@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'NEWSLETTER_WRITE')") @RequestMapping(value = "/write/{idNewsletter}", method = RequestMethod.GET) public String write( @ModelAttribute("newsletterWriteForm") NewsletterWriteForm newsletterWriteForm, Model layout, @PathVariable long idNewsletter, @LoggedUser AuthenticationUserDetails user, @LocaleLang Lang lang, HttpServletRequest request) { Map<String, Object> layoutMap = layout.asMap(); logger.info("=============> " + newsletterWriteForm); if (idNewsletter != 0) { Newsletter newsletter = newsletterRepository.getByIdAndAdmin( idNewsletter, conversionService.convert(user, Admin.class)); if (newsletter == null) { // TODO : certainement il vaut mieux implémanter une méthode du BackendController ou quelque // chose de ce type qui va gérer les erreurs "non autorisation d'accès" return "redirect:/backend/dashboard"; } logger.info("=========> Found newsletter " + newsletter); if (!layoutMap.containsKey("errors")) { newsletterWriteForm.setTitle(newsletter.getTitle()); newsletterWriteForm.setText(newsletter.getText()); newsletterWriteForm.setStartTime(newsletter.getSendTime()); newsletterWriteForm.setPreferencies(newsletter.getPreferenciesList()); } } List<NewsletterPreferencyCategoryLang> prefCategories = newsletterPreferencyCategoryLangRepository.getByLang(lang.getId()); newsletterWriteForm.setCategories( newsletterPreferencyService.getTranslatedCategories( prefCategories, lang, newsletterWriteForm.getPreferencies())); newsletterWriteForm.setTranslations( newsletterPreferencyService.getTranslations(prefCategories)); if (layoutMap.containsKey("errors")) { layout.addAttribute(addBinding, layoutMap.get("errors")); } try { csrfProtector.setIntention("b-newsletter-write"); newsletterWriteForm.setToken(csrfProtector.constructToken(request.getSession())); newsletterWriteForm.setAction(csrfProtector.getIntention()); logger.info("Generated token " + newsletterWriteForm.getToken()); } catch (Exception e) { logger.error("An exception occured on creating CSRF token", e); } return "newsletterWrite"; }
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'NEWSLETTER_WRITE')") @RequestMapping(value = "/write/{idNewsletter}", method = RequestMethod.POST) public String writeHandle( @ModelAttribute("newsletterWriteForm") NewsletterWriteForm newsletterWriteForm, Model layout, RedirectAttributes redAtt, @LoggedUser AuthenticationUserDetails user, @PathVariable long idNewsletter, HttpServletRequest request) { logger.info("Received POST request " + newsletterWriteForm); DataBinder binder = new DataBinder(newsletterWriteForm); binder.setValidator( new NewsletterWriteFormValidator(newsletterSubscriberService, csrfProtector, request)); binder.validate(); BindingResult results = binder.getBindingResult(); logger.info("==================> After BookForm validation " + results); if (results.hasErrors()) { redAtt.addFlashAttribute("error", true); redAtt.addFlashAttribute("newsletterWriteForm", newsletterWriteForm); redAtt.addFlashAttribute("errors", results); logger.info("errors found = " + newsletterWriteForm); } else { try { Newsletter newsletter = null; if (idNewsletter != 0) { newsletter = newsletterRepository.getByIdAndAdmin( idNewsletter, conversionService.convert(user, Admin.class)); if (newsletter == null) { // TODO : certainement il vaut mieux implémanter une méthode du BackendController ou // quelque chose de ce type qui va gérer les erreurs "non autorisation d'accès" return "redirect:/backend/dashboard"; } } logger.info("No error found !"); newsletterService.addNewsletter(newsletterWriteForm, user, newsletter); redAtt.addFlashAttribute("success", true); } catch (Exception e) { results.addError(getExceptionError("newsletterWriteForm")); redAtt.addFlashAttribute("error", true); redAtt.addFlashAttribute("newsletterWriteForm", newsletterWriteForm); redAtt.addFlashAttribute("errors", results); } } return "redirect:/backend/newsletter/write/" + idNewsletter; }