From 1b211c32d530afcb9a4efbbc847f7109ff7c2e84 Mon Sep 17 00:00:00 2001
From: Javier <Javier@192.168.1.131>
Date: Sat, 27 Mar 2021 19:47:45 +0100
Subject: [PATCH] Modificar y eliminar ofertas con seguridad

---
 .../configuration/SecurityConfiguration.java  |   4 +-
 .../cheapy/repository/ClientRepository.java   |   2 +-
 .../cheapy/service/NuOfferService.java        |   6 +-
 .../cheapy/service/SpeedOfferService.java     |   1 -
 .../cheapy/web/FoodOfferController.java       |  90 ++++++++++--
 .../cheapy/web/NuOfferController.java         | 134 ++++++++----------
 .../cheapy/web/SpeedOfferController.java      |  82 +++++------
 .../cheapy/web/TimeOfferController.java       | 133 ++++++++++++-----
 src/main/resources/db/mysql/data.sql          |  24 ++--
 .../createOrUpdateFoodOfferForm.jsp           |   6 +
 .../WEB-INF/jsp/foodOffers/foodOffersShow.jsp |  13 +-
 .../WEB-INF/jsp/nuOffers/nuOffersShow.jsp     |   4 +-
 .../jsp/speedOffers/speedOffersShow.jsp       |   7 +-
 .../createOrUpdateTimeOfferForm.jsp           |   3 +
 .../WEB-INF/jsp/timeOffers/timeOffersShow.jsp |  12 +-
 15 files changed, 320 insertions(+), 201 deletions(-)

diff --git a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
index 4c119fe2c..384f9b36b 100644
--- a/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
+++ b/src/main/java/org/springframework/cheapy/configuration/SecurityConfiguration.java
@@ -36,7 +36,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		.antMatchers(HttpMethod.GET, "/", "/oups").permitAll()
 		.antMatchers("/users/new").permitAll()
 
-		.antMatchers("/nuOffers/**").hasAnyAuthority("admin","client")
+		.antMatchers("/nuOffers/**").hasAnyAuthority("admin","cliente")
 		.antMatchers("/timeOffers/**").hasAnyAuthority("admin","client")
 
 		.antMatchers("/login/**").anonymous()
@@ -49,7 +49,7 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
 		.antMatchers("/owners/**").hasAnyAuthority("owner", "admin")
 
 		.antMatchers("/clients/new").permitAll()
-		.antMatchers("/offers/**").hasAnyAuthority("admin")
+		.antMatchers("/offers/**").hasAnyAuthority("admin", "cliente")
 
 		.and().formLogin()
 			.loginPage("/login").permitAll()
diff --git a/src/main/java/org/springframework/cheapy/repository/ClientRepository.java b/src/main/java/org/springframework/cheapy/repository/ClientRepository.java
index 764b35184..1e04f6f3a 100644
--- a/src/main/java/org/springframework/cheapy/repository/ClientRepository.java
+++ b/src/main/java/org/springframework/cheapy/repository/ClientRepository.java
@@ -10,5 +10,5 @@ public interface ClientRepository extends CrudRepository<Client, String> {
 	@Query("SELECT client FROM Client client WHERE username =:username")
 	@Transactional(readOnly = true)
 	Client findByUsername(String username);
-
+	
 }
diff --git a/src/main/java/org/springframework/cheapy/service/NuOfferService.java b/src/main/java/org/springframework/cheapy/service/NuOfferService.java
index f2a174db9..d09255d64 100644
--- a/src/main/java/org/springframework/cheapy/service/NuOfferService.java
+++ b/src/main/java/org/springframework/cheapy/service/NuOfferService.java
@@ -4,7 +4,6 @@ package org.springframework.cheapy.service;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cheapy.model.NuOffer;
 import org.springframework.cheapy.repository.NuOfferRepository;
-import java.util.Collection;
 import java.util.List;
 import org.springframework.dao.DataAccessException;
 import org.springframework.stereotype.Service;
@@ -15,7 +14,6 @@ public class NuOfferService {
 
 	private NuOfferRepository nuOfferRepository;
 
-
 	@Autowired
 	public NuOfferService(final NuOfferRepository nuOfferRepository) {
 		this.nuOfferRepository = nuOfferRepository;
@@ -27,12 +25,12 @@ public class NuOfferService {
 	}
 
 	@Transactional
-	public List<NuOffer> findAllNuOffer() { //
+	public List<NuOffer> findAllNuOffer() {
 		return this.nuOfferRepository.findAllNuOffer();
 	}
 
 	@Transactional
-	public void saveNuOffer(final NuOffer nuOffer) throws DataAccessException { //
+	public void saveNuOffer(final NuOffer nuOffer) throws DataAccessException {
 		this.nuOfferRepository.save(nuOffer);
 	}
 }
diff --git a/src/main/java/org/springframework/cheapy/service/SpeedOfferService.java b/src/main/java/org/springframework/cheapy/service/SpeedOfferService.java
index 36d62b1ab..121874247 100644
--- a/src/main/java/org/springframework/cheapy/service/SpeedOfferService.java
+++ b/src/main/java/org/springframework/cheapy/service/SpeedOfferService.java
@@ -1,7 +1,6 @@
 
 package org.springframework.cheapy.service;
 
