use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AccountSettingsController method displayAccountSettingsPage.
/**
* This method displays the form for an authenticated user
*
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAccountSettingsPage(Model model) {
User user = getCurrentUser();
if (this.forbiddenUserList.contains(user.getEmail1())) {
throw new ForbiddenPageException();
}
secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
}
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditResultController method displaySourceCodeFromContract.
/**
*
* @param webresourceId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.SOURCE_CODE_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displaySourceCodeFromContract(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, HttpServletRequest request, HttpServletResponse response, Model model) {
WebResource webResource;
try {
webResource = getWebResourceDataService().ligthRead(Long.valueOf(webresourceId));
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
if (webResource instanceof Site) {
throw new ForbiddenPageException();
}
Audit audit = getAuditFromWebResource(webResource);
if (isUserAllowedToDisplayResult(audit)) {
Page page = (Page) webResource;
SSP ssp = getContentDataService().findSSP(page, page.getURL());
model.addAttribute(TgolKeyStore.SOURCE_CODE_KEY, highlightSourceCode(ssp));
ScopeEnum scope = getActDataService().getActFromAudit(audit).getScope().getCode();
if (scope.equals(ScopeEnum.GROUPOFPAGES) || scope.equals(ScopeEnum.PAGE)) {
model.addAttribute(TgolKeyStore.IS_GENERATED_HTML_KEY, true);
}
return TgolKeyStore.SOURCE_CODE_PAGE_VIEW_NAME;
} else {
throw new ForbiddenUserException(getCurrentUser());
}
}
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AbstractAuditResultController method dispatchDisplayResultRequest.
/**
* Regarding the page type, this method collects data, set them up and
* display the appropriate result page.
*
* @param webResourceId
* @param auditResultSortCommand
* @param model
* @param request
* @param isManualAudit
* @param manualAuditCommand
* @return
*/
protected String dispatchDisplayResultRequest(Long webResourceId, AuditResultSortCommand auditResultSortCommand, Model model, HttpServletRequest request, boolean isManualAudit, ManualAuditCommand manualAuditCommand) {
// We first check that the current user is allowed to display the result
// of this audit
WebResource webResource = getWebResourceDataService().ligthRead(webResourceId);
if (webResource == null) {
throw new ForbiddenPageException();
}
Audit audit = getAuditFromWebResource(webResource);
// data are retrieved to be prepared and displayed
if (isUserAllowedToDisplayResult(audit)) {
this.callGc(webResource);
String displayScope = computeDisplayScope(request, auditResultSortCommand);
addAuditStatisticsToModel(webResource, model, displayScope);
// The page is displayed with sort option. Form needs to be set up
prepareDataForSortConsole(webResourceId, displayScope, auditResultSortCommand, model, isManualAudit);
// Data need to be prepared regarding the audit type
return prepareSuccessfullAuditData(webResource, audit, model, displayScope, getLocaleResolver().resolveLocale(request), isManualAudit, manualAuditCommand);
} else {
throw new ForbiddenUserException(getCurrentUser());
}
}
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditScenarioController method getScenarioFile.
@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
Contract contract = getContractDataService().read(Long.valueOf(contractId));
if (contract.getUser().getId().equals(getCurrentUser().getId())) {
try {
for (Scenario scenario : contract.getScenarioSet()) {
if (scenario.getId().equals(Long.valueOf(scenarioId))) {
InputStream is = IOUtils.toInputStream(scenario.getContent());
IOUtils.copy(is, response.getOutputStream());
response.setContentType(TgolKeyStore.CONTENT_TYPE);
StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
strb.append(scenario.getLabel());
strb.append(TgolKeyStore.JSON_EXTENSION);
response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
response.flushBuffer();
break;
}
}
throw new ForbiddenPageException(getCurrentUser());
} catch (IOException ex) {
throw new RuntimeException("IOError writing file to output stream");
}
} else {
throw new ForbiddenPageException(getCurrentUser());
}
}
use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.
the class AuditScenarioController method prepareScenarioManagementData.
/**
* Prepare data to be displayed on the scenario management page
*
* @param model
* @param contractId
*/
private void prepareScenarioManagementData(Model model, String contractId) {
Long contractIdValue;
try {
contractIdValue = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException(getCurrentUser());
}
Contract contract = getContractDataService().read(contractIdValue);
if (isUserAllowedToDisplaySetUpPage(contract, TgolKeyStore.AUDIT_SCENARIO_SET_UP_VIEW_NAME)) {
// add the AddScenarioCommand instance to the model
model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, AddScenarioCommandFactory.getAddScenarioCommand(contract));
// add the contract label to the model
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
// add the list of scenario to the model
addScenarioListToModel(contract, model);
}
}
Aggregations