue();
     attributeValue.setAttribute(attribute);
     attributeValue.setValue("fileName");
@@ -143,13 +147,13 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {
 
     File file = new ClassPathResource("images/dhis2.png").getFile();
 
-    when(instanceService.getTrackedEntityInstance(teUid)).thenReturn(trackedEntityInstance);
-    when(trackedEntityInstance.getTrackedEntityAttributeValues())
-        .thenReturn(Set.of(attributeValue));
     when(fileResourceService.getFileResource("fileName")).thenReturn(fileResource);
     when(fileResourceService.getFileResourceContent(fileResource))
         .thenReturn(new FileInputStream(file));
     when(config.getProperty(ConfigurationKey.CSP_HEADER_VALUE)).thenReturn("script-src 'none';");
+    when(trackedEntityInstanceSupportService.getTrackedEntityAttributeValue(
+            teUid, attributeUid, null))
+        .thenReturn(attributeValue);
 
     mockMvc
         .perform(
@@ -166,7 +170,7 @@ void shouldRetrieveImageAsAnAttachment() throws Exception {
 
   @Test
   void shouldCallSyncStrategy() throws Exception {
-
+    when(currentUserService.getCurrentUser()).thenReturn(user);
     when(trackedEntityInstanceSyncStrategy.mergeOrDeleteTrackedEntityInstances(any()))
         .thenReturn(new ImportSummaries());
 
@@ -181,6 +185,7 @@ void shouldCallSyncStrategy() throws Exception {
 
   @Test
   void shouldCallAsyncStrategy() throws Exception {
+    when(currentUserService.getCurrentUser()).thenReturn(user);
     mockMvc
         .perform(
             post(ENDPOINT)