Search in sources :

Example 96 with Secured

use of org.springframework.security.access.annotation.Secured in project hello-world by haoziapple.

the class UserResource method createUser.

/**
 * POST  /users  : Creates a new user.
 * <p>
 * Creates a new user if the login and email are not already used, and sends an
 * mail with an activation link.
 * The user needs to be activated on creation.
 *
 * @param userDTO the user to create
 * @return the ResponseEntity with status 201 (Created) and with body the new user, or with status 400 (Bad Request) if the login or email is already in use
 * @throws URISyntaxException if the Location URI syntax is incorrect
 * @throws BadRequestAlertException 400 (Bad Request) if the login or email is already in use
 */
@PostMapping("/users")
@Timed
@Secured(AuthoritiesConstants.ADMIN)
public ResponseEntity<User> createUser(@Valid @RequestBody UserDTO userDTO) throws URISyntaxException {
    log.debug("REST request to save User : {}", userDTO);
    if (userDTO.getId() != null) {
        throw new BadRequestAlertException("A new user cannot already have an ID", "userManagement", "idexists");
    // Lowercase the user login before comparing with database
    } else if (userRepository.findOneByLogin(userDTO.getLogin().toLowerCase()).isPresent()) {
        throw new LoginAlreadyUsedException();
    } else if (userRepository.findOneByEmailIgnoreCase(userDTO.getEmail()).isPresent()) {
        throw new EmailAlreadyUsedException();
    } else {
        User newUser = userService.createUser(userDTO);
        mailService.sendCreationEmail(newUser);
        return ResponseEntity.created(new URI("/api/users/" + newUser.getLogin())).headers(HeaderUtil.createAlert("A user is created with identifier " + newUser.getLogin(), newUser.getLogin())).body(newUser);
    }
}
Also used : BadRequestAlertException(com.haozi.app.web.rest.errors.BadRequestAlertException) User(com.haozi.app.domain.User) LoginAlreadyUsedException(com.haozi.app.web.rest.errors.LoginAlreadyUsedException) URI(java.net.URI) EmailAlreadyUsedException(com.haozi.app.web.rest.errors.EmailAlreadyUsedException) Secured(org.springframework.security.access.annotation.Secured) Timed(com.codahale.metrics.annotation.Timed)

Example 97 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method getScenarioFile.

@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
    Contract contract = contractDataService.read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        try {
            for (Scenario scenario : contract.getScenarioSet()) {
                if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                    InputStream is = IOUtils.toInputStream(scenario.getContent());
                    IOUtils.copy(is, response.getOutputStream());
                    response.setContentType(TgolKeyStore.CONTENT_TYPE);
                    StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
                    strb.append(scenario.getLabel());
                    strb.append(TgolKeyStore.JSON_EXTENSION);
                    response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
                    response.flushBuffer();
                    return;
                }
            }
            throw new ForbiddenPageException(getCurrentUser());
        } catch (IOException ex) {
            throw new RuntimeException("IOError writing file to output stream");
        }
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}
Also used : InputStream(java.io.InputStream) IOException(java.io.IOException) Contract(org.asqatasun.entity.contract.Contract) Scenario(org.asqatasun.entity.scenario.Scenario) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 98 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method submitForm.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = contractDataService.read(auditSetUpCommand.getContractId());
    Map<String, List<AuditSetUpFormField>> formFielMap = getFreshAuditSetUpFormFieldMap(contract, scenarioOptionFormFieldBuilderMap);
    return submitForm(contract, auditSetUpCommand, formFielMap, auditSiteSetUpFormValidator, model, result, request);
}
Also used : Contract(org.asqatasun.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 99 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method addScenario.

@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_MANAGEMENT_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String addScenario(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AddScenarioCommand addScenarioCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = contractDataService.read(addScenarioCommand.getContractId());
    addScenarioFormValidator.validate(addScenarioCommand, result);
    // and the same page with updated data is displayed again
    if (!result.hasErrors()) {
        saveScenario(addScenarioCommand, contract);
        model.addAttribute(TgolKeyStore.NEW_SCENARIO_NAME_KEY, addScenarioCommand.getScenarioLabel());
        prepareScenarioManagementData(model, addScenarioCommand.getContractId().toString());
        return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
    }
    addScenarioListToModel(contract, model);
    model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, addScenarioCommand);
    model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
    return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
Also used : Contract(org.asqatasun.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 100 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditTestSynthesisFromContract.

/**
 * @param auditId
 * @param request
 * @param response
 * @param model
 * @return
 */
@RequestMapping(value = TgolKeyStore.FAILED_TEST_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditTestSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = auditDataService.read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.REFERENTIAL_CD_KEY, parameterDataService.getReferentialKeyFromAudit(audit));
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            Site site = (Site) audit.getSubject();
            // TODO cas manual
            addAuditStatisticsToModel(site, model, TgolKeyStore.TEST_DISPLAY_SCOPE_VALUE);
            model.addAttribute(TgolKeyStore.FAILED_TEST_INFO_BY_OCCURRENCE_SET_KEY, statisticsDataService.getFailedTestByOccurrence(site, audit, -1));
            model.addAttribute(TgolKeyStore.HAS_SITE_SCOPE_TEST_KEY, processResultDataService.hasAuditSiteScopeResult(site, siteScope));
            model.addAttribute(TgolKeyStore.STATUS_KEY, computeAuditStatus(site.getAudit()));
            return TgolKeyStore.FAILED_TEST_LIST_VIEW_NAME;
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}
Also used : Site(org.asqatasun.entity.subject.Site) Audit(org.asqatasun.entity.audit.Audit) Contract(org.asqatasun.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)260 VerticalLayout (com.vaadin.ui.VerticalLayout)117 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)52 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)23 HorizontalLayout (com.vaadin.ui.HorizontalLayout)20 CollectSurvey (org.openforis.collect.model.CollectSurvey)20 UserAccount (com.hack23.cia.model.internal.application.user.impl.UserAccount)18 Contract (org.asqatasun.entity.contract.Contract)17 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)16 Timed (com.codahale.metrics.annotation.Timed)14 ViewRiksdagenParty (com.hack23.cia.model.internal.application.data.party.impl.ViewRiksdagenParty)14 CreateApplicationEventRequest (com.hack23.cia.service.api.action.application.CreateApplicationEventRequest)14 URI (java.net.URI)14 User (org.asqatasun.entity.user.User)14 ViewRiksdagenCommittee (com.hack23.cia.model.internal.application.data.committee.impl.ViewRiksdagenCommittee)13 ViewRiksdagenPolitician (com.hack23.cia.model.internal.application.data.politician.impl.ViewRiksdagenPolitician)13 SessionState (org.openforis.collect.web.session.SessionState)13 CollectRecord (org.openforis.collect.model.CollectRecord)12 DocumentElement (com.hack23.cia.model.external.riksdagen.dokumentlista.impl.DocumentElement)11 ArrayList (java.util.ArrayList)11