-import java.util.Collection;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.cheapy.model.SpeedOffer;
diff --git a/src/main/java/org/springframework/cheapy/web/FoodOfferController.java b/src/main/java/org/springframework/cheapy/web/FoodOfferController.java
index af191c66d..f70930878 100644
--- a/src/main/java/org/springframework/cheapy/web/FoodOfferController.java
+++ b/src/main/java/org/springframework/cheapy/web/FoodOfferController.java
@@ -11,9 +11,7 @@ import org.springframework.cheapy.service.FoodOfferService;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 
@@ -25,15 +23,20 @@ public class FoodOfferController {
 	private final FoodOfferService foodOfferService;
 	private final ClientService clientService;
 
-
 	public FoodOfferController(final FoodOfferService foodOfferService, final ClientService clientService) {
 		this.foodOfferService = foodOfferService;
 		this.clientService = clientService;
 	}
 
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		dataBinder.setDisallowedFields("id");
+	private boolean checkIdentity(final int foodOfferId) {
+		boolean res = false;
+		Client client = this.clientService.getCurrentClient();
+		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
+		Client clientOffer = foodOffer.getClient();
+		if (client.equals(clientOffer)) {
+			res = true;
+		}
+		return res;
 	}
 
 	@GetMapping("/foodOffers/new")
@@ -47,8 +50,7 @@ public class FoodOfferController {
 	public String processCreationForm(@Valid FoodOffer foodOffer, BindingResult result) {
 		if (result.hasErrors()) {
 			return VIEWS_FOOD_OFFER_CREATE_OR_UPDATE_FORM;
-		}
-		else {
+		} else {
 			Client client = this.clientService.getCurrentClient();
 			foodOffer.setClient(client);
 			foodOffer.setType(StatusOffer.hidden);
@@ -56,28 +58,88 @@ public class FoodOfferController {
 			return "redirect:/foodOffers/" + foodOffer.getId();
 		}
 	}
-	
+
 	@GetMapping(value = "/foodOffers/{foodOfferId}/activate")
 	public String activateFoodOffer(@PathVariable("foodOfferId") final int foodOfferId, ModelMap modelMap) {
 		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
 		Client client = this.clientService.getCurrentClient();
-		if(foodOffer.getClient().equals(client)) {
+		if (foodOffer.getClient().equals(client)) {
 			foodOffer.setType(StatusOffer.active);
-			foodOffer.setCode("FO-"+foodOfferId);
+			foodOffer.setCode("FO-" + foodOfferId);
 			this.foodOfferService.saveFoodOffer(foodOffer);
 		} else {
 			modelMap.addAttribute("message", "You don't have access to this food offer");
 		}
 		return "redirect:/foodOffers/";
 	}
+
 	@GetMapping("/offers/food/{foodOfferId}")
 	public String processShowForm(@PathVariable("foodOfferId") int foodOfferId, Map<String, Object> model) {
 
-		FoodOffer foodOffer=this.foodOfferService.findFoodOfferById(foodOfferId);
-		
+		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
+
 		model.put("foodOffer", foodOffer);
-		
+
 		return "foodOffers/foodOffersShow";
 
 	}
+
+	@GetMapping(value = "/offers/food/{foodOfferId}/edit")
+	public String updateFoodOffer(@PathVariable("foodOfferId") final int foodOfferId, final ModelMap model) {
+
+		if (!this.checkIdentity(foodOfferId)) {
+			return "error";
+		}
+
+		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
+		model.addAttribute("foodOffer", foodOffer);
+		return FoodOfferController.VIEWS_FOOD_OFFER_CREATE_OR_UPDATE_FORM;
+	}
+
+	@PostMapping(value = "/offers/food/{foodOfferId}/edit")
+	public String updateFoodOffer(@Valid final FoodOffer foodOfferEdit, final BindingResult result,
+			final ModelMap model) {
+
+		if (!this.checkIdentity(foodOfferEdit.getId())) {
+			return "error";
+		}
+
+		if (result.hasErrors()) {
+			model.addAttribute("foodOffer", foodOfferEdit);
+			return FoodOfferController.VIEWS_FOOD_OFFER_CREATE_OR_UPDATE_FORM;
+
+		} else {
+			this.foodOfferService.saveFoodOffer(foodOfferEdit);
+			return "redirect:/offers/food/" + foodOfferEdit.getId();
+		}
+	}
+
+	@GetMapping(value = "/offers/food/{foodOfferId}/disable")
+	public String disableFoodOffer(@PathVariable("foodOfferId") final int foodOfferId, final ModelMap model) {
+
+		if (!this.checkIdentity(foodOfferId)) {
+			return "error";
+		}
+
+		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
+		model.put("foodOffer", foodOffer);
+		return "foodOffers/foodOffersDisable";
+	}
+
+	@PostMapping(value = "/offers/food/{foodOfferId}/disable")
+	public String disableFoodOfferForm(@PathVariable("foodOfferId") final int foodOfferId, final ModelMap model) {
+
+		if (!this.checkIdentity(foodOfferId)) {
+			return "error";
+		}
+
+		FoodOffer foodOffer = this.foodOfferService.findFoodOfferById(foodOfferId);
+
+		foodOffer.setType(StatusOffer.inactive);
+
+		this.foodOfferService.saveFoodOffer(foodOffer);
+
+		return "redirect:/offers";
+
+	}
 }
diff --git a/src/main/java/org/springframework/cheapy/web/NuOfferController.java b/src/main/java/org/springframework/cheapy/web/NuOfferController.java
index ca0c88f19..30a9af776 100644
--- a/src/main/java/org/springframework/cheapy/web/NuOfferController.java
+++ b/src/main/java/org/springframework/cheapy/web/NuOfferController.java
@@ -5,57 +5,42 @@ import java.util.Map;
 
 import javax.validation.Valid;
 
