Search in sources :

Example 26 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method addContractAdminPage.

/**
     * @param userId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_FROM_CONTRACT_MNGT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String addContractAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lUserId;
    try {
        lUserId = Long.valueOf(userId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    User userToManage = getUserDataService().read(lUserId);
    if (userToManage == null) {
        throw new ForbiddenUserException();
    }
    request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
    return prepateDataAndReturnCreateContractView(model, userToManage, null, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.ADD_CONTRACT_VIEW_NAME);
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 27 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class ContractManagementController method submitDeleteContractConfirmation.

/**
     * 
     * @param request
     * @param response
     * @param model
     * @return 
     */
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitDeleteContractConfirmation(HttpServletRequest request, HttpServletResponse response, Model model) {
    Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
    Long lContractId;
    if (contractId instanceof Long) {
        lContractId = (Long) contractId;
    } else {
        try {
            lContractId = Long.valueOf(contractId.toString());
        } catch (NumberFormatException nfe) {
            throw new ForbiddenUserException();
        }
    }
    Contract contractToDelete = getContractDataService().read(lContractId);
    getContractDataService().delete(contractToDelete.getId());
    // to be updated
    if (getAuthenticatedUsername().equals(contractToDelete.getUser().getEmail1())) {
        updateCurrentUser(getUserDataService().read(contractToDelete.getUser().getId()));
    }
    request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
    request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY, contractToDelete.getLabel());
    model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
    return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 28 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementControllerTest method testDeleteUserConfirmation.

/**
     * Test of deleteUserConfirmation method, of class UserManagementController.
     */
public void testDeleteUserConfirmation() {
    System.out.println("deleteUserConfirmation");
    instance = new UserManagementController();
    setUpMockRoleDataService();
    setUpMockUserDataService(true, false, false, false, false);
    setUpMockAuthenticationContext();
    instance.setUserDataService(mockUserDataService);
    HttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest();
    Model model = new ExtendedModelMap();
    String idToRemove = "idToRemove";
    request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, idToRemove);
    try {
        instance.displayDeleteUserConfirmation(request, response, model);
        assertTrue(false);
    } catch (ForbiddenUserException fue) {
        assertTrue(true);
    }
    idToRemove = "4";
    request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, idToRemove);
    String result = instance.displayDeleteUserConfirmation(request, response, model);
    assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
    request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, Long.valueOf(6));
    result = instance.displayDeleteUserConfirmation(request, response, model);
    assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
    request.getSession().setAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY, Long.valueOf(5));
    result = instance.displayDeleteUserConfirmation(request, response, model);
    assertEquals(TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME, result);
    assertTrue(model.asMap().isEmpty());
    assertEquals("user@test.com", request.getSession().getAttribute(TgolKeyStore.DELETED_USER_NAME_KEY));
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Model(org.springframework.ui.Model) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Example 29 with ForbiddenUserException

use of org.asqatasun.webapp.exception.ForbiddenUserException in project Asqatasun by Asqatasun.

the class UserManagementControllerTest method testDeleteUserPage.

/**
     * Test of deleteUserPage method, of class UserManagementController.
     */
public void testDeleteUserPage() {
    System.out.println("deleteUserPage");
    instance = new UserManagementController();
    setUpMockRoleDataService();
    setUpMockUserDataService(false, false, false, false, false);
    setUpMockAuthenticationContext();
    instance.setUserDataService(mockUserDataService);
    HttpServletResponse response = new MockHttpServletResponse();
    MockHttpServletRequest request = new MockHttpServletRequest();
    Model model = new ExtendedModelMap();
    String idToRemove = "idToRemove";
    try {
        instance.displayDeleteUserPage(idToRemove, request, response, model);
        assertTrue(false);
    } catch (ForbiddenUserException fue) {
        assertTrue(true);
    }
    idToRemove = "4";
    String result = instance.displayDeleteUserPage(idToRemove, request, response, model);
    assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
    idToRemove = "6";
    result = instance.displayDeleteUserPage(idToRemove, request, response, model);
    assertEquals(TgolKeyStore.ACCESS_DENIED_VIEW_NAME, result);
    idToRemove = "5";
    result = instance.displayDeleteUserPage(idToRemove, request, response, model);
    assertEquals(TgolKeyStore.DELETE_USER_VIEW_NAME, result);
    assertEquals("user@test.com", model.asMap().get(TgolKeyStore.USER_NAME_TO_DELETE_KEY));
    assertEquals(Long.valueOf(5), request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY));
    assertEquals(1, model.asMap().size());
}
Also used : ExtendedModelMap(org.springframework.ui.ExtendedModelMap) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) Model(org.springframework.ui.Model) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) HttpServletResponse(javax.servlet.http.HttpServletResponse) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse)

Aggregations

ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)29 Secured (org.springframework.security.access.annotation.Secured)20 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)16 Contract (org.asqatasun.webapp.entity.contract.Contract)15 User (org.asqatasun.webapp.entity.user.User)12 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)8 Audit (org.asqatasun.entity.audit.Audit)6 WebResource (org.asqatasun.entity.subject.WebResource)4 HttpServletResponse (javax.servlet.http.HttpServletResponse)3 Site (org.asqatasun.entity.subject.Site)3 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)3 MockHttpServletResponse (org.springframework.mock.web.MockHttpServletResponse)3 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)3 Model (org.springframework.ui.Model)3 List (java.util.List)2 SSP (org.asqatasun.entity.audit.SSP)1 Criterion (org.asqatasun.entity.reference.Criterion)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ChangePasswordCommand (org.asqatasun.webapp.command.ChangePasswordCommand)1