Example 1 with ForbiddenUserException
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementController method displayDeleteUserAuditsPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_USER_AUDITS_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserAuditsPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToDelete = getUserDataService().read(lUserId);
model.addAttribute(TgolKeyStore.USER_NAME_TO_DELETE_KEY, userToDelete.getEmail1());
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, userToDelete.getId());
return TgolKeyStore.DELETE_AUDITS_VIEW_NAME;
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Secured(org.springframework.security.access.annotation.Secured)
Example 2 with ForbiddenUserException
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementController method displayDeleteUserPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.DELETE_USER_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToDelete = getUserDataService().read(lUserId);
if (userToDelete == null || getCurrentUser().getId().equals(userToDelete.getId())) {
return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
}
model.addAttribute(TgolKeyStore.USER_NAME_TO_DELETE_KEY, userToDelete.getEmail1());
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, userToDelete.getId());
return TgolKeyStore.DELETE_USER_VIEW_NAME;
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Secured(org.springframework.security.access.annotation.Secured)
Example 3 with ForbiddenUserException
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementController method displayDeleteUserConfirmation.
/**
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.DELETE_USER_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserConfirmation(HttpServletRequest request, HttpServletResponse response, Model model) {
Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
Long lUserId;
if (userId instanceof Long) {
lUserId = (Long) userId;
} else {
try {
lUserId = Long.valueOf(userId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
User user = getCurrentUser();
User userToDelete = getUserDataService().read(lUserId);
if (userToDelete == null || user.getId().equals(userToDelete.getId())) {
return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
}
for (Contract contract : userToDelete.getContractSet()) {
deleteAllAuditsFromContract(contract);
}
getUserDataService().delete(userToDelete.getId());
request.getSession().removeAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_USER_NAME_KEY, userToDelete.getEmail1());
return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
Secured(org.springframework.security.access.annotation.Secured)
Example 4 with ForbiddenUserException
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ForgottenOrChangePasswordController method displayChangePasswordView.
/**
*
* @param email
* @param token
* @param model
* @param request
* @return
*/
private String displayChangePasswordView(String id, String token, Model model, HttpServletRequest request) {
Long userId;
try {
userId = Long.valueOf(id);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
if (StringUtils.isBlank(token)) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
}
User currentUser = getCurrentUser();
User user;
// an admin
if (token.equalsIgnoreCase(TgolKeyStore.AUTHENTICATED_KEY)) {
if (currentUser == null || (!currentUser.getId().equals(userId) && !currentUser.getRole().getRoleName().equals(TgolKeyStore.ROLE_ADMIN_NAME_KEY)) || forbiddenUserList.contains(currentUser.getEmail1())) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
} else {
if (!currentUser.getId().equals(userId)) {
user = getUserDataService().read(userId);
} else {
user = currentUser;
}
}
// the request is submitted through an unauthentified user and the token
// has to be checked.
} else {
user = getUserDataService().read(userId);
try {
// if the token is invalid
if (!tokenManager.checkUserToken(user.getEmail1(), token)) {
model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
} else {
// if the token is valid but the request comes from the
// form submission with success
Object passwordModified = model.asMap().get(TgolKeyStore.PASSWORD_MODIFIED_KEY);
if (passwordModified instanceof Boolean && (Boolean) passwordModified) {
tokenManager.setTokenUsed(token);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
}
} catch (ArrayIndexOutOfBoundsException aioobe) {
model.addAttribute(TgolKeyStore.INVALID_CHANGE_PASSWORD_URL_KEY, true);
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
}
if (user == null) {
return TgolKeyStore.ACCESS_DENIED_VIEW_REDIRECT_NAME;
}
ChangePasswordCommand cpc = new ChangePasswordCommand();
model.addAttribute(TgolKeyStore.CHANGE_PASSWORD_COMMAND_KEY, cpc);
model.addAttribute(TgolKeyStore.USER_NAME_KEY, user.getEmail1());
request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, user.getId());
return TgolKeyStore.CHANGE_PASSWORD_VIEW_NAME;
}
Also used :
ChangePasswordCommand(org.asqatasun.webapp.command.ChangePasswordCommand)
User(org.asqatasun.webapp.entity.user.User)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Example 5 with ForbiddenUserException
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method submitAddContractAdminPage.
/**
* @param createContractCommand
* @param result
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_FROM_CONTRACT_MNGT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitAddContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand createContractCommand, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY);
Long lUserId;
if (userId instanceof Long) {
lUserId = (Long) userId;
} else {
try {
lUserId = Long.valueOf(userId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
// We check whether the form is valid
getCreateContractFormValidator().validate(createContractCommand, result);
// If the form has some errors, we display it again with errors' details
User currentModifiedUser = getUserDataService().read(lUserId);
if (result.hasErrors()) {
return displayFormWithErrors(model, createContractCommand, currentModifiedUser.getEmail1(), lUserId, optionFormFieldMap, TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Contract contract = getContractDataService().create();
contract.setUser(currentModifiedUser);
contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(createContractCommand, contract);
saveOrUpdateContract(contract);
request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contract.getUser().getId());
request.getSession().removeAttribute(TgolKeyStore.USER_ID_KEY);
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
List(java.util.List)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)29
Secured (org.springframework.security.access.annotation.Secured)20
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16
Contract (org.asqatasun.webapp.entity.contract.Contract)15
User (org.asqatasun.webapp.entity.user.User)12
ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)8
Audit (org.asqatasun.entity.audit.Audit)6
WebResource (org.asqatasun.entity.subject.WebResource)4
HttpServletResponse (javax.servlet.http.HttpServletResponse)3
Site (org.asqatasun.entity.subject.Site)3
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3
ExtendedModelMap (org.springframework.ui.ExtendedModelMap)3
Model (org.springframework.ui.Model)3
List (java.util.List)2
SSP (org.asqatasun.entity.audit.SSP)1
Criterion (org.asqatasun.entity.reference.Criterion)1
Test (org.asqatasun.entity.reference.Test)1
Page (org.asqatasun.entity.subject.Page)1
ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)1
