Search in sources :

Example 6 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method editContractAdminPage.

/**
     * @param contractId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String editContractAdminPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lContractId;
    try {
        lContractId = Long.valueOf(contractId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    Contract contract = getContractDataService().read(lContractId);
    if (contract == null) {
        throw new ForbiddenPageException();
    }
    request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
    return prepateDataAndReturnCreateContractView(model, contract.getUser(), contract, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 7 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementControllerTest method testEditUserAdminPage.

/**
     * Test of editUserAdminPage method, of class UserManagementController.
     */
public void testEditUserAdminPage() {
    System.out.println("editUserAdminPage");
    instance = new UserManagementController();
    setUpMockRoleDataService();
    setUpMockUserDataService(false, false, false, false, false);
    setUpMockAuthenticationContext();
    instance.setUserDataService(mockUserDataService);
    String userId = "";
    HttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest();
    Model model = new ExtendedModelMap();
    try {
        instance.displayEditUserAdminPage(userId, request, response, model);
        assertTrue(false);
    } catch (ForbiddenUserException nue) {
        assertTrue(true);
    }
    userId = "4";
    String result = instance.displayEditUserAdminPage(userId, request, response, model);
    assertEquals(TgolKeyStore.EDIT_USER_VIEW_NAME, result);
    CreateUserCommand cuc = ((CreateUserCommand) model.asMap().get(TgolKeyStore.CREATE_USER_COMMAND_KEY));
    assertNotNull(cuc);
    assertTrue(cuc.getActivated());
    assertTrue(cuc.getAdmin());
    assertEquals("admin@test.com", cuc.getEmail());
    assertEquals("http://www.admin.com", cuc.getSiteUrl());
    assertEquals("0123456789", cuc.getPhoneNumber());
    assertEquals("nameAdmin", cuc.getLastName());
    assertEquals("firstNameAdmin", cuc.getFirstName());
    assertEquals(Long.valueOf(4), request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
    userId = "5";
    result = instance.displayEditUserAdminPage(userId, request, response, model);
    assertEquals(TgolKeyStore.EDIT_USER_VIEW_NAME, result);
    cuc = ((CreateUserCommand) model.asMap().get(TgolKeyStore.CREATE_USER_COMMAND_KEY));
    assertNotNull(cuc);
    assertFalse(cuc.getActivated());
    assertFalse(cuc.getAdmin());
    assertEquals("user@test.com", cuc.getEmail());
    assertEquals("http://www.user.com", cuc.getSiteUrl());
    assertEquals("9876543210", cuc.getPhoneNumber());
    assertEquals("nameUser", cuc.getLastName());
    assertEquals("firstNameUser", cuc.getFirstName());
    assertEquals(Long.valueOf(5), request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Model(org.springframework.ui.Model) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) CreateUserCommand(org.asqatasun.webapp.command.CreateUserCommand)

Example 8 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditTestSynthesisFromContract.

/**
     *
     * @param auditId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditDataService().read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, getParameterDataService().getReferentialKeyFromAudit(audit));
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            Site site = (Site) audit.getSubject();
            //TODO cas manual
            addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
            model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, getStatisticsDataService().getFailedTestByOccurrence(site, audit, -1));
            model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, getSiteScope()));
            model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
            return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}
Also used : Site(org.asqatasun.entity.subject.Site) Audit(org.asqatasun.entity.audit.Audit) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 9 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AuditResultController method displaySourceCodeFromContract.

/**
     *
     * @param webresourceId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.SOURCE_CODE_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displaySourceCodeFromContract(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, HttpServletRequest request, HttpServletResponse response, Model model) {
    WebResource webResource;
    try {
        webResource = getWebResourceDataService().ligthRead(Long.valueOf(webresourceId));
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    if (webResource instanceof Site) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    if (isUserAllowedToDisplayResult(audit)) {
        Page page = (Page) webResource;
        SSP ssp = getContentDataService().findSSP(page, page.getURL());
        model.addAttribute(TgolKeyStore.SOURCE_CODE_KEY, highlightSourceCode(ssp));
        ScopeEnum scope = getActDataService().getActFromAudit(audit).getScope().getCode();
        if (scope.equals(ScopeEnum.GROUPOFPAGES) || scope.equals(ScopeEnum.PAGE)) {
            model.addAttribute(TgolKeyStore.IS_GENERATED_HTML_KEY, true);
        }
        return TgolKeyStore.SOURCE_CODE_PAGE_VIEW_NAME;
    } else {
        throw new ForbiddenUserException(getCurrentUser());
    }
}
Also used : Site(org.asqatasun.entity.subject.Site) Audit(org.asqatasun.entity.audit.Audit) SSP(org.asqatasun.entity.audit.SSP) ScopeEnum(org.asqatasun.webapp.entity.contract.ScopeEnum) WebResource(org.asqatasun.entity.subject.WebResource) Page(org.asqatasun.entity.subject.Page) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 10 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AbstractAuditResultController method dispatchDisplayResultRequest.

/**
     * Regarding the page type, this method collects data, set them up and
     * display the appropriate result page.
     *
     * @param webResourceId
     * @param auditResultSortCommand
     * @param model
     * @param request
     * @param isManualAudit
     * @param manualAuditCommand
     * @return
     */
protected String dispatchDisplayResultRequest(Long webResourceId, AuditResultSortCommand auditResultSortCommand, Model model, HttpServletRequest request, boolean isManualAudit, ManualAuditCommand manualAuditCommand) {
    // We first check that the current user is allowed to display the result
    // of this audit
    WebResource webResource = getWebResourceDataService().ligthRead(webResourceId);
    if (webResource == null) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    // data are retrieved to be prepared and displayed
    if (isUserAllowedToDisplayResult(audit)) {
        this.callGc(webResource);
        String displayScope = computeDisplayScope(request, auditResultSortCommand);
        addAuditStatisticsToModel(webResource, model, displayScope);
        // The page is displayed with sort option. Form needs to be set up
        prepareDataForSortConsole(webResourceId, displayScope, auditResultSortCommand, model, isManualAudit);
        // Data need to be prepared regarding the audit type
        return prepareSuccessfullAuditData(webResource, audit, model, displayScope, getLocaleResolver().resolveLocale(request), isManualAudit, manualAuditCommand);
    } else {
        throw new ForbiddenUserException(getCurrentUser());
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) WebResource(org.asqatasun.entity.subject.WebResource) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException)

Aggregations

ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)29 Secured (org.springframework.security.access.annotation.Secured)20 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 Contract (org.asqatasun.webapp.entity.contract.Contract)15 User (org.asqatasun.webapp.entity.user.User)12 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)8 Audit (org.asqatasun.entity.audit.Audit)6 WebResource (org.asqatasun.entity.subject.WebResource)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Site (org.asqatasun.entity.subject.Site)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)3 Model (org.springframework.ui.Model)3 List (java.util.List)2 SSP (org.asqatasun.entity.audit.SSP)1 Criterion (org.asqatasun.entity.reference.Criterion)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)1