Skip to content

Commit

Permalink
fix: Analytics outliers: incorrect validation of org. units[DHIS2-169…
Browse files Browse the repository at this point in the history 
…51] (#16678)

* fix. Analytics outliers: incorrect validation of org. units[DHIS2-16951]

* fix: Analytics outliers: incorrect validation of org. units[DHIS2-16951]

* e2e test fix

* qa issue

* e2e test fix

* user rights to see outliers
  • Loading branch information
@d-bernat
d-bernat authored Mar 4, 2024
1 parent 180e3e0 commit bcf72bb
Show file tree
Hide file tree
Showing 4 changed files with 284 additions and 14 deletions.
1 change: 1 addition & 0 deletions dhis-2/dhis-api/src/main/java/org/hisp/dhis/feedback/ErrorCode.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -536,6 +536,7 @@ public enum ErrorCode {
E7619("Value must match value type of data element `{0}`: `{1}`"),
E7620("Invalid comment: {0}"),
E7621("Data value is not a valid option of the data element option set: `{0}`"),
E7622("Current user `{0}` has no access to any organisation unit data"),
// Data Value constraints
E7630("Category option combo is required but is not specified"),
E7631("Attribute option combo is required but is not specified"),
Expand Down
26 changes: 15 additions & 11 deletions ...vice-analytics/src/main/java/org/hisp/dhis/analytics/outlier/data/OutlierQueryParser.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@
import static org.hisp.dhis.analytics.outlier.Order.getOrderBy;
import static org.hisp.dhis.commons.util.TextUtils.EMPTY;
import static org.hisp.dhis.feedback.ErrorCode.E7617;
import static org.hisp.dhis.feedback.ErrorCode.E7622;

import java.util.ArrayList;
import java.util.Collection;
Expand Down Expand Up @@ -175,24 +176,27 @@ private List<OrganisationUnit> getOrganisationUnits(OutlierQueryParams queryPara
String currentUsername = CurrentUserUtil.getCurrentUsername();
User currentUser = userService.getUserByUsername(currentUsername);

Set<OrganisationUnit> organisationUnitsSecurityConstrain =
currentUser == null || !currentUser.hasDataViewOrganisationUnit()
? Set.of()
: currentUser.getDataViewOrganisationUnits();
Set<OrganisationUnit> userOrganisationUnits;

if (currentUser != null && currentUser.hasOrganisationUnit()) {
userOrganisationUnits = currentUser.getOrganisationUnits();
} else if (currentUser != null && currentUser.hasDataViewOrganisationUnit()) {
userOrganisationUnits = currentUser.getDataViewOrganisationUnits();
} else {
throw new IllegalQueryException(
E7622, currentUser == null ? EMPTY : currentUser.getUsername());
}

if (queryParams.getOu().isEmpty()) {
return organisationUnitsSecurityConstrain.stream().toList();
return userOrganisationUnits.stream().toList();
}

List<OrganisationUnit> validOrganisationUnits =
applySecurityConstrain(
organisationUnitsSecurityConstrain, queryParams.getOu(), currentUser);
applySecurityConstrain(userOrganisationUnits, queryParams.getOu(), currentUser);

if (validOrganisationUnits.isEmpty()) {
throw new IllegalQueryException(
E7617,
String.join(",", queryParams.getOu()),
currentUser == null ? EMPTY : currentUser.getUsername());
E7617, String.join(",", queryParams.getOu()), currentUser.getUsername());
}

return validOrganisationUnits;
Expand Down Expand Up @@ -222,7 +226,7 @@ private List<OrganisationUnit> applySecurityConstrain(
bdo ->
organisationUnitsSecurityConstrain.isEmpty()
|| organisationUnitsSecurityConstrain.stream()
.anyMatch(ou -> bdo.getUid().equals(ou.getUid())))
.anyMatch(((OrganisationUnit) bdo)::isDescendant))
.map(ou -> (OrganisationUnit) ou)
.toList();
}
Expand Down
9 changes: 6 additions & 3 deletions ...-analytics/src/test/java/org/hisp/dhis/analytics/outlier/data/OutlierQueryParserTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.mockito.ArgumentMatchers.anyCollection;
import static org.mockito.ArgumentMatchers.anyList;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.when;
Expand Down Expand Up @@ -82,11 +83,13 @@ void setup() {
anyList(), eq(DisplayProperty.NAME), anyList(), eq(IdScheme.UID)))
.thenReturn(baseDimensionalObject);

subject = new OutlierQueryParser(idObjectManager, dimensionalObjectProducer, userService);

