Search in sources :

Example 26 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditSetUpController method submitAuditSetUpForm.

/**
     * Submit in case of site audit
     * @param auditSetUpCommand
     * @param result
     * @param model
     * @param request
     * @return 
     */
@RequestMapping(method = RequestMethod.POST)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
protected String submitAuditSetUpForm(@ModelAttribute(TgolKeyStore.AUDIT_SET_UP_COMMAND_KEY) AuditSetUpCommand auditSetUpCommand, BindingResult result, Model model, HttpServletRequest request) {
    Contract contract = getContractDataService().read(auditSetUpCommand.getContractId());
    Map<String, List<AuditSetUpFormField>> formFielMap = null;
    AuditSetUpFormValidator auditSetUpFormValidator = null;
    if (auditSetUpCommand.getRelaunch()) {
        return launchAudit(contract, auditSetUpCommand, model, request);
    }
    switch(auditSetUpCommand.getScope()) {
        case DOMAIN:
            formFielMap = getFreshAuditSetUpFormFieldMap(contract, getSiteOptionFormFieldBuilderMap());
            auditSetUpFormValidator = getAuditSiteSetUpFormValidator();
            break;
        case PAGE:
            formFielMap = getFreshAuditSetUpFormFieldMap(contract, getPageOptionFormFieldBuilderMap());
            auditSetUpFormValidator = getAuditPageSetUpFormValidator();
            break;
        case FILE:
            formFielMap = getFreshAuditSetUpFormFieldMap(contract, getUploadOptionFormFieldBuilderMap());
            auditSetUpFormValidator = getAuditUploadSetUpFormValidator();
            break;
    }
    return submitForm(contract, auditSetUpCommand, formFielMap, auditSetUpFormValidator, model, result, request);
}
Also used : AuditSetUpFormValidator(org.asqatasun.webapp.validator.AuditSetUpFormValidator) List(java.util.List) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 27 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class AuditSynthesisController method displayAuditSynthesisFromContract.

/**
     *
     * @param auditId
     * @param request
     * @param response
     * @param model
     * @return
     */
@RequestMapping(value = TgolKeyStore.AUDIT_SYNTHESIS_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayAuditSynthesisFromContract(@RequestParam(TgolKeyStore.AUDIT_ID_KEY) String auditId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long aId;
    try {
        aId = Long.valueOf(auditId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenPageException();
    }
    Audit audit = getAuditDataService().read(aId);
    if (isUserAllowedToDisplayResult(audit)) {
        if (isAuthorizedScopeForSynthesis(audit)) {
            Contract contract = retrieveContractFromAudit(audit);
            model.addAttribute(TgolKeyStore.CONTRACT_ID_KEY, contract.getId());
            model.addAttribute(TgolKeyStore.CONTRACT_NAME_KEY, contract.getLabel());
            model.addAttribute(TgolKeyStore.AUDIT_ID_KEY, auditId);
            model.addAttribute(TgolKeyStore.WEBRESOURCE_ID_KEY, audit.getSubject().getId());
            return prepareSynthesisSiteData(audit, model);
        } else {
            throw new ForbiddenPageException();
        }
    } else {
        throw new ForbiddenUserException();
    }
}
Also used : Audit(org.asqatasun.entity.audit.Audit) Contract(org.asqatasun.webapp.entity.contract.Contract) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) ForbiddenPageException(org.asqatasun.webapp.exception.ForbiddenPageException) Secured(org.springframework.security.access.annotation.Secured) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 28 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class UserManagementController method displayDeleteUserAuditsConfirmationPage.

