Search in sources :

Example 1 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class ManualAuditController method displayManualAuditResultFromContract.

/**
     * General router when receive audit-result request. Regarding the scope of
     * the audit, the returned page may differ.
     *
     * @param auditId
     * @param request
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.MANUAL_AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayManualAuditResultFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, Model model) {
    try {
        Audit audit = getAuditDataService().read(Long.valueOf(auditId));
        Act act = getActDataService().getActFromAudit(audit);
        switch(act.getScope().getCode()) {
            case FILE:
            case PAGE:
                if (!getContractDataService().doesContractHaveFunctionality(act.getContract(), manualAuditFunctionalityKey)) {
                    return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
                }
                model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
                return TgolKeyStore.MANUAL_AUDIT_RESULT_VIEW_REDIRECT_NAME;
            case DOMAIN:
            case SCENARIO:
            case GROUPOFFILES:
            case GROUPOFPAGES:
            default:
                throw new ForbiddenPageException();
        }
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Act(org.asqatasun.webapp.entity.contract.Act) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 2 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class PageListController method pageLinkDispatcher.

/**
     * This method dispatches the result depending on the parameters passed to
     * the request. Only multi-pages audit are considered here.
     *
     * @param request
     * @param webResource
     * @param model
     * @return
     * @throws Exception
     */
private String pageLinkDispatcher(HttpServletRequest request, Audit audit, Model model) throws Exception {
    if (audit.getSubject() instanceof Page) {
        throw new ForbiddenPageException();
    }
    String status = ServletRequestUtils.getStringParameter(request, TgolKeyStore.STATUS_KEY);
    HttpStatusCodeFamily httpStatusCode = getHttpStatusCodeFamily(status);
    // the repartion of the pages regarding the httpStatusCode
    if (httpStatusCode == null) {
        if (!isAuthorizedScopeForPageList(audit)) {
            throw new ForbiddenScopeException();
        }
        try {
            Contract currentContract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
            String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
            if (StringUtils.isNotBlank(testLabel)) {
                model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
            }
            return this.preparePageListData(audit, model);
        } catch (ServletRequestBindingException e) {
            return TgolKeyStore.OUPS_VIEW_REDIRECT_NAME;
        }
    } else {
        boolean isAuthorizedScopeForPageList = isAuthorizedScopeForPageList(audit);
        Contract currentContract = retrieveContractFromAudit(audit);
        model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
        model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
        // used in the jsp
        if (!isAuthorizedScopeForPageList) {
            model.addAttribute(TgolKeyStore.AUDIT_NUMBER_KEY, true);
        }
        String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
        if (StringUtils.isNotBlank(testLabel)) {
            model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
        }
        return this.preparePageListStatsByHttpStatusCode(audit, model, httpStatusCode, request, false);
    }
}
Also used : ServletRequestBindingException(org.springframework.web.bind.ServletRequestBindingException) HttpStatusCodeFamily(org.asqatasun.webapp.util.HttpStatusCodeFamily) Page(org.asqatasun.entity.subject.Page) ForbiddenScopeException(org.asqatasun.webapp.exception.ForbiddenScopeException) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Example 3 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class ForgottenOrChangePasswordController method changePassword.

/**
     * 
     * @param changePasswordCommand
     * @param result
     * @param model
     * @param request
     * @param isrequestFromAdmin
     * @return
     * @throws Exception
     */
protected String changePassword(ChangePasswordCommand changePasswordCommand, BindingResult result, Model model, HttpServletRequest request, boolean isrequestFromAdmin) throws Exception {
    User user = getUserDataService().read((Long) request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
    if (forbiddenUserList.contains(user.getEmail1())) {
        throw new ForbiddenPageException();
    }
    // We check whether the form is valid
    changePasswordFormValidator.validate(changePasswordCommand, result, user);
    // If the form has some errors, we display it again with errors' details
    if (result.hasErrors()) {
        model.addAttribute(TgolKeyStore.USER_NAME_KEY, user.getEmail1());
        return displayChangePasswordFormWithErrors(model, changePasswordCommand, isrequestFromAdmin);
    }
    request.getSession().removeAttribute(TgolKeyStore.USER_ID_KEY);
    model.addAttribute(TgolKeyStore.PASSWORD_MODIFIED_KEY, true);
    updateUserPassword(user, changePasswordCommand);
    if (isrequestFromAdmin) {
        return displayChangePasswordFromAdminPage(user.getId().toString(), request, model);
    } else {
        return displayChangePasswordFromUserPage(user.getId().toString(), request.getParameter("token"), request, model);
    }
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Example 4 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class ContractManagementController method editContractAdminPage.

/**
     * @param contractId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String editContractAdminPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lContractId;
    try {
        lContractId = Long.valueOf(contractId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    Contract contract = getContractDataService().read(lContractId);
    if (contract == null) {
        throw new ForbiddenPageException();
    }
    request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
    return prepateDataAndReturnCreateContractView(model, contract.getUser(), contract, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 5 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditSetUpControllerTest method testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality.

public void testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality() {
    System.out.println("testDisplayPageAuditUploadSetUpWithUnauthorisedFunctionality");
    setUpMockUserDataServiceAndUser();
    setUpMockAuthenticationContext();
    setUpMockContractDataService(2, "Contract1");
    setUpEmptyViewFunctionalityBindingMap();
    // regarding the viewFunctionalityBindingMap. An exception is caught
    try {
        instance.displayUploadAuditSetUp("2", null, null, new ExtendedModelMap());
        assertTrue(false);
    } catch (ForbiddenPageException fue) {
        assertTrue(true);
    }
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Aggregations

ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)35 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15 Secured (org.springframework.security.access.annotation.Secured)13 Contract (org.asqatasun.webapp.entity.contract.Contract)12 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)11 Audit (org.asqatasun.entity.audit.Audit)10 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)8 WebResource (org.asqatasun.entity.subject.WebResource)6 User (org.asqatasun.webapp.entity.user.User)5 Site (org.asqatasun.entity.subject.Site)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Page (org.asqatasun.entity.subject.Page)2 Act (org.asqatasun.webapp.entity.contract.Act)2 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)2 Model (org.springframework.ui.Model)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1