-import org.springframework.beans.BeanUtils;
-import org.springframework.cheapy.model.FoodOffer;
 import org.springframework.cheapy.model.NuOffer;
-import org.springframework.cheapy.model.Owner;
-import org.springframework.cheapy.model.SpeedOffer;
 import org.springframework.cheapy.model.StatusOffer;
-import org.springframework.cheapy.service.FoodOfferService;
 import org.springframework.cheapy.model.Client;
-import org.springframework.cheapy.model.NuOffer;
-import org.springframework.cheapy.model.StatusOffer;
 import org.springframework.cheapy.service.ClientService;
-
 import org.springframework.cheapy.service.NuOfferService;
 import org.springframework.stereotype.Controller;
-import org.springframework.ui.Model;
 
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 
-
 @Controller
 public class NuOfferController {
 
-	private static final String		VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM	= "nuOffers/createOrUpdateNuOfferForm";
+	private static final String VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM = "nuOffers/createOrUpdateNuOfferForm";
 
-	private final FoodOfferService	foodOfferService;
-	private final NuOfferService	nuOfferService;
-	private final SpeedOfferService	speedOfferService;
-	private final TimeOfferService	timeOfferService;
+	private final NuOfferService nuOfferService;
+	private final ClientService clientService;
 
-
-	public NuOfferController(final FoodOfferService foodOfferService, final NuOfferService nuOfferService, final SpeedOfferService speedOfferService, final TimeOfferService timeOfferService) {
-		this.foodOfferService = foodOfferService;
+	public NuOfferController(final NuOfferService nuOfferService, final ClientService clientService) {
 		this.nuOfferService = nuOfferService;
 		this.clientService = clientService;
-		
+
 	}
 
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		dataBinder.setDisallowedFields("id");
-	}
-	
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		dataBinder.setDisallowedFields("id");
+	private boolean checkIdentity(final int nuOfferId) {
+		boolean res = false;
+		Client client = this.clientService.getCurrentClient();
+		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
+		Client clientOffer = nuOffer.getClient();
+		if (client.equals(clientOffer)) {
+			res = true;
+		}
+		return res;
 	}
 
 	@GetMapping("/nuOffers/new")
@@ -69,48 +54,49 @@ public class NuOfferController {
 	public String processCreationForm(@Valid NuOffer nuOffer, BindingResult result) {
 		if (result.hasErrors()) {
 			return VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM;
-		}
-		else {
+		} else {
 			nuOffer.setType(StatusOffer.hidden);
-		
+
 			Client client = this.clientService.getCurrentClient();
-			
+
 			nuOffer.setClient(client);
-			
-			
+
 			this.nuOfferService.saveNuOffer(nuOffer);
 			return "redirect:/nuOffers/" + nuOffer.getId();
 		}
 	}
-	@GetMapping(value ="/nuOffers/{nuOfferId}/activate")
+
+	@GetMapping(value = "/nuOffers/{nuOfferId}/activate")
 	public String activateNuOffer(@PathVariable("nuOfferId") final int nuOfferId, final ModelMap modelMap) {
 		Client client = this.clientService.getCurrentClient();
-		NuOffer nuOffer=this.nuOfferService.findNuOfferById(nuOfferId);
-		if(nuOffer.getClient().equals(client)) {
+		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
+		if (nuOffer.getClient().equals(client)) {
 			nuOffer.setType(StatusOffer.active);
-			nuOffer.setCode("NU-"+nuOfferId);
+			nuOffer.setCode("NU-" + nuOfferId);
 			this.nuOfferService.saveNuOffer(nuOffer);
-			
-			return "redirect:/nuOffers/" + nuOffer.getId();	
+
+			return "redirect:/nuOffers/" + nuOffer.getId();
 		} else {
-		         modelMap.addAttribute("message", "You don't have access to this number offer");
-		        }
-		        return "redirect:/nuOffers/";
-		
+			modelMap.addAttribute("message", "You don't have access to this number offer");
+		}
+		return "redirect:/nuOffers/";
 
 	}
-  
-  	@GetMapping("/offers/nu/{nuOfferId}")
+
+	@GetMapping("/offers/nu/{nuOfferId}")
 	public String processShowForm(@PathVariable("nuOfferId") int nuOfferId, Map<String, Object> model) {
-	 
-    model.put("nuOffer", nuOffer);
+		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
+		model.put("nuOffer", nuOffer);
 		return "nuOffers/nuOffersShow";
 
 	}
 
-
 	@GetMapping(value = "/offers/nu/{nuOfferId}/edit")
-	public String updateNuOffer(@PathVariable("nuOfferId") final int nuOfferId, final Principal principal, final ModelMap model) {
+	public String updateNuOffer(@PathVariable("nuOfferId") final int nuOfferId, final ModelMap model) {
+
+		if (!this.checkIdentity(nuOfferId)) {
+			return "error";
+		}
 
 		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
 		model.addAttribute("nuOffer", nuOffer);
@@ -118,7 +104,11 @@ public class NuOfferController {
 	}
 
 	@PostMapping(value = "/offers/nu/{nuOfferId}/edit")
-	public String updateNuOffer(@Valid final NuOffer nuOfferEdit, final BindingResult result, final Principal principal, final ModelMap model) {
+	public String updateNuOffer(@Valid final NuOffer nuOfferEdit, final BindingResult result, final ModelMap model) {
+
+		if (!this.checkIdentity(nuOfferEdit.getId())) {
+			return "error";
+		}
 
 		if (result.hasErrors()) {
 			model.addAttribute("nuOffer", nuOfferEdit);
@@ -129,20 +119,14 @@ public class NuOfferController {
 			return "redirect:/offers/nu/" + nuOfferEdit.getId();
 		}
 	}
-	
-	@GetMapping(value = "/offers/nu/{nuOfferId}/disable")
-	public String disableNuOffer(@PathVariable("nuOfferId") final int nuOfferId, final Principal principal, final ModelMap model) {
 
