Search in sources :

Example 11 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AccountSettingsController method displayAccountSettingsPage.

/**
     * This method displays the form for an authenticated user
     * 
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAccountSettingsPage(Model model) {
    User user = getCurrentUser();
    if (this.forbiddenUserList.contains(user.getEmail1())) {
        throw new ForbiddenPageException();
    }
    secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
    return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 12 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditResultController method displaySourceCodeFromContract.

/**
     *
     * @param webresourceId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.SOURCE_CODE_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displaySourceCodeFromContract(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, HttpServletRequest request, HttpServletResponse response, Model model) {
    WebResource webResource;
    try {
        webResource = getWebResourceDataService().ligthRead(Long.valueOf(webresourceId));
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    if (webResource instanceof Site) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    if (isUserAllowedToDisplayResult(audit)) {
        Page page = (Page) webResource;
        SSP ssp = getContentDataService().findSSP(page, page.getURL());
        model.addAttribute(TgolKeyStore.SOURCE_CODE_KEY, highlightSourceCode(ssp));
        ScopeEnum scope = getActDataService().getActFromAudit(audit).getScope().getCode();
        if (scope.equals(ScopeEnum.GROUPOFPAGES) || scope.equals(ScopeEnum.PAGE)) {
            model.addAttribute(TgolKeyStore.IS_GENERATED_HTML_KEY, true);
        }
        return TgolKeyStore.SOURCE_CODE_PAGE_VIEW_NAME;
    } else {
        throw new ForbiddenUserException(getCurrentUser());
    }
}
Also used : Site(org.asqatasun.entity.subject.Site) Audit(org.asqatasun.entity.audit.Audit) SSP(org.asqatasun.entity.audit.SSP) ScopeEnum(org.asqatasun.webapp.entity.contract.ScopeEnum) WebResource(org.asqatasun.entity.subject.WebResource) Page(org.asqatasun.entity.subject.Page) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 13 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AbstractAuditResultController method dispatchDisplayResultRequest.

/**
     * Regarding the page type, this method collects data, set them up and
     * display the appropriate result page.
     *
     * @param webResourceId
     * @param auditResultSortCommand
     * @param model
     * @param request
     * @param isManualAudit
     * @param manualAuditCommand
     * @return
     */
protected String dispatchDisplayResultRequest(Long webResourceId, AuditResultSortCommand auditResultSortCommand, Model model, HttpServletRequest request, boolean isManualAudit, ManualAuditCommand manualAuditCommand) {
    // We first check that the current user is allowed to display the result
    // of this audit
    WebResource webResource = getWebResourceDataService().ligthRead(webResourceId);
    if (webResource == null) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    // data are retrieved to be prepared and displayed
    if (isUserAllowedToDisplayResult(audit)) {
        this.callGc(webResource);
        String displayScope = computeDisplayScope(request, auditResultSortCommand);
        addAuditStatisticsToModel(webResource, model, displayScope);
        // The page is displayed with sort option. Form needs to be set up
        prepareDataForSortConsole(webResourceId, displayScope, auditResultSortCommand, model, isManualAudit);
        // Data need to be prepared regarding the audit type
        return prepareSuccessfullAuditData(webResource, audit, model, displayScope, getLocaleResolver().resolveLocale(request), isManualAudit, manualAuditCommand);
    } else {
        throw new ForbiddenUserException(getCurrentUser());
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) WebResource(org.asqatasun.entity.subject.WebResource) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Example 14 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditScenarioController method getScenarioFile.

@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
    Contract contract = getContractDataService().read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        try {
            for (Scenario scenario : contract.getScenarioSet()) {
                if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                    InputStream is = IOUtils.toInputStream(scenario.getContent());
                    IOUtils.copy(is, response.getOutputStream());
                    response.setContentType(TgolKeyStore.CONTENT_TYPE);
                    StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
                    strb.append(scenario.getLabel());
                    strb.append(TgolKeyStore.JSON_EXTENSION);
                    response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
                    response.flushBuffer();
                    break;
                }
            }
            throw new ForbiddenPageException(getCurrentUser());
        } catch (IOException ex) {
            throw new RuntimeException("IOError writing file to output stream");
        }
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}
Also used : InputStream(java.io.InputStream) IOException(java.io.IOException) Contract(org.asqatasun.webapp.entity.contract.Contract) Scenario(org.asqatasun.webapp.entity.scenario.Scenario) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 15 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditScenarioController method prepareScenarioManagementData.

/**
     * Prepare data to be displayed on the scenario management page
     * 
     * @param model
     * @param contractId 
     */
private void prepareScenarioManagementData(Model model, String contractId) {
    Long contractIdValue;
    try {
        contractIdValue = Long.valueOf(contractId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException(getCurrentUser());
    }
    Contract contract = getContractDataService().read(contractIdValue);
    if (isUserAllowedToDisplaySetUpPage(contract, TgolKeyStore.AUDIT_SCENARIO_SET_UP_VIEW_NAME)) {
        // add the AddScenarioCommand instance to the model
        model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, AddScenarioCommandFactory.getAddScenarioCommand(contract));
        // add the contract label to the model
        model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
        // add the list of scenario to the model
        addScenarioListToModel(contract, model);
    }
}
Also used : Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Aggregations

ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)35 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15 Secured (org.springframework.security.access.annotation.Secured)13 Contract (org.asqatasun.webapp.entity.contract.Contract)12 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)11 Audit (org.asqatasun.entity.audit.Audit)10 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)8 WebResource (org.asqatasun.entity.subject.WebResource)6 User (org.asqatasun.webapp.entity.user.User)5 Site (org.asqatasun.entity.subject.Site)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Page (org.asqatasun.entity.subject.Page)2 Act (org.asqatasun.webapp.entity.contract.Act)2 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)2 Model (org.springframework.ui.Model)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1