use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method addContractAdminPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_FROM_CONTRACT_MNGT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String addContractAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToManage = getUserDataService().read(lUserId);
if (userToManage == null) {
throw new ForbiddenUserException();
}
request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
return prepateDataAndReturnCreateContractView(model, userToManage, null, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.ADD_CONTRACT_VIEW_NAME);
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class ContractManagementController method submitDeleteContractConfirmation.
/**
*
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitDeleteContractConfirmation(HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contractToDelete = getContractDataService().read(lContractId);
getContractDataService().delete(contractToDelete.getId());
// to be updated
if (getAuthenticatedUsername().equals(contractToDelete.getUser().getEmail1())) {
updateCurrentUser(getUserDataService().read(contractToDelete.getUser().getId()));
}
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementControllerTest method testDeleteUserConfirmation.
/**
* Test of deleteUserConfirmation method, of class UserManagementController.
*/
public void testDeleteUserConfirmation() {
System.out.println("deleteUserConfirmation");
instance = new UserManagementController();
setUpMockRoleDataService();
setUpMockUserDataService(true, false, false, false, false);
setUpMockAuthenticationContext();
instance.setUserDataService(mockUserDataService);
HttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
Model model = new ExtendedModelMap();
String idToRemove = "idToRemove";
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, idToRemove);
try {
instance.displayDeleteUserConfirmation(request, response, model);
assertTrue(false);
} catch (ForbiddenUserException fue) {
assertTrue(true);
}
idToRemove = "4";
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, idToRemove);
String result = instance.displayDeleteUserConfirmation(request, response, model);
assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, Long.valueOf(6));
result = instance.displayDeleteUserConfirmation(request, response, model);
assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, Long.valueOf(5));
result = instance.displayDeleteUserConfirmation(request, response, model);
assertEquals(TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME, result);
assertTrue(model.asMap().isEmpty());
assertEquals("user@test.com", request.getSession().getAttribute(TgolKeyStore.DELETED_USER_NAME_KEY));
}
use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.
the class UserManagementControllerTest method testDeleteUserPage.
/**
* Test of deleteUserPage method, of class UserManagementController.
*/
public void testDeleteUserPage() {
System.out.println("deleteUserPage");
instance = new UserManagementController();
setUpMockRoleDataService();
setUpMockUserDataService(false, false, false, false, false);
setUpMockAuthenticationContext();
instance.setUserDataService(mockUserDataService);
HttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest();
Model model = new ExtendedModelMap();
String idToRemove = "idToRemove";
try {
instance.displayDeleteUserPage(idToRemove, request, response, model);
assertTrue(false);
} catch (ForbiddenUserException fue) {
assertTrue(true);
}
idToRemove = "4";
String result = instance.displayDeleteUserPage(idToRemove, request, response, model);
assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
idToRemove = "6";
result = instance.displayDeleteUserPage(idToRemove, request, response, model);
assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
idToRemove = "5";
result = instance.displayDeleteUserPage(idToRemove, request, response, model);
assertEquals(TgolKeyStore.DELETE_USER_VIEW_NAME, result);
assertEquals("user@test.com", model.asMap().get(TgolKeyStore.USER_NAME_TO_DELETE_KEY));
assertEquals(Long.valueOf(5), request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY));
assertEquals(1, model.asMap().size());
}
Aggregations