use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class AuditScenarioController method displayScenarioSetUp.
@RequestMapping(value = TgolKeyStore.AUDIT_SCENARIO_SET_UP_CONTRACT_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_USER_KEY, TgolKeyStore.ROLE_ADMIN_KEY })
public String displayScenarioSetUp(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, @RequestParam(TgolKeyStore.SCENARIO_ID_KEY) String scenarioId, HttpServletRequest request, HttpServletResponse response, Model model) {
Scenario scenario = scenarioDataService.read(Long.valueOf(scenarioId));
model.addAttribute(TgolKeyStore.SCENARIO_KEY, scenario);
return displayAuditSetUpView(TgolKeyStore.AUDIT_SCENARIO_SET_UP_VIEW_NAME, contractId, scenarioId, getScenarioOptionFormFieldBuilderMap(), ScopeEnum.SCENARIO, model);
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method deleteContractPage.
/**
* @param contractId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lContractId;
try {
lContractId = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
Contract contractToDelete = getContractDataService().read(lContractId);
request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY, contractToDelete.getId());
model.addAttribute(TgolKeyStore.CONTRACT_NAME_TO_DELETE_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
model.addAttribute(TgolKeyStore.USER_NAME_KEY, contractToDelete.getUser().getEmail1());
return TgolKeyStore.DELETE_CONTRACT_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method deleteContractAuditsPage.
/**
*
* @param contractId
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_AUDITS_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String deleteContractAuditsPage(@RequestParam(TgolKeyStore.CONTRACT_ID_KEY) String contractId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lContractId;
try {
lContractId = Long.valueOf(contractId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
Contract contractToDelete = getContractDataService().read(lContractId);
model.addAttribute(TgolKeyStore.CONTRACT_NAME_TO_DELETE_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
model.addAttribute(TgolKeyStore.USER_NAME_KEY, contractToDelete.getUser().getEmail1());
request.getSession().setAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY, contractToDelete.getId());
return TgolKeyStore.DELETE_AUDITS_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method displayManageContractsAdminPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.MANAGE_CONTRACTS_URL, method = RequestMethod.GET)
@Secured({ TgolKeyStore.ROLE_ADMIN_KEY })
public String displayManageContractsAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
if (request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY) != null) {
model.addAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY));
request.getSession().removeAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY);
}
if (request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY) != null) {
model.addAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY));
request.getSession().removeAttribute(TgolKeyStore.DELETED_CONTRACT_AUDITS_NAME_KEY);
}
if (request.getSession().getAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY) != null) {
model.addAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY));
request.getSession().removeAttribute(TgolKeyStore.UPDATED_CONTRACT_NAME_KEY);
}
if (request.getSession().getAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY) != null) {
model.addAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY, request.getSession().getAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY));
request.getSession().removeAttribute(TgolKeyStore.ADDED_CONTRACT_NAME_KEY);
}
User userToManage = getUserDataService().read(lUserId);
model.addAttribute(TgolKeyStore.CONTRACT_LIST_KEY, ContractSortCommandHelper.prepareContract(userToManage, null, displayOptionFieldsBuilderList, model));
model.addAttribute(TgolKeyStore.USER_NAME_KEY, userToManage.getEmail1());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_NAME;
}
use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method addContractAdminPage.
/**
* @param userId
* @param request
* @param response
* @param model
* @return The pages audit set-up form page
*/
@RequestMapping(value = TgolKeyStore.ADD_CONTRACT_FROM_CONTRACT_MNGT_URL, method = RequestMethod.GET)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String addContractAdminPage(@RequestParam(TgolKeyStore.USER_ID_KEY) String userId, HttpServletRequest request, HttpServletResponse response, Model model) {
Long lUserId;
try {
lUserId = Long.valueOf(userId);
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
User userToManage = getUserDataService().read(lUserId);
if (userToManage == null) {
throw new ForbiddenUserException();
}
request.getSession().setAttribute(TgolKeyStore.USER_ID_KEY, lUserId);
return prepateDataAndReturnCreateContractView(model, userToManage, null, ContractOptionFormFieldHelper.getFreshContractOptionFormFieldMap(getContractOptionFormFieldBuilderMap()), TgolKeyStore.ADD_CONTRACT_VIEW_NAME);
}
Aggregations