@RequestMapping(value = "/delete", method = RequestMethod.GET)
  @PreAuthorize("hasRole('CTRL_PERM_DELETE_GET')")
  public String deletePermission(
      @RequestParam(value = "id", required = true) Integer id,
      @RequestParam(value = "phase", required = true) String phase,
      Model model,
      RedirectAttributes redirectAttrs) {

    Permission permission;
    try {
      permission = permissionService.getPermission(id);
    } catch (PermissionNotFoundException e) {
      String message =
          messageSource.getMessage(
              "ctrl.message.error.notfound", new Object[] {"permission id", id}, Locale.US);
      redirectAttrs.addFlashAttribute("error", message);
      return "redirect:/permission/list";
    }

    logger.debug(
        "IN: Permission/delete-GET | id = "
            + id
            + " | phase = "
            + phase
            + " | "
            + permission.toString());

    if (phase.equals(messageSource.getMessage("button.action.cancel", null, Locale.US))) {
      String message =
          messageSource.getMessage(
              "ctrl.message.success.cancel",
              new Object[] {"Delete", businessObject, permission.getPermissionname()},
              Locale.US);
      redirectAttrs.addFlashAttribute("message", message);
      return "redirect:/permission/list";
    } else if (phase.equals(messageSource.getMessage("button.action.stage", null, Locale.US))) {
      logger.debug("     deleting permission : " + permission.toString());
      model.addAttribute("permission", permission);
      return "permission-delete";
    } else if (phase.equals(messageSource.getMessage("button.action.delete", null, Locale.US))) {
      try {
        permissionService.deletePermission(permission.getId());
        String message =
            messageSource.getMessage(
                "ctrl.message.success.delete",
                new Object[] {businessObject, permission.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
        return "redirect:/permission/list";
      } catch (PermissionNotFoundException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound", new Object[] {"permission id", id}, Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }

    return "redirect:/permission/list";
  }
  @RequestMapping(value = "/edit", method = RequestMethod.GET)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_GET')")
  public String editPermissionPage(
      @RequestParam(value = "id", required = true) Integer id,
      Model model,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/edit-GET:  ID to query = " + id);

    try {
      if (!model.containsAttribute("permissionDTO")) {
        logger.debug("Adding permissionDTO object to model");
        Permission perm = permissionService.getPermission(id);
        PermissionDTO permissionDTO = getPermissionDTO(perm);
        logger.debug("Permission/edit-GET:  " + permissionDTO.toString());
        model.addAttribute("permissionDTO", permissionDTO);
      }
      return "permission-edit";
    } catch (PermissionNotFoundException e) {
      String message =
          messageSource.getMessage(
              "ctrl.message.error.notfound", new Object[] {"user id", id}, Locale.US);
      model.addAttribute("error", message);
      return "redirect:/permission/list";
    }
  }
  @RequestMapping(value = "/add", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_ADD_POST')")
  public String addPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/add-POST");
    logger.debug("  DTO: " + permissionDTO.toString());

    if (result.hasErrors()) {
      logger.debug("PermissionDTO add error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/list";
    } else {
      Permission perm = new Permission();

      try {
        perm = getPermission(permissionDTO);
        permissionService.addPermission(perm);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.add",
                new Object[] {businessObject, perm.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
        return "redirect:/permission/list";
      } catch (DuplicatePermissionException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
  }
  @RequestMapping(
      value = {"/", "/list"},
      method = RequestMethod.GET)
  @PreAuthorize("hasRole('CTRL_PERM_LIST_GET')")
  public String listPermissions(Model model) {
    logger.debug("IN: Permission/list-GET");

    List<Permission> permissions = permissionService.getPermissions();
    model.addAttribute("permissions", permissions);

    // if there was an error in /add, we do not want to overwrite
    // the existing user object containing the errors.
    if (!model.containsAttribute("permissionDTO")) {
      logger.debug("Adding PermissionDTO object to model");
      PermissionDTO permissionDTO = new PermissionDTO();
      model.addAttribute("permissionDTO", permissionDTO);
    }
    return "permission-list";
  }
  @RequestMapping(value = "/edit", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_POST')")
  public String editPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs,
      @RequestParam(value = "action", required = true) String action) {

    logger.debug("IN: Permission/edit-POST: " + action);

    if (action.equals(messageSource.getMessage("button.action.cancel", null, Locale.US))) {
      String message =
          messageSource.getMessage(
              "ctrl.message.success.cancel",
              new Object[] {"Edit", businessObject, permissionDTO.getPermissionname()},
              Locale.US);
      redirectAttrs.addFlashAttribute("message", message);
    } else if (result.hasErrors()) {
      logger.debug("Permission-edit error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/edit?id=" + permissionDTO.getId();
    } else if (action.equals(messageSource.getMessage("button.action.save", null, Locale.US))) {
      logger.debug("Permission/edit-POST:  " + permissionDTO.toString());
      try {
        Permission permission = getPermission(permissionDTO);
        permissionService.updatePermission(permission);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.update",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
      } catch (DuplicatePermissionException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (PermissionNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
    return "redirect:/permission/list";
  }