-		//		if (!this.comprobarIdentidad(principal, vehiculoId)) {
-		//			return "exception";
-		//		}
-		//
-		//		if (this.tieneCitasAceptadasYPendientes(vehiculoId)) {
-		//			model.addAttribute("x", true);
-		//
-		//		} else {
-		//			model.addAttribute("x", false);
-		//		}
+	@GetMapping(value = "/offers/nu/{nuOfferId}/disable")
+	public String disableNuOffer(@PathVariable("nuOfferId") final int nuOfferId, final Principal principal,
+			final ModelMap model) {
+
+		if (!this.checkIdentity(nuOfferId)) {
+			return "error";
+		}
 
 		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
 		model.put("nuOffer", nuOffer);
@@ -150,23 +134,17 @@ public class NuOfferController {
 	}
 
 	@PostMapping(value = "/offers/nu/{nuOfferId}/disable")
-	public String disableNuOfferForm(@PathVariable("nuOfferId") final int nuOfferId, final Principal principal, final ModelMap model) {
+	public String disableNuOfferForm(@PathVariable("nuOfferId") final int nuOfferId, final Principal principal,
+			final ModelMap model) {
+
+		if (!this.checkIdentity(nuOfferId)) {
+			return "error";
+		}
 
-		//		if (!this.comprobarIdentidad(principal, vehiculoId)) {
-		//			return "exception";
-		//		}
-		//
-		//		if (this.tieneCitasAceptadasYPendientes(vehiculoId)) {
-		//			return "redirect:/cliente/vehiculos/{vehiculoId}/disable";
-		//
-		//		} else {
 		NuOffer nuOffer = this.nuOfferService.findNuOfferById(nuOfferId);
-
 		nuOffer.setType(StatusOffer.inactive);
-
 		this.nuOfferService.saveNuOffer(nuOffer);
-
-		return "redirect:";
+		return "redirect:/offers";
 
 	}
 
diff --git a/src/main/java/org/springframework/cheapy/web/SpeedOfferController.java b/src/main/java/org/springframework/cheapy/web/SpeedOfferController.java
index 2d80b14d2..08684e333 100644
--- a/src/main/java/org/springframework/cheapy/web/SpeedOfferController.java
+++ b/src/main/java/org/springframework/cheapy/web/SpeedOfferController.java
@@ -1,26 +1,18 @@
 package org.springframework.cheapy.web;
 
-
-import java.security.Principal;
 import java.util.Map;
 
 import javax.validation.Valid;
 
 import org.springframework.cheapy.model.SpeedOffer;
 import org.springframework.cheapy.model.StatusOffer;
-import org.springframework.cheapy.service.FoodOfferService;
-import org.springframework.cheapy.service.NuOfferService;
 import org.springframework.cheapy.model.Client;
-import org.springframework.cheapy.model.SpeedOffer;
-import org.springframework.cheapy.model.StatusOffer;
 import org.springframework.cheapy.service.ClientService;
 import org.springframework.cheapy.service.SpeedOfferService;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 
@@ -36,10 +28,16 @@ public class SpeedOfferController {
 		this.speedOfferService = speedOfferService;
 		this.clientService = clientService;
 	}
-
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		dataBinder.setDisallowedFields("id");
+	
+	private boolean checkIdentity(final int speedOfferId) {
+		boolean res = false;
+		Client client = this.clientService.getCurrentClient();
+		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
+		Client clientOffer = speedOffer.getClient();
+		if (client.equals(clientOffer)) {
+			res = true;
+		}
+		return res;
 	}
 
 	@GetMapping("/speedOffers/new")
@@ -53,8 +51,7 @@ public class SpeedOfferController {
 	public String processCreationForm(@Valid SpeedOffer speedOffer, BindingResult result) {
 		if (result.hasErrors()) {
 			return VIEWS_SPEED_OFFER_CREATE_OR_UPDATE_FORM;
-		}
-		else {
+		} else {
 			Client client = this.clientService.getCurrentClient();
 			speedOffer.setClient(client);
 			speedOffer.setType(StatusOffer.hidden);
@@ -62,31 +59,35 @@ public class SpeedOfferController {
 			return "redirect:/speedOffers/" + speedOffer.getId();
 		}
 	}
-	
+
 	@GetMapping(value = "/speedOffers/{speedOfferId}/activate")
 	public String activateSpeedOffer(@PathVariable("speedOfferId") final int speedOfferId, ModelMap modelMap) {
 		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
 		Client client = this.clientService.getCurrentClient();
-		if(speedOffer.getClient().equals(client)) {
+		if (speedOffer.getClient().equals(client)) {
 			speedOffer.setType(StatusOffer.active);
-			speedOffer.setCode("SP-"+speedOfferId);
+			speedOffer.setCode("SP-" + speedOfferId);
 			this.speedOfferService.saveSpeedOffer(speedOffer);
 		} else {
 			modelMap.addAttribute("message", "You don't have access to this speed offer");
 		}
 		return "redirect:/speedOffers/";
 	}
-  
-  	@GetMapping("/offers/speed/{speedOfferId}")
+
+	@GetMapping("/offers/speed/{speedOfferId}")
 	public String processShowForm(@PathVariable("speedOfferId") int speedOfferId, Map<String, Object> model) {
 
