Search in sources :

Example 71 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project zhcet-web by zhcet-amu.

the class ProfileController method profile.

@GetMapping
public String profile(Model model) {
    User user = userService.getLoggedInUser().orElseThrow(() -> new AccessDeniedException("403"));
    model.addAttribute("user", user);
    model.addAttribute("page_title", "Profile");
    if (user.getType().equals(UserType.STUDENT)) {
        studentService.getLoggedInStudent().ifPresent(student -> model.addAttribute("student", student));
    } else {
        facultyService.getLoggedInMember().ifPresent(facultyMember -> model.addAttribute("faculty", facultyMember));
    }
    return "user/profile";
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(amu.zhcet.data.user.User) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Example 72 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project zhcet-web by zhcet-amu.

the class ProfileController method saveProfile.

@PostMapping("/details")
@PreAuthorize("@authService.isFullyAuthenticated(principal)")
public String saveProfile(@ModelAttribute @Valid UserDetail userDetail, BindingResult result, RedirectAttributes redirectAttributes) {
    User user = userService.getLoggedInUser().orElseThrow(() -> new AccessDeniedException("403"));
    if (result.hasErrors()) {
        redirectAttributes.addFlashAttribute("org.springframework.validation.BindingResult.user_details", result);
        redirectAttributes.addFlashAttribute("user_details", userDetail);
    } else {
        userService.updateDetails(user, userDetail);
        redirectAttributes.addFlashAttribute("success", true);
    }
    return "redirect:/profile/settings";
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(amu.zhcet.data.user.User) PostMapping(org.springframework.web.bind.annotation.PostMapping) PreAuthorize(org.springframework.security.access.prepost.PreAuthorize)

Example 73 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project zhcet-web by zhcet-amu.

the class NotificationSendingController method handleSentNotification.

@PostMapping
public String handleSentNotification(@Valid Notification notification, BindingResult bindingResult, RedirectAttributes redirectAttribute) {
    User user = userService.getLoggedInUser().orElseThrow(() -> new AccessDeniedException("403"));
    if (bindingResult.hasErrors()) {
        redirectAttribute.addFlashAttribute("notification", notification);
        redirectAttribute.addFlashAttribute("org.springframework.validation.BindingResult.notification", bindingResult);
    } else {
        notification.setSender(user);
        notificationSendingService.sendNotification(notification);
        redirectAttribute.addFlashAttribute("notification_success", "Notification sending in background");
    }
    return "redirect:/management/notification/send";
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(amu.zhcet.data.user.User) PostMapping(org.springframework.web.bind.annotation.PostMapping)

Example 74 with AccessDeniedException

use of org.springframework.security.access.AccessDeniedException in project zhcet-web by zhcet-amu.

the class NotificationSendingController method sendNotification.

@GetMapping
public String sendNotification(Model model) {
    User user = userService.getLoggedInUser().orElseThrow(() -> new AccessDeniedException("403"));
    model.addAttribute("page_title", "Send Notifications");
    model.addAttribute("page_subtitle", "Notification Manager");
    model.addAttribute("page_description", "Send notifications to students, sections or departments");
    model.addAttribute("channel_types", Arrays.asList(ChannelType.STUDENT, ChannelType.COURSE, ChannelType.TAUGHT_COURSE, ChannelType.SECTION, ChannelType.FACULTY));
    if (!model.containsAttribute("notification")) {
        Notification notification = new Notification();
        notification.setSender(user);
        model.addAttribute("notification", notification);
    }
    return "management/send_notification";
}
Also used : AccessDeniedException(org.springframework.security.access.AccessDeniedException) User(amu.zhcet.data.user.User) Notification(amu.zhcet.notification.Notification) GetMapping(org.springframework.web.bind.annotation.GetMapping)

Aggregations

AccessDeniedException (org.springframework.security.access.AccessDeniedException)74 Test (org.junit.Test)21 Authentication (org.springframework.security.core.Authentication)14 ConfigAttribute (org.springframework.security.access.ConfigAttribute)13 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)8 User (amu.zhcet.data.user.User)7 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)7 HttpServletRequest (javax.servlet.http.HttpServletRequest)6 HttpServletResponse (javax.servlet.http.HttpServletResponse)6 WebMessageException (org.hisp.dhis.dxf2.webmessage.WebMessageException)6 ArrayList (java.util.ArrayList)5 AuthorizationFailureEvent (org.springframework.security.access.event.AuthorizationFailureEvent)5 InsufficientAuthenticationException (org.springframework.security.authentication.InsufficientAuthenticationException)5 TestingAuthenticationToken (org.springframework.security.authentication.TestingAuthenticationToken)5 MethodInvocation (org.aopalliance.intercept.MethodInvocation)4 Interpretation (org.hisp.dhis.interpretation.Interpretation)4 User (org.hisp.dhis.user.User)4 SecurityConfig (org.springframework.security.access.SecurityConfig)4 GetMapping (org.springframework.web.bind.annotation.GetMapping)4 IOException (java.io.IOException)3