/**
     * @param request
     * @param response
     * @param model
     * @return the name of the view that displays the confirmation page 
         * when trying to delete all the audits of a user
     */
@RequestMapping(value = TgolKeyStore.DELETE_USER_AUDITS_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayDeleteUserAuditsConfirmationPage(HttpServletRequest request, HttpServletResponse response, Model model) {
    Object userId = request.getSession().getAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
    Long lUserId;
    if (userId instanceof Long) {
        lUserId = (Long) userId;
    } else {
        try {
            lUserId = Long.valueOf(userId.toString());
        } catch (NumberFormatException nfe) {
            throw new ForbiddenUserException();
        }
    }
    User userToDelete = getUserDataService().read(lUserId);
    for (Contract contract : userToDelete.getContractSet()) {
        deleteAllAuditsFromContract(contract);
    }
    request.getSession().removeAttribute(TgolKeyStore.USER_ID_TO_DELETE_KEY);
    request.getSession().setAttribute(TgolKeyStore.DELETED_USER_AUDITS_KEY, userToDelete.getEmail1());
    return TgolKeyStore.ADMIN_VIEW_REDIRECT_NAME;
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Contract(org.asqatasun.webapp.entity.contract.Contract) Secured(org.springframework.security.access.annotation.Secured)

Example 29 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class UserManagementController method displayEditUserAdminPage.

/**
     * @param userId
     * @param request
     * @param response
     * @param model
     * @return The pages audit set-up form page
     */
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String displayEditUserAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
    Long lUserId;
    try {
        lUserId = Long.valueOf(userId);
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    User userToModify = getUserDataService().read(lUserId);
    model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToModify.getEmail1());
    request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
    return prepateDataAndReturnCreateUserView(model, userToModify, TgolKeyStore.EDIT_USER_VIEW_NAME);
}
Also used : User(org.asqatasun.webapp.entity.user.User) ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured)

Example 30 with Secured

use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.

the class UserManagementController method submitEditUserForm.

/**
     * This methods controls the validity of the form and launch an audit with
     * values populated by the user. In case of audit failure, an appropriate
     * message is displayed
     *
     * @param createUserCommand
     * @param result
     * @param request
     * @param model
     * @return
     * @throws Exception
     */
@RequestMapping(value = TgolKeyStore.EDIT_USER_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
protected String submitEditUserForm(@ModelAttribute(TgolKeyStore.CREATE_USER_COMMAND_KEY) CreateUserCommand createUserCommand, BindingResult result, HttpServletRequest request, Model model) throws Exception {
    Long userId;
    try {
        userId = (Long) (request.getSession().getAttribute(TgolKeyStore.USER_ID_KEY));
    } catch (NumberFormatException nfe) {
        throw new ForbiddenUserException();
    }
    boolean updateAllData = true;
    if (getCurrentUser().getId().equals(userId)) {
        updateAllData = false;
    }
    return submitUpdateUserForm(createUserCommand, result, request, model, getUserDataService().read(userId), TgolKeyStore.ADMIN_VIEW_NAME, TgolKeyStore.EDIT_USER_VIEW_NAME, updateAllData, true, TgolKeyStore.UPDATED_USER_NAME_KEY);
}
Also used : ForbiddenUserException(org.asqatasun.webapp.exception.ForbiddenUserException) Secured(org.springframework.security.access.annotation.Secured)

Aggregations

Secured (org.springframework.security.access.annotation.Secured)37 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)29 ForbiddenUserException (org.asqatasun.webapp.exception.ForbiddenUserException)20 Contract (org.asqatasun.webapp.entity.contract.Contract)17 User (org.asqatasun.webapp.entity.user.User)14 ForbiddenPageException (org.asqatasun.webapp.exception.ForbiddenPageException)13 Audit (org.asqatasun.entity.audit.Audit)6 List (java.util.List)4 Scenario (org.asqatasun.webapp.entity.scenario.Scenario)3 Reference (org.asqatasun.entity.reference.Reference)2 Site (org.asqatasun.entity.subject.Site)2 WebResource (org.asqatasun.entity.subject.WebResource)2 Act (org.asqatasun.webapp.entity.contract.Act)2 AuditSetUpFormValidator (org.asqatasun.webapp.validator.AuditSetUpFormValidator)2 User (com.arnaugarcia.uplace.domain.User)1 BadRequestAlertException (com.arnaugarcia.uplace.web.rest.errors.BadRequestAlertException)1 EmailAlreadyUsedException (com.arnaugarcia.uplace.web.rest.errors.EmailAlreadyUsedException)1 LoginAlreadyUsedException (com.arnaugarcia.uplace.web.rest.errors.LoginAlreadyUsedException)1 Timed (com.codahale.metrics.annotation.Timed)1 IOException (java.io.IOException)1