-		SpeedOffer speedOffer=this.speedOfferService.findSpeedOfferById(speedOfferId);
+		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
 		model.put("speedOffer", speedOffer);
 		return "speedOffers/speedOffersShow";
 	}
 
 	@GetMapping(value = "/offers/speed/{speedOfferId}/edit")
-	public String updateNuOffer(@PathVariable("speedOfferId") final int speedOfferId, final Principal principal, final ModelMap model) {
+	public String updateSpeedOffer(@PathVariable("speedOfferId") final int speedOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(speedOfferId)) {
+			return "error";
+		}
 
 		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
 		model.addAttribute("speedOffer", speedOffer);
@@ -94,7 +95,11 @@ public class SpeedOfferController {
 	}
 
 	@PostMapping(value = "/offers/speed/{speedOfferId}/edit")
-	public String updateNuOffer(@Valid final SpeedOffer speedOfferEdit, final BindingResult result, final Principal principal, final ModelMap model) {
+	public String updateSpeedOffer(@Valid final SpeedOffer speedOfferEdit, final BindingResult result, final ModelMap model) {
+		
+		if (!this.checkIdentity(speedOfferEdit.getId())) {
+			return "error";
+		}
 
 		if (result.hasErrors()) {
 			model.addAttribute("speedOffer", speedOfferEdit);
@@ -108,18 +113,11 @@ public class SpeedOfferController {
 	}
 
 	@GetMapping(value = "/offers/speed/{speedOfferId}/disable")
-	public String disableSpeedOffer(@PathVariable("speedOfferId") final int speedOfferId, final Principal principal, final ModelMap model) {
-
-		//		if (!this.comprobarIdentidad(principal, vehiculoId)) {
-		//			return "exception";
-		//		}
-		//
-		//		if (this.tieneCitasAceptadasYPendientes(vehiculoId)) {
-		//			model.addAttribute("x", true);
-		//
-		//		} else {
-		//			model.addAttribute("x", false);
-		//		}
+	public String disableSpeedOffer(@PathVariable("speedOfferId") final int speedOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(speedOfferId)) {
+			return "error";
+		}
 
 		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
 		model.put("speedOffer", speedOffer);
@@ -127,23 +125,19 @@ public class SpeedOfferController {
 	}
 
 	@PostMapping(value = "/offers/speed/{speedOfferId}/disable")
-	public String disableNuOfferForm(@PathVariable("speedOfferId") final int speedOfferId, final Principal principal, final ModelMap model) {
+	public String disableSpeedOfferForm(@PathVariable("speedOfferId") final int speedOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(speedOfferId)) {
+			return "error";
+		}
 
-		//		if (!this.comprobarIdentidad(principal, vehiculoId)) {
-		//			return "exception";
-		//		}
-		//
-		//		if (this.tieneCitasAceptadasYPendientes(vehiculoId)) {
-		//			return "redirect:/cliente/vehiculos/{vehiculoId}/disable";
-		//
-		//		} else {
 		SpeedOffer speedOffer = this.speedOfferService.findSpeedOfferById(speedOfferId);
 
 		speedOffer.setType(StatusOffer.inactive);
 
 		this.speedOfferService.saveSpeedOffer(speedOffer);
 
-		return "redirect:";
+		return "redirect:/offers";
 
 	}
 }
diff --git a/src/main/java/org/springframework/cheapy/web/TimeOfferController.java b/src/main/java/org/springframework/cheapy/web/TimeOfferController.java
index b1bc2e528..6882c57c8 100644
--- a/src/main/java/org/springframework/cheapy/web/TimeOfferController.java
+++ b/src/main/java/org/springframework/cheapy/web/TimeOfferController.java
@@ -1,96 +1,155 @@
 package org.springframework.cheapy.web;
 
+
 import java.util.Map;
+
 import javax.validation.Valid;
 
 import org.springframework.cheapy.model.Client;
-import org.springframework.cheapy.model.TimeOffer;
 import org.springframework.cheapy.model.StatusOffer;
+import org.springframework.cheapy.model.TimeOffer;
 import org.springframework.cheapy.service.ClientService;
 import org.springframework.cheapy.service.TimeOfferService;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
-import org.springframework.web.bind.WebDataBinder;
 import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.InitBinder;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 
-
 @Controller
 public class TimeOfferController {
 
-	private static final String VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM = "timeOffers/createOrUpdateTimeOfferForm";
+	private static final String VIEWS_TIME_OFFER_CREATE_OR_UPDATE_FORM = "timeOffers/createOrUpdateTimeOfferForm";
 
 	private final TimeOfferService timeOfferService;
 	private final ClientService clientService;
 
-
-
-	public TimeOfferController(final TimeOfferService timeOfferService,ClientService clientService) {
+	public TimeOfferController(final TimeOfferService timeOfferService, ClientService clientService) {
 		this.timeOfferService = timeOfferService;
 		this.clientService = clientService;
-		
-	}
 
-	@InitBinder
-	public void setAllowedFields(WebDataBinder dataBinder) {
-		dataBinder.setDisallowedFields("id");
+	}
+	
+	private boolean checkIdentity(final int timeOfferId) {
+		boolean res = false;
+		Client client = this.clientService.getCurrentClient();
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+		Client clientOffer = timeOffer.getClient();
+		if (client.equals(clientOffer)) {
+			res = true;
+		}
+		return res;
 	}
 
