protected Submission.Builder submissionBuilder(
ProcessInstance instance,
SubmissionTemplate template,
Entity principal,
Submission rawSubmission) {
String principalId = principal != null ? principal.getEntityId() : "anonymous";
String submitterId = principalId;
if (principal != null
&& principal.getEntityType() == Entity.EntityType.SYSTEM
&& StringUtils.isNotEmpty(template.getActAsUser())) submitterId = template.getActAsUser();
else if (rawSubmission != null && StringUtils.isNotEmpty(rawSubmission.getSubmitterId()))
submitterId = sanitizer.sanitize(rawSubmission.getSubmitterId());
Submission.Builder submissionBuilder;
if (rawSubmission != null)
submissionBuilder = new Submission.Builder(rawSubmission, sanitizer, true);
else
submissionBuilder =
new Submission.Builder()
.actionType(instance == null ? ActionType.COMPLETE : ActionType.SAVE);
submissionBuilder
.processDefinitionKey(template.getProcess().getProcessDefinitionKey())
.requestId(template.getRequestId())
.taskId(template.getTaskId())
.submissionDate(new Date())
.submitter(identityService.getUser(submitterId));
return submissionBuilder;
}
private void verifyCurrentUserIsAuthorized(Process process, Task task)
throws ForbiddenError, BadRequestError {
if (process == null) throw new BadRequestError(Constants.ExceptionCodes.process_does_not_exist);
String taskId = task != null ? task.getTaskInstanceId() : null;
Entity principal = identityHelper.getPrincipal();
if (principal == null || StringUtils.isEmpty(principal.getEntityId())) {
LOG.error(
"Forbidden: Unauthorized user or user with no userId (e.g. system user) attempting to create a request for task: "
+ taskId);
throw new ForbiddenError();
}
if (!principal.hasRole(process, AuthorizationRole.OVERSEER)) {
if (task != null && !task.isCandidateOrAssignee(principal)) {
LOG.warn(
"Forbidden: Unauthorized principal "
+ principal.toString()
+ " attempting to access task "
+ taskId);
throw new ForbiddenError();
}
}
}
