Search in sources :

Example 16 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AuditResultController method displayTestResult.

/**
     *
     * @param webresourceId
     * @param testId
     * @param model
     * @return the test-result view name
     */
@RequestMapping(value = TgolKeyStore.TEST_RESULT_CONTRACT_URL, method = RequestMethod.GET)
public String displayTestResult(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, @RequestParam(TgolKeyStore.TEST_CODE_KEY) String testId, Model model) {
    Long wrId;
    Long tstId;
    try {
        wrId = Long.valueOf(webresourceId);
        tstId = Long.valueOf(testId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException(getCurrentUser());
    }
    WebResource webResource = getWebResourceDataService().ligthRead(wrId);
    if (webResource == null) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    if (isUserAllowedToDisplayResult(audit)) {
        Contract contract = retrieveContractFromAudit(audit);
        // Attributes for breadcrumb
        model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
        model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
        model.addAttribute(TgolKeyStore.URL_KEY, webResource.getURL());
        Test test = getTestDataService().read(tstId);
        model.addAttribute(TgolKeyStore.TEST_LABEL_KEY, test.getLabel());
        model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, audit.getId());
        if (!test.getScope().equals(getPageScope())) {
            model.addAttribute(TgolKeyStore.SITE_SCOPE_TEST_DETAILS_KEY, true);
        } else {
            // Add a boolean used to display the breadcrumb.
            model.addAttribute(TgolKeyStore.AUTHORIZED_SCOPE_FOR_PAGE_LIST, isAuthorizedScopeForPageList(audit));
        }
        model.addAttribute(TgolKeyStore.TEST_RESULT_LIST_KEY, TestResultFactory.getInstance().getTestResultListFromTest(webResource, test));
        return TgolKeyStore.TEST_RESULT_VIEW_NAME;
    } else {
        throw new ForbiddenPageException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Test(org.asqatasun.entity.reference.Test) WebResource(org.asqatasun.entity.subject.WebResource) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 17 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AuditResultController method displayCriterionResult.

/**
     *
     * @param webresourceId
     * @param criterionId
     * @param model
     * @return the test-result view name
     */
@RequestMapping(value = TgolKeyStore.CRITERION_RESULT_CONTRACT_URL, method = RequestMethod.GET)
public String displayCriterionResult(@RequestParam(TgolKeyStore.WEBRESOURCE_ID_KEY) String webresourceId, @RequestParam(TgolKeyStore.CRITERION_CODE_KEY) String criterionId, Model model) {
    Long wrId;
    Long critId;
    try {
        wrId = Long.valueOf(webresourceId);
        critId = Long.valueOf(criterionId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException(getCurrentUser());
    }
    WebResource webResource = getWebResourceDataService().ligthRead(wrId);
    if (webResource == null || webResource instanceof Site) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditFromWebResource(webResource);
    if (isUserAllowedToDisplayResult(audit)) {
        Contract contract = retrieveContractFromAudit(audit);
        // Attributes for breadcrumb
        model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
        model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
        model.addAttribute(TgolKeyStore.URL_KEY, webResource.getURL());
        Criterion crit = criterionDataService.read(critId);
        model.addAttribute(TgolKeyStore.CRITERION_LABEL_KEY, crit.getLabel());
        model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, audit.getId());
        // Add a boolean used to display the breadcrumb.
        model.addAttribute(TgolKeyStore.AUTHORIZED_SCOPE_FOR_PAGE_LIST, isAuthorizedScopeForPageList(audit));
        model.addAttribute(TgolKeyStore.TEST_RESULT_LIST_KEY, TestResultFactory.getInstance().getTestResultListFromCriterion(webResource, crit));
        return TgolKeyStore.CRITERION_RESULT_VIEW_NAME;
    } else {
        throw new ForbiddenPageException();
    }
}
Also used : Site(org.asqatasun.entity.subject.Site) Audit(org.asqatasun.entity.audit.Audit) Criterion(org.asqatasun.entity.reference.Criterion) WebResource(org.asqatasun.entity.subject.WebResource) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 18 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditSynthesisFromContract.

/**
     *
     * @param auditId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.AUDIT_SYNTHESIS_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditDataService().read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            return prepareSynthesisSiteData(audit, model);
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 19 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractController method displayContractPage.

/**
     * 
     * @param request
     * @param model
     * @param contractId
     * @return 
     */
private String displayContractPage(HttpServletRequest request, Model model, Long contractId) {
    model.addAttribute(TgolKeyStore.LOCALE_KEY, localeResolver.resolveLocale(request));
    Contract contract = getContractDataService().read(contractId);
    if (isContractExpired(contract)) {
        throw new ForbiddenUserException(getCurrentUser());
    }
    //                model.addAttribute(TgolKeyStore.CONTRACT_ACTION_LIST_KEY, actionHandler.getActionList(contract));
    if (isContractHasFunctionalityAllowingTrend(contract)) {
        model.addAttribute(TgolKeyStore.DISPLAY_RESULT_TREND_KEY, true);
    }
    if (isContractHasFunctionalityAllowingManualAudit(contract)) {
        model.addAttribute(TgolKeyStore.CONTRACT_WITH_MANUAL_AUDIT_KEY, true);
    }
    return displayContractView(contract, model);
}
Also used : Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException)

Example 20 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementController method displayDeleteUserAuditsConfirmationPage.

/**
     * @param request
     * @param response
     * @param model
     * @return the name of the view that displays the confirmation page 
         * when trying to delete all the audits of a user
     */
@RequestMapping(value = TgolKeyStore.DELETE_USER_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
    Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
    Long lUserId;
    if (userId instanceof Long) {
        lUserId = (Long) userId;
    } else {
        try {
            lUserId = Long.valueOf(userId.toString());
        } catch (NumberFormatException nfe) {
            throw new ForbiddenUserException();
        }
    }
    User userToDelete = getUserDataService().read(lUserId);
    for (Contract contract : userToDelete.getContractSet()) {
        deleteAllAuditsFromContract(contract);
    }
    request.getSession().removeAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
    request.getSession().setAttribute(TgolKeyStore.DELETED_USER_AUDITS_KEY, userToDelete.getEmail1());
    return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured)

Aggregations

ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)29 Secured (org.springframework.security.access.annotation.Secured)20 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 Contract (org.asqatasun.webapp.entity.contract.Contract)15 User (org.asqatasun.webapp.entity.user.User)12 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)8 Audit (org.asqatasun.entity.audit.Audit)6 WebResource (org.asqatasun.entity.subject.WebResource)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Site (org.asqatasun.entity.subject.Site)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)3 Model (org.springframework.ui.Model)3 List (java.util.List)2 SSP (org.asqatasun.entity.audit.SSP)1 Criterion (org.asqatasun.entity.reference.Criterion)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)1