User user = new User();
user.setUsername("test");
user.setDataViewOrganisationUnits(Set.of(organisationUnit));
injectSecurityContext(UserDetails.fromUser(user));
when(userService.getUserByUsername(anyString())).thenReturn(user);

subject = new OutlierQueryParser(idObjectManager, dimensionalObjectProducer, userService);
}

@Test
Expand Down Expand Up @@ -120,6 +123,6 @@ void testGetFromQueryNoOrgUnit() {
// when
OutlierRequest request = subject.getFromQuery(params, false);
// then
assertEquals(0, (long) request.getOrgUnits().size());
assertEquals(1, (long) request.getOrgUnits().size());
}
}
262 changes: 262 additions & 0 deletions ...is-test-e2e/src/test/java/org/hisp/dhis/analytics/outlier/OutliersDetection6AutoTest.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
/*
* Copyright (c) 2004-2024, University of Oslo
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this
* list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
* Neither the name of the HISP project nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
* ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
package org.hisp.dhis.analytics.outlier;

import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hisp.dhis.analytics.ValidationHelper.validateHeader;
import static org.hisp.dhis.analytics.ValidationHelper.validateRow;
import static org.skyscreamer.jsonassert.JSONAssert.assertEquals;

import java.util.List;
import java.util.Map;
import org.hisp.dhis.AnalyticsApiTest;
import org.hisp.dhis.actions.analytics.AnalyticsOutlierDetectionActions;
import org.hisp.dhis.dto.ApiResponse;
import org.hisp.dhis.helpers.QueryParamsBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.junit.jupiter.api.Test;

/** Groups e2e tests for "/analytics/outlierDetection" endpoint. */
public class OutliersDetection6AutoTest extends AnalyticsApiTest {
private AnalyticsOutlierDetectionActions actions = new AnalyticsOutlierDetectionActions();

@Test
public void queryOutliertest21() throws JSONException {
// Given
QueryParamsBuilder params =
new QueryParamsBuilder()
.add("pe=THIS_YEAR")
.add("ou=eIQbndfxQMb")
.add("maxResults=5")
.add("orderBy=modifiedZScore")
.add("threshold=3")
.add("ds=BfMAe6Itzgt")
.add("algorithm=MODIFIED_Z_SCORE")
.add("relativePeriodDate=2022-07-26");

// When
ApiResponse response = actions.query().get("", JSON, JSON, params);

// Then
response
.validate()
.statusCode(200)
.body("headers", hasSize(equalTo(18)))
.body("rows", hasSize(equalTo(5)))
.body("height", equalTo(5))
.body("width", equalTo(18))
.body("headerWidth", equalTo(18));

// Assert metaData.
String expectedMetaData =
"{\"count\":5,\"orderBy\":\"MODIFIED_Z_SCORE\",\"threshold\":\"3.0\",\"maxResults\":5,\"algorithm\":\"MODIFIED_Z_SCORE\"}";
String actualMetaData = new JSONObject((Map) response.extract("metaData")).toString();
assertEquals(expectedMetaData, actualMetaData, false);

