use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method getScenarioFile.
@RequestMapping(value = TgolKeyStore.DOWNLOAD_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public void getScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletResponse response) {
Contract contract = getContractDataService().read(Long.valueOf(contractId));
if (contract.getUser().getId().equals(getCurrentUser().getId())) {
try {
for (Scenario scenario : contract.getScenarioSet()) {
if (scenario.getId().equals(Long.valueOf(scenarioId))) {
InputStream is = IOUtils.toInputStream(scenario.getContent());
IOUtils.copy(is, response.getOutputStream());
response.setContentType(TgolKeyStore.CONTENT_TYPE);
StringBuilder strb = new StringBuilder(TgolKeyStore.ATTACHMENT);
strb.append(scenario.getLabel());
strb.append(TgolKeyStore.JSON_EXTENSION);
response.setHeader(TgolKeyStore.CONTENT_DISPOSITION, strb.toString());
response.flushBuffer();
break;
}
}
throw new ForbiddenPageException(getCurrentUser());
} catch (IOException ex) {
throw new RuntimeException("IOError writing file to output stream");
}
} else {
throw new ForbiddenPageException(getCurrentUser());
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method submitForm.
@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
Contract contract = getContractDataService().read(auditSetUpCommand.getContractId());
Map<String, List<AuditSetUpFormField>> formFielMap = getFreshAuditSetUpFormFieldMap(contract, getScenarioOptionFormFieldBuilderMap());
AuditSetUpFormValidator auditSetUpFormValidator = getAuditSiteSetUpFormValidator();
return submitForm(contract, auditSetUpCommand, formFielMap, auditSetUpFormValidator, model, result, request);
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method addScenario.
@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_MANAGEMENT_CONTRACT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String addScenario(@ModelAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY) AddScenarioCommand addScenarioCommand, BindingResult result, Model model, HttpServletRequest request) {
Contract contract = getContractDataService().read(addScenarioCommand.getContractId());
addScenarioFormValidator.validate(addScenarioCommand, result);
// and the same page with updated data is displayed again
if (!result.hasErrors()) {
saveScenario(addScenarioCommand, contract);
model.addAttribute(TgolKeyStore.NEW_SCENARIO_NAME_KEY, addScenarioCommand.getScenarioLabel());
prepareScenarioManagementData(model, addScenarioCommand.getContractId().toString());
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
addScenarioListToModel(contract, model);
model.addAttribute(TgolKeyStore.ADD_SCENARIO_COMMAND_KEY, addScenarioCommand);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AccountSettingsController method submitChangeTestWeight.
/**
*
* @param refCode
* @param changeTestWeightCommand
* @param result
* @param model
* @param request
* @return
* @throws Exception
*/
@RequestMapping(value = TgolKeyStore.TEST_WEIGHT_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String submitChangeTestWeight(@RequestParam(TgolKeyStore.REFERENTIAL_CD_KEY) String refCode, @ModelAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY) ChangeTestWeightCommand changeTestWeightCommand, BindingResult result, Model model, HttpServletRequest request) throws Exception {
Reference referential = refMap.get(refCode);
if (referential == null || !secondaryLevelMenuDisplayer.isRequestedReferentialModifiable(refCode)) {
throw new ForbiddenPageException();
}
// We check whether the form is valid
changeTestWeightFormValidator.validate(changeTestWeightCommand, result);
// If the form has some errors, we display it again with errors' details
addTestListAndModifiableRefToModel(referential, model);
model.addAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY, changeTestWeightCommand);
if (!result.hasErrors()) {
ChangeTestWeightCommandFactory.getInstance().updateUserTestWeight(getCurrentUser(), changeTestWeightCommand);
model.addAttribute(TgolKeyStore.TEST_WEIGHT_SUCCESSFULLY_UPDATED_KEY, true);
}
return TgolKeyStore.TEST_WEIGHT_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AccountSettingsController method submitAccountSettingForm.
/**
* This methods controls the validity of the edit user form.
* If the user tries to modidy its email, or try to desactivate its account
* or try to set him as admin where he's not admin, return attack message.
*
* @param createUserCommand
* @param result
* @param model
* @return
* @throws Exception
*/
@RequestMapping(value = TgolKeyStore.ACCOUNT_SETTINGS_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitAccountSettingForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, Model model) throws Exception {
User user = getCurrentUser();
if (this.forbiddenUserList.contains(user.getEmail1())) {
throw new ForbiddenPageException();
}
if (!createUserCommand.getEmail().equals(user.getEmail1()) || (createUserCommand.getAdmin() && !isUserAdmin(user))) {
model.addAttribute(TgolKeyStore.CREATE_USER_ATTACK_COMMAND_KEY, true);
return prepateDataAndReturnCreateUserView(model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME);
}
secondaryLevelMenuDisplayer.setModifiableReferentialsForUserToModel(user, model);
return submitUpdateUserForm(createUserCommand, result, null, model, user, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, TgolKeyStore.ACCOUNT_SETTINGS_VIEW_NAME, false, false, TgolKeyStore.UPDATED_USER_NAME_KEY);
}
Aggregations