 	@GetMapping("/timeOffers/new")
 	public String initCreationForm(Map<String, Object> model) {
 		TimeOffer timeOffer = new TimeOffer();
 		model.put("timeOffer", timeOffer);
-		return VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM;
+		return VIEWS_TIME_OFFER_CREATE_OR_UPDATE_FORM;
 	}
 
 	@PostMapping("/timeOffers/new")
 	public String processCreationForm(@Valid TimeOffer timeOffer, BindingResult result) {
 		if (result.hasErrors()) {
-			return VIEWS_NU_OFFER_CREATE_OR_UPDATE_FORM;
-		}
-		else {
+			return VIEWS_TIME_OFFER_CREATE_OR_UPDATE_FORM;
+		} else {
 			timeOffer.setType(StatusOffer.hidden);
-		
+
 			Client client = this.clientService.getCurrentClient();
-			
+
 			timeOffer.setClient(client);
-			
-			
+
 			this.timeOfferService.saveTimeOffer(timeOffer);
 			return "redirect:/TimeOffers/" + timeOffer.getId();
 		}
 	}
-	@GetMapping(value ="/timeOffers/{timeOfferId}/activate")
+
+	@GetMapping(value = "/timeOffers/{timeOfferId}/activate")
 	public String activateTimeOffer(@PathVariable("timeOfferId") final int timeOfferId, final ModelMap modelMap) {
 		Client client = this.clientService.getCurrentClient();
-		TimeOffer timeOffer=this.timeOfferService.findTimeOfferById(timeOfferId);
-		if(timeOffer.getClient().equals(client)) {
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+		if (timeOffer.getClient().equals(client)) {
 			timeOffer.setType(StatusOffer.active);
-			timeOffer.setCode("TI-"+timeOfferId);
+			timeOffer.setCode("TI-" + timeOfferId);
 			this.timeOfferService.saveTimeOffer(timeOffer);
-			
-			return "redirect:/timeOffers/" + timeOffer.getId();	
+
+			return "redirect:/timeOffers/" + timeOffer.getId();
 		} else {
-		         modelMap.addAttribute("message", "You don't have access to this time offer");
-		        }
-		        return "redirect:/timeOffers/";
-		
+			modelMap.addAttribute("message", "You don't have access to this time offer");
+		}
+		return "redirect:/timeOffers/";
 
 	}
-  
-  @GetMapping("/offers/time/{timeOfferId}")
+
+	@GetMapping("/offers/time/{timeOfferId}")
 	public String processShowForm(@PathVariable("timeOfferId") int timeOfferId, Map<String, Object> model) {
 
-		TimeOffer timeOffer=this.timeOfferService.findTimeOfferById(timeOfferId);
-		
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+
 		model.put("timeOffer", timeOffer);
-		
+
 		return "timeOffers/timeOffersShow";
 
 	}
-	
+
+	@GetMapping(value = "/offers/time/{timeOfferId}/edit")
+	public String updateTimeOffer(@PathVariable("timeOfferId") final int timeOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(timeOfferId)) {
+			return "error";
+		}
+
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+		model.addAttribute("timeOffer", timeOffer);
+		return TimeOfferController.VIEWS_TIME_OFFER_CREATE_OR_UPDATE_FORM;
+	}
+
+	@PostMapping(value = "/offers/time/{timeOfferId}/edit")
+	public String updateTimeOffer(@Valid final TimeOffer timeOfferEdit, final BindingResult result, final ModelMap model) {
+		
+		if (!this.checkIdentity(timeOfferEdit.getId())) {
+			return "error";
+		}
+
+		if (result.hasErrors()) {
+			model.addAttribute("timeOffer", timeOfferEdit);
+			return TimeOfferController.VIEWS_TIME_OFFER_CREATE_OR_UPDATE_FORM;
+
+		} else {
+			this.timeOfferService.saveTimeOffer(timeOfferEdit);
+			return "redirect:/offers/time/" + timeOfferEdit.getId();
+		}
+
+	}
+
+	@GetMapping(value = "/offers/time/{timeOfferId}/disable")
+	public String disableTimeOffer(@PathVariable("timeOfferId") final int timeOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(timeOfferId)) {
+			return "error";
+		}
+
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+		model.put("timeOffer", timeOffer);
+		return "timeOffers/timeOffersDisable";
+	}
+
+	@PostMapping(value = "/offers/time/{timeOfferId}/disable")
+	public String disableTimeOfferForm(@PathVariable("timeOfferId") final int timeOfferId, final ModelMap model) {
+		
+		if (!this.checkIdentity(timeOfferId)) {
+			return "error";
+		}
+
+		TimeOffer timeOffer = this.timeOfferService.findTimeOfferById(timeOfferId);
+
+		timeOffer.setType(StatusOffer.inactive);
+
+		this.timeOfferService.saveTimeOffer(timeOffer);
+
+		return "redirect:/offers";
+
+	}
 
 }
diff --git a/src/main/resources/db/mysql/data.sql b/src/main/resources/db/mysql/data.sql
index f0e3afa68..57beff1a4 100644
--- a/src/main/resources/db/mysql/data.sql
+++ b/src/main/resources/db/mysql/data.sql
@@ -9,17 +9,17 @@ INSERT INTO owners VALUES (8, 'Maria', 'Escobito', '345 Maple St.', 'Madison', '
 INSERT INTO owners VALUES (9, 'David', 'Schroeder', '2749 Blackhawk Trail', 'Madison', '6085559435');
 INSERT INTO owners VALUES (10, 'Carlos', 'Estaban', '2335 Independence La.', 'Waunakee', '6085555487');
 
