Search in sources :

Example 16 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AccountSettingsController method displayChangeTestWeight.

/**
     * This method displays the Change Test Weight page for the authentified user.
     * This page is displayed if and only if the current user owns at least 
     * one contract on the wished referential. 
     * 
     * @param refCode
     * @param request
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.TEST_WEIGHT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayChangeTestWeight(@RequestParam(TgolKeyStore.REFERENTIAL_CD_KEY) String refCode, HttpServletRequest request, Model model) {
    Reference referential = refMap.get(refCode);
    List<Test> testList = addTestListAndModifiableRefToModel(referential, model);
    model.addAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY, ChangeTestWeightCommandFactory.getInstance().getChangeTestWeightCommand(getCurrentUser(), getLocaleResolver().resolveLocale(request), testList, refCode));
    return TgolKeyStore.TEST_WEIGHT_VIEW_NAME;
}
Also used : Test(org.asqatasun.entity.reference.Test) Reference(org.asqatasun.entity.reference.Reference) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 17 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditExportResultController method exportAuditResultFromContract.

/**
     * The export view is only available for page result
     * 
     * @param webresourceId 
     * @param format 
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.EXPORT_AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String exportAuditResultFromContract(@RequestParam(value = TgolKeyStore.WEBRESOURCE_ID_KEY, required = false) String webresourceId, @RequestParam(value = TgolKeyStore.EXPORT_FORMAT_KEY, required = false) String format, HttpServletRequest request, HttpServletResponse response, Model model) {
    if (format == null || webresourceId == null) {
        throw new ForbiddenPageException();
    }
    //We first check that the current user is allowed to display the result
    //of this audit
    Long webResourceIdValue;
    try {
        webResourceIdValue = Long.valueOf(webresourceId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    WebResource webResource = getWebResourceDataService().ligthRead(webResourceIdValue);
    // if the id of the webresource corresponds to a Site webResource
    if (isUserAllowedToDisplayResult(getAuditFromWebResource(webResource))) {
        // data are retrieved to be prepared and displayed
        try {
            prepareSuccessfullAuditDataToExport(webResource, model, getLocaleResolver().resolveLocale(request), format, request, response);
            return null;
        } catch (NotSupportedExportFormatException exc) {
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, webresourceId);
            model.addAttribute(TgolKeyStore.EXPORT_FORMAT_KEY, format);
            LOGGER.warn(exc);
            return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
        }
    }
    return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
}
Also used : WebResource(org.asqatasun.entity.subject.WebResource) NotSupportedExportFormatException(org.asqatasun.webapp.report.service.exception.NotSupportedExportFormatException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 18 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class PageListController method displayPageList.

/**
     *
     * @param request
     * @param response
     * @param model
     * @return
     * @throws java.lang.Exception
     */
@RequestMapping(value = TgolKeyStore.PAGE_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayPageList(HttpServletRequest request, HttpServletResponse response, Model model) throws Exception {
    String auditId = ServletRequestUtils.getStringParameter(request, TgolKeyStore.AUDIT_ID_KEY);
    if (auditId == null) {
        throw new AuditParameterMissingException();
    }
    Audit audit;
    try {
        audit = getAuditDataService().read(Long.valueOf(auditId));
    } catch (NumberFormatException e) {
        throw new ForbiddenPageException(e);
    }
    if (isUserAllowedToDisplayResult(audit)) {
        return pageLinkDispatcher(request, audit, model);
    } else {
        // method returns true or throws an exception
        return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) AuditParameterMissingException(org.asqatasun.webapp.exception.AuditParameterMissingException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 19 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class ContractManagementController method submitManageContractsAdminPage.

/**
     * @param contractDisplayCommand
     * @param userId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.MANAGE_CONTRACTS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitManageContractsAdminPage(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, @RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lUserId;
    try {
        lUserId = Long.valueOf(userId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    User userToManage = getUserDataService().read(lUserId);
    model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContract(userToManage, contractDisplayCommand, displayOptionFieldsBuilderList, model));
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToManage.getEmail1());
    return TgolKeyStore.MANAGE_CONTRACTS_VIEW_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 20 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class ContractManagementController method submitEditContractAdminPage.

/**
     * @param createContractCommand
     * @param result
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitEditContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand createContractCommand, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
    Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_KEY);
    Long lContractId;
    if (contractId instanceof Long) {
        lContractId = (Long) contractId;
    } else {
        try {
            lContractId = Long.valueOf(contractId.toString());
        } catch (NumberFormatException nfe) {
            throw new ForbiddenUserException();
        }
    }
    Contract contract = getContractDataService().read(lContractId);
    Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
    getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
    // We check whether the form is valid
    getCreateContractFormValidator().validate(createContractCommand, result);
    // If the form has some errors, we display it again with errors' details
    if (result.hasErrors()) {
        return displayFormWithErrors(model, createContractCommand, contract.getUser().getEmail1(), contract.getUser().getId(), optionFormFieldMap, TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
    }
    contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(createContractCommand, contract);
    saveOrUpdateContract(contract);
    request.getSession().setAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY, contract.getLabel());
    model.addAttribute(TgolKeyStore.USER_ID_KEY, contract.getUser().getId());
    request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_KEY);
    return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Also used : List(java.util.List) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)36 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)29 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)20 Contract (org.asqatasun.webapp.entity.contract.Contract)17 User (org.asqatasun.webapp.entity.user.User)14 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)13 Audit (org.asqatasun.entity.audit.Audit)6 List (java.util.List)4 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)3 Reference (org.asqatasun.entity.reference.Reference)2 Site (org.asqatasun.entity.subject.Site)2 WebResource (org.asqatasun.entity.subject.WebResource)2 Act (org.asqatasun.webapp.entity.contract.Act)2 AuditSetUpFormValidator (org.asqatasun.webapp.validator.AuditSetUpFormValidator)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 SSP (org.asqatasun.entity.audit.SSP)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ScopeEnum (org.asqatasun.webapp.entity.contract.ScopeEnum)1