@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'NEWSLETTER_WRITE')")
@RequestMapping(value = "/write/{idNewsletter}", method = RequestMethod.GET)
public String write(
@ModelAttribute("newsletterWriteForm") NewsletterWriteForm newsletterWriteForm,
Model layout,
@PathVariable long idNewsletter,
@LoggedUser AuthenticationUserDetails user,
@LocaleLang Lang lang,
HttpServletRequest request) {
Map<String, Object> layoutMap = layout.asMap();
logger.info("=============> " + newsletterWriteForm);
if (idNewsletter != 0) {
Newsletter newsletter =
newsletterRepository.getByIdAndAdmin(
idNewsletter, conversionService.convert(user, Admin.class));
if (newsletter == null) {
// TODO : certainement il vaut mieux implémanter une méthode du BackendController ou quelque
// chose de ce type qui va gérer les erreurs "non autorisation d'accès"
return "redirect:/backend/dashboard";
}
logger.info("=========> Found newsletter " + newsletter);
if (!layoutMap.containsKey("errors")) {
newsletterWriteForm.setTitle(newsletter.getTitle());
newsletterWriteForm.setText(newsletter.getText());
newsletterWriteForm.setStartTime(newsletter.getSendTime());
newsletterWriteForm.setPreferencies(newsletter.getPreferenciesList());
}
}
List<NewsletterPreferencyCategoryLang> prefCategories =
newsletterPreferencyCategoryLangRepository.getByLang(lang.getId());
newsletterWriteForm.setCategories(
newsletterPreferencyService.getTranslatedCategories(
prefCategories, lang, newsletterWriteForm.getPreferencies()));
newsletterWriteForm.setTranslations(
newsletterPreferencyService.getTranslations(prefCategories));
if (layoutMap.containsKey("errors")) {
layout.addAttribute(addBinding, layoutMap.get("errors"));
}
try {
csrfProtector.setIntention("b-newsletter-write");
newsletterWriteForm.setToken(csrfProtector.constructToken(request.getSession()));
newsletterWriteForm.setAction(csrfProtector.getIntention());
logger.info("Generated token " + newsletterWriteForm.getToken());
} catch (Exception e) {
logger.error("An exception occured on creating CSRF token", e);
}
return "newsletterWrite";
}
@PreAuthorize("hasAnyRole('ROLE_ADMIN', 'NEWSLETTER_WRITE')")
@RequestMapping(value = "/write/{idNewsletter}", method = RequestMethod.POST)
public String writeHandle(
@ModelAttribute("newsletterWriteForm") NewsletterWriteForm newsletterWriteForm,
Model layout,
RedirectAttributes redAtt,
@LoggedUser AuthenticationUserDetails user,
@PathVariable long idNewsletter,
HttpServletRequest request) {
logger.info("Received POST request " + newsletterWriteForm);
DataBinder binder = new DataBinder(newsletterWriteForm);
binder.setValidator(
new NewsletterWriteFormValidator(newsletterSubscriberService, csrfProtector, request));
binder.validate();
BindingResult results = binder.getBindingResult();
logger.info("==================> After BookForm validation " + results);
if (results.hasErrors()) {
redAtt.addFlashAttribute("error", true);
redAtt.addFlashAttribute("newsletterWriteForm", newsletterWriteForm);
redAtt.addFlashAttribute("errors", results);
logger.info("errors found = " + newsletterWriteForm);
} else {
try {
Newsletter newsletter = null;
if (idNewsletter != 0) {
newsletter =
newsletterRepository.getByIdAndAdmin(
idNewsletter, conversionService.convert(user, Admin.class));
if (newsletter == null) {
// TODO : certainement il vaut mieux implémanter une méthode du BackendController ou
// quelque chose de ce type qui va gérer les erreurs "non autorisation d'accès"
return "redirect:/backend/dashboard";
}
}
logger.info("No error found !");
newsletterService.addNewsletter(newsletterWriteForm, user, newsletter);
redAtt.addFlashAttribute("success", true);
} catch (Exception e) {
results.addError(getExceptionError("newsletterWriteForm"));
redAtt.addFlashAttribute("error", true);
redAtt.addFlashAttribute("newsletterWriteForm", newsletterWriteForm);
redAtt.addFlashAttribute("errors", results);
}
}
return "redirect:/backend/newsletter/write/" + idNewsletter;
}
