Example 1 with ForbiddenScopeException
use of org.asqatasun.webapp.exception.ForbiddenScopeException in project Asqatasun by Asqatasun.
the class PageListController method pageLinkDispatcher.
/**
* This method dispatches the result depending on the parameters passed to
* the request. Only multi-pages audit are considered here.
*
* @param request
* @param webResource
* @param model
* @return
* @throws Exception
*/
private String pageLinkDispatcher(HttpServletRequest request, Audit audit, Model model) throws Exception {
if (audit.getSubject() instanceof Page) {
throw new ForbiddenPageException();
}
String status = ServletRequestUtils.getStringParameter(request, TgolKeyStore.STATUS_KEY);
HttpStatusCodeFamily httpStatusCode = getHttpStatusCodeFamily(status);
// the repartion of the pages regarding the httpStatusCode
if (httpStatusCode == null) {
if (!isAuthorizedScopeForPageList(audit)) {
throw new ForbiddenScopeException();
}
try {
Contract currentContract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
if (StringUtils.isNotBlank(testLabel)) {
model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
}
return this.preparePageListData(audit, model);
} catch (ServletRequestBindingException e) {
return TgolKeyStore.OUPS_VIEW_REDIRECT_NAME;
}
} else {
boolean isAuthorizedScopeForPageList = isAuthorizedScopeForPageList(audit);
Contract currentContract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, currentContract.getLabel());
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, currentContract.getId());
// used in the jsp
if (!isAuthorizedScopeForPageList) {
model.addAttribute(TgolKeyStore.AUDIT_NUMBER_KEY, true);
}
String testLabel = ServletRequestUtils.getStringParameter(request, TgolKeyStore.TEST_KEY);
if (StringUtils.isNotBlank(testLabel)) {
model.addAttribute(TgolKeyStore.TEST_CODE_KEY, getTestDataService().getTestFromAuditAndLabel(audit, testLabel));
}
return this.preparePageListStatsByHttpStatusCode(audit, model, httpStatusCode, request, false);
}
}
Also used :
ServletRequestBindingException(org.springframework.web.bind.ServletRequestBindingException)
HttpStatusCodeFamily(org.asqatasun.webapp.util.HttpStatusCodeFamily)
Page(org.asqatasun.entity.subject.Page)
ForbiddenScopeException(org.asqatasun.webapp.exception.ForbiddenScopeException)
Contract(org.asqatasun.webapp.entity.contract.Contract)
ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)
Example 2 with ForbiddenScopeException
use of org.asqatasun.webapp.exception.ForbiddenScopeException in project Asqatasun by Asqatasun.
the class PageListControllerTest method testDisplayPageListWithUnauthorizedActScope.
/**
* The PageList is displayed when the webResource is a Site instance.
* A mechanism is implemented into that controller that enables to display
* the page only when the scope of the act related with the webResource
* belongs to a list of authorized scope. In this case the list only contains
* DOMAIN as authorized scope, whereas the scope of the audit is
* GROUP_OF_PAGE, so the page cannot be displayed.
*
* @throws Exception
*/
public void testDisplayPageListWithUnauthorizedActScope() throws Exception {
System.out.println("testDisplayPageListWithUnauthorizedActScope");
setUpMockAuditDataService(UNAUTHORIZED_SCOPE_AUDIT_ID);
setUpMockUserDataService();
setUpActDataService(false);
setUpMockAuthenticationContext();
HttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
request.addParameter(TgolKeyStore.AUDIT_ID_KEY, String.valueOf(UNAUTHORIZED_SCOPE_AUDIT_ID));
List<String> authorizedScopeForPageList = new ArrayList();
authorizedScopeForPageList.add("DOMAIN");
instance.setAuthorizedScopeForPageList(authorizedScopeForPageList);
try {
instance.displayPageList(request, response, new ExtendedModelMap());
assertTrue(false);
} catch (ForbiddenScopeException fbe) {
assertTrue(true);
}
}
Also used :
ExtendedModelMap(org.springframework.ui.ExtendedModelMap)
MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ForbiddenScopeException(org.asqatasun.webapp.exception.ForbiddenScopeException)
MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)
Aggregations
ForbiddenScopeException (org.asqatasun.webapp.exception.ForbiddenScopeException)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Page (org.asqatasun.entity.subject.Page)1
Contract (org.asqatasun.webapp.entity.contract.Contract)1
ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)1
HttpStatusCodeFamily (org.asqatasun.webapp.util.HttpStatusCodeFamily)1
MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1
MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)1
ExtendedModelMap (org.springframework.ui.ExtendedModelMap)1
ServletRequestBindingException (org.springframework.web.bind.ServletRequestBindingException)1
