use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AccountSettingsController method displayChangeTestWeight.
/**
* This method displays the Change Test Weight page for the authentified user.
* This page is displayed if and only if the current user owns at least
* one contract on the wished referential.
*
* @param refCode
* @param request
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.TEST_WEIGHT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayChangeTestWeight(@RequestParam(TgolKeyStore.REFERENTIAL_CD_KEY) String refCode, HttpServletRequest request, Model model) {
Reference referential = refMap.get(refCode);
List<Test> testList = addTestListAndModifiableRefToModel(referential, model);
model.addAttribute(TgolKeyStore.CHANGE_TEST_WEIGHT_COMMAND_KEY, ChangeTestWeightCommandFactory.getInstance().getChangeTestWeightCommand(getCurrentUser(), getLocaleResolver().resolveLocale(request), testList, refCode));
return TgolKeyStore.TEST_WEIGHT_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditExportResultController method exportAuditResultFromContract.
/**
* The export view is only available for page result
*
* @param webresourceId
* @param format
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.EXPORT_AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String exportAuditResultFromContract(@RequestParam(value = TgolKeyStore.WEBRESOURCE_ID_KEY, required = false) String webresourceId, @RequestParam(value = TgolKeyStore.EXPORT_FORMAT_KEY, required = false) String format, HttpServletRequest request, HttpServletResponse response, Model model) {
if (format == null || webresourceId == null) {
throw new ForbiddenPageException();
}
//We first check that the current user is allowed to display the result
//of this audit
Long webResourceIdValue;
try {
webResourceIdValue = Long.valueOf(webresourceId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
WebResource webResource = getWebResourceDataService().ligthRead(webResourceIdValue);
// if the id of the webresource corresponds to a Site webResource
if (isUserAllowedToDisplayResult(getAuditFromWebResource(webResource))) {
// data are retrieved to be prepared and displayed
try {
prepareSuccessfullAuditDataToExport(webResource, model, getLocaleResolver().resolveLocale(request), format, request, response);
return null;
} catch (NotSupportedExportFormatException exc) {
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, webresourceId);
model.addAttribute(TgolKeyStore.EXPORT_FORMAT_KEY, format);
LOGGER.warn(exc);
return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
}
}
return TgolKeyStore.EXPORT_AUDIT_FORMAT_ERROR_VIEW_REDIRECT_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class PageListController method displayPageList.
/**
*
* @param request
* @param response
* @param model
* @return
* @throws java.lang.Exception
*/
@RequestMapping(value = TgolKeyStore.PAGE_LIST_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayPageList(HttpServletRequest request, HttpServletResponse response, Model model) throws Exception {
String auditId = ServletRequestUtils.getStringParameter(request, TgolKeyStore.AUDIT_ID_KEY);
if (auditId == null) {
throw new AuditParameterMissingException();
}
Audit audit;
try {
audit = getAuditDataService().read(Long.valueOf(auditId));
} catch (NumberFormatException e) {
throw new ForbiddenPageException(e);
}
if (isUserAllowedToDisplayResult(audit)) {
return pageLinkDispatcher(request, audit, model);
} else {
// method returns true or throws an exception
return TgolKeyStore.ACCESS_DENIED_VIEW_NAME;
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method submitManageContractsAdminPage.
/**
* @param contractDisplayCommand
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.MANAGE_CONTRACTS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitManageContractsAdminPage(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, @RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToManage = getUserDataService().read(lUserId);
model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContract(userToManage, contractDisplayCommand, displayOptionFieldsBuilderList, model));
model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToManage.getEmail1());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method submitEditContractAdminPage.
/**
* @param createContractCommand
* @param result
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitEditContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand createContractCommand, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contract = getContractDataService().read(lContractId);
Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
// We check whether the form is valid
getCreateContractFormValidator().validate(createContractCommand, result);
// If the form has some errors, we display it again with errors' details
if (result.hasErrors()) {
return displayFormWithErrors(model, createContractCommand, contract.getUser().getEmail1(), contract.getUser().getId(), optionFormFieldMap, TgolKeyStore.EDIT_CONTRACT_VIEW_NAME);
}
contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(createContractCommand, contract);
saveOrUpdateContract(contract);
request.getSession().setAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contract.getUser().getId());
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_KEY);
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Aggregations