@RequestMapping(value = "/edit", method = RequestMethod.GET)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_GET')")
  public String editPermissionPage(
      @RequestParam(value = "id", required = true) Integer id,
      Model model,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/edit-GET:  ID to query = " + id);

    try {
      if (!model.containsAttribute("permissionDTO")) {
        logger.debug("Adding permissionDTO object to model");
        Permission perm = permissionService.getPermission(id);
        PermissionDTO permissionDTO = getPermissionDTO(perm);
        logger.debug("Permission/edit-GET:  " + permissionDTO.toString());
        model.addAttribute("permissionDTO", permissionDTO);
      }
      return "permission-edit";
    } catch (PermissionNotFoundException e) {
      String message =
          messageSource.getMessage(
              "ctrl.message.error.notfound", new Object[] {"user id", id}, Locale.US);
      model.addAttribute("error", message);
      return "redirect:/permission/list";
    }
  }
  @RequestMapping(value = "/add", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_ADD_POST')")
  public String addPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs) {

    logger.debug("IN: Permission/add-POST");
    logger.debug("  DTO: " + permissionDTO.toString());

    if (result.hasErrors()) {
      logger.debug("PermissionDTO add error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/list";
    } else {
      Permission perm = new Permission();

      try {
        perm = getPermission(permissionDTO);
        permissionService.addPermission(perm);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.add",
                new Object[] {businessObject, perm.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
        return "redirect:/permission/list";
      } catch (DuplicatePermissionException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException e) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
  }
  @RequestMapping(value = "/edit", method = RequestMethod.POST)
  @PreAuthorize("hasRole('CTRL_PERM_EDIT_POST')")
  public String editPermission(
      @Valid @ModelAttribute PermissionDTO permissionDTO,
      BindingResult result,
      RedirectAttributes redirectAttrs,
      @RequestParam(value = "action", required = true) String action) {

    logger.debug("IN: Permission/edit-POST: " + action);

    if (action.equals(messageSource.getMessage("button.action.cancel", null, Locale.US))) {
      String message =
          messageSource.getMessage(
              "ctrl.message.success.cancel",
              new Object[] {"Edit", businessObject, permissionDTO.getPermissionname()},
              Locale.US);
      redirectAttrs.addFlashAttribute("message", message);
    } else if (result.hasErrors()) {
      logger.debug("Permission-edit error: " + result.toString());
      redirectAttrs.addFlashAttribute(
          "org.springframework.validation.BindingResult.permissionDTO", result);
      redirectAttrs.addFlashAttribute("permissionDTO", permissionDTO);
      return "redirect:/permission/edit?id=" + permissionDTO.getId();
    } else if (action.equals(messageSource.getMessage("button.action.save", null, Locale.US))) {
      logger.debug("Permission/edit-POST:  " + permissionDTO.toString());
      try {
        Permission permission = getPermission(permissionDTO);
        permissionService.updatePermission(permission);
        String message =
            messageSource.getMessage(
                "ctrl.message.success.update",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("message", message);
      } catch (DuplicatePermissionException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.duplicate",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (PermissionNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {businessObject, permissionDTO.getPermissionname()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      } catch (RoleNotFoundException unf) {
        String message =
            messageSource.getMessage(
                "ctrl.message.error.notfound",
                new Object[] {"role ids", permissionDTO.getPermRoles().toString()},
                Locale.US);
        redirectAttrs.addFlashAttribute("error", message);
        return "redirect:/permission/list";
      }
    }
    return "redirect:/permission/list";
  }