use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method editContractAdminPage.
/**
* @param contractId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String editContractAdminPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lContractId;
try {
lContractId = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
Contract contract = getContractDataService().read(lContractId);
if (contract == null) {
throw new ForbiddenPageException();
}
request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
return prepateDataAndReturnCreateContractView(model, contract.getUser(), contract, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementControllerTest method testEditUserAdminPage.
/**
* Test of editUserAdminPage method, of class UserManagementController.
*/
public void testEditUserAdminPage() {
System.out.println("editUserAdminPage");
instance = new UserManagementController();
setUpMockRoleDataService();
setUpMockUserDataService(false, false, false, false, false);
setUpMockAuthenticationContext();
instance.setUserDataService(mockUserDataService);
String userId = "";
HttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
Model model = new ExtendedModelMap();
try {
instance.displayEditUserAdminPage(userId, request, response, model);
assertTrue(false);
} catch (ForbiddenUserException nue) {
assertTrue(true);
}
userId = "4";
String result = instance.displayEditUserAdminPage(userId, request, response, model);
assertEquals(TgolKeyStore.EDIT_USER_VIEW_NAME, result);
CreateUserCommand cuc = ((CreateUserCommand) model.asMap().get(TgolKeyStore.CREATE_USER_COMMAND_KEY));
assertNotNull(cuc);
assertTrue(cuc.getActivated());
assertTrue(cuc.getAdmin());
assertEquals("admin@test.com", cuc.getEmail());
assertEquals("http://www.admin.com", cuc.getSiteUrl());
assertEquals("0123456789", cuc.getPhoneNumber());
assertEquals("nameAdmin", cuc.getLastName());
assertEquals("firstNameAdmin", cuc.getFirstName());
assertEquals(Long.valueOf(4), request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
userId = "5";
result = instance.displayEditUserAdminPage(userId, request, response, model);
assertEquals(TgolKeyStore.EDIT_USER_VIEW_NAME, result);
cuc = ((CreateUserCommand) model.asMap().get(TgolKeyStore.CREATE_USER_COMMAND_KEY));
assertNotNull(cuc);
assertFalse(cuc.getActivated());
assertFalse(cuc.getAdmin());
assertEquals("user@test.com", cuc.getEmail());
assertEquals("http://www.user.com", cuc.getSiteUrl());
assertEquals("9876543210", cuc.getPhoneNumber());
assertEquals("nameUser", cuc.getLastName());
assertEquals("firstNameUser", cuc.getFirstName());
assertEquals(Long.valueOf(5), request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class AuditSynthesisController method displayAuditTestSynthesisFromContract.
/**
*
* @param auditId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long aId;
try {
aId = Long.valueOf(auditId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
Audit audit = getAuditDataService().read(aId);
if (isUserAllowedToDisplayResult(audit)) {
if (isAuthorizedScopeForSynthesis(audit)) {
Contract contract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, getParameterDataService().getReferentialKeyFromAudit(audit));
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
Site site = (Site) audit.getSubject();
//TODO cas manual
addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, getStatisticsDataService().getFailedTestByOccurrence(site, audit, -1));
model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, getSiteScope()));
model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
} else {
throw new ForbiddenPageException();
}
} else {
throw new ForbiddenUserException();
}
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class AuditResultController method displaySourceCodeFromContract.
/**
*
* @param webresourceId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.SOURCE_CODE_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displaySourceCodeFromContract(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, HttpServletRequest request, HttpServletResponse response, Model model) {
WebResource webResource;
try {
webResource = getWebResourceDataService().ligthRead(Long.valueOf(webresourceId));
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
if (webResource instanceof Site) {
throw new ForbiddenPageException();
}
Audit audit = getAuditFromWebResource(webResource);
if (isUserAllowedToDisplayResult(audit)) {
Page page = (Page) webResource;
SSP ssp = getContentDataService().findSSP(page, page.getURL());
model.addAttribute(TgolKeyStore.SOURCE_CODE_KEY, highlightSourceCode(ssp));
ScopeEnum scope = getActDataService().getActFromAudit(audit).getScope().getCode();
if (scope.equals(ScopeEnum.GROUPOFPAGES) || scope.equals(ScopeEnum.PAGE)) {
model.addAttribute(TgolKeyStore.IS_GENERATED_HTML_KEY, true);
}
return TgolKeyStore.SOURCE_CODE_PAGE_VIEW_NAME;
} else {
throw new ForbiddenUserException(getCurrentUser());
}
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class AbstractAuditResultController method dispatchDisplayResultRequest.
/**
* Regarding the page type, this method collects data, set them up and
* display the appropriate result page.
*
* @param webResourceId
* @param auditResultSortCommand
* @param model
* @param request
* @param isManualAudit
* @param manualAuditCommand
* @return
*/
protected String dispatchDisplayResultRequest(Long webResourceId, AuditResultSortCommand auditResultSortCommand, Model model, HttpServletRequest request, boolean isManualAudit, ManualAuditCommand manualAuditCommand) {
// We first check that the current user is allowed to display the result
// of this audit
WebResource webResource = getWebResourceDataService().ligthRead(webResourceId);
if (webResource == null) {
throw new ForbiddenPageException();
}
Audit audit = getAuditFromWebResource(webResource);
// data are retrieved to be prepared and displayed
if (isUserAllowedToDisplayResult(audit)) {
this.callGc(webResource);
String displayScope = computeDisplayScope(request, auditResultSortCommand);
addAuditStatisticsToModel(webResource, model, displayScope);
// The page is displayed with sort option. Form needs to be set up
prepareDataForSortConsole(webResourceId, displayScope, auditResultSortCommand, model, isManualAudit);
// Data need to be prepared regarding the audit type
return prepareSuccessfullAuditData(webResource, audit, model, displayScope, getLocaleResolver().resolveLocale(request), isManualAudit, manualAuditCommand);
} else {
throw new ForbiddenUserException(getCurrentUser());
}
}
Aggregations