Search in sources :

Example 26 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditScenarioController method deleteScenarioFile.

@RequestMapping(value = TgolKeyStore.DELETE_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String deleteScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Contract contract = getContractDataService().read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        for (Scenario scenario : contract.getScenarioSet()) {
            if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                deleteScenario(scenario, contract);
                model.addAttribute(TgolKeyStore.DELETED_SCENARIO_NAME_KEY, scenario.getLabel());
                prepareScenarioManagementData(model, contractId);
                return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
            }
        }
        throw new ForbiddenPageException(getCurrentUser());
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}
Also used : Contract(org.asqatasun.webapp.entity.contract.Contract) Scenario(org.asqatasun.webapp.entity.scenario.Scenario) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 27 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditSynthesisFromContract.

/**
     *
     * @param auditId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.AUDIT_SYNTHESIS_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditDataService().read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            return prepareSynthesisSiteData(audit, model);
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 28 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class PageListControllerTest method testDisplayPageListWithPageAudit.

/**
     * The PageList cannot be displayed when the webResource is a Page 
     * instance. The returned view is an access denied in this case.
     * 
     * @throws Exception 
     */
public void testDisplayPageListWithPageAudit() throws Exception {
    System.out.println("testDisplayPageListWithPageAudit");
    // The audit with Id 1 is associated with a Page instance 
    setUpMockAuditDataService(PAGE_AUDIT_ID);
    setUpMockUserDataService();
    setUpActDataService(false);
    setUpMockAuthenticationContext();
    HttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(TgolKeyStore.AUDIT_ID_KEY, String.valueOf(PAGE_AUDIT_ID));
    try {
        instance.displayPageList(request, response, new ExtendedModelMap());
        assertTrue(false);
    } catch (ForbiddenPageException fbe) {
        // The exception is caught when testing if audit.getSubject() is 
        // an instance of Page
        assertTrue(true);
    }
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Example 29 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class PageListControllerTest method testDisplayPageListWithWrongAuditId.

/**
     * if the id cannot be converted as Long, the ForbiddenPageException is 
     * caught.
     * 
     * @throws Exception 
     */
public void testDisplayPageListWithWrongAuditId() throws Exception {
    System.out.println("testDisplayPageListWithWrongAuditId");
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.addParameter(TgolKeyStore.AUDIT_ID_KEY, "wrongId");
    try {
        instance.displayPageList(request, new MockHttpServletResponse(), new ExtendedModelMap());
        assertTrue(false);
    } catch (ForbiddenPageException fbe) {
        assertTrue(StringUtils.equals("java.lang.NumberFormatException: For input string: \"wrongId\"", fbe.getCause().toString()));
    }
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Example 30 with ForbiddenPageException

use of org.asqatasun.webapp.exception.ForbiddenPageException in project Asqatasun by Asqatasun.

the class AuditSetUpControllerTest method testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality.

public void testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality() {
    System.out.println("testDisplayPageAuditPageSetUpWithUnauthorisedFunctionality");
    setUpMockUserDataServiceAndUser();
    setUpMockAuthenticationContext();
    setUpMockContractDataService(2, "Contract1");
    setUpEmptyViewFunctionalityBindingMap();
    // regarding the viewFunctionalityBindingMap. An exception is caught
    try {
        instance.displayPageAuditSetUp("2", null, null, new ExtendedModelMap());
        assertTrue(false);
    } catch (ForbiddenPageException fue) {
        assertTrue(true);
    }
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Aggregations

ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)35 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)15 Secured (org.springframework.security.access.annotation.Secured)13 Contract (org.asqatasun.webapp.entity.contract.Contract)12 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)11 Audit (org.asqatasun.entity.audit.Audit)10 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)8 WebResource (org.asqatasun.entity.subject.WebResource)6 User (org.asqatasun.webapp.entity.user.User)5 Site (org.asqatasun.entity.subject.Site)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 HttpServletRequest (javax.servlet.http.HttpServletRequest)2 Page (org.asqatasun.entity.subject.Page)2 Act (org.asqatasun.webapp.entity.contract.Act)2 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)2 Model (org.springframework.ui.Model)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1