@Override public void decideAccess( TrackedEntityInstanceQueryParams params ) { User user = params.isInternalSearch() ? null : currentUserService.getCurrentUser(); if ( params.isOrganisationUnitMode( ALL ) && !currentUserService.currentUserIsAuthorized( Authorities.F_TRACKED_ENTITY_INSTANCE_SEARCH_IN_ALL_ORGUNITS.name() ) && !params.isInternalSearch() ) { throw new IllegalQueryException( "Current user is not authorized to query across all organisation units" ); } if ( params.hasProgram() ) { if ( !aclService.canDataRead( user, params.getProgram() ) ) { throw new IllegalQueryException( "Current user is not authorized to read data from selected program: " + params.getProgram().getUid() ); } if ( params.getProgram().getTrackedEntityType() != null && !aclService.canDataRead( user, params.getProgram().getTrackedEntityType() ) ) { throw new IllegalQueryException( "Current user is not authorized to read data from selected program's tracked entity type: " + params.getProgram().getTrackedEntityType().getUid() ); } } if ( params.hasTrackedEntityType() && !aclService.canDataRead( user, params.getTrackedEntityType() ) ) { throw new IllegalQueryException( "Current user is not authorized to read data from selected tracked entity type: " + params.getTrackedEntityType().getUid() ); } }