Search in sources :

Example 21 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementController method displayEditUserAdminPage.

/**
     * @param userId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayEditUserAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lUserId;
    try {
        lUserId = Long.valueOf(userId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    User userToModify = getUserDataService().read(lUserId);
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToModify.getEmail1());
    request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
    return prepateDataAndReturnCreateUserView(model, userToModify, TgolKeyStore.EDIT_USER_VIEW_NAME);
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured)

Example 22 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementController method submitEditUserForm.

/**
     * This methods controls the validity of the form and launch an audit with
     * values populated by the user. In case of audit failure, an appropriate
     * message is displayed
     *
     * @param createUserCommand
     * @param result
     * @param request
     * @param model
     * @return
     * @throws Exception
     */
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
protected String submitEditUserForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, HttpServletRequest request, Model model) throws Exception {
    Long userId;
    try {
        userId = (Long) (request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    boolean updateAllData = true;
    if (getCurrentUser().getId().equals(userId)) {
        updateAllData = false;
    }
    return submitUpdateUserForm(createUserCommand, result, request, model, getUserDataService().read(userId), TgolKeyStore.ADMIN_VIEW_NAME, TgolKeyStore.EDIT_USER_VIEW_NAME, updateAllData, true, TgolKeyStore.UPDATED_USER_NAME_KEY);
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured)

Example 23 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method deleteContractPage.

/**
     * @param contractId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lContractId;
    try {
        lContractId = Long.valueOf(contractId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    Contract contractToDelete = getContractDataService().read(lContractId);
    request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY, contractToDelete.getId());
    model.addAttribute(TgolKeyStore.CONTRACT_NAME_TO_DELETE_KEY, contractToDelete.getLabel());
    model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, contractToDelete.getUser().getEmail1());
    return TgolKeyStore.DELETE_CONTRACT_VIEW_NAME;
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 24 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method deleteContractAuditsPage.

/**
     * 
     * @param contractId
     * @param request
     * @param response
     * @param model
     * @return 
     */
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_AUDITS_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractAuditsPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lContractId;
    try {
        lContractId = Long.valueOf(contractId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    Contract contractToDelete = getContractDataService().read(lContractId);
    model.addAttribute(TgolKeyStore.CONTRACT_NAME_TO_DELETE_KEY, contractToDelete.getLabel());
    model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, contractToDelete.getUser().getEmail1());
    request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY, contractToDelete.getId());
    return TgolKeyStore.DELETE_AUDITS_VIEW_NAME;
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 25 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method displayManageContractsAdminPage.

/**
     * @param userId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.MANAGE_CONTRACTS_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_ADMIN_KEY })
public String displayManageContractsAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lUserId;
    try {
        lUserId = Long.valueOf(userId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    if (request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY) != null) {
        model.addAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY));
        request.getSession().removeAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY);
    }
    if (request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY) != null) {
        model.addAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY));
        request.getSession().removeAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY);
    }
    if (request.getSession().getAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY) != null) {
        model.addAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY));
        request.getSession().removeAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY);
    }
    if (request.getSession().getAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY) != null) {
        model.addAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY));
        request.getSession().removeAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY);
    }
    User userToManage = getUserDataService().read(lUserId);
    model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContract(userToManage, null, displayOptionFieldsBuilderList, model));
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToManage.getEmail1());
    return TgolKeyStore.MANAGE_CONTRACTS_VIEW_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)29 Secured (org.springframework.security.access.annotation.Secured)20 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 Contract (org.asqatasun.webapp.entity.contract.Contract)15 User (org.asqatasun.webapp.entity.user.User)12 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)8 Audit (org.asqatasun.entity.audit.Audit)6 WebResource (org.asqatasun.entity.subject.WebResource)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Site (org.asqatasun.entity.subject.Site)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)3 Model (org.springframework.ui.Model)3 List (java.util.List)2 SSP (org.asqatasun.entity.audit.SSP)1 Criterion (org.asqatasun.entity.reference.Criterion)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)1