use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class AbstractAuditDataHandlerController method isUserAllowedToDisplayResult.
/**
* This methods checks whether the current user is allowed to display the
* audit result of a given audit. To do so, we verify that the act
* associated with the audit belongs to the current user and
* that the current contract is not expired
*
* @param audit
* @return
* true if the user is allowed to display the result, false otherwise.
*/
protected boolean isUserAllowedToDisplayResult(Audit audit) {
if (audit == null) {
throw new ForbiddenPageException();
}
User user = getCurrentUser();
Contract contract = getActDataService().getActFromAudit(audit).getContract();
if (isAdminUser() || (!isContractExpired(contract) && user.getId().compareTo(contract.getUser().getId()) == 0)) {
return true;
}
throw new ForbiddenUserException();
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method submitManageContractsAdminPage.
/**
* @param contractDisplayCommand
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.MANAGE_CONTRACTS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitManageContractsAdminPage(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, @RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToManage = getUserDataService().read(lUserId);
model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContract(userToManage, contractDisplayCommand, displayOptionFieldsBuilderList, model));
model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToManage.getEmail1());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_NAME;
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method submitEditContractAdminPage.
/**
* @param createContractCommand
* @param result
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitEditContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand createContractCommand, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contract = getContractDataService().read(lContractId);
Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
// We check whether the form is valid
getCreateContractFormValidator().validate(createContractCommand, result);
// If the form has some errors, we display it again with errors' details
if (result.hasErrors()) {
return displayFormWithErrors(model, createContractCommand, contract.getUser().getEmail1(), contract.getUser().getId(), optionFormFieldMap, TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(createContractCommand, contract);
saveOrUpdateContract(contract);
request.getSession().setAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contract.getUser().getId());
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_KEY);
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method deleteContractAuditsConfirmationPage.
/**
*
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contractToDelete = getContractDataService().read(lContractId);
deleteAllAuditsFromContract(contractToDelete);
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class HomeController method submitForm.
@RequestMapping(value = TgolKeyStore.HOME_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, BindingResult result, Model model, HttpServletRequest request) {
User user = getCurrentUser();
if (!user.getId().equals(contractDisplayCommand.getUserId())) {
throw new ForbiddenUserException();
}
// The page is displayed with sort option. Form needs to be set up
model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContractInfo(user, contractDisplayCommand, displayOptionFieldsBuilderList, model));
return TgolKeyStore.HOME_VIEW_NAME;
}
Aggregations