use of org.springframework.security.access.annotation.Secured in project hello-world by haoziapple.
the class UserResource method createUser.
/**
* POST /users : Creates a new user.
* <p>
* Creates a new user if the login and email are not already used, and sends an
* mail with an activation link.
* The user needs to be activated on creation.
*
* @param userDTO the user to create
* @return the ResponseEntity with status 201 (Created) and with body the new user, or with status 400 (Bad Request) if the login or email is already in use
* @throws URISyntaxException if the Location URI syntax is incorrect
* @throws BadRequestAlertException 400 (Bad Request) if the login or email is already in use
*/
@PostMapping("/users")
@Timed
@Secured(AuthoritiesConstants.ADMIN)
public ResponseEntity<User> createUser(@Valid @RequestBody UserDTO userDTO) throws URISyntaxException {
log.debug("REST request to save User : {}", userDTO);
if (userDTO.getId() != null) {
throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
// Lowercase the user login before comparing with database
} else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
throw new LoginAlreadyUsedException();
} else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
throw new EmailAlreadyUsedException();
} else {
User newUser = userService.createUser(userDTO);
mailService.sendCreationEmail(newUser);
return ResponseEntity.created(new URI("/api/users/" + newUser.getLogin())).headers(HeaderUtil.createAlert("A user is created with identifier " + newUser.getLogin(), newUser.getLogin())).body(newUser);
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method getScenarioFile.
@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
Contract contract = contractDataService.read(Long.valueOf(contractId));
if (contract.getUser().getId().equals(getCurrentUser().getId())) {
try {
for (Scenario scenario : contract.getScenarioSet()) {
if (scenario.getId().equals(Long.valueOf(scenarioId))) {
InputStream is = IOUtils.toInputStream(scenario.getContent());
IOUtils.copy(is, response.getOutputStream());
response.setContentType(TgolKeyStore.CONTENT_TYPE);
StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
strb.append(scenario.getLabel());
strb.append(TgolKeyStore.JSON_EXTENSION);
response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
response.flushBuffer();
return;
}
}
throw new ForbiddenPageException(getCurrentUser());
} catch (IOException ex) {
throw new RuntimeException("IOError writing file to output stream");
}
} else {
throw new ForbiddenPageException(getCurrentUser());
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method submitForm.
@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
Contract contract = contractDataService.read(auditSetUpCommand.getContractId());
Map<String, List<AuditSetUpFormField>> formFielMap = getFreshAuditSetUpFormFieldMap(contract, scenarioOptionFormFieldBuilderMap);
return submitForm(contract, auditSetUpCommand, formFielMap, auditSiteSetUpFormValidator, model, result, request);
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method addScenario.
@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_MANAGEMENT_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String addScenario(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AddScenarioCommand addScenarioCommand, BindingResult result, Model model, HttpServletRequest request) {
Contract contract = contractDataService.read(addScenarioCommand.getContractId());
addScenarioFormValidator.validate(addScenarioCommand, result);
// and the same page with updated data is displayed again
if (!result.hasErrors()) {
saveScenario(addScenarioCommand, contract);
model.addAttribute(TgolKeyStore.NEW_SCENARIO_NAME_KEY, addScenarioCommand.getScenarioLabel());
prepareScenarioManagementData(model, addScenarioCommand.getContractId().toString());
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
addScenarioListToModel(contract, model);
model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, addScenarioCommand);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditSynthesisController method displayAuditTestSynthesisFromContract.
/**
* @param auditId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long aId;
try {
aId = Long.valueOf(auditId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
Audit audit = auditDataService.read(aId);
if (isUserAllowedToDisplayResult(audit)) {
if (isAuthorizedScopeForSynthesis(audit)) {
Contract contract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, parameterDataService.getReferentialKeyFromAudit(audit));
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
Site site = (Site) audit.getSubject();
// TODO cas manual
addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, statisticsDataService.getFailedTestByOccurrence(site, audit, -1));
model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, siteScope));
model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
} else {
throw new ForbiddenPageException();
}
} else {
throw new ForbiddenUserException();
}
}
Aggregations