// Assert headers.
validateHeader(response, 0, "dx", "Data", "TEXT", "java.lang.String", false, false);
validateHeader(response, 1, "dxname", "Data name", "TEXT", "java.lang.String", false, false);
validateHeader(response, 2, "pe", "Period", "TEXT", "java.lang.String", false, false);
validateHeader(response, 3, "pename", "Period name", "TEXT", "java.lang.String", false, false);
validateHeader(
response, 4, "ou", "Organisation unit", "TEXT", "java.lang.String", false, false);
validateHeader(
response, 5, "ouname", "Organisation unit name", "TEXT", "java.lang.String", false, false);
validateHeader(
response,
6,
"ounamehierarchy",
"Organisation unit name hierarchy",
"TEXT",
"java.lang.String",
false,
false);
validateHeader(
response, 7, "coc", "Category option combo", "TEXT", "java.lang.String", false, false);
validateHeader(
response,
8,
"cocname",
"Category option combo name",
"TEXT",
"java.lang.String",
false,
false);
validateHeader(
response, 9, "aoc", "Attribute option combo", "TEXT", "java.lang.String", false, false);
validateHeader(
response,
10,
"aocname",
"Attribute option combo name",
"TEXT",
"java.lang.String",
false,
false);
validateHeader(response, 11, "value", "Value", "NUMBER", "java.lang.Double", false, false);
validateHeader(response, 12, "median", "Median", "NUMBER", "java.lang.Double", false, false);
validateHeader(
response,
13,
"medianabsdeviation",
"Median absolute deviation",
"NUMBER",
"java.lang.Double",
false,
false);
validateHeader(
response, 14, "absdev", "Absolute deviation", "NUMBER", "java.lang.Double", false, false);
validateHeader(
response,
15,
"modifiedzscore",
"Modified Z-score",
"NUMBER",
"java.lang.Double",
false,
false);
validateHeader(
response, 16, "lowerbound", "Lower boundary", "NUMBER", "java.lang.Double", false, false);
validateHeader(
response, 17, "upperbound", "Upper boundary", "NUMBER", "java.lang.Double", false, false);

// Assert rows.
validateRow(
response,
0,
List.of(
"tU7GixyHhsv",
"Vitamin A given to < 5y",
"202206",
"202206",
"scc4QyxenJd",
"Makali CHC",
"Sierra Leone / Tonkolili / Kunike Barina / Makali CHC",
"Prlt0C1RF0s",
"Fixed, <1y",
"HllvX50cXC0",
"default",
"714.0",
"10.0",
"3.0",
"704.0",
"158.28",
"-3.34",
"23.34"));
validateRow(
response,
1,
List.of(
"qw2sIef52Fu",
"Children getting therapeutic feeding",
"202205",
"202205",
"sesv0eXljBq",
"Yele CHC",
"Sierra Leone / Tonkolili / Gbonkonlenken / Yele CHC",
"Prlt0C1RF0s",
"Fixed, <1y",
"HllvX50cXC0",
"default",
"55.0",
"8.0",
"1.0",
"47.0",
"31.7",
"3.55",
"12.45"));
validateRow(
response,
2,
List.of(
"pnL2VG8Bn7N",
"Weight for height 70-79 percent",
"202201",
"202201",
"Ahh47q8AkId",
"Mabang CHC",
"Sierra Leone / Tonkolili / Kholifa Mabang / Mabang CHC",
"Prlt0C1RF0s",
"Fixed, <1y",
"HllvX50cXC0",
"default",
"25.0",
"3.0",
"1.0",
"22.0",
"14.84",
"-1.45",
"7.45"));
validateRow(
response,
3,
List.of(
"bTcRDVjC66S",
"Weight for age below lower line (red)",
"202201",
"202201",
"Ahh47q8AkId",
"Mabang CHC",
"Sierra Leone / Tonkolili / Kholifa Mabang / Mabang CHC",
"Prlt0C1RF0s",
"Fixed, <1y",
"HllvX50cXC0",
"default",
"24.0",
"4.0",
"1.0",
"20.0",
"13.49",
"-0.45",
"8.45"));
validateRow(
response,
4,
List.of(
"tU7GixyHhsv",
"Vitamin A given to < 5y",
"202202",
"202202",
"wB4R3E1X6pC",
"Masanga Leprosy Hospital",
"Sierra Leone / Tonkolili / Kholifa Rowalla / Masanga Leprosy Hospital",
"psbwp3CQEhs",
"Fixed, >1y",
"HllvX50cXC0",
"default",
"26.0",
"10.0",
"1.0",
"16.0",
"10.79",
"5.55",
"14.45"));
}
}

0 comments on commit bcf72bb

Please sign in to comment.