Examples with ForbiddenPageException org.asqatasun.webapp.exception.ForbiddenPageException used on opensource projects

Example 16 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AccountSettingsController method submitChangeTestWeight.

/**
     * 
     * @param refCode
     * @param changeTestWeightCommand
     * @param result
     * @param model
     * @param request
     * @return
     * @throws Exception 
     */
@RequestMapping(value = TgolKeyStore.TEST_WEIGHT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String submitChangeTestWeight(@RequestParam(TgolKeyStore.REFERENTIAL_CD_KEY) String refCode, @ModelAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY) ChangeTestWeightCommand changeTestWeightCommand, BindingResult result, Model model, HttpServletRequest request) throws Exception {
    Reference referential = refMap.get(refCode);
    if (referential == null || !secondaryLevelMenuDisplayer.isRequestedReferentialModifiable(refCode)) {
        throw new ForbiddenPageException();
    }
    // We check whether the form is valid
    changeTestWeightFormValidator.validate(changeTestWeightCommand, result);
    // If the form has some errors, we display it again with errors' details
    addTestListAndModifiableRefToModel(referential, model);
    model.addAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY, changeTestWeightCommand);
    if (!result.hasErrors()) {
        ChangeTestWeightCommandFactory.getInstance().updateUserTestWeight(getCurrentUser(), changeTestWeightCommand);
        model.addAttribute(TgolKeyStore.TEST_WEIGHT_SUCCESSFULLY_UPDATED_KEY, true);
    }
    return TgolKeyStore.TEST_WEIGHT_VIEW_NAME;
}

Example 17 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AccountSettingsController method submitAccountSettingForm.

/**
     * This methods controls the validity of the edit user form.
     * If the user tries to modidy its email, or try to desactivate its account
     * or try to set him as admin where he's not admin, return attack message.
     * 
     * @param createUserCommand
     * @param result
     * @param model
     * @return
     * @throws Exception
     */
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitAccountSettingForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, Model model) throws Exception {
    User user = getCurrentUser();
    if (this.forbiddenUserList.contains(user.getEmail1())) {
        throw new ForbiddenPageException();
    }
    if (!createUserCommand.getEmail().equals(user.getEmail1()) || (createUserCommand.getAdmin() && !isUserAdmin(user))) {
        model.addAttribute(TgolKeyStore.CREATE_USER_ATTACK_COMMAND_KEY, true);
        return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
    }
    secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
    return submitUpdateUserForm(createUserCommand, result, null, model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, false, false, TgolKeyStore.UPDATED_USER_NAME_KEY);
}

Example 18 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AbstractAuditSetUpController method isUserAllowedToDisplaySetUpPage.

/**
     * This methods checks whether the current user is allowed to display the
     * audit set-up for a given contract. To do so, we verify that the contract
     * belongs to the current user. We also check that the current contract handles
     * the functionality associated with the set-up page. 
     * 
     * @param contract
     * @param viewName
     * @return
     *      true if the user is allowed to display the result, false otherwise.
     */
protected boolean isUserAllowedToDisplaySetUpPage(Contract contract, String viewName) {
    if (contract == null) {
        throw new ForbiddenPageException(getCurrentUser());
    }
    User user = getCurrentUser();
    if (!contract.getUser().getId().equals(user.getId())) {
        throw new ForbiddenPageException(user);
    }
    Collection<String> functionalitySet = getAuthorisedFunctionalityCodeFromContract(contract);
    if (!functionalitySet.contains(viewFunctionalityBindingMap.get(viewName))) {
        throw new ForbiddenPageException(user);
    }
    return true;
}

Example 19 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AbstractAuditDataHandlerController method isUserAllowedToDisplayResult.

/**
     * This methods checks whether the current user is allowed to display the
     * audit result of a given audit. To do so, we verify that the act
     * associated with the audit belongs to the current user and
     * that the current contract is not expired
     * 
     * @param audit
     * @return
     *      true if the user is allowed to display the result, false otherwise.
     */
protected boolean isUserAllowedToDisplayResult(Audit audit) {
    if (audit == null) {
        throw new ForbiddenPageException();
    }
    User user = getCurrentUser();
    Contract contract = getActDataService().getActFromAudit(audit).getContract();
    if (isAdminUser() || (!isContractExpired(contract) && user.getId().compareTo(contract.getUser().getId()) == 0)) {
        return true;
    }
    throw new ForbiddenUserException();
}

Example 20 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditExportResultController method exportAuditResultFromContract.

/**
     * The export view is only available for page result
     * 
     * @param webresourceId 
     * @param format 
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.EXPORT_AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String exportAuditResultFromContract(@RequestParam(value = TgolKeyStore.WEBRESOURCE_ID_KEY, required = false) String webresourceId, @RequestParam(value = TgolKeyStore.EXPORT_FORMAT_KEY, required = false) String format, HttpServletRequest request, HttpServletResponse response, Model model) {
    if (format == null || webresourceId == null) {
        throw new ForbiddenPageException();
    }
    //We first check that the current user is allowed to display the result
    //of this audit
    Long webResourceIdValue;
    try {
        webResourceIdValue = Long.valueOf(webresourceId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    WebResource webResource = getWebResourceDataService().ligthRead(webResourceIdValue);
    // if the id of the webresource corresponds to a Site webResource
    if (isUserAllowedToDisplayResult(getAuditFromWebResource(webResource))) {
        // data are retrieved to be prepared and displayed
        try {
            prepareSuccessfullAuditDataToExport(webResource, model, getLocaleResolver().resolveLocale(request), format, request, response);
            return null;
        } catch (NotSupportedExportFormatException exc) {
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, webresourceId);
            model.addAttribute(TgolKeyStore.EXPORT_FORMAT_KEY, format);
            LOGGER.warn(exc);
            return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
        }
    }
    return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
}