use of org.springframework.security.access.annotation.Secured in project Asqatasun by Asqatasun.
the class ContractManagementController method submitDeleteContractConfirmation.
/**
*
* @param request
* @param response
* @param model
* @return
*/
@RequestMapping(value = TgolKeyStore.DELETE_CONTRACT_URL, method = RequestMethod.POST)
@Secured(TgolKeyStore.ROLE_ADMIN_KEY)
public String submitDeleteContractConfirmation(HttpServletRequest request, HttpServletResponse response, Model model) {
Object contractId = request.getSession().getAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
Long lContractId;
if (contractId instanceof Long) {
lContractId = (Long) contractId;
} else {
try {
lContractId = Long.valueOf(contractId.toString());
} catch (NumberFormatException nfe) {
throw new ForbiddenUserException();
}
}
Contract contractToDelete = getContractDataService().read(lContractId);
getContractDataService().delete(contractToDelete.getId());
// to be updated
if (getAuthenticatedUsername().equals(contractToDelete.getUser().getEmail1())) {
updateCurrentUser(getUserDataService().read(contractToDelete.getUser().getId()));
}
request.getSession().removeAttribute(TgolKeyStore.CONTRACT_ID_TO_DELETE_KEY);
request.getSession().setAttribute(TgolKeyStore.DELETED_CONTRACT_NAME_KEY, contractToDelete.getLabel());
model.addAttribute(TgolKeyStore.USER_ID_KEY, contractToDelete.getUser().getId());
return TgolKeyStore.MANAGE_CONTRACTS_VIEW_REDIRECT_NAME;
}
Aggregations