Example 1 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class ManualAuditController method displayManualAuditResultFromContract.
/**
* General router when receive audit-result request. Regarding the scope of
* the audit, the returned page may differ.
*
* @param auditId
* @param request
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.MANUAL_AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayManualAuditResultFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, Model model) {
try {
Audit audit = getAuditDataService().read(Long.valueOf(auditId));
Act act = getActDataService().getActFromAudit(audit);
switch(act.getScope().getCode()) {
case FILE:
case PAGE:
if (!getContractDataService().doesContractHaveFunctionality(act.getContract(), manualAuditFunctionalityKey)) {
return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
}
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
return TgolKeyStore.MANUAL_AUDIT_RESULT_VIEW_REDIRECT_NAME;
case DOMAIN:
case SCENARIO:
case GROUPOFFILES:
case GROUPOFPAGES:
default:
throw new ForbiddenPageException();
}
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
}
Also used :
Audit(org.asqatasun.entity.audit.Audit)
Act(org.asqatasun.webapp.entity.contract.Act)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 2 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class PageListController method pageLinkDispatcher.
/**
* This method dispatches the result depending on the parameters passed to
* the request. Only multi-pages audit are considered here.
*
* @param request
* @param webResource
* @param model
* @return
* @throws Exception
*/
private String pageLinkDispatcher(HttpServletRequest request, Audit audit, Model model) throws Exception {
if (audit.getSubject() instanceof Page) {
throw new ForbiddenPageException();
}
String status = ServletRequestUtils.getStringParameter(request, TgolKeyStore.STATUS_KEY);
HttpStatusCodeFamily httpStatusCode = getHttpStatusCodeFamily(status);
// the repartion of the pages regarding the httpStatusCode
if (httpStatusCode == null) {
if (!isAuthorizedScopeForPageList(audit)) {
throw new ForbiddenScopeException();
}
try {
Contract currentContract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
if (StringUtils.isNotBlank(testLabel)) {
model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
}
return this.preparePageListData(audit, model);
} catch (ServletRequestBindingException e) {
return TgolKeyStore.OUPS_VIEW_REDIRECT_NAME;
}
} else {
boolean isAuthorizedScopeForPageList = isAuthorizedScopeForPageList(audit);
Contract currentContract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
// used in the jsp
if (!isAuthorizedScopeForPageList) {
model.addAttribute(TgolKeyStore.AUDIT_NUMBER_KEY, true);
}
String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
if (StringUtils.isNotBlank(testLabel)) {
model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
}
return this.preparePageListStatsByHttpStatusCode(audit, model, httpStatusCode, request, false);
}
}
Also used :
ServletRequestBindingException(org.springframework.web.bind.ServletRequestBindingException)
HttpStatusCodeFamily(org.asqatasun.webapp.util.HttpStatusCodeFamily)
Page(org.asqatasun.entity.subject.Page)
ForbiddenScopeException(org.asqatasun.webapp.exception.ForbiddenScopeException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Example 3 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class ForgottenOrChangePasswordController method changePassword.
/**
*
* @param changePasswordCommand
* @param result
* @param model
* @param request
* @param isrequestFromAdmin
* @return
* @throws Exception
*/
protected String changePassword(ChangePasswordCommand changePasswordCommand, BindingResult result, Model model, HttpServletRequest request, boolean isrequestFromAdmin) throws Exception {
User user = getUserDataService().read((Long) request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
if (forbiddenUserList.contains(user.getEmail1())) {
throw new ForbiddenPageException();
}
// We check whether the form is valid
changePasswordFormValidator.validate(changePasswordCommand, result, user);
// If the form has some errors, we display it again with errors' details
if (result.hasErrors()) {
model.addAttribute(TgolKeyStore.USER_NAME_KEY, user.getEmail1());
return displayChangePasswordFormWithErrors(model, changePasswordCommand, isrequestFromAdmin);
}
request.getSession().removeAttribute(TgolKeyStore.USER_ID_KEY);
model.addAttribute(TgolKeyStore.PASSWORD_MODIFIED_KEY, true);
updateUserPassword(user, changePasswordCommand);
if (isrequestFromAdmin) {
return displayChangePasswordFromAdminPage(user.getId().toString(), request, model);
} else {
return displayChangePasswordFromUserPage(user.getId().toString(), request.getParameter("token"), request, model);
}
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Example 4 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class ContractManagementController method editContractAdminPage.
/**
* @param contractId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String editContractAdminPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lContractId;
try {
lContractId = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
Contract contract = getContractDataService().read(lContractId);
if (contract == null) {
throw new ForbiddenPageException();
}
request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
return prepateDataAndReturnCreateContractView(model, contract.getUser(), contract, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Also used :
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 5 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditSetUpControllerTest method testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality.
public void testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality() {
System.out.println("testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality");
setUpMockUserDataServiceAndUser();
setUpMockAuthenticationContext();
setUpMockContractDataService(2, "Contract1");
setUpEmptyViewFunctionalityBindingMap();
// regarding the viewFunctionalityBindingMap. An exception is caught
try {
instance.displayUploadAuditSetUp("2", null, null, new ExtendedModelMap());
assertTrue(false);
} catch (ForbiddenPageException fue) {
assertTrue(true);
}
}
Also used :
ExtendedModelMap(org.springframework.ui.ExtendedModelMap)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Aggregations
ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)35
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15
Secured (org.springframework.security.access.annotation.Secured)13
Contract (org.asqatasun.webapp.entity.contract.Contract)12
ExtendedModelMap (org.springframework.ui.ExtendedModelMap)11
Audit (org.asqatasun.entity.audit.Audit)10
ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)8
WebResource (org.asqatasun.entity.subject.WebResource)6
User (org.asqatasun.webapp.entity.user.User)5
Site (org.asqatasun.entity.subject.Site)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
Page (org.asqatasun.entity.subject.Page)2
Act (org.asqatasun.webapp.entity.contract.Act)2
Scenario (org.asqatasun.webapp.entity.scenario.Scenario)2
Model (org.springframework.ui.Model)2
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
