Search in sources :

Example 21 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class ContractManagementController method deleteContractAuditsConfirmationPage.

/**
     * 
     * @param request
     * @param response
     * @param model
     * @return 
     */
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
    Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
    Long lContractId;
    if (contractId instanceof Long) {
        lContractId = (Long) contractId;
    } else {
        try {
            lContractId = Long.valueOf(contractId.toString());
        } catch (NumberFormatException nfe) {
            throw new ForbiddenUserException();
        }
    }
    Contract contractToDelete = getContractDataService().read(lContractId);
    deleteAllAuditsFromContract(contractToDelete);
    request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
    request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY, contractToDelete.getLabel());
    model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
    return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 22 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class HomeController method submitForm.

@RequestMapping(value = TgolKeyStore.HOME_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, BindingResult result, Model model, HttpServletRequest request) {
    User user = getCurrentUser();
    if (!user.getId().equals(contractDisplayCommand.getUserId())) {
        throw new ForbiddenUserException();
    }
    // The page is displayed with sort option. Form needs to be set up
    model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContractInfo(user, contractDisplayCommand, displayOptionFieldsBuilderList, model));
    return TgolKeyStore.HOME_VIEW_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 23 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditResultController method displayAuditResultFromContract.

/**
     * General router when receive audit-result request. Regarding the scope of
     * the audit, the returned page may differ.
     *
     * @param auditId
     * @param request
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditResultFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, Model model) {
    try {
        Audit audit = getAuditDataService().read(Long.valueOf(auditId));
        Act act = getActDataService().getActFromAudit(audit);
        switch(act.getScope().getCode()) {
            case FILE:
            case PAGE:
                model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
                return TgolKeyStore.RESULT_PAGE_VIEW_REDIRECT_NAME;
            case DOMAIN:
            case SCENARIO:
                model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
                return TgolKeyStore.SYNTHESIS_SITE_VIEW_REDIRECT_NAME;
            case GROUPOFFILES:
            case GROUPOFPAGES:
                model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
                model.addAttribute(TgolKeyStore.STATUS_KEY, HttpStatusCodeFamily.f2xx.name());
                return TgolKeyStore.PAGE_LIST_XXX_VIEW_REDIRECT_NAME;
            default:
                throw new ForbiddenPageException();
        }
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Act(org.asqatasun.webapp.entity.contract.Act) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 24 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditScenarioController method deleteScenarioFile.

@RequestMapping(value = TgolKeyStore.DELETE_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String deleteScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Contract contract = getContractDataService().read(Long.valueOf(contractId));
    if (contract.getUser().getId().equals(getCurrentUser().getId())) {
        for (Scenario scenario : contract.getScenarioSet()) {
            if (scenario.getId().equals(Long.valueOf(scenarioId))) {
                deleteScenario(scenario, contract);
                model.addAttribute(TgolKeyStore.DELETED_SCENARIO_NAME_KEY, scenario.getLabel());
                prepareScenarioManagementData(model, contractId);
                return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
            }
        }
        throw new ForbiddenPageException(getCurrentUser());
    } else {
        throw new ForbiddenPageException(getCurrentUser());
    }
}
Also used : Contract(org.asqatasun.webapp.entity.contract.Contract) Scenario(org.asqatasun.webapp.entity.scenario.Scenario) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 25 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class UserManagementController method submitAddContractAdminPage.

/**
     * @param ccc the CreateContractCommand 
     * @param result
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitAddContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand ccc, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
    Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
    getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
    // We check whether the form is valid
    getCreateContractFormValidator().validateMultipleUsers(ccc, result);
    if (result.hasErrors()) {
        return displayFormWithErrors(model, ccc, null, null, optionFormFieldMap, TgolKeyStore.ADD_CONTRACT_VIEW_NAME);
    }
    Collection<User> userList = ccc.getUserList();
    StringBuilder strb = new StringBuilder();
    for (User user : userList) {
        if (user != null) {
            Contract contract = getContractDataService().create();
            contract.setUser(user);
            contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(ccc, contract);
            getContractDataService().saveOrUpdate(contract);
            strb.append(user.getEmail1());
            strb.append(", ");
        }
    }
    request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, ccc.getLabel());
    request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_USERS_NAME_KEY, strb.toString());
    return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) List(java.util.List) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)36 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)29 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)20 Contract (org.asqatasun.webapp.entity.contract.Contract)17 User (org.asqatasun.webapp.entity.user.User)14 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)13 Audit (org.asqatasun.entity.audit.Audit)6 List (java.util.List)4 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)3 Reference (org.asqatasun.entity.reference.Reference)2 Site (org.asqatasun.entity.subject.Site)2 WebResource (org.asqatasun.entity.subject.WebResource)2 Act (org.asqatasun.webapp.entity.contract.Act)2 AuditSetUpFormValidator (org.asqatasun.webapp.validator.AuditSetUpFormValidator)2 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 SSP (org.asqatasun.entity.audit.SSP)1 Test (org.asqatasun.entity.reference.Test)1 Page (org.asqatasun.entity.subject.Page)1 ScopeEnum (org.asqatasun.webapp.entity.contract.ScopeEnum)1