Example 6 with Secured
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method submitAddContractAdminPage.
/**
* @param createContractCommand
* @param result
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_FROM_CONTRACT_MNGT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitAddContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand createContractCommand, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY);
Long lUserId;
if (userId instanceof Long) {
lUserId = (Long) userId;
} else {
try {
lUserId = Long.valueOf(userId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
// We check whether the form is valid
getCreateContractFormValidator().validate(createContractCommand, result);
// If the form has some errors, we display it again with errors' details
User currentModifiedUser = getUserDataService().read(lUserId);
if (result.hasErrors()) {
return displayFormWithErrors(model, createContractCommand, currentModifiedUser.getEmail1(), lUserId, optionFormFieldMap, TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Contract contract = getContractDataService().create();
contract.setUser(currentModifiedUser);
contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(createContractCommand, contract);
saveOrUpdateContract(contract);
request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contract.getUser().getId());
request.getSession().removeAttribute(TgolKeyStore.USER_ID_KEY);
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
List(java.util.List)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 7 with Secured
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method editContractAdminPage.
/**
* @param contractId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String editContractAdminPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lContractId;
try {
lContractId = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
Contract contract = getContractDataService().read(lContractId);
if (contract == null) {
throw new ForbiddenPageException();
}
request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
return prepateDataAndReturnCreateContractView(model, contract.getUser(), contract, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Also used :
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 8 with Secured
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditSynthesisController method displayAuditTestSynthesisFromContract.
/**
*
* @param auditId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long aId;
try {
aId = Long.valueOf(auditId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
Audit audit = getAuditDataService().read(aId);
if (isUserAllowedToDisplayResult(audit)) {
if (isAuthorizedScopeForSynthesis(audit)) {
Contract contract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, getParameterDataService().getReferentialKeyFromAudit(audit));
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
Site site = (Site) audit.getSubject();
//TODO cas manual
addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, getStatisticsDataService().getFailedTestByOccurrence(site, audit, -1));
model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, getSiteScope()));
model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
} else {
throw new ForbiddenPageException();
}
} else {
throw new ForbiddenUserException();
}
}
Also used :
Site(org.asqatasun.entity.subject.Site)
Audit(org.asqatasun.entity.audit.Audit)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 9 with Secured
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AccountSettingsController method displayAccountSettingsPage.
/**
* This method displays the form for an authenticated user
*
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAccountSettingsPage(Model model) {
User user = getCurrentUser();
if (this.forbiddenUserList.contains(user.getEmail1())) {
throw new ForbiddenPageException();
}
secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
}
Also used :
User(org.asqatasun.webapp.entity.user.User)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Example 10 with Secured
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditResultController method displaySourceCodeFromContract.
/**
*
* @param webresourceId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.SOURCE_CODE_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displaySourceCodeFromContract(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, HttpServletRequest request, HttpServletResponse response, Model model) {
WebResource webResource;
try {
webResource = getWebResourceDataService().ligthRead(Long.valueOf(webresourceId));
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
if (webResource instanceof Site) {
throw new ForbiddenPageException();
}
Audit audit = getAuditFromWebResource(webResource);
if (isUserAllowedToDisplayResult(audit)) {
Page page = (Page) webResource;
SSP ssp = getContentDataService().findSSP(page, page.getURL());
model.addAttribute(TgolKeyStore.SOURCE_CODE_KEY, highlightSourceCode(ssp));
ScopeEnum scope = getActDataService().getActFromAudit(audit).getScope().getCode();
if (scope.equals(ScopeEnum.GROUPOFPAGES) || scope.equals(ScopeEnum.PAGE)) {
model.addAttribute(TgolKeyStore.IS_GENERATED_HTML_KEY, true);
}
return TgolKeyStore.SOURCE_CODE_PAGE_VIEW_NAME;
} else {
throw new ForbiddenUserException(getCurrentUser());
}
}
Also used :
Site(org.asqatasun.entity.subject.Site)
Audit(org.asqatasun.entity.audit.Audit)
SSP(org.asqatasun.entity.audit.SSP)
ScopeEnum(org.asqatasun.webapp.entity.contract.ScopeEnum)
WebResource(org.asqatasun.entity.subject.WebResource)
Page(org.asqatasun.entity.subject.Page)
ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Secured(org.springframework.security.access.annotation.Secured)
RequestMapping(org.springframework.web.bind.annotation.RequestMapping)
Aggregations
Secured (org.springframework.security.access.annotation.Secured)36
RequestMapping (org.springframework.web.bind.annotation.RequestMapping)29
ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)20
Contract (org.asqatasun.webapp.entity.contract.Contract)17
User (org.asqatasun.webapp.entity.user.User)14
ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)13
Audit (org.asqatasun.entity.audit.Audit)6
List (java.util.List)4
Scenario (org.asqatasun.webapp.entity.scenario.Scenario)3
Reference (org.asqatasun.entity.reference.Reference)2
Site (org.asqatasun.entity.subject.Site)2
WebResource (org.asqatasun.entity.subject.WebResource)2
Act (org.asqatasun.webapp.entity.contract.Act)2
AuditSetUpFormValidator (org.asqatasun.webapp.validator.AuditSetUpFormValidator)2
IOException (java.io.IOException)1
InputStream (java.io.InputStream)1
SSP (org.asqatasun.entity.audit.SSP)1
Test (org.asqatasun.entity.reference.Test)1
Page (org.asqatasun.entity.subject.Page)1
ScopeEnum (org.asqatasun.webapp.entity.contract.ScopeEnum)1
