Example 26 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditScenarioController method deleteScenarioFile.
@RequestMapping(value = TgolKeyStore.DELETE_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String deleteScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletRequest request, HttpServletResponse response, Model model) {
Contract contract = getContractDataService().read(Long.valueOf(contractId));
if (contract.getUser().getId().equals(getCurrentUser().getId())) {
for (Scenario scenario : contract.getScenarioSet()) {
if (scenario.getId().equals(Long.valueOf(scenarioId))) {
deleteScenario(scenario, contract);
model.addAttribute(TgolKeyStore.DELETED_SCENARIO_NAME_KEY, scenario.getLabel());
prepareScenarioManagementData(model, contractId);
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
}
throw new ForbiddenPageException(getCurrentUser());
} else {
throw new ForbiddenPageException(getCurrentUser());
}
}
Also used :
Contract(org.asqatasun.webapp.entity.contract.Contract)
Scenario(org.asqatasun.webapp.entity.scenario.Scenario)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 27 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditSynthesisController method displayAuditSynthesisFromContract.
/**
*
* @param auditId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.AUDIT_SYNTHESIS_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long aId;
try {
aId = Long.valueOf(auditId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
Audit audit = getAuditDataService().read(aId);
if (isUserAllowedToDisplayResult(audit)) {
if (isAuthorizedScopeForSynthesis(audit)) {
Contract contract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
return prepareSynthesisSiteData(audit, model);
} else {
throw new ForbiddenPageException();
}
} else {
throw new ForbiddenUserException();
}
}
Also used :
Audit(org.asqatasun.entity.audit.Audit)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 28 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class PageListControllerTest method testDisplayPageListWithPageAudit.
/**
* The PageList cannot be displayed when the webResource is a Page
* instance. The returned view is an access denied in this case.
*
* @throws Exception
*/
public void testDisplayPageListWithPageAudit() throws Exception {
System.out.println("testDisplayPageListWithPageAudit");
// The audit with Id 1 is associated with a Page instance
setUpMockAuditDataService(PAGE_AUDIT_ID);
setUpMockUserDataService();
setUpActDataService(false);
setUpMockAuthenticationContext();
HttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(TgolKeyStore.AUDIT_ID_KEY, String.valueOf(PAGE_AUDIT_ID));
try {
instance.displayPageList(request, response, new ExtendedModelMap());
assertTrue(false);
} catch (ForbiddenPageException fbe) {
// The exception is caught when testing if audit.getSubject() is
// an instance of Page
assertTrue(true);
}
}
Also used :
ExtendedModelMap(org.springframework.ui.ExtendedModelMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Example 29 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class PageListControllerTest method testDisplayPageListWithWrongAuditId.
/**
* if the id cannot be converted as Long, the ForbiddenPageException is
* caught.
*
* @throws Exception
*/
public void testDisplayPageListWithWrongAuditId() throws Exception {
System.out.println("testDisplayPageListWithWrongAuditId");
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(TgolKeyStore.AUDIT_ID_KEY, "wrongId");
try {
instance.displayPageList(request, new MockHttpServletResponse(), new ExtendedModelMap());
assertTrue(false);
} catch (ForbiddenPageException fbe) {
assertTrue(StringUtils.equals("java.lang.NumberFormatException: For input string: \"wrongId\"", fbe.getCause().toString()));
}
}
Also used :
ExtendedModelMap(org.springframework.ui.ExtendedModelMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Example 30 with ForbiddenPageException
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditSetUpControllerTest method testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality.
public void testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality() {
System.out.println("testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality");
setUpMockUserDataServiceAndUser();
setUpMockAuthenticationContext();
setUpMockContractDataService(2, "Contract1");
setUpEmptyViewFunctionalityBindingMap();
// regarding the viewFunctionalityBindingMap. An exception is caught
try {
instance.displayPageAuditSetUp("2", null, null, new ExtendedModelMap());
assertTrue(false);
} catch (ForbiddenPageException fue) {
assertTrue(true);
}
}
Also used :
ExtendedModelMap(org.springframework.ui.ExtendedModelMap)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Aggregations
ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)35
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15
Secured (org.springframework.security.access.annotation.Secured)13
Contract (org.asqatasun.webapp.entity.contract.Contract)12
ExtendedModelMap (org.springframework.ui.ExtendedModelMap)11
Audit (org.asqatasun.entity.audit.Audit)10
ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)8
WebResource (org.asqatasun.entity.subject.WebResource)6
User (org.asqatasun.webapp.entity.user.User)5
Site (org.asqatasun.entity.subject.Site)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
Page (org.asqatasun.entity.subject.Page)2
Act (org.asqatasun.webapp.entity.contract.Act)2
Scenario (org.asqatasun.webapp.entity.scenario.Scenario)2
Model (org.springframework.ui.Model)2
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
