use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method deleteContractAuditsConfirmationPage.
/**
*
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contractToDelete = getContractDataService().read(lContractId);
deleteAllAuditsFromContract(contractToDelete);
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class HomeController method submitForm.
@RequestMapping(value = TgolKeyStore.HOME_URL, method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitForm(@ModelAttribute(TgolKeyStore.CONTRACT_SORT_COMMAND_KEY) ContractSortCommand contractDisplayCommand, BindingResult result, Model model, HttpServletRequest request) {
User user = getCurrentUser();
if (!user.getId().equals(contractDisplayCommand.getUserId())) {
throw new ForbiddenUserException();
}
// The page is displayed with sort option. Form needs to be set up
model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContractInfo(user, contractDisplayCommand, displayOptionFieldsBuilderList, model));
return TgolKeyStore.HOME_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditResultController method displayAuditResultFromContract.
/**
* General router when receive audit-result request. Regarding the scope of
* the audit, the returned page may differ.
*
* @param auditId
* @param request
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.AUDIT_RESULT_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditResultFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, Model model) {
try {
Audit audit = getAuditDataService().read(Long.valueOf(auditId));
Act act = getActDataService().getActFromAudit(audit);
switch(act.getScope().getCode()) {
case FILE:
case PAGE:
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
return TgolKeyStore.RESULT_PAGE_VIEW_REDIRECT_NAME;
case DOMAIN:
case SCENARIO:
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
return TgolKeyStore.SYNTHESIS_SITE_VIEW_REDIRECT_NAME;
case GROUPOFFILES:
case GROUPOFPAGES:
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.STATUS_KEY, HttpStatusCodeFamily.f2xx.name());
return TgolKeyStore.PAGE_LIST_XXX_VIEW_REDIRECT_NAME;
default:
throw new ForbiddenPageException();
}
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method deleteScenarioFile.
@RequestMapping(value = TgolKeyStore.DELETE_SCENARIO_URL_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String deleteScenarioFile(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletRequest request, HttpServletResponse response, Model model) {
Contract contract = getContractDataService().read(Long.valueOf(contractId));
if (contract.getUser().getId().equals(getCurrentUser().getId())) {
for (Scenario scenario : contract.getScenarioSet()) {
if (scenario.getId().equals(Long.valueOf(scenarioId))) {
deleteScenario(scenario, contract);
model.addAttribute(TgolKeyStore.DELETED_SCENARIO_NAME_KEY, scenario.getLabel());
prepareScenarioManagementData(model, contractId);
return TgolKeyStore.SCENARIO_MANAGEMENT_VIEW_NAME;
}
}
throw new ForbiddenPageException(getCurrentUser());
} else {
throw new ForbiddenPageException(getCurrentUser());
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class UserManagementController method submitAddContractAdminPage.
/**
* @param ccc the CreateContractCommand
* @param result
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitAddContractAdminPage(@ModelAttribute(TgolKeyStore.CREATE_CONTRACT_COMMAND_KEY) CreateContractCommand ccc, BindingResult result, HttpServletRequest request, HttpServletResponse response, Model model) {
Map<String, List<ContractOptionFormField>> optionFormFieldMap = ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap());
getCreateContractFormValidator().setContractOptionFormFieldMap(optionFormFieldMap);
// We check whether the form is valid
getCreateContractFormValidator().validateMultipleUsers(ccc, result);
if (result.hasErrors()) {
return displayFormWithErrors(model, ccc, null, null, optionFormFieldMap, TgolKeyStore.ADD_CONTRACT_VIEW_NAME);
}
Collection<User> userList = ccc.getUserList();
StringBuilder strb = new StringBuilder();
for (User user : userList) {
if (user != null) {
Contract contract = getContractDataService().create();
contract.setUser(user);
contract = CreateContractCommandFactory.getInstance().updateContractFromCommand(ccc, contract);
getContractDataService().saveOrUpdate(contract);
strb.append(user.getEmail1());
strb.append(", ");
}
}
request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, ccc.getLabel());
request.getSession().setAttribute(TgolKeyStore.ADDED_CONTRACT_USERS_NAME_KEY, strb.toString());
return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
Aggregations