use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditSetUpController method submitAuditSetUpForm.
/**
* Submit in case of site audit
* @param auditSetUpCommand
* @param result
* @param model
* @param request
* @return
*/
@RequestMapping(method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitAuditSetUpForm(@ModelAttribute(TgolKeyStore.AUDIT_SET_UP_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
Contract contract = getContractDataService().read(auditSetUpCommand.getContractId());
Map<String, List<AuditSetUpFormField>> formFielMap = null;
AuditSetUpFormValidator auditSetUpFormValidator = null;
if (auditSetUpCommand.getRelaunch()) {
return launchAudit(contract, auditSetUpCommand, model, request);
}
switch(auditSetUpCommand.getScope()) {
case DOMAIN:
formFielMap = getFreshAuditSetUpFormFieldMap(contract, getSiteOptionFormFieldBuilderMap());
auditSetUpFormValidator = getAuditSiteSetUpFormValidator();
break;
case PAGE:
formFielMap = getFreshAuditSetUpFormFieldMap(contract, getPageOptionFormFieldBuilderMap());
auditSetUpFormValidator = getAuditPageSetUpFormValidator();
break;
case FILE:
formFielMap = getFreshAuditSetUpFormFieldMap(contract, getUploadOptionFormFieldBuilderMap());
auditSetUpFormValidator = getAuditUploadSetUpFormValidator();
break;
}
return submitForm(contract, auditSetUpCommand, formFielMap, auditSetUpFormValidator, model, result, request);
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditSynthesisController method displayAuditSynthesisFromContract.
/**
*
* @param auditId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.AUDIT_SYNTHESIS_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long aId;
try {
aId = Long.valueOf(auditId);
} catch (NumberFormatException nfe) {
throw new ForbiddenPageException();
}
Audit audit = getAuditDataService().read(aId);
if (isUserAllowedToDisplayResult(audit)) {
if (isAuthorizedScopeForSynthesis(audit)) {
Contract contract = retrieveContractFromAudit(audit);
model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
return prepareSynthesisSiteData(audit, model);
} else {
throw new ForbiddenPageException();
}
} else {
throw new ForbiddenUserException();
}
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class UserManagementController method displayDeleteUserAuditsConfirmationPage.
/**
* @param request
* @param response
* @param model
* @return the name of the view that displays the confirmation page
* when trying to delete all the audits of a user
*/
@RequestMapping(value = TgolKeyStore.DELETE_USER_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
Long lUserId;
if (userId instanceof Long) {
lUserId = (Long) userId;
} else {
try {
lUserId = Long.valueOf(userId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
User userToDelete = getUserDataService().read(lUserId);
for (Contract contract : userToDelete.getContractSet()) {
deleteAllAuditsFromContract(contract);
}
request.getSession().removeAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_USER_AUDITS_KEY, userToDelete.getEmail1());
return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class UserManagementController method displayEditUserAdminPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayEditUserAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToModify = getUserDataService().read(lUserId);
model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToModify.getEmail1());
request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
return prepateDataAndReturnCreateUserView(model, userToModify, TgolKeyStore.EDIT_USER_VIEW_NAME);
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class UserManagementController method submitEditUserForm.
/**
* This methods controls the validity of the form and launch an audit with
* values populated by the user. In case of audit failure, an appropriate
* message is displayed
*
* @param createUserCommand
* @param result
* @param request
* @param model
* @return
* @throws Exception
*/
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
protected String submitEditUserForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, HttpServletRequest request, Model model) throws Exception {
Long userId;
try {
userId = (Long) (request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
boolean updateAllData = true;
if (getCurrentUser().getId().equals(userId)) {
updateAllData = false;
}
return submitUpdateUserForm(createUserCommand, result, request, model, getUserDataService().read(userId), TgolKeyStore.ADMIN_VIEW_NAME, TgolKeyStore.EDIT_USER_VIEW_NAME, updateAllData, true, TgolKeyStore.UPDATED_USER_NAME_KEY);
}
Aggregations