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','admin','admin', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','admin','admin', TRUE );
 INSERT INTO authorities VALUES ('admin','admin');
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','manoli','manoli', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','manoli','manoli', TRUE );
 INSERT INTO authorities VALUES ('manoli','cliente');
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','david','david', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','david','david', TRUE );
 INSERT INTO authorities VALUES ('david','cliente');
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','paco','paco', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','paco','paco', TRUE );
 INSERT INTO authorities VALUES ('paco','usuario');
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','lolo','lolo', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','lolo','lolo', TRUE );
 INSERT INTO authorities VALUES ('lolo','usuario');
-INSERT INTO users (dtype,username,password,enabled) VALUES ('user','pepe','pepe', TRUE );
+INSERT INTO users (dtype,username,password,enabled) VALUES ('User','pepe','pepe', TRUE );
 INSERT INTO authorities VALUES ('pepe','usuario');
 
 INSERT INTO usuarios VALUES (1, 'admin', 'admin', 'admin', 'C/admin', '000000000', 'admin@gmail.com','admin');
@@ -27,11 +27,11 @@ INSERT INTO usuarios VALUES (2, 'Paco', 'Naranjo', '21154416G', 'C/Esperanza', '
 INSERT INTO usuarios VALUES (3, 'Lolo', 'Lopez', '25486596L', 'C/Macarena', '690670547' ,'Lolo@gmail.com','lolo');
 INSERT INTO usuarios VALUES (4, 'Pepe', 'Lopez', '12456776V', 'C/Macarena', '690670547', 'Pepe@gmail.com','pepe');
 
-INSERT INTO clients  VALUES (1,'manoli@gmail.com','C/Betis','10:00','22:00','608726190', 'description 1', 'code1', 'ESPAÑOLA','manoli');
-INSERT INTO clients  VALUES (2,'david@gmail.com','C/Sevilla','09:30','22:00','608726190', 'description 2', 'code2', 'americana','david');
+INSERT INTO clients (id, email, address, init, finish, telephone, description, code, food, username) VALUES (1,'manoli@gmail.com','C/Betis','10:00','22:00','608726190', 'description 1', 'code1', 'ESPAÑOLA','manoli');
+INSERT INTO clients (id, email, address, init, finish, telephone, description, code, food, username)  VALUES (2,'david@gmail.com','C/Sevilla','09:30','22:00','608726190', 'description 2', 'code2', 'americana','david');
 
-INSERT INTO food_offers(start, end, code, type, client_id, food, discount, units) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'FO-1', 'active', null, 'macarrones', '15%', 10);
-INSERT INTO time_offers(start, end, code, type, client_id, init, finish, discount) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'T-1', 'active', null, '12:00:00', '13:00:00', '10%');
-INSERT INTO speed_offers(start, end, code, type, client_id, gold, discount_gold, silver, discount_silver, bronze, discount_bronze) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'SP-1', 'active', null,5,'25%',10,'15%',15,'10%' );
-INSERT INTO nu_offers(start, end, code, type, client_id, gold, discount_gold, silver, discount_silver, bronze, discount_bronze) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'NU-1', 'active', null,15,'25%',10,'15%',5,'10%' );
+INSERT INTO food_offers(start, end, code, type, client_id, food, discount, units) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'FO-1', 'active', 1, 'macarrones', '15%', 10);
+INSERT INTO time_offers(start, end, code, type, client_id, init, finish, discount) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'T-1', 'active', 1, '12:00:00', '13:00:00', '10%');
+INSERT INTO speed_offers(start, end, code, type, client_id, gold, discount_gold, silver, discount_silver, bronze, discount_bronze) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'SP-1', 'active', 1,5,'25%',10,'15%',15,'10%' );
+INSERT INTO nu_offers(start, end, code, type, client_id, gold, discount_gold, silver, discount_silver, bronze, discount_bronze) VALUES ('2021-06-15 12:00:00', '2021-06-16 12:00:00', 'NU-1', 'active', 1,15,'25%',10,'15%',5,'10%' );
 
diff --git a/src/main/webapp/WEB-INF/jsp/foodOffers/createOrUpdateFoodOfferForm.jsp b/src/main/webapp/WEB-INF/jsp/foodOffers/createOrUpdateFoodOfferForm.jsp
index ff6097fe2..a1b6d9c95 100644
--- a/src/main/webapp/WEB-INF/jsp/foodOffers/createOrUpdateFoodOfferForm.jsp
+++ b/src/main/webapp/WEB-INF/jsp/foodOffers/createOrUpdateFoodOfferForm.jsp
@@ -12,6 +12,9 @@
     </h2>
     <form:form modelAttribute="foodOffer" class="form-horizontal" id="add-foodOffer-form">
         <div class="form-group has-feedback">
+        	<form:hidden path="id"/>
+            <form:hidden path="code"/>
+            <form:hidden path="type"/>
             <petclinic:inputField label="Start Date" name="start"/>
             <petclinic:inputField label="End Date" name="end"/>
             <petclinic:inputField label="Food" name="food"/>
@@ -24,6 +27,9 @@
                     <c:when test="${foodOffer['new']}">
                         <button class="btn btn-default" type="submit">Add Food Offer</button>
                     </c:when>
+                    <c:otherwise>
+                        <button class="btn btn-default" type="submit">Modificar</button>
+                    </c:otherwise>
                 </c:choose>
             </div>
         </div>
diff --git a/src/main/webapp/WEB-INF/jsp/foodOffers/foodOffersShow.jsp b/src/main/webapp/WEB-INF/jsp/foodOffers/foodOffersShow.jsp
index 0b7c8785a..6b6fcf130 100644
--- a/src/main/webapp/WEB-INF/jsp/foodOffers/foodOffersShow.jsp
+++ b/src/main/webapp/WEB-INF/jsp/foodOffers/foodOffersShow.jsp
@@ -6,7 +6,7 @@
 
 <cheapy:layout pageName="foodOffer">
 
-    <h2>Oferta por plato específico</h2>
+    <h2>Oferta por plato espec�fico</h2>
 
 
     <table class="table table-striped">
@@ -36,9 +36,14 @@
         </tr>
     </table>
 
-    <%-- <spring:url value="{ownerId}/edit" var="editUrl">
-        <spring:param name="ownerId" value="${owner.id}"/>
+    <spring:url value="{foodOfferId}/edit" var="editUrl">
+    <spring:param name="foodOfferId" value="${foodOffer.id}"/>
     </spring:url>
-    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Edit Owner</a> --%>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Editar oferta</a>
+    
+    <spring:url value="{foodOfferId}/disable" var="editUrl">
+    <spring:param name="foodOfferId" value="${foodOffer.id}"/>
+    </spring:url>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Desactivar oferta</a>
 
 </cheapy:layout>
diff --git a/src/main/webapp/WEB-INF/jsp/nuOffers/nuOffersShow.jsp b/src/main/webapp/WEB-INF/jsp/nuOffers/nuOffersShow.jsp
index 6529c281b..0959918bd 100644
--- a/src/main/webapp/WEB-INF/jsp/nuOffers/nuOffersShow.jsp
+++ b/src/main/webapp/WEB-INF/jsp/nuOffers/nuOffersShow.jsp
@@ -49,13 +49,13 @@
     </table>
 
     <spring:url value="{nuOfferId}/edit" var="editUrl">
-     <spring:param name="nuOfferId" value="${nuOffer.id}"/>
+    <spring:param name="nuOfferId" value="${nuOffer.id}"/>
     </spring:url>
     <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Editar oferta</a>
     
     <spring:url value="{nuOfferId}/disable" var="editUrl">
     <spring:param name="nuOfferId" value="${nuOffer.id}"/>
     </spring:url>
-    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Desactiva oferta</a>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Desactivar oferta</a>
 
 </cheapy:layout>
diff --git a/src/main/webapp/WEB-INF/jsp/speedOffers/speedOffersShow.jsp b/src/main/webapp/WEB-INF/jsp/speedOffers/speedOffersShow.jsp
index ec071786d..c643afdf6 100644
--- a/src/main/webapp/WEB-INF/jsp/speedOffers/speedOffersShow.jsp
+++ b/src/main/webapp/WEB-INF/jsp/speedOffers/speedOffersShow.jsp
@@ -49,8 +49,13 @@
     </table>
 
     <spring:url value="{speedOfferId}/edit" var="editUrl">
-        <spring:param name="speedOfferId" value="${speedOffer.id}"/>
+    <spring:param name="speedOfferId" value="${speedOffer.id}"/>
     </spring:url>
     <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Editar oferta</a>
+    
+    <spring:url value="{speedOfferId}/disable" var="editUrl">
+    <spring:param name="speedOfferId" value="${speedOffer.id}"/>
+    </spring:url>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Desactivar oferta</a>
 
 </cheapy:layout>
diff --git a/src/main/webapp/WEB-INF/jsp/timeOffers/createOrUpdateTimeOfferForm.jsp b/src/main/webapp/WEB-INF/jsp/timeOffers/createOrUpdateTimeOfferForm.jsp
index 0dc37f439..efe5160c2 100644
--- a/src/main/webapp/WEB-INF/jsp/timeOffers/createOrUpdateTimeOfferForm.jsp
+++ b/src/main/webapp/WEB-INF/jsp/timeOffers/createOrUpdateTimeOfferForm.jsp
@@ -12,6 +12,9 @@
     </h2>
     <form:form modelAttribute="timeOffer" class="form-horizontal" id="add-timeOffer-form">
         <div class="form-group has-feedback">
+        	<form:hidden path="id"/>
+            <form:hidden path="code"/>
+            <form:hidden path="type"/>
             <petclinic:inputField label="Fecha de inicio" name="start"/>
             <petclinic:inputField label="Fecha de fin" name="end"/>
             
diff --git a/src/main/webapp/WEB-INF/jsp/timeOffers/timeOffersShow.jsp b/src/main/webapp/WEB-INF/jsp/timeOffers/timeOffersShow.jsp
index a344a6221..80d90e44a 100644
--- a/src/main/webapp/WEB-INF/jsp/timeOffers/timeOffersShow.jsp
+++ b/src/main/webapp/WEB-INF/jsp/timeOffers/timeOffersShow.jsp
@@ -6,7 +6,7 @@
 
 <cheapy:layout pageName="timeOffer">
 
-    <h2>Oferta por franja horária</h2>
+    <h2>Oferta por franja horaria</h2>
 
 
     <table class="table table-striped">
@@ -27,5 +27,15 @@
             <td><c:out value="${timeOffer.code}"/></td>
         </tr>
     </table>
+    
+    <spring:url value="{timeOfferId}/edit" var="editUrl">
+    <spring:param name="timeOfferId" value="${timeOffer.id}"/>
+    </spring:url>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Editar oferta</a>
+    
+    <spring:url value="{timeOfferId}/disable" var="editUrl">
+    <spring:param name="timeOfferId" value="${timeOffer.id}"/>
+    </spring:url>
+    <a href="${fn:escapeXml(editUrl)}" class="btn btn-default">Desactivar oferta</a>
 
 